Support - 01-Comprehensive configuration example- H3C

As shown in Figure 1, the router performs local AAA authentication for the Telnet user. The user account for the Telnet user is user1@bbb, which is assigned user role role1.

Configure role1 to have the following permissions:

· Execute the read commands of any feature.

· Access interfaces from Ten-GigabitEthernet 3/0/2 to Ten-GigabitEthernet 3/0/4. Access to any other interfaces is denied.

Figure 1 Network diagram

‌

Procedure

# Assign an IP address to Ten-GigabitEthernet 3/0/1 (the interface connected to the Telnet user).

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.1.70 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable the Telnet server.

[Router] telnet server enable

# Enable scheme authentication on the user lines for Telnet users.

[Router] line vty 0 4

[Router-line-vty0-4] authentication-mode scheme

[Router-line-vty0-4] quit

# Enable local authentication and authorization for ISP domain bbb.

[Router] domain name bbb

[Router-isp-bbb] authentication login local

[Router-isp-bbb] authorization login local

[Router-isp-bbb] quit

# Create user role role1.

[Router] role name role1

# Add rule 1 to permit the user role to access the read commands of all features.

[Router-role-role1] rule 1 permit read feature

# Add rule 2 to permit the user role to enter interface view and use all commands available in interface view.

[Router-role-role1] rule 2 permit command system-view ; interface *

# Change the interface policy to permit the user role to access only Ten-GigabitEthernet 3/0/2 to Ten-GigabitEthernet 3/0/4.

[Router-role-role1] interface policy deny

[Router-role-role1-ifpolicy] permit interface ten-gigabitethernet 3/0/2 to ten-gigabitethernet 3/0/4

[Router-role-role1-ifpolicy] quit

[Router-role-role1] quit

# Create a device management user named user1 and enter local user view.

[Router] local-user user1 class manage

# Set a plaintext password of 123456TESTplat&! for the user.

[Router-luser-manage-user1] password simple 123456TESTplat&!

# Set the user service type to Telnet.

[Router-luser-manage-user1] service-type telnet

# Assign role1 to the user.

[Router-luser-manage-user1] authorization-attribute user-role role1

# Remove the default user role (network-operator) from the user. This operation ensures that the user has only the permissions of role1.

[Router-luser-manage-user1] undo authorization-attribute user-role network-operator

[Router-luser-manage-user1] quit

Verifying the configuration

# Telnet to the router, and enter the username and password to access the router. (Details not shown.)

# Verify that you cannot enter any interface view except the views of Ten-GigabitEthernet 3/0/2 to Ten-GigabitEthernet 3/0/4. This example uses Ten-GigabitEthernet 3/0/1.

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1

Permission denied.

# Verify that you can access Ten-GigabitEthernet 3/0/2 to Ten-GigabitEthernet 3/0/4 to configure them. This example uses Ten-GigabitEthernet 3/0/2.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] ip address 6.6.6.6 24

[Router-Ten-GigabitEthernet3/0/2] quit

# Verify that you can use all read commands of any feature. This example uses display clock.

[Router] display clock

09:31:56 UTC Sat 01/01/2011

[Router] quit

# Verify that you cannot use the write or execute commands of any feature.

<Router> debugging role all

Permission denied.

<Router> ping 192.168.1.58

Permission denied.

Example: Configuring RBAC for RADIUS authentication users

Network configuration

As shown in Figure 2, the router uses the FreeRADIUS server to provide AAA service for login users, including the Telnet user. The user account for the Telnet user is hello@bbb, which is assigned user role role2.

User role role2 has the following permissions:

· Use all commands in ISP domain view.

· Use the read and write commands of the arp and radius features.

· Access VLANs 1 to 20 and interfaces Ten-GigabitEthernet 3/0/1 to Ten-GigabitEthernet 3/0/4. Access to any other VLANs and interfaces is denied.

The router and the FreeRADIUS server use a shared key of expert and authentication port 1812. The router delivers usernames with their domain names to the server.

Figure 2 Network diagram

‌

Procedure

Make sure the settings on the router and the RADIUS server match.

1. Configure the router:

# Assign an IP address to Ten-GigabitEthernet 3/0/1 (the interface connected to the Telnet user).

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.1.70 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2 (the interface connected to the FreeRADIUS server).

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 255.255.255.0

[Router-Ten-GigabitEthernet3/0/2] quit

# Enable the Telnet server.

[Router] telnet server enable

# Enable scheme authentication on the user lines for Telnet users.

[Router] line vty 0 4

[Router-line-vty0-4] authentication-mode scheme

[Router-line-vty0-4] quit

# Create RADIUS scheme rad and enter RADIUS scheme view.

[Router] radius scheme rad

# Specify the primary authentication and authorization server address and the service port in the scheme.

[Router-radius-rad] primary authentication 10.1.1.1 1812

# Set the shared key to expert in the scheme for the router to authenticate to the server.

[Router-radius-rad] key authentication simple expert

[Router-radius-rad] quit

# Specify scheme rad as the authentication and authorization schemes for ISP domain bbb, and configure the ISP domain to not perform accounting for login users.

IMPORTANT:

Because RADIUS user authorization information is piggybacked in authentication responses, the authentication and authorization methods must use the same RADIUS scheme.

[Router] domain name bbb

[Router-isp-bbb] authentication login radius-scheme rad

[Router-isp-bbb] authorization login radius-scheme rad

[Router-isp-bbb] accounting login none

[Router-isp-bbb] quit

# Create a feature group named fgroup1.

[Router] role feature-group name fgroup1

# Add the arp and radius features to the feature group.

[Router-featuregrp-fgroup1] feature arp

[Router-featuregrp-fgroup1] feature radius

[Router-featuregrp-fgroup1] quit

# Create a user role named role2.

[Router] role name role2

# Configure rule 1 to allow the user role to use all commands available in ISP domain view.

[Router-role-role2] rule 1 permit command system-view ; domain *

# Configure rule 2 to permit the user role to use the read and write commands of all features in fgroup1.

[Router-role-role2] rule 2 permit read write feature-group fgroup1

# Configure rule 3 to permit the user role to create VLANs and use all commands available in VLAN view.

[Router-role-role2] rule 3 permit command system-view ; vlan *

# Configure rule 4 to permit the user role to enter interface view and use all commands available in interface view.

[Router-role-role2] rule 4 permit command system-view ; interface *

# Configure the user role VLAN policy to disable configuration of any VLAN except VLANs 1 to 20.

[Router-role-role2] vlan policy deny

[Router-role-role2-vlanpolicy] permit vlan 1 to 20

[Router-role-role2-vlanpolicy] quit

# Configure the user role interface policy to disable access to any interface except Ten-GigabitEthernet 3/0/1 to Ten-GigabitEthernet 3/0/4.

[Router-role-role2] interface policy deny

[Router-role-role2-ifpolicy] permit interface ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

[Router-role-role2-ifpolicy] quit

[Router-role-role2] quit

2. Configure the RADIUS server:

# Add either of the user role attributes to the dictionary file of the FreeRADIUS server.

Cisco-AVPair = "shell:roles=\"role1 role2\""

Cisco-AVPair = "shell:roles*\"role1 role2\""

# Configure the settings required for the FreeRADIUS server to communicate with the router. (Details not shown.)

Verifying the configuration

# Telnet to the router, and enter the username and password to access the router. (Details not shown.)

# Verify that you can use all commands available in ISP domain view.

<Router> system-view

[Router] domain name abc

[Router-isp-abc] authentication login radius-scheme abc

[Router-isp-abc] quit

# Verify that you can use all read and write commands of the radius and arp features. This example uses radius.

[Router] radius scheme rad

[Router-radius-rad] primary authentication 2.2.2.2

[Router-radius-rad] display radius scheme rad

...

# Verify that you cannot configure any VLAN except VLANs 1 to 20. This example uses VLAN 10 and VLAN 30.

[Router] vlan 10

[Router-vlan10] quit

[Router] vlan 30

Permission denied.

# Verify that you cannot configure any interface except Ten-GigabitEthernet 3/0/1 to Ten-GigabitEthernet 3/0/4. This example uses Ten-GigabitEthernet 3/0/2 and Ten-GigabitEthernet 3/0/5.

[Router] vlan 10

[Router-vlan10] port ten-gigabitethernet 3/0/2

[Router-vlan10] port ten-gigabitethernet 3/0/5

Permission denied.

Example: Configuring RBAC temporary user role authorization (HWTACACS authentication)

Network configuration

As shown in Figure 3, the router uses the HWTACACS server that runs ACSv4.0 for Telnet user authentication and authorization. The user account for the Telnet user is test@bbb, which is assigned user role level-0.

Configure the remote-then-local authentication mode for temporary user role authorization. The router uses the HWTACACS server to provide authentication for changing the user role among level-0 through level-3 or changing the user role to network-admin. If the AAA configuration is invalid or the HWTACACS server does not respond, the router performs local authentication.

Figure 3 Network diagram

‌

Procedure

1. Configure the router:

# Assign an IP address to Ten-GigabitEthernet 3/0/1 (the interface connected to the Telnet user).

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.1.70 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2 (the interface connected to the HWTACACS server).

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 255.255.255.0

[Router-Ten-GigabitEthernet3/0/2] quit

# Enable the Telnet server.

[Router] telnet server enable

# Enable scheme authentication on the user lines for Telnet users.

[Router] line vty 0 15

[Router-line-vty0-15] authentication-mode scheme

[Router-line-vty0-15] quit

# Enable remote-then-local authentication for temporary user role authorization.

[Router] super authentication-mode scheme local

# Create an HWTACACS scheme named hwtac and enter HWTACACS scheme view.

[Router] hwtacacs scheme hwtac

# Specify the primary authentication server address and the service port in the scheme.

[Router-hwtacacs-hwtac] primary authentication 10.1.1.1 49

# Specify the primary authorization server address and the service port in the scheme.

[Router-hwtacacs-hwtac] primary authorization 10.1.1.1 49

# Set the shared key to expert in the scheme for the router to authenticate to the authentication server.

[Router-hwtacacs-hwtac] key authentication simple expert

# Set the shared key to expert in the scheme for the router to authenticate to the authorization server.

[Router-hwtacacs-hwtac] key authorization simple expert

# Exclude ISP domain names from the usernames sent to the HWTACACS server.

[Router-hwtacacs-hwtac] user-name-format without-domain

[Router-hwtacacs-hwtac] quit

# Create ISP domain bbb and enter ISP domain view.

[Router] domain name bbb

# Configure ISP domain bbb to use HWTACACS scheme hwtac for login user authentication.

[Router-isp-bbb] authentication login hwtacacs-scheme hwtac

# Configure ISP domain bbb to use HWTACACS scheme hwtac for login user authorization.

[Router-isp-bbb] authorization login hwtacacs-scheme hwtac

# Configure ISP domain bbb to not perform accounting for login users.

[Router-isp-bbb] accounting login none

# Apply HWTACACS scheme hwtac to the ISP domain for user role authentication.

[Router-isp-bbb] authentication super hwtacacs-scheme hwtac

[Router-isp-bbb] quit

# Set the local authentication password to 654321TESTplat&! for user role level-3.

[Router] super password role level-3 simple 654321TESTplat&!

# Set the local authentication password to 654321TESTplat&! for user role network-admin.

[Router] super password role network-admin simple 654321TESTplat&!

[Router] quit

2. Configure the HWTACACS server:

This example provides only the key configuration steps. For more information about configuring a HWTACACS server, see the server documentation.

a. Access the User Setup page.

b. Add a user account named test and set its password to 123456TESTplat&!. (Details not shown.)

c. In the Advanced TACACS+ Settings area, configure the following parameters:

- Select Level 3 for the Max Privilege for any AAA Client option.

If the target user role is only network-admin for temporary user role authorization, you can select any level for the option.

- Select the Use separate password option, and specify enabpass as the password.

Figure 4 Configuring advanced TACACS+ settings

a. Select Shell (exec) and Custom attributes, and enter allowed-roles="network-admin" in the Custom attributes field.

Use a blank space to separate the allowed roles.

Figure 5 Configuring custom attributes for the Telnet user

Verifying the configuration

1. Telnet to the router, and enter username test@bbb and password 123456TESTplat&! to access the router. Verify that you have access to diagnostic commands.

<Router> telnet 192.168.1.70

Trying 192.168.1.70 ...

Press CTRL+K to abort

Connected to 192.168.1.70 ...

Password:

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

<Router>?

User view commands:

ping Ping function

quit Exit from current command view

ssh2 Establish a secure shell client connection

super Switch to a user role

system-view Enter the System View

telnet Establish a telnet connection

tracert Tracert function

2. Verify that you can obtain the level-3 user role:

# Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter username test@bbb and password enabpass.

<Router> super level-3

Username: test@bbb

Password:

The following output shows that you have obtained the level-3 user role.

User privilege role is level-3, and only those commands that authorized to the role can be used.

# If the ACS server does not respond, enter local authentication password 654321TESTplat&! at the prompt.

Invalid configuration or no response from the authentication server.

Change authentication mode to local.

Password:

User privilege role is level-3, and only those commands that authorized to the role can be used.

The output shows that you have obtained the level-3 user role.

3. Use the method in step 2 to verify that you can obtain the level 0, level 1, level 2, and network-admin user roles. (Details not shown.)

Example: Configuring RBAC temporary user role authorization (RADIUS authentication)

Network configuration

As shown in Figure 6, the router uses the RADIUS server that runs ACSv4.2 for Telnet user authentication and authorization. The user account for the Telnet user is test@bbb, which is assigned user role level-0.

Configure the remote-then-local authentication mode for temporary user role authorization. The router uses the RADIUS server to provide authentication for the network-admin user role. If the AAA configuration is invalid or the RADIUS server does not respond, the router performs local authentication.

Figure 6 Network diagram

‌

Procedure

1. Configure the router:

# Assign an IP address to Ten-GigabitEthernet 3/0/1 (the interface connected to the Telnet user).

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.1.70 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2 (the interface connected to the RADIUS server).

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 255.255.255.0

[Router-Ten-GigabitEthernet3/0/2] quit

# Enable the Telnet server.

[Router] telnet server enable

# Enable scheme authentication on the user lines for Telnet users.

[Router] line vty 0 15

[Router-line-vty0-15] authentication-mode scheme

[Router-line-vty0-15] quit

# Enable remote-then-local authentication for temporary user role authorization.

[Router] super authentication-mode scheme local

# Create RADIUS scheme radius and enter RADIUS scheme view.

[Router] radius scheme radius

# Specify primary authentication server address 10.1.1.1, and set the shared key to expert in the scheme for secure communication between the router and the server.

[Router-radius-radius] primary authentication 10.1.1.1 key simple expert

# Exclude ISP domain names from the usernames sent to the RADIUS server.

[Router-radius-radius] user-name-format without-domain

[Router-radius-radius] quit

# Create ISP domain bbb and enter ISP domain view.

[Router] domain name bbb

# Configure ISP domain bbb to use RADIUS scheme radius for login user authentication.

[Router-isp-bbb] authentication login radius-scheme radius

# Configure ISP domain bbb to use RADIUS scheme radius for login user authorization.

[Router-isp-bbb] authorization login radius-scheme radius

# Configure ISP domain bbb to not perform accounting for login users.

[Router-isp-bbb] accounting login none

# Apply RADIUS scheme radius to the ISP domain for user role authentication.

[Router-isp-bbb] authentication super radius-scheme radius

[Router-isp-bbb] quit

# Set the local authentication password to abcdef654321TESTplat&! for user role network-admin.

[Router] super password role network-admin simple abcdef654321TESTplat&!

[Router] quit

2. Configure the RADIUS server:

This example provides only the key configuration steps. For more information about configuring a RADIUS server, see the server documentation.

a. Add a Telnet user account for login authentication. Set the username to test@bbb and the password to 123456TESTplat&!. (Details not shown.)

b. Add a user account for temporary user role authorization. Set the username to $enab0$ and the password to 123456. (Details not shown.)

c. Access the Cisco IOS/PIX 6.x RADIUS Attributes page.

d. Configure the cisco-av-pair attribute, as shown in Figure 7.

Figure 7 Configuring the cisco-av-pair attribute

Verifying the configuration

1. Telnet to the router, and enter username test@bbb and password 123456TESTplat&! to log in to the router. Verify that you have access to diagnostic commands.

<Router> telnet 192.168.1.70

Trying 192.168.1.70 ...

Press CTRL+K to abort

Connected to 192.168.1.70 ...

Password:

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

<Router>?

User view commands:

ping Ping function

quit Exit from current command view

ssh2 Establish a secure shell client connection

super Switch to a user role

system-view Enter the System View

telnet Establish a telnet connection

tracert Tracert function

2. Verify that you can obtain the network-admin user role:

# Use the super password to obtain the network-admin user role. When the system prompts for a username and password, enter username test@bbb and password 123456.

<Router> super network-admin

Username: test@bbb

Password:

The following output shows that you have obtained the network-admin user role:

User privilege role is network-admin, and only those commands that authorized to the role can be used.

# If the ACS server does not respond, enter local authentication password abcdef654321TESTplat&! at the prompt.

Invalid configuration or no response from the authentication server.

Change authentication mode to local.

Password:

User privilege role is network-admin, and only those commands that authorized to the role can be used.

The output shows that you have obtained the network-admin user role.

GIR configuration examples

Example: Configuring GIR in an ECMP-based node redundancy environment

Network configuration

As shown in Figure 8, Device A and Device B have ECMP routes for traffic between Internet and Device C. Before upgrading Device A, use GIR to place it in maintenance mode to prevent packet losses during upgrade. Then, change Device A back to normal mode after its software is upgraded.

Figure 8 Network diagram

‌

Procedure

1. Configure IP addresses and a unicast routing protocol (for example, OSPF). Make sure ECMP routes are available for traffic between the Internet and Device C to traverse Device A or Device B to reach the destination. (Details not shown.)

2. Isolate Device A from the network before you upgrade it.

# Change Device A from the normal mode to the maintenance mode.

<Device A> display system stable state summary

System state : Stable

Redundancy state : No redundance

NSR state : No standby

<Device A> system-view

[Device A] gir system-mode maintenance

Collecting commands... Please wait.

Configuration to be applied:

ospf 1

isolate enable

Do you want to continue? [Y/N]: y

Generated a snapshot: before_maintenance.

Applying: ospf 1

Applying: isolate enable

Waiting 120 seconds to release the CLI.

Changed to maintenance mode successfully.

# Verify that the mode switching is successful on Device A.

[Device A] display gir system-mode

System Mode: Maintenance

Revert-delay time: 0min

Maintenance-delay time: 120s

Snapshot-delay time: 120s

# Verify that traffic switching has completed on Device A.

[Device A] display counters rate inbound interface

Usage: Bandwidth utilization in percentage

Interface Usage (%) Total (pps) Broadcast (pps) Multicast (pps)

XGE3/0/1 0 0 -- --

XGE3/0/2 0 0 -- --

Overflow: More than 14 digits.

--: Not supported.

3. Upgrade Device A. (Details not shown.)

4. Restore forwarding services on Device A:

# Change Device A from the maintenance mode back to the normal mode after it is upgraded and rebooted.

<Device A> system-view

[Device A] undo gir system-mode maintenance

Collecting commands... Please wait.

Configuration to be applied:

ospf 1

undo isolate enable

Do you want to continue? [Y/N]: y

Applying: ospf 1

Applying: undo isolate enable

Waiting 120 seconds to generate a snapshot.

Generated a snapshot: after_maintenance.

Changed to normal mode successfully.

# Verify that the mode switching is successful on Device A.

[Device A] display gir system-mode

System Mode: Normal

Revert-delay time: 0min

Maintenance-delay time: 120s

Snapshot-delay time: 120s

# Verify that traffic switching has completed on Device A.

[Device A] display counters rate inbound interface

Usage: Bandwidth utilization in percentage

Interface Usage (%) Total (pps) Broadcast (pps) Multicast (pps)

XGE3/0/1 100 100 -- --

XGE3/0/2 100 100 -- --

Overflow: More than 14 digits.

--: Not supported.

Server-based automatic configuration examples

Example: Using a TFTP server for automatic configuration

Network configuration

As shown in Figure 9, Router B does not have a configuration file.

Configure the servers so Router B can obtain a configuration file to complete the following configuration tasks:

· Enable the administrator to Telnet to Router B to manage Router B.

· Require the administrator to enter the correct username and password at login.

Figure 9 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable DHCP.

<RouterA> system-view

[RouterA] dhcp enable

# Configure IP pool 1 to assign IP addresses on the 192.168.1.0/24 subnet to clients. Specify the TFTP server and configuration file name for the clients.

[RouterA] ip pool 1

[RouterA-ip-pool-1] network 192.168.1.0 24

[RouterA-ip-pool-1] tftp-server ip-address 192.168.1.40

[RouterA-ip-pool-1] bootfile-name device.cfg

[RouterA-ip-pool-1] quit

2. Configure the TFTP server:

# On the TFTP server, create a configuration file named device.cfg.

telnet server enable

local-user user

password simple abcabc

service-type telnet

quit

user-interface vty 0 63

authentication-mode scheme

user-role network-admin

quit

interface ten-gigabitethernet 3/0/1

port link-mode route

ip address dhcp-alloc

return

# Start TFTP service software. (Details not shown.)

Verifying the configuration

1. Power on Router B.

2. After Router B starts up, display assigned IP addresses on Router A.

<RouterA> display dhcp server ip-in-use

IP address Client identifier/ Lease expiration Type

Hardware address

192.168.1.2 0030-3030-632e-3239- Dec 12 17:41:15 2013 Auto(C)

3035-2e36-3736-622d-

4574-6830-2f30-2f32

3. Telnet to 192.168.1.2 from Router A.

<RouterA> telnet 192.168.1.2

4. Enter username user and password abcabc as prompted. (Details not shown.)

You are logged in to Router B.

Example: Using an HTTP server and Tcl scripts for automatic configuration

Network configuration

As shown in Figure 10, Router B does not have a configuration file.

Configure the servers so Router B can obtain a Tcl script to complete the following configuration tasks:

· Enable the administrator to Telnet to Router B to manage Router B.

· Require the administrator to enter the correct username and password at login.

Figure 10 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable DHCP.

<RouterA> system-view

[RouterA] dhcp enable

# Configure IP pool 1 to assign IP addresses on the 192.168.1.0/24 subnet to clients.

[RouterA] ip pool 1

[RouterA-ip-pool-1] network 192.168.1.0 24

# Specify the URL of the script file for the clients.

[RouterA-ip-pool-1] bootfile-name http://192.168.1.40/device.tcl

2. Configure the HTTP server:

# Create a configuration file named device.tcl on the HTTP server.

system-view

telnet server enable

local-user user

password simple abcabc

service-type telnet

quit

user-interface vty 0 63

authentication-mode scheme

user-role network-admin

quit

interface ten-gigabitethernet 3/0/1

port link-mode route

ip address dhcp-alloc

return

# Start HTTP service software and enable HTTP service. (Details not shown.)

Verifying the configuration

1. Power on Router B.

2. After Router B starts up, display assigned IP addresses on Router A.

<RouterA> display dhcp server ip-in-use

IP address Client identifier/ Lease expiration Type

Hardware address

192.168.1.2 0030-3030-632e-3239- Dec 12 17:41:15 2013 Auto(C)

3035-2e36-3736-622d-

4574-6830-2f30-2f32

3. Telnet to 192.168.1.2 from Router A.

<RouterA> telnet 192.168.1.2

4. Enter username user and password abcabc as prompted. (Details not shown.)

You are logged in to Router B.

Example: Using an HTTP server and Python scripts for automatic configuration

Network configuration

As shown in Figure 11, Router B does not have a configuration file.

Configure the servers so Router B can obtain a Python script to complete the following configuration tasks:

· Enable the administrator to Telnet to Router B to manage Router B.

· Require the administrator to enter the correct username and password at login.

Figure 11 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable DHCP.

<RouterA> system-view

[RouterA] dhcp enable

# Configure IP pool 1 to assign IP addresses on the 192.168.1.0/24 subnet to clients.

[RouterA] ip pool 1

[RouterA-ip-pool-1] network 192.168.1.0 24

# Specify the URL of the script file for the clients.

[RouterA-ip-pool-1] bootfile-name http://192.168.1.40/device.py

2. Configure the HTTP server:

# Create a configuration file named device.py on the HTTP server.

#!usr/bin/python

import comware

comware.CLI(‘system-view ;telnet server enable ;local-user user ;password simple abcabc ;service-type telnet ;quit ;user-interface vty 0 63 ;authentication-mode scheme ;user-role network-admin ;quit ;interface ten-gigabitethernet 3/0/1 ;port link-mode route ;ip address dhcp-alloc ;return’)

# Start HTTP service software and enable HTTP service. (Details not shown.)

Verifying the configuration

1. Power on Router B.

2. After Router B starts up, display assigned IP addresses on Router A.

<RouterA> display dhcp server ip-in-use

IP address Client identifier/ Lease expiration Type

Hardware address

192.168.1.2 0030-3030-632e-3239- Dec 12 17:41:15 2013 Auto(C)

3035-2e36-3736-622d-

4574-6830-2f30-2f32

3. Telnet to 192.168.1.2 from Router A.

<RouterA> telnet 192.168.1.2

4. Enter username user and password abcabc as prompted. (Details not shown.)

You are logged in to Router B.

POS interface configuration examples

Example: Directly connecting routers through POS interfaces

Network configuration

As shown in Figure 12, connect the routers through POS interfaces.

Figure 12 Network diagram

‌

Procedure

1. Configure Pos 3/0/1 on Router A:

# Assign an IP address to the interface.

<RouterA> system-view

[RouterA] interface pos 3/0/1

[RouterA-Pos3/0/1] ip address 10.110.1.10 255.255.255.0

# Configure the data link layer protocol of the interface.

[RouterA-Pos3/0/1] link-protocol ppp

# Set the MTU to 1500 bytes for the interface.

[RouterA-Pos3/0/1] mtu 1500

# Shut down, and then bring up the interface for the settings to take effect.

[RouterA-Pos3/0/1] shutdown

[RouterA-Pos3/0/1] undo shutdown

[RouterA-Pos3/0/1] quit

2. Configure Pos 3/0/1 on Router B:

# Set the clock mode to master on the interface.

<RouterB> system-view

[RouterB] interface pos 3/0/1

[RouterB-Pos3/0/1] clock master

# Assign an IP address to the interface.

[RouterB-Pos3/0/1] ip address 10.110.1.11 255.255.255.0

# Configure the data link layer protocol of the interface.

[RouterB-Pos3/0/1] link-protocol ppp

# Set the MTU to 1500 bytes for the interface.

[RouterB-Pos3/0/1] mtu 1500

# Shut down, and then bring up the interface for the settings to take effect.

[RouterB-Pos3/0/1] shutdown

[RouterB-Pos3/0/1] undo shutdown

[RouterB-Pos3/0/1] quit

Verifying the configuration

# Display brief information about the POS interfaces on Router A.

[RouterA] display interface pos brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

Pos3/0/1 UP UP 10.110.1.10

The output shows that both the physical state and the link layer protocol state of Pos 3/0/1 on Router A are up.

# Display brief information about the POS interfaces on Router B.

[RouterB] display interface pos brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

Pos3/0/1 UP UP 10.110.1.11

The output shows that both the physical state and the link layer protocol state of Pos 3/0/1 on Router B are up.

# Ping Router B from Router A.

[RouterA] ping 10.110.1.11

Ping 10.110.1.11 (10.110.1.11): 56 data bytes, press CTRL+C to break

56 bytes from 10.110.1.11: icmp_seq=0 ttl=255 time=0.127 ms

56 bytes from 10.110.1.11: icmp_seq=1 ttl=255 time=0.091 ms

56 bytes from 10.110.1.11: icmp_seq=2 ttl=255 time=0.072 ms

56 bytes from 10.110.1.11: icmp_seq=3 ttl=255 time=0.074 ms

56 bytes from 10.110.1.11: icmp_seq=4 ttl=255 time=0.079 ms

--- Ping statistics for 10.110.1.11 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.072/0.089/0.127/0.020 ms

The output shows that Router A and Router B can reach each other through the POS interfaces.

CPOS interface configuration examples

Example: Configuring CPOS-E1 channels

Network configuration

As shown in Figure 13, branch nodes Router B through Router H are uplinked to the central node Router A through E1 links. Router A aggregates these E1 links by using a CPOS interface.

Add one additional E1 link on Router B to expand its capacity, and use an MP-group interface to bind the two E1 links.

Figure 13 Network diagram

‌

Prerequisites

For correct network synchronization, make sure the master clock mode is configured on the SONET/SDH devices connected to the routers.

Procedure

1. Configure Router A:

# Configure E1 channels 1 and 2 of CPOS 2/2/1 to operate in unframed mode.

<RouterA> system-view

[RouterA] controller cpos 3/0/1

[RouterA-Cpos 3/0/1] e1 1 unframed

[RouterA-Cpos 3/0/1] e1 2 unframed

# Create MP-group 3/0/1 and assign an IP address to it.

[RouterA] interface mp-group 3/0/1

[RouterA-Mp-group3/0/1] ip address 10.1.1.1 24

[RouterA-Mp-group3/0/1] quit

# Assign Serial 3/0/1/1:0 to MP-group 3/0/1.

[RouterA] interface serial3/0/1/1:0

[RouterA-Serial3/0/1/1:0] ppp mp mp-group 3/0/1

[RouterA-Serial3/0/1/1:0] quit

# Assign Serial 3/0/1/2:0 to MP-group 3/0/1.

[RouterA] interface serial3/0/1/2:0

[RouterA-Serial3/0/1/2:0] ppp mp mp-group 3/0/1

[RouterA-Serial3/0/1/2:0] quit

2. Configure Router B:

# Configure E1 3/0/1 to operate in E1 mode.

<RouterB> system-view

[RouterB] controller e1 3/0/1

[RouterB-E1 3/0/1] using e1

[RouterB-E1 3/0/1] quit

# Configure E1 3/0/2 to operate in E1 mode.

[RouterB] controller e1 3/0/2

[RouterB-E1 3/0/2] using e1

[RouterB-E1 3/0/2] quit

# Create MP-group 3/0/1 and assign an IP address to it.

[RouterB] interface mp-group 3/0/1

[RouterB-Mp-group3/0/1] ip address 10.1.1.2 24

[RouterB-Mp-group3/0/1] quit

# Assign Serial 3/0/1:0 to MP-group 3/0/1.

[RouterB] interface serial3/0/1:0

[RouterB-Serial3/0/1:0] ppp mp mp-group 3/0/1

[RouterB-Serial3/0/1:0] quit

# Assign Serial 3/0/2:0 to MP-group 3/0/1.

[RouterB] interface serial3/0/2:0

[RouterB-Serial3/0/2:0] ppp mp mp-group 3/0/1

[RouterB-Serial3/0/2:0] quit

Verifying the configuration

# Execute the display interface serial 3/0/1:0, display interface mp-group 3/0/1, and display ppp mp commands to view the connectivity state.

# Verify that the routers can ping one another. (Details not shown.)

MAC address table configuration examples

Example: Configuring the MAC address table

Network configuration

As shown in Figure 14:

· Host A at MAC address 000f-e235-dc71 is connected to Ten-GigabitEthernet 3/0/1 of Device and belongs to VLAN 1.

· Host B at MAC address 000f-e235-abcd, which behaved suspiciously on the network, also belongs to VLAN 1.

Configure the MAC address table as follows:

· To prevent MAC address spoofing, add a static entry for Host A in the MAC address table of Device.

· To drop all frames destined for Host B, add a blackhole MAC address entry for Host B.

· Set the aging timer to 500 seconds for dynamic MAC address entries.

Figure 14 Network diagram

‌

Procedure

# Add a static MAC address entry for MAC address 000f-e235-dc71 on Ten-GigabitEthernet 3/0/1 that belongs to VLAN 1.

<Device> system-view

[Device] mac-address static 000f-e235-dc71 interface ten-gigabitethernet 3/0/1 vlan 1

# Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1.

[Device] mac-address blackhole 000f-e235-abcd vlan 1

# Set the aging timer to 500 seconds for dynamic MAC address entries.

[Device] mac-address timer aging 500

Verifying the configuration

# Display the static MAC address entries for Ten-GigabitEthernet 3/0/1.

[Device] display mac-address static interface ten-gigabitethernet 3/0/1

MAC Address VLAN ID State Port/Nickname Aging

000f-e235-dc71 1 Static XGE3/0/1 N

# Display the blackhole MAC address entries.

[Device] display mac-address blackhole

MAC Address VLAN ID State Port/Nickname Aging

000f-e235-abcd 1 Blackhole N/A N

# Display the aging time of dynamic MAC address entries.

[Device] display mac-address aging-time

MAC address aging time: 500s.

Ethernet link aggregation configuration examples

Example: Configuring a Layer 2 static aggregation group

Network configuration

On the network shown in Figure 15, perform the following tasks:

· Configure a Layer 2 static aggregation group on both Device A and Device B.

· Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.

· Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.

Figure 15 Network diagram

‌

Procedure

1. Configure Device A:

# Create VLAN 10, and assign port Ten-GigabitEthernet 3/0/4 to VLAN 10.

<DeviceA> system-view

[DeviceA] vlan 10

[DeviceA-vlan10] port ten-gigabitethernet 3/0/4

[DeviceA-vlan10] quit

# Create VLAN 20, and assign port Ten-GigabitEthernet 3/0/5 to VLAN 20.

[DeviceA] vlan 20

[DeviceA-vlan20] port ten-gigabitethernet 3/0/5

[DeviceA-vlan20] quit

# Create Layer 2 aggregate interface Bridge-Aggregation 1.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] quit

# Assign ports Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to link aggregation group 1.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/3] quit

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] port link-type trunk

[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20

[DeviceA-Bridge-Aggregation1] quit

2. Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto

Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

D -- Synchronization, E -- Collecting, F -- Distributing,

G -- Defaulted, H -- Expired

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Static

Loadsharing Type: Shar

Port Status Priority Oper-Key

XGE3/0/1 S 32768 1

XGE3/0/2 S 32768 1

XGE3/0/3 S 32768 1

The output shows that link aggregation group 1 is a Layer 2 static aggregation group that contains three Selected ports.

Example: Configuring a Layer 2 dynamic aggregation group

Network configuration

On the network shown in Figure 16, perform the following tasks:

· Configure a Layer 2 dynamic aggregation group on both Device A and Device B.

· Enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end.

· Enable VLAN 20 at one end of the aggregate link to communicate with VLAN 20 at the other end.

Figure 16 Network diagram

‌

Procedure

1. Configure Device A:

# Create VLAN 10, and assign the port Ten-GigabitEthernet 3/0/4 to VLAN 10.

<DeviceA> system-view

[DeviceA] vlan 10

[DeviceA-vlan10] port ten-gigabitethernet 3/0/4

[DeviceA-vlan10] quit

# Create VLAN 20, and assign the port Ten-GigabitEthernet 3/0/5 to VLAN 20.

[DeviceA] vlan 20

[DeviceA-vlan20] port ten-gigabitethernet 3/0/5

[DeviceA-vlan20] quit

# Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic

[DeviceA-Bridge-Aggregation1] quit

# Assign ports Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to link aggregation group 1.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/3] quit

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 10 and 20.

[DeviceA] interface bridge-aggregation 1

[DeviceA-Bridge-Aggregation1] port link-type trunk

[DeviceA-Bridge-Aggregation1] port trunk permit vlan 10 20

[DeviceA-Bridge-Aggregation1] quit

2. Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto

Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

D -- Synchronization, E -- Collecting, F -- Distributing,

G -- Defaulted, H -- Expired

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: Shar

System ID: 0x8000, 000f-e267-6c6a

Local:

Port Status Priority Index Oper-Key Flag

XGE3/0/1 S 32768 11 1 {ACDEF}

XGE3/0/2 S 32768 12 1 {ACDEF}

XGE3/0/3 S 32768 13 1 {ACDEF}

Remote:

Actor Priority Index Oper-Key SystemID Flag

XGE3/0/1 32768 81 1 0x8000, 000f-e267-57ad {ACDEF}

XGE3/0/2 32768 82 1 0x8000, 000f-e267-57ad {ACDEF}

XGE3/0/3 32768 83 1 0x8000, 000f-e267-57ad {ACDEF}

The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group that contains three Selected ports.

Example: Configuring a Layer 2 edge aggregate interface

Network configuration

As shown in Figure 17, a Layer 2 dynamic aggregation group is configured on the device. The server is not configured with dynamic link aggregation.

Configure an edge aggregate interface so that both Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 can forward traffic to improve link reliability.

Figure 17 Network diagram

‌

Procedure

# Create Layer 2 aggregate interface Bridge-Aggregation 1, and set the link aggregation mode to dynamic.

<Device> system-view

[Device] interface bridge-aggregation 1

[Device-Bridge-Aggregation1] link-aggregation mode dynamic

# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as an edge aggregate interface.

[Device-Bridge-Aggregation1] lacp edge-port

[Device-Bridge-Aggregation1] quit

# Assign ports Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to link aggregation group 1.

[Device] interface ten-gigabitethernet 3/0/1

[Device-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[Device-Ten-GigabitEthernet3/0/1] quit

[Device] interface ten-gigabitethernet 3/0/2

[Device-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[Device-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Display detailed information about all aggregation groups on the device when the server is not configured with dynamic link aggregation.

[Device] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto

Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

D -- Synchronization, E -- Collecting, F -- Distributing,

G -- Defaulted, H -- Expired

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: Shar

System ID: 0x8000, 000f-e267-6c6a

Local:

Port Status Priority Index Oper-Key Flag

XGE3/0/1 I 32768 11 1 {AG}

XGE3/0/2 I 32768 12 1 {AG}

Remote:

Actor Priority Index Oper-Key SystemID Flag

XGE3/0/1 32768 81 0 0x8000, 0000-0000-0000 {DEF}

XGE3/0/2 32768 82 0 0x8000, 0000-0000-0000 {DEF}

The output shows that Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 are in Individual state when they do not receive LACPDUs from the server. Both Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 can forward traffic. When one port fails, its traffic is automatically switched to the other port.

Example: Configuring a Layer 3 static aggregation group

Network configuration

On the network shown in Figure 18, perform the following tasks:

· Configure a Layer 3 static aggregation group on both Device A and Device B.

· Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces.

Figure 18 Network diagram

‌

Procedure

1. Configure Device A:

# Create Layer 3 aggregate interface Route-Aggregation 1, and configure an IP address and subnet mask for the aggregate interface.

<DeviceA> system-view

[DeviceA] interface route-aggregation 1

[DeviceA-Route-Aggregation1] ip address 192.168.1.1 24

[DeviceA-Route-Aggregation1] quit

# Assign Layer 3 Ethernet interfaces Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to aggregation group 1.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/3] quit

2. Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto

Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

D -- Synchronization, E -- Collecting, F -- Distributing,

G -- Defaulted, H -- Expired

Aggregate Interface: Route-Aggregation1

Aggregation Mode: Static

Loadsharing Type: Shar

Port Status Priority Oper-Key

XGE3/0/1 S 32768 1

XGE3/0/2 S 32768 1

XGE3/0/3 S 32768 1

The output shows that link aggregation group 1 is a Layer 3 static aggregation group that contains three Selected ports.

Example: Configuring a Layer 3 dynamic aggregation group

Network configuration

On the network shown in Figure 19, perform the following tasks:

· Configure a Layer 3 dynamic aggregation group on both Device A and Device B.

· Configure IP addresses and subnet masks for the corresponding Layer 3 aggregate interfaces.

Figure 19 Network diagram

‌

Procedure

1. Configure Device A:

# Create Layer 3 aggregate interface Route-Aggregation 1.

<DeviceA> system-view

[DeviceA] interface route-aggregation 1

# Set the link aggregation mode to dynamic.

[DeviceA-Route-Aggregation1] link-aggregation mode dynamic

# Configure an IP address and subnet mask for Route-Aggregation 1.

[DeviceA-Route-Aggregation1] ip address 192.168.1.1 24

[DeviceA-Route-Aggregation1] quit

# Assign Layer 3 Ethernet interfaces Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to aggregation group 1.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] port link-aggregation group 1

[DeviceA-Ten-GigabitEthernet3/0/3] quit

2. Configure Device B in the same way Device A is configured. (Details not shown.)

Verifying the configuration

# Display detailed information about all aggregation groups on Device A.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto

Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

D -- Synchronization, E -- Collecting, F -- Distributing,

G -- Defaulted, H -- Expired

Aggregate Interface: Route-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: Shar

System ID: 0x8000, 000f-e267-6c6a

Local:

Port Status Priority Index Oper-Key Flag

XGE3/0/1 S 32768 11 1 {ACDEF}

XGE3/0/2 S 32768 12 1 {ACDEF}

XGE3/0/3 S 32768 13 1 {ACDEF}

Remote:

Actor Priority Index Oper-Key SystemID Flag

XGE3/0/1 32768 81 1 0x8000, 000f-e267-57ad {ACDEF}

XGE3/0/2 32768 82 1 0x8000, 000f-e267-57ad {ACDEF}

XGE3/0/3 32768 83 1 0x8000, 000f-e267-57ad {ACDEF}

The output shows that link aggregation group 1 is a Layer 3 dynamic aggregation group that contains three Selected ports.

Example: Configuring S-MLAG

Network configuration

Device B, Device C, and Device D are standalone devices. As shown in Figure 20, configure Device B, Device C, and Device D as S-MLAG devices to establish a multichassis aggregate link with Device A.

Figure 20 Network diagram

‌

Procedure

1. Configure Device A:

# Create Layer 2 aggregate interface Bridge-Aggregation 10, and set the link aggregation mode to dynamic.

<DeviceA> system-view

[DeviceA] interface bridge-aggregation 10

[DeviceA-Bridge-Aggregation10] link-aggregation mode dynamic

[DeviceA-Bridge-Aggregation10] quit

# Assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to aggregation group 10.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-aggregation group 10

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] port link-aggregation group 10

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] port link-aggregation group 10

[DeviceA-Ten-GigabitEthernet3/0/3] quit

2. Configure Device B:

# Set the LACP system MAC address to 0001-0001-0001.

<DeviceB> system-view

[DeviceB] lacp system-mac 1-1-1

# Set the LACP system priority to 123.

[DeviceB] lacp system-priority 123

# Set the LACP system number to 1.

[DeviceB] lacp system-number 1

# Create Layer 2 aggregate interface Bridge-Aggregation 2, and set the link aggregation mode to dynamic.

[DeviceB] interface bridge-aggregation 2

[DeviceB-Bridge-Aggregation2] link-aggregation mode dynamic

# Assign Bridge-Aggregation 2 to S-MLAG group 100.

[DeviceB-Bridge-Aggregation2] port s-mlag group 100

# Assign Ten-GigabitEthernet 3/0/1 to aggregation group 2.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] port link-aggregation group 2

[DeviceB-Ten-GigabitEthernet3/0/1] quit

3. Configure Device C:

# Set the LACP system MAC address to 0001-0001-0001.

<DeviceC> system-view

[DeviceC] lacp system-mac 1-1-1

# Set the LACP system priority to 123.

[DeviceC] lacp system-priority 123

# Set the LACP system number to 2.

[DeviceC] lacp system-number 2

# Create Layer 2 aggregate interface Bridge-Aggregation 3, and set the link aggregation mode to dynamic.

[DeviceC] interface bridge-aggregation 3

[DeviceC-Bridge-Aggregation3] link-aggregation mode dynamic

# Assign Bridge-Aggregation 3 to S-MLAG group 100.

[DeviceC-Bridge-Aggregation3] port s-mlag group 100

# Assign Ten-GigabitEthernet 3/0/1 to aggregation group 3.

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] port link-aggregation group 3

[DeviceC-Ten-GigabitEthernet3/0/1] quit

4. Configure Device D:

# Set the LACP system MAC address to 0001-0001-0001.

<DeviceD> system-view

[DeviceD] lacp system-mac 1-1-1

# Set the LACP system priority to 123.

[DeviceD] lacp system-priority 123

# Set the LACP system number to 3.

[DeviceD] lacp system-number 3

# Create Layer 2 aggregate interface Bridge-Aggregation 4, and set the link aggregation mode to dynamic.

[DeviceD] interface bridge-aggregation 4

[DeviceD-Bridge-Aggregation4] link-aggregation mode dynamic

# Assign Bridge-Aggregation 4 to S-MLAG group 100.

[DeviceD-Bridge-Aggregation4] port s-mlag group 100

# Assign Ten-GigabitEthernet 3/0/1 to aggregation group 4.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] port link-aggregation group 4

[DeviceD-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 on Device A are Selected ports.

[DeviceA] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Port: A -- Auto

Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

D -- Synchronization, E -- Collecting, F -- Distributing,

G -- Defaulted, H -- Expired

Aggregate Interface: Bridge-Aggregation10

Aggregation Mode: Dynamic

Loadsharing Type: Shar

System ID: 0x8000, 40fa-264f-0100

Local:

Port Status Priority Index Oper-Key Flag

XGE3/0/1 S 32768 1 1 {ACDEF}

XGE3/0/2 S 32768 2 1 {ACDEF}

XGE3/0/3 S 32768 3 1 {ACDEF}

Remote:

Actor Priority Index Oper-Key SystemID Flag

XGE3/0/1 32768 16385 50100 0x7b , 0001-0001-0001 {ACDEF}

XGE3/0/2 32768 32769 50100 0x7b , 0001-0001-0001 {ACDEF}

XGE3/0/3 32768 49153 50100 0x7b , 0001-0001-0001 {ACDEF}

VLAN configuration examples

Example: Configuring port-based VLANs

Network configuration

As shown in Figure 21:

· Host A and Host C belong to Department A. VLAN 100 is assigned to Department A.

· Host B and Host D belong to Department B. VLAN 200 is assigned to Department B.

Configure port-based VLANs so that only hosts in the same department can communicate with each other.

Figure 21 Network diagram

‌

Procedure

1. Configure Device A:

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 to VLAN 100.

<DeviceA> system-view

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1

[DeviceA-vlan100] quit

# Create VLAN 200, and assign Ten-GigabitEthernet 3/0/2 to VLAN 200.

[DeviceA] vlan 200

[DeviceA-vlan200] port ten-gigabitethernet 3/0/2

[DeviceA-vlan200] quit

# Configure Ten-GigabitEthernet 3/0/3 as a trunk port, and assign the port to VLANs 100 and 200.

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] port link-type trunk

[DeviceA-Ten-GigabitEthernet3/0/3] port trunk permit vlan 100 200

Please wait... Done.

2. Configure Device B in the same way Device A is configured. (Details not shown.)

3. Configure hosts:

a. Configure Host A and Host C to be on the same IP subnet. For example, 192.168.100.0/24.

b. Configure Host B and Host D to be on the same IP subnet. For example, 192.168.200.0/24.

Verifying the configuration

# Verify that Host A and Host C can ping each other, but they both fail to ping Host B and Host D. (Details not shown.)

# Verify that Host B and Host D can ping each other, but they both fail to ping Host A and Host C. (Details not shown.)

# Verify that VLANs 100 and 200 are correctly configured on Device A.

[DeviceA-Ten-GigabitEthernet3/0/3] display vlan 100

VLAN ID: 100

VLAN type: Static

Route interface: Not configured

Description: VLAN 0100

Name: VLAN 0100

Tagged ports:

Ten-GigabitEthernet3/0/3

Untagged ports:

Ten-GigabitEthernet3/0/1

[DeviceA-Ten-GigabitEthernet3/0/3] display vlan 200

VLAN ID: 200

VLAN type: Static

Route interface: Not configured

Description: VLAN 0200

Name: VLAN 0200

Tagged ports:

Ten-GigabitEthernet3/0/3

Untagged ports:

Ten-GigabitEthernet3/0/2

Super VLAN configuration examples

Example: Configuring a super VLAN

Network configuration

As shown in Figure 22:

· Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 are in VLAN 2.

· Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/4 are in VLAN 3.

· Ten-GigabitEthernet 3/0/5 and Ten-GigabitEthernet 3/0/6 are in VLAN 5.

To save IP addresses and enable sub-VLANs to be isolated at Layer 2 but interoperable at Layer 3, perform the following tasks:

· Create a super VLAN and assign an IP address to its VLAN interface.

· Associate the super VLAN with VLANs 2, 3, and 5.

Figure 22 Network diagram

‌

Procedure

# Create VLAN 10.

<DeviceA> system-view

[DeviceA] vlan 10

[DeviceA-vlan10] quit

# Create VLAN-interface 10, and assign IP address 10.1.1.1/24 to it.

[DeviceA] interface vlan-interface 10

[DeviceA-Vlan-interface10] ip address 10.1.1.1 255.255.255.0

# Enable local proxy ARP.

[DeviceA-Vlan-interface10] local-proxy-arp enable

[DeviceA-Vlan-interface10] quit

# Create VLAN 2, and assign Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to the VLAN.

[DeviceA] vlan 2

[DeviceA-vlan2] port ten-gigabitethernet 3/0/1 ten-gigabitethernet 3/0/2

[DeviceA-vlan2] quit

# Create VLAN 3, and assign Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceA] vlan 3

[DeviceA-vlan3] port ten-gigabitethernet 3/0/3 ten-gigabitethernet 3/0/4

[DeviceA-vlan3] quit

# Create VLAN 5, and assign Ten-GigabitEthernet 3/0/5 and Ten-GigabitEthernet 3/0/6 to the VLAN.

[DeviceA] vlan 5

[DeviceA-vlan5] port ten-gigabitethernet 3/0/5 ten-gigabitethernet 3/0/6

[DeviceA-vlan5] quit

# Configure VLAN 10 as a super VLAN, and associate sub-VLANs 2, 3, and 5 with the super VLAN.

[DeviceA] vlan 10

[DeviceA-vlan10] supervlan

[DeviceA-vlan10] subvlan 2 3 5

[DeviceA-vlan10] quit

[DeviceA] quit

Verifying the configuration

# Display information about super VLAN 10 and its associated sub-VLANs.

[DeviceA] display supervlan

Super VLAN ID: 10

Sub-VLAN ID: 2-3 5

VLAN ID: 10

VLAN type: Static

It is a super VLAN.

Route interface: Configured

Ipv4 address: 10.1.1.1

Ipv4 subnet mask: 255.255.255.0

Description: VLAN 0010

Name: VLAN 0010

Tagged ports: None

Untagged ports: None

VLAN ID: 2

VLAN type: Static

It is a sub VLAN.

Route interface: Configured

Ipv4 address: 10.1.1.1

Ipv4 subnet mask: 255.255.255.0

Description: VLAN 0002

Name: VLAN 0002

Tagged ports: None

Untagged ports:

Ten-GigabitEthernet3/0/1

Ten-GigabitEthernet3/0/2

VLAN ID: 3

VLAN type: Static

It is a sub VLAN.

Route interface: Configured

Ipv4 address: 10.1.1.1

Ipv4 subnet mask: 255.255.255.0

Description: VLAN 0003

Name: VLAN 0003

Tagged ports: None

Untagged ports:

Ten-GigabitEthernet3/0/3

Ten-GigabitEthernet3/0/4

VLAN ID: 5

VLAN type: Static

It is a sub VLAN.

Route interface: Configured

Ipv4 address: 10.1.1.1

Ipv4 subnet mask: 255.255.255.0

Description: VLAN 0005

Name: VLAN 0005

Tagged ports: None

Untagged ports:

Ten-GigabitEthernet3/0/5

Ten-GigabitEthernet3/0/6

MVRP configuration examples

Example: Configuring basic MVRP functions

Network configuration

As shown in Figure 23:

· Create VLAN 10 on Device A and VLAN 20 on Device B.

· Configure MSTP, map VLAN 10 to MSTI 1, map VLAN 20 to MSTI 2, and map the other VLANs to MSTI 0.

Configure MVRP on Device A, Device B, Device C, and Device D to meet the following requirements:

· The devices can register and deregister dynamic VLANs.

· The devices can keep identical VLAN configurations for each MSTI.

Figure 23 Network diagram

‌

Procedure

1. Configure Device A:

# Enter MST region view.

<DeviceA> system-view

[DeviceA] stp region-configuration

# Configure the MST region name, VLAN-to-instance mappings, and revision level.

[DeviceA-mst-region] region-name example

[DeviceA-mst-region] instance 1 vlan 10

[DeviceA-mst-region] instance 2 vlan 20

[DeviceA-mst-region] revision-level 0

# Manually activate the MST region configuration.

[DeviceA-mst-region] active region-configuration

[DeviceA-mst-region] quit

# Configure Device A as the primary root bridge of MSTI 1.

[DeviceA] stp instance 1 root primary

# Globally enable the spanning tree feature.

[DeviceA] stp global enable

# Globally enable MVRP.

[DeviceA] mvrp global enable

# Configure Ten-GigabitEthernet 3/0/1 as a trunk port, and configure it to permit all VLANs.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-type trunk

[DeviceA-Ten-GigabitEthernet3/0/1] port trunk permit vlan all

# Enable MVRP on Ten-GigabitEthernet 3/0/1.

[DeviceA-Ten-GigabitEthernet3/0/1] mvrp enable

[DeviceA-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 as a trunk port, and configure it to permit VLAN 40.

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] port link-type trunk

[DeviceA-Ten-GigabitEthernet3/0/2] port trunk permit vlan 40

# Enable MVRP on Ten-GigabitEthernet 3/0/2.

[DeviceA-Ten-GigabitEthernet3/0/2] mvrp enable

[DeviceA-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3 as a trunk port, and configure it to permit all VLANs.

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] port link-type trunk

[DeviceA-Ten-GigabitEthernet3/0/3] port trunk permit vlan all

# Enable MVRP on Ten-GigabitEthernet 3/0/3.

[DeviceA-Ten-GigabitEthernet3/0/3] mvrp enable

[DeviceA-Ten-GigabitEthernet3/0/3] quit

# Create VLAN 10.

[DeviceA] vlan 10

[DeviceA-vlan10] quit

2. Configure Device B:

# Enter MST region view.

<DeviceB> system-view

[DeviceB] stp region-configuration

# Configure the MST region name, VLAN-to-instance mappings, and revision level.

[DeviceB-mst-region] region-name example

[DeviceB-mst-region] instance 1 vlan 10

[DeviceB-mst-region] instance 2 vlan 20

[DeviceB-mst-region] revision-level 0

# Manually activate the MST region configuration.

[DeviceB-mst-region] active region-configuration

[DeviceB-mst-region] quit

# Configure Device B as the primary root bridge of MSTI 2.

[DeviceB] stp instance 2 root primary

# Globally enable the spanning tree feature.

[DeviceB] stp global enable

# Globally enable MVRP.

[DeviceB] mvrp global enable

# Configure Ten-GigabitEthernet 3/0/1 as a trunk port, and configure it to permit VLANs 20 and 40.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] port link-type trunk

[DeviceB-Ten-GigabitEthernet3/0/1] port trunk permit vlan 20 40

# Enable MVRP on Ten-GigabitEthernet 3/0/1.

[DeviceB-Ten-GigabitEthernet3/0/1] mvrp enable

[DeviceB-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 as a trunk port, and configure it to permit all VLANs.

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] port link-type trunk

[DeviceB-Ten-GigabitEthernet3/0/2] port trunk permit vlan all

# Enable MVRP on Ten-GigabitEthernet 3/0/2.

[DeviceB-Ten-GigabitEthernet3/0/2] mvrp enable

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3 as a trunk port, and configure it to permit all VLANs.

[DeviceB] interface ten-gigabitethernet 3/0/3

[DeviceB-Ten-GigabitEthernet3/0/3] port link-type trunk

[DeviceB-Ten-GigabitEthernet3/0/3] port trunk permit vlan all

# Enable MVRP on Ten-GigabitEthernet 3/0/3.

[DeviceB-Ten-GigabitEthernet3/0/3] mvrp enable

[DeviceB-Ten-GigabitEthernet3/0/3] quit

# Create VLAN 20.

[DeviceB] vlan 20

[DeviceB-vlan20] quit

3. Configure Device C:

# Enter MST region view.

<DeviceC> system-view

[DeviceC] stp region-configuration

# Configure the MST region name, VLAN-to-instance mappings, and revision level.

[DeviceC-mst-region] region-name example

[DeviceC-mst-region] instance 1 vlan 10

[DeviceC-mst-region] instance 2 vlan 20

[DeviceC-mst-region] revision-level 0

# Manually activate the MST region configuration.

[DeviceC-mst-region] active region-configuration

[DeviceC-mst-region] quit

# Configure Device C as the root bridge of MSTI 0.

[DeviceC] stp instance 0 root primary

# Globally enable the spanning tree feature.

[DeviceC] stp global enable

# Globally enable MVRP.

[DeviceC] mvrp global enable

# Configure Ten-GigabitEthernet 3/0/1 as a trunk port, and configure it to permit all VLANs.

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] port link-type trunk

[DeviceC-Ten-GigabitEthernet3/0/1] port trunk permit vlan all

# Enable MVRP on Ten-GigabitEthernet 3/0/1.

[DeviceC-Ten-GigabitEthernet3/0/1] mvrp enable

[DeviceC-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 as a trunk port, and configure it to permit all VLANs.

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] port link-type trunk

[DeviceC-Ten-GigabitEthernet3/0/2] port trunk permit vlan all

# Enable MVRP on Ten-GigabitEthernet 3/0/2.

[DeviceC-Ten-GigabitEthernet3/0/2] mvrp enable

[DeviceC-Ten-GigabitEthernet3/0/2] quit

4. Configure Device D:

# Enter MST region view.

<DeviceD> system-view

[DeviceD] stp region-configuration

# Configure the MST region name, VLAN-to-instance mappings, and revision level.

[DeviceD-mst-region] region-name example

[DeviceD-mst-region] instance 1 vlan 10

[DeviceD-mst-region] instance 2 vlan 20

[DeviceD-mst-region] revision-level 0

# Manually activate the MST region configuration.

[DeviceD-mst-region] active region-configuration

[DeviceD-mst-region] quit

# Globally enable the spanning tree feature.

[DeviceD] stp global enable

# Globally enable MVRP.

[DeviceD] mvrp global enable

# Configure Ten-GigabitEthernet 3/0/1 as a trunk port, and configure it to permit VLANs 20 and 40.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] port link-type trunk

[DeviceD-Ten-GigabitEthernet3/0/1] port trunk permit vlan 20 40

# Enable MVRP on Ten-GigabitEthernet 3/0/1.

[DeviceD-Ten-GigabitEthernet3/0/1] mvrp enable

[DeviceD-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 as a trunk port, and configure it to permit VLAN 40.

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] port link-type trunk

[DeviceD-Ten-GigabitEthernet3/0/2] port trunk permit vlan 40

# Enable MVRP on Ten-GigabitEthernet 3/0/2.

[DeviceD-Ten-GigabitEthernet3/0/2] mvrp enable

[DeviceD-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

1. Verify the normal registration mode configuration.

# Display local VLAN information on Device A.

[DeviceA] display mvrp running-status

-------[MVRP Global Info]-------

Global Status : Enabled

Compliance-GVRP : False

----[Ten-GigabitEthernet3/0/1]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

1(default)

Declared VLANs :

1(default), 10, 20

Propagated VLANs :

1(default)

----[Ten-GigabitEthernet3/0/2]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

None

Declared VLANs :

1(default)

Propagated VLANs :

None

----[Ten-GigabitEthernet3/0/3]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

Declared VLANs :

1(default), 10

Propagated VLANs :

The output shows that the following events have occurred:

¡ Ten-GigabitEthernet 3/0/1 has registered VLAN 1, declared VLAN 1, VLAN 10, and VLAN 20, and propagated VLAN 1 through MVRP.

¡ Ten-GigabitEthernet 3/0/2 has declared VLAN 1, and registered and propagated no VLANs.

¡ Ten-GigabitEthernet 3/0/3 has registered VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 20 through MVRP.

# Display local VLAN information on Device B.

[DeviceB] display mvrp running-status

-------[MVRP Global Info]-------

Global Status : Enabled

Compliance-GVRP : False

----[Ten-GigabitEthernet3/0/1]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

1(default)

Declared VLANs :

1(default), 20

Propagated VLANs :

1(default)

----[Ten-GigabitEthernet3/0/2]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

1(default), 10

Declared VLANs :

1(default), 20

Propagated VLANs :

1(default)

----[Ten-GigabitEthernet3/0/3]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

1(default), 10

Declared VLANs :

Propagated VLANs :

The output shows that the following events have occurred:

¡ Ten-GigabitEthernet 3/0/1 has registered VLAN 1, declared VLAN 1 and VLAN 20, and propagated VLAN 1 through MVRP.

¡ Ten-GigabitEthernet 3/0/2 has registered VLAN 1 and VLAN 10, declared VLAN 1 and VLAN 20, and propagated VLAN 1.

¡ Ten-GigabitEthernet 3/0/3 has registered VLAN 1 and VLAN 10, declared VLAN 20, and propagated VLAN 10 through MVRP.

# Display local VLAN information on Device C.

[DeviceC] display mvrp running-status

-------[MVRP Global Info]-------

Global Status : Enabled

Compliance-GVRP : False

----[Ten-GigabitEthernet3/0/1]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

1(default), 10, 20

Declared VLANs :

1(default)

Propagated VLANs :

1(default), 10

----[Ten-GigabitEthernet3/0/2]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

1(default), 20

Declared VLANs :

1(default), 10

Propagated VLANs :

1(default), 20

The output shows that the following events have occurred:

¡ Ten-GigabitEthernet 3/0/1 has registered VLAN 1, VLAN 10, and VLAN 20, declared VLAN 1, and propagated VLAN 1 and VLAN 10 through MVRP.

¡ Ten-GigabitEthernet 3/0/2 has registered VLAN 1 and VLAN 20, declared VLAN 1 and VLAN 10, and propagated VLAN 1 and VLAN 20 through MVRP.

# Display local VLAN information on Device D.

[DeviceD] display mvrp running-status

-------[MVRP Global Info]-------

Global Status : Enabled

Compliance-GVRP : False

----[Ten-GigabitEthernet3/0/1]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

1(default), 20

Declared VLANs :

1(default)

Propagated VLANs :

1(default), 20

----[Ten-GigabitEthernet3/0/2]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Normal

Registered VLANs :

1(default)

Declared VLANs :

None

Propagated VLANs :

None

The output shows that the following events have occurred:

¡ Ten-GigabitEthernet 3/0/1 has registered and propagated VLAN 10 and VLAN 20, and declared VLAN 1 through MVRP.

¡ Ten-GigabitEthernet 3/0/2 has registered VLAN 1, and declared and propagated no VLANs through MVRP.

2. Verify the configuration after changing the registration mode.

When the network is stable, set the MVRP registration mode to fixed on the port of Device B connected to Device A. Then, verify that dynamic VLANs on the port will not be deregistered.

# Set the MVRP registration mode to fixed on Ten-GigabitEthernet 3/0/3 of Device B.

[DeviceB] interface ten-gigabitethernet 3/0/3

[DeviceB-Ten-GigabitEthernet3/0/3] mvrp registration fixed

[DeviceB-Ten-GigabitEthernet3/0/3] quit

# Display local MVRP VLAN information on Ten-GigabitEthernet 3/0/3.

[DeviceB] display mvrp running-status interface ten-gigabitethernet 3/0/3

-------[MVRP Global Info]-------

Global Status : Enabled

Compliance-GVRP : False

----[Ten-GigabitEthernet3/0/3]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Fixed

Registered VLANs :

1(default), 10

Declared VLANs :

Propagated VLANs :

The output shows that VLAN information on Ten-GigabitEthernet 3/0/3 is not changed after you set its MVRP registration mode to fixed.

# Delete VLAN 10 on Device A.

[DeviceA] undo vlan 10

# Display local MVRP VLAN information on Ten-GigabitEthernet 3/0/3 of Device B.

[DeviceB] display mvrp running-status interface ten-gigabitethernet 3/0/3

-------[MVRP Global Info]-------

Global Status : Enabled

Compliance-GVRP : False

----[Ten-GigabitEthernet3/0/3]----

Config Status : Enabled

Running Status : Enabled

Join Timer : 20 (centiseconds)

Leave Timer : 60 (centiseconds)

Periodic Timer : 100 (centiseconds)

LeaveAll Timer : 1000 (centiseconds)

Registration Type : Fixed

Registered VLANs :

1(default), 10

Declared VLANs :

Propagated VLANs :

The output shows that dynamic VLAN information on Ten-GigabitEthernet 3/0/3 is not changed after you set its MVRP registration mode to fixed.

VLAN mapping configuration examples

Example: Configuring one-to-one VLAN mapping

Network configuration

As shown in Figure 24:

· Traffic is transmitted from the customer side network to the service provider network through a PE.

· To allow traffic to be fowarded in the service provider network, configure one-to-one VLAN mapping on the customer-side port of the PE to map VLAN 10 to VLAN 100.

Figure 24 Network diagram

Procedure

# Create VLAN 10 as an original VLAN and VLAN 100 as a translated VLAN on the PE.

<PE> system-view

[PE] vlan 10

[PE-vlan10] quit

[PE] vlan 100

[PE-vlan100] quit

# Configure customer-side port Ten-GigabitEthernet 3/0/1 as a trunk port.

[PE] interface ten-gigabitethernet 3/0/1

[PE-Ten-GigabitEthernet3/0/1] port link-type trunk

# Assign Ten-GigabitEthernet 3/0/1 to VLAN 10 and translated VLAN 100.

[PE-Ten-GigabitEthernet3/0/1] port trunk permit vlan 10 100

# Configure a one-to-one VLAN mapping on Ten-GigabitEthernet 3/0/1 to map VLAN 10 to VLAN 100.

[PE-Ten-GigabitEthernet3/0/1] vlan mapping 10 translated-vlan 100

[PE-Ten-GigabitEthernet3/0/1] quit

# Configure the network-side port Ten-GigabitEthernet 3/0/2 as a trunk port.

[PE] interface ten-gigabitethernet 3/0/2

[PE-Ten-GigabitEthernet3/0/2] port link-type trunk

# Assign Ten-GigabitEthernet 3/0/2 to VLAN 100.

[PE-Ten-GigabitEthernet3/0/2] port trunk permit vlan 100

[PE-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify VLAN mapping information on the PE.

[PE] display vlan mapping

Interface Ten-GigabitEthernet3/0/1:

Outer VLAN Inner VLAN Translated Outer VLAN Translated Inner VLAN

10 N/A 100 N/A

VLAN termination configuration examples

Unless otherwise specified, the configuration examples are applicable to common VLAN termination. To configure user VLAN termination, change the vlan-type keyword in VLAN termination commands to user-vlan.

Example: Configuring ambiguous Dot1q termination

Network configuration

As shown in Figure 25, configure ambiguous Dot1q termination so that hosts in different VLANs can communicate with the server group.

Figure 25 Network diagram

‌

Procedure

In this example, L2 Switch B uses the factory configuration.

1. Configure Host A, Host B, and Host C:

# Assign 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24 to Host A, Host B, and Host C, respectively. (Details not shown.)

# Specify 1.1.1.11/24 as the gateway IP address for the hosts. (Details not shown.)

2. Configure Layer 2 Switch A:

# Create VLAN 11.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 11

# Assign GigabitEthernet 1/0/1 to VLAN 11.

[L2_SwitchA-vlan11] port gigabitethernet 1/0/1

[L2_SwitchA-vlan11] quit

# Create VLAN 12.

[L2_SwitchA] vlan 12

# Assign GigabitEthernet 1/0/2 to VLAN 12.

[L2_SwitchA-vlan12] port gigabitethernet 1/0/2

[L2_SwitchA-vlan12] quit

# Create VLAN 13.

[L2_SwitchA] vlan 13

# Assign GigabitEthernet 1/0/3 to VLAN 13.

[L2_SwitchA-vlan13] port gigabitethernet 1/0/3

[L2_SwitchA-vlan13] quit

# Configure Ten-GigabitEthernet 1/0/4 as a trunk port and assign the port to VLANs 11 through 13.

[L2_SwitchA] interface ten-gigabitethernet 1/0/4

[L2_SwitchA-Ten-GigabitEthernet1/0/4] port link-type trunk

[L2_SwitchA-Ten-GigabitEthernet1/0/4] port trunk permit vlan 11 to 13

3. Configure the device:

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/1.10 and assign an IP address to the subinterface.

<Device> system-view

[Device] interface ten-gigabitethernet 3/0/1.10

[Device-Ten-GigabitEthernet3/0/1.10] ip address 1.1.1.11 255.255.255.0

# Enable Dot1q termination on Ten-GigabitEthernet 3/0/1.10 to terminate VLAN-tagged packets whose Layer 1 VLAN IDs are 11, 12, or 13.

[Device-Ten-GigabitEthernet3/0/1.10] vlan-type dot1q vid 11 to 13

# Enable Ten-GigabitEthernet 3/0/1.10 to transmit broadcasts and multicasts.

[Device-Ten-GigabitEthernet3/0/1.10] vlan-termination broadcast enable

[Device-Ten-GigabitEthernet3/0/1.10] quit

# Configure an IP address for Ten-GigabitEthernet 3/0/2.

[Device] interface ten-gigabitethernet 3/0/2

[Device-Ten-GigabitEthernet3/0/2] ip address 1.1.2.11 255.255.255.0

4. Configure the server group:

# Assign each device in the server group an IP address on network segment 1.1.2.0/24. (Details not shown.)

# Specify 1.1.2.11/24 as the gateway IP address for the server group. (Details not shown.)

Verifying the configuration

# Verify that Host A, Host B, and Host C can ping the device in the server group. (Details not shown.)

Example: Configuring unambiguous Dot1q termination

Network configuration

As shown in Figure 26, configure unambiguous Dot1q termination on subinterfaces of the device to implement intra-VLAN and inter-VLAN communications between hosts.

Figure 26 Network diagram

‌

Procedure

1. Configure Host A, Host B, Host C, and Host D:

# On Host A, specify 1.1.1.1/8 and 1.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)

# On Host B, specify 2.2.2.2/8 and 2.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)

# On Host C, specify 3.3.3.3/8 and 3.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)

# On Host D, specify 4.4.4.4/8 and 4.0.0.1/8 as its IP address and gateway IP address, respectively. (Details not shown.)

2. Configure Layer 2 Switch A:

# Create VLAN 10.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 10

# Assign GigabitEthernet 1/0/2 to VLAN 10.

[L2_SwitchA-vlan10] port gigabitethernet 1/0/2

[L2_SwitchA-vlan10] quit

# Create VLAN 20.

[L2_SwitchA] vlan 20

# Assign GigabitEthernet 1/0/3 to VLAN 20.

[L2_SwitchA-vlan20] port gigabitethernet 1/0/3

[L2_SwitchA-vlan20] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLANs 10 and 20.

[L2_SwitchA] interface ten-gigabitethernet 1/0/1

[L2_SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchA-Ten-igabitEthernet1/0/1] port trunk permit vlan 10 20

3. Configure Layer 2 Switch B in the same way you configure Layer 2 Switch A. (Details not shown.)

4. Configure the device:

# Create Ten-GigabitEthernet 3/0/1.10 and assign an IP address to this interface.

<Device> system-view

[Device] interface ten-gigabitethernet 3/0/1.10

[Device-Ten-GigabitEthernet3/0/1.10] ip address 1.0.0.1 255.0.0.0

# Configure Ten-GigabitEthernet 3/0/1.10 to terminate packets tagged with VLAN 10.

[Device-Ten-GigabitEthernet3/0/1.10] vlan-type dot1q vid 10

[Device-Ten-GigabitEthernet3/0/1.10] quit

# Create Ten-GigabitEthernet 3/0/1.20 and assign an IP address to this interface.

[Device] interface ten-gigabitethernet 3/0/1.20

[Device-Ten-GigabitEthernet3/0/1.20] ip address 2.0.0.1 255.0.0.0

# Configure Ten-GigabitEthernet 3/0/1.20 to terminate packets tagged with VLAN 20.

[Device-Ten-GigabitEthernet3/0/1.20] vlan-type dot1q vid 20

[Device-Ten-GigabitEthernet3/0/1.20] quit

# Configure Ten-GigabitEthernet 3/0/2.10 and assign an IP address to this interface.

[Device] interface ten-gigabitethernet 3/0/2.10

[Device-Ten-GigabitEthernet3/0/2.10] ip address 3.0.0.1 255.0.0.0

# Configure Ten-GigabitEthernet 3/0/2.10 to terminate packets tagged with VLAN 10.

[Device-Ten-GigabitEthernet3/0/2.10] vlan-type dot1q vid 10

[Device-Ten-GigabitEthernet3/0/2.10] quit

# Configure Ten-GigabitEthernet 3/0/2.20 and assign an IP address to this interface.

[Device] interface ten-gigabitethernet 3/0/2.20

[Device-Ten-GigabitEthernet3/0/2.20] ip address 4.0.0.1 255.0.0.0

# Configure Ten-GigabitEthernet 3/0/2.20 to terminate packets tagged with VLAN 20.

[Device-Ten-GigabitEthernet3/0/2.20] vlan-type dot1q vid 20

Verifying the configuration

# Verify that Host A, Host B, Host C, and Host D can ping each other. (Details not shown.)

Example: Configuring Dot1q termination for PPPoE server

Network configuration

As shown in Figure 27, the router acts as a PPPoE server. Hosts in different VLANs access the Internet through the PPPoE server.

Configure Dot1q termination so that hosts in different VLANs can access the Internet.

Figure 27 Network diagram

‌

Procedure

# Configure VLANs and Dot1q termination. For the configuration procedure, see "Example: Configuring ambiguous Dot1q termination." (Details not shown.)

# Configure the router as the PPPoE server. Configure PPPoE settings on Ten-GigabitEthernet 3/0/1.10 on the router. For more information about the PPPoE configuration, see BRAS Services Configuration Guide. (Details not shown.)

Example: Configuring ambiguous QinQ termination

Network configuration

As shown in Figure 28, QinQ is enabled on GigabitEthernet 1/0/2 of Layer 2 Switch B.

Configure ambiguous QinQ termination, so that hosts can communicate with the server group.

Figure 28 Network diagram

‌

Procedure

In this example, Layer 2 Switch C uses the factory configuration.

1. Configure Host A, Host B, and Host C:

# Assign the IP addresses 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24 to Host A, Host B, and Host C, respectively. (Details not shown.)

# Specify 1.1.1.11/24 as the gateway address for the hosts. (Details not shown.)

2. Configure Layer 2 Switch A:

# Create VLAN 11.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 11

# Assign GigabitEthernet 1/0/1 to VLAN 11.

[L2_SwitchA-vlan11] port gigabitethernet 1/0/1

[L2_SwitchA-vlan11] quit

# Create VLAN 12.

[L2_SwitchA] vlan 12

# Assign GigabitEthernet 1/0/2 to VLAN 12.

[L2_SwitchA-vlan12] port gigabitethernet 1/0/2

[L2_SwitchA-vlan12] quit

# Create VLAN 13.

[L2_SwitchA] vlan 13

# Assign GigabitEthernet 1/0/3 to VLAN 13.

[L2_SwitchA-vlan13] port gigabitethernet 1/0/3

[L2_SwitchA-vlan13] quit

# Configure GigabitEthernet 1/0/4 as a trunk port, and assign the port to VLANs 11 through 13.

[L2_SwitchA] interface gigabitethernet 1/0/4

[L2_SwitchA-GigabitEthernet1/0/4] port link-type trunk

[L2_SwitchA-GigabitEthernet1/0/4] port trunk permit vlan 11 to 13

3. Configure Layer 2 Switch B:

# Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLANs 11 through 13 and VLAN 100.

<L2_SwitchB> system-view

[L2_SwitchB] interface gigabitethernet 1/0/2

[L2_SwitchB-GigabitEthernet1/0/2] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 11 to 13 100

# Set the PVID of GigabitEthernet 1/0/2 to VLAN 100.

[L2_SwitchB-GigabitEthernet1/0/2] port trunk pvid vlan 100

# Enable QinQ on GigabitEthernet 1/0/2.

[L2_SwitchB-GigabitEthernet1/0/2] qinq enable

[L2_SwitchB-GigabitEthernet1/0/2] quit

# Configure GigabitEthernet 1/0/1 as a trunk port and assign the port to VLAN 100.

[L2_SwitchB] interface gigabitethernet 1/0/1

[L2_SwitchB-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 100

4. Configure the router:

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/1.10 and assign an IP address to the subinterface.

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1.10

[Router-Ten-GigabitEthernet3/0/1.10] ip address 1.1.1.11 255.255.255.0

# Configure Ten-GigabitEthernet 3/0/1.10 to terminate VLAN-tagged packets whose Layer 1 VLAN ID is 100 and Layer 2 VLAN ID is 11, 12, or 13.

[Router-Ten-GigabitEthernet3/0/1.10] vlan-type dot1q vid 100 second-dot1q 11 to 13

# Enable Ten-GigabitEthernet 3/0/1.10 to transmit broadcasts and multicasts.

[Router-Ten-GigabitEthernet3/0/1.10] vlan-termination broadcast enable

[Router-Ten-GigabitEthernet3/0/1.10] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] ip address 1.1.2.11 255.255.255.0

5. Configure the server group:

# Assign each device in the server group an IP address on network segment 1.1.2.0/24. (Details not shown.)

# Specify 1.1.2.11/24 as the gateway IP address for the server group. (Details not shown.)

Verifying the configuration

# Verify that Host A, Host B, and Host C can ping the server group. (Details not shown.)

Example: Configuring unambiguous QinQ termination

Network configuration

As shown in Figure 29:

· Layer 2 Switch C supports only single VLAN-tagged packets.

· On Layer 2 Switch B, GigabitEthernet 1/0/2 is enabled with QinQ to add an SVLAN tag 100 to the packets with CVLAN ID 11.

Configure unambiguous QinQ termination so that Host A can communicate with Host B.

Figure 29 Network diagram

‌

Procedure

In this example, Layer 2 Switch C uses the factory configuration.

1. Configure Host A and Host B:

# On Host A, specify 1.1.1.1/24 and 1.1.1.11/24 as its IP address and gateway IP address, respectively. (Details not shown.)

# On Host B, specify 1.1.2.1/24 and 1.1.2.11/24 as its IP address and gateway IP address, respectively. (Details not shown.)

2. Configure Layer 2 Switch A:

# Create VLAN 11.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 11

# Assign GigabitEthernet 1/0/2 to VLAN 11.

[L2_SwitchA-vlan11] port gigabitethernet 1/0/2

[L2_SwitchA-vlan11] quit

# Configure GigabitEthernet 1/0/1 as a trunk port and assign the port to VLAN 11.

[L2_SwitchA] interface gigabitethernet 1/0/1

[L2_SwitchA-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 11

3. Configure Layer 2 Switch B:

# Configure GigabitEthernet 1/0/2 as a trunk port and assign the port to VLAN 11 and VLAN 100.

<L2_SwitchB> system-view

[L2_SwitchB] interface gigabitethernet 1/0/2

[L2_SwitchB-GigabitEthernet1/0/2] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 11 100

# Set the PVID of GigabitEthernet 1/0/2 to VLAN 100.

[L2_SwitchB-GigabitEthernet1/0/2] port trunk pvid vlan 100

# Enable QinQ on GigabitEthernet 1/0/2.

[L2_SwitchB-GigabitEthernet1/0/2] qinq enable

[L2_SwitchB-GigabitEthernet1/0/2] quit

# Configure GigabitEthernet 1/0/1 as a trunk port and assign the port to VLAN 100.

[L2_SwitchB] interface gigabitethernet 1/0/1

[L2_SwitchB-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 100

4. Configure the router:

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/1.10 and assign an IP address to the subinterface.

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1.10

[Router-Ten-GigabitEthernet3/0/1.10] ip address 1.1.1.11 255.255.255.0

# Enable QinQ termination on Ten-GigabitEthernet 3/0/1.10 to terminate the VLAN-tagged packets with the Layer 1 VLAN ID 100 and the Layer 2 VLAN ID 11.

[Router-Ten-GigabitEthernet3/0/1.10] vlan-type dot1q vid 100 second-dot1q 11

[Router-Ten-GigabitEthernet3/0/1.10] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] ip address 1.1.2.11 255.255.255.0

Verifying the configuration

# Verify that Host A and Host B can ping each other. (Details not shown.)

Example: Configuring QinQ termination for PPPoE server (common VLAN termination)

Network configuration

As shown in Figure 30:

· QinQ is enabled on GigabitEthernet 1/0/2 of Layer 2 Switch B.

· The router acts as a PPPoE server. Hosts in different VLANs access the Internet through the PPPoE server.

Configure QinQ termination, so that the hosts can access the Internet.

Figure 30 Network diagram

‌

Procedure

# Configure VLANs and QinQ termination. For the configuration procedure, see "Example: Configuring ambiguous QinQ termination." (Details not shown.)

# Configure the router as the PPPoE server. Configure PPPoE settings on Ten-GigabitEthernet 3/0/1.10 on the router. For more information about PPPoE configuration, see BRAS Services Configuration Guide.(Details not shown.)

Example: Configuring QinQ termination for PPPoE server (user VLAN termination)

Network configuration

As shown in Figure 31:

· QinQ is enabled on GigabitEthernet 1/0/2 of Layer 2 Switch B.

· The router acts as a PPPoE server. Hosts in different VLANs access the Internet through the PPPoE server.

Configure user VLAN QinQ termination to dynamically create QinQ termination entries to save system resources.

Figure 31 Network diagram

‌

Procedure

In this example, Layer 2 Switch C uses the factory configuration.

1. Configure Host A, Host B, and Host C:

# Assign the IP addresses 1.1.1.1/24, 1.1.1.2/24, and 1.1.1.3/24 to Host A, Host B, and Host C, respectively. (Details not shown.)

# Specify 1.1.1.11/24 as the gateway address for the hosts. (Details not shown.)

2. Configure Layer 2 Switch A:

# Create VLAN 11.

<L2_SwitchA> system-view

[L2_SwitchA] vlan 11

# Assign GigabitEthernet 1/0/1 to VLAN 11.

[L2_SwitchA-vlan11] port gigabitethernet 1/0/1

[L2_SwitchA-vlan11] quit

# Create VLAN 12.

[L2_SwitchA] vlan 12

# Assign GigabitEthernet 1/0/2 to VLAN 12.

[L2_SwitchA-vlan12] port gigabitethernet 1/0/2

[L2_SwitchA-vlan12] quit

# Create VLAN 13.

[L2_SwitchA] vlan 13

# Assign GigabitEthernet 1/0/3 to VLAN 13.

[L2_SwitchA-vlan13] port gigabitethernet 1/0/3

[L2_SwitchA-vlan13] quit

# Configure GigabitEthernet 1/0/4 as a trunk port, and assign the port to VLANs 11 through 13.

[L2_SwitchA] interface gigabitethernet 1/0/4

[L2_SwitchA-GigabitEthernet1/0/4] port link-type trunk

[L2_SwitchA-GigabitEthernet1/0/4] port trunk permit vlan 11 to 13

3. Configure Layer 2 Switch B:

# Configure GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLANs 11 through 13 and VLAN 100.

<L2_SwitchB> system-view

[L2_SwitchB] interface gigabitethernet 1/0/2

[L2_SwitchB-GigabitEthernet1/0/2] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 11 to 13 100

# Set the PVID of GigabitEthernet 1/0/2 to VLAN 100.

[L2_SwitchB-GigabitEthernet1/0/2] port trunk pvid vlan 100

# Enable QinQ on GigabitEthernet 1/0/2.

[L2_SwitchB-GigabitEthernet1/0/2] qinq enable

[L2_SwitchB-GigabitEthernet1/0/2] quit

# Configure GigabitEthernet 1/0/1 as a trunk port and assign the port to VLAN 100.

[L2_SwitchB] interface gigabitethernet 1/0/1

[L2_SwitchB-GigabitEthernet1/0/1] port link-type trunk

[L2_SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 100

4. Configure the router:

# Create Layer 3 Ethernet subinterface Ten-GigabitEthernet 3/0/1.10.

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1.10

# Configure PPPoE parameters on Layer 3 Ethernet subinterface Ten-GigabitEthernet 3/0/1.10.For more information, see PPPoE configuration in BRAS Services Configuration Guide. (Details not shown.)

# Enable PPPoE server on Layer 3 Ethernet subinterface Ten-GigabitEthernet 3/0/1.10, and bind to an existing VT interface. (This example use Virtual-Template 1).

[Router-Ten-GigabitEthernet3/0/1.10] pppoe-server bind virtual-template 1

# Configure user VLAN QinQ termination on Ten-GigabitEthernet 3/0/1.10 to terminate VLAN-tagged packets whose Layer 1 VLAN ID is 100 and Layer 2 VLAN ID is 11, 12, or 13.

[Router-Ten-GigabitEthernet3/0/1.10] user-vlan dot1q vid 100 second-dot1q 11 to 13

# Assign an IP address to Layer 3 interface Ten-GigabitEthernet 3/0/2.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] ip address 1.1.2.11 255.255.255.0

Example: Configuring QinQ termination for DHCP relay

Network configuration

As shown in Figure 32:

· Provider A and Provider B are edge devices on the service provider network.

· DHCP client A and DHCP client B are devices on the customer networks.

· Provider A is the DHCP relay agent. Provider B is the DHCP server.

· Provider A and Provider B communicate with each other through Layer 3 interfaces.

Configure QinQ termination on Provider A so that DHCP client A and DHCP client B can obtain IP settings from Provider B.

Figure 32 Network diagram

‌

Procedure

1. Configure the DHCP relay agent Provider A:

# Enable DHCP service.

<ProviderA> system-view

[ProviderA] dhcp enable

# Create a Layer 3 Ethernet subinterface Ten-GigabitEthernet 3/0/1.100.

[ProviderA] interface ten-gigabitethernet 3/0/1.100

# Configure Ten-GigabitEthernet 3/0/1.100 to terminate packets whose Layer 1 ID is 100 and Layer 2 VLAN ID is 10 or 20.

[ProviderA-Ten-GigabitEthernet3/0/1.100] vlan-type dot1q vid 100 second-dot1q 10 20

# Enable Ten-GigabitEthernet 3/0/1.100 to transmit broadcast and multicast packets.

[ProviderA-Ten-GigabitEthernet3/0/1.100] vlan-termination broadcast enable

# Enable DHCP relay on Ten-GigabitEthernet 3/0/1.100 and specify 10.2.1.1 as the DHCP server address.

[ProviderA-Ten-GigabitEthernet3/0/1.100] dhcp select relay

[ProviderA-Ten-GigabitEthernet3/0/1.100] dhcp relay server-address 10.2.1.1

# Assign an IP address to Ten-GigabitEthernet 3/0/1.100.

[ProviderA-Ten-GigabitEthernet3/0/1.100] ip address 192.168.1.1 24

[ProviderA-Ten-GigabitEthernet3/0/1.100] quit

# Enable recording of relay entries on the relay agent.

[ProviderA] dhcp relay client-information record

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[ProviderA] interface ten-gigabitethernet 3/0/2

[ProviderA-Ten-GigabitEthernet3/0/2] ip address 10.1.1.1 24

[ProviderA-Ten-GigabitEthernet3/0/2] quit

# Configure a static route to the DHCP server.

[ProviderA] ip route-static 10.2.1.1 24 10.1.1.1

2. Configure the DHCP server Provider B:

# Assign an IP address to the DHCP server.

<ProviderB> system-view

[ProviderB] interface ten-gigabitethernet 3/0/2

[ProviderB-Ten-GigabitEthernet3/0/2] ip address 10.2.1.1 24

[ProviderB-Ten-GigabitEthernet3/0/2] quit

# Enable DHCP.

[ProviderB] dhcp enable

# Configure an IP address pool on the DHCP server.

[ProviderB] ip pool 1

[ProviderB-ip-pool-1] network 192.168.1.0 24

[ProviderB-ip-pool-1] gateway-list 192.168.1.1

[ProviderB-ip-pool-1] quit

# Configure a static route to Ten-GigabitEthernet 3/0/1.100.

[ProviderB] ip route-static 192.168.1.1 24 10.1.1.1

3. Configure Switch A:

# Configure the uplink port (Ten-GigabitEthernet 1/0/1) as a trunk port and assign the port to VLAN 100.

<SwitchA> system-view

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Configure downlink port GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLANs 10 and 100.

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port link-type trunk

[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 10 100

# Set the PVID of GigabitEthernet 1/0/2 to VLAN 100.

[SwitchA-GigabitEthernet1/0/2] port trunk pvid vlan 100

# Enable QinQ on GigabitEthernet 1/0/2.

[SwitchA-GigabitEthernet1/0/2] qinq enable

[SwitchA-GigabitEthernet1/0/2] quit

# Configure downlink port GigabitEthernet 1/0/3 as a trunk port, and assign the port to VLANs 20 and 100.

[SwitchA] interface gigabitethernet 1/0/3

[SwitchA-GigabitEthernet1/0/3] port link-type trunk

[SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 20 100

# Set the PVID of GigabitEthernet 1/0/3 to VLAN 100.

[SwitchA-GigabitEthernet1/0/3] port trunk pvid vlan 100

# Enable QinQ on GigabitEthernet 1/0/3.

[SwitchA-GigabitEthernet1/0/3] qinq enable

4. Configure Switch B:

# Create VLAN 10.

<SwitchB> system-view

[SwitchB] vlan 10

# Assign GigabitEthernet 1/0/2 to VLAN 10.

[SwitchB-vlan10] port gigabitethernet 1/0/2

[SwitchB-vlan10] quit

# Configure GigabitEthernet 1/0/1 as a trunk port and assign the port to VLAN 10.

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 10

5. Configure Switch C:

# Create VLAN 20.

<SwitchC> system-view

[SwitchC] vlan 20

# Assign GigabitEthernet 1/0/2 to VLAN 20.

[SwitchC-vlan20] port gigabitethernet 1/0/2

[SwitchC-vlan20] quit

# Configure GigabitEthernet 1/0/1 as a trunk port and assign the port to VLAN 20.

[SwitchC] interface gigabitethernet 1/0/1

[SwitchC-GigabitEthernet1/0/1] port link-type trunk

[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 20

Verifying the configuration

# Verify that DHCP client A and DHCP client B can obtain IP settings from Provider B. (Details not shown.)

L2VPN loop detection configuration examples

Example: Configuring local site loop detection

Network configuration

As shown in Figure 33, the PE provides user traffic transmission service for the CEs of the local sites, and the CEs have Layer 2 connectivity in VLAN 10. Configure loop detection on the CE-facing interfaces of the PE so that the PE can block the interfaces if loops exist.

Figure 33 Network diagram

‌

Procedure

1. Configure CE 1:

# Configure Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 as trunk ports, and assign them to VLAN 10.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] port link-type trunk

[CE1-Ten-GigabitEthernet3/0/1] port trunk permit vlan 10

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] interface ten-gigabitethernet 3/0/2

[CE1-Ten-GigabitEthernet3/0/2] port link-type trunk

[CE1-Ten-GigabitEthernet3/0/2] port trunk permit vlan 10

[CE1-Ten-GigabitEthernet3/0/2] quit

2. Configure CE 2:

# Configure Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 as trunk ports, and assign them to VLAN 10.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] port link-type trunk

[CE2-Ten-GigabitEthernet3/0/1] port trunk permit vlan 10

[CE2-Ten-GigabitEthernet3/0/1] quit

[CE2] interface ten-gigabitethernet 3/0/2

[CE2-Ten-GigabitEthernet3/0/2] port link-type trunk

[CE2-Ten-GigabitEthernet3/0/2] port trunk permit vlan 10

[CE2-Ten-GigabitEthernet3/0/2] quit

3. Configure the PE:

# Enable L2VPN.

<PE> system-view

[PE] l2vpn enable

# Create a cross-connect group named vpn1, create a cross-connect named vpn1 in the group, and bind Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to the cross-connect.

[PE] xconnect-group vpn1

[PE-xcg-vpn1] connection vpn1

[PE-xcg-vpn1-vpn1] ac interface ten-gigabitethernet 3/0/1

[PE-xcg-vpn1-vpn1] ac interface ten-gigabitethernet 3/0/2

[PE-xcg-vpn1-vpn1] quit

# Configure Ten-GigabitEthernet 3/0/1.1 to terminate VLAN 10, and enable single-tagged loop detection on it.

[PE] interface ten-gigabitethernet 3/0/1.1

[PE-Ten-GigabitEthernet3/0/1.1] vlan-type dot1q vid 10

[PE-Ten-GigabitEthernet3/0/1.1] loopback-detection enable vlan 10

# Set the priority value in the loop detection priority to 2, and set the loop protection action to block.

[PE-Ten-GigabitEthernet3/0/1.1] loopback-detection priority 2

[PE-Ten-GigabitEthernet3/0/1.1] loopback-detection action block

[PE-Ten-GigabitEthernet3/0/1.1] quit

# Configure Ten-GigabitEthernet 3/0/2.1 to terminate VLAN 10, and enable single-tagged loop detection on it.

[PE] interface ten-gigabitethernet 3/0/2.1

[PE-Ten-GigabitEthernet3/0/2.1] vlan-type dot1q vid 10

[PE-Ten-GigabitEthernet3/0/2.1] loopback-detection enable vlan 10

# Set the priority value in the loop detection priority to 3, and set the loop protection action to block.

[PE-Ten-GigabitEthernet3/0/2.1] loopback-detection priority 3

[PE-Ten-GigabitEthernet3/0/2.1] loopback-detection action block

[PE-Ten-GigabitEthernet3/0/2.1] quit

# Set the loop detection interval to 40 seconds.

[PE] loopback-detection interval-time 40

Verifying the configuration

# Verify that the PE has detected a loop.

[PE]

%Oct 27 22:52:11:722 2020 H3C LPDT/4/LPDT_LOOPED A loop was detected on

Ten-GigabitEthernet3/0/2.1.

%Oct 27 22:52:11:723 2020 H3C LPDT/4/LPDT_VLAN_LOOPED A loop was detect

ed on Ten-GigabitEthernet3/0/2.1 in VLAN 10.

# Verify that the PE has blocked Ten-GigabitEthernet 3/0/2.1 to remove the loop.

[PE] display loopback-detection

Loop detection is enabled.

Loop detection interval is 40 second(s).

Loop is detected on following interfaces:

Interface Action mode

Ten-GigabitEthernet3/0/2.1 Block

Spanning tree configuration examples

Example: Configuring MSTP

Network configuration

As shown in Figure 34, all devices on the network are in the same MST region. Device A and Device B work at the distribution layer. Device C and Device D work at the access layer.

Configure MSTP so that frames of different VLANs are forwarded along different spanning trees.

· VLAN 10 frames are forwarded along MSTI 1.

· VLAN 30 frames are forwarded along MSTI 3.

· VLAN 40 frames are forwarded along MSTI 4.

· VLAN 20 frames are forwarded along MSTI 0.

VLAN 10 and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on the access layer devices. The root bridges of MSTI 1 and MSTI 3 are Device A and Device B, respectively, and the root bridge of MSTI 4 is Device C.

Figure 34 Network diagram

‌

Procedure

1. Configure VLANs and VLAN member ports. (Details not shown.)

¡ Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.

¡ Create VLAN 10, VLAN 20, and VLAN 40 on Device C.

¡ Create VLAN 20, VLAN 30, and VLAN 40 on Device D.

¡ Configure the ports on these devices as trunk ports and assign them to related VLANs.

2. Configure Device A:

# Enter MST region view, and configure the MST region name as example.

<DeviceA> system-view

[DeviceA] stp region-configuration

[DeviceA-mst-region] region-name example

# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.

[DeviceA-mst-region] instance 1 vlan 10

[DeviceA-mst-region] instance 3 vlan 30

[DeviceA-mst-region] instance 4 vlan 40

# Configure the revision level of the MST region as 0.

[DeviceA-mst-region] revision-level 0

# Activate MST region configuration.

[DeviceA-mst-region] active region-configuration

[DeviceA-mst-region] quit

# Configure the Device A as the root bridge of MSTI 1.

[DeviceA] stp instance 1 root primary

# Enable the spanning tree feature globally.

[DeviceA] stp global enable

3. Configure Device B:

# Enter MST region view, and configure the MST region name as example.

<DeviceB> system-view

[DeviceB] stp region-configuration

[DeviceB-mst-region] region-name example

# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.

[DeviceB-mst-region] instance 1 vlan 10

[DeviceB-mst-region] instance 3 vlan 30

[DeviceB-mst-region] instance 4 vlan 40

# Configure the revision level of the MST region as 0.

[DeviceB-mst-region] revision-level 0

# Activate MST region configuration.

[DeviceB-mst-region] active region-configuration

[DeviceB-mst-region] quit

# Configure Device B as the root bridge of MSTI 3.

[DeviceB] stp instance 3 root primary

# Enable the spanning tree feature globally.

[DeviceB] stp global enable

4. Configure Device C:

# Enter MST region view, and configure the MST region name as example.

<DeviceC> system-view

[DeviceC] stp region-configuration

[DeviceC-mst-region] region-name example

# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.

[DeviceC-mst-region] instance 1 vlan 10

[DeviceC-mst-region] instance 3 vlan 30

[DeviceC-mst-region] instance 4 vlan 40

# Configure the revision level of the MST region as 0.

[DeviceC-mst-region] revision-level 0

# Activate MST region configuration.

[DeviceC-mst-region] active region-configuration

[DeviceC-mst-region] quit

# Configure the Device C as the root bridge of MSTI 4.

[DeviceC] stp instance 4 root primary

# Enable the spanning tree feature globally.

[DeviceC] stp global enable

5. Configure Device D:

# Enter MST region view, and configure the MST region name as example.

<DeviceD> system-view

[DeviceD] stp region-configuration

[DeviceD-mst-region] region-name example

# Map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4, respectively.

[DeviceD-mst-region] instance 1 vlan 10

[DeviceD-mst-region] instance 3 vlan 30

[DeviceD-mst-region] instance 4 vlan 40

# Configure the revision level of the MST region as 0.

[DeviceD-mst-region] revision-level 0

# Activate MST region configuration.

[DeviceD-mst-region] active region-configuration

[DeviceD-mst-region] quit

# Enable the spanning tree feature globally.

[DeviceD] stp global enable

Verifying the configuration

In this example, Device B has the lowest root bridge ID. As a result, Device B is elected as the root bridge in MSTI 0.

When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.

# Display brief spanning tree information on Device A.

[DeviceA] display stp brief

MST ID Port Role STP State Protection

0 Ten-GigabitEthernet3/0/1 ALTE DISCARDING NONE

0 Ten-GigabitEthernet3/0/2 DESI FORWARDING NONE

0 Ten-GigabitEthernet3/0/3 ROOT FORWARDING NONE

1 Ten-GigabitEthernet3/0/1 DESI FORWARDING NONE

1 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

3 Ten-GigabitEthernet3/0/2 DESI FORWARDING NONE

3 Ten-GigabitEthernet3/0/3 ROOT FORWARDING NONE

# Display brief spanning tree information on Device B.

[DeviceB] display stp brief

MST ID Port Role STP State Protection

0 Ten-GigabitEthernet3/0/1 DESI FORWARDING NONE

0 Ten-GigabitEthernet3/0/2 DESI FORWARDING NONE

0 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

1 Ten-GigabitEthernet3/0/2 DESI FORWARDING NONE

1 Ten-GigabitEthernet3/0/3 ROOT FORWARDING NONE

3 Ten-GigabitEthernet3/0/1 DESI FORWARDING NONE

3 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

# Display brief spanning tree information on Device C.

[DeviceC] display stp brief

MST ID Port Role STP State Protection

0 Ten-GigabitEthernet3/0/1 DESI FORWARDING NONE

0 Ten-GigabitEthernet3/0/2 ROOT FORWARDING NONE

0 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

1 Ten-GigabitEthernet3/0/1 ROOT FORWARDING NONE

1 Ten-GigabitEthernet3/0/2 ALTE DISCARDING NONE

4 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

# Display brief spanning tree information on Device D.

[DeviceD] display stp brief

MST ID Port Role STP State Protection

0 Ten-GigabitEthernet3/0/1 ROOT FORWARDING NONE

0 Ten-GigabitEthernet3/0/2 ALTE DISCARDING NONE

0 Ten-GigabitEthernet3/0/3 ALTE DISCARDING NONE

3 Ten-GigabitEthernet3/0/1 ROOT FORWARDING NONE

3 Ten-GigabitEthernet3/0/2 ALTE DISCARDING NONE

4 Ten-GigabitEthernet3/0/3 ROOT FORWARDING NONE

Based on the output, you can draw each MSTI mapped to each VLAN, as shown in Figure 35.

Figure 35 MSTIs mapped to different VLANs

Example: Configuring PVST

Network configuration

As shown in Figure 36, Device A and Device B work at the distribution layer, and Device C and Device D work at the access layer.

Configure PVST to meet the following requirements:

· Frames of a VLAN are forwarded along the spanning trees of the VLAN.

· VLAN 10, VLAN 20, and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on the access layer devices.

· The root bridge of VLAN 10 and VLAN 20 is Device A.

· The root bridge of VLAN 30 is Device B.

· The root bridge of VLAN 40 is Device C.

Figure 36 Network diagram

‌

Procedure

1. Configure VLANs and VLAN member ports. (Details not shown.)

¡ Create VLAN 10, VLAN 20, and VLAN 30 on both Device A and Device B.

¡ Create VLAN 10, VLAN 20, and VLAN 40 on Device C.

¡ Create VLAN 20, VLAN 30, and VLAN 40 on Device D.

¡ Configure the ports on these devices as trunk ports and assign them to related VLANs.

2. Configure Device A:

# Set the spanning tree mode to PVST.

<DeviceA> system-view

[DeviceA] stp mode pvst

# Configure the device as the root bridge of VLAN 10 and VLAN 20.

[DeviceA] stp vlan 10 20 root primary

# Enable the spanning tree feature globally and in VLAN 10, VLAN 20, and VLAN 30.

[DeviceA] stp global enable

[DeviceA] stp vlan 10 20 30 enable

3. Configure Device B:

# Set the spanning tree mode to PVST.

<DeviceB> system-view

[DeviceB] stp mode pvst

# Configure the device as the root bridge of VLAN 30.

[DeviceB] stp vlan 30 root primary

# Enable the spanning tree feature globally and in VLAN 10, VLAN 20, and VLAN 30.

[DeviceB] stp global enable

[DeviceB] stp vlan 10 20 30 enable

4. Configure Device C:

# Set the spanning tree mode to PVST.

<DeviceC> system-view

[DeviceC] stp mode pvst

# Configure the device as the root bridge of VLAN 40.

[DeviceC] stp vlan 40 root primary

# Enable the spanning tree feature globally and in VLAN 10, VLAN 20, and VLAN 40.

[DeviceC] stp global enable

[DeviceC] stp vlan 10 20 40 enable

5. Configure Device D:

# Set the spanning tree mode to PVST.

<DeviceD> system-view

[DeviceD] stp mode pvst

# Enable the spanning tree feature globally and in VLAN 20, VLAN 30, and VLAN 40.

[DeviceD] stp global enable

[DeviceD] stp vlan 20 30 40 enable

Verifying the configuration

When the network is stable, you can use the display stp brief command to display brief spanning tree information on each device.

# Display brief spanning tree information on Device A.

[DeviceA] display stp brief

VLAN ID Port Role STP State Protection

10 Ten-GigabitEthernet3/0/1 DESI FORWARDING NONE

10 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

20 Ten-GigabitEthernet3/0/1 DESI FORWARDING NONE

20 Ten-GigabitEthernet3/0/2 DESI FORWARDING NONE

20 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

30 Ten-GigabitEthernet3/0/2 DESI FORWARDING NONE

30 Ten-GigabitEthernet3/0/3 ROOT FORWARDING NONE

# Display brief spanning tree information on Device B.

[DeviceB] display stp brief

VLAN ID Port Role STP State Protection

10 Ten-GigabitEthernet3/0/2 DESI FORWARDING NONE

10 Ten-GigabitEthernet3/0/3 ROOT FORWARDING NONE

20 Ten-GigabitEthernet3/0/1 DESI FORWARDING NONE

20 Ten-GigabitEthernet3/0/2 DESI FORWARDING NONE

20 Ten-GigabitEthernet3/0/3 ROOT FORWARDING NONE

30 Ten-GigabitEthernet3/0/1 DESI FORWARDING NONE

30 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

# Display brief spanning tree information on Device C.

[DeviceC] display stp brief

VLAN ID Port Role STP State Protection

10 Ten-GigabitEthernet3/0/1 ROOT FORWARDING NONE

10 Ten-GigabitEthernet3/0/2 ALTE DISCARDING NONE

20 Ten-GigabitEthernet3/0/1 ROOT FORWARDING NONE

20 Ten-GigabitEthernet3/0/2 ALTE DISCARDING NONE

20 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

40 Ten-GigabitEthernet3/0/3 DESI FORWARDING NONE

# Display brief spanning tree information on Device D.

[DeviceD] display stp brief

VLAN ID Port Role STP State Protection

20 Ten-GigabitEthernet3/0/1 ALTE DISCARDING NONE

20 Ten-GigabitEthernet3/0/2 ROOT FORWARDING NONE

20 Ten-GigabitEthernet3/0/3 ALTE DISCARDING NONE

30 Ten-GigabitEthernet3/0/1 ROOT FORWARDING NONE

30 Ten-GigabitEthernet3/0/2 ALTE DISCARDING NONE

40 Ten-GigabitEthernet3/0/3 ROOT FORWARDING NONE

Based on the output, you can draw a topology for each VLAN spanning tree, as shown in Figure 37.

Figure 37 VLAN spanning tree topologies

LLDP configuration examples

Example: Configuring basic LLDP functions

Network configuration

As shown in Figure 38, enable LLDP globally on Device A and Device B to perform the following tasks:

· Monitor the link between Device A and Device B on the NMS.

· Monitor the link between Device A and the MED device on the NMS.

Figure 38 Network diagram

‌

Procedure

1. Configure Device A:

# Enable LLDP globally.

<DeviceA> system-view

[DeviceA] lldp global enable

# Enable LLDP on Ten-GigabitEthernet 3/0/1. By default, LLDP is enabled on ports.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] lldp enable

# Set the LLDP operating mode to Rx on Ten-GigabitEthernet 3/0/1.

[DeviceA-Ten-GigabitEthernet3/0/1] lldp admin-status rx

[DeviceA-Ten-GigabitEthernet3/0/1] quit

# Enable LLDP on Ten-GigabitEthernet 3/0/2. By default, LLDP is enabled on ports.

[DeviceA] interface gigabitethernet1/2

[DeviceA-Ten-GigabitEthernet3/0/2] lldp enable

# Set the LLDP operating mode to Rx on Ten-GigabitEthernet 3/0/2.

[DeviceA-Ten-GigabitEthernet3/0/2] lldp admin-status rx

[DeviceA-Ten-GigabitEthernet3/0/2] quit

2. Configure Device B:

# Enable LLDP globally.

<DeviceB> system-view

[DeviceB] lldp global enable

# Enable LLDP on Ten-GigabitEthernet 3/0/1. By default, LLDP is enabled on ports.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] lldp enable

# Set the LLDP operating mode to Tx on Ten-GigabitEthernet 3/0/1.

[DeviceB-Ten-GigabitEthernet3/0/1] lldp admin-status tx

[DeviceB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify the following items:

· Ten-GigabitEthernet 3/0/1 of Device A connects to a MED device.

· Ten-GigabitEthernet 3/0/2 of Device A connects to a non-MED device.

· Both ports operate in Rx mode, and they can receive LLDP frames but cannot send LLDP frames.

[DeviceA] display lldp status

Global status of LLDP: Enable

Bridge mode of LLDP: customer-bridge

The current number of LLDP neighbors: 2

The current number of CDP neighbors: 0

LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds

Transmit interval : 30s

Fast transmit interval : 1s

Transmit credit max : 5

Hold multiplier : 4

Reinit delay : 2s

Trap interval : 30s

Fast start times : 4

LLDP status information of port 1 [Ten-GigabitEthernet3/0/1]:

LLDP agent nearest-bridge:

Port status of LLDP : Enable

Admin status : Rx_Only

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 1

Number of MED neighbors : 1

Number of CDP neighbors : 0

Number of sent optional TLV : 21

Number of received unknown TLV : 0

LLDP agent nearest-customer:

Port status of LLDP : Enable

Admin status : Disable

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 0

Number of MED neighbors : 0

Number of CDP neighbors : 0

Number of sent optional TLV : 16

Number of received unknown TLV : 0

LLDP status information of port 2 [Ten-GigabitEthernet3/0/2]:

LLDP agent nearest-bridge:

Port status of LLDP : Enable

Admin status : Rx_Only

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 1

Number of MED neighbors : 0

Number of CDP neighbors : 0

Number of sent optional TLV : 21

Number of received unknown TLV : 3

LLDP agent nearest-nontpmr:

Port status of LLDP : Enable

Admin status : Disable

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 0

Number of MED neighbors : 0

Number of CDP neighbors : 0

Number of sent optional TLV : 1

Number of received unknown TLV : 0

LLDP agent nearest-customer:

Port status of LLDP : Enable

Admin status : Disable

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 0

Number of MED neighbors : 0

Number of CDP neighbors : 0

Number of sent optional TLV : 16

Number of received unknown TLV : 0

# Remove the link between Device A and Device B.

# Verify that Ten-GigabitEthernet 3/0/2 of Device A does not connect to any neighboring devices.

[DeviceA] display lldp status

Global status of LLDP: Enable

The current number of LLDP neighbors: 1

The current number of CDP neighbors: 0

LLDP neighbor information last changed time: 0 days, 0 hours, 5 minutes, 20 seconds

Transmit interval : 30s

Fast transmit interval : 1s

Transmit credit max : 5

Hold multiplier : 4

Reinit delay : 2s

Trap interval : 30s

Fast start times : 4

LLDP status information of port 1 [Ten-GigabitEthernet3/0/1]:

LLDP agent nearest-bridge:

Port status of LLDP : Enable

Admin status : Rx_Only

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 1

Number of MED neighbors : 1

Number of CDP neighbors : 0

Number of sent optional TLV : 0

Number of received unknown TLV : 5

LLDP agent nearest-nontpmr:

Port status of LLDP : Enable

Admin status : Disable

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 0

Number of MED neighbors : 0

Number of CDP neighbors : 0

Number of sent optional TLV : 1

Number of received unknown TLV : 0

LLDP status information of port 2 [Ten-GigabitEthernet3/0/2]:

LLDP agent nearest-bridge:

Port status of LLDP : Enable

Admin status : Rx_Only

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 0

Number of MED neighbors : 0

Number of CDP neighbors : 0

Number of sent optional TLV : 0

Number of received unknown TLV : 0

LLDP agent nearest-nontpmr:

Port status of LLDP : Enable

Admin status : Disable

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 0

Number of MED neighbors : 0

Number of CDP neighbors : 0

Number of sent optional TLV : 1

Number of received unknown TLV : 0

LLDP agent nearest-customer:

Port status of LLDP : Enable

Admin status : Disable

Trap flag : No

MED trap flag : No

Polling interval : 0s

Number of LLDP neighbors : 0

Number of MED neighbors : 0

Number of CDP neighbors : 0

Number of sent optional TLV : 16

Number of received unknown TLV : 0

PPP configuration examples

Example: Configuring one-way PAP authentication

Network configuration

As shown in Figure 39, configure Router A to authenticate Router B by using PAP, but Router B not to authenticate Router A.

Figure 39 Network diagram

‌

Procedure

1. Configure Router A:

# Create a user account for Router B.

<RouterA> system-view

[RouterA] local-user userb class network

# Set a password for the user account.

[RouterA-luser-network-userb] password simple 123456TESTplat&!

# Set the service type of the user account to PPP.

[RouterA-luser-network-userb] service-type ppp

[RouterA-luser-network-userb] quit

# Enable PPP encapsulation on Serial 3/0/1:0. By default, an interface uses PPP encapsulation.

[RouterA] interface serial 3/0/1:0

[RouterA-Serial3/0/1:0] link-protocol ppp

# Set the authentication mode to PAP.

[RouterA-Serial3/0/1:0] ppp authentication-mode pap domain system

# Assign an IP address to Serial 3/0/1:0.

[RouterA-Serial3/0/1:0] ip address 200.1.1.1 16

[RouterA-Serial3/0/1:0] quit

# Configure local authentication for the PPP users in the default ISP domain (system).

[RouterA] domain name system

[RouterA-isp-system] authentication ppp local

[RouterA-isp-system] quit

2. Configure Router B:

# Enable PPP encapsulation on Serial 3/0/1:0. By default, an interface uses PPP encapsulation.

<RouterB> system-view

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] link-protocol ppp

# On Serial 3/0/1:0, configure the PAP username and password sent from Router B to Router A when Router B is authenticated by Router A using PAP.

[RouterB-Serial3/0/1:0] ppp pap local-user userb password simple 123456TESTplat&!

# Assign an IP address to Serial 3/0/1:0 of Router B.

[RouterB-Serial3/0/1:0] ip address 200.1.1.2 16

[RouterB-Serial3/0/1:0] quit

Verifying the configuration

# Use the display interface serial command to display information about Serial 3/0/1:0 of Router B.

[RouterB] display interface serial 3/0/1:0

Serial3/0/1:0

Current state: UP

Line protocol state: UP

Description: Serial3/0/1:0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1500

Hold timer: 10 seconds, retry times: 5

Internet address: 200.1.1.2/16 (primary)

Link layer protocol: PPP

LCP: opened, IPCP: opened

...

The output shows that:

· The physical layer status and link layer status of the interface are both up.

· The states of LCP and IPCP are both Opened, indicating that PPP negotiation has succeeded.

# Verify that Router A and Router B can ping each other.

[RouterB] ping 200.1.1.1

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss Ping 200.1.1.1 (200.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 200.1.1.1: icmp_seq=0 ttl=128 time=3.197 ms

56 bytes from 200.1.1.1: icmp_seq=1 ttl=128 time=2.594 ms

56 bytes from 200.1.1.1: icmp_seq=2 ttl=128 time=2.739 ms

56 bytes from 200.1.1.1: icmp_seq=3 ttl=128 time=1.738 ms

56 bytes from 200.1.1.1: icmp_seq=4 ttl=128 time=1.744 ms

--- Ping statistics for 200.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.738/2.402/3.197/0.576 ms

Example: Configuring two-way PAP authentication

Network configuration

As shown in Figure 40, configure Router A and Router B to authenticate each other.

Figure 40 Network diagram

‌

Procedure

1. Configure Router A:

# Create a user account for Router B.

<RouterA> system-view

[RouterA] local-user userb class network

# Set a password for the user account.

[RouterA-luser-network-userb] password simple 123456TESTplat&!

# Set the service type of the user account to PPP.

[RouterA-luser-network-userb] service-type ppp

[RouterA-luser-network-userb] quit

# Enable PPP encapsulation on Serial 3/0/1:0. By default, an interface uses PPP encapsulation.

[RouterA] interface serial 3/0/1:0

[RouterA-Serial3/0/1:0] link-protocol ppp

# Set the authentication mode to PAP.

[RouterA-Serial3/0/1:0] ppp authentication-mode pap domain system

# Configure the PAP username and password sent from Router A to Router B when Router A is authenticated by Router B using PAP.

[RouterA-Serial3/0/1:0] ppp pap local-user usera password simple 123456TESTplat&!

# Assign an IP address to Serial 3/0/1:0 of Router A.

[RouterA-Serial3/0/1:0] ip address 200.1.1.1 16

[RouterA-Serial3/0/1:0] quit

# Configure local authentication for the PPP users in the default ISP domain (system).

[RouterA] domain name system

[RouterA-isp-system] authentication ppp local

[RouterA-isp-system] quit

2. Configure Router B:

# Create a user account for Router A on Router B.

<RouterB> system-view

[RouterB] local-user usera class network

# Set a password for the user account.

[RouterB-luser-network-usera] password simple 123456TESTplat&!

# Set the service type of the user account to PPP.

[RouterB-luser-network-usera] service-type ppp

[RouterB-luser-network-usera] quit

# Enable PPP encapsulation on Serial 3/0/1:0. By default, an interface uses PPP encapsulation.

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] link-protocol ppp

# Set the authentication mode to PAP on Serial 3/0/1:0.

[RouterB-Serial3/0/1:0] ppp authentication-mode pap domain system

# On Serial 3/0/1:0, configure the PAP username and password sent from Router B to Router A when Router B is authenticated by Router A using PAP.

[RouterB-Serial3/0/1:0] ppp pap local-user userb password simple 123456TESTplat&!

# Assign an IP address to Serial 3/0/1:0.

[RouterB-Serial3/0/1:0] ip address 200.1.1.2 16

[RouterB-Serial3/0/1:0] quit

# Configure local authentication for the PPP users in the default ISP domain (system).

[RouterB] domain name system

[RouterB-isp-system] authentication ppp local

[RouterB-isp-system] quit

Verifying the configuration

# Use the display interface serial command to display information about Serial 3/0/1:0 of Router B.

[RouterB] display interface serial 3/0/1:0

Serial3/0/1:0

Current state: UP

Line protocol state: UP

Description: Serial3/0/1:0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1500

Hold timer: 10 seconds, retry times: 5

Internet address: 200.1.1.2/16 (primary)

Link layer protocol: PPP

LCP opened, IPCP opened

...

The output shows that:

· The physical layer status and link layer status of the interface are both up.

· The states of LCP and IPCP are both Opened, indicating that PPP negotiation has succeeded.

# Verify that Router B can successfully ping Router A.

[RouterB] ping 200.1.1.1

Ping 200.1.1.1 (200.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 200.1.1.1: icmp_seq=0 ttl=128 time=3.197 ms

56 bytes from 200.1.1.1: icmp_seq=1 ttl=128 time=2.594 ms

56 bytes from 200.1.1.1: icmp_seq=2 ttl=128 time=2.739 ms

56 bytes from 200.1.1.1: icmp_seq=3 ttl=128 time=1.738 ms

56 bytes from 200.1.1.1: icmp_seq=4 ttl=128 time=1.744 ms

--- Ping statistics for 200.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.738/2.402/3.197/0.576 ms

Example: Configuring one-way CHAP authentication

Network configuration

As shown in Figure 41, configure Router A to authenticate Router B by using CHAP.

Figure 41 Network diagram

‌

Procedure (authenticator name is configured)

1. Configure Router A:

# Create a user account for Router B.

<RouterA> system-view

[RouterA] local-user userb class network

# Set a password for the user account.

[RouterA-luser-network-userb] password simple 123456TESTplat&!

# Set the service type of the user account to PPP.

[RouterA-luser-network-userb] service-type ppp

[RouterA-luser-network-userb] quit

# Enable PPP encapsulation on Serial 3/0/1:0. By default, an interface uses PPP encapsulation.

[RouterA] interface serial 3/0/1:0

[RouterA-Serial3/0/1:0] link-protocol ppp

# On Serial 3/0/1:0, configure the username for Router A when Router A authenticates Router B.

[RouterA-Serial3/0/1:0] ppp chap user usera

# Set the authentication mode to CHAP on Serial 3/0/1:0.

[RouterA-Serial3/0/1:0] ppp authentication-mode chap domain system

# Assign an IP address to Serial 3/0/1:0.

[RouterA-Serial3/0/1:0] ip address 200.1.1.1 16

[RouterA-Serial3/0/1:0] quit

# Configure local authentication for the PPP users in the default ISP domain (system).

[RouterA] domain name system

[RouterA-isp-system] authentication ppp local

[RouterA-isp-system] quit

2. Configure Router B:

# Create a user account for Router A on Router B.

<RouterB> system-view

[RouterB] local-user usera class network

# Set a password for the user account.

[RouterB-luser-network-usera] password simple 123456TESTplat&!

# Set the service type of the user account to PPP.

[RouterB-luser-network-usera] service-type ppp

[RouterB-luser-network-usera] quit

# Enable PPP encapsulation on Serial 3/0/1:0. By default, an interface uses PPP encapsulation.

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] link-protocol ppp

# Configure the username for Router B when Router B is authenticated.

[RouterB-Serial3/0/1:0] ppp chap user userb

# Assign an IP address to Serial 3/0/1:0 of Router B.

[RouterB-Serial3/0/1:0] ip address 200.1.1.2 16

[RouterB-Serial3/0/1:0] quit

Procedure (authenticator name is not configured)

1. Configure Router A:

# Create a user account for Router B.

<RouterA> system-view

[RouterA] local-user userb class network

# Set a password for the user account.

[RouterA-luser-network-userb] password simple 123456TESTplat&!

# Set the service type of the user account to PPP.

[RouterA-luser-network-userb] service-type ppp

[RouterA-luser-network-userb] quit

# Set the authentication mode to CHAP on Serial 3/0/1:0.

[RouterA] interface serial 3/0/1:0

[RouterA-Serial3/0/1:0] ppp authentication-mode chap domain system

# Assign an IP address to Serial 3/0/1:0.

[RouterA-Serial3/0/1:0] ip address 200.1.1.1 16

[RouterA-Serial3/0/1:0] quit

# Configure local authentication for the PPP users in the default ISP domain (system).

[RouterA] domain name system

[RouterA-isp-system] authentication ppp local

[RouterA-isp-system] quit

2. Configure Router B:

# On Serial 3/0/1:0, configure the username of Router B when Router B is authenticated.

<RouterB> system-view

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] ppp chap user userb

# Set the default CHAP password on Serial 3/0/1:0.

[RouterB-Serial3/0/1:0] ppp chap password simple 123456TESTplat&!

# Assign an IP address to Serial 3/0/1:0.

[RouterB-Serial3/0/1:0] ip address 200.1.1.2 16

[RouterB-Serial3/0/1:0] quit

Verifying the configuration

# Use the display interface serial command to display information about Serial 3/0/1:0 of Router B.

[RouterB] display interface serial 3/0/1:0

Serial3/0/1:0

Current state: UP

Line protocol state: UP

Description: Serial3/0/1:0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1500

Hold timer: 10 seconds, retry times: 5

Internet address: 200.1.1.2/16 (primary)

Link layer protocol: PPP

LCP opened, IPCP opened

...

The output shows that:

· The physical layer status and link layer status of the interface are both up.

· The states of LCP and IPCP are both Opened, indicating that PPP negotiation has succeeded.

# Verify that Router A and Router B can ping each other.

[RouterB] ping 200.1.1.1

Ping 200.1.1.1 (200.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 200.1.1.1: icmp_seq=0 ttl=128 time=3.197 ms

56 bytes from 200.1.1.1: icmp_seq=1 ttl=128 time=2.594 ms

56 bytes from 200.1.1.1: icmp_seq=2 ttl=128 time=2.739 ms

56 bytes from 200.1.1.1: icmp_seq=3 ttl=128 time=1.738 ms

56 bytes from 200.1.1.1: icmp_seq=4 ttl=128 time=1.744 ms

--- Ping statistics for 200.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.738/2.402/3.197/0.576 ms

Example: Specifying an IP address for the client on the server interface

Network configuration

As shown in Figure 42, configure Router A to allocate an IP address to Serial 3/0/1:0 of Router B through PPP negotiation. The IP address is specified on an interface of Router A.

Figure 42 Network diagram

‌

Procedure

1. Configure Router A:

# Configure an IP address to be assigned to the peer interface on Serial 3/0/1:0.

<RouterA> system-view

[RouterA] interface serial 3/0/1:0

[RouterA-Serial3/0/1:0] remote address 200.1.1.10

# Configure an IP address for Serial 3/0/1:0.

[RouterA-Serial3/0/1:0] ip address 200.1.1.1 16

[RouterA-Serial3/0/1:0] quit

2. Enable IP address negotiation on Serial 3/0/1:0 of Router B.

<RouterB> system-view

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] ip address ppp-negotiate

[RouterB-Serial3/0/1:0] quit

Verifying the configuration

# Display summary information about Serial 3/0/1:0 on Router B.

[RouterB] display interface serial 3/0/1:0 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

Ser3/0/1:0 UP UP 200.1.1.10

The output shows Serial 3/0/1:0 obtains IP address 200.1.1.10 through PPP negotiation.

# Verify that Router B can ping Serial 3/0/1:0 of Router A.

[RouterB] ping 200.1.1.1

Ping 200.1.1.1 (200.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 200.1.1.1: icmp_seq=0 ttl=128 time=3.197 ms

56 bytes from 200.1.1.1: icmp_seq=1 ttl=128 time=2.594 ms

56 bytes from 200.1.1.1: icmp_seq=2 ttl=128 time=2.739 ms

56 bytes from 200.1.1.1: icmp_seq=3 ttl=128 time=1.738 ms

56 bytes from 200.1.1.1: icmp_seq=4 ttl=128 time=1.744 ms

--- Ping statistics for 200.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.738/2.402/3.197/0.576 ms

Example: Specifying an IP address pool on the server interface

Network configuration

As shown in Figure 43, configure Router A to allocate an IP address from the IP address pool on an interface of Router A to Serial 3/0/1:0 of Router B through PPP negotiation.

Figure 43 Network diagram

‌

Procedure

1. Configure Router A:

# Enable DHCP.

<RouterA> system-view

[RouterA] dhcp enable

# Create IP address pool pool1, and specify the subnet for dynamic allocation and a gateway address in the address pool.

[RouterA] ip pool pool1

[RouterA-ip-pool-pool1] network 200.1.1.0 24

[RouterA-ip-pool-pool1] gateway-list 200.1.1.1

# Exclude IP address 200.1.1.1 from dynamic allocation in the address pool.

[RouterA-ip-pool-pool1] forbidden-ip 200.1.1.1

[RouterA-ip-pool-pool1] quit

# Configure Serial 3/0/1:0 to assign an IP address from IP address pool pool1 to the peer interface.

[RouterA] interface serial 3/0/1:0

[RouterA-Serial3/0/1:0] remote address pool pool1

# Configure an IP address for Serial 3/0/1:0.

[RouterA-Serial3/0/1:0] ip address 200.1.1.1 16

[RouterA-Serial3/0/1:0] quit

2. Enable IP address negotiation on Serial 3/0/1:0 of Router B.

<RouterB> system-view

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] ip address ppp-negotiate

[RouterB-Serial3/0/1:0] quit

Verifying the configuration

# Display summary information about Serial 3/0/1:0 on Router B.

[RouterB] display interface serial 3/0/1:0 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

Ser3/0/1:0 UP UP 200.1.1.2

The output shows that Serial 3/0/1:0 has obtained IP address 200.1.1.2 through PPP negotiation.

# Verify that Router B can ping Serial 3/0/1:0 of Router A.

[RouterB] ping 200.1.1.1

Ping 200.1.1.1 (200.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 200.1.1.1: icmp_seq=0 ttl=128 time=3.197 ms

56 bytes from 200.1.1.1: icmp_seq=1 ttl=128 time=2.594 ms

56 bytes from 200.1.1.1: icmp_seq=2 ttl=128 time=2.739 ms

56 bytes from 200.1.1.1: icmp_seq=3 ttl=128 time=1.738 ms

56 bytes from 200.1.1.1: icmp_seq=4 ttl=128 time=1.744 ms

--- Ping statistics for 200.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.738/2.402/3.197/0.576 ms

# Display binding information about assigned IP addresses on Router A.

[RouterA] display dhcp server ip-in-use

IP address Client identifier/ Lease expiration Type

Hardware address

200.1.1.2 0030-3030-302e-3030- Unlimited Auto(C)

3030-2e30-3030-362d

The output shows that one IP address of the IP address pool has been assigned.

Example: Using the IP address pool associated with an ISP domain

Network configuration

As shown in Figure 44, configure Router A to allocate an IP address from the IP address pool associated with the ISP domain to Serial 3/0/1:0 of Router B through PPP negotiation.

Figure 44 Network diagram

‌

Procedure

1. Configure Router A:

# Enable DHCP.

<RouterA> system-view

[RouterA] dhcp enable

# Create IP address pool pool1, and specify the subnet for dynamic allocation and a gateway address in the address pool.

[RouterA] ip pool pool1

[RouterA-ip-pool-pool1] network 200.1.1.0 24

[RouterA-ip-pool-pool1] gateway-list 200.1.1.1

# Exclude IP address 200.1.1.1 from dynamic allocation in the address pool.

[RouterA-ip-pool-pool1] forbidden-ip 200.1.1.1

[RouterA-ip-pool-pool1] quit

# Create a local user for Router B.

[RouterA] local-user userb class network

# Set a password for the local user.

[RouterA-luser-network-userb] password simple 123456TESTplat&!

# Set the service type to PPP for the local user.

[RouterA-luser-network-userb] service-type ppp

[RouterA-luser-network-userb] quit

# Create ISP domain dm1 and associate the ISP domain with IP address pool pool1.

[RouterA] domain name dm1

[RouterA-isp-dm1] authorization-attribute ip-pool pool1

[RouterA-isp-dm1] quit

# Configure Serial 3/0/1:0 to authenticate the peer interface in ISP domain dm1 by using PAP.

[RouterA] interface serial 3/0/1:0

[RouterA-Serial3/0/1:0] ppp authentication-mode pap domain dm1

# Configure an IP address for Serial 3/0/1:0.

[RouterA-Serial3/0/1:0] ip address 200.1.1.1 16

[RouterA-Serial3/0/1:0] quit

2. Configure Router B:

# On Serial 3/0/1:0, configure the username and password for PAP authentication by Router A.

<RouterB> system-view

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] ppp pap local-user userb password simple 123456TESTplat&!

# Enable IP address negotiation on Serial 3/0/1:0.

<RouterB> system-view

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] ip address ppp-negotiate

[RouterB-Serial3/0/1:0] quit

Verifying the configuration

# Display summary information about Serial 3/0/1:0 on Router B.

[RouterB] display interface serial 3/0/1:0 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

Ser3/0/1:0 UP UP 200.1.1.2

The output shows that Serial 3/0/1:0 has obtained IP address 200.1.1.2 through PPP negotiation.

# Verify that Router B can ping Serial 3/0/1:0 of Router A.

[RouterB-Serial3/0/1:0] ping 200.1.1.1

Ping 200.1.1.1 (200.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 200.1.1.1: icmp_seq=0 ttl=128 time=3.197 ms

56 bytes from 200.1.1.1: icmp_seq=1 ttl=128 time=2.594 ms

56 bytes from 200.1.1.1: icmp_seq=2 ttl=128 time=2.739 ms

56 bytes from 200.1.1.1: icmp_seq=3 ttl=128 time=1.738 ms

56 bytes from 200.1.1.1: icmp_seq=4 ttl=128 time=1.744 ms

--- Ping statistics for 200.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.738/2.402/3.197/0.576 ms

# Display binding information about assigned IP addresses on Router A.

[RouterA] display dhcp server ip-in-use

IP address Client identifier/ Lease expiration Type

Hardware address

200.1.1.2 0030-3030-302e-3030- Unlimited Auto(C)

3030-2e30-3030-362d

The output shows that one IP address of the IP address pool has been assigned.

MP configuration examples

Example: Configuring an MP-group interface

Network configuration

As shown in Figure 45, to enable MP for Serial 3/0/1:0 and Serial3/0/2:0, configure an MP-group interface.

Figure 45 Network diagram

Procedure

1. Configure Router A:

# Create an MP-group interface, and configure an IP address for it.

<RouterA> system-view

[RouterA] interface mp-group 3/0/1

[RouterA-MP-group3/0/1] ip address 1.1.1.1 24

# Configure interface Serial 3/0/1:0.

[RouterA-MP-group3/0/1] quit

[RouterA] interface serial 3/0/1:0

[RouterA-Serial3/0/1:0] link-protocol ppp

[RouterA-Serial3/0/1:0] ppp mp mp-group 3/0/1

[RouterA-Serial3/0/1:0] shutdown

[RouterA-Serial3/0/1:0] undo shutdown

[RouterA-Serial3/0/1:0] quit

# Configure interface Serial3/0/2:0.

[RouterA] interface serial 3/0/2:0

[RouterA-Serial3/0/2:0] link-protocol ppp

[RouterA-Serial3/0/2:0] ppp mp mp-group 3/0/1

[RouterA-Serial3/0/2:0] shutdown

[RouterA-Serial3/0/2:0] undo shutdown

[RouterA-Serial3/0/2:0] quit

2. Configure Router B:

# Create an MP-group interface, and configure an IP address for it.

[RouterB] interface mp-group 3/0/1

[RouterB-MP-group3/0/1] ip address 1.1.1.2 24

[RouterB-MP-group3/0/1] quit

# Configure interface Serial 3/0/1:0.

[RouterB] interface serial 3/0/1:0

[RouterB-Serial3/0/1:0] link-protocol ppp

[RouterB-Serial3/0/1:0] ppp mp mp-group 3/0/1

[RouterB-Serial3/0/1:0] shutdown

[RouterB-Serial3/0/1:0] undo shutdown

[RouterB-Serial3/0/1:0] quit

# Configure interface Serial3/0/2:0.

[RouterB] interface serial 3/0/2:0

[RouterB-Serial3/0/2:0] link-protocol ppp

[RouterB-Serial3/0/2:0] ppp mp mp-group 3/0/1

[RouterB-Serial3/0/2:0] shutdown

[RouterB-Serial3/0/2:0] undo shutdown

[RouterB-Serial3/0/2:0] quit

Verifying the configuration

# Display MP information on Router A.

[RouterA] display ppp mp

Template: MP-group3/0/1

max-bind: 16, fragment: enabled, min-fragment: 128

Master link: MP-group3/0/1, Active members: 2, Bundle Multilink

Peer's endPoint descriptor: MP-group3/0/1

Sequence format: short (rcv)/long (sent)

Bundle Up Time: 2019/11/04 09:03:16:612

0 lost fragments, 0 reordered, 0 unassigned, 0 interleaved

Sequence: 0 (rcvd)/0 (sent)

Active member channels: 2 members

Serial3/0/1:0 Up-Time:2019/11/04 09:03:16:613

Serial3/0/2:0 Up-Time:2019/11/04 09:03:42:945

# Display information about interface MP-group 3/0/1 on Router A.

[RouterA] display interface mp-group 3/0/1

MP-group3/0/1

Current state: UP

Line protocol state: UP

Description: MP-group3/0/1 Interface

Bandwidth: 2048kbps

Maximum transmission unit: 1500

Hold timer: 10 seconds, retry times: 5

Internet address: 1.1.1.1/24 (primary)

Link layer protocol: PPP

LCP: opened, MP: opened, IPCP: opened

Physical: MP, baudrate: 2048000 bps

Last link flapping: Never

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 2 packets, 80 bytes, 0 drops

Output: 2 packets, 24 bytes, 0 drops

# Ping Router B from Router A.

[RouterA] ping 1.1.1.2

Ping 1.1.1.2 (1.1.1.2): 56 data bytes, press CTRL+C to break

56 bytes from 1.1.1.2: icmp_seq=0 ttl=255 time=4.000 ms

56 bytes from 1.1.1.2: icmp_seq=1 ttl=255 time=1.000 ms

56 bytes from 1.1.1.2: icmp_seq=2 ttl=255 time=0.000 ms

56 bytes from 1.1.1.2: icmp_seq=3 ttl=255 time=7.000 ms

56 bytes from 1.1.1.2: icmp_seq=4 ttl=255 time=1.000 ms

--- Ping statistics for 1.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/2.600/7.000/2.577 ms

HDLC configuration examples

Example: Configuring HDLC

Network configuration

As shown in Figure 46, Router A and Router B are connected by POS interfaces.

Run HDLC on the link between them.

Figure 46 Network diagram

‌

Procedure

1. Configure Router A:

# Configure the clock mode of POS 2/2/1 as master.

<RouterA> system-view

[RouterA] interface pos 3/0/1

[RouterA-Pos3/0/1] clock master

# Enable HDLC encapsulation on POS 2/2/1.

[RouterA-Pos3/0/1] link-protocol hdlc

# Assign an IP address to POS 2/2/1.

[RouterA-Pos3/0/1] ip address 12.1.1.1 24

[RouterA-Pos3/0/1] quit

2. Configure Router B:

# Enable HDLC encapsulation on POS 2/2/1.

<RouterB> system-view

[RouterB] interface pos 3/0/1

[RouterB-Pos3/0/1] link-protocol hdlc

# Assign an IP address to POS 2/2/1.

[RouterB-Pos3/0/1] ip address 12.1.1.2 24

Verifying the configuration

# Ping a router from the other router, for example, ping Router B from Router A.

[RouterA] ping 12.1.1.2

Ping 12.1.1.2 (12.1.1.2): 56 data bytes, press CTRL+C to break

56 bytes from 12.1.1.2: icmp_seq=0 ttl=254 time=2.137 ms

56 bytes from 12.1.1.2: icmp_seq=1 ttl=254 time=2.051 ms

56 bytes from 12.1.1.2: icmp_seq=2 ttl=254 time=1.996 ms

56 bytes from 12.1.1.2: icmp_seq=3 ttl=254 time=1.963 ms

56 bytes from 12.1.1.2: icmp_seq=4 ttl=254 time=1.991 ms

--- Ping statistics for 12.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms

The output shows that Router A can successfully ping Router B.

HDLC link bundling configuration examples

Example: Configuring HDLC link bundling

Network configuration

As shown in Figure 47, to increase bandwidth and enhance connection reliability between Router A and Router B, create an HDLC link bundle.

Figure 47 Network diagram

‌

Procedure

1. Configure Router A:

# Create HDLC link bundle interface 1 and assign an IP address to it.

<RouterA> system-view

[RouterA] interface hdlc-bundle 1

[RouterA-HDLC-bundle1] ip address 1.1.1.1 24

[RouterA-HDLC-bundle1] quit

# Assign Pos 3/0/1 to HDLC link bundle 1, and configure the interface to use the master clock mode.

[RouterA] interface pos 3/0/1

[RouterA-Pos3/0/1] clock master

[RouterA-Pos3/0/1] link-protocol hdlc

[RouterA-Pos3/0/1] bundle id 1

[RouterA-Pos3/0/1] quit

# Assign Pos 3/0/2 to HDLC link bundle 1, and configure the interface to use the master clock mode.

[RouterA] interface pos 3/0/2

[RouterA-Pos3/0/2] clock master

[RouterA-Pos3/0/2] link-protocol hdlc

[RouterA-Pos3/0/2] bundle id 1

[RouterA-Pos3/0/2] quit

2. Configure Router B:

# Create HDLC link bundle interface 1 and assign an IP address to it.

<RouterB> system-view

[RouterB] interface hdlc-bundle 1

[RouterB-HDLC-bundle1] ip address 1.1.1.2 24

[RouterB-HDLC-bundle1] quit

# Assign Pos 3/0/1 to HDLC link bundle 1.

[RouterB] interface pos 3/0/1

[RouterB-Pos3/0/1] link-protocol hdlc

[RouterB-Pos3/0/1] bundle id 1

[RouterB-Pos3/0/1] quit

# Assign Pos 3/0/2 to HDLC link bundle 1.

[RouterB] interface pos 3/0/2

[RouterB-Pos3/0/2] link-protocol hdlc

[RouterB-Pos3/0/2] bundle id 1

[RouterB-Pos3/0/2] quit

Verifying the configuration

# Verify that the HDLC link bundle interfaces on Router A and Router B can ping each other.

[RouterA] ping –a 1.1.1.1 1.1.1.2

Ping 1.1.1.2 (1.1.1.2) from 1.1.1.1: 56 data bytes, press CTRL+C to break

56 bytes from 1.1.1.2: icmp_seq=0 ttl=255 time=0.000 ms

56 bytes from 1.1.1.2: icmp_seq=1 ttl=255 time=0.000 ms

56 bytes from 1.1.1.2: icmp_seq=2 ttl=255 time=0.000 ms

56 bytes from 1.1.1.2: icmp_seq=3 ttl=255 time=0.000 ms

56 bytes from 1.1.1.2: icmp_seq=4 ttl=255 time=0.000 ms

--- Ping statistics for 1.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.000/0.000/0.000 ms

# Verify that:

· Pos 3/0/1 and Pos 3/0/2 are in Selected state and can perform load balancing.

· The bandwidth of the HDLC link bundle is 1244160 kbps, the total bandwidth of two POS interfaces.

· When one POS interface fails, the traffic can be forwarded through the other POS interface. This improves the link reliability.

Use Router A as an example.

[RouterA] display bundle hdlc-bundle 1

Bundle: HDLC-bundle1

Selected members: 2, Total bandwidth: 1244160 kbps

Member State Bandwidth(kbps) Priority

Pos3/0/1 Selected 622080 32768

Pos3/0/2 Selected 622080 32768

ARP configuration examples

Example: Configuring a long static ARP entry

Network configuration

As shown in Figure 48, hosts are connected to Device B. Device B is connected to Device A through interface Ten-GigabitEthernet 3/0/1 in VLAN 10.

To ensure secure communications between Device A and Device B, configure a long static ARP entry for Device A on Device B.

Figure 48 Network diagram

‌

Procedure

# Create VLAN 10.

<DeviceB> system-view

[DeviceB] vlan 10

[DeviceB-vlan10] quit

# Add interface Ten-GigabitEthernet 3/0/1 to VLAN 10.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] port access vlan 10

[DeviceB-Ten-GigabitEthernet3/0/1] quit

# Create VLAN-interface 10 and configure its IP address.

[DeviceB] interface vlan-interface 10

[DeviceB-vlan-interface10] ip address 192.168.1.2 8

[DeviceB-vlan-interface10] quit

# Configure a long static ARP entry that has IP address 192.168.1.1, MAC address 00e0-fc01-0000, and output interface Ten-GigabitEthernet 3/0/1 in VLAN 10.

[DeviceB] arp static 192.168.1.1 00e0-fc01-0000 10 ten-gigabitethernet 3/0/1

Verifying the configuration

# Verify that Device B has a long static ARP entry for Device A.

[DeviceB] display arp static

Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface Aging Type

192.168.1.1 00e0-fc01-0000 10 XGE3/0/1 -- S

Example: Configuring a short static ARP entry

Network configuration

As shown in Figure 49, hosts are connected to Device B. Device B is connected to Device A through interface Ten-GigabitEthernet 3/0/2.

To ensure secure communications between Device A and Device B, configure a short static ARP entry for Device A on Device B.

Figure 49 Network diagram

‌

Procedure

# Configure an IP address for Ten-GigabitEthernet 3/0/2.

<DeviceB> system-view

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] ip address 192.168.1.2 24

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Configure a short static ARP entry that has IP address 192.168.1.1 and MAC address 00e0-fc01-001f.

[DeviceB] arp static 192.168.1.1 00e0-fc01-001f

Verifying the configuration

# Verify that Device B has a short static ARP entry for Device A

[DeviceB] display arp static

Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface Aging Type

192.168.1.1 00e0-fc01-001f -- -- -- S

Common proxy ARP configuration examples

Example: Configuring common proxy ARP

Network configuration

As shown in Figure 50, Host A and Host D have the same prefix and mask, but they are located on different subnets. No default gateway is configured on Host A and Host D.

Configure common proxy ARP on the router to ensure communication between Host A and Host D.

Figure 50 Network diagram

‌

Procedure

# Configure the IP address of Ten-GigabitEthernet 3/0/2.

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] ip address 192.168.10.99 255.255.255.0

# Enable common proxy ARP on Ten-GigabitEthernet 3/0/2.

[Router-Ten-GigabitEthernet3/0/2] proxy-arp enable

[Router-Ten-GigabitEthernet3/0/2] quit

# Configure the IP address of Ten-GigabitEthernet 3/0/1.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.20.99 255.255.255.0

# Enable common proxy ARP on Ten-GigabitEthernet 3/0/1.

[Router-Ten-GigabitEthernet3/0/1] proxy-arp enable

[Router-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that Host A and Host D can ping each other.

ARP suppression configuration examples

Example: Configuring ARP suppression

Network configuration

As shown in Figure 51, the base station, Router A, and Router B are in an MPLS L2VPN.

Enable ARP suppression on Router A to directly reply to ARP requests for Router B.

Figure 51 Network diagram

‌

Procedure

1. Configure IP addresses for the interfaces, and make sure the base station can reach the L3VE interface VE-L3VPN 1 of Router B. (Details not shown.)

2. Configure ARP suppression on Router A:

# Create a cross-connect group named vpna and create a cross-connect named svc in the group.

<RouterA> system-view

[RouterA] xconnect-group vpna

[RouterA-xcg-vpna] connection svc

# Enable ARP suppression for cross-connect svc in cross-connect group vpna.

[RouterA-xcg-vpna-svc] arp suppression enable

Verifying the configuration

1. On the base station, clear ARP entries, and ping the L3VE interface VE-L3VPN 1 of Router B. (Details not shown.)

2. Verify that Router A has ARP suppression entries for the base station and Router B.

[RouterA-xcg-vpna-svc] display arp suppression xconnect-group

IP address MAC address Xconnect-group Connection Aging

10.1.1.1 00e0-fc04-582c vpna svc 25

10.1.1.3 0023-89b7-0861 vpna svc 25

3. Enable ARP debugging on Router B to verify that Router B does not receive an ARP request from the base station under the following conditions (details not shown):

a. Clear ARP entries on the base station.

b. Ping the L3VE interface VE-L3VPN 1 of Router B from the base station.

Procedure

1. Configure IP addresses for the interfaces, and make sure the base station can reach the L3VE interface VE-L3VPN 1 of Switch B. (Details not shown.)

2. Configure ARP suppression on Switch A:

# Create a cross-connect group named vpna and create a cross-connect named svc in the group.

<SwitchA> system-view

[SwitchA] xconnect-group vpna

[SwitchA-xcg-vpna] connection svc

# Enable ARP suppression for cross-connect svc in cross-connect group vpna.

[SwitchA-xcg-vpna-svc] arp suppression enable

Verifying the configuration

1. On the base station, clear ARP entries, and ping the L3VE interface VE-L3VPN 1 of Switch B. (Details not shown.)

2. Verify that Switch A has ARP suppression entries for the base station and Switch B.

[SwitchA-xcg-vpna-svc] display arp suppression xconnect-group

IP address MAC address Xconnect-group Connection Aging

10.1.1.1 00e0-fc04-582c vpna svc 25

10.1.1.3 0023-89b7-0861 vpna svc 25

3. Enable ARP debugging on Switch B to verify that Switch B does not receive an ARP request from the base station under the following conditions (details not shown):

a. Clear ARP entries on the base station.

b. Ping the L3VE interface VE-L3VPN 1 of Switch B from the base station.

IP addressing configuration examples

Example: Manually specifying an IP address

Network configuration

As shown in Figure 52, Ten-GigabitEthernet 3/0/1 on the router is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24.

To enable the hosts on the two network segments to communicate with the external network through the router, and to enable the hosts on the LAN to communicate with each other:

· Assign a primary IP address and a secondary IP address to Ten-GigabitEthernet 3/0/1 on the router.

· Set the primary IP address of the router as the gateway address of the PCs on subnet 172.16.1.0/24. Set the secondary IP address of the router as the gateway address of the PCs on subnet 172.16.2.0/24.

Figure 52 Network diagram

‌

Procedure

# Assign a primary IP address and a secondary IP address to Ten-GigabitEthernet 3/0/1.

<Router> system-view

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 172.16.1.1 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] ip address 172.16.2.1 255.255.255.0 sub

# Set the gateway address to 172.16.1.1 on the PCs attached to subnet 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to subnet 172.16.2.0/24.

Verifying the configuration

# Verify the connectivity between a host on subnet 172.16.1.0/24 and the router.

<Router> ping 172.16.1.2

Ping 172.16.1.2 (172.16.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 172.16.1.2: icmp_seq=0 ttl=128 time=7.000 ms

56 bytes from 172.16.1.2: icmp_seq=1 ttl=128 time=2.000 ms

56 bytes from 172.16.1.2: icmp_seq=2 ttl=128 time=1.000 ms

56 bytes from 172.16.1.2: icmp_seq=3 ttl=128 time=1.000 ms

56 bytes from 172.16.1.2: icmp_seq=4 ttl=128 time=2.000 ms

--- Ping statistics for 172.16.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/2.600/7.000/2.245 ms

# Verify the connectivity between a host on subnet 172.16.2.0/24 and the router.

<Router> ping 172.16.2.2

Ping 172.16.2.2 (172.16.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 172.16.2.2: icmp_seq=0 ttl=128 time=2.000 ms

56 bytes from 172.16.2.2: icmp_seq=1 ttl=128 time=7.000 ms

56 bytes from 172.16.2.2: icmp_seq=2 ttl=128 time=1.000 ms

56 bytes from 172.16.2.2: icmp_seq=3 ttl=128 time=2.000 ms

56 bytes from 172.16.2.2: icmp_seq=4 ttl=128 time=1.000 ms

--- Ping statistics for 172.16.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/2.600/7.000/2.245 ms

# Verify the connectivity between a host on subnet 172.16.1.0/24 and a host on subnet 172.16.2.0/24. The ping operation succeeds.

IPv4 DNS configuration examples

Example: Configuring static domain name resolution

Network configuration

As shown in Figure 53, the host at 10.1.1.2 is named host.com. Configure static IPv4 DNS on the device so that the device can use the easy-to-remember domain name rather than the IP address to access the host.

Figure 53 Network diagram

Procedure

# Configure a mapping between host name host.com and IP address 10.1.1.2.

<Sysname> system-view

[Sysname] ip host host.com 10.1.1.2

# Verify that the device can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2.

[Sysname] ping host.com

Ping host.com (10.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms

56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.000 ms

56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.000 ms

56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=1.000 ms

56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=2.000 ms

--- Ping statistics for host.com ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms

Example: Configuring dynamic domain name resolution

Network configuration

As shown in Figure 54, configure the DNS server to store the mapping between the host's domain name host and IPv4 address 3.1.1.1/16 in the com domain. Configure dynamic IPv4 DNS and DNS suffix com on the device so that the device can use domain name host to access the host.

Figure 54 Network diagram

Prerequisites

Assign IP addresses to interfaces as shown in Figure 54. Make sure the network connections are available.

Procedure

1. Configure the DNS server:

The DNS server configuration might vary. This example uses a PC running Windows Server 2008 R2 for illustration.

a. Select Start > Programs > Administrative Tools > DNS.

The DNS server configuration page appears, as shown in Figure 55.

b. Right-click Forward Lookup Zones, select New Zone, and then follow the wizard to create a new zone named com.

Figure 55 Creating a zone

a. On the DNS server configuration page, right-click zone com and select New Host.

Figure 56 Adding a host

a. On the page that appears, enter host name host and IP address 3.1.1.1.

b. Click Add Host.

The mapping between the IP address and host name is created.

Figure 57 Adding a mapping between domain name and IP address

2. Configure the DNS client:

# Specify the DNS server 2.1.1.2.

<Device> system-view

[Device] dns server 2.1.1.2

# Specify com as the name suffix.

[Device] dns domain com

Verifying the configuration

# Verify that the device can use the dynamic domain name resolution to resolve domain name host.com into IP address 3.1.1.1.

[Device] ping host

Ping host.com (3.1.1.1): 56 data bytes, press CTRL_C to break

56 bytes from 3.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms

56 bytes from 3.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms

56 bytes from 3.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms

56 bytes from 3.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms

56 bytes from 3.1.1.1: icmp_seq=4 ttl=255 time=2.000 ms

--- Ping statistics for host ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms

Example: Configuring DNS proxy

Network configuration

As shown in Figure 58, configure Device A as the DNS proxy to forward DNS packets between the DNS client (Device B) and the DNS server at 4.1.1.1.

Figure 58 Network diagram

Prerequisites

Assign IP addresses to interfaces as shown in Figure 58. Make sure the network connections are available.

Procedure

1. Configure the DNS server:

The configuration might vary by DNS server. When a PC running Windows Server 2008 R2 acts as the DNS server, see "Example: Configuring dynamic domain name resolution" for configuration information.

2. Configure the DNS proxy:

# Specify the DNS server 4.1.1.1.

<DeviceA> system-view

[DeviceA] dns server 4.1.1.1

# Enable DNS proxy.

[DeviceA] dns proxy enable

3. Configure the DNS client:

<DeviceB> system-view

# Specify the DNS server 2.1.1.2.

[DeviceB] dns server 2.1.1.2

Verifying the configuration

# Verify that DNS proxy on Device A functions.

[DeviceB] ping host.com

Ping host.com (3.1.1.1): 56 data bytes, press CTRL_C to break

56 bytes from 3.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms

56 bytes from 3.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms

56 bytes from 3.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms

56 bytes from 3.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms

56 bytes from 3.1.1.1: icmp_seq=4 ttl=255 time=2.000 ms

--- Ping statistics for host.com ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms

IPv6 DNS configuration examples

Example: Configuring static domain name resolution

Network configuration

As shown in Figure 59, the host at 1::2 is named host.com. Configure static IPv6 DNS on the device so that the device can use the easy-to-remember domain name rather than the IPv6 address to access the host.

Figure 59 Network diagram

Procedure

# Configure a mapping between host name host.com and IPv6 address 1::2.

<Device> system-view

[Device] ipv6 host host.com 1::2

# Verify that the device can use static domain name resolution to resolve domain name host.com into IPv6 address 1::2.

[Sysname] ping ipv6 host.com

Ping6(56 data bytes) 1::1 --> 1::2, press CTRL_C to break

56 bytes from 1::2, icmp_seq=0 hlim=128 time=1.000 ms

56 bytes from 1::2, icmp_seq=1 hlim=128 time=0.000 ms

56 bytes from 1::2, icmp_seq=2 hlim=128 time=1.000 ms

56 bytes from 1::2, icmp_seq=3 hlim=128 time=1.000 ms

56 bytes from 1::2, icmp_seq=4 hlim=128 time=0.000 ms

--- Ping6 statistics for host.com ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms

Example: Configuring dynamic domain name resolution

Network configuration

As shown in Figure 60, configure the DNS server to store the mapping between the host's domain name host and IPv6 address 1::1/64 in the com domain. Configure dynamic IPv6 DNS and DNS suffix com on the device so that the device can use domain name host to access the host.

Figure 60 Network diagram

Prerequisites

Before you configure dynamic domain name resolution, perform the following tasks:

· Assign IPv6 addresses to interfaces as shown in Figure 60. Make sure the network connections are available.

· Configure IPv6 DNS on the DNS server supports so that the server can process IPv6 DNS packets and its interfaces can forward IPv6 packets.

Procedure

1. Configure the DNS server:

The DNS server configuration might vary. This example uses a PC running Windows Server 2008 R2 for illustration.

a. Select Start > Programs > Administrative Tools > DNS.

The DNS server configuration page appears, as shown in Figure 61.

b. Right-click Forward Lookup Zones, select New Zone, and then follow the wizard to create a new zone named com.

Figure 61 Creating a zone

a. On the DNS server configuration page, right-click zone com and select New Host.

Figure 62 Adding a host

a. On the page that appears, enter host name host and IPv6 address 1::1.

b. Click Add Host.

The mapping between the IPv6 address and host name is created.

Figure 63 Adding a mapping between domain name and IPv6 address

2. Configure the DNS client:

# Specify the DNS server 2::2.

<Device> system-view

[Device] ipv6 dns server 2::2

# Configure com as the DNS suffix.

[Device] dns domain com

Verifying the configuration

# Verify that the device can use the dynamic domain name resolution to resolve the domain name host.com into the IP address 1::1.

[Device] ping ipv6 host

Ping6(56 data bytes) 3::1 --> 1::1, press CTRL_C to break

56 bytes from 1::1, icmp_seq=0 hlim=128 time=1.000 ms

56 bytes from 1::1, icmp_seq=1 hlim=128 time=0.000 ms

56 bytes from 1::1, icmp_seq=2 hlim=128 time=1.000 ms

56 bytes from 1::1, icmp_seq=3 hlim=128 time=1.000 ms

56 bytes from 1::1, icmp_seq=4 hlim=128 time=0.000 ms

--- Ping6 statistics for host ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms

Example: Configuring DNS proxy

Network configuration

As shown in Figure 64, configure Device A as the DNS proxy to forward DNS packets between the DNS client (Device B) and the DNS server at 4000::1.

Figure 64 Network diagram

Prerequisites

Assign IPv6 addresses to interfaces as shown in Figure 64. Make sure the network connections are available.

Procedure

1. Configure the DNS server:

This configuration might vary by DNS server. When a PC running Windows Server 2008 R2 acts as the DNS server, see "Example: Configuring dynamic domain name resolution" for configuration information.

2. Configure the DNS proxy:

# Specify the DNS server 4000::1.

<DeviceA> system-view

[DeviceA] ipv6 dns server 4000::1

# Enable DNS proxy.

[DeviceA] dns proxy enable

3. Configure the DNS client:

# Specify the DNS server 2000::2.

<DeviceB> system-view

[DeviceB] ipv6 dns server 2000::2

Verifying the configuration

# Verify that DNS proxy on Device A functions.

[DeviceB] ping host.com

Ping6(56 data bytes) 2000::1 --> 3000::1, press CTRL_C to break

56 bytes from 3000::1, icmp_seq=0 hlim=128 time=1.000 ms

56 bytes from 3000::1, icmp_seq=1 hlim=128 time=0.000 ms

56 bytes from 3000::1, icmp_seq=2 hlim=128 time=1.000 ms

56 bytes from 3000::1, icmp_seq=3 hlim=128 time=1.000 ms

56 bytes from 3000::1, icmp_seq=4 hlim=128 time=0.000 ms

--- Ping6 statistics for host.com ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms

DDNS configuration examples

Example: Configuring DDNS with www.3322.org

Network configuration

As shown in Figure 65, the router is a Web server with domain name whatever.3322.org and uses an IP address dynamically obtained through DHCP. To make sure the router can always provide Web services at whatever.3322.org when its IP address changes, perform the following tasks on the router:

· Configure a DDNS policy to update the router's domain name-to-IP address mapping on the DDNS server. The DDNS server then updates the mapping on the DNS server.

· Specify the IP address of the DNS server so that the router can access the DDNS server through domain name.

Figure 65 Network diagram

‌

Prerequisites

Before you configure DDNS on the router, perform the following tasks:

· Register with username steven and password nevets at http://www.3322.org/.

· Configure a DDNS policy to update the mapping between the router's FQDN and IP address.

· Make sure the devices can reach each other.

Procedure

# Create a DDNS policy named 3322.org, and enter its view.

<Router> system-view

[Router] ddns policy 3322.org

# Specify the URL address, username, and password for DDNS update requests.

[Router-ddns-policy-3322.org] url http://members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>

[Router-ddns-policy-3322.org] username steven

[Router-ddns-policy-3322.org] password simple nevets

# Set the interval to 15 minutes for sending DDNS update requests.

[Router-ddns-policy-3322.org] interval 0 0 15

[Router-ddns-policy-3322.org] quit

# Specify the IP address of the DNS server as 1.1.1.1.

[Router] dns server 1.1.1.1

# Apply DDNS policy 3322.org to Ten-GigabitEthernet 3/0/1 to enable DDNS update. The mapping between domain name whatever.3322.org and the primary IP address of the interface will be dynamically updated.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ddns apply policy 3322.org fqdn whatever.3322.org

Verifying the configuration

Verify that the router can update its domain name-IP mapping through the DDNS provider www.3322.org when its IP address changes. The Internet users can resolve the correct IP address through the domain name whatever.3322.org to access the Web service.

Example: Configuring DDNS with PeanutHull server

Network configuration

As shown in Figure 66, the router is a Web server with domain name whatever.gicp.cn and uses an IP address dynamically obtained through DHCP. To make sure the router can always provide Web services at whatever.gicp.cn when its IP address changes, perform the following tasks on the router:

· Configure a DDNS policy to update the router's domain name-to-IP address mapping on the DDNS server. The DDNS server then updates the mapping on the DNS server.

· Specify the IP address of the DNS server so that the router can access the DDNS server through domain name.

Figure 66 Network diagram

‌

Prerequisites

Before you configure DDNS on the router, perform the following tasks:

· Register with username steven and password nevets at http://www.oray.cn/.

· Configure a DDNS policy to update the mapping between the router's FQDN and IP address.

· Make sure the devices can reach each other.

Procedure

# Create a DDNS policy named oray.cn and enter its view.

<Router> system-view

[Router] ddns policy oray.cn

# Specify the URL address, username, and password for DDNS update requests.

[Router-ddns-policy-oray.cn] url oray://phddns60.oray.net

[Router-ddns-policy-oray.cn] username steven

[Router-ddns-policy-oray.cn] password simple nevets

# Set the DDNS update request interval to 12 minutes.

[Router-ddns-policy-oray.cn] interval 0 0 12

[Router-ddns-policy-oray.cn] quit

# Specify the IP address of the DNS server as 1.1.1.1.

[Router] dns server 1.1.1.1

# Apply DDNS policy oray.cn to Ten-GigabitEthernet 3/0/1 to enable DDNS update. The mapping between domain name whatever.gicp.cn and the primary IP address of the interface will be dynamically updated.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ddns apply policy oray.cn fqdn whatever.gicp.cn

Verifying the configuration

Verify that the router can update its domain name-IP mapping through the Peanuthull DDNS provider when its IP address changes. The Internet users can resolve the correct IP address through the domain name whatever.gicp.cn to access the Web service.

mDNS relay configuration examples

Example: Configuring mDNS relay

Network configuration

As shown in Figure 67, an enterprise network uses mDNS for communication. The working area is in VLAN 10 and uses subnet 192.168.1.0. The service area is in VLAN 20 and uses subnet 192.168.2.0. Subnet 192.168.3.0 runs between the mDNS relay and the mDNS gateway. Configure mDNS relay on the device to allow employers in the working area to access the printer in the service area.

Figure 67 Network diagram

‌

Procedure

1. Configure the mDNS gateway and make sure route among the AP, the mDNS relay, and the mDNS gateway is reachable. (Details not shown.)

2. Configure the mDNS relay.

# Specify 192.168.3.2 as the mDNS gateway address.

<Device> system-view

[Device] mdns relay gateway ip 192.168.3.2

# Enable mDNS relay in VLAN 10.

[Device] vlan 10

[Device-vlan10] mdns relay enable

# Specify 192.168.3.1 as the source IP address for mDNS packets.

[Device-vlan10] mdns relay source ip 192.168.3.1

[Device-vlan10] quit

# Enable mDNS relay in VLAN 20.

[Device] vlan 20

[Device-vlan20] mdns relay enable

# Specify 192.168.3.1 as the source IP address for mDNS packets.

[Device-vlan20] mdns relay source ip 192.168.3.1

[Device-vlan20] quit

Verifying the configuration

# Display mDNS relay configuration.

[Device] display mdns relay

mDNS relay configuration:

mDNS gateway IP: 192.168.3.2

mDNS relay configuration in VLANs:

VLAN ID Source IP address Probe interval (sec)

10 192.168.3.1 --

20 192.168.3.1 --

# Verify that the user in VLAN 10 can use the iPad to access the printer in VLAN 20. (Details not shown.)

Loading sharing configuration examples

Example: Configuring load sharing based on source and destination addresses

Network configuration

As shown in Figure 68, Router A has two equal-cost routes to Router B. Configure load sharing on Router A to forward packets through Router B to the destination IP address 1.2.3.4/24.

Figure 68 Network diagram

‌

Procedure

# On Router A, assign IP addresses to interfaces.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ip address 20.1.1.1 24

[RouterA-Ten-GigabitEthernet3/0/2] quit

# On Router B, assign IP addresses to interfaces.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ip address 20.1.1.2 24

[RouterB-Ten-GigabitEthernet3/0/2] quit

# On Router A, configure two static routes to the destination IP address.

[RouterA] ip route-static 1.2.3.4 24 10.1.1.2

[RouterA] ip route-static 1.2.3.4 24 20.1.1.2

[RouterA] quit

# On Router A, display FIB entries matching the destination IP address 1.2.3.4.

<RouterA> display fib 1.2.3.4

FIB entry count: 2

Flag:

U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static

R:Relay F:FRR

Destination/Mask Nexthop Flag OutInterface/Token Label

1.2.3.0/24 10.1.1.2 USGR XGE3/0/1 Null

1.2.3.0/24 20.1.1.2 USGR XGE3/0/2 Null

# On Router A, configure per-flow load sharing based on the source IP address and destination IP address.

<RouterA> system-view

[RouterA] ip load-sharing mode per-flow dest-ip src-ip global

[RouterA] quit

Verifying the configuration

# Verify that Router A implements load sharing.

<RouterA> display counters outbound interface Ten-GigabitEthernet

Interface Total (pkts) Broadcast (pkts) Multicast (pkts) Err (pkts)

XGE3/0/1 1045 0 0 0

XGE3/0/2 1044 0 0 0

IRDP configuration examples

Example: Configuring IRDP

Network configuration

As shown in Figure 69, Host A and Host B that run the Linux support IRDP, and they are in the internal network. Router A and Router B act as the egress routers and connect to external networks 192.168.1.0/24 and 192.168.2.0/24, respectively.

Configure Router A as the default gateway for the hosts. Make sure Router A has routes to reach both External network 1 and External network 2, so that packets to these external networks can be correctly routed.

Figure 69 Network diagram

‌

Procedure

1. Configure Router A:

# Configure a route for Router A to reach External network 2. (Details not shown.)

# Specify an IP address for Ten-GigabitEthernet 3/0/1.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 10.154.5.1 24

# Enable IRDP on Ten-GigabitEthernet 3/0/1.

[RouterA-Ten-GigabitEthernet3/0/1] ip irdp

# Specify preference 1000 for advertised IP addresses on Ten-GigabitEthernet 3/0/1.

[RouterA-Ten-GigabitEthernet3/0/1] ip irdp preference 1000

# Specify the multicast address 224.0.0.1 as the destination IP address for RAs sent by Ten-GigabitEthernet 3/0/1.

[RouterA-Ten-GigabitEthernet3/0/1] ip irdp multicast

# Specify the IP address 192.168.1.0 and preference 400 for Ten-GigabitEthernet 3/0/1 to proxy-advertise.

[RouterA-Ten-GigabitEthernet3/0/1] ip irdp address 192.168.1.0 400

2. Configure Router B:

# Specify an IP address for Ten-GigabitEthernet 3/0/1.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 10.154.5.2 24

# Enable IRDP on Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] ip irdp

# Specify preference 500 for advertised IP addresses on Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] ip irdp preference 500

# Specify the multicast address 224.0.0.1 as the destination IP address for RAs sent by Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] ip irdp multicast

# Specify the IP address 192.168.2.0 and preference 400 for Ten-GigabitEthernet 3/0/1 to proxy-advertise.

[RouterB-Ten-GigabitEthernet3/0/1] ip irdp address 192.168.2.0 400

Verifying the configuration

# Display the routing table for Host A.

[HostA@localhost ~]$ netstat -rne

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

10.154.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

0.0.0.0 10.154.5.1 0.0.0.0 UG 0 0 0 eth1

The output shows that the default route on Host A points to IP address 10.154.5.1, and Host A has routes to 192.168.1.0/24 and 192.168.2.0/24.

# Display the routing table for Host B.

[HostB@localhost ~]$ netstat -rne

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

10.154.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

0.0.0.0 10.154.5.1 0.0.0.0 UG 0 0 0 eth1

The output shows that the default route on Host B points to IP address 10.154.5.1, and Host B has routes to 192.168.1.0/24 and 192.168.2.0/24.

UDP helper configuration examples

Example: Configuring UDP helper to convert broadcast to unicast

Network configuration

As shown in Figure 70, configure UDP helper to convert broadcast to unicast on Ten-GigabitEthernet 3/0/1 of Router A. This feature enables Router A to forward broadcast packets with UDP destination port 55 to the destination server 10.2.1.1/16.

Figure 70 Network diagram

‌

Prerequisites

Make sure Router A can reach the subnet 10.2.0.0/16.

Procedure

# Enable UDP helper.

<RouterA> system-view

[RouterA] udp-helper enable

# Specify the UDP port 55 for UDP helper.

[RouterA] udp-helper port 55

# Specify the destination server 10.2.1.1 for UDP helper to convert broadcast to unicast on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 10.110.1.1 16

[RouterA-Ten-GigabitEthernet3/0/1] udp-helper server 10.2.1.1

Verifying the configuration

# Display information about broadcast to unicast conversion by UDP helper on Ten-GigabitEthernet 3/0/1.

[RouterA-Ten-GigabitEthernet3/0/1] display udp-helper interface ten-gigabitethernet 3/0/1

Interface Server VPN instance Server address Packets sent

Ten-GigabitEthernet3/0/1 N/A 10.2.1.1 5

Example: Configuring UDP helper to convert broadcast to multicast

Network configuration

As shown in Figure 71, Router B can receive multicast packets destined for 225.1.1.1.

Configure UDP helper to convert broadcast to multicast on Ten-GigabitEthernet 3/0/1 of Router A. This feature enables Router A to forward broadcast packets with UDP destination port number 55 to the multicast group 225.1.1.1.

Figure 71 Network diagram

‌

Prerequisites

Make sure Router A can reach the subnet 10.2.0.0/16.

Procedure

1. Configure Router A:

# Enable UDP helper.

<RouterA> system-view

[RouterA] udp-helper enable

# Enable the UDP port 55 for UDP helper.

[RouterA] udp-helper port 55

# Configure UDP helper to convert broadcast packets to multicast packets destined for 225.1.1.1 on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 10.110.1.1 16

[RouterA-Ten-GigabitEthernet3/0/1] udp-helper broadcast-map 225.1.1.1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IP multicast routing globally.

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim dm

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM and IGMP on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] igmp enable

# Configure Ten-GigabitEthernet 3/0/2 as a static member of multicast group 225.1.1.1.

[RouterA-Ten-GigabitEthernet3/0/2] igmp static-group 225.1.1.1

2. Configure Router B:

# Enable IP multicast routing globally.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable PIM-DM and IGMP on Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] pim dm

[RouterB-Ten-GigabitEthernet3/0/1] igmp enable

# Configure Ten-GigabitEthernet 3/0/1 as a static member of multicast group 225.1.1.1.

[RouterB-Ten-GigabitEthernet3/0/1] igmp static-group 225.1.1.1

Verifying the configuration

Verify that you can capture multicast packets from Router A on Router B.

Basic IPv6 settings configuration examples

Example: Configuring basic IPv6 settings

Network configuration

As shown in Figure 72, configure IPv6 addresses for the routers and verify that they can reach each other. Configure a route to the host on Router B. Enable IPv6 for the host to automatically obtain an IPv6 address through IPv6 ND. The host has a route to Router B.

Figure 72 Network diagram

‌

Procedure

1. Configure Router A:

# Configure a global unicast address for interface Ten-GigabitEthernet 3/0/1.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 3001::1/64

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure a global unicast address for interface Ten-GigabitEthernet 3/0/2 and enable it to advertise RA messages (an interface does not advertises RA messages by default).

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 address 2001::1/64

[RouterA-Ten-GigabitEthernet3/0/2] undo ipv6 nd ra halt

[RouterA-Ten-GigabitEthernet3/0/2] quit

2. Configure Router B:

# Configure a global unicast address for interface Ten-GigabitEthernet 3/0/1.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 address 3001::2/64

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Configure an IPv6 static route to the host.

[RouterB] ipv6 route-static 2001:: 64 3001::1

3. Configure the host:

Enable IPv6 on the host to automatically obtain an IPv6 address through IPv6 ND.

# Display neighbor information for Ten-GigabitEthernet 3/0/2 on Router A.

[RouterA] display ipv6 neighbors interface ten-gigabitethernet 3/0/2

Type: S-Static D-Dynamic O-Openflow R-Rule IS-Invalid static

IPv6 address MAC address VLAN/VSI Interface State T Aging

FE80::215:E9FF:FEA6:7D14 0015-e9a6-7d14 -- XGE3/0/2 STALE D 1238

2001::15B:E0EA:3524:E791 0015-e9a6-7d14 -- XGE3/0/2 STALE D 1248

The output shows that the IPv6 global unicast address that the host obtained is 2001::15B:E0EA:3524:E791.

Verifying the configuration

# Display IPv6 interface information on Router A.

[RouterA] display ipv6 interface ten-gigabitethernet 3/0/1

Ten-GigabitEthernet3/0/1 current state: UP

Line protocol current state: UP

IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:2

Global unicast address(es):

3001::1, subnet is 3001::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF00:2

MTU is 1500 bytes

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 1200000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 25829

InTooShorts: 0

InTruncatedPkts: 0

InHopLimitExceeds: 0

InBadHeaders: 0

InBadOptions: 0

ReasmReqds: 0

ReasmOKs: 0

InFragDrops: 0

InFragTimeouts: 0

OutFragFails: 0

InUnknownProtos: 0

InDelivers: 47

OutRequests: 89

OutForwDatagrams: 48

InNoRoutes: 0

InTooBigErrors: 0

OutFragOKs: 0

OutFragCreates: 0

InMcastPkts: 6

InMcastNotMembers: 25747

OutMcastPkts: 48

InAddrErrors: 0

InDiscards: 0

OutDiscards: 0

[RouterA] display ipv6 interface ten-gigabitethernet 3/0/2

Ten-GigabitEthernet3/0/2 current state: UP

Line protocol current state: UP

IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0

Global unicast address(es):

2001::1, subnet is 2001::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF00:1C0

MTU is 1500 bytes

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 1200000 milliseconds

ND retransmit interval is 1000 milliseconds

ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 600 seconds

ND router advertisements live for 1800 seconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 272

InTooShorts: 0

InTruncatedPkts: 0

InHopLimitExceeds: 0

InBadHeaders: 0

InBadOptions: 0

ReasmReqds: 0

ReasmOKs: 0

InFragDrops: 0

InFragTimeouts: 0

OutFragFails: 0

InUnknownProtos: 0

InDelivers: 159

OutRequests: 1012

OutForwDatagrams: 35

InNoRoutes: 0

InTooBigErrors: 0

OutFragOKs: 0

OutFragCreates: 0

InMcastPkts: 79

InMcastNotMembers: 65

OutMcastPkts: 938

InAddrErrors: 0

InDiscards: 0

OutDiscards: 0

# Display IPv6 interface information on Router B.

[RouterB] display ipv6 interface ten-gigabitethernet 3/0/1

Ten-GigabitEthernet3/0/1 current state: UP

Line protocol current state: UP

IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234

Global unicast address(es):

3001::2, subnet is 3001::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:2

FF02::1:FF00:1234

MTU is 1500 bytes

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 1200000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 117

InTooShorts: 0

InTruncatedPkts: 0

InHopLimitExceeds: 0

InBadHeaders: 0

InBadOptions: 0

ReasmReqds: 0

ReasmOKs: 0

InFragDrops: 0

InFragTimeouts: 0

OutFragFails: 0

InUnknownProtos: 0

InDelivers: 117

OutRequests: 83

OutForwDatagrams: 0

InNoRoutes: 0

InTooBigErrors: 0

OutFragOKs: 0

OutFragCreates: 0

InMcastPkts: 28

InMcastNotMembers: 0

OutMcastPkts: 7

InAddrErrors: 0

InDiscards: 0

OutDiscards: 0

# Ping Router A and Router B from the host, and ping Router A and the host from Router B to verify that they can reach each other.

NOTE:

To ping a link-local address, use the –i parameter to specify an interface for the link-local address.

‌

[RouterB] ping ipv6 -c 1 3001::1

Ping6(56 data bytes) 3001::2 --> 3001::1, press CTRL+C to break

56 bytes from 3001::1, icmp_seq=0 hlim=64 time=4.404 ms

--- Ping6 statistics for 3001::1 ---

1 packet(s) transmitted, 1 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.404/4.404/4.404/0.000 ms

[RouterB] ping ipv6 -c 1 2001::15B:E0EA:3524:E791

Ping6(56 data bytes) 3001::2 --> 2001::15B:E0EA:3524:E791, press CTRL+C to break

56 bytes from 2001::15B:E0EA:3524:E791, icmp_seq=0 hlim=64 time=5.404 ms

--- Ping6 statistics for 2001::15B:E0EA:3524:E791 ---

1 packet(s) transmitted, 1 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 5.404/5.404/5.404/0.000 ms

The output shows that Router B can ping Router A and the host. The host can also ping Router B and Router A (output not shown).

AFT configuration examples

Example: Allowing IPv4 Internet access from an IPv6 network

Network configuration

As shown in Figure 73, a company upgrades the network to IPv6 and has IPv4 addresses 10.1.1.1 to 10.1.1.3. Configure AFT policies to allow IPv6 hosts on subnet 2013::/96 to access the IPv4 Internet by using IPv4 addresses 10.1.1.1 to 10.1.1.3.

Figure 73 Network diagram

‌

Requirements analysis

To meet the network configuration requirements, you must perform the following tasks:

· Configure a NAT64 prefix to translate IPv4 addresses of IPv4 servers to IPv6 addresses.

· Configure an IPv6-to-IPv4 source address dynamic translation policy to translate source IPv6 addresses of IPv6-initiated packets to IPv4 addresses in the range of 10.1.1.1 to 10.1.1.3.

Procedure

# Specify IP addresses for the interfaces on the router. (Details not shown.)

# Configure QoS to steer traffic that requires AFT processing to the AFT-capable service card. (Details not shown.)

# Create AFT address group 0, and add addresses 10.1.1.1 to 10.1.1.3 to the group.

<Router> system-view

[Router] aft address-group 0

[Router-aft-address-group-0] address 10.1.1.1 10.1.1.3

[Router-aft-address-group-0] quit

# Configure IPv6 ACL 2000 to permit IPv6 packets only from subnet 2013::/96 to pass through.

[Router] acl ipv6 basic 2000

[Router-acl-ipv6-basic-2000] rule permit source 2013:: 96

[Router-acl-ipv6-basic-2000] rule deny

[Router-acl-ipv6-basic-2000] quit

# Configure the router to translate source IPv6 addresses of packets permitted by IPv6 ACL 2000 to IPv4 addresses in address group 0.

[Router] aft v6tov4 source acl ipv6 number 2000 address-group 0

# Configure the router to use NAT64 prefix 2012::/96 to translate destination IPv6 addresses of IPv6 packets.

[Router] aft prefix-nat64 2012:: 96

# Enable AFT on Ten-GigabitEthernet 3/0/1, which is connected to the IPv6 network.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] aft enable

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable AFT on Ten-GigabitEthernet 3/0/2, which is connected to the IPv4 Internet.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] aft enable

[Router-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify the connectivity between IPv6 hosts and IPv4 servers. This example pings IPv4 server A from IPv6 host A.

D:\>ping 2012::20.1.1.1

Pinging 2012::20.1.1.1 with 32 bytes of data:

Reply from 2012::20.1.1.1: time=3ms

# Display detailed information about IPv6 AFT sessions on the router.

[Router] display aft session ipv6 verbose

Initiator:

Source IP/port: 2013::100/0

Destination IP/port: 2012::1401:0101/32768

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 2012::1401:0101/0

Destination IP/port: 2013::100/33024

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/2

State: ICMPV6_REPLY

Application: OTHER

Start time: 2014-03-13 08:52:59 TTL: 23s

Initiator->Responder: 4 packets 320 bytes

Responder->Initiator: 4 packets 320 bytes

Total sessions found: 1

# Display detailed information about IPv4 AFT sessions on the router.

[Router] display aft session ipv4 verbose

Initiator:

Source IP/port: 10.1.1.1/1025

Destination IP/port: 20.1.1.1/2048

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 20.1.1.1/1025

Destination IP/port: 10.1.1.1/0

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/2

State: ICMP_REPLY

Application: OTHER

Start time: 2014-03-13 08:52:59 TTL: 27s

Initiator->Responder: 4 packets 240 bytes

Responder->Initiator: 4 packets 240 bytes

Total sessions found: 1

Example: Providing FTP service from an IPv6 network to the IPv4 Internet

Network configuration

As shown in Figure 74, a company upgrades the network to IPv6, and it has an IPv4 address 10.1.1.1.

To allow the IPv6 FTP server to provide FTP services to IPv4 hosts, configure the following AFT policies on the router:

· Map the IPv6 FTP server's IPv6 address and TCP port number to the company's IPv4 address and TCP port number.

· Configure a NAT64 prefix to translate source IPv4 addresses of IPv4 packets to source IPv6 addresses.

Figure 74 Network diagram

‌

Procedure

# Specify IP addresses for the interfaces on the router. (Details not shown.)

# Map IPv4 address 10.1.1.1 with TCP port 21 to IPv6 address 2013::102 with TCP port 21 for the IPv6 internal FTP server.

<Router> system-view

[Router] aft v6server protocol tcp 10.1.1.1 21 2013::102 21

# Configure the router to use NAT64 prefix 2012:: 96 to translate source addresses of IPv4 packets.

[Router] aft prefix-nat64 2012:: 96

# Enable AFT on Ten-GigabitEthernet 3/0/1, which is connected to the IPv4 Internet.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] aft enable

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable AFT on Ten-GigabitEthernet 3/0/2, which is connected to the IPv6 FTP server.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] aft enable

[Router-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify that IPv4 hosts can use FTP to access the IPv6 FTP server. (Details not shown.)

# Display detailed information about IPv6 AFT sessions on the router.

[Router] display aft session ipv4 verbose

Initiator:

Source IP/port: 20.1.1.1/11025

Destination IP/port: 10.1.1.1/21

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 10.1.1.1/21

Destination IP/port: 20.1.1.1/11025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/2

State: TCP_ESTABLISHED

Application: FTP

Start time: 2014-03-13 09:07:30 TTL: 3577s

Initiator->Responder: 3 packets 124 bytes

Responder->Initiator: 2 packets 108 bytes

Total sessions found: 1

# Display detailed information about IPv4 AFT sessions on the router.

[Router] display aft session ipv6 verbose

Initiator:

Source IP/port: 2012::1401:0101/1029

Destination IP/port: 2013::102/21

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 2013::102/21

Destination IP/port: 2012::1401:0101/1029

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/2

State: TCP_ESTABLISHED

Application: FTP

Start time: 2014-03-13 09:07:30 TTL: 3582s

Initiator->Responder: 3 packets 184 bytes

Responder->Initiator: 2 packets 148 bytes

Total sessions found: 1

Example: Allowing mutual access between IPv4 and IPv6 networks

Network configuration

As shown in Figure 75, a company deploys both an IPv4 network and an IPv6 network.

To allow mutual access between the IPv4 network and the IPv6 network, configure the following AFT policies on the router:

· Assign an IVI prefix and an IPv4 subnet to the IPv6 network. Each IPv6 host uses the IPv6 addresses formed by the IVI prefix and an IPv4 address on the IPv4 subnet.

· Configure a NAT64 prefix to translate source IPv4 addresses of packets initiated by the IPv4 network to IPv6 addresses.

Figure 75 Network diagram

‌

Procedure

# Specify IP addresses for the interfaces on the router. The IPv6 addresses for IPv6 hosts are calculated by the IVI prefix 2013::/32 and IPv4 addresses in the range of 20.1.1.0/24. (Details not shown.)

# Configure IPv4 ACL 2000 to permits all IPv4 packets to pass through.

<Router> system-view

[Router] acl basic 2000

[Router-acl-ipv4-basic-2000] rule permit

[Router-acl-ipv4-basic-2000] quit

# Configure the router to use NAT64 prefix 2012:: 96 to translate source addresses of IPv4 packets. The router also uses the prefix to translate destination addresses of IPv6 packets.

[Router] aft prefix-nat64 2012:: 96

# Configure the router to use IVI prefix 2013:: to translate source addresses of IPv6 packets.

[Router] aft prefix-ivi 2013::

# Configure the router to use IVI prefix 2013:: to translate destination addresses of packets permitted by IPv4 ACL 2000.

[Router] aft v4tov6 destination acl number 2000 prefix-ivi 2013::

# Enable AFT on Ten-GigabitEthernet3/0/1, which is connected to the IPv4 network.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] aft enable

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable AFT on Ten-GigabitEthernet3/0/2, which is connected to the IPv6 network.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] aft enable

[Router-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify the connectivity between IPv6 hosts and IPv4 hosts. This example pings IPv4 host A from IPv6 host A.

D:\>ping 2012::a01:0101

Pinging 2012::a01:0101 with 32 bytes of data:

Reply from 2012::a01:0101: time=3ms

# Display information about IPv6 AFT sessions on the router.

[Router] display aft session ipv6 verbose

Initiator:

Source IP/port: 2013:0:FF14:0101:0100::/0

Destination IP/port: 2012::0a01:0101/32768

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/2

Responder:

Source IP/port: 2012::0a01:0101/0

Destination IP/port: 2013:0:FF14:0101:0100::/33024

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/1

State: ICMPV6_REPLY

Application: OTHER

Start time: 2014-03-13 08:52:59 TTL: 23s

Initiator->Responder: 4 packets 320 bytes

Responder->Initiator: 4 packets 320 bytes

Total sessions found: 1

# Display information about IPv4 AFT sessions on the router.

[Router] display aft session ipv4 verbose

Initiator:

Source IP/port: 20.1.1.1/1025

Destination IP/port: 10.1.1.1/2048

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/2

Responder:

Source IP/port: 10.1.1.1/1025

Destination IP/port: 20.1.1.1/0

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/1

State: ICMP_REPLY

Application: OTHER

Start time: 2014-03-13 08:52:59 TTL: 27s

Initiator->Responder: 4 packets 240 bytes

Responder->Initiator: 4 packets 240 bytes

Total sessions found: 1

Example: Allowing IPv6 Internet access from an IPv4 network

Network configuration

As shown in Figure 76, a company deploys an IPv4 network, and the Internet migrates to IPv6.

To allow IPv4 hosts to access the IPv6 server in the IPv6 Internet, configure the following AFT policies on the router:

· Configure an IPv4-to-IPv6 source address translation policy.

· Configure an IPv6-to-IPv4 source address static mapping for the IPv6 server.

Figure 76 Network diagram

‌

Procedure

# Specify IP addresses for the interfaces on the router. (Details not shown.)

# Configure IPv4 ACL 2000 to permit IPv4 packets only from subnet 10.1.1.0/24 to pass through.

<Router> system-view

[Router] acl basic 2000

[Router-acl-ipv4-basic-2000] rule permit source 10.1.1.0 0.0.0.255

[Router-acl-ipv4-basic-2000] rule deny

[Router-acl-ipv4-basic-2000] quit

# Configure NAT64 prefix 2012:: 96.

[Router] aft prefix-nat64 2012:: 96

# Configure the router to use NAT64 prefix 2012:: 96 to translate source addresses of packets permitted by IPv4 ACL 2000.

[Router] aft v4tov6 source acl number 2000 prefix-nat64 2012:: 96

# Map source IPv6 address 2013:0:ff14:0101:100:: to source IPv4 address 20.1.1.1.

[Router] aft v6tov4 source 2013:0:ff14:0101:100::1 20.1.1.1

# Enable AFT on Ten-GigabitEthernet 3/0/1, which is connected to the IPv4 network.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] aft enable

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable AFT on Ten-GigabitEthernet 3/0/2, which is connected to the IPv6 Internet.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] aft enable

[Router-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify the connectivity between the IPv4 hosts and the IPv6 server. This example uses the ping utility on an IPv4 host.

D:\>ping 20.1.1.1

Pinging 20.1.1.1 with 32 bytes of data:

Reply from 20.1.1.1: bytes=32 time=14ms TTL=63

Reply from 20.1.1.1: bytes=32 time=1ms TTL=63

# Display detailed information about IPv6 AFT sessions on the router.

[Router] display aft session ipv4 verbose

Initiator:

Source IP/port: 10.1.1.1/1025

Destination IP/port: 20.1.1.1/2048

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 20.1.1.1/1025

Destination IP/port: 10.1.1.1/0

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/2

State: ICMP_REPLY

Application: OTHER

Start time: 2014-03-13 08:52:59 TTL: 27s

Initiator->Responder: 4 packets 240 bytes

Responder->Initiator: 4 packets 240 bytes

Total sessions found: 1

# Display detailed information about IPv4 AFT sessions on the router.

[Router] display aft session ipv6 verbose

Initiator:

Source IP/port: 2012::0A01:0101/0

Destination IP/port: 2013:0:FF14:0101:0100::/32768

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 2013:0:FF14:0101:0100::/0

Destination IP/port: 2012::0A01:0101/33024

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/2

State: ICMPV6_REPLY

Application: OTHER

Start time: 2014-03-13 08:52:59 TTL: 23s

Initiator->Responder: 4 packets 320 bytes

Responder->Initiator: 4 packets 320 bytes

Total sessions found: 1

Example: Providing FTP service from an IPv4 network to the IPv6 Internet

Network configuration

As shown in Figure 77, a company deploys an IPv4 network, and it has an IPv6 address 2012::1. The Internet migrates to IPv6.

To allow the IPv4 FTP server to provide FTP services to IPv6 hosts, configure the following AFT policies on the router:

· Configure an IPv4-to-IPv6 source address static mapping for the IPv4 FTP server. The router uses the mapping to translate the destination IPv6 address of IPv6-initiated addresses to the IPv4 address.

· Configure an IPv6-to-IPv4 source address dynamic translation policy. The router translates source IPv6 addresses of IPv6-initiated packets to source IPv4 addresses 30.1.1.1 and 30.1.1.2.

Figure 77 Network diagram

‌

Procedure

# Specify IP addresses for the interfaces on the router. (Details not shown.)

# Map source IPv4 address 20.1.1.1 to source IPv6 address 2012::1.

<Router> system-view

[Router] aft v4tov6 source 20.1.1.1 2012::1

# Configure address group 0, and add addresses 30.1.1.1 to 30.1.1.2 to the group.

[Router] aft address-group 0

[Router-aft-address-group-0] address 30.1.1.1 30.1.1.2

[Router-aft-address-group-0] quit

# Configure IPv6 ACL 2000 to permit all IPv6 packets to pass through.

[Router] acl ipv6 basic 2000

[Router-acl-ipv6-basic-2000] rule permit

[Router-acl-ipv6-basic-2000] quit

# Configure the router to translate source addresses of IPv6 packets permitted by IPv6 ACL 2000 to IPv4 addresses in address group 0.

[Router] aft v6tov4 source acl ipv6 number 2000 address-group 0

# Enable AFT on Ten-GigabitEthernet 3/0/1, which is connected to the IPv6 Internet.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] aft enable

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable AFT on Ten-GigabitEthernet 3/0/2, which is connected to the IPv4 network.

[Router] interface ten-gigabitethernet 3/0/2

[Router-Ten-GigabitEthernet3/0/2] aft enable

[Router-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify the connectivity between the IPv6 hosts and the IPv4 FTP server. For example, ping the IPv4 FTP server from IPv6 host A.

D:\>ping 2012::1

Pinging 2012::1 with 32 bytes of data:

Reply from 2012::1: time=3ms

# Display detailed information about IPv6 AFT sessions on the router.

[Router] display aft session ipv6 verbose

Initiator:

Source IP/port: 2013:0:FF0A:0101:0100::/1029

Destination IP/port: 2012::1/21

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 2012::1/21

Destination IP/port: 2013:0:FF0A:0101:0100::/1029

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/2

State: TCP_ESTABLISHED

Application: FTP

Start time: 2014-03-13 09:07:30 TTL: 3582s

Initiator->Responder: 3 packets 184 bytes

Responder->Initiator: 2 packets 148 bytes

Total sessions found: 1

# Display detailed information about IPv4 AFT sessions on the router.

[Router] display aft session ipv4 verbose

Initiator:

Source IP/port: 30.1.1.1/11025

Destination IP/port: 20.1.1.1/21

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 20.1.1.1/21

Destination IP/port: 30.1.1.1/11025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/Inline ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/2

State: TCP_ESTABLISHED

Application: FTP

Start time: 2014-03-13 09:07:30 TTL: 3577s

Initiator->Responder: 3 packets 124 bytes

Responder->Initiator: 2 packets 108 bytes

Total sessions found: 1

IPv4 over IPv4 tunnel configuration examples

Example: Configuring an IPv4 over IPv4 tunnel

Network configuration

As shown in Figure 78, the two subnets IPv4 group 1 and IPv4 group 2 use private IPv4 addresses. Configure an IPv4 over IPv4 tunnel between Router A and Router B to make the two subnets reachable to each other.

Figure 78 Network diagram

‌

Prerequisites

Make sure Router A and Router B can reach each other through IPv4.

Procedure

1. Configure Router A:

# Specify an IPv4 address for Ten-GigabitEthernet 3/0/1.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 255.255.255.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Specify an IPv4 address for Serial 3/0/1, which is the physical interface of the tunnel.

[RouterA] interface serial 3/0/1

[RouterA-Serial3/0/1] ip address 2.1.1.1 255.255.255.0

[RouterA-Serial3/0/1] quit

# Create IPv4 over IPv4 tunnel interface Tunnel 1.

[RouterA] interface tunnel 1 mode ipv4-ipv4

# Specify an IPv4 address for the tunnel interface.

[RouterA-Tunnel1] ip address 10.1.2.1 255.255.255.0

# Specify the IP address of Serial 3/0/1 as the source address for the tunnel interface.

[RouterA-Tunnel1] source 2.1.1.1

# Specify the IP address of Serial 3/0/2 on Router B as the destination address for the tunnel interface.

[RouterA-Tunnel1] destination 3.1.1.1

[RouterA-Tunnel1] quit

# Configure a static route destined for IPv4 group 2 through the tunnel interface.

[RouterA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1

2. Configure Router B:

# Specify an IPv4 address for Ten-GigabitEthernet 3/0/1.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 10.1.3.1 255.255.255.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Specify an IPv4 address for Serial 3/0/2, which is the physical interface of the tunnel.

[RouterB] interface serial 3/0/2

[RouterB-Serial3/0/2] ip address 3.1.1.1 255.255.255.0

[RouterB-Serial3/0/2] quit

# Create IPv4 over IPv4 tunnel interface Tunnel 2.

[RouterB] interface tunnel 2 mode ipv4-ipv4

# Specify an IPv4 address for the tunnel interface.

[RouterB-Tunnel2] ip address 10.1.2.2 255.255.255.0

# Specify the IP address of Serial 3/0/2 as the source address for the tunnel interface.

[RouterB-Tunnel2] source 3.1.1.1

# Specify the IP address of Serial 3/0/1 on Router A as a destination address for the tunnel interface.

[RouterB-Tunnel2] destination 2.1.1.1

[RouterB-Tunnel2] quit

# Configure a static route destined for IPv4 group 1 through the tunnel interface.

[RouterB] ip route-static 10.1.1.0 255.255.255.0 tunnel 2

Verifying the configuration

# Use the display interface tunnel command to display the status of the tunnel interfaces on Router A and Router B. Verify that the tunnel interfaces are up. (Details not shown.)

# Verify that Router A and Router B can ping the IPv4 address of the peer interface Ten-GigabitEthernet 3/0/1. This example uses Router A.

[RouterA] ping -a 10.1.1.1 10.1.3.1

Ping 10.1.3.1 (10.1.3.1) from 10.1.1.1: 56 data bytes, press CTRL_C to break

56 bytes from 10.1.3.1: icmp_seq=0 ttl=255 time=2.000 ms

56 bytes from 10.1.3.1: icmp_seq=1 ttl=255 time=1.000 ms

56 bytes from 10.1.3.1: icmp_seq=2 ttl=255 time=0.000 ms

56 bytes from 10.1.3.1: icmp_seq=3 ttl=255 time=1.000 ms

56 bytes from 10.1.3.1: icmp_seq=4 ttl=255 time=1.000 ms

--- Ping statistics for 10.1.3.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/1.000/2.000/0.632 ms

GRE configuration examples

Example: Configuring an IPv4 over IPv4 GRE tunnel

Network configuration

As shown in Figure 79, Group 1 and Group 2 are two private IPv4 networks. The two networks both use private network addresses and belong to the same VPN. Establish a GRE tunnel between Router A and Router B to interconnect the two private IPv4 networks Group 1 and Group 2.

Figure 79 Network diagram

‌

Prerequisites

Configure the IP address of each interface, and make sure Router A and Router B can reach each other.

Procedure

1. Configure Router A:

# Create a tunnel interface Tunnel 0, and specify the tunnel mode as GRE/IPv4.

<RouterA> system-view

[RouterA] interface tunnel 0 mode gre

# Configure an IP address for the tunnel interface.

[RouterA-Tunnel0] ip address 10.1.2.1 255.255.255.0

# Configure the source address of the tunnel interface as the IP address of Ten-GigabitEthernet 3/0/2 on Router A.

[RouterA-Tunnel0] source 1.1.1.1

# Configure the destination address of the tunnel interface as the IP address of Ten-GigabitEthernet 3/0/2 on Router B.

[RouterA-Tunnel0] destination 2.2.2.2

[RouterA-Tunnel0] quit

# Configure a static route from Router A through the tunnel interface to Group 2.

[RouterA] ip route-static 10.1.3.0 255.255.255.0 tunnel 0

2. Configure Router B:

# Create tunnel interface Tunnel 0 and specify the tunnel mode as GRE/IPv4.

<RouterB> system-view

[RouterB] interface tunnel 0 mode gre

# Configure an IP address for the tunnel interface.

[RouterB-Tunnel0] ip address 10.1.2.2 255.255.255.0

# Configure the source address of the tunnel interface as the IP address of interface Ten-GigabitEthernet 3/0/2 on Router B.

[RouterB-Tunnel0] source 2.2.2.2

# Configure the destination address of the tunnel interface as the IP address of the interface Ten-GigabitEthernet 3/0/2 on Router A.

[RouterB-Tunnel0] destination 1.1.1.1

[RouterB-Tunnel0] quit

# Configure a static route from Router B through the tunnel interface to Group 1.

[RouterB] ip route-static 10.1.1.0 255.255.255.0 tunnel 0

Verifying the configuration

# Display tunnel interface information on Router A.

[RouterA] display interface tunnel 0

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1476

Internet address: 10.1.2.1/24 (primary)

Tunnel source 1.1.1.1, destination 2.2.2.2

Tunnel keepalive disabled

Tunnel TTL 255

Tunnel protocol/transport GRE/IP

GRE key disabled

Checksumming of GRE packets disabled

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display tunnel interface information on Router B.

[RouterB] display interface tunnel 0

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1476

Internet address: 10.1.2.2/24 (primary)

Tunnel source 2.2.2.2, destination 1.1.1.1

Tunnel keepalive disabled

Tunnel TTL 255

Tunnel protocol/transport GRE/IP

GRE key disabled

Checksumming of GRE packets disabled

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# From Router B, ping the IP address of Ten-GigabitEthernet 3/0/1 on Router A.

[RouterB] ping -a 10.1.3.1 10.1.1.1

Ping 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=11.000 ms

56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms

56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms

--- Ping statistics for 10.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/2.400/11.000/4.317 ms

The output shows that Router B can successfully ping Router A.

Example: Configuring an IPv4 over IPv6 GRE tunnel

Network configuration

As shown in Figure 80, two IPv4 subnets Group 1 and Group 2 are connected to an IPv6 network. Create a GRE/IPv6 tunnel between Router A and Router B, so the two IPv4 subnets can communicate with each other through the GRE tunnel over the IPv6 network.

Figure 80 Network diagram

‌

Prerequisites

Configure the IP address of each interface, and make sure Router A and Router B can reach each other.

Procedure

1. Configure Router A:

# Create a tunnel interface Tunnel 0, and specify the tunnel mode as GRE/IPv6.

<RouterA> system-view

[RouterA] interface tunnel 0 mode gre ipv6

# Configure an IP address for the tunnel interface.

[RouterA-Tunnel0] ip address 10.1.2.1 255.255.255.0

# Configure the source address of the tunnel interface as the IP address of interface Ten-GigabitEthernet 3/0/2 on Router A.

[RouterA-Tunnel0] source 2002::1:1

# Configure the destination address of the tunnel interface as the IP address of interface Ten-GigabitEthernet 3/0/2 on Router B.

[RouterA-Tunnel0] destination 2001::2:1

[RouterA-Tunnel0] quit

# Configure a static route from Router A through the tunnel interface to Group 2.

[RouterA] ip route-static 10.1.3.0 255.255.255.0 tunnel 0

2. Configure Router B:

# Create a tunnel interface Tunnel 0, and specify the tunnel mode as GRE/IPv6.

<RouterB> system-view

[RouterB] interface tunnel 0 mode gre ipv6

# Configure an IP address for the tunnel interface.

[RouterB-Tunnel0] ip address 10.1.2.2 255.255.255.0

# Configure the source address of the tunnel interface as the IP address of interface Ten-GigabitEthernet 3/0/2 on Router B.

[RouterB-Tunnel0] source 2001::2:1

# Configure the destination address of the tunnel interface as the IP address of interface Ten-GigabitEthernet 3/0/2 on Router A.

[RouterB-Tunnel0] destination 2002::1:1

[RouterB-Tunnel0] quit

# Configure a static route from Router B through the tunnel interface to Group 1.

[RouterB] ip route-static 10.1.1.0 255.255.255.0 tunnel 0

Verifying the configuration

# Display tunnel interface information on Router A.

[RouterA] display interface tunnel 0

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1456

Internet address: 10.1.2.1/24 (primary)

Tunnel source 2002::1:1, destination 2001::2:1

Tunnel TTL 255

Tunnel protocol/transport GRE/IPv6

GRE key disabled

Checksumming of GRE packets disabled

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display tunnel interface information on Router B.

[RouterB] display interface tunnel 0

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1456

Internet address: 10.1.2.2/24 (primary)

Tunnel source 2001::2:1, destination 2002::1:1

Tunnel TTL 255

Tunnel protocol/transport GRE/IPv6

GRE key disabled

Checksumming of GRE packets disabled

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# From Router B, ping the IP address of interface Ten-GigabitEthernet 3/0/1 on Router A.

[RouterB] ping -a 10.1.3.1 10.1.1.1

Ping 10.1.1.1 (10.1.1.1) from 10.1.3.1: 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=2.000 ms

56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=1.000 ms

56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=1.000 ms

56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=1.000 ms

--- Ping statistics for 10.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/1.000/2.000/0.632 ms

The output shows that Router B can successfully ping Router A.

Static route configuration examples

Example: Configuring basic static routes

Network configuration

As shown in Figure 81, configure static routes on the routers for interconnections between any two hosts.

Figure 81 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure static routes:

# Configure a default route on Router A.

<RouterA> system-view

[RouterA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2

# Configure two static routes on Router B.

<RouterB> system-view

[RouterB] ip route-static 1.1.2.0 255.255.255.0 1.1.4.1

[RouterB] ip route-static 1.1.3.0 255.255.255.0 1.1.5.6

# Configure a default route on Router C.

<RouterC> system-view

[RouterC] ip route-static 0.0.0.0 0.0.0.0 1.1.5.5

3. Configure the default gateways of Host A, Host B, and Host C as 1.1.2.3, 1.1.6.1, and 1.1.3.1. (Details not shown.)

Verifying the configuration

# Display the static route information on Router A.

[RouterA] display ip routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/0 Static 60 0 1.1.4.2 XGE3/0/2

Static Routing table Status : <Inactive>

Summary Count : 0

# Display the static route information on Router B.

[RouterB] display ip routing-table protocol static

Summary Count : 2

Static Routing table Status : <Active>

Summary Count : 2

Destination/Mask Proto Pre Cost NextHop Interface

1.1.2.0/24 Static 60 0 1.1.4.1 XGE3/0/1

1.1.3.0/24 Static 60 0 1.1.5.6 XGE3/0/2

Static Routing table Status : <Inactive>

Summary Count : 0

# Use the ping command on Host B to test the reachability of Host A (Windows XP runs on the two hosts).

C:\Documents and Settings\Administrator>ping 1.1.2.2

Pinging 1.1.2.2 with 32 bytes of data:

Reply from 1.1.2.2: bytes=32 time=1ms TTL=126

Ping statistics for 1.1.2.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1ms, Average = 1ms

# Use the tracert command on Host B to test the reachability of Host A.

C:\Documents and Settings\Administrator>tracert 1.1.2.2

Tracing route to 1.1.2.2 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 1.1.6.1

2 <1 ms <1 ms <1 ms 1.1.4.1

3 1 ms <1 ms <1 ms 1.1.2.2

Trace complete.

Example: Configuring BFD for static routes (direct next hop)

Network configuration

Configure the following, as shown in Figure 82:

· Configure a static route to subnet 120.1.1.0/24 on Router A.

· Configure a static route to subnet 121.1.1.0/24 on Router B.

· Enable BFD for both routes.

· Configure a static route to subnet 120.1.1.0/24 and a static route to subnet 121.1.1.0/24 on Router C.

When the link between Router A and Router B through the Layer 2 switch fails, BFD can detect the failure immediately. Router A then communicates with Router B through Router C.

Figure 82 Network diagram

‌

Table 1 Interface and IP address assignment

Device	Interface	IP address
Router A	Ten-GigabitEthernet 3/0/1	12.1.1.1/24
Router A	Ten-GigabitEthernet 3/0/2	10.1.1.102/24
Router B	Ten-GigabitEthernet 3/0/1	12.1.1.2/24
Router B	Ten-GigabitEthernet 3/0/2	13.1.1.1/24
Router C	Ten-GigabitEthernet 3/0/1	10.1.1.100/24
Router C	Ten-GigabitEthernet 3/0/2	13.1.1.2/24

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure static routes and BFD:

# Configure static routes on Route A and enable BFD control packet mode for the static route that traverses the Layer 2 switch.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 9

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] ip route-static 120.1.1.0 24 ten-gigabitethernet 3/0/1 12.1.1.2 bfd control-packet

[RouterA] ip route-static 120.1.1.0 24 ten-gigabitethernet 3/0/2 10.1.1.100 preference 65

[RouterA] quit

# Configure static routes on Router B and enable BFD control packet mode for the static route that traverses the Layer 2 switch.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 9

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] ip route-static 121.1.1.0 24 ten-gigabitethernet 3/0/1 12.1.1.1 bfd control-packet

[RouterB] ip route-static 121.1.1.0 24 ten-gigabitethernet 3/0/2 13.1.1.2 preference 65

[RouterB] quit

# Configure static routes on Router C.

<RouterC> system-view

[RouterC] ip route-static 120.1.1.0 24 13.1.1.1

[RouterC] ip route-static 121.1.1.0 24 10.1.1.102

Verifying the configuration

# Display BFD sessions on Router A.

<RouterA> display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv4 session working in control packet mode:

LD/RD SourceAddr DestAddr State Holdtime Interface

4/7 12.1.1.1 12.1.1.2 Up 2000ms XGE3/0/1

The output shows that the BFD session has been created.

# Display static routes on Router A.

<RouterA> display ip routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination/Mask Proto Pre Cost NextHop Interface

120.1.1.0/24 Static 60 0 12.1.1.2 XGE3/0/1

Static Routing table Status : <Inactive>

Summary Count : 0

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/1. Then the link over Ten-GigabitEthernet 3/0/1 fails.

# Display static routes on Router A.

<RouterA> display ip routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination/Mask Proto Pre Cost NextHop Interface

120.1.1.0/24 Static 65 0 10.1.1.100 XGE3/0/2

Static Routing table Status : <Inactive>

Summary Count : 0

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/2.

Example: Configuring BFD for static routes (indirect next hop)

Network configuration

Figure 83 shows the network topology as follows:

· Router A has a route to interface Loopback 1 (2.2.2.9/32) on Router B, with the output interface Ten-GigabitEthernet 3/0/1.

· Router B has a route to interface Loopback 1 (1.1.1.9/32) on Router A, with the output interface Ten-GigabitEthernet 3/0/1.

· Router D has a route to 1.1.1.9/32, with the output interface Ten-GigabitEthernet 3/0/1, and a route to 2.2.2.9/32, with the output interface Ten-GigabitEthernet 3/0/2.

Configure the following:

· Configure a static route to subnet 120.1.1.0/24 on Router A.

· Configure a static route to subnet 121.1.1.0/24 on Router B.

· Enable BFD for both routes.

· Configure a static route to subnet 120.1.1.0/24 and a static route to subnet 121.1.1.0/24 on both Router C and Router D.

When the link between Router A and Router B through Router D fails, BFD can detect the failure immediately. Router A then communicates with Router B through Router C.

Figure 83 Network diagram

‌

Table 2 Interface and IP address assignment

Device	Interface	IP address
Router A	Ten-GigabitEthernet 3/0/1	12.1.1.1/24
Router A	Ten-GigabitEthernet 3/0/2	10.1.1.102/24
Router A	Loopback 1	1.1.1.9/32
Router B	Ten-GigabitEthernet 3/0/1	11.1.1.2/24
Router B	Ten-GigabitEthernet 3/0/2	13.1.1.1/24
Router B	Loopback 1	2.2.2.9/32
Router C	Ten-GigabitEthernet 3/0/1	10.1.1.100/24
Router C	Ten-GigabitEthernet 3/0/2	13.1.1.2/24
Router D	Ten-GigabitEthernet 3/0/1	12.1.1.2/24
Router D	Ten-GigabitEthernet 3/0/2	11.1.1.2/24

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure static routes and BFD:

# Configure static routes on Router A and enable BFD control packet mode for the static route that traverses Router D.

<RouterA> system-view

[RouterA] bfd multi-hop min-transmit-interval 500

[RouterA] bfd multi-hop min-receive-interval 500

[RouterA] bfd multi-hop detect-multiplier 9

[RouterA] ip route-static 120.1.1.0 24 2.2.2.9 bfd control-packet bfd-source 1.1.1.9

[RouterA] ip route-static 120.1.1.0 24 ten-gigabitethernet 3/0/2 10.1.1.100 preference 65

[RouterA] quit

# Configure static routes on Router B and enable BFD control packet mode for the static route that traverses Router D.

<RouterB> system-view

[RouterB] bfd multi-hop min-transmit-interval 500

[RouterB] bfd multi-hop min-receive-interval 500

[RouterB] bfd multi-hop detect-multiplier 9

[RouterB] ip route-static 121.1.1.0 24 1.1.1.9 bfd control-packet bfd-source 2.2.2.9

[RouterB] ip route-static 121.1.1.0 24 ten-gigabitethernet 3/0/2 13.1.1.2 preference 65

[RouterB] quit

# Configure static routes on Router C.

<RouterC> system-view

[RouterC] ip route-static 120.1.1.0 24 13.1.1.1

[RouterC] ip route-static 121.1.1.0 24 10.1.1.102

# Configure static routes on Router D.

<RouterD> system-view

[RouterD] ip route-static 120.1.1.0 24 11.1.1.2

[RouterD] ip route-static 121.1.1.0 24 12.1.1.1

Verifying the configuration

# Display the BFD session information on Router A.

<RouterA> display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv4 session working in control packet mode:

LD/RD SourceAddr DestAddr State Holdtime Interface

4/7 1.1.1.9 2.2.2.9 Up 2000ms N/A

The output shows that the BFD session has been created.

# Display static routes on Router A.

<RouterA> display ip routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination/Mask Proto Pre Cost NextHop Interface

120.1.1.0/24 Static 60 0 12.1.1.2 XGE3/0/1

Static Routing table Status : <Inactive>

Summary Count : 0

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/1. Then the link over Ten-GigabitEthernet 3/0/1 fails.

# Display static routes on Router A.

<RouterA> display ip routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination/Mask Proto Pre Cost NextHop Interface

120.1.1.0/24 Static 65 0 10.1.1.100 XGE3/0/2

Static Routing table Status : <Inactive>

Summary Count : 0

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/2.

Example: Configuring static route FRR

Network configuration

As shown in Figure 84, configure static routes on Router A, Router B, and Router C, and configure static route FRR. When Link A becomes unidirectional, traffic can be switched to Link B immediately.

Figure 84 Network diagram

‌

Table 3 Interface and IP address assignment

Device	Interface	IP address
Router A	Ten-GigabitEthernet 3/0/1	12.12.12.1/24
Router A	Ten-GigabitEthernet 3/0/2	13.13.13.1/24
Router A	Loopback 0	1.1.1.1/32
Router B	Ten-GigabitEthernet 3/0/1	24.24.24.4/24
Router B	Ten-GigabitEthernet 3/0/2	13.13.13.2/24
Router B	Loopback 0	4.4.4.4/32
Router C	Ten-GigabitEthernet 3/0/1	12.12.12.2/24
Router C	Ten-GigabitEthernet 3/0/2	24.24.24.2/24

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure static route FRR on link A by using one of the following methods:

¡ (Method 1.) Specify a backup next hop for static route FRR:

# Configure a static route on Router A, and specify Ten-GigabitEthernet 3/0/1 as the backup output interface and 12.12.12.2 as the backup next hop.

<RouterA> system-view

[RouterA] ip route-static 4.4.4.4 32 ten-gigabitethernet 3/0/2 13.13.13.2 backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 12.12.12.2

# Configure a static route on Router B, and specify Ten-GigabitEthernet 3/0/1 as the backup output interface and 24.24.24.2 as the backup next hop.

<RouterB> system-view

[RouterB] ip route-static 1.1.1.1 32 ten-gigabitethernet 3/0/2 13.13.13.1 backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 24.24.24.2

¡ (Method 2.) Configure static route FRR to automatically select a backup next hop:

# Configure static routes on Router A, and enable static route FRR.

<RouterA> system-view

[RouterA] ip route-static 4.4.4.4 32 ten-gigabitethernet 3/0/2 13.13.13.2

[RouterA] ip route-static 4.4.4.4 32 ten-gigabitethernet 3/0/1 12.12.12.2 preference 70

[RouterA] ip route-static fast-reroute auto

# Configure static routes on Router B, and enable static route FRR.

<RouterB> system-view

[RouterB] ip route-static 1.1.1.1 32 ten-gigabitethernet 3/0/2 13.13.13.1

[RouterB] ip route-static 1.1.1.1 32 ten-gigabitethernet 3/0/1 24.24.24.2 preference 70

[RouterB] ip route-static fast-reroute auto

3. Configure static routes on Router C.

<RouterC> system-view

[RouterC] ip route-static 4.4.4.4 32 ten-gigabitethernet 3/0/2 24.24.24.4

[RouterC] ip route-static 1.1.1.1 32 ten-gigabitethernet 3/0/1 12.12.12.1

Verifying the configuration

# Display route 4.4.4.4/32 on Router A to view the backup next hop information.

[RouterA] display ip routing-table 4.4.4.4 verbose

Summary Count : 1

Destination: 4.4.4.4/32

Protocol: Static

Process ID: 0

SubProtID: 0x0 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 0 Preference: 60

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 13.13.13.2

Label: NULL RealNextHop: 13.13.13.2

BkLabel: NULL BkNextHop: 12.12.12.2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/1

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display route 1.1.1.1/32 on Router B to view the backup next hop information.

[RouterB] display ip routing-table 1.1.1.1 verbose

Summary Count : 1

Destination: 1.1.1.1/32

Protocol: Static

Process ID: 0

SubProtID: 0x0 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 0 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 13.13.13.1

Label: NULL RealNextHop: 13.13.13.1

BkLabel: NULL BkNextHop: 24.24.24.2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/1

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

RIP configuration examples

Example: Configuring basic RIP

Network configuration

As shown in Figure 85, enable RIPv2 on all interfaces on Router A and Router B. Configure Router B to not advertise route 10.2.1.0/24 to Router A, and to accept only route 2.1.1.0/24 from Router A.

Figure 85 Network diagram

‌

Procedure

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Enable RIP.

# Enable RIP on the specified networks on Router A.

<RouterA> system-view

[RouterA] rip

[RouterA-rip-1] network 1.0.0.0

[RouterA-rip-1] network 2.0.0.0

[RouterA-rip-1] network 3.0.0.0

[RouterA-rip-1] quit

# Enable RIP on the specified interfaces on Router B.

<RouterB> system-view

[RouterB] rip

[RouterB-rip-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] rip 1 enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] rip 1 enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] rip 1 enable

[RouterB-Ten-GigabitEthernet3/0/3] quit

# Display the RIP routing table on Router A.

[RouterA] display rip 1 route

Route Flags: R - RIP, T - TRIP

P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect

D - Direct, O - Optimal, F - Flush to RIB

----------------------------------------------------------------------------

Peer 1.1.1.2 on Ten-GigabitEthernet3/0/1

Destination/Mask Nexthop Cost Tag Flags Sec

10.0.0.0/8 1.1.1.2 1 0 RAOF 9

Local route

Destination/Mask Nexthop Cost Tag Flags Sec

1.1.1.0/24 0.0.0.0 0 0 RDOF -

2.1.1.0/24 0.0.0.0 0 0 RDOF -

3.1.1.0/24 0.0.0.0 0 0 RDOF -

The output shows that RIPv1 uses natural masks to advertise routing information.

3. Configure a RIP version:

# Configure RIPv2 on Router A.

[RouterA] rip

[RouterA-rip-1] version 2

[RouterA-rip-1] undo summary

[RouterA-rip-1] quit

# Configure RIPv2 on Router B.

[RouterB] rip

[RouterB-rip-1] version 2

[RouterB-rip-1] undo summary

[RouterB-rip-1] quit

# Display the RIP routing table on Router A.

[RouterA] display rip 1 route

Route Flags: R - RIP, T - TRIP

P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect

D - Direct, O - Optimal, F - Flush to RIB

----------------------------------------------------------------------------

Peer 1.1.1.2 on Ten-GigabitEthernet3/0/1

Destination/Mask Nexthop Cost Tag Flags Sec

10.0.0.0/8 1.1.1.2 1 0 RAOF 87

10.1.1.0/24 1.1.1.2 1 0 RAOF 19

10.2.1.0/24 1.1.1.2 1 0 RAOF 19

Local route

Destination/Mask Nexthop Cost Tag Flags Sec

1.1.1.0/24 0.0.0.0 0 0 RDOF -

2.1.1.0/24 0.0.0.0 0 0 RDOF -

3.1.1.0/24 0.0.0.0 0 0 RDOF -

The output shows that RIPv2 uses classless subnet masks.

NOTE:

After RIPv2 is configured, RIPv1 routes might still exist in the routing table until they are aged out.

# Display the RIP routing table on Router B.

[RouterB] display rip 1 route

Route Flags: R - RIP, T - TRIP

P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect

D - Direct, O - Optimal, F - Flush to RIB

----------------------------------------------------------------------------

Peer 1.1.1.1 on Ten-GigabitEthernet3/0/1

Destination/Mask Nexthop Cost Tag Flags Sec

2.1.1.0/24 1.1.1.1 1 0 RAOF 19

3.1.1.0/24 1.1.1.1 1 0 RAOF 19

Local route

Destination/Mask Nexthop Cost Tag Flags Sec

1.1.1.0/24 0.0.0.0 0 0 RDOF -

10.1.1.0/24 0.0.0.0 0 0 RDOF -

10.2.1.0/24 0.0.0.0 0 0 RDOF -

4. Configure RIP route filtering:

# Use IP prefix lists on Router B to filter received and redistributed routes.

[RouterB] ip prefix-list aaa index 10 permit 2.1.1.0 24

[RouterB] ip prefix-list bbb index 10 deny 10.2.1.0 24

[RouterB] ip prefix-list bbb index 11 permit 0.0.0.0 0 less-equal 32

[RouterB] rip 1

[RouterB-rip-1] filter-policy prefix-list aaa import

[RouterB-rip-1] filter-policy prefix-list bbb export

[RouterB-rip-1] quit

# Display the RIP routing table on Router A.

[RouterA] display rip 1 route

Route Flags: R - RIP, T - TRIP

P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect

D - Direct, O - Optimal, F - Flush to RIB

----------------------------------------------------------------------------

Peer 1.1.1.2 on Ten-GigabitEthernet3/0/1

Destination/Mask Nexthop Cost Tag Flags Sec

10.1.1.0/24 1.1.1.2 1 0 RAOF 19

Local route

Destination/Mask Nexthop Cost Tag Flags Sec

1.1.1.0/24 0.0.0.0 0 0 RDOF -

2.1.1.0/24 0.0.0.0 0 0 RDOF -

3.1.1.0/24 0.0.0.0 0 0 RDOF -

# Display the RIP routing table on Router B.

[RouterB] display rip 1 route

Route Flags: R - RIP, T - TRIP

P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect

D - Direct, O - Optimal, F - Flush to RIB

----------------------------------------------------------------------------

Peer 1.1.1.1 on Ten-GigabitEthernet3/0/1

Destination/Mask Nexthop Cost Tag Flags Sec

2.1.1.0/24 1.1.1.1 1 0 RAOF 19

Local route

Destination/Mask Nexthop Cost Tag Flags Sec

1.1.1.0/24 0.0.0.0 0 0 RDOF -

10.1.1.0/24 0.0.0.0 0 0 RDOF -

10.2.1.0/24 0.0.0.0 0 0 RDOF -

Example: Configuring RIP route redistribution

Network configuration

As shown in Figure 86, Router B communicates with Router A through RIP 100 and with Router C through RIP 200.

Configure RIP 200 to redistribute direct routes and routes from RIP 100 on Router B so Router C can learn routes destined for 10.2.1.0/24 and 11.1.1.0/24. Router A cannot learn routes destined for 12.3.1.0/24 and 16.4.1.0/24.

Figure 86 Network diagram

‌

Procedure

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Configure basic RIP settings:

# Enable RIP 100, and configure RIPv2 on Router A.

<RouterA> system-view

[RouterA] rip 100

[RouterA-rip-100] network 10.0.0.0

[RouterA-rip-100] network 11.0.0.0

[RouterA-rip-100] version 2

[RouterA-rip-100] undo summary

[RouterA-rip-100] quit

# Enable RIP 100 and RIP 200, and configure RIPv2 on Router B.

<RouterB> system-view

[RouterB] rip 100

[RouterB-rip-100] network 11.0.0.0

[RouterB-rip-100] version 2

[RouterB-rip-100] undo summary

[RouterB-rip-100] quit

[RouterB] rip 200

[RouterB-rip-200] network 12.0.0.0

[RouterB-rip-200] version 2

[RouterB-rip-200] undo summary

[RouterB-rip-200] quit

# Enable RIP 200, and configure RIPv2 on Router C.

<RouterC> system-view

[RouterC] rip 200

[RouterC-rip-200] network 12.0.0.0

[RouterC-rip-200] network 16.0.0.0

[RouterC-rip-200] version 2

[RouterC-rip-200] undo summary

[RouterC-rip-200] quit

# Display the IP routing table on Router C.

[RouterC] display ip routing-table

Destinations : 14 Routes : 14

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

12.3.1.0/24 Direct 0 0 12.3.1.2 XGE3/0/1

12.3.1.0/32 Direct 0 0 12.3.1.2 XGE3/0/1

12.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0

12.3.1.255/32 Direct 0 0 12.3.1.2 XGE3/0/1

16.4.1.0/24 Direct 0 0 16.4.1.1 XGE3/0/2

16.4.1.0/32 Direct 0 0 16.4.1.1 XGE3/0/2

16.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0

16.4.1.255/32 Direct 0 0 16.4.1.1 XGE3/0/2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

3. Configure RIP route redistribution:

# Configure RIP 200 to redistribute direct routes and routes from RIP 100 on Router B.

[RouterB] rip 200

[RouterB-rip-200] import-route rip 100

[RouterB-rip-200] import-route direct

[RouterB-rip-200] quit

# Display the IP routing table on Router C.

[RouterC] display ip routing-table

Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.2.1.0/24 RIP 100 1 12.3.1.1 XGE3/0/1

11.1.1.0/24 RIP 100 1 12.3.1.1 XGE3/0/1

12.3.1.0/24 Direct 0 0 12.3.1.2 XGE3/0/1

12.3.1.0/32 Direct 0 0 12.3.1.2 XGE3/0/1

12.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0

12.3.1.255/32 Direct 0 0 12.3.1.2 XGE3/0/1

16.4.1.0/24 Direct 0 0 16.4.1.1 XGE3/0/2

16.4.1.0/32 Direct 0 0 16.4.1.1 XGE3/0/2

16.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0

16.4.1.255/32 Direct 0 0 16.4.1.1 XGE3/0/2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

Example: Configuring an additional metric for a RIP interface

Network configuration

As shown in Figure 87, run RIPv2 on all the interfaces of Router A, Router B, Router C, Router D, and Router E.

Router A has two links to Router D. The link from Router B to Router D is more stable than that from Router C to Router D. Configure an additional metric for RIP routes received from Ten-GigabitEthernet 3/0/2 on Router A so Router A prefers route 1.1.5.0/24 learned from Router B.

Figure 87 Network diagram

‌

Procedure

1. Configure IP addresses for the the interfaces. (Details not shown.)

2. Configure basic RIP settings:

# Configure Router A.

<RouterA> system-view

[RouterA] rip

[RouterA-rip-1] network 1.0.0.0

[RouterA-rip-1] version 2

[RouterA-rip-1] undo summary

[RouterA-rip-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] rip

[RouterB-rip-1] network 1.0.0.0

[RouterB-rip-1] version 2

[RouterB-rip-1] undo summary

# Configure Router C.

<RouterC> system-view

[RouterC] rip

[RouterC-rip-1] network 1.0.0.0

[RouterC-rip-1] version 2

[RouterC-rip-1] undo summary

# Configure Router D.

<RouterD> system-view

[RouterD] rip

[RouterD-rip-1] network 1.0.0.0

[RouterD-rip-1] version 2

[RouterD-rip-1] undo summary

# Configure Router E.

<RouterE> system-view

[RouterE] rip

[RouterE-rip-1] network 1.0.0.0

[RouterE-rip-1] version 2

[RouterE-rip-1] undo summary

# Display all active routes in the RIP database on Router A.

[RouterA] display rip 1 database

1.0.0.0/8, auto-summary

1.1.1.0/24, cost 0, nexthop 1.1.1.1, RIP-interface

1.1.2.0/24, cost 0, nexthop 1.1.2.1, RIP-interface

1.1.3.0/24, cost 1, nexthop 1.1.1.2

1.1.4.0/24, cost 1, nexthop 1.1.2.2

1.1.5.0/24, cost 2, nexthop 1.1.1.2

1.1.5.0/24, cost 2, nexthop 1.1.2.2

The output shows two RIP routes destined for network 1.1.5.0/24. The next hops of the routes are Router B (1.1.1.2) and Router C (1.1.2.2). The cost of the routes is 2.

3. Configure an additional metric for a RIP interface:

# Configure an inbound additional metric of 3 for RIP-enabled interface Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] rip metricin 3

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Display all active routes in the RIP database on Router A.

[RouterA-Ten-GigabitEthernet3/0/2] display rip 1 database

1.0.0.0/8, auto-summary

1.1.1.0/24, cost 0, nexthop 1.1.1.1, RIP-interface

1.1.2.0/24, cost 0, nexthop 1.1.2.1, RIP-interface

1.1.3.0/24, cost 1, nexthop 1.1.1.2

1.1.4.0/24, cost 2, nexthop 1.1.1.2

1.1.5.0/24, cost 2, nexthop 1.1.1.2

The output shows that only one RIP route reaches network 1.1.5.0/24, with the next hop as Router B (1.1.1.2) and a cost of 2.

Example: Configuring RIP to advertise a summary route

Network configuration

As shown in Figure 88, Router A and Router B run OSPF, Router D runs RIP, and Router C runs OSPF and RIP.

· Configure RIP to redistribute OSPF routes on Router C so Router D can learn routes destined for networks 10.1.1.0/24, 10.2.1.0/24, 10.5.1.0/24, and 10.6.1.0/24.

· To reduce the routing table size of Router D, configure route summarization on Router C to advertise only the summary route 10.0.0.0/8 to Router D.

Figure 88 Network diagram

‌

Procedure

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Configure basic OSPF settings:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] network 10.6.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

3. Configure basic RIP settings:

# Configure Router C.

[RouterC] rip 1

[RouterC-rip-1] network 11.3.1.0

[RouterC-rip-1] version 2

[RouterC-rip-1] undo summary

# Configure Router D.

<RouterD> system-view

[RouterD] rip 1

[RouterD-rip-1] network 11.0.0.0

[RouterD-rip-1] version 2

[RouterD-rip-1] undo summary

[RouterD-rip-1] quit

# Configure RIP to redistribute routes from OSPF process 1 and direct routes on Router C.

[RouterC-rip-1] import-route direct

[RouterC-rip-1] import-route ospf 1

[RouterC-rip-1] quit

# Display the IP routing table on Router D.

[RouterD] display ip routing-table

Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 RIP 100 1 11.3.1.1 XGE3/0/1

10.2.1.0/24 RIP 100 1 11.3.1.1 XGE3/0/1

10.5.1.0/24 RIP 100 1 11.3.1.1 XGE3/0/1

10.6.1.0/24 RIP 100 1 11.3.1.1 XGE3/0/1

11.3.1.0/24 Direct 0 0 11.3.1.2 XGE3/0/1

11.3.1.0/32 Direct 0 0 11.3.1.2 XGE3/0/1

11.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.4.1.0/24 Direct 0 0 11.4.1.2 XGE3/0/2

11.4.1.0/32 Direct 0 0 11.4.1.2 XGE3/0/2

11.4.1.2/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

4. Configure route summarization:

# Configure route summarization on Router C to advertise only the summary route 10.0.0.0/8.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] rip summary-address 10.0.0.0 8

# Display the IP routing table on Router D.

[RouterD] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.0.0.0/8 RIP 100 1 11.3.1.1 XGE3/0/1

11.3.1.0/24 Direct 0 0 11.3.1.2 XGE3/0/1

11.3.1.0/32 Direct 0 0 11.3.1.2 XGE3/0/1

11.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.4.1.0/24 Direct 0 0 11.4.1.2 XGE3/0/2

11.4.1.0/32 Direct 0 0 11.4.1.2 XGE3/0/2

11.4.1.2/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

Example: Configuring RIP GR

Network configuration

As shown in Figure 89, Router A, Router B, and Router C run RIPv2.

· Enable GR on Router A. Router A acts as the GR restarter.

· Router B and Router C act as GR helpers to synchronize their routing tables with Router A by using GR.

Figure 89 Network diagram

‌

Procedure

1. Configure IP addresses and subnet masks for the interfaces on the routers. (Details not shown.)

2. Configure RIPv2 on the routers to ensure the following: (Details not shown.)

¡ Router A, Router B, and Router C can communicate with each other at Layer 3.

¡ Dynamic route update can be implemented among them with RIPv2.

3. Enable RIP GR on Router A.

<RouterA> system-view

[RouterA] rip

[RouterA-rip-1] graceful-restart

[RouterA-rip-1] quit

Verifying the configuration

# Restart RIP or trigger an active/standby process switchover, and then display GR status on Router A.

[RouterA] display rip graceful-restart

RIP process: 1

Graceful Restart capability : Enabled

Current GR state : Normal

Graceful Restart period : 60 seconds

Graceful Restart remaining time : 0 seconds

Example: Configuring BFD for RIP (single-hop echo detection for a directly connected neighbor)

Network configuration

As shown in Figure 90, Ten-GigabitEthernet 3/0/1 of Router A and Router C runs RIP process 1. Ten-GigabitEthernet 3/0/2 of Router A runs RIP process 2. Ten-GigabitEthernet 3/0/2 of Router C and Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 of Router B run RIP process 1.

· Configure a static route destined for 100.1.1.1/24 and enable static route redistribution into RIP on Router C. This allows Router A to learn two routes destined for 100.1.1.1/24 through Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 respectively, and uses the one through Ten-GigabitEthernet 3/0/1.

· Enable BFD for RIP on Ten-GigabitEthernet 3/0/1 of Router A. When the link over Ten-GigabitEthernet 3/0/1 fails, BFD can quickly detect the failure and notify RIP. RIP deletes the neighbor relationship and route information learned on Ten-GigabitEthernet 3/0/1, and uses the route destined for 100.1.1.1 24 through Ten-GigabitEthernet 3/0/2.

Figure 90 Network diagram

‌

Procedure

1. Configure basic RIP settings and enable BFD on the interfaces:

# Configure Router A.

<RouterA> system-view

[RouterA] rip 1

[RouterA-rip-1] version 2

[RouterA-rip-1] undo summary

[RouterA-rip-1] network 192.168.1.0

[RouterA-rip-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] rip bfd enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] rip 2

[RouterA-rip-2] network 192.168.2.0

[RouterA-rip-2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] rip 1

[RouterB-rip-1] version 2

[RouterB-rip-1] undo summary

[RouterB-rip-1] network 192.168.2.0

[RouterB-rip-1] network 192.168.3.0

[RouterB-rip-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] rip 1

[RouterC-rip-1] version 2

[RouterC-rip-1] undo summary

[RouterC-rip-1] network 192.168.1.0

[RouterC-rip-1] network 192.168.3.0

[RouterC-rip-1] import-route static

[RouterC-rip-1] quit

2. Configure the BFD parameters on Ten-GigabitEthernet 3/0/1 of Router A.

[RouterA] bfd echo-source-ip 11.11.11.11

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-echo-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 7

[RouterA-Ten-GigabitEthernet3/0/1] quit

3. Configure a static route on Router C.

[RouterC] ip route-static 120.1.1.1 24 null 0

Verifying the configuration

# Display the BFD session information on Router A.

[RouterA] display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv4 session working in echo mode:

LD SourceAddr DestAddr State Holdtime Interface

4 192.168.1.1 192.168.1.2 Up 2000ms XGE3/0/1

# Display RIP routes destined for 120.1.1.0/24 on Router A.

[RouterA] display ip routing-table 120.1.1.0 24

Summary count : 1

Destination/Mask Proto Pre Cost NextHop Interface

120.1.1.0/24 RIP 100 1 192.168.1.2 XGE3/0/1

The output shows that Router A communicates with Router C through Ten-GigabitEthernet 3/0/1. Then the link over Ten-GigabitEthernet 3/0/1 fails.

# Display RIP routes destined for 120.1.1.0/24 on Router A.

[RouterA] display ip routing-table 120.1.1.0 24

Summary count : 1

Destination/Mask Proto Pre Cost NextHop Interface

120.1.1.0/24 RIP 100 2 192.168.2.2 XGE3/0/2

The output shows that Router A communicates with Router C through Ten-GigabitEthernet 3/0/2.

Example: Configuring BFD for RIP (single-hop echo detection for a specific destination)

Network configuration

As shown in Figure 91, Ten-GigabitEthernet 3/0/2 of Router A and Ten-GigabitEthernet 3/0/1 of Router B run RIP process 1. Ten-GigabitEthernet 3/0/2 of Router B and Router C runs RIP process 1.

· Configure a static route destined for 100.1.1.0/24 and enable static route redistribution into RIP on both Router A and Router C. This allows Router B to learn two routes destined for 100.1.1.0/24 through Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2. The route redistributed from Router A has a smaller cost than that redistributed from Router C, so Router B uses the route through Ten-GigabitEthernet 3/0/1.

· Enable BFD for RIP on Ten-GigabitEthernet 3/0/2 of Router A, and specify Ten-GigabitEthernet 3/0/1 of Router B as the destination. When a unidirectional link occurs between Router A and Router B, BFD can quickly detect the link failure and notify RIP. RIP then deletes the neighbor relationship and the route information learned on Ten-GigabitEthernet 3/0/2. It does not receive or send any packets on Ten-GigabitEthernet 3/0/2. When the route learned from Router A ages out, Router B uses the route destined for 100.1.1.1/24 through Ten-GigabitEthernet 3/0/2.

Figure 91 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure basic RIP settings and enable BFD on the interfaces:

# Configure Router A.

<RouterA> system-view

[RouterA] rip 1

[RouterA-rip-1] network 192.168.2.0

[RouterA-rip-1] import-route static

[RouterA-rip-1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] rip bfd enable destination 192.168.2.2

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] rip 1

[RouterB-rip-1] network 192.168.2.0

[RouterB-rip-1] network 192.168.3.0

[RouterB-rip-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] rip 1

[RouterC-rip-1] network 192.168.3.0

[RouterC-rip-1] import-route static cost 3

[RouterC-rip-1] quit

3. Configure BFD parameters on Ten-GigabitEthernet 3/0/2 of Router A.

[RouterA] bfd echo-source-ip 11.11.11.11

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] bfd min-echo-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/2] quit

4. Configure static routes:

# Configure a static route on Router A.

[RouterA] ip route-static 100.1.1.0 24 null 0

# Configure a static route on Router C.

[RouterC] ip route-static 100.1.1.0 24 null 0

Verifying the configuration

# Display the BFD session information on Router A.

[RouterA] display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv4 session working in echo mode:

LD SourceAddr DestAddr State Holdtime Interface

3 192.168.2.1 192.168.2.2 Up 2000ms XGE3/0/2

# Display routes destined for 100.1.1.0/24 on Router B.

[RouterB] display ip routing-table 100.1.1.0 24 verbose

Summary Count : 1

Destination: 100.1.1.0/24

Protocol: RIP

Process ID: 1

SubProtID: 0x1 Age: 00h02m47s

FlushedAge: 15h28m49s

Cost: 1 Preference: 100

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x12000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 192.168.2.1

Flags: 0x1008c OrigNextHop: 192.168.2.1

Label: NULL RealNextHop: 192.168.2.1

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/1

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display routes destined for 100.1.1.0/24 on Router B when the link between Router A and Router B fails.

[RouterB] display ip routing-table 100.1.1.0 24 verbose

Summary Count : 1

Destination: 100.1.1.0/24

Protocol: RIP

Process ID: 1

SubProtID: 0x1 Age: 00h21m23s

FlushedAge: 15h28m49s

Cost: 4 Preference: 100

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x12000003 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 192.168.3.2

Flags: 0x1008c OrigNextHop: 192.168.3.2

Label: NULL RealNextHop: 192.168.3.2

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

Example: Configuring BFD for RIP (bidirectional control detection)

Network configuration

As shown in Figure 92, Ten-GigabitEthernet 3/0/2 of Router A and Ten-GigabitEthernet 3/0/1 of Router C run RIP process 1. Ten-GigabitEthernet 3/0/1 on Router A runs RIP process 2. Ten-GigabitEthernet 3/0/2 on Router C, and Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 on Router D run RIP process 1.

· Configure a static route destined for 100.1.1.0/24 on Router A.

· Configure a static route destined for 101.1.1.0/24 on Router C.

· Enable static route redistribution into RIP on Router A and Router C. This allows Router A to learn two routes destined for 100.1.1.0/24 through Ten-GigabitEthernet 3/0/2 and Ten-GigabitEthernet 3/0/1. It uses the route through Ten-GigabitEthernet 3/0/2.

· Enable BFD for RIP on Ten-GigabitEthernet 3/0/2 of Router A and Ten-GigabitEthernet 3/0/1 of Router C.

When the link over Ten-GigabitEthernet 3/0/2 fails, BFD can quickly detect the link failure and notify RIP. RIP deletes the neighbor relationship and the route information learned on Ten-GigabitEthernet 3/0/2, and uses the route destined for 100.1.1.0/24 through Ten-GigabitEthernet 3/0/1.

Figure 92 Network diagram

‌

Table 4 Interface and IP address assignment

Device	Interface	IP address
Router A	Ten-GigabitEthernet 3/0/1	192.168.3.1/24
Router A	Ten-GigabitEthernet 3/0/2	192.168.1.1/24
Router B	Ten-GigabitEthernet 3/0/1	192.168.2.1/24
Router B	Ten-GigabitEthernet 3/0/2	192.168.1.2/24
Router C	Ten-GigabitEthernet 3/0/1	192.168.2.2/24
Router C	Ten-GigabitEthernet 3/0/2	192.168.4.2/24
Router D	Ten-GigabitEthernet 3/0/1	192.168.3.2/24
Router D	Ten-GigabitEthernet 3/0/2	192.168.4.1/24

Procedure

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Configure basic RIP settings and enable static route redistribution into RIP so Router A and Router C have routes to send to each other:

# Configure Router A.

<RouterA> system-view

[RouterA] rip 1

[RouterA-rip-1] version 2

[RouterA-rip-1] undo summary

[RouterA-rip-1] network 192.168.1.0

[RouterA-rip-1] network 101.1.1.0

[RouterA-rip-1] peer 192.168.2.2

[RouterA-rip-1] undo validate-source-address

[RouterA-rip-1] import-route static

[RouterA-rip-1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] rip bfd enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] rip 2

[RouterA-rip-2] version 2

[RouterA-rip-2] undo summary

[RouterA-rip-2] network 192.168.3.0

[RouterA-rip-2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] rip 1

[RouterC-rip-1] version 2

[RouterC-rip-1] undo summary

[RouterC-rip-1] network 192.168.2.0

[RouterC-rip-1] network 192.168.4.0

[RouterC-rip-1] network 100.1.1.0

[RouterC-rip-1] peer 192.168.1.1

[RouterC-rip-1] undo validate-source-address

[RouterC-rip-1] import-route static

[RouterC-rip-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] rip bfd enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] rip 1

[RouterD-rip-1] version 2

[RouterD-rip-1] undo summary

[RouterD-rip-1] network 192.168.3.0

[RouterD-rip-1] network 192.168.4.0

[RouterD-rip-1] quit

3. Configure BFD parameters for the interfaces:

# Configure Router A.

[RouterA] bfd session init-mode active

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.3.1 24

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ip address 192.168.1.1 24

[RouterA-Ten-GigabitEthernet3/0/2] bfd min-transmit-interval 500

[RouterA-Ten-GigabitEthernet3/0/2] bfd min-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/2] bfd detect-multiplier 7

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ip address 192.168.1.2 24

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 192.168.2.1 24

# Configure Router C.

[RouterC] bfd session init-mode active

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ip address 192.168.2.2 24

[RouterC-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterC-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterC-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 6

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ip address 192.168.4.2 24

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] ip address 192.168.4.1 24

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] ip address 192.168.3.2 24

[RouterD-Ten-GigabitEthernet3/0/1] quit

4. Configure static routes:

# Configure a static route to Router C on Router A.

[RouterA] ip route-static 192.168.2.0 24 ten-gigabitethernet 3/0/2 192.168.1.2

# Configure a static route to Router A on Router C.

[RouterC] ip route-static 192.168.1.0 24 ten-gigabitethernet 3/0/1 192.168.2.1

Verifying the configuration

# Display the BFD session information on Router A.

[RouterA] display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv4 session working in control packet mode:

LD/RD SourceAddr DestAddr State Holdtime Interface

513/513 192.168.1.1 192.168.2.2 Up 1700ms XGE3/0/2

# Display RIP routes destined for 100.1.1.0/24 learned on Router A.

[RouterA] display ip routing-table 100.1.1.0 24

Summary count : 1

Destination/Mask Proto Pre Cost NextHop Interface

100.1.1.0/24 RIP 100 1 192.168.2.2 XGE3/0/2

The output shows that Router A communicates with Router C through Ten-GigabitEthernet 3/0/2. Then the link over Ten-GigabitEthernet 3/0/2 fails.

# Display RIP routes destined for 100.1.1.0/24 on Router A.

[RouterA] display ip routing-table 100.1.1.0

Summary count : 1

Destination/Mask Proto Pre Cost NextHop Interface

100.1.1.0/24 RIP 100 2 192.168.3.2 XGE3/0/1

The output shows that Router A communicates with Router C through Ten-GigabitEthernet 3/0/1.

Example: Configuring RIP FRR

Network configuration

As shown in Figure 93, Router A, Router B, and Router C run RIPv2. Configure RIP FRR so that when Link A becomes unidirectional, traffic can be switched to Link B immediately.

Figure 93 Network diagram

‌

Table 5 Interface and IP address assignment

Device	Interface	IP address
Router A	Ten-GigabitEthernet 3/0/1	12.12.12.1/24
Router A	Ten-GigabitEthernet 3/0/2	13.13.13.1/24
Router A	Loopback 0	1.1.1.1/32
Router B	Ten-GigabitEthernet 3/0/1	24.24.24.4/24
Router B	Ten-GigabitEthernet 3/0/2	13.13.13.2/24
Router B	Loopback 0	4.4.4.4/32
Router C	Ten-GigabitEthernet 3/0/1	12.12.12.2/24
Router C	Ten-GigabitEthernet 3/0/2	24.24.24.2/24

Procedure

1. Configure IP addresses and subnet masks for the interfaces on the routers. (Details not shown.)

2. Configure RIPv2 on the routers to make sure Router A, Router B, and Router C can communicate with each other at the network layer. (Details not shown.)

3. Configure RIP FRR:

# Configure Router A.

<RouterA> system-view

[RouterA] ip prefix-list abc index 10 permit 4.4.4.4 32

[RouterA] route-policy frr permit node 10

[RouterA-route-policy-frr-10] if-match ip address prefix-list abc

[RouterA-route-policy-frr-10] apply fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 12.12.12.2

[RouterA-route-policy-frr-10] quit

[RouterA] rip 1

[RouterA-rip-1] fast-reroute route-policy frr

[RouterA-rip-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ip prefix-list abc index 10 permit 1.1.1.1 32

[RouterB] route-policy frr permit node 10

[RouterB-route-policy-frr-10] if-match ip address prefix-list abc

[RouterB-route-policy-frr-10] apply fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 24.24.24.2

[RouterB-route-policy-frr-10] quit

[RouterB] rip 1

[RouterB-rip-1] fast-reroute route-policy frr

[RouterB-rip-1] quit

Verifying the configuration

# Display route 4.4.4.4/32 on Router A to view the backup next hop information.

[RouterA] display ip routing-table 4.4.4.4 verbose

Summary Count : 1

Destination: 4.4.4.4/32

Protocol: RIP

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 1 Preference: 100

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 13.13.13.2

Flags: 0x1008c OrigNextHop: 13.13.13.2

Label: NULL RealNextHop: 13.13.13.2

BkLabel: NULL BkNextHop: 12.12.12.2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display route 1.1.1.1/32 on Router B to view the backup next hop information.

[RouterB] display ip routing-table 1.1.1.1 verbose

Summary Count : 1

Destination: 1.1.1.1/32

Protocol: RIP

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 1 Preference: 100

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 13.13.13.1

Flags: 0x1008c OrigNextHop: 13.13.13.1

Label: NULL RealNextHop: 13.13.13.1

BkLabel: NULL BkNextHop: 24.24.24.2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

OSPF configuration examples

Example: Configuring basic OSPF

Network configuration

As shown in Figure 94:

· Enable OSPF on all routers, and split the AS into three areas.

· Configure Router A and Router B as ABRs.

Figure 94 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable OSPF:

# Configure Router A.

<RouterA> system-view

[RouterA] router id 10.2.1.1

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] area 1

[RouterA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.1] quit

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] router id 10.3.1.1

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] area 2

[RouterB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.2] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] router id 10.4.1.1

[RouterC] ospf

[RouterC-ospf-1] area 1

[RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.1] quit

[RouterC-ospf-1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] router id 10.5.1.1

[RouterD] ospf

[RouterD-ospf-1] area 2

[RouterD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255

[RouterD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255

[RouterD-ospf-1-area-0.0.0.2] quit

[RouterD-ospf-1] quit

Verifying the configuration

# Display the OSPF neighbors of Router A.

[RouterA] display ospf peer verbose

OSPF Process 1 with Router ID 10.2.1.1

Neighbors

Area 0.0.0.0 interface 10.1.1.1(Ten-GigabitEthernet3/0/1)'s neighbors

Router ID: 10.3.1.1 Address: 10.1.1.2 GR State: Normal

State: Full Mode: Nbr is master Priority: 1

DR: 10.1.1.1 BDR: 10.1.1.2 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 37 sec

Neighbor is up for 06:03:59

Authentication Sequence: [ 0 ]

Neighbor state change count: 5

BFD status: Disabled

Area 0.0.0.1 interface 10.2.1.1(Ten-GigabitEthernet3/0/2)'s neighbors

Router ID: 10.4.1.1 Address: 10.2.1.2 GR State: Normal

State: Full Mode: Nbr is master Priority: 1

DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 32 sec

Neighbor is up for 06:03:12

Authentication Sequence: [ 0 ]

Neighbor state change count: 5

BFD status: Disabled

# Display OSPF routing information on Router A.

[RouterA] display ospf routing

OSPF Process 1 with Router ID 10.2.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

10.2.1.0/24 1 Transit 10.2.1.1 10.2.1.1 0.0.0.1

10.3.1.0/24 2 Inter 10.1.1.2 10.3.1.1 0.0.0.0

10.4.1.0/24 2 Stub 10.2.1.2 10.4.1.1 0.0.0.1

10.5.1.0/24 3 Inter 10.1.1.2 10.3.1.1 0.0.0.0

10.1.1.0/24 1 Transit 10.1.1.1 10.2.1.1 0.0.0.0

Total nets: 5

Intra area: 3 Inter area: 2 ASE: 0 NSSA: 0

# Display OSPF routing information on Router D.

[RouterD] display ospf routing

OSPF Process 1 with Router ID 10.5.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

10.2.1.0/24 3 Inter 10.3.1.1 10.3.1.1 0.0.0.2

10.3.1.0/24 1 Transit 10.3.1.2 10.3.1.1 0.0.0.2

10.4.1.0/24 4 Inter 10.3.1.1 10.3.1.1 0.0.0.2

10.5.1.0/24 1 Stub 10.5.1.1 10.5.1.1 0.0.0.2

10.1.1.0/24 2 Inter 10.3.1.1 10.3.1.1 0.0.0.2

Total nets: 5

Intra area: 2 Inter area: 3 ASE: 0 NSSA: 0

# Ping 10.4.1.1 to test reachability.

[RouterD] ping 10.4.1.1

Ping 10.4.1.1 (10.4.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 10.4.1.1: icmp_seq=0 ttl=253 time=1.549 ms

56 bytes from 10.4.1.1: icmp_seq=1 ttl=253 time=1.539 ms

56 bytes from 10.4.1.1: icmp_seq=2 ttl=253 time=0.779 ms

56 bytes from 10.4.1.1: icmp_seq=3 ttl=253 time=1.702 ms

56 bytes from 10.4.1.1: icmp_seq=4 ttl=253 time=1.471 ms

--- Ping statistics for 10.4.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.779/1.408/1.702/0.323 ms

Example: Configuring OSPF route redistribution

Network configuration

As shown in Figure 95:

· Enable OSPF on all the routers.

· Split the AS into three areas.

· Configure Router A and Router B as ABRs.

· Configure Router C as an ASBR to redistribute external routes (static routes).

Figure 95 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable OSPF (see "Example: Configuring basic OSPF").

3. Configure OSPF to redistribute routes:

# On Router C, configure a static route destined for network 3.1.2.0/24.

<RouterC> system-view

[RouterC] ip route-static 3.1.2.1 24 10.4.1.2

# On Router C, configure OSPF to redistribute the static route.

[RouterC] ospf 1

[RouterC-ospf-1] import-route static

Verifying the configuration

# Display the ABR/ASBR information on Router D.

<RouterD> display ospf abr-asbr

OSPF Process 1 with Router ID 10.5.1.1

Routing Table to ABR and ASBR

Topology base (MTID 0)

Type Destination Area Cost Nexthop RtType

Intra 10.3.1.1 0.0.0.2 10 10.3.1.1 ABR

Inter 10.4.1.1 0.0.0.2 22 10.3.1.1 ASBR

# Display the OSPF routing information on Router D.

<RouterD> display ospf routing

OSPF Process 1 with Router ID 10.5.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

10.2.1.0/24 22 Inter 10.3.1.1 10.3.1.1 0.0.0.2

10.3.1.0/24 10 Transit 10.3.1.2 10.3.1.1 0.0.0.2

10.4.1.0/24 25 Inter 10.3.1.1 10.3.1.1 0.0.0.2

10.5.1.0/24 10 Stub 10.5.1.1 10.5.1.1 0.0.0.2

10.1.1.0/24 12 Inter 10.3.1.1 10.3.1.1 0.0.0.2

Routing for ASEs

Destination Cost Type Tag NextHop AdvRouter

3.1.2.0/24 1 Type2 1 10.3.1.1 10.4.1.1

Total nets: 6

Intra area: 2 Inter area: 3 ASE: 1 NSSA: 0

Example: Configuring OSPF route summarization

Network configuration

As shown in Figure 96:

· Configure OSPF on Router A and Router B in AS 200.

· Configure OSPF on Router C, Router D, and Router E in AS 100.

· Configure an EBGP connection between Router B and Router C. Configure Router B and Router C to redistribute OSPF routes and direct routes into BGP and BGP routes into OSPF.

· Configure Router B to advertise only summary route 10.0.0.0/8 to Router A.

Figure 96 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable OSPF:

# Configure Router A.

<RouterA> system-view

[RouterA] router id 11.2.1.2

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] router id 11.2.1.1

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] router id 11.1.1.2

[RouterC] ospf

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] router id 10.3.1.1

[RouterD] ospf

[RouterD-ospf-1] area 0

[RouterD-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterD-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255

[RouterD-ospf-1-area-0.0.0.0] quit

[RouterD-ospf-1] quit

# Configure Router E.

<RouterE> system-view

[RouterE] router id 10.4.1.1

[RouterE] ospf

[RouterE-ospf-1] area 0

[RouterE-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[RouterE-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[RouterE-ospf-1-area-0.0.0.0] quit

[RouterE-ospf-1] quit

3. Configure BGP to redistribute OSPF routes and direct routes:

# Configure Router B.

[RouterB] bgp 200

[RouterB-bgp-default] peer 11.1.1.2 as-number 100

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 11.1.1.2 enable

[RouterB-bgp-default-ipv4] import-route ospf

[RouterB-bgp-default-ipv4] import-route direct

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# Configure Router C.

[RouterC] bgp 100

[RouterC-bgp-default] peer 11.1.1.1 as-number 200

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 11.1.1.1 enable

[RouterC-bgp-default-ipv4] import-route ospf

[RouterC-bgp-default-ipv4] import-route direct

[RouterB-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

4. Configure Router B and Router C to redistribute BGP routes into OSPF:

# Configure OSPF to redistribute routes from BGP on Router B.

[RouterB] ospf

[RouterB-ospf-1] import-route bgp

# Configure OSPF to redistribute routes from BGP on Router C.

[RouterC] ospf

[RouterC-ospf-1] import-route bgp

# Display the IP routing table on Router A.

[RouterA] display ip routing-table

Destinations : 14 Routes : 14

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 O_ASE2 150 1 11.2.1.1 XGE3/0/1

10.2.1.0/24 O_ASE2 150 1 11.2.1.1 XGE3/0/1

10.3.1.0/24 O_ASE2 150 1 11.2.1.1 XGE3/0/1

10.4.1.0/24 O_ASE2 150 1 11.2.1.1 XGE3/0/1

11.2.1.0/24 Direct 0 0 11.2.1.2 XGE3/0/1

11.2.1.0/32 Direct 0 0 11.2.1.2 XGE3/0/1

11.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.2.1.255/32 Direct 0 0 11.2.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

5. Configure route summarization:

# Configure route summarization on Router B to advertise a single route 10.0.0.0/8.

[RouterB-ospf-1] asbr-summary 10.0.0.0 8

# Display the IP routing table on Router A.

[RouterA] display ip routing-table

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.0.0.0/8 O_ASE2 150 1 11.2.1.1 XGE3/0/1

11.2.1.0/24 Direct 0 0 11.2.1.2 XGE3/0/1

11.2.1.0/32 Direct 0 0 11.2.1.2 XGE3/0/1

11.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.2.1.255/32 Direct 0 0 11.2.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

The output shows that routes 10.1.1.0/24, 10.2.1.0/24, 10.3.1.0/24 and 10.4.1.0/24 are summarized into a single route 10.0.0.0/8.

Example: Configuring OSPF stub area

Network configuration

As shown in Figure 97:

· Enable OSPF on all routers, and split the AS into three areas.

· Configure Router A and Router B as ABRs to forward routing information between areas.

· Configure Router D as the ASBR to redistribute static routes.

· Configure Area 1 as a stub area to reduce advertised LSAs without influencing reachability.

Figure 97 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable OSPF (see "Example: Configuring basic OSPF").

3. Configure route redistribution:

# Configure Router D to redistribute static routes.

<RouterD> system-view

[RouterD] ip route-static 3.1.2.1 24 10.5.1.2

[RouterD] ospf

[RouterD-ospf-1] import-route static

[RouterD-ospf-1] quit

# Display ABR/ASBR information on Router C.

<RouterC> display ospf abr-asbr

OSPF Process 1 with Router ID 10.4.1.1

Routing Table to ABR and ASBR

Topology base (MTID 0)

Type Destination Area Cost Nexthop RtType

Intra 10.2.1.1 0.0.0.1 3 10.2.1.1 ABR

Inter 10.5.1.1 0.0.0.1 7 10.2.1.1 ASBR

# Display OSPF routing information on Router C.

<RouterC> display ospf routing

OSPF Process 1 with Router ID 10.4.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

10.2.1.0/24 3 Transit 0.0.0.0 10.2.1.1 0.0.0.1

10.3.1.0/24 7 Inter 10.2.1.1 10.2.1.1 0.0.0.1

10.4.1.0/24 3 Stub 10.4.1.1 10.4.1.1 0.0.0.1

10.5.1.0/24 17 Inter 10.2.1.1 10.2.1.1 0.0.0.1

10.1.1.0/24 5 Inter 10.2.1.1 10.2.1.1 0.0.0.1

Routing for ASEs

Destination Cost Type Tag NextHop AdvRouter

3.1.2.0/24 1 Type2 1 10.2.1.1 10.5.1.1

Total nets: 6

Intra area: 2 Inter area: 3 ASE: 1 NSSA: 0

The output shows that Router C's routing table contains an AS external route.

4. Configure Area 1 as a stub area:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 1

[RouterA-ospf-1-area-0.0.0.1] stub

[RouterA-ospf-1-area-0.0.0.1] quit

[RouterA-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf-1] area 1

[RouterC-ospf-1-area-0.0.0.1] stub

[RouterC-ospf-1-area-0.0.0.1] quit

[RouterC-ospf-1] quit

# Display OSPF routing information on Router C.

[RouterC] display ospf routing

OSPF Process 1 with Router ID 10.4.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

0.0.0.0/0 4 Inter 10.2.1.1 10.2.1.1 0.0.0.1

10.2.1.0/24 3 Transit 0.0.0.0 10.2.1.1 0.0.0.1

10.3.1.0/24 7 Inter 10.2.1.1 10.2.1.1 0.0.0.1

10.4.1.0/24 3 Stub 10.4.1.1 10.4.1.1 0.0.0.1

10.5.1.0/24 17 Inter 10.2.1.1 10.2.1.1 0.0.0.1

10.1.1.0/24 5 Inter 10.2.1.1 10.2.1.1 0.0.0.1

Total nets: 6

Intra area: 2 Inter area: 4 ASE: 0 NSSA: 0

The output shows that a default route replaces the AS external route.

# Configure Area 1 as a totally stub area.

[RouterA] ospf

[RouterA-ospf-1] area 1

[RouterA-ospf-1-area-0.0.0.1] stub no-summary

[RouterA-ospf-1-area-0.0.0.1] quit

# Display OSPF routing information on Router C.

[RouterC] display ospf routing

OSPF Process 1 with Router ID 10.4.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

0.0.0.0/0 4 Inter 10.2.1.1 10.2.1.1 0.0.0.1

10.2.1.0/24 3 Transit 0.0.0.0 10.4.1.1 0.0.0.1

10.4.1.0/24 3 Stub 10.4.1.1 10.4.1.1 0.0.0.1

Total nets: 3

Intra area: 2 Inter area: 1 ASE: 0 NSSA: 0

The output shows that inter-area routes are removed, and only one external route (a default route) exists on Router C.

Example: Configuring OSPF NSSA area

Network configuration

As shown in Figure 98:

· Configure OSPF on all routers and split AS into three areas.

· Configure Router A and Router B as ABRs to forward routing information between areas.

· Configure Area 1 as an NSSA area and configure Router C as an ASBR to redistribute static routes into the AS.

Figure 98 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable OSPF (see "Example: Configuring basic OSPF").

3. Configure Area 1 as an NSSA area:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 1

[RouterA-ospf-1-area-0.0.0.1] nssa

[RouterA-ospf-1-area-0.0.0.1] quit

[RouterA-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf-1] area 1

[RouterC-ospf-1-area-0.0.0.1] nssa

[RouterC-ospf-1-area-0.0.0.1] quit

[RouterC-ospf-1] quit

# Display routing information on Router C.

[RouterC] display ospf routing

OSPF Process 1 with Router ID 10.4.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

10.2.1.0/24 3 Transit 10.2.1.2 10.4.1.1 0.0.0.1

10.3.1.0/24 7 Inter 10.2.1.1 10.2.1.1 0.0.0.1

10.4.1.0/24 3 Stub 10.4.1.1 10.4.1.1 0.0.0.1

10.5.1.0/24 17 Inter 10.2.1.1 10.2.1.1 0.0.0.1

10.1.1.0/24 5 Inter 10.2.1.1 10.2.1.1 0.0.0.1

Total nets: 5

Intra area: 2 Inter area: 3 ASE: 0 NSSA: 0

4. Configure route redistribution:

# Configure OSPF to redistribute the static route on Router C.

[RouterC] ip route-static 3.1.2.1 24 10.4.1.2

[RouterC] ospf

[RouterC-ospf-1] import-route static

[RouterC-ospf-1] quit

# Display routing information on Router D.

<RouterD> display ospf routing

OSPF Process 1 with Router ID 10.5.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

10.2.1.0/24 22 Inter 10.3.1.1 10.3.1.1 0.0.0.2

10.3.1.0/24 10 Transit 10.3.1.2 10.3.1.1 0.0.0.2

10.4.1.0/24 25 Inter 10.3.1.1 10.3.1.1 0.0.0.2

10.5.1.0/24 10 Stub 10.5.1.1 10.5.1.1 0.0.0.2

10.1.1.0/24 12 Inter 10.3.1.1 10.3.1.1 0.0.0.2

Routing for ASEs

Destination Cost Type Tag NextHop AdvRouter

3.1.2.0/24 1 Type2 1 10.3.1.1 10.2.1.1

Total nets: 6

Intra area: 2 Inter area: 3 ASE: 1 NSSA: 0

The output shows that an AS external route imported from the NSSA area exists on Router D.

Example: Configuring OSPF DR election

Network configuration

As shown in Figure 99:

· Enable OSPF on Routers A, B, C, and D on the same network.

· Configure Router D as the DR, and configure Router C as the BDR.

· Change the router priorities on the interfaces to configure Router A as the DR and Router C as the BDR.

Figure 99 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure basic OSPF settings on all routers. (Details not shown.)

For more information, see "Example: Configuring basic OSPF."

3. Display neighbor information on Router A.

[RouterA] display ospf peer verbose

OSPF Process 1 with Router ID 1.1.1.1

Neighbors

Area 0.0.0.0 interface 192.168.1.1(Ten-GigabitEthernet3/0/1)'s neighbors

Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal

State: 2-Way Mode: None Priority: 1

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 38 sec

Neighbor is up for 00:01:31

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal

State: Full Mode: Nbr is master Priority: 1

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 31 sec

Neighbor is up for 00:01:28

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

Router ID: 4.4.4.4 Address: 192.168.1.4 GR State: Normal

State: Full Mode: Nbr is master Priority: 1

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 31 sec

Neighbor is up for 00:01:28

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

The output shows that Router D is the DR and Router C is the BDR.

4. Configure router priorities on interfaces:

# Configure Router A.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospf dr-priority 100

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] quit

# Configure Router B.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospf dr-priority 0

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] quit

# Configure Router C.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospf dr-priority 2

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] quit

# Display information about neighbors of Router D.

<RouterD> display ospf peer verbose

OSPF Process 1 with Router ID 4.4.4.4

Neighbors

Area 0.0.0.0 interface 192.168.1.4(Ten-GigabitEthernet3/0/1)'s neighbors

Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal

State: Full Mode:Nbr is slave Priority: 100

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 31 sec

Neighbor is up for 00:11:17

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal

State: Full Mode:Nbr is slave Priority: 0

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 35 sec

Neighbor is up for 00:11:19

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal

State: Full Mode:Nbr is slave Priority: 2

DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 33 sec

Neighbor is up for 00:11:15

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

The output shows that the DR and BDR are not changed, because the new router priority settings do not take effect immediately.

5. Restart OSPF processes:

# Restart the OSPF process on Router A.

<RouterA> reset ospf 1 process

Warning : Reset OSPF process? [Y/N]:y

# Restart the OSPF process on Router B.

<RouterB> reset ospf 1 process

Warning : Reset OSPF process? [Y/N]:y

# Restart the OSPF process on Router C.

<RouterC> reset ospf 1 process

Warning : Reset OSPF process? [Y/N]:y

# Restart the OSPF process on Router D.

<RouterD> reset ospf 1 process

Warning : Reset OSPF process? [Y/N]:y

# Display neighbor information on Router D.

<RouterD> display ospf peer verbose

OSPF Process 1 with Router ID 4.4.4.4

Neighbors

Area 0.0.0.0 interface 192.168.1.4(Ten-GigabitEthernet3/0/1)'s neighbors

Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal

State: Full Mode: Nbr is slave Priority: 100

DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 39 sec

Neighbor is up for 00:01:40

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal

State: 2-Way Mode: None Priority: 0

DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 35 sec

Neighbor is up for 00:01:44

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal

State: Full Mode: Nbr is slave Priority: 2

DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0

Options is 0x02 (-|-|-|-|-|-|E|-)

Dead timer due in 39 sec

Neighbor is up for 00:01:41

Authentication Sequence: [ 0 ]

Neighbor state change count: 6

BFD status: Disabled

The output shows that Router A becomes the DR and Router C becomes the BDR.

The full neighbor state means an adjacency has been established. The 2-way neighbor state means the two routers are not the DR or BDR, and they do not exchange LSAs.

# Display OSPF interface information.

<RouterA> display ospf interface

OSPF Process 1 with Router ID 1.1.1.1

Interfaces

Area: 0.0.0.0

IP Address Type State Cost Pri DR BDR

192.168.1.1 Broadcast DR 1 100 192.168.1.1 192.168.1.3

<RouterB> display ospf interface

OSPF Process 1 with Router ID 2.2.2.2

Interfaces

Area: 0.0.0.0

IP Address Type State Cost Pri DR BDR

192.168.1.2 Broadcast DROther 1 0 192.168.1.1 192.168.1.3

The interface state DROther means the interface is not the DR or BDR.

Example: Configuring OSPF virtual link

Network configuration

As shown in Figure 100, configure a virtual link between Router B and Router C to connect Area 2 to the backbone area. After configuration, Router B can learn routes to Area 2.

Figure 100 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable OSPF:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf 1 router-id 1.1.1.1

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospf 1 router-id 2.2.2.2

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] area 1

[RouterB–ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255

[RouterB–ospf-1-area-0.0.0.1] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf 1 router-id 3.3.3.3

[RouterC-ospf-1] area 1

[RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.1] quit

[RouterC-ospf-1] area 2

[RouterC–ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255

[RouterC–ospf-1-area-0.0.0.2] quit

[RouterC-ospf-1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] ospf 1 router-id 4.4.4.4

[RouterD-ospf-1] area 2

[RouterD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255

[RouterD-ospf-1-area-0.0.0.2] quit

[RouterD-ospf-1] quit

# Display OSPF routing information on Router B.

[RouterB] display ospf routing

OSPF Process 1 with Router ID 2.2.2.2

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

10.2.1.0/24 2 Transit 10.2.1.1 3.3.3.3 0.0.0.1

10.1.1.0/24 2 Transit 10.1.1.2 2.2.2.2 0.0.0.0

Total nets: 2

Intra area: 2 Inter area: 0 ASE: 0 NSSA: 0

The output shows that Router B does not have routes to Area 2 because Area 0 is not directly connected to Area 2.

3. Configure a virtual link:

# Configure Router B.

[RouterB] ospf

[RouterB-ospf-1] area 1

[RouterB-ospf-1-area-0.0.0.1] vlink-peer 3.3.3.3

[RouterB-ospf-1-area-0.0.0.1] quit

[RouterB-ospf-1] quit

# Configure Router C.

[RouterC] ospf

[RouterC-ospf-1] area 1

[RouterC-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2

[RouterC-ospf-1-area-0.0.0.1] quit

[RouterC-ospf-1] quit

# Display OSPF routing information on Router B.

[RouterB] display ospf routing

OSPF Process 1 with Router ID 2.2.2.2

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

10.2.1.0/24 2 Transit 10.2.1.1 3.3.3.3 0.0.0.1

10.3.1.0/24 5 Inter 10.2.1.2 3.3.3.3 0.0.0.0

10.1.1.0/24 2 Transit 10.1.1.2 2.2.2.2 0.0.0.0

Total nets: 3

Intra area: 2 Inter area: 1 ASE: 0 NSSA: 0

The output shows that Router B has learned the route 10.3.1.0/24 to Area 2.

Example: Configuring OSPF GR

Network configuration

As shown in Figure 101:

· Router A, Router B, and Router C that belong to the same autonomous system and the same OSPF routing domain are GR capable.

· Router A acts as the non-IETF GR restarter. Router B and Router C are the GR helpers, and synchronize their LSDBs with Router A through OOB communication of GR.

Figure 101 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable OSPF:

# Configure Router A.

<RouterA> system-view

[RouterA] router id 1.1.1.1

[RouterA] ospf 100

[RouterA-ospf-100] area 0

[RouterA-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255

[RouterA-ospf-100-area-0.0.0.0] quit

[RouterA-ospf-100] quit

# Configure Router B.

<RouterB> system-view

[RouterB] router id 2.2.2.2

[RouterB] ospf 100

[RouterB-ospf-100] area 0

[RouterB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255

[RouterB-ospf-100-area-0.0.0.0] quit

[RouterB-ospf-100] quit

# Configure Router C.

<RouterC> system-view

[RouterC] router id 3.3.3.3

[RouterC] ospf 100

[RouterC-ospf-100] area 0

[RouterC-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255

[RouterC-ospf-100-area-0.0.0.0] quit

[RouterC-ospf-100] quit

3. Configure OSPF GR:

# Configure Router A as the non-IETF OSPF GR restarter: enable the link-local signaling capability, the out-of-band re-synchronization capability, and non-IETF GR for OSPF process 100.

[RouterA-ospf-100] enable link-local-signaling

[RouterA-ospf-100] enable out-of-band-resynchronization

[RouterA-ospf-100] graceful-restart

[RouterA-ospf-100] quit

# Configure Router B as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100.

[RouterB-ospf-100] enable link-local-signaling

[RouterB-ospf-100] enable out-of-band-resynchronization

# Configure Router C as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100.

[RouterC-ospf-100] enable link-local-signaling

[RouterC-ospf-100] enable out-of-band-resynchronization

Verifying the configuration

# Enable OSPF GR event debugging and restart the OSPF process by using GR on Router A.

<RouterA> debugging ospf event graceful-restart

<RouterA> terminal monitor

<RouterA> terminal logging level 7

<RouterA> reset ospf 100 process graceful-restart

Reset OSPF process? [Y/N]:y

%Oct 21 15:29:28:727 2011 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 100 Neighbor 192.1.1.2(Ten-GigabitEthernet3/0/1) from Full to Down.

%Oct 21 15:29:28:729 2011 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 100 Neighbor 192.1.1.3(Ten-GigabitEthernet3/0/1) from Full to Down.

*Oct 21 15:29:28:735 2011 RouterA OSPF/7/DEBUG:

OSPF 100 nonstandard GR Started for OSPF Router

*Oct 21 15:29:28:735 2011 RouterA OSPF/7/DEBUG:

OSPF 100 created GR wait timer,timeout interval is 40(s).

*Oct 21 15:29:28:735 2011 RouterA OSPF/7/DEBUG:

OSPF 100 created GR Interval timer,timeout interval is 120(s).

*Oct 21 15:29:28:758 2011 RouterA OSPF/7/DEBUG:

OSPF 100 created OOB Progress timer for neighbor 192.1.1.3.

*Oct 21 15:29:28:766 2011 RouterA OSPF/7/DEBUG:

OSPF 100 created OOB Progress timer for neighbor 192.1.1.2.

%Oct 21 15:29:29:902 2011 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 100 Neighbor 192.1.1.2(Ten-GigabitEthernet3/0/1) from Loading to Full.

*Oct 21 15:29:29:902 2011 RouterA OSPF/7/DEBUG:

OSPF 100 deleted OOB Progress timer for neighbor 192.1.1.2.

%Oct 21 15:29:30:897 2011 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 100 Neighbor 192.1.1.3(Ten-GigabitEthernet3/0/1) from Loading to Full.

*Oct 21 15:29:30:897 2011 RouterA OSPF/7/DEBUG:

OSPF 100 deleted OOB Progress timer for neighbor 192.1.1.3.

*Oct 21 15:29:30:911 2011 RouterA OSPF/7/DEBUG:

OSPF GR: Process 100 Exit Restart,Reason : DR or BDR change,for neighbor : 192.1.1.3.

*Oct 21 15:29:30:911 2011 RouterA OSPF/7/DEBUG:

OSPF 100 deleted GR Interval timer.

*Oct 21 15:29:30:912 2011 RouterA OSPF/7/DEBUG:

OSPF 100 deleted GR wait timer.

%Oct 21 15:29:30:920 2011 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 100 Neighbor 192.1.1.2(Ten-GigabitEthernet3/0/1) from Full to Down.

%Oct 21 15:29:30:921 2011 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 100 Neighbor 192.1.1.3(Ten-GigabitEthernet3/0/1) from Full to Down.

%Oct 21 15:29:33:815 2011 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 100 Neighbor 192.1.1.3(Ten-GigabitEthernet3/0/1) from Loading to Full.

%Oct 21 15:29:35:578 2011 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 100 Neighbor 192.1.1.2(Ten-GigabitEthernet3/0/1) from Loading to Full.

The output shows that Router A completes GR.

Example: Configuring BFD for OSPF

Network configuration

As shown in Figure 102, run OSPF on Router A, Router B, and Router C so that they can reach each other at the network layer.

· When the link over which Router A and Router B communicate through a Layer 2 switch fails, BFD can quickly detect the failure and notify OSPF of the failure.

· Router A and Router B then communicate through Router C.

Figure 102 Network diagram

‌

Table 6 Interface and IP address assignment

Device	Interface	IP address
Router A	XGE3/0/1	192.168.0.102/24
Router A	XGE3/0/2	10.1.1.102/24
Router A	Loop0	121.1.1.1/32
Router B	XGE3/0/1	192.168.0.100/24
Router B	XGE3/0/2	13.1.1.1/24
Router B	Loop0	120.1.1.1/32
Router C	XGE3/0/1	10.1.1.100/24
Router C	XGE3/0/2	13.1.1.2/24

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable OSPF:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] network 121.1.1.1 0.0.0.0

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] network 120.1.1.1 0.0.0.0

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

3. Configure BFD:

# Enable BFD on Router A and configure BFD parameters.

[RouterA] bfd session init-mode active

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospf bfd enable

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 7

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable BFD on Router B and configure BFD parameters.

[RouterB] bfd session init-mode active

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospf bfd enable

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 6

[RouterB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display the BFD information on Router A.

<RouterA> display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv4 session working in control packet mode:

LD/RD SourceAddr DestAddr State Holdtime Interface

3/1 192.168.0.102 192.168.0.100 Up 1700ms XGE3/0/1

# Display routes destined for 120.1.1.1/32 on Router A.

<RouterA> display ip routing-table 120.1.1.1 verbose

Summary Count : 1

Destination: 120.1.1.1/32

Protocol: O_INTRA

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 1 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 192.168.0.100

Label: NULL RealNextHop: 192.168.0.100

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/1

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/1. Then the link over Ten-GigabitEthernet 3/0/1 fails.

# Display routes destined for 120.1.1.1/32 on Router A.

<RouterA> display ip routing-table 120.1.1.1 verbose

Summary Count : 1

Destination: 120.1.1.1/32

Protocol: O_INTRA

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 2 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 10.1.1.100

Label: NULL RealNextHop: 10.1.1.100

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/2.

Example: Configuring OSPF FRR

Network configuration

As shown in Figure 103, Router A, Router B, and Router C reside in the same OSPF domain. Configure OSPF FRR so that when Link A fails, traffic is immediately switched to Link B.

Figure 103 Network diagram

‌

Table 7 Interface and IP address assignment

Device	Interface	IP address
Router A	XGE3/0/1	12.12.12.1/24
Router A	XGE3/0/2	13.13.13.1/24
Router A	Loop0	1.1.1.1/32
Router B	XGE3/0/1	24.24.24.4/24
Router B	XGE3/0/2	13.13.13.2/24
Router B	Loop0	4.4.4.4/32
Router C	XGE3/0/1	12.12.12.2/24
Router C	XGE3/0/2	24.24.24.2/24

‌

Procedure

1. Configure IP addresses and subnet masks for interfaces on the routers. (Details not shown.)

2. Configure OSPF on the routers to ensure that Router A, Router B, and Router C can communicate with each other at the network layer. (Details not shown.)

3. Configure OSPF FRR:

You can enable OSPF FRR to either calculate a backup next hop by using the LFA algorithm, or specify a backup next hop by using a routing policy.

¡ (Method 1.) Enable OSPF FRR to calculate a backup next hop by using the LFA algorithm:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf 1

[RouterA-ospf-1] fast-reroute lfa

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospf 1

[RouterB-ospf-1] fast-reroute lfa

[RouterB-ospf-1] quit

¡ (Method 2.) Enable OSPF FRR to specify a backup next hop by using a routing policy:

# Configure Router A.

<RouterA> system-view

[RouterA] ip prefix-list abc index 10 permit 4.4.4.4 32

[RouterA] route-policy frr permit node 10

[RouterA-route-policy-frr-10] if-match ip address prefix-list abc

[RouterA-route-policy-frr-10] apply fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 12.12.12.2

[RouterA-route-policy-frr-10] quit

[RouterA] ospf 1

[RouterA-ospf-1] fast-reroute route-policy frr

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ip prefix-list abc index 10 permit 1.1.1.1 32

[RouterB] route-policy frr permit node 10

[RouterB-route-policy-frr-10] if-match ip address prefix-list abc

[RouterB-route-policy-frr-10] apply fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 24.24.24.2

[RouterB-route-policy-frr-10] quit

[RouterB] ospf 1

[RouterB-ospf-1] fast-reroute route-policy frr

[RouterB-ospf-1] quit

Verifying the configuration

# Display route 4.4.4.4/32 on Router A to view the backup next hop information.

[RouterA] display ip routing-table 4.4.4.4 verbose

Summary Count : 1

Destination: 4.4.4.4/32

Protocol: O_INTRA

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 1 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 13.13.13.2

Label: NULL RealNextHop: 13.13.13.2

BkLabel: NULL BkNextHop: 12.12.12.2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display route 1.1.1.1/32 on Router B to view the backup next hop information.

[RouterB] display ip routing-table 1.1.1.1 verbose

Summary Count : 1

Destination: 1.1.1.1/32

Protocol: O_INTRA

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 1 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 13.13.13.1

Label: NULL RealNextHop: 13.13.13.1

BkLabel: NULL BkNextHop: 24.24.24.2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

IS-IS configuration examples

Example: Configuring basic IS-IS

Network configuration

As shown in Figure 104, Router A, Router B, Router C, and Router D reside in an AS.

Router A and Router B are Level-1 routers, Router D is a Level-2 router, and Router C is a Level-1-2 router connecting two areas. Router A, Router B, and Router C are in area 10, and Router D is in area 20.

Figure 104 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure IS-IS:

# Configure Router A

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] is-level level-1

[RouterA-isis-1] network-entity 10.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] is-level level-1

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 10.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/3] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] is-level level-2

[RouterD-isis-1] network-entity 20.0000.0000.0004.00

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Display the IS-IS LSDB information.

[RouterA] display isis lsdb

Database information for ISIS(1)

--------------------------------

Level-1 Link State Database

---------------------------

LSPID Seq Num Checksum Holdtime Length ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0001.00-00* 0x00000004 0xdf5e 1096 68 0/0/0

0000.0000.0002.00-00 0x00000004 0xee4d 1102 68 0/0/0

0000.0000.0002.01-00 0x00000001 0xdaaf 1102 55 0/0/0

0000.0000.0003.00-00 0x00000009 0xcaa3 1161 111 1/0/0

0000.0000.0003.01-00 0x00000001 0xadda 1112 55 0/0/0

*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

[RouterB] display isis lsdb

Database information for ISIS(1)

--------------------------------

Level-1 Link State Database

---------------------------

LSPID Seq Num Checksum Holdtime Length ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0001.00-00 0x00000006 0xdb60 988 68 0/0/0

0000.0000.0002.00-00* 0x00000008 0xe651 1189 68 0/0/0

0000.0000.0002.01-00* 0x00000005 0xd2b3 1188 55 0/0/0

0000.0000.0003.00-00 0x00000014 0x194a 1190 111 1/0/0

0000.0000.0003.01-00 0x00000002 0xabdb 995 55 0/0/0

*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

[RouterC] display isis lsdb

Database information for ISIS(1)

--------------------------------

Level-1 Link State Database

---------------------------

LSPID Seq Num Checksum Holdtime Length ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0001.00-00 0x00000006 0xdb60 847 68 0/0/0

0000.0000.0002.00-00 0x00000008 0xe651 1053 68 0/0/0

0000.0000.0002.01-00 0x00000005 0xd2b3 1052 55 0/0/0

0000.0000.0003.00-00* 0x00000014 0x194a 1051 111 1/0/0

0000.0000.0003.01-00* 0x00000002 0xabdb 854 55 0/0/0

*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

Level-2 Link State Database

---------------------------

LSPID Seq Num Checksum Holdtime Length ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0003.00-00* 0x00000012 0xc93c 842 100 0/0/0

0000.0000.0004.00-00 0x00000026 0x331 1173 84 0/0/0

0000.0000.0004.01-00 0x00000001 0xee95 668 55 0/0/0

*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

[RouterD] display isis lsdb

Database information for ISIS(1)

--------------------------------

Level-2 Link State Database

---------------------------

LSPID Seq Num Checksum Holdtime Length ATT/P/OL

--------------------------------------------------------------------------

0000.0000.0003.00-00 0x00000013 0xc73d 1003 100 0/0/0

0000.0000.0004.00-00* 0x0000003c 0xd647 1194 84 0/0/0

0000.0000.0004.01-00* 0x00000002 0xec96 1007 55 0/0/0

*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload

# Display the IS-IS routing information on each router.

[RouterA] display isis route

Route information for IS-IS(1)

------------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 10 NULL XGE3/0/1 Direct D/L/-

10.1.2.0/24 20 NULL XGE3/0/1 10.1.1.1 R/-/-

192.168.0.0/24 20 NULL XGE3/0/1 10.1.1.1 R/-/-

0.0.0.0/0 10 NULL XGE3/0/1 10.1.1.1 R/-/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

[RouterC] display isis route

Route information for IS-IS(1)

-----------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 10 NULL XGE3/0/1 Direct D/L/-

10.1.2.0/24 10 NULL XGE3/0/3 Direct D/L/-

192.168.0.0/24 10 NULL XGE3/0/2 Direct D/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Level-2 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 10 NULL D/L/-

10.1.2.0/24 10 NULL D/L/-

192.168.0.0/24 10 NULL D/L/-

172.16.0.0/16 20 NULL XGE3/0/2 192.168.0.2 R/-/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

[RouterD] display isis route

Route information for IS-IS(1)

-----------------------------

Level-2 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

192.168.0.0/24 10 NULL XGE3/0/2 Direct D/L/-

10.1.1.0/24 20 NULL XGE3/0/2 192.168.0.1 R/-/-

10.1.2.0/24 20 NULL XGE3/0/2 192.168.0.1 R/-/-

172.16.0.0/16 10 NULL XGE3/0/1 Direct D/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

The output shows that the routing table of Level-1 routers contains a default route with the next hop as the Level-1-2 router. The routing table of Level-2 router contains all Level-1 and Level-2 routes.

Example: Configuring DIS election

Network configuration

As shown in Figure 105, on a broadcast network (Ethernet), Router A, Router B, Router C, and Router D reside in IS-IS Area 10. Router A and Router B are Level-1-2 routers, Router C is a Level-1 router, and Router D is a Level-2 router.

Change the DIS priority of Router A to make it elected as the Level-1-2 DIS router.

Figure 105 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Enable IS-IS:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 10.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 10.0000.0000.0003.00

[RouterC-isis-1] is-level level-1

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] network-entity 10.0000.0000.0004.00

[RouterD-isis-1] is-level level-2

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Display information about IS-IS neighbors of Router A.

[RouterA] display isis peer

Peer information for IS-IS(1)

----------------------------

System ID: 0000.0000.0002

Interface: XGE3/0/1 Circuit Id: 0000.0000.0003.01

State: Up HoldTime: 21s Type: L1(L1L2) PRI: 64

System ID: 0000.0000.0003

Interface: XGE3/0/1 Circuit Id: 0000.0000.0003.01

State: Up HoldTime: 6s Type: L1 PRI: 64

System ID: 0000.0000.0002

Interface: XGE3/0/1 Circuit Id: 0000.0000.0004.01

State: Up HoldTime: 23s Type: L2(L1L2) PRI: 64

System ID: 0000.0000.0004

Interface: XGE3/0/1 Circuit Id: 0000.0000.0004.01

State: Up HoldTime: 23s Type: L2 PRI: 64

# Display information about IS-IS interfaces of Router A.

[RouterA] display isis interface

Interface information for IS-IS(1)

---------------------------------

Interface: Ten-GigabitEthernet3/0/1

Index IPv4 state IPv6 state Circuit ID MTU Type DIS

00001 Up Down 1 1497 L1/L2 No/No

# Display IS-IS interfaces of Router C.

[RouterC] display isis interface

Interface information for IS-IS(1)

---------------------------------

Interface: Ten-GigabitEthernet3/0/1

Index IPv4 state IPv6 state Circuit ID MTU Type DIS

00001 Up Down 1 1497 L1/L2 Yes/No

# Display information about IS-IS interfaces of Router D.

[RouterD] display isis interface

Interface information for IS-IS(1)

---------------------------------

Interface: Ten-GigabitEthernet3/0/1

Index IPv4 state IPv6 state Circuit ID MTU Type DIS

00001 Up Down 1 1497 L1/L2 No/Yes

The output shows that when the default DIS priority is used, Router C is the DIS for Level-1, and Router D is the DIS for Level-2. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01.

# Configure the DIS priority of Router A.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis dis-priority 100

# Display information about IS-IS neighbors of Router A.

[RouterA] display isis peer

Peer information for IS-IS(1)

----------------------------

System ID: 0000.0000.0002

Interface: XGE3/0/1 Circuit Id: 0000.0000.0001.01

State: Up HoldTime: 29s Type: L1(L1L2) PRI: 64

System ID: 0000.0000.0003

Interface: XGE3/0/1 Circuit Id: 0000.0000.0001.01

State: Up HoldTime: 22s Type: L1 PRI: 64

System ID: 0000.0000.0002

Interface: XGE3/0/1 Circuit Id: 0000.0000.0001.01

State: Up HoldTime: 22s Type: L2(L1L2) PRI: 64

System ID: 0000.0000.0004

Interface: XGE3/0/1 Circuit Id: 0000.0000.0001.01

State: Up HoldTime: 22s Type: L2 PRI: 64

# Display information about IS-IS interfaces of Router A.

[RouterA] display isis interface

Interface information for IS-IS(1)

---------------------------------

Interface: Ten-GigabitEthernet3/0/1

Index IPv4 state IPv6 state Circuit ID MTU Type DIS

00001 Up Down 1 1497 L1/L2 Yes/Yes

The output shows that after the DIS priority configuration, Router A becomes the DIS for Level-1-2, and the pseudonode is 0000.0000.0001.01.

# Display information about IS-IS neighbors and interfaces of Router C.

[RouterC] display isis peer

Peer information for IS-IS(1)

----------------------------

System ID: 0000.0000.0001

Interface: XGE3/0/1 Circuit Id: 0000.0000.0001.01

State: Up HoldTime: 7s Type: L1 PRI: 100

System ID: 0000.0000.0002

Interface: XGE3/0/1 Circuit Id: 0000.0000.0001.01

State: Up HoldTime: 23s Type: L1 PRI: 64

[RouterC] display isis interface

Interface information for IS-IS(1)

---------------------------------

Interface: Ten-GigabitEthernet3/0/1

Index IPv4 state IPv6 state Circuit ID MTU Type DIS

00 1 Up Down 1 1497 L1/L2 No/No

# Display information about IS-IS neighbors and interfaces of Router D.

[RouterD] display isis peer

Peer information for IS-IS(1)

----------------------------

System ID: 0000.0000.0001

Interface: XGE3/0/1 Circuit Id: 0000.0000.0001.01

State: Up HoldTime: 7s Type: L2 PRI: 100

System ID: 0000.0000.0002

Interface: XGE3/0/1 Circuit Id: 0000.0000.0001.01

State: Up HoldTime: 26s Type: L2 PRI: 64

[RouterD] display isis interface

Interface information for IS-IS(1)

---------------------------------

Interface: Ten-GigabitEthernet3/0/1

Index IPv4 state IPv6 state Circuit ID MTU Type DIS

00001 Up Down 1 1497 L1/L2 No/No

Example: Configuring IS-IS route redistribution

Network configuration

As shown in Figure 106, Router A, Router B, Router C, and Router D reside in the same AS. They use IS-IS to interconnect. Router A and Router B are Level-1 routers, Router D is a Level-2 router, and Router C is a Level-1-2 router.

Redistribute RIP routes into IS-IS on Router D.

Figure 106 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure basic IS-IS:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] is-level level-1

[RouterA-isis-1] network-entity 10.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] is-level level-1

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 10.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/3] quit

# Configure Router D.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] is-level level-2

[RouterD-isis-1] network-entity 20.0000.0000.0004.00

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/2] quit

# Display IS-IS routing information on each router.

[RouterA] display isis route

Route information for IS-IS(1)

------------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 10 NULL XGE3/0/1 Direct D/L/-

10.1.2.0/24 20 NULL XGE3/0/1 10.1.1.1 R/-/-

192.168.0.0/24 20 NULL XGE3/0/1 10.1.1.1 R/-/-

0.0.0.0/0 10 NULL XGE3/0/1 10.1.1.1 R/-/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

[RouterC] display isis route

Route information for IS-IS(1)

-----------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 10 NULL XGE3/0/1 Direct D/L/-

10.1.2.0/24 10 NULL XGE3/0/3 Direct D/L/-

192.168.0.0/24 10 NULL XGE3/0/2 Direct D/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Level-2 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 10 NULL D/L/-

10.1.2.0/24 10 NULL D/L/-

10.1.4.0/24 10 NULL D/L/-

192.168.0.0/24 10 NULL D/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

[RouterD] display isis route

Route information for IS-IS(1)

-----------------------------

Level-2 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 20 NULL XGE3/0/2 192.168.0.1 R/-/-

10.1.2.0/24 20 NULL XGE3/0/2 192.168.0.1 R/-/-

10.1.4.0/24 10 NULL XGE3/0/1 Direct D/L/-

192.168.0.0/24 10 NULL XGE3/0/2 Direct D/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

3. Configure RIPv2 on Router D and Router E, and configure IS-IS to redistribute RIP routes on Router D:

# Configure RIPv2 on Router D.

[RouterD] rip 1

[RouterD-rip-1] network 10.0.0.0

[RouterD-rip-1] version 2

[RouterD-rip-1] undo summary

# Configure RIPv2 on Router E.

[RouterE] rip 1

[RouterE-rip-1] network 10.0.0.0

[RouterE-rip-1] version 2

[RouterE-rip-1] undo summary

# On Router D, configure IS-IS to redistribute routes from RIP.

[RouterD-rip-1] quit

[RouterD] isis 1

[RouterD–isis-1] address-family ipv4

[RouterD–isis-1-ipv4] import-route rip level-2

# Display IS-IS routing information on Router C.

[RouterC] display isis route

Route information for IS-IS(1)

-----------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 10 NULL XGE3/0/1 Direct D/L/-

10.1.2.0/24 10 NULL XGE3/0/3 Direct D/L/-

192.168.0.0/24 10 NULL XGE3/0/2 Direct D/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Level-2 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

10.1.1.0/24 10 NULL D/L/-

10.1.2.0/24 10 NULL D/L/-

192.168.0.0/24 10 NULL D/L/-

10.1.4.0/24 20 NULL XGE3/0/2 192.168.0.2 R/L/-

10.1.5.0/24 10 0 XGE3/0/2 192.168.0.2 R/L/-

10.1.6.0/24 10 0 XGE3/0/2 192.168.0.2 R/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Example: Configuring IS-IS authentication

Network configuration

As shown in Figure 107, Router A, Router B, Router C, and Router D reside in the same IS-IS routing domain.

Router A, Router B, and Router C belong to Area 10, and Router D belongs to Area 20.

· Configure neighbor relationship authentication between neighbors.

· Configure area authentication in Area 10 to prevent untrusted routes from entering into the area.

· Configure routing domain authentication on Router C and Router D to prevent untrusted routes from entering the routing domain.

Figure 107 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure basic IS-IS:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 10.0000.0000.0001.00

[RouterA-isis-1] is-level level-1

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] is-level level-1

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 10.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/3] quit

# Configure Router D.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] network-entity 20.0000.0000.0001.00

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

3. Configure neighbor relationship authentication between neighbors:

# Set the authentication mode to MD5 and set the plaintext key to eRq on Ten-GigabitEthernet 3/0/1 of Router A and on Ten-GigabitEthernet 3/0/3 of Router C.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis authentication-mode md5 plain eRg

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] isis authentication-mode md5 plain eRg

[RouterC-Ten-GigabitEthernet3/0/3] quit

# Set the authentication mode to MD5 and set the plaintext key to t5Hr on Ten-GigabitEthernet 3/0/1 of Router B and on Ten-GigabitEthernet 3/0/1 of Router C.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis authentication-mode md5 plain t5Hr

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis authentication-mode md5 plain t5Hr

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to MD5 and set the plaintext key to hSec on Ten-GigabitEthernet 3/0/1 of Router D and on Ten-GigabitEthernet 3/0/2 of Router C.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis authentication-mode md5 plain hSec

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis authentication-mode md5 plain hSec

[RouterD-Ten-GigabitEthernet3/0/1] quit

4. Set the area authentication mode to MD5 and set the plaintext key to 10Sec on Router A, Router B, and Router C.

[RouterA] isis 1

[RouterA-isis-1] area-authentication-mode md5 plain 10Sec

[RouterA-isis-1] quit

[RouterB] isis 1

[RouterB-isis-1] area-authentication-mode md5 plain 10Sec

[RouterB-isis-1] quit

[RouterC] isis 1

[RouterC-isis-1] area-authentication-mode md5 plain 10Sec

[RouterC-isis-1] quit

5. Set routing domain authentication mode to MD5 and set the plaintext key to 1020Sec on Router C and Router D.

[RouterC] isis 1

[RouterC-isis-1] domain-authentication-mode md5 plain 1020Sec

[RouterC-isis-1] quit

[RouterD] isis 1

[RouterD-isis-1] domain-authentication-mode md5 plain 1020Sec

[RouterD-isis-1] quit

Example: Configuring IS-IS GR

Network configuration

As shown in Figure 108, Router A, Router B, and Router C belong to the same IS-IS routing domain. Run IS-IS on all the routers to interconnect them with each other.

Figure 108 Network diagram

‌

Procedure

1. Configure the IP addresses and subnet masks for interfaces on the routers. (Details not shown.)

2. Configure IS-IS on the routers to make sure Router A, Router B, and Router C can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS. (Details not shown.)

3. Enable IS-IS GR on Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] graceful-restart

[RouterA-isis-1] quit

[RouterA] quit

Verifying the configuration

# Restart the IS-IS process on Router A.

<RouterA> reset isis all 1 graceful-restart

Reset IS-IS process? [Y/N]:y

# Check the GR state of the IS-IS process on Router A.

<RouterA> display isis graceful-restart status

Restart information for IS-IS(1)

--------------------------------

Restart status: COMPLETE

Restart phase: Finish

Restart t1: 3, count 10; Restart t2: 60; Restart t3: 300

SA Bit: supported

Level-1 restart information

---------------------------

Total number of interfaces: 1

Number of waiting LSPs: 0

Level-2 restart information

---------------------------

Total number of interfaces: 1

Number of waiting LSPs: 0

Example: Configuring BFD for IS-IS

Network configuration

· As shown in Figure 109, run IS-IS on Router A, Router B and Router C so that they can reach each other at the network layer.

· After the link over which Router A and Router B communicate through the Layer 2 switch fails, BFD can quickly detect the failure and notify IS-IS of the failure. Router A and Router B then communicate through Router C.

Figure 109 Network diagram

‌

Table 8 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	192.168.0.102/24	Router B	XGE3/0/1	192.168.0.100/24
	XGE3/0/2	10.1.1.102/24		XGE3/0/2	13.1.1.1/24
	Loop0	121.1.1.1/32		Loop0	120.1.1.1/32
Router C	XGE3/0/1	10.1.1.100/24
	XGE3/0/2	13.1.1.2/24

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure basic IS-IS:

# Configure Router A.

<RouterA> system-view

[RouterA] isis

[RouterA-isis-1] network-entity 10.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] isis enable

[RouterA-LoopBack0] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] isis enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] isis enable

[RouterB-LoopBack0] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis

[RouterC-isis-1] network-entity 10.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

3. Configure BFD functions:

# Enable BFD and configure BFD parameters on Router A.

[RouterA] bfd session init-mode active

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis bfd enable

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 7

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable BFD and configure BFD parameters on Router B.

[RouterB] bfd session init-mode active

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis bfd enable

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 8

[RouterB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display the BFD session information on Router A.

[RouterA] display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv4 session working in control packet mode:

LD/RD SourceAddr DestAddr State Holdtime Interface

3/1 192.168.0.102 192.168.0.100 Up 1700ms XGE3/0/1

# Display routes destined for 120.1.1.1/32 on Router A.

[RouterA] display ip routing-table 120.1.1.1 verbose

Summary count : 1

Destination: 120.1.1.1/32

Protocol: IS_L1

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 10 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 192.168.0.100

Label: NULL RealNextHop: 192.168.0.100

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/1

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

The output shows that Router A and Router B communicate through Ethernet 1/1. Then the link over Ethernet 1/1 fails.

# Display routes destined for 120.1.1.1/32 on Router A.

[RouterA] display ip routing-table 120.1.1.1 verbose

Summary count : 1

Destination: 120.1.1.1/32

Protocol: IS_L1

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 20 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 10.1.1.100

Label: NULL RealNextHop: 10.1.1.100

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

The output shows that Router A and Router B communicate through Ethernet 1/2.

Example: Configuring IS-IS LFA FRR

Network configuration

As shown in Figure 110, Router A, Router B, and Router C reside in the same IS-IS routing domain.

· Run IS-IS on all the routers to interconnect them with each other.

· Configure IS-IS FRR so that when Link A fails, traffic can be switched to Link B immediately.

Figure 110 Network diagram

‌

Table 9 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	12.12.12.1/24	Router B	XGE3/0/1	24.24.24.4/24
	XGE3/0/2	13.13.13.1/24		XGE3/0/2	13.13.13.2/24
	Loop0	1.1.1.1/32		Loop0	4.4.4.4/32
Router C	XGE3/0/1	12.12.12.2/24
	XGE3/0/2	24.24.24.2/24

‌

Procedure

1. Configure IP addresses and subnet masks for interfaces on the routers. (Details not shown.)

2. Configure IS-IS on the routers to make sure Router A, Router B, and Router C can communicate with each other at the network layer. (Details not shown.)

3. Configure IS-IS FRR:

Enable IS-IS FRR to calculate a backup next hop through LFA calculation, or designate a backup next hop by using a routing policy.

¡ (Method 1.) Enable IS-IS FRR to calculate a backup next hop through LFA calculation:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] address-family ipv4

[RouterA-isis-1-ipv4] fast-reroute lfa

[RouterA-isis-1-ipv4] quit

[RouterA-isis-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] address-family ipv4

[RouterB-isis-1-ipv4] fast-reroute lfa

[RouterB-isis-1-ipv4] quit

[RouterB-isis-1] quit

¡ (Method 2.) Enable IS-IS FRR to designate a backup next hop by using a routing policy:

# Configure Router A.

<RouterA> system-view

[RouterA] ip prefix-list abc index 10 permit 4.4.4.4 32

[RouterA] route-policy frr permit node 10

[RouterA-route-policy-frr-10] if-match ip address prefix-list abc

[RouterA-route-policy-frr-10] apply fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 12.12.12.2

[RouterA-route-policy-frr-10] quit

[RouterA] isis 1

[RouterA-isis-1] address-family ipv4

[RouterA-isis-1-ipv4] fast-reroute route-policy frr

[RouterA-isis-1-ipv4] quit

[RouterA-isis-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ip prefix-list abc index 10 permit 1.1.1.1 32

[RouterB] route-policy frr permit node 10

[RouterB-route-policy-frr-10] if-match ip address prefix-list abc

[RouterB-route-policy-frr-10] apply fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 24.24.24.2

[RouterB-route-policy-frr-10] quit

[RouterB] isis 1

[RouterB-isis-1] address-family ipv4

[RouterB-isis-1-ipv4] fast-reroute route-policy frr

[RouterB-isis-1-ipv4] quit

[RouterB-isis-1] quit

Verifying the configuration

# Display route 4.4.4.4/32 on Router A to view the backup next hop information.

[RouterA] display ip routing-table 4.4.4.4 verbose

Summary count : 1

Destination: 4.4.4.4/32

Protocol: IS_L1

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 10 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 13.13.13.2

Label: NULL RealNextHop: 13.13.13.2

BkLabel: NULL BkNextHop: 12.12.12.2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/1

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display route 1.1.1.1/32 on Router B to view the backup next hop information.

[RouterB] display ip routing-table 1.1.1.1 verbose

Summary count : 1

Destination: 1.1.1.1/32

Protocol: IS_L1

Process ID: 1

SubProtID: 0x1 Age: 04h20m37s

FlushedAge: 15h28m49s

Cost: 10 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x26000002 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: 0.0.0.0

Flags: 0x1008c OrigNextHop: 13.13.13.1

Label: NULL RealNextHop: 13.13.13.1

BkLabel: NULL BkNextHop: 24.24.24.2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/1

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

Example: Configuring IS-IS remote LFA FRR

Network configuration

As shown in Figure 110, Router A, Router B, Router C, and Router D reside in the same IS-IS routing domain.

· Run IS-IS on all the routers to interconnect them with each other.

· Configure MPLS LDP on all the routers.

· Configure IS-IS remote LFA FRR so that when Link A fails, traffic can be switched to Link B immediately.

Figure 111 Network diagram

‌

Table 10 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	12.12.12.1/24	Router B	XGE3/0/1	12.12.12.2/24
	XGE3/0/2	13.13.13.1/24		XGE3/0/2	15.15.15.1/24
	Loop1	1.1.1.1/32		Loop1	2.2.2.2/32
Router C	XGE3/0/1	13.13.13.2/24	Router D	XGE3/0/1	15.15.15.2/24
	XGE3/0/2	14.14.14.1/24		XGE3/0/2	14.14.14.2/24
	Loop1	3.3.3.3/32		Loop1	4.4.4.4/32

‌

Procedure

1. Configure IP addresses and subnet masks for interfaces on the routers. (Details not shown.)

2. Configure IS-IS and MPLS LDP on all the routers:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls ldp

[RouterA-ldp] accept target-hello all

[RouterA-ldp] quit

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] isis cost 10

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/2] isis cost 20

[RouterA-Ten-GigabitEthernet3/0/2] mpls enable

[RouterA-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis enable 1

[RouterA-LoopBack1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls ldp

[RouterB-ldp] accept target-hello all

[RouterB-ldp] quit

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] isis cost 10

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] isis cost 20

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis enable 1

[RouterB-LoopBack1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] mpls ldp

[RouterC-ldp] accept target-hello all

[RouterC-ldp] quit

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] isis cost 20

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] isis cost 20

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] isis enable 1

[RouterC-LoopBack1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.4

[RouterD] mpls ldp

[RouterD-ldp] accept target-hello all

[RouterD-ldp] quit

[RouterD] isis 1

[RouterD-isis-1] network-entity 00.0000.0000.0004.00

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] isis cost 20

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/2] isis cost 20

[RouterD-Ten-GigabitEthernet3/0/2] mpls enable

[RouterD-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface loopback 1

[RouterD-LoopBack1] isis enable 1

[RouterD-LoopBack1] quit

3. Configure IS-IS remote LFA FRR.

[RouterA] isis 1

[RouterA-isis-1] address-family ipv4

[RouterA-isis-1-ipv4] fast-reroute lfa

[RouterA-isis-1-ipv4] fast-reroute remote-lfa tunnel ldp

[RouterA-isis-1-ipv4] quit

[RouterA-isis-1] quit

Verifying the configuration

# Display route 2.2.2.2/32 on Router A to view the backup next hop information.

[RouterA] display isis route ipv4 2.2.2.2 32 verbose

Route information for IS-IS(1)

------------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Dest : 2.2.2.2/32 Int. Cost : 10 Ext. Cost : NULL

Admin Tag : - Src Count : 1 Flag : R/L/-

InLabel : 4294967295 InLabel Flag: -/-/-/-/-/-

NextHop : Interface : ExitIndex :

12.12.12.2 XGE3/0/1 0x00000002

Nib ID : 0x14000008 OutLabel : 4294967295 OutLabelFlag: -

LabelSrc : N/A Delay Flag : N/A

Remote-LFA:

Interface : XGE3/0/2

BkNextHop : 13.13.13.2 LsIndex : 0x01000002

Tunnel destination address: 4.4.4.4

Backup label: {1149}

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

InLabel flags: R-Readvertisement, N-Node SID, P-no PHP

E-Explicit null, V-Value, L-Local

OutLabelFlags: E-Explicit null, I-Implicit null, N-Nomal, P-SR label prefer

Level-2 IPv4 Forwarding Table

-----------------------------

IPv4 Dest : 2.2.2.2/32 Int. Cost : 10 Ext. Cost : NULL

Admin Tag : - Src Count : 3 Flag : -/-/-

InLabel : 4294967295 InLabel Flag: -/-/-/-/-/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

InLabel flags: R-Readvertisement, N-Node SID, P-no PHP

E-Explicit null, V-Value, L-Local

OutLabelFlags: E-Explicit null, I-Implicit null, N-Nomal, P-SR label prefer

Example: Configuring IS-IS multi-instance processes

Network configuration

As shown in Figure 112, the IPv4 and IPv6 costs are different on an interface. Configure IS-IS multi-instance processes to isolate the IPv4 and IPv6 network and avoid IPv6 route calculation errors.

Figure 112 Network diagram

‌

Table 11 Interface and IP address assignment

Device	Interface	IPv4 address	IPv6 address
Router A	XGE3/0/1	10.1.1.1/24	2001::1/64
	Loop0	1.1.1.1/32	10::1/128
Router C	XGE3/0/1	10.1.1.2/24	2001::2/64
	Loop0	2.2.2.2/32	20::1/128

‌

Prerequisites

Configure IPv4 and IPv6 addresses for the interfaces. (Details not shown.)

Procedure

1. Configure traditional IPv4 IS-IS processes:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 10.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] isis enable

[RouterA-LoopBack0] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] isis ipv6 enable 2

[RouterA-LoopBack0] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] isis enable

[RouterB-LoopBack0] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] isis ipv6 enable 2

[RouterB-LoopBack0] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

2. Configure IPv6 IS-IS multi-instance processes:

# Configure Router A.

[RouterA] isis 2

[RouterA-isis-2] network-entity 20.0000.0000.0010.00

[RouterA-isis-2] multi-instance enable iid 1

[RouterA-isis-2] address-family ipv6

[RouterA-isis-2-ipv6] quit

[RouterA-isis-2] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 2

[RouterA-Ten-GigabitEthernet3/0/1] isis process-id 2 cost 63

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] isis 2

[RouterB-isis-2] network-entity 20.0000.0000.0020.00

[RouterB-isis-2] multi-instance enable iid 1

[RouterB-isis-2] address-family ipv6

[RouterB-isis-2-ipv6] quit

[RouterB-isis-2] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 2

[RouterB-Ten-GigabitEthernet3/0/1] isis process-id 2 cost 63

[RouterB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# View information about the IPv4 IS-IS routing table of Router A.

[RouterA] display isis route ipv4

Route information for IS-IS(1)

------------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

1.1.1.1/32 0 NULL Loop0 Direct D/L/-

10.1.1.0/24 10 NULL GE1/0/1 Direct D/L/-

2.2.2.2/32 10 NULL GE1/0/1 10.1.1.2 R/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Level-2 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

1.1.1.1/32 0 NULL Loop0 Direct D/L/-

10.1.1.0/24 10 NULL ULL Direct D/L/-

2.2.2.2/32 10 NULL

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

The output shows that route calculation results are correct.

# View information about the IPv4 IS-IS routing table of Router B.

[RouterB] display isis route ipv4

Route information for IS-IS(1)

------------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

1.1.1.1/32 10 NULL GE1/0/1 10.1.1.1 R/L/-

10.1.1.0/24 10 NULL GE1/0/1 Direct D/L/-

2.2.2.2/32 0 NULL Loop0 Direct D/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Level-2 IPv4 Forwarding Table

-----------------------------

IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------

1.1.1.1/32 10 NULL

10.1.1.0/24 10 NULL GE1/0/1 Direct D/L/-

2.2.2.2/32 0 NULL Loop0 Direct D/L/-

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

The output shows that route calculation results are correct.

# View information about the IPv6 IS-IS routing table of Router A.

[RouterA] display isis route ipv6

Route information for IS-IS(2)

------------------------------

Level-1 IPv6 forwarding table

-----------------------------

Destination : 10::1 PrefixLen: 128

Flag : D/L/- Cost : 0

Next hop : Direct Interface: Loop0

Destination : 2001:: PrefixLen: 64

Flag : D/L/- Cost : 63

Next hop : Direct Interface: GE1/0/1

Destination : 20::1 PrefixLen: 128

Flag : R/L/- Cost : 63

Next hop : FE80::861F:31FF:FE6D:201 Interface: GE1/0/1

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Level-2 IPv6 forwarding table

-----------------------------

Destination : 10::1 PrefixLen: 128

Flag : D/L/- Cost : 0

Next hop : Direct Interface: Loop0

Destination : 2001:: PrefixLen: 64

Flag : D/L/- Cost : 63

Next hop : Direct Interface: GE1/0/1

Destination : 20::1 PrefixLen: 128

Flag : -/-/- Cost : 63

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

The output shows that route calculation results are correct.

# View information about the IPv6 IS-IS routing table of Router B.

[RouterB] display isis route ipv6

Route information for IS-IS(2)

------------------------------

Level-1 IPv6 forwarding table

-----------------------------

Destination : 10::1 PrefixLen: 128

Flag : R/L/- Cost : 63

Next hop : FE80::861F:29FF:FE93:101 Interface: GE1/0/1

Destination : 2001:: PrefixLen: 64

Flag : D/L/- Cost : 63

Next hop : Direct Interface: GE1/0/1

Destination : 20::1 PrefixLen: 128

Flag : D/L/- Cost : 0

Next hop : Direct Interface: Loop0

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Level-2 IPv6 forwarding table

-----------------------------

Destination : 10::1 PrefixLen: 128

Flag : -/-/- Cost : 63

Destination : 2001:: PrefixLen: 64

Flag : D/L/- Cost : 63

Next hop : Direct Interface: GE1/0/1

Destination : 20::1 PrefixLen: 128

Flag : D/L/- Cost : 0

Next hop : Direct Interface: Loop0

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

The output shows that route calculation results are correct.

IPv6 IS-IS configuration examples

Example: Configuring IPv6 IS-IS basics

Network configuration

As shown in Figure 113, Router A, Router B, Router C, and Router D, all enabled with IPv6, reside in the same AS. Configure IPv6 IS-IS on the routers so that they can reach each other.

Router A and Router B are Level-1 routers, Router D is a Level-2 router, and Router C is a Level-1-2 router.

Figure 113 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure IPv6 IS-IS:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] is-level level-1

[RouterA-isis-1] network-entity 10.0000.0000.0001.00

[RouterA-isis-1] address-family ipv6

[RouterA-isis-1-ipv6] quit

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] is-level level-1

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] address-family ipv6

[RouterB-isis-1-ipv6] quit

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 10.0000.0000.0003.00

[RouterC-isis-1] address-family ipv6

[RouterC-isis-1-ipv6] quit

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[RouterC-Ten-GigabitEthernet3/0/3] quit

# Configure Router D.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] is-level level-2

[RouterD-isis-1] network-entity 20.0000.0000.0004.00

[RouterD-isis-1] address-family ipv6

[RouterD-isis-1-ipv6] quit

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[RouterD-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Display the IPv6 IS-IS routing table on Router A.

[RouterA] display isis route ipv6

Route information for IS-IS(1)

------------------------------

Level-1 IPv6 forwarding table

-----------------------------

Destination : :: PrefixLen: 0

Flag : R/-/- Cost : 10

Next hop : FE80::200:FF:FE0F:4 Interface: XGE3/0/1

Destination : 2001:1:: PrefixLen: 64

Flag : D/L/- Cost : 10

Next hop : Direct Interface: XGE3/0/1

Destination : 2001:2:: PrefixLen: 64

Flag : R/-/- Cost : 20

Next hop : FE80::200:FF:FE0F:4 Interface: XGE3/0/1

Destination : 2001:3:: PrefixLen: 64

Flag : R/-/- Cost : 20

Next hop : FE80::200:FF:FE0F:4 Interface: XGE3/0/1

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

# Display the IPv6 IS-IS routing table on Router B.

[RouterB] display isis route ipv6

Route information for IS-IS(1)

------------------------------

Level-1 IPv6 forwarding table

-----------------------------

Destination : :: PrefixLen: 0

Flag : R/-/- Cost : 10

Next hop : FE80::200:FF:FE0F:4 Interface: XGE3/0/1

Destination : 2001:1:: PrefixLen: 64

Flag : D/L/- Cost : 10

Next hop : FE80::200:FF:FE0F:4 Interface: XGE3/0/1

Destination : 2001:2:: PrefixLen: 64

Flag : R/-/- Cost : 20

Next hop : Direct Interface: XGE3/0/1

Destination : 2001:3:: PrefixLen: 64

Flag : R/-/- Cost : 20

Next hop : FE80::200:FF:FE0F:4 Interface: XGE3/0/1

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

# Display the IPv6 IS-IS routing table on Router C.

[RouterC] display isis route ipv6

Route information for IS-IS(1)

------------------------------

Level-1 IPv6 forwarding table

-----------------------------

Destination : 2001:1:: PrefixLen: 64

Flag : D/L/- Cost : 10

Next hop : Direct Interface: XGE3/0/2

Destination : 2001:2:: PrefixLen: 64

Flag : D/L/- Cost : 10

Next hop : Direct Interface: XGE3/0/1

Destination : 2001:3:: PrefixLen: 64

Flag : D/L/- Cost : 10

Next hop : Direct Interface: XGE3/0/3

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Level-2 IPv6 forwarding table

-----------------------------

Destination : 2001:1:: PrefixLen: 64

Flag : D/L/- Cost : 10

Destination : 2001:2:: PrefixLen: 64

Flag : D/L/- Cost : 10

Destination : 2001:3:: PrefixLen: 64

Flag : D/L/- Cost : 10

Destination : 2001:4:: PrefixLen: 64

Flag : R/-/- Cost : 10

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

# Display the IPv6 IS-IS routing table on Router D.

[RouterD] display isis route ipv6

Route information for IS-IS(1)

------------------------------

Level-2 IPv6 forwarding table

-----------------------------

Destination : 2001:1:: PrefixLen: 64

Flag : R/-/- Cost : 20

Next hop : FE80::200:FF:FE0F:4 Interface: XGE3/0/1

Destination : 2001:2:: PrefixLen: 64

Flag : R/-/- Cost : 20

Next hop : FE80::200:FF:FE0F:4 Interface: XGE3/0/1

Destination : 2001:3:: PrefixLen: 64

Flag : D/L/- Cost : 10

Next hop : Direct Interface: XGE3/0/1

Destination : 2001:4:: PrefixLen: 64

Flag : D/L/- Cost : 0

Next hop : Direct Interface: XGE3/0/2

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Example: Configuring BFD for IPv6 IS-IS

Network configuration

As shown in Figure 114:

· Configure IPv6 IS-IS on Router A, Router B, and Router C so that they can reach each other.

· Enable BFD on Ten-GigabitEthernet 3/0/1 of Router A and Router B.

When the link between Router B and the Layer 2 switch fails, BFD can quickly detect the failure and notify IPv6 IS-IS of the failure. Then Router A and Router B communicate through Router C.

Figure 114 Network diagram

‌

Table 12 Interface and IP address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Router A	XGE3/0/1	2001::1/64	Router B	XGE3/0/1	2001::2/64
	XGE3/0/2	2001:2::1/64		XGE3/0/2	2001:3::2/64
Router C	XGE3/0/1	2001:2::2/64
	XGE3/0/2	2001:3::1/64

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure IPv6 IS-IS:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] is-level level-1

[RouterA-isis-1] network-entity 10.0000.0000.0001.00

[RouterA-isis-1] address-family ipv6

[RouterA-isis-1-ipv6] quit

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] is-level level-1

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] address-family ipv6

[RouterB-isis-1-ipv6] quit

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 10.0000.0000.0003.00

[RouterC-isis-1] address-family ipv6

[RouterC-isis-1-ipv6] quit

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[RouterC-Ten-GigabitEthernet3/0/1 quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

3. Configure BFD functions:

# Enable BFD and configure BFD parameters on Router A.

[RouterA] bfd session init-mode active

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis ipv6 bfd enable

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 7

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable BFD and configure BFD parameters on Router B.

[RouterB] bfd session init-mode active

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis ipv6 bfd enable

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 6

[RouterB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display BFD session information on Router A.

[RouterA] display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv6 session working in control packet mode:

Local discr: 1441 Remote discr: 1450

Source IP: FE80::20F:FF:FE00:1202 (link-local address of Ten-GigabitEthernet3/0/1 on Router A)

Destination IP: FE80::20F:FF:FE00:1200 (link-local address of Ten-GigabitEthernet3/0/1 on Router B)

Session state: Up Interface: XGE3/0/1

Hold time: 2319ms

# Display routes destined for 2001:4::0/64 on Router A.

[RouterA] display ipv6 routing-table 2001:4::0 64

Summary count : 2

Destination: 2001:4::/64 Protocol : IS_L1

NextHop : FE80::20F:FF:FE00:1200 Preference: 15

Interface : XGE3/0/1 Cost : 10

The output shows that Router A and Router B communicate through Ten-GigabitEthernet 3/0/1. Then the link over Ten-GigabitEthernet 3/0/1 fails.

# Display routes destined for 2001:4::0/64 on Router A.

[RouterA] display ipv6 routing-table 2001:4::0 64

Summary count : 1

Destination: 2001:4::/64 Protocol : IS_L1

NextHop : FE80::BAAF:67FF:FE27:DCD0 Preference: 15

Interface : XGE3/0/2 Cost : 20

The output shows that Router A and Router B communicate through Ten-GigabitEthernet 3/0/2.

Example: Configuring IPv6 IS-IS FRR

Network configuration

As shown in Figure 115, Router A, Router B, and Router C reside in the same IS-IS routing domain.

· Run IPv6 IS-IS on all the routers to interconnect them with each other.

· Configure IPv6 IS-IS FRR so that when Link A fails, traffic can be switched to Link B immediately.

Figure 115 Network diagram

‌

Table 13 Interface and IP address assignment

Device	Interface	IPv6 address	Device	Interface	IP address
Router A	XGE3/0/1	1::1/64	Router B	XGE3/0/1	3::1/64
	XGE3/0/2	2::1/64		XGE3/0/2	2::2/64
	Loop0	10::1/128		Loop0	20::1/128
Router C	XGE3/0/1	1::2/64
	XGE3/0/2	3::2/64

‌

Procedure

1. Configure IPv6 addresses for interfaces on the routers and enable IPv6 IS-IS. (Details not shown.)

2. Configure IPv6 IS-IS FRR:

Enable IPv6 IS-IS FRR to calculate a backup next hop through LFA calculation, or designate a backup next hop by using a routing policy.

¡ (Method 1.) Enable IPv6 IS-IS FRR to calculate a backup next hop through LFA calculation:

# Configure Router A.

<RouterA>system-view

[RouterA] isis 1

[RouterA-isis-1] address-family ipv6

[RouterA-isis-1-ipv6] fast-reroute lfa

[RouterA-isis-1-ipv6] quit

[RouterA-isis-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] address-family ipv6

[RouterB-isis-1-ipv6] fast-reroute lfa

[RouterB-isis-1-ipv6] quit

[RouterB-isis-1] quit

¡ (Method 2.) Enable IPv6 IS-IS FRR to designate a backup next hop by using a routing policy:

# Configure Router A.

<RouterA> system-view

[RouterA] ipv6 prefix-list abc index 10 permit 20::1 128

[RouterA] route-policy frr permit node 10

[RouterA-route-policy-frr-10] if-match ipv6 address prefix-list abc

[RouterA-route-policy-frr-10] apply ipv6 fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 1::2

[RouterA-route-policy-frr-10] quit

[RouterA] isis 1

[RouterA-isis-1] address-family ipv6

[RouterA-isis-1-ipv6] fast-reroute route-policy frr

[RouterA-isis-1-ipv6] quit

[RouterA-isis-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ipv6 prefix-list abc index 10 permit 10::1 128

[RouterB] route-policy frr permit node 10

[RouterB-route-policy-frr-10] if-match ipv6 address prefix-list abc

[RouterB-route-policy-frr-10] apply ipv6 fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 3::2

[RouterB-route-policy-frr-10] quit

[RouterB] isis 1

[RouterB-isis-1] address-family ipv6

[RouterB-isis-1-ipv6] fast-reroute route-policy frr

[RouterB-isis-1-ipv6] quit

[RouterB-isis-1] quit

Verifying the configuration

# Display route 20::1/128 on Router A to view the backup next hop information.

[RouterA] display ipv6 routing-table 20::1 128 verbose

Summary count : 1

Destination: 20::1/128

Protocol: IS_L1

Process ID: 1

SubProtID: 0x1 Age: 00h27m45s

FlushedAge: 15h28m49s

Cost: 10 Preference: 15

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0xa OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x24000005 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: ::

Flags: 0x10041 OrigNextHop: FE80::34CD:9FF:FE2F:D02

Label: NULL RealNextHop: FE80::34CD:9FF:FE2F:D02

BkLabel: NULL BkNextHop: FE80::7685:45FF:FEAD:102

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/1

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display route 10::1/128 on Router B to view the backup next hop information.

[RouterB] display ipv6 routing-table 10::1 128 verbose

Summary count : 1

Destination: 10::1/128

Protocol: IS_L1

Process ID: 1

SubProtID: 0x1 Age: 00h33m23s

FlushedAge: 15h28m49s

Cost: 10 Preference: 15

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0xa OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x24000006 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: ::

Flags: 0x10041 OrigNextHop: FE80::34CC:E8FF:FE5B:C02

Label: NULL RealNextHop: FE80::34CC:E8FF:FE5B:C02

BkLabel: NULL BkNextHop: FE80::7685:45FF:FEAD:102

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/1

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

Applying a flexible algorithm to IS-IS SRv6

Network configuration

As shown in Figure 116, complete the following tasks:

· Configure IPv6 IS-IS on Device A, Device B, Device C, Device D, Device E, and Device F to achieve network level connectivity.

· Enable IS-IS SRv6 on Device A, Device B, Device C, Device D, Device E, and Device F.

· Configure flexible algorithm 130 for each device. The FAD of flexible algorithm 130 is as follows:

¡ Calculation type—SPF algorithm.

¡ Metric type—Link delay. In this example, the link delay on each interface is configured manually.

¡ Constraint—Exclude affinity attribute red.

· Configure TI-LFA FRR to avoid microloops. When Link A fails, Device B will determine Device A as the next hop to Device D before completing route convergence. As a result, a loop will occur because Device B will return the traffic from Device A to Device A.

Figure 116 IS-IS SRv6 network with a flexible algorithm

‌

Table 14 Interface and IP address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Device A	XGE3/0/1	1001::1/64	Device D	XGE3/0/1	3003::2/64
	XGE3/0/2	6001::2/64		XGE3/0/2	4004::1/64
Device B	XGE3/0/1	1001::2/64	Device E	XGE3/0/1	4004::2/64
	XGE3/0/2	2002::1/64		XGE3/0/2	5001::1/64
Device C	XGE3/0/1	2002::2/64		XGE3/0/3	3002::2/64
	XGE3/0/2	3003::1/64	Device F	XGE3/0/1	5001::2/64
	XGE3/0/3	3002::1/64		XGE3/0/2	6001::1/64

‌

Procedure

1. Configure IPv6 addresses and prefix lengths for interfaces on each device. (Details not shown.)

2. Configure Device A.

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceA> system-view

[DeviceA] isis 1

[DeviceA-isis-1] network-entity 00.0000.0000.0001.00

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] address-family ipv6

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/2] quit

# Enable SRv6 and configure a locator.

[DeviceA] segment-routing ipv6

[DeviceA-segment-routing-ipv6] locator 10 ipv6-prefix 1000:: 64 static 32

[DeviceA-segment-routing-ipv6-locator-10] quit

[DeviceA-segment-routing-ipv6] quit

# Apply the locator to the IPv6 IS-IS process.

[DeviceA] isis 1

[DeviceA-isis 1] address-family ipv6 unicast

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator 10

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/1 to 50 microseconds and 100 microseconds, respectively.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis link-delay min 50 max 100

[DeviceA-Ten-GigabitEthernet3/0/1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/2 to 10 microseconds and 100 microseconds, respectively.

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] isis link-delay min 10 max 100

[DeviceA-Ten-GigabitEthernet3/0/2] quit

# Enable IS-IS link delay advertisement.

[DeviceA] isis 1

[DeviceA-isis 1] address-family ipv6 unicast

[DeviceA-isis-1-ipv6] metric-delay advertisement enable

# Enable IS-IS to advertise link attributes in LSPs.

[DeviceA-isis-1-ipv6] advertise link-attributes

# Enable IS-IS to advertise link attributes for use by flexible algorithms.

[DeviceA-isis-1-ipv6] advertise application link-attributes te

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

# Configure flexible algorithm 130.

[DeviceA] isis 1

[DeviceA-isis-1] affinity-map red bit-position 130

[DeviceA-isis-1] flex-algo 130

[DeviceA-isis-1-flex-algo-130] advertise-definition enable

[DeviceA-isis-1-flex-algo-130] metric-type delay

[DeviceA-isis-1-flex-algo-130] priority 255

[DeviceA-isis-1-flex-algo-130] affinity exclude-any red

# Enable TI-LFA FRR for flexible algorithm 130.

[DeviceA-isis-1-flex-algo-130] fast-reroute ti-lfa enable

[DeviceA-isis-1-flex-algo-130] quit

[DeviceA-isis-1] quit

# Associate SRv6 locator 10 to flexible algorithm 130.

[DeviceA] segment-routing ipv6

[DeviceA-segment-routing-ipv6] locator 10

[DeviceA-segment-routing-ipv6-locator-10] flex-algo algorithm 130

[DeviceA-segment-routing-ipv6-locator-10] quit

[DeviceA-segment-routing-ipv6] quit

3. Configure Device B.

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceB> system-view

[DeviceB] isis 1

[DeviceB-isis-1] network-entity 00.0000.0000.0002.00

[DeviceB-isis-1] cost-style wide

[DeviceB-isis-1] address-family ipv6

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Enable SRv6 and configure a locator.

[DeviceB] segment-routing ipv6

[DeviceB-segment-routing-ipv6] locator 10 ipv6-prefix 2000:: 64 static 32

[DeviceB-segment-routing-ipv6-locator-10] quit

[DeviceB-segment-routing-ipv6] quit

# Apply the locator to the IPv6 IS-IS process.

[DeviceB] isis 1

[DeviceB-isis 1] address-family ipv6 unicast

[DeviceB-isis-1-ipv6] segment-routing ipv6 locator 10

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/1 to 50 microseconds and 100 microseconds, respectively.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis link-delay min 50 max 100

[DeviceB-Ten-GigabitEthernet3/0/1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/2 to 50 microseconds and 100 microseconds, respectively.

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis link-delay min 50 max 100

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Enable IS-IS link delay advertisement.

[DeviceB] isis 1

[DeviceB-isis 1] address-family ipv6 unicast

[DeviceB-isis-1-ipv6] metric-delay advertisement enable

# Enable IS-IS to advertise link attributes in LSPs.

[DeviceB-isis-1-ipv6] advertise link-attributes

# Enable IS-IS to advertise link attributes for use by flexible algorithms.

[DeviceB-isis-1-ipv6] advertise application link-attributes te

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

# Configure flexible algorithm 130.

[DeviceB] isis 1

[DeviceB-isis-1] affinity-map red bit-position 130

[DeviceB-isis-1] flex-algo 130

[DeviceB-isis-1-flex-algo-130] advertise-definition enable

[DeviceB-isis-1-flex-algo-130] metric-type delay

[DeviceB-isis-1-flex-algo-130] priority 255

[DeviceB-isis-1-flex-algo-130] affinity exclude-any red

# Enable TI-LFA FRR for flexible algorithm 130.

[DeviceB-isis-1-flex-algo-130] fast-reroute ti-lfa enable

[DeviceB-isis-1-flex-algo-130] quit

[DeviceB-isis-1] quit

# Associate SRv6 locator 10 to flexible algorithm 130.

[DeviceB] segment-routing ipv6

[DeviceB-segment-routing-ipv6] locator 10

[DeviceB-segment-routing-ipv6-locator-10] flex-algo algorithm 130

[DeviceB-segment-routing-ipv6-locator-10] quit

[DeviceB-segment-routing-ipv6] quit

4. Configure Device C.

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceC> system-view

[DeviceC] isis 1

[DeviceC-isis-1] network-entity 00.0000.0000.0003.00

[DeviceC-isis-1] cost-style wide

[DeviceC-isis-1] address-family ipv6

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/2] quit

[DeviceC] interface ten-gigabitethernet 3/0/3

[DeviceC-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/3] quit

# Enable SRv6 and configure a locator.

[DeviceC] segment-routing ipv6

[DeviceC-segment-routing-ipv6] locator 10 ipv6-prefix 3000:: 64 static 32

[DeviceC-segment-routing-ipv6-locator-10] quit

[DeviceC-segment-routing-ipv6] quit

# Apply the locator to the IPv6 IS-IS process.

[DeviceC] isis 1

[DeviceC-isis 1] address-family ipv6 unicast

[DeviceC-isis-1-ipv6] segment-routing ipv6 locator 10

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/1 to 50 microseconds and 100 microseconds, respectively.

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis link-delay min 50 max 100

[DeviceC-Ten-GigabitEthernet3/0/1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/2 to 50 microseconds and 100 microseconds, respectively.

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis link-delay min 50 max 100

[DeviceC-Ten-GigabitEthernet3/0/2] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/3 to 20 microseconds and 100 microseconds, respectively.

[DeviceC] interface ten-gigabitethernet 3/0/3

[DeviceC-Ten-GigabitEthernet3/0/3] isis link-delay min 20 max 100

[DeviceC-Ten-GigabitEthernet3/0/3] quit

# Enable IS-IS link delay advertisement.

[DeviceC] isis 1

[DeviceC-isis 1] address-family ipv6 unicast

[DeviceC-isis-1-ipv6] metric-delay advertisement enable

# Enable IS-IS to advertise link attributes in LSPs.

[DeviceC-isis-1-ipv6] advertise link-attributes

# Enable IS-IS to advertise link attributes for use by flexible algorithms.

[DeviceC-isis-1-ipv6] advertise application link-attributes te

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

# Configure flexible algorithm 130.

[DeviceC] isis 1

[DeviceC-isis-1] affinity-map red bit-position 130

[DeviceC-isis-1] flex-algo 130

[DeviceC-isis-1-flex-algo-130] advertise-definition enable

[DeviceC-isis-1-flex-algo-130] metric-type delay

[DeviceC-isis-1-flex-algo-130] priority 255

[DeviceC-isis-1-flex-algo-130] affinity exclude-any red

# Enable TI-LFA FRR for flexible algorithm 130.

[DeviceC-isis-1-flex-algo-130] fast-reroute ti-lfa enable

[DeviceC-isis-1-flex-algo-130] quit

[DeviceC-isis-1] quit

# Assign affinity attribute red to Ten-GigabitEthernet 3/0/3.

[DeviceC] interface ten-gigabitethernet 3/0/3

[DeviceC-Ten-GigabitEthernet3/0/3] isis 1 affinity flex-algo red

[DeviceC-Ten-GigabitEthernet3/0/3] quit

# Associate SRv6 locator 10 to flexible algorithm 130.

[DeviceC] segment-routing ipv6

[DeviceC-segment-routing-ipv6] locator 10

[DeviceC-segment-routing-ipv6-locator-10] flex-algo algorithm 130

[DeviceC-segment-routing-ipv6-locator-10] quit

[DeviceC-segment-routing-ipv6] quit

5. Configure Device D.

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceD> system-view

[DeviceD] isis 1

[DeviceD-isis-1] network-entity 00.0000.0000.0004.00

[DeviceD-isis-1] cost-style wide

[DeviceD-isis-1] address-family ipv6

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/2] quit

# Enable SRv6 and configure a locator.

[DeviceD] segment-routing ipv6

[DeviceD-segment-routing-ipv6] locator 10 ipv6-prefix 4000:: 64 static 32

[DeviceD-segment-routing-ipv6-locator-10] quit

[DeviceD-segment-routing-ipv6] quit

# Apply the locator to the IPv6 IS-IS process.

[DeviceD] isis 1

[DeviceD-isis 1] address-family ipv6 unicast

[DeviceD-isis-1-ipv6] segment-routing ipv6 locator 10

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/1 to 50 microseconds and 100 microseconds, respectively.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] isis link-delay min 50 max 100

[DeviceD-Ten-GigabitEthernet3/0/1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/2 to 10 microseconds and 100 microseconds, respectively.

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] isis link-delay min 10 max 100

[DeviceD-Ten-GigabitEthernet3/0/2] quit

# Enable IS-IS link delay advertisement.

[DeviceD] isis 1

[DeviceD-isis 1] address-family ipv6 unicast

[DeviceD-isis-1-ipv6] metric-delay advertisement enable

# Enable IS-IS to advertise link attributes in LSPs.

[DeviceD-isis-1-ipv6] advertise link-attributes

# Enable IS-IS to advertise link attributes for use by flexible algorithms.

[DeviceD-isis-1-ipv6] advertise application link-attributes te

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

# Configure flexible algorithm 130.

[DeviceD] isis 1

[DeviceD-isis-1] affinity-map red bit-position 130

[DeviceD-isis-1] flex-algo 130

[DeviceD-isis-1-flex-algo-130] advertise-definition enable

[DeviceD-isis-1-flex-algo-130] metric-type delay

[DeviceD-isis-1-flex-algo-130] priority 255

[DeviceD-isis-1-flex-algo-130] affinity exclude-any red

# Enable TI-LFA FRR for flexible algorithm 130.

[DeviceD-isis-1-flex-algo-130] fast-reroute ti-lfa enable

[DeviceD-isis-1-flex-algo-130] quit

[DeviceD-isis-1] quit

# Associate SRv6 locator 10 to flexible algorithm 130.

[DeviceD] segment-routing ipv6

[DeviceD-segment-routing-ipv6] locator 10

[DeviceD-segment-routing-ipv6-locator-10] flex-algo algorithm 130

[DeviceD-segment-routing-ipv6-locator-10] quit

[DeviceD-segment-routing-ipv6] quit

6. Configure Device E.

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceE> system-view

[DeviceE] isis 1

[DeviceE-isis-1] network-entity 00.0000.0000.0005.00

[DeviceE-isis-1] cost-style wide

[DeviceE-isis-1] address-family ipv6

[DeviceE-isis-1-ipv6] quit

[DeviceE-isis-1] quit

[DeviceE] interface ten-gigabitethernet 3/0/1

[DeviceE-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceE-Ten-GigabitEthernet3/0/1] quit

[DeviceE] interface ten-gigabitethernet 3/0/2

[DeviceE-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceE-Ten-GigabitEthernet3/0/2] quit

[DeviceE] interface ten-gigabitethernet 3/0/3

[DeviceE-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[DeviceE-Ten-GigabitEthernet3/0/3] quit

# Enable SRv6 and configure a locator.

[DeviceE] segment-routing ipv6

[DeviceE-segment-routing-ipv6] locator 10 ipv6-prefix 5000:: 64 static 32

[DeviceE-segment-routing-ipv6-locator-10] quit

[DeviceE-segment-routing-ipv6] quit

# Apply the locator to the IPv6 IS-IS process.

[DeviceE] isis 1

[DeviceE-isis 1] address-family ipv6 unicast

[DeviceE-isis-1-ipv6] segment-routing ipv6 locator 10

[DeviceE-isis-1-ipv6] quit

[DeviceE-isis-1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/1 to 10 microseconds and 100 microseconds, respectively.

[DeviceE] interface ten-gigabitethernet 3/0/1

[DeviceE-Ten-GigabitEthernet3/0/1] isis link-delay min 10 max 100

[DeviceE-Ten-GigabitEthernet3/0/1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/2 to 10 microseconds and 100 microseconds, respectively.

[DeviceE] interface ten-gigabitethernet 3/0/2

[DeviceE-Ten-GigabitEthernet3/0/2] isis link-delay min 10 max 100

[DeviceE-Ten-GigabitEthernet3/0/2] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/3 to 20 microseconds and 100 microseconds, respectively.

[DeviceE] interface ten-gigabitethernet 3/0/3

[DeviceE-Ten-GigabitEthernet3/0/3] isis link-delay min 20 max 100

[DeviceE-Ten-GigabitEthernet3/0/3] quit

# Enable IS-IS link delay advertisement.

[DeviceE] isis 1

[DeviceE-isis 1] address-family ipv6 unicast

[DeviceE-isis-1-ipv6] metric-delay advertisement enable

# Enable IS-IS to advertise link attributes in LSPs.

[DeviceE-isis-1-ipv6] advertise link-attributes

# Enable IS-IS to advertise link attributes for use by flexible algorithms.

[DeviceE-isis-1-ipv6] advertise application link-attributes te

[DeviceE-isis-1-ipv6] quit

[DeviceE-isis-1] quit

# Configure flexible algorithm 130.

[DeviceE] isis 1

[DeviceE-isis-1] affinity-map red bit-position 130

[DeviceE-isis-1] flex-algo 130

[DeviceE-isis-1-flex-algo-130] advertise-definition enable

[DeviceE-isis-1-flex-algo-130] metric-type delay

[DeviceE-isis-1-flex-algo-130] priority 255

[DeviceE-isis-1-flex-algo-130] affinity exclude-any red

# Enable TI-LFA FRR for flexible algorithm 130.

[DeviceE-isis-1-flex-algo-130] fast-reroute ti-lfa enable

[DeviceE-isis-1-flex-algo-130] quit

[DeviceE-isis-1] quit

# Assign affinity attribute red to Ten-GigabitEthernet 3/0/3.

[DeviceE] interface ten-gigabitethernet 3/0/3

[DeviceE-Ten-GigabitEthernet3/0/3] isis 1 affinity flex-algo red

[DeviceE-Ten-GigabitEthernet3/0/3] quit

# Associate SRv6 locator 10 to flexible algorithm 130.

[DeviceE] segment-routing ipv6

[DeviceE-segment-routing-ipv6] locator 10

[DeviceE-segment-routing-ipv6-locator-10] flex-algo algorithm 130

[DeviceE-segment-routing-ipv6-locator-10] quit

[DeviceE-segment-routing-ipv6] quit

7. Configure Device F.

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceF> system-view

[DeviceF] isis 1

[DeviceF-isis-1] network-entity 00.0000.0000.0006.00

[DeviceF-isis-1] cost-style wide

[DeviceF-isis-1] address-family ipv6

[DeviceF-isis-1-ipv6] quit

[DeviceF-isis-1] quit

[DeviceF] interface ten-gigabitethernet 3/0/1

[DeviceF-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceF-Ten-GigabitEthernet3/0/1] quit

[DeviceF] interface ten-gigabitethernet 3/0/2

[DeviceF-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceF-Ten-GigabitEthernet3/0/2] quit

# Enable SRv6 and configure a locator.

[DeviceF] segment-routing ipv6

[DeviceF-segment-routing-ipv6] locator 10 ipv6-prefix 6000:: 64 static 32

[DeviceF-segment-routing-ipv6-locator-10] quit

[DeviceF-segment-routing-ipv6] quit

# Apply the locator to the IPv6 IS-IS process.

[DeviceF] isis 1

[DeviceF-isis 1] address-family ipv6 unicast

[DeviceF-isis-1-ipv6] segment-routing ipv6 locator 10

[DeviceF-isis-1-ipv6] quit

[DeviceF-isis-1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/1 to 10 microseconds and 100 microseconds, respectively.

[DeviceF] interface ten-gigabitethernet 3/0/1

[DeviceF-Ten-GigabitEthernet3/0/1] isis link-delay min 10 max 100

[DeviceF-Ten-GigabitEthernet3/0/1] quit

# Set the minimum link delay and the maximum link delay on Ten-GigabitEthernet 3/0/2 to 10 microseconds and 100 microseconds, respectively.

[DeviceF] interface ten-gigabitethernet 3/0/2

[DeviceF-Ten-GigabitEthernet3/0/2] isis link-delay min 10 max 100

[DeviceF-Ten-GigabitEthernet3/0/2] quit

# Enable IS-IS link delay advertisement.

[DeviceF] isis 1

[DeviceF-isis 1] address-family ipv6 unicast

[DeviceF-isis-1-ipv6] metric-delay advertisement enable

# Enable IS-IS to advertise link attributes in LSPs.

[DeviceF-isis-1-ipv6] advertise link-attributes

# Enable IS-IS to advertise link attributes for use by flexible algorithms.

[DeviceF-isis-1-ipv6] advertise application link-attributes te

[DeviceF-isis-1-ipv6] quit

[DeviceF-isis-1] quit

# Configure flexible algorithm 130.

[DeviceF] isis 1

[DeviceF-isis-1] affinity-map red bit-position 130

[DeviceF-isis-1] flex-algo 130

[DeviceF-isis-1-flex-algo-130] advertise-definition enable

[DeviceF-isis-1-flex-algo-130] metric-type delay

[DeviceF-isis-1-flex-algo-130] priority 255

[DeviceF-isis-1-flex-algo-130] affinity exclude-any red

# Enable TI-LFA FRR for flexible algorithm 130.

[DeviceF-isis-1-flex-algo-130] fast-reroute ti-lfa enable

[DeviceF-isis-1-flex-algo-130] quit

[DeviceF-isis-1] quit

# Associate SRv6 locator 10 to flexible algorithm 130.

[DeviceF] segment-routing ipv6

[DeviceF-segment-routing-ipv6] locator 10

[DeviceF-segment-routing-ipv6-locator-10] flex-algo algorithm 130

[DeviceF-segment-routing-ipv6-locator-10] quit

[DeviceF-segment-routing-ipv6] quit

Verifying the configuration

# Display routes calculated by flexible algorithm 130 on Device A. Device A uses Device F as the next hop to forward traffic to Device D, and the backup next hop calculated by TI-LFA is Device B.

[DeviceA] display isis flex-algo 130 route level-1 verbose

Flex Algo Route Information for IS-IS(1)

-----------------------------------------

Level-1 Flex Algo Route

-----------------------

IPv6 dest : 1000::/64

Flag : D/-/- Cost : 0

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : Direct

NexthopFlag : -

Interface : NULL0 Delay Flag : N/A

Nib ID : 0x0

IPv6 dest : 2000::/64

Flag : R/-/- Cost : 50

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : FE80::80C5:D9FF:FE06:206

NexthopFlag : -

Interface : XGE3/0/1 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/2

BkNextHop : FE80::80C7:7DFF:FE43:607

LsIndex : 0x80000003

Backup label stack(top->bottom): {3000::1:0:0}

Nib ID : 0x2400000c

IPv6 dest : 3000::/64

Flag : R/-/- Cost : 80

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : FE80::80C7:7DFF:FE43:607

NexthopFlag : -

Interface : XGE3/0/2 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/1

BkNextHop : FE80::80C5:D9FF:FE06:206

LsIndex : N/A

Backup label stack(top->bottom): N/A

Nib ID : 0x24000008

IPv6 dest : 4000::/64

Flag : R/-/- Cost : 30

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : FE80::80C7:7DFF:FE43:607

NexthopFlag : -

Interface : XGE3/0/2 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/1

BkNextHop : FE80::80C5:D9FF:FE06:206

LsIndex : 0x80000002

Backup label stack(top->bottom): {3000::1:0:0}

Nib ID : 0x2400000a

IPv6 dest : 5000::/64

Flag : R/-/- Cost : 20

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : FE80::80C7:7DFF:FE43:607

NexthopFlag : -

Interface : XGE3/0/2 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/1

BkNextHop : FE80::80C5:D9FF:FE06:206

LsIndex : 0x80000002

Backup label stack(top->bottom): {3000::1:0:0}

Nib ID : 0x2400000a

IPv6 dest : 6000::/64

Flag : R/-/- Cost : 10

Admin tag : - Src count : 1

Algorithm : 130

Nexthop : FE80::80C7:7DFF:FE43:607

NexthopFlag : -

Interface : XGE3/0/2 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/1

BkNextHop : FE80::80C5:D9FF:FE06:206

LsIndex : 0x80000003

Backup label stack(top->bottom): {3000::1:0:0}

Nib ID : 0x2400000c

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

# Display routes calculated by flexible algorithm 130 on Device C. The backup path to Device D does not include the link whose affinity attribute is red.

[Device C] display isis flex-algo 130 route level-1 verbose

Flex Algo Route Information for IS-IS(1)

-----------------------------------------

Level-1 Flex Algo Route

-----------------------

IPv6 dest : 1000::/64

Flag : R/-/- Cost : 80

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : FE80::80C7:42FF:FEF4:406

NexthopFlag : -

Interface : XGE3/0/2 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/1

BkNextHop : FE80::80C5:D9FF:FE06:207

LsIndex : N/A

Backup label stack(top->bottom): N/A

Nib ID : 0x2400000a

IPv6 dest : 2000::/64

Flag : R/-/- Cost : 50

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : FE80::80C5:D9FF:FE06:207

NexthopFlag : -

Interface : XGE3/0/1 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/2

BkNextHop : FE80::80C7:42FF:FEF4:406

LsIndex : 0x80000002

Backup label stack(top->bottom): {1000::1:0:0}

Nib ID : 0x24000009

IPv6 dest : 3000::/64

Flag : D/-/- Cost : 0

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : Direct

NexthopFlag : -

Interface : NULL0 Delay Flag : N/A

Nib ID : 0x0

IPv6 dest : 4000::/64

Flag : R/-/- Cost : 50

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : FE80::80C7:42FF:FEF4:406

NexthopFlag : -

Interface : XGE3/0/2 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/1

BkNextHop : FE80::80C5:D9FF:FE06:207

LsIndex : N/A

Backup label stack(top->bottom): N/A

Nib ID : 0x2400000a

IPv6 dest : 5000::/64

Flag : R/-/- Cost : 60

Admin tag : - Src count : 1

Algorithm : 130

Priority : Low

Nexthop : FE80::80C7:42FF:FEF4:406

NexthopFlag : -

Interface : XGE3/0/2 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/1

BkNextHop : FE80::80C5:D9FF:FE06:207

LsIndex : N/A

Backup label stack(top->bottom): N/A

Nib ID : 0x2400000a

IPv6 dest : 6000::/64

Flag : R/-/- Cost : 70

Admin tag : - Src count : 1

Algorithm : 130

Nexthop : FE80::80C7:42FF:FEF4:406

NexthopFlag : -

Interface : XGE3/0/2 Delay Flag : N/A

TI-LFA:

Interface : XGE3/0/1

BkNextHop : FE80::80C5:D9FF:FE06:207

LsIndex : N/A

Backup label stack(top->bottom): N/A

Nib ID : 0x2400000e

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

EIGRP configuration examples

Example: Configuring basic EIGRP

Network configuration

As shown in Figure 117, enable EIGRP for Router A and Router B to exchange routing information.

Figure 117 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure basic EIGRP settings:

# Create EIGRP process 1 on Router A and enable EIGRP on the specified networks.

<RouterA> system-view

[RouterA] eigrp 1

[RouterA-eigrp-1] address-family ipv4

[RouterA-eigrp-1-ipv4] network 1.1.1.0 0.0.0.255

[RouterA-eigrp-1-ipv4] network 2.1.1.0 0.0.0.255

[RouterA-eigrp-1-ipv4] quit

# Create EIGRP process 1 on Router B and enable EIGRP on the specified networks.

<RouterB> system-view

[RouterB] eigrp 1

[RouterB-eigrp-1] address-family ipv4

[RouterB-eigrp-1-ipv4] network 1.1.1.0 0.0.0.255

[RouterB-eigrp-1-ipv4] network 10.1.1.0 0.0.0.255

[RouterB-eigrp-1-ipv4] quit

Verifying the configuration

# Display neighbor information for EIGRP process 1 on Router A.

[RouterA] display eigrp 1 peer

Brief EIGRP neighbor Information for AS 1

Address State Hold time Interface

1.1.1.2 Up 14 XGE3/0/1

# Display neighbor information for EIGRP process 1 on Router B.

[RouterB] display eigrp 1 peer

Brief EIGRP neighbor Information for AS 1

Address State Hold time Interface

1.1.1.1 Up 10 XGE3/0/1

# Display topology table information for EIGRP process 1 on Router A.

[RouterA] display eigrp 1 topology

EIGRP topology for AS 1 with Router ID 3.1.1.1

Destination FD State Successor Out interface

1.1.1.0/24 5120 Passive Directed XGE3/0/1

2.1.1.0/24 5120 Passive Directed XGE3/0/2

10.1.1.0/24 7680 Passive 1.1.1.2 XGE3/0/1

# Display topology table information for EIGRP process 1 on Router B.

[RouterB] display eigrp 1 topology

EIGRP topology for AS 1 with Router ID 10.2.1.1

Destination FD State Successor Out interface

1.1.1.0/24 5120 Passive Directed XGE3/0/1

2.1.1.0/24 7680 Passive 1.1.1.1 XGE3/0/1

10.1.1.0/24 5120 Passive Directed XGE3/0/2

Example: Configuring EIGRP interface metrics

Network configuration

As shown in Figure 118, enable EIGRP on Router A, Router B, Router C, Router D, and Router E.

Router A has two paths (through Router B and Router C, respectively) to reach Router D. Each path has a bandwidth of 1000000 Kbps and a delay of 100 microseconds.

Configure EIGRP metrics for Ten-GigabitEthernet 3/0/2 on Router A to make the route learned from Router C the optimal route to the destination network 1.1.5.0/24.

Figure 118 Network diagram

‌

Table 15 Interface and IP address assignment

Device	Interface	IP address
Router A	XGE3/0/1	1.1.1.1/24
Router A	XGE3/0/2	1.1.2.1/24
Router B	XGE3/0/1	1.1.1.2/24
Router B	XGE3/0/2	1.1.3.1/24
Router C	XGE3/0/1	1.1.2.2/24
Router C	XGE3/0/2	1.1.4.1/24
Router D	XGE3/0/1	1.1.4.2/24
Router D	XGE3/0/2	1.1.3.2/24
Router D	XGE3/0/3	1.1.5.1/24
Router E	XGE3/0/1	1.1.5.2/32

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure basic EIGRP settings:

# Configure Router A.

<RouterA> system-view

[RouterA] eigrp 1

[RouterA-eigrp-1] address-family ipv4

[RouterA-eigrp-1-ipv4] network 1.1.0.0 0.0.255.255

[RouterA-eigrp-1-ipv4] quit

# Configure Router B.

<RouterB> system-view

[RouterB] eigrp 1

[RouterB-eigrp-1] address-family ipv4

[RouterB-eigrp-1-ipv4] network 1.1.0.0 0.0.255.255

[RouterB-eigrp-1-ipv4] quit

# Configure Router C.

<RouterC> system-view

[RouterC] eigrp 1

[RouterC-eigrp-1] address-family ipv4

[RouterC-eigrp-1-ipv4] network 1.1.0.0 0.0.255.255

[RouterC-eigrp-1-ipv4] quit

# Configure Router D.

<RouterD> system-view

[RouterD] eigrp 1

[RouterD-eigrp-1] address-family ipv4

[RouterD-eigrp-1-ipv4] network 1.1.0.0 0.0.255.255

[RouterD-eigrp-1-ipv4] quit

# Configure Router E.

<RouterE> system-view

[RouterE] eigrp 1

[RouterE-eigrp-1] address-family ipv4

[RouterE-eigrp-1-ipv4] network 1.1.0.0 0.0.255.255

[RouterE-eigrp-1-ipv4] quit

# Display topology table information for EIGRP process 1 on Router A.

[RouterA] display eigrp 1 topology

EIGRP topology for AS 1 with Router ID 1.1.1.1

Destination FD State Successor Out interface

1.1.1.0/24 5120 Passive Directed XGE3/0/1

1.1.2.0/24 5120 Passive Directed XGE3/0/2

1.1.3.0/24 7680 Passive 1.1.1.2 XGE3/0/1

1.1.4.0/24 7680 Passive 1.1.2.2 XGE3/0/2

1.1.5.0/24 10240 Passive 1.1.2.2 XGE3/0/2

1.1.1.2 XGE3/0/1

The output shows that Router A has two EIGRP routes to the network 1.1.5.0/24 with next hops of Router B (1.1.1.2) and Router C (1.1.2.2), respectively. The FD for the route is 10240.

3. Configure metrics for an EIGRP interface:

# Configure a delay of 50 microseconds for Ten-GigabitEthernet 3/0/2 on Router A.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] eigrp 1 metric delay 5

Verifying the configuration

# Display topology table information for EIGRP process 1 on Ten-GigabitEthernet 3/0/2 of Router A.

[RouterA] display eigrp 1 topology

EIGRP topology for AS 1 with Router ID 1.1.1.1

Destination FD State Successor Out interface

1.1.1.0/24 5120 Passive Directed XGE3/0/1

1.1.2.0/24 3840 Passive Directed XGE3/0/2

1.1.3.0/24 7680 Passive 1.1.1.2 XGE3/0/1

1.1.4.0/24 6400 Passive 1.1.2.2 XGE3/0/2

1.1.5.0/24 8960 Passive 1.1.2.2 XGE3/0/2

The output shows that Router A chooses Router C as the successor after interface metric configuration.

Example: Configuring EIGRP route redistribution

Network configuration

As shown in Figure 119, Router B runs two EIGRP processes, EIGRP 10 and EIGRP 20. Router B uses EIGRP 10 to exchange routing information with Router A, and uses EIGRP 20 to exchange routing information with Router C.

Configure Router B to redistribute direct routes and routes of EIGRP 10 to EIGRP 20. This ensures that Router C can learn routes to networks 10.2.1.0/24 and 11.1.1.0/24, but Router A cannot learn routes to networks 12.3.1.0/24 and 16.4.1.0/24.

Figure 119 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure route redistribution:

# Configure Router B to redistribute direct routes and routes of EIGRP 10 to EIGRP 20.

<RouterB> system-view

[RouterB] eigrp 20

[RouterB-eigrp-20] address-family ipv4

[RouterB-EIGRP-20-ipv4] import-route direct

[RouterB-EIGRP-20-ipv4] import-route eigrp 10

[RouterB-EIGRP-20-ipv4] quit

Verifying the configuration

# Display topology table information for Router C.

[RouterC] display eigrp topology

EIGRP topology for AS 20 with Router ID 12.3.1.2

Destination FD State Successor Out interface

10.2.1.0/24 284160 Passive 12.3.1.1 XGE3/0/1

11.1.1.0/24 284160 Passive 12.3.1.1 XGE3/0/1

12.3.1.0/24 5120 Passive Directed XGE3/0/1

16.4.1.0/24 5120 Passive Directed XGE3/0/2

The output shows that Router C has learned from Router B the direct route 11.1.1.0/24 and the route 10.2.1.0/24 of EIGRP 10.

Example: Configuring EIGRP route summarization

Network configuration

As shown in Figure 120, Router A and Router B run OSPF. Router D runs EIGRP. Router C runs OSPF and EIGRP at the same time.

Configure Router C to redistribute OSPF routes, so that Router D can learn routes to networks 10.1.1.0/24, 10.2.1.0/24, 10.5.1.0/24, and 10.6.1.0/24.

To reduce the routing table size of Router D, configure route summarization on Router C to advertise summary route 10.0.0.0/8 instead of the more specific routes.

Figure 120 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure basic OSPF settings:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] network 10.6.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

3. Configure basic EIGRP settings:

# Configure Router C.

[RouterC] eigrp 1

[RouterC-eigrp-1] address-family ipv4

[RouterC-eigrp-1-ipv4] network 11.3.1.0 0.0.0.255

[RouterC-eigrp-1-ipv4] quit

# Configure Router D.

<RouterD> system-view

[RouterD] eigrp 1

[RouterD-eigrp-1] address-family ipv4

[RouterD-eigrp-1-ipv4] network 11.3.1.0 0.0.0.255

[RouterD-eigrp-1-ipv4] network 11.4.1.0 0.0.0.255

[RouterD-eigrp-1-ipv4] quit

# Configure Router C to redistribute routes from OSPF process 1 and direct routes.

[RouterC] eigrp 1

[RouterC-eigrp-1] address-family ipv4

[RouterC-eigrp-1-ipv4] import-route ospf 1

[RouterC-eigrp-1-ipv4] import-route direct

[RouterC-eigrp-1-ipv4] quit

# Display topology table information for Router D.

[RouterD] display eigrp topology

EIGRP topology for AS 1 with Router ID 11.1.1.1

Destination FD State Successor Out interface

10.1.1.0/24 284160 Passive 11.3.1.1 XGE3/0/1

10.2.1.0/24 284160 Passive 11.3.1.1 XGE3/0/1

10.5.1.2/32 284160 Passive 11.3.1.1 XGE3/0/1

10.6.1.2/32 284160 Passive 11.3.1.1 XGE3/0/1

11.3.1.0/24 5120 Passive Directed XGE3/0/1

11.4.1.0/24 5120 Passive Directed XGE3/0/2

4. Configure route summarization:

# Enable automatic route summarization on Router C.

[RouterC] eigrp 1

[RouterC-eigrp-1] address-family ipv4

[RouterC-eigrp-1-ipv4] summary automatic

[RouterC-eigrp-1-ipv4] quit

Verifying the configuration

# Display topology table information for Router D.

[RouterD] display eigrp topology

EIGRP topology for AS 1 with Router ID 11.1.1.1

Destination FD State Successor Out interface

10.0.0.0/8 284160 Passive 11.3.1.1 XGE3/0/1

11.0.0.0/8 7680 Passive 11.3.1.1 XGE3/0/1

11.3.1.0/24 5120 Passive Directed XGE3/0/1

11.4.1.0/24 5120 Passive Directed XGE3/0/2

The output shows that Router C advertises only a summary route 10.0.0.0/8 to Router D.

Basic IPv4 BGP network configuration examples

Example: Configuring basic BGP

Network configuration

As shown in Figure 121, all routers run BGP. Run EBGP between Router A and Router B, and run IBGP between Router B and Router C to allow Router C to access network 8.1.1.0/24 connected to Router A.

Figure 121 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure IBGP:

¡ To prevent route flapping caused by port state changes, this example uses loopback interfaces to establish IBGP connections.

¡ Because loopback interfaces are virtual interfaces, you need to use the peer connect-interface command to specify the loopback interface as the source interface for establishing BGP connections.

¡ Enable OSPF in AS 65009 to ensure that Router B can communicate with Router C through loopback interfaces.

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 65009

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 3.3.3.3 as-number 65009

[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 3.3.3.3 enable

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

[RouterB] ospf 1

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[RouterB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 65009

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 2.2.2.2 as-number 65009

[RouterC-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 2.2.2.2 enable

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

[RouterC] ospf 1

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[RouterC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

[RouterC] display bgp peer ipv4

BGP local router ID : 3.3.3.3

Local AS number : 65009

Total number of peers : 1 Peers in established state : 1

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

2.2.2.2 65009 7 10 0 0 00:06:09 Established

The output shows that Router C has established an IBGP peer relationship with Router B.

3. Configure EBGP:

¡ The EBGP peers, Router A and Router B (usually in different ISPs), are located in different ASs. Typically, their loopback interfaces are not reachable to each other, so directly connected interfaces are used for establishing EBGP sessions.

¡ To enable Router C to access the network 8.1.1.0/24 connected directly to Router A, inject network 8.1.1.0/24 to the BGP routing table of Router A.

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 65008

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 3.1.1.1 as-number 65009

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 3.1.1.1 enable

[RouterA-bgp-default-ipv4] network 8.1.1.0 24

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router B.

[RouterB] bgp 65009

[RouterB-bgp-default] peer 3.1.1.2 as-number 65008

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 3.1.1.2 enable

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# Display BGP peer information on Router B.

[RouterB] display bgp peer ipv4

BGP local router ID : 2.2.2.2

Local AS number : 65009

Total number of peers : 2 Peers in established state : 2

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

3.3.3.3 65009 12 10 0 3 00:09:16 Established

3.1.1.2 65008 3 3 0 1 00:00:08 Established

The output shows that Router B has established an IBGP peer relationship with Router C and an EBGP peer relationship with Router A.

# Display the BGP routing table on Router A.

[RouterA] display bgp routing-table ipv4

Total number of routes: 1

BGP local router ID is 1.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* > 8.1.1.0/24 8.1.1.1 0 32768 i

# Display the BGP routing table on Router B.

[RouterB] display bgp routing-table ipv4

Total number of routes: 1

BGP local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 8.1.1.0/24 3.1.1.2 0 0 65008i

# Display the BGP routing table on Router C.

[RouterC] display bgp routing-table ipv4

Total number of routes: 1

BGP local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

i 8.1.1.0/24 3.1.1.2 0 100 0 65008i

The outputs show that Router A has no route to AS 65009, and Router C has learned network 8.1.1.0, but the next hop 3.1.1.2 is unreachable. As a result, the route is invalid.

4. Redistribute direct routes:

Configure BGP to redistribute direct routes on Router B, so Router A can obtain the route to 9.1.1.0/24, and Router C can obtain the route to 3.1.1.0/24.

# Configure Router B.

[RouterB] bgp 65009

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] import-route direct

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# Display the BGP routing table on Router A.

[RouterA] display bgp routing-table ipv4

Total number of routes: 4

BGP local router ID is 1.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 2.2.2.2/32 3.1.1.1 0 0 65009?

* >e 3.1.1.0/24 3.1.1.1 0 0 65009?

* > 8.1.1.0/24 8.1.1.1 0 32768 i

* >e 9.1.1.0/24 3.1.1.1 0 0 65009?

Two routes 2.2.2.2/32 and 9.1.1.0/24 have been added in Router A's routing table.

# Display the BGP routing table on Router C.

[RouterC] display bgp routing-table ipv4

Total number of routes: 4

BGP local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 2.2.2.2/32 2.2.2.2 0 100 0 ?

* >i 3.1.1.0/24 2.2.2.2 0 100 0 ?

* >i 8.1.1.0/24 3.1.1.2 0 100 0 65008i

* >i 9.1.1.0/24 2.2.2.2 0 100 0 ?

The output shows that the route 8.1.1.0 has become valid and the next hop is Router A.

Verifying the configuration

# Verify that Router C can ping 8.1.1.1.

[RouterC] ping 8.1.1.1

Ping 8.1.1.1 (8.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 8.1.1.1: icmp_seq=0 ttl=255 time=5.311 ms

56 bytes from 8.1.1.1: icmp_seq=1 ttl=255 time=1.719 ms

56 bytes from 8.1.1.1: icmp_seq=2 ttl=255 time=1.502 ms

56 bytes from 8.1.1.1: icmp_seq=3 ttl=255 time=1.809 ms

56 bytes from 8.1.1.1: icmp_seq=4 ttl=255 time=1.701 ms

--- Ping statistics for 8.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.502/2.048/5.311/1.455 ms

Example: Configuring BGP and IGP route redistribution

Network configuration

As shown in Figure 122, all devices of company A belong to AS 65008 and all devices of company B belong to AS 65009.

Configure BGP and IGP route redistribution to allow Router A to access network 9.1.2.0/24 in AS 65009, and Router C to access network 8.1.1.0/24 in AS 65008.

Figure 122 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure OSPF:

Enable OSPF in AS 65009, so Router B can obtain the route to 9.1.2.0/24.

# Configure Router B.

<RouterB> system-view

[RouterB] ospf 1

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[RouterB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf 1

[RouterC-ospf-1] import-route direct

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

3. Configure the EBGP connection:

Configure the EBGP connection and inject network 8.1.1.0/24 to the BGP routing table of Router A, so Router B can obtain the route to 8.1.1.0/24.

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 65008

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 3.1.1.1 as-number 65009

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 3.1.1.1 enable

[RouterA-bgp-default-ipv4] network 8.1.1.0 24

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router B.

[RouterB] bgp 65009

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 3.1.1.2 as-number 65008

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 3.1.1.2 enable

4. Configure BGP and IGP route redistribution:

¡ Configure BGP to redistribute routes from OSPF on Router B, so Router A can obtain the route to 9.1.2.0/24.

¡ Configure OSPF to redistribute routes from BGP on Router B, so that Router C can obtain the route to 8.1.1.0/24.

# Configure route redistribution between BGP and OSPF on Router B.

[RouterB-bgp-default-ipv4] import-route ospf 1

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

[RouterB] ospf 1

[RouterB-ospf-1] import-route bgp

[RouterB-ospf-1] quit

# Display the BGP routing table on Router A.

[RouterA] display bgp routing-table ipv4

Total number of routes: 3

BGP local router ID is 1.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 3.3.3.3/32 3.1.1.1 1 0 65009?

* > 8.1.1.0/24 8.1.1.1 0 32768 i

* >e 9.1.2.0/24 3.1.1.1 1 0 65009?

# Display the OSPF routing table on Router C.

[RouterC] display ospf routing

OSPF Process 1 with Router ID 3.3.3.3

Routing Table

Topology base (MTID 0)

Routing for network

Destination Cost Type NextHop AdvRouter Area

9.1.1.0/24 1 Transit 9.1.1.2 3.3.3.3 0.0.0.0

2.2.2.2/32 1 Stub 9.1.1.1 2.2.2.2 0.0.0.0

Routing for ASEs

Destination Cost Type Tag NextHop AdvRouter

8.1.1.0/24 1 Type2 1 9.1.1.1 2.2.2.2

Total nets: 3

Intra area: 2 Inter Area: 0 ASE: 1 NSSA: 0

Verifying the configuration

# Use ping to test connectivity.

[RouterA] ping -a 8.1.1.1 9.1.2.1

Ping 9.1.2.1 (9.1.2.1) from 8.1.1.1: 56 data bytes, press CTRL+C to break

56 bytes from 9.1.2.1: icmp_seq=0 ttl=254 time=10.000 ms

56 bytes from 9.1.2.1: icmp_seq=1 ttl=254 time=12.000 ms

56 bytes from 9.1.2.1: icmp_seq=2 ttl=254 time=2.000 ms

56 bytes from 9.1.2.1: icmp_seq=3 ttl=254 time=7.000 ms

56 bytes from 9.1.2.1: icmp_seq=4 ttl=254 time=9.000 ms

--- Ping statistics for 9.1.2.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 2.000/8.000/12.000/3.406 ms

[RouterC] ping -a 9.1.2.1 8.1.1.1

Ping 8.1.1.1 (8.1.1.1) from 9.1.2.1: 56 data bytes, press CTRL+C to break

56 bytes from 8.1.1.1: icmp_seq=0 ttl=254 time=9.000 ms

56 bytes from 8.1.1.1: icmp_seq=1 ttl=254 time=4.000 ms

56 bytes from 8.1.1.1: icmp_seq=2 ttl=254 time=3.000 ms

56 bytes from 8.1.1.1: icmp_seq=3 ttl=254 time=3.000 ms

56 bytes from 8.1.1.1: icmp_seq=4 ttl=254 time=3.000 ms

--- Ping statistics for 8.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 3.000/4.400/9.000/2.332 ms

Example: Configuring dynamic BGP peers

Network configuration

As shown in Figure 123, Router A needs to establish IBGP peer relationships with Router B, Router C, and Router D in network 10.1.0.0/16. Configure dynamic BGP peers to simplify the configuration.

Configure Router A as the route reflector, and configure Router B, Router C, and Router D as its clients.

Figure 123 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure IBGP peer relationships:

# Configure Router A to establish dynamic BGP peer relationships with routers in network 10.1.0.0/16.

<RouterA> system-view

[RouterA] bgp 200

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 10.1.0.0 16 as-number 200

[RouterA-bgp-default] address-family ipv4

[RouterA-bgp-default-ipv4] peer 10.1.0.0 16 enable

# Configure Router B to establish an IBGP peer relationship with Router A.

<RouterB> system-view

[RouterB] bgp 200

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 10.1.1.1 as-number 200

[RouterB-bgp-default] address-family ipv4

[RouterB-bgp-default-ipv4] peer 10.1.1.1 enable

# Configure Router C to establish an IBGP peer relationship with Router A.

<RouterC> system-view

[RouterC] bgp 200

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 10.1.2.1 as-number 200

[RouterC-bgp-default] address-family ipv4

[RouterC-bgp-default-ipv4] peer 10.1.2.1 enable

# Configure Router D to establish an IBGP peer relationship with Router A.

<RouterD> system-view

[RouterD] bgp 200

[RouterD-bgp-default] router-id 4.4.4.4

[RouterD-bgp-default] peer 10.1.3.1 as-number 200

[RouterD-bgp-default] address-family ipv4

[RouterD-bgp-default-ipv4] peer 10.1.3.1 enable

# Display BGP peer information on Router A. The output shows that Router A has established IBGP peer relationships with Router B, Router C, and Router D.

[RouterA] display bgp peer ipv4

BGP local router ID : 1.1.1.1

Local AS number : 200

Total number of peers : 3 Peers in established state : 3

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

*10.1.1.2 200 7 10 0 0 00:06:09 Established

*10.1.2.2 200 7 10 0 0 00:06:09 Established

*10.1.3.2 200 7 10 0 0 00:06:09 Established

3. Configure Router A as the route reflector, and configure peers in network 10.1.0.0/16 as its clients.

[RouterA-bgp-default-ipv4] peer 10.1.0.0 16 reflect-client

4. Configure Router C to advertise network 9.1.1.0/24.

[RouterC-bgp-default-ipv4] network 9.1.1.0 24

Verifying the configuration

# Verify that route 9.1.1.0/24 exists in the BGP routing table on Router A, Router B, Router D. This example uses Router A.

[RouterA-bgp-default] display bgp routing-table ipv4

Total Number of Routes: 1

BGP Local router ID is 1.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* i 9.1.1.0/24 10.1.2.2 0 100 0 ?

Example: Configuring BGP route summarization

Network configuration

As shown in Figure 124, run EBGP between Router C and Router D, so the internal network and external network can communicate with each other.

· In AS 65106, perform the following configurations so the devices in the internal network can communicate:

¡ Configure static routing between Router A and Router B.

¡ Configure OSPF between Router B and Router C.

¡ Configure OSPF to redistribute static routes.

· Configure route summarization on Router C so BGP advertises a summary route instead of advertising routes to the 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 networks to Router D.

Figure 124 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure static routing between Router A and Router B:

# Configure a default route with the next hop 192.168.212.1 on Router A.

<RouterA> system-view

[RouterA] ip route-static 0.0.0.0 0 192.168.212.1

# Configure static routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 with the same next hop 192.168.212.161 on Router B.

<RouterB> system-view

[RouterB] ip route-static 192.168.64.0 24 192.168.212.161

[RouterB] ip route-static 192.168.74.0 24 192.168.212.161

[RouterB] ip route-static 192.168.99.0 24 192.168.212.161

3. Configure OSPF between Router B and Router C and configure OSPF on Router B to redistribute static routes:

# Configure OSPF to advertise the local network and enable OSPF to redistribute static routes on Router B.

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 172.17.100.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] import-route static

[RouterB-ospf-1] quit

# Configure OSPF to advertise local networks on Router C.

[RouterC] ospf

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 172.17.100.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] network 10.220.2.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

# Display the IP routing table on Router C.

[RouterC] display ip routing-table protocol ospf

Summary count : 5

OSPF Routing table status : <Active>

Summary count : 3

Destination/Mask Proto Pre Cost NextHop Interface

192.168.64.0/24 O_ASE2 150 1 172.17.100.1 XGE3/0/1

192.168.74.0/24 O_ASE2 150 1 172.17.100.1 XGE3/0/1

192.168.99.0/24 O_ASE2 150 1 172.17.100.1 XGE3/0/1

OSPF Routing table status : <Inactive>

Summary count : 2

Destination/Mask Proto Pre Cost NextHop Interface

10.220.2.0/24 O_INTRA 10 1 10.220.2.16 XGE3/0/2

172.17.100.0/24 O_INTRA 10 1 172.17.100.2 XGE3/0/1

The output shows that Router C has learned routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 through OSPF.

4. Configure BGP between Router C and Router D and configure BGP on Router C to redistribute OSPF routes:

# On Router C, enable BGP, specify Router D as an EBGP peer, and configure BGP to redistribute OSPF routes.

[RouterC] bgp 65106

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 10.220.2.217 as-number 64631

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 10.220.2.217 enable

[RouterC-bgp-default-ipv4] import-route ospf

# Enable BGP, and configure Router C as an EBGP peer on Router D.

[RouterD] bgp 64631

[RouterD-bgp-default] router-id 4.4.4.4

[RouterD-bgp-default] peer 10.220.2.16 as-number 65106

[RouterD-bgp-default] address-family ipv4 unicast

[RouterD-bgp-default-ipv4] peer 10.220.2.16 enable

[RouterD-bgp-default-ipv4] quit

[RouterD-bgp-default] quit

# Display routing table information on Router D.

[RouterD] display ip routing-table protocol bgp

Summary count : 3

BGP Routing table status : <Active>

Summary count : 3

Destination/Mask Proto Pre Cost NextHop Interface

192.168.64.0/24 BGP 255 1 10.220.2.16 XGE3/0/1

192.168.74.0/24 BGP 255 1 10.220.2.16 XGE3/0/1

192.168.99.0/24 BGP 255 1 10.220.2.16 XGE3/0/1

BGP Routing table status : <Inactive>

Summary count : 0

The output shows that Router D has learned routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 through BGP.

# Ping the hosts on networks 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 from Router D. The ping operations succeed.

5. Configure route summarization on Router C to summarize 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 into a single route 192.168.64.0/18, and disable advertisement of specific routes.

[RouterC-bgp-default-ipv4] aggregate 192.168.64.0 18 detail-suppressed

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

Verifying the configuration

# Display IP routing table information on Router C.

[RouterC] display ip routing-table | include 192.168

192.168.64.0/18 BGP 130 0 127.0.0.1 NULL0

192.168.64.0/24 O_ASE2 150 1 172.17.100.1 XGE3/0/1

192.168.74.0/24 O_ASE2 150 1 172.17.100.1 XGE3/0/1

192.168.99.0/24 O_ASE2 150 1 172.17.100.1 XGE3/0/1

The output shows that Router C has a summary route 192.168.64.0/18 with the output interface Null 0.

# Display the IP routing table information on Router D.

[RouterD] display ip routing-table protocol bgp

Summary count : 1

BGP Routing table status : <Active>

Summary count : 1

Destination/Mask Proto Pre Cost NextHop Interface

192.168.64.0/18 BGP 255 0 10.220.2.16 XGE3/0/1

BGP Routing table status : <Inactive>

Summary count : 0

The output shows that Router D has only one route 192.168.64.0/18 to AS 65106.

# Verify that Router D can ping the hosts on subnets 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24. (Details not shown.)

Example: Configuring multicast BGP

Network configuration

As shown in Figure 125, OSPF runs within AS 100 and AS 200 to ensure intra-AS connectivity. MBGP runs between the two ASs to exchange IPv4 unicast routes used for RPF check.

· Configure the Loopback 0 interface of Router A and Router B as the C-BSR and C-RP.

· Configure Router A and Router B to establish a Multicast Source Discovery Protocol (MSDP) peer relationship through MBGP, so that the receiver can receive multicast traffic from the source.

Figure 125 Network diagram

‌

Table 16 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Source	N/A	10.110.1.100/24	Router C	XGE3/0/1	10.110.2.1/24
Router A	XGE3/0/1	10.110.1.1/24		XGE3/0/2	192.168.2.2/24
	XGE3/0/2	192.168.1.1/24		XGE3/0/3	192.168.4.1/24
	Loop0	1.1.1.1/32		Loop0	3.3.3.3/32
Router B	XGE3/0/1	192.168.1.2/24	Router D	XGE3/0/1	192.168.3.2/24
	XGE3/0/2	192.168.3.1/24		XGE3/0/2	192.168.4.2/24
	XGE3/0/3	192.168.2.1/24		Loop0	4.4.4.4/32
	Loop0	2.2.2.2/32

‌

Procedure

1. Configure IP addresses for interfaces and configure OSPF (this example uses OSPF process 1) in AS 200 to ensure intra-AS connectivity. (Details not shown.)

2. Enable IP multicast routing, PIM-SM, and IGMP, and configure BSR boundaries:

# On Router A, enable multicast routing globally, and enable PIM-SM on interfaces.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B and Router D in the same way that Router A was configured.

# On Router C, enable multicast routing globally.

<RouterC> system-view

[RouterC] multicast routing

[RouterC-mrib] quit

# Enable PIM-SM on interfaces, and enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] pim sm

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] pim sm

[RouterC-Ten-GigabitEthernet3/0/3] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] pim sm

[RouterC-Ten-GigabitEthernet3/0/1] igmp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Configure the BSR boundary on Router A.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure the BSR boundary on Router B.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] pim bsr-boundary

[RouterB-Ten-GigabitEthernet3/0/1] quit

3. Configure Loopback 0, C-BSR, and C-RP:

# Configure the Loopback 0 interface and specify it as the C-BSR and C-RP on Router A.

[RouterA] interface loopback 0

[RouterA-LoopBack0] ip address 1.1.1.1 32

[RouterA-LoopBack0] pim sm

[RouterA-LoopBack0] quit

[RouterA] pim

[RouterA-pim] c-bsr 1.1.1.1

[RouterA-pim] c-rp 1.1.1.1

[RouterA-pim] quit

# Configure the Loopback 0 interface and specify it as the C-BSR and C-RP on Router B.

[RouterB] interface loopback 0

[RouterB-LoopBack0] ip address 2.2.2.2 32

[RouterB-LoopBack0] pim sm

[RouterB-LoopBack0] quit

[RouterB] pim

[RouterB-pim] c-bsr 2.2.2.2

[RouterB-pim] c-rp 2.2.2.2

[RouterB-pim] quit

4. Configure BGP to establish BGP IPv4 multicast peers and redistribute routes:

# On Router A, establish an EBGP session to Router B.

[RouterA] bgp 100

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 192.168.1.2 as-number 200

# Enable exchange of IPv4 unicast routes used for RPF check with Router B.

[RouterA-bgp-default] address-family ipv4 multicast

[RouterA-bgp-default-mul-ipv4] peer 192.168.1.2 enable

# Redistribute direct routes into BGP.

[RouterA-bgp-default-mul-ipv4] import-route direct

[RouterA-bgp-default-mul-ipv4] quit

[RouterA-bgp-default] quit

# On Router B, establish an EBGP session to Router A.

[RouterB] bgp 200

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 192.168.1.1 as-number 100

# Enable exchange of IPv4 unicast routes used for RPF check with Router B.

[RouterB-bgp-default] address-family ipv4 multicast

[RouterB-bgp-default-mul-ipv4] peer 192.168.1.1 enable

# Redistribute OSPF routes into BGP.

[RouterB-bgp-default-mul-ipv4] import-route ospf 1

[RouterB-bgp-default-mul-ipv4] quit

[RouterB-bgp-default] quit

5. Configure MSDP peers:

# Configure an MSDP peer on Router A.

[RouterA] msdp

[RouterA-msdp] peer 192.168.1.2 connect-interface ten-gigabitethernet 3/0/2

[RouterA-msdp] quit

# Configure an MSDP peer on Router B.

[RouterB] msdp

[RouterB-msdp] peer 192.168.1.1 connect-interface ten-gigabitethernet 3/0/1

[RouterB-msdp] quit

Verifying the configuration

# Verify the BGP IPv4 multicast peer information on Router B.

[RouterB] display bgp peer ipv4 multicast

BGP local router ID : 2.2.2.2

Local AS number : 200

Total number of peers : 1 Peers in established state : 1

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

192.168.1.1 100 56 56 0 0 00:40:54 Established

# Verify the MSDP peer information on Router B.

[RouterB] display msdp brief

Configured Established Listen Connect Shutdown Disabled

1 1 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

192.168.1.1 Established 00:07:17 100 1 0

Basic IPv6 BGP network configuration examples

Example: Configuring IPv6 BGP basics

Network configuration

As shown in Figure 126, all routers run BGP. Run EBGP between Router A and Router B, and run IBGP between Router B and Router C to allow Router C to access network 50::/64 connected to Router A.

Figure 126 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure IBGP:

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 65009

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 9::2 as-number 65009

[RouterB-bgp-default] address-family ipv6

[RouterB-bgp-default-ipv6] peer 9::2 enable

[RouterB-bgp-default-ipv6] quit

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 65009

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 9::1 as-number 65009

[RouterC-bgp-default] address-family ipv6

[RouterC-bgp-default-ipv6] peer 9::1 enable

3. Configure EBGP:

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 65008

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 10::1 as-number 65009

[RouterA-bgp-default] address-family ipv6

[RouterA-bgp-default-ipv6] peer 10::1 enable

# Configure Router B.

[RouterB-bgp-default] peer 10::2 as-number 65008

[RouterB-bgp-default] address-family ipv6

[RouterB-bgp-default-ipv6] peer 10::2 enable

4. Inject network routes to the BGP routing table:

# Configure Router A.

[RouterA-bgp-default-ipv6] network 10:: 64

[RouterA-bgp-default-ipv6] network 50:: 64

[RouterA-bgp-default-ipv6] quit

[RouterA-bgp-default] quit

# Configure Router B.

[RouterB-bgp-default-ipv6] network 10:: 64

[RouterB-bgp-default-ipv6] network 9:: 64

[RouterB-bgp-default-ipv6] quit

[RouterB-bgp-default] quit

# Configure Router C.

[RouterC-bgp-default-ipv6] network 9:: 64

[RouterC-bgp-default-ipv6] quit

[RouterC-bgp-default] quit

Verifying the configuration

# Display IPv6 BGP peer information on Router B.

[RouterB] display bgp peer ipv6

BGP local router ID: 2.2.2.2

Local AS number: 65009

Total number of peers: 2 Peers in established state: 2

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

9::2 65009 41 43 0 1 00:29:00 Established

10::2 65008 38 38 0 2 00:27:20 Established

The output shows that Router A and Router B have established an EBGP connection, and Router B and Router C have established an IBGP connection.

# Display IPv6 BGP routing table information on Router A.

[RouterA] display bgp routing-table ipv6

Total number of routes: 4

BGP local router ID is 1.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

* >e Network : 9:: PrefixLen : 64

NextHop : 10::1 LocPrf :

PrefVal : 0 OutLabel : NULL

MED : 0

Path/Ogn: 65009i

* > Network : 10:: PrefixLen : 64

NextHop : :: LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: i

* e Network : 10:: PrefixLen : 64

NextHop : 10::1 LocPrf :

PrefVal : 0 OutLabel : NULL

MED : 0

Path/Ogn: 65009i

* > Network : 50:: PrefixLen : 64

NextHop : :: LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: i

The output shows that Router A has learned routing information of AS 65009.

# Display IPv6 BGP routing table information on Router C.

[RouterC] display bgp routing-table ipv6

Total number of routes: 4

BGP local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

* > Network : 9:: PrefixLen : 64

NextHop : :: LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: i

* i Network : 9:: PrefixLen : 64

NextHop : 9::1 LocPrf : 100

PrefVal : 0 OutLabel : NULL

MED : 0

Path/Ogn: i

* >i Network : 10:: PrefixLen : 64

NextHop : 9::1 LocPrf : 100

PrefVal : 0 OutLabel : NULL

MED : 0

Path/Ogn: i

* >i Network : 50:: PrefixLen : 64

NextHop : 10::2 LocPrf : 100

PrefVal : 0 OutLabel : NULL

MED : 0

Path/Ogn: 65008i

The output shows that Router C has learned the route 50::/64.

# Verify that Router C can ping hosts on network 50::/64. (Details not shown.)

Example: Configuring IPv6 multicast BGP

Network configuration

As shown in Figure 127, OSPFv3 runs within AS 100 and AS 200 to ensure intra-AS connectivity. IPv6 MBGP runs between the two ASs to exchange IPv6 unicast routes used for RPF check.

Enable Anycast RP on Router A and Router B.

Figure 127 Network diagram

‌

Table 17 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Source	N/A	1002::100/64	Router B	XGE3/0/1	1001::2/64
Router A	XGE3/0/1	1002::1/64		XGE3/0/2	2002::1/64
	XGE3/0/2	1001::1/64		XGE3/0/3	2001::1/64
	Loop0	1:1::1/128		Loop0	1:1::1/128
	Loop1	1:1::2/128		Loop1	2:2::2/128
Router C	XGE3/0/1	3002::1/64	Router D	XGE3/0/1	2002::2/64
	XGE3/0/2	2001::2/64		XGE3/0/2	3001::2/64
	XGE3/0/3	3001::1/64

‌

Procedure

1. Configure IPv6 addresses for interfaces and configure OSPFv3 (this example uses OSPFv3 process 1) in AS 200 to ensure intra-AS connectivity. (Details not shown.)

2. Enable IPv6 multicast routing, IPv6 PIM-SM, and MLD, and configure BSR boundaries:

# On Router A, enable IPv6 multicast routing globally, and enable IPv6 PIM-SM on interfaces.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] ipv6 pim sm

[RouterA-LoopBack0] quit

# Configure Router B and Router D in the same way that Router A was configured.

# On Router C, enable IPv6 multicast routing globally.

<RouterC> system-view

[RouterC] ipv6 multicast routing

[RouterC-mrib6] quit

# Enable IPv6 PIM-SM on interfaces, and enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] ipv6 pim sm

[RouterC-Ten-GigabitEthernet3/0/3] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterC-Ten-GigabitEthernet3/0/1] mld enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Configure the BSR boundary on Router A.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim bsr-boundary

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure the BSR boundary on Router B.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 pim bsr-boundary

[RouterB-Ten-GigabitEthernet3/0/1] quit

3. Enable Anycast RP, and specify C-BSR and C-RP:

# Configure Router A.

[RouterA] ipv6 pim

[RouterA-pim6] anycast-rp 1:1::1 1:1::2

[RouterA-pim6] anycast-rp 1:1::1 2:2::2

[RouterA-pim6] c-bsr 1:1::1

[RouterA-pim6] c-rp 1:1::1

[RouterA-pim6] quit

# Configure Router B.

[RouterB] ipv6 pim

[RouterB-pim6] anycast-rp 1:1::1 1:1::2

[RouterB-pim6] anycast-rp 1:1::1 2:2::2

[RouterB-pim6] c-bsr 1:1::1

[RouterB-pim6] c-rp 1:1::1

[RouterB-pim6] quit

4. Configure BGP to establish BGP IPv6 multicast peers and redistribute routes:

# On Router A, establish an EBGP session to Router B.

[RouterA] bgp 100

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 1001::2 as-number 200

# Enable exchange of IPv6 unicast routes used for RPF check with Router B.

[RouterA-bgp-default] address-family ipv6 multicast

[RouterA-bgp-default-mul-ipv6] peer 1001::2 enable

# Redistribute direct routes into BGP.

[RouterA-bgp-default-mul-ipv6] import-route direct

[RouterA-bgp-default-mul-ipv6] quit

# On Router B, establish an EBGP session to Router A.

[RouterB] bgp 200

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 1001::1 as-number 100

# Enable exchange of IPv6 unicast routes used for RPF check with Router B.

[RouterB-bgp-default] address-family ipv6 multicast

[RouterB-bgp-default-mul-ipv6] peer 1001::1 enable

# Redistribute OSPFv3 routes into BGP.

[RouterB-bgp-default-mul-ipv6] import-route ospfv3 1

[RouterB-bgp-default-mul-ipv6] quit

5. Establish BGP IPv6 unicast peer relationships between Router A and Router B and redistribute routes:

# On Router A, enable BGP to exchange IPv6 unicast routes with Router B, and redistribute direct routes into BGP.

[RouterA-bgp-default] address-family ipv6 unicast

[RouterA-bgp-default-ipv6] peer 1001::2 enable

[RouterA-bgp-default-ipv6] import-route direct

[RouterA-bgp-default-ipv6] quit

[RouterA-bgp-default] quit

# On Router B, enable BGP to exchange IPv6 unicast routes with Router A, and redistribute direct routes into BGP.

[RouterB-bgp-default] address-family ipv6 unicast

[RouterB-bgp-default-ipv6] peer 1001::1 enable

[RouterB-bgp-default-ipv6] import-route direct

[RouterB-bgp-default-ipv6] quit

[RouterB-bgp-default] quit

Verifying the configuration

# Verify the BGP IPv6 multicast peer information on Router B.

[RouterB] display bgp peer ipv6 multicast

BGP local router ID : 2.2.2.2

Local AS number : 200

Total number of peers : 3 Peers in established state : 3

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

1001::1 100 56 56 0 0 00:40:54 Established

# Verify the RPF information for the multicast source on Router B.

[RouterB] display ipv6 multicast rpf-info 1002::1

RPF information about source 1002::1:

RPF interface: XGE3/0/1, RPF neighbor: 1001::1

Referenced prefix/prefix length: 1002::/64

Referenced route type: mbgp

Route selection rule: preference-preferred

Load splitting rule: disable

Large-scale BGP network configuration examples

Example: Configuring BGP communities

Network configuration

As shown in Figure 128, Router B establishes EBGP connections to Router A and Router C. Configure NO_EXPORT community attribute on Router A so that AS 20 does not advertise routes received from AS 10 to any other AS.

Figure 128 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure EBGP connections:

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 10

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 200.1.2.2 as-number 20

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 200.1.2.2 enable

[RouterA-bgp-default-ipv4] network 9.1.1.0 255.255.255.0

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 20

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 200.1.2.1 as-number 10

[RouterB-bgp-default] peer 200.1.3.2 as-number 30

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 200.1.2.1 enable

[RouterB-bgp-default-ipv4] peer 200.1.3.2 enable

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 30

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 200.1.3.1 as-number 20

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 200.1.3.1 enable

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

# Display the BGP route 9.1.1.0 on Router B.

[RouterB] display bgp routing-table ipv4 9.1.1.0

BGP local router ID: 2.2.2.2

Local AS number: 20

Paths: 1 available, 1 best

BGP routing table information of 9.1.1.0/24:

From : 200.1.2.1 (1.1.1.1)

Rely nexthop : 200.1.2.1

Original nexthop: 200.1.2.1

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h43m31s

OutLabel : NULL

AS-path : 10

Origin : igp

Attribute value : MED 0, pref-val 0

State : valid, external, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

# Display advertisement information for the route 9.1.1.0 on Router B.

[RouterB] display bgp routing-table ipv4 9.1.1.0 advertise-info

BGP local router ID: 2.2.2.2

Local AS number: 20

Paths: 1 best

BGP routing table information of 9.1.1.0/24:

Advertised to peers (1 in total):

200.1.3.2

The output shows that Router B can advertise the route with the destination 9.1.1.0/24 to other ASs through BGP.

# Display the BGP routing table on Router C.

[RouterC] display bgp routing-table ipv4

Total number of routes: 1

BGP local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 9.1.1.0/24 200.1.3.1 0 20 10i

Router C has learned the route to the destination 9.1.1.0/24 from Router B.

3. Configure the BGP COMMUNITY attribute:

# Configure a routing policy.

[RouterA] route-policy comm_policy permit node 0

[RouterA-route-policy-comm_policy-0] apply community no-export

[RouterA-route-policy-comm_policy-0] quit

# Apply the routing policy.

[RouterA] bgp 10

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 200.1.2.2 route-policy comm_policy export

[RouterA-bgp-default-ipv4] peer 200.1.2.2 advertise-community

Verifying the configuration

# Display the BGP route 9.1.1.0 on Router B.

[RouterB] display bgp routing-table ipv4 9.1.1.0

BGP local router ID: 2.2.2.2

Local AS number: 20

Paths: 1 available, 1 best

BGP routing table information of 9.1.1.0/24:

From : 200.1.2.1 (1.1.1.1)

Rely nexthop : 200.1.2.1

Original nexthop: 200.1.2.1

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h43m31s

OutLabel : NULL

Community : No-Export

AS-path : 10

Origin : igp

Attribute value : MED 0, pref-val 0

State : valid, external, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

# Display advertisement information for the route 9.1.1.0 on Router B.

[RouterB] display bgp routing-table ipv4 9.1.1.0 advertise-info

BGP local router ID: 2.2.2.2

Local AS number: 20

Paths: 1 best

BGP routing table information of 9.1.1.0/24:

Not advertised to any peers yet

# Display the BGP routing table on Router C.

[RouterC] display bgp routing-table ipv4

Total number of routes: 0

The output shows that BGP has not learned any route.

Example: Configuring BGP route reflector

Network configuration

As shown in Figure 129, all routers run BGP. Run EBGP between Router A and Router B, run IBGP between Router C and Router B, and between Router C and Router D.

Configure Router C as a route reflector with clients Router B and D to allow Router D to learn route 20.0.0.0/8 from Router C.

Figure 129 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces and configure OSPF in AS 200. (Details not shown.)

2. Configure BGP connections:

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 100

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 192.1.1.2 as-number 200

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 192.1.1.2 enable

# Inject network 20.0.0.0/8 to the BGP routing table.

[RouterA-bgp-default-ipv4] network 20.0.0.0

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 200

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 192.1.1.1 as-number 100

[RouterB-bgp-default] peer 193.1.1.1 as-number 200

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 192.1.1.1 enable

[RouterB-bgp-default-ipv4] peer 193.1.1.1 enable

[RouterB-bgp-default-ipv4] peer 193.1.1.1 next-hop-local

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 200

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 193.1.1.2 as-number 200

[RouterC-bgp-default] peer 194.1.1.2 as-number 200

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 193.1.1.2 enable

[RouterC-bgp-default-ipv4] peer 194.1.1.2 enable

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

# Configure Router D.

<RouterD> system-view

[RouterD] bgp 200

[RouterD-bgp-default] router-id 4.4.4.4

[RouterD-bgp-default] peer 194.1.1.1 as-number 200

[RouterD-bgp-default] address-family ipv4 unicast

[RouterD-bgp-default-ipv4] peer 194.1.1.1 enable

[RouterD-bgp-default-ipv4] quit

[RouterD-bgp-default] quit

3. Configure Router C as the route reflector.

[RouterC] bgp 200

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 193.1.1.2 reflect-client

[RouterC-bgp-default-ipv4] peer 194.1.1.2 reflect-client

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

Verifying the configuration

# Display the BGP routing table on Router B.

[RouterB] display bgp routing-table ipv4

Total number of routes: 1

BGP local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 20.0.0.0 192.1.1.1 0 0 100i

# Display the BGP routing table on Router D.

[RouterD] display bgp routing-table ipv4

Total number of routes: 1

BGP local router ID is 4.4.4.4

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 20.0.0.0 193.1.1.2 0 100 0 100i

The output shows that Router D has learned the route 20.0.0.0/8 from Router C.

Example: Configuring BGP confederation

Network configuration

As shown in Figure 130, split AS 200 into three sub-ASs (AS 65001, AS 65002, and AS 65003) to reduce IBGP connections. Routers in AS 65001 are fully meshed.

Figure 130 Network diagram

‌

Table 18 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	10.1.2.1/24	Router D	XGE3/0/1	10.1.5.1/24
	XGE3/0/2	10.1.3.1/24		XGE3/0/2	10.1.3.2/24
	XGE3/0/3	10.1.4.1/24	Router E	XGE3/0/1	10.1.5.2/24
	XGE3/0/4	200.1.1.1/24		XGE3/0/2	10.1.4.2/24
	XGE3/0/5	10.1.1.1/24	Router F	XGE3/0/1	9.1.1.1/24
Router B	XGE3/0/1	10.1.1.2/24		XGE3/0/2	200.1.1.2/24
Router C	XGE3/0/1	10.1.2.2/24

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure the BGP confederation:

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 65001

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] confederation id 200

[RouterA-bgp-default] confederation peer-as 65002 65003

[RouterA-bgp-default] peer 10.1.1.2 as-number 65002

[RouterA-bgp-default] peer 10.1.2.2 as-number 65003

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 10.1.1.2 enable

[RouterA-bgp-default-ipv4] peer 10.1.2.2 enable

[RouterA-bgp-default-ipv4] peer 10.1.1.2 next-hop-local

[RouterA-bgp-default-ipv4] peer 10.1.2.2 next-hop-local

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 65002

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] confederation id 200

[RouterB-bgp-default] confederation peer-as 65001 65003

[RouterB-bgp-default] peer 10.1.1.1 as-number 65001

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 10.1.1.1 enable

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 65003

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] confederation id 200

[RouterC-bgp-default] confederation peer-as 65001 65002

[RouterC-bgp-default] peer 10.1.2.1 as-number 65001

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 10.1.2.1 enable

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

3. Configure IBGP connections in AS65001:

# Configure Router A.

[RouterA] bgp 65001

[RouterA-bgp-default] peer 10.1.3.2 as-number 65001

[RouterA-bgp-default] peer 10.1.4.2 as-number 65001

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 10.1.3.2 enable

[RouterA-bgp-default-ipv4] peer 10.1.4.2 enable

[RouterA-bgp-default-ipv4] peer 10.1.3.2 next-hop-local

[RouterA-bgp-default-ipv4] peer 10.1.4.2 next-hop-local

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router D.

<RouterD> system-view

[RouterD] bgp 65001

[RouterD-bgp-default] router-id 4.4.4.4

[RouterD-bgp-default] confederation id 200

[RouterD-bgp-default] peer 10.1.3.1 as-number 65001

[RouterD-bgp-default] peer 10.1.5.2 as-number 65001

[RouterD-bgp-default] address-family ipv4 unicast

[RouterD-bgp-default-ipv4] peer 10.1.3.1 enable

[RouterD-bgp-default-ipv4] peer 10.1.5.2 enable

[RouterD-bgp-default-ipv4] quit

[RouterD-bgp-default] quit

# Configure Router E.

<RouterE> system-view

[RouterE] bgp 65001

[RouterE-bgp-default] router-id 5.5.5.5

[RouterE-bgp-default] confederation id 200

[RouterE-bgp-default] peer 10.1.4.1 as-number 65001

[RouterE-bgp-default] peer 10.1.5.1 as-number 65001

[RouterE-bgp-default] address-family ipv4 unicast

[RouterE-bgp-default-ipv4] peer 10.1.4.1 enable

[RouterE-bgp-default-ipv4] peer 10.1.5.1 enable

[RouterE-bgp-default-ipv4] quit

[RouterE-bgp-default] quit

4. Configure the EBGP connection between AS 100 and AS 200:

# Configure Router A.

[RouterA] bgp 65001

[RouterA-bgp-default] peer 200.1.1.2 as-number 100

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 200.1.1.2 enable

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router F.

<RouterF> system-view

[RouterF] bgp 100

[RouterF-bgp-default] router-id 6.6.6.6

[RouterF-bgp-default] peer 200.1.1.1 as-number 200

[RouterF-bgp-default] address-family ipv4 unicast

[RouterF-bgp-default-ipv4] peer 200.1.1.1 enable

[RouterF-bgp-default-ipv4] network 9.1.1.0 255.255.255.0

[RouterF-bgp-default-ipv4] quit

[RouterF-bgp-default] quit

Verifying the configuration

# Display the BGP routing table on Router B.

[RouterB] display bgp routing-table ipv4

Total number of routes: 1

BGP local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 9.1.1.0/24 10.1.1.1 0 100 0 (65001)

100i

[RouterB] display bgp routing-table ipv4 9.1.1.0

BGP local router ID: 2.2.2.2

Local AS number: 65002

Paths: 1 available, 1 best

BGP routing table information of 9.1.1.0/24:

From : 10.1.1.1 (1.1.1.1)

Rely nexthop : 10.1.1.1

Original nexthop: 10.1.1.1

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h22m43s

OutLabel : NULL

AS-path : (65001) 100

Origin : igp

Attribute value : MED 0, localpref 100, pref-val 0, pre 255

State : valid, external-confed, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

# Display the BGP routing table on Router D.

[RouterD] display bgp routing-table ipv4

Total number of routes: 1

BGP local router ID is 4.4.4.4

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 9.1.1.0/24 10.1.3.1 0 100 0 100i

[RouterD] display bgp routing-table ipv4 9.1.1.0

BGP local router ID: 4.4.4.4

Local AS number: 65001

Paths: 1 available, 1 best

BGP routing table information of 9.1.1.0/24:

From : 10.1.3.1 (1.1.1.1)

Rely nexthop : 10.1.3.1

Original nexthop: 10.1.3.1

Out interface : Ten-GigabitEthernet3/0/2

Route age : 01h43m32s

OutLabel : NULL

AS-path : 100

Origin : igp

Attribute value : MED 0, localpref 100, pref-val 0, pre 255

State : valid, internal-confed, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

The output shows the following:

· Router F can send route information to Router B and Router C through the confederation by establishing only an EBGP connection with Router A.

· Router B and Router D are in the same confederation, but belong to different sub-ASs. They obtain external route information from Router A and generate identical BGP route entries although they have no direct connection in between.

BGP path selection control configuration examples

Example: Configuring BGP path selection

Network configuration

As shown in Figure 131, all routers run BGP.

· EBGP runs between Router A and Router B, and between Router A and Router C.

· IBGP runs between Router B and Router D, and between Router D and Router C. OSPF is the IGP in AS 200.

Configure routing policies to make Router D give priority to the route 1.0.0.0/8 learned from Router C.

Figure 131 Network diagram

‌

Table 19 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	1.0.0.1/8	Router D	XGE3/0/1	195.1.1.1/24
	XGE3/0/2	192.1.1.1/24		XGE3/0/2	194.1.1.1/24
	XGE3/0/3	193.1.1.1/24	Router C	XGE3/0/1	193.1.1.2/24
Router B	XGE3/0/1	192.1.1.2/24		XGE3/0/2	195.1.1.2/24
	XGE3/0/2	194.1.1.2/24

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure OSPF on Router B, Router C, and Router D:

# Configure Router B.

<RouterB> system-view

[RouterB] ospf

[RouterB-ospf] area 0

[RouterB-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf] area 0

[RouterC-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] ospf

[RouterD-ospf] area 0

[RouterD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255

[RouterD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255

[RouterD-ospf-1-area-0.0.0.0] quit

[RouterD-ospf-1] quit

3. Configure BGP connections:

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 100

[RouterA-bgp-default] peer 192.1.1.2 as-number 200

[RouterA-bgp-default] peer 193.1.1.2 as-number 200

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 192.1.1.2 enable

[RouterA-bgp-default-ipv4] peer 193.1.1.2 enable

# Inject network 1.0.0.0/8 into the BGP routing table of Router A.

[RouterA-bgp-default-ipv4] network 1.0.0.0 8

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router B.

[RouterB] bgp 200

[RouterB-bgp-default] peer 192.1.1.1 as-number 100

[RouterB-bgp-default] peer 194.1.1.1 as-number 200

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 192.1.1.1 enable

[RouterB-bgp-default-ipv4] peer 194.1.1.1 enable

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# Configure Router C.

[RouterC] bgp 200

[RouterC-bgp-default] peer 193.1.1.1 as-number 100

[RouterC-bgp-default] peer 195.1.1.1 as-number 200

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 193.1.1.1 enable

[RouterC-bgp-default-ipv4] peer 195.1.1.1 enable

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

# Configure Router D.

[RouterD] bgp 200

[RouterD-bgp-default] peer 194.1.1.2 as-number 200

[RouterD-bgp-default] peer 195.1.1.2 as-number 200

[RouterD-bgp-default] address-family ipv4 unicast

[RouterD-bgp-default-ipv4] peer 194.1.1.2 enable

[RouterD-bgp-default-ipv4] peer 195.1.1.2 enable

[RouterD-bgp-default-ipv4] quit

[RouterD-bgp-default] quit

4. Configure local preference for the route 1.0.0.0/8 to make Router D give priority to the route learned from Router C:

# Define IPv4 basic ACL 2000 to permit the route 1.0.0.0/8 on Router C.

[RouterC] acl basic 2000

[RouterC-acl-ipv4-basic-2000] rule permit source 1.0.0.0 0.255.255.255

[RouterC-acl-ipv4-basic-2000] quit

# Define routing policy localpref on Router C to set the local preference of route 1.0.0.0/8 to 200 (the default is 100).

[RouterC] route-policy localpref permit node 10

[RouterC-route-policy-localpref-10] if-match ip address acl 2000

[RouterC-route-policy-localpref-10] apply local-preference 200

[RouterC-route-policy-localpref-10] quit

# Apply the routing policy localpref to the route from the peer 193.1.1.1 on Router C.

[RouterC] bgp 200

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 193.1.1.1 route-policy localpref import

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

# Display the BGP routing table on Router D.

[RouterD] display bgp routing-table ipv4

Total number of routes: 2

BGP local router ID is 195.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 1.0.0.0 193.1.1.1 200 0 100i

* i 192.1.1.1 100 0 100i

The route 1.0.0.0/8 learned from Router C is the optimal route.

BGP network tuning and optimization configuration examples

Example: Configuring BGP load balancing

Network configuration

As shown in Figure 132, run EBGP between Router A and Router B, and between Router A and Router C. Run IBGP between Router B and Router C.

Configure load balancing over the two EBGP links on Router A.

Figure 132 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure BGP connections:

¡ On Router A, establish EBGP connections with Router B and Router C. Configure BGP to advertise network 8.1.1.0/24 to Router B and Router C. This allows Router B and Router C can access the internal network connected to Router A.

¡ On Router B, establish an EBGP connection with Router A and an IBGP connection with Router C. Configure BGP to advertise network 9.1.1.0/24 to Router A, so that Router A can access the intranet through Router B. Configure a static route to interface loopback 0 on Router C (or use a routing protocol like OSPF) to establish the IBGP connection.

¡ On Router C, establish an EBGP connection with Router A and an IBGP connection with Router B. Configure BGP to advertise network 9.1.1.0/24 to Router A, so that Router A can access the intranet through Router C. Configure a static route to interface loopback 0 on Router B (or use another protocol like OSPF) to establish the IBGP connection.

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 65008

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 3.1.1.1 as-number 65009

[RouterA-bgp-default] peer 3.1.2.1 as-number 65009

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 3.1.1.1 enable

[RouterA-bgp-default-ipv4] peer 3.1.2.1 enable

[RouterA-bgp-default-ipv4] network 8.1.1.0 24

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 65009

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 3.1.1.2 as-number 65008

[RouterB-bgp-default] peer 3.3.3.3 as-number 65009

[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 3.1.1.2 enable

[RouterB-bgp-default-ipv4] peer 3.3.3.3 enable

[RouterB-bgp-default-ipv4] network 9.1.1.0 24

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

[RouterB] ip route-static 3.3.3.3 32 9.1.1.2

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 65009

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 3.1.2.2 as-number 65008

[RouterC-bgp-default] peer 2.2.2.2 as-number 65009

[RouterC-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 3.1.2.2 enable

[RouterC-bgp-default-ipv4] peer 2.2.2.2 enable

[RouterC-bgp-default-ipv4] network 9.1.1.0 24

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

[RouterC] ip route-static 2.2.2.2 32 9.1.1.1

# Display the BGP routing table on Router A.

[RouterA] display bgp routing-table ipv4

Total number of routes: 3

BGP local router ID is 1.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* > 8.1.1.0/24 8.1.1.1 0 32768 i

* >e 9.1.1.0/24 3.1.1.1 0 0 65009i

* e 3.1.2.1 0 0 65009i

¡ The output shows two valid routes to destination 9.1.1.0/24. The route with next hop 3.1.1.1 is marked with a greater-than sign (>), indicating that it is the optimal route. The route with next hop 3.1.2.1 is marked with an asterisk (*), indicating that it is a valid route, but not the optimal route.

¡ By using the display ip routing-table command, you can find there is only one route to 9.1.1.0/24 with next hop 3.1.1.1 and output interface Ten-GigabitEthernet 3/0/2.

3. On Router A, configure the maximum number of ECMP routes destined for AS 65009 as 2 to improve link usage.

[RouterA] bgp 65008

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] balance 2

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

Verifying the configuration

# Display the BGP routing table on Router A.

[RouterA] display bgp routing-table ipv4

Total number of routes: 3

BGP local router ID is 1.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* > 8.1.1.0/24 8.1.1.1 0 32768 i

* >e 9.1.1.0/24 3.1.1.1 0 0 65009i

* >e 3.1.2.1 0 0 65009i

· The output shows that there are two valid routes to the destination 9.1.1.0/24, and both of them are the optimal routes.

· By using the display ip routing-table command, you can find there are two routes to 9.1.1.0/24. One has next hop 3.1.1.1 and output interface Ten-GigabitEthernet 3/0/2, and the other has next hop 3.1.2.1 and output interface Ten-GigabitEthernet 3/0/3.

Example: Configuring the BGP Additional Paths feature

Network configuration

As shown in Figure 133, all routers run BGP. EBGP runs between Router A and Router B, and between Router A and Router C. IBGP runs between Router B and Router D, between Router C and Router D, and between Router D and Router E. Router D is a route reflector and Router E is its client.

Configure the BGP Additional Paths feature to enable Router E to learn routes with the same prefix and different next hops from Router B and Router C.

Figure 133 Network diagram

‌

Table 20 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	10.1.1.1/24	Router D	XGE3/0/1	30.1.1.1/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/2	40.1.1.1/24
Router B	XGE3/0/1	10.1.1.2/24		XGE3/0/3	50.1.1.1/24
	XGE3/0/2	30.1.1.2/24	Router E	XGE3/0/1	50.1.1.2/24
Router C	XGE3/0/1	20.1.1.2/24
	XGE3/0/2	40.1.1.2/24

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure BGP connections:

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 10

[RouterA-bgp-default] peer 10.1.1.2 as-number 20

[RouterA-bgp-default] peer 20.1.1.2 as-number 20

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 10.1.1.2 enable

[RouterA-bgp-default-ipv4] peer 20.1.1.2 enable

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 20

[RouterB-bgp-default] peer 10.1.1.1 as-number 10

[RouterB-bgp-default] peer 30.1.1.1 as-number 20

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 10.1.1.1 enable

[RouterB-bgp-default-ipv4] peer 30.1.1.1 enable

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 20

[RouterC-bgp-default] peer 20.1.1.1 as-number 10

[RouterC-bgp-default] peer 40.1.1.1 as-number 20

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 20.1.1.1 enable

[RouterC-bgp-default-ipv4] peer 40.1.1.1 enable

# Configure Router D.

<RouterD> system-view

[RouterD] bgp 20

[RouterD-bgp-default] peer 30.1.1.2 as-number 20

[RouterD-bgp-default] peer 40.1.1.2 as-number 20

[RouterD-bgp-default] peer 50.1.1.2 as-number 20

[RouterD-bgp-default] address-family ipv4 unicast

[RouterD-bgp-default-ipv4] peer 30.1.1.2 enable

[RouterD-bgp-default-ipv4] peer 40.1.1.2 enable

[RouterD-bgp-default-ipv4] peer 50.1.1.2 enable

# Configure Router E.

<RouterE> system-view

[RouterE] bgp 20

[RouterE-bgp-default] peer 50.1.1.1 as-number 20

[RouterE-bgp-default] address-family ipv4 unicast

[RouterE-bgp-default-ipv4] peer 50.1.1.1 enable

3. Configure Router A to advertise network 10.1.1.0/24.

[RouterA-bgp-default-ipv4] network 10.1.1.0 24

4. Set the local router as the next hop for routes sent to a peer:

# Configure Router B.

[RouterB-bgp-default-ipv4] peer 30.1.1.1 next-hop-local

# Configure Router C.

[RouterC-bgp-default-ipv4] peer 40.1.1.1 next-hop-local

5. Configure Router D as a route reflector.

[RouterD-bgp-default-ipv4] peer 50.1.1.2 reflect-client

6. Configure the Additional Paths feature:

# Enable the additional path sending capability on Router D.

[RouterD-bgp-default-ipv4] peer 50.1.1.2 additional-paths send

# Set the maximum number to 2 for Add-Path optimal routes that can be advertised.

[RouterD-bgp-default-ipv4] additional-paths select-best 2

# Set the maximum number to 2 for Add-Path optimal routes that can be advertised to peer 50.1.1.2.

[RouterD-bgp-default-ipv4] peer 50.1.1.2 advertise additional-paths best 2

# Enable the additional path receiving capability on Router E.

[RouterE-bgp-default-ipv4] peer 50.1.1.1 additional-paths receive

Verifying the configuration

# Display BGP routing information on Router E.

[Router E] display bgp routing-table ipv4

Total number of routes: 2

BGP local router ID is 50.1.1.2

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

i 10.1.1.0/24 30.1.1.2 0 100 0 10i

i 40.1.1.2 0 100 0 10i

The output shows that Router D has learned two routes with the same prefix and different next hops.

IPv4 BGP security feature configuration examples

Example: Configuring BGP RPKI

Network configuration

As shown in Figure 134, all routers run BGP. Establish a TCP connection between Router A and the RPKI server, and establish an IBGP connection between Router A and Router B.

Configure Router A to advertise the BGP RPKI validation state to Router B, and configure a routing policy to filter routes based on the validation state for Router B.

Figure 134 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces and establish an IBGP connection between Router A and Router B. (Details not shown.)

2. Configure Router A to establish a TCP connection to the RPKI server.

<RouterA> system-view

[RouterA] bgp 100

[RouterA-bgp-default] rpki

[RouterA-bgp-default-rpki] server tcp 1.1.1.2

[RouterA-bgp-default-rpki-server] port 1234

[RouterA-bgp-default-rpki-server] quit

3. Enable BGP RPKI validation on Router A.

[RouterA-bgp-default-rpki] check-origin-validation

[RouterA-bgp-default-rpki] quit

4. Apply the BGP RPKI validation state to optimal route selection.

[RouterA-bgp-default] address-family ipv4

[RouterA-bgp-default-ipv4] bestroute origin-as-validation

5. Configure Router A to advertise the BGP RPKI validation state to peer 1.2.3.2.

[RouterA-bgp-default-ipv4] peer 1.2.3.2 advertise-ext-community

[RouterA-bgp-default-ipv4] peer 1.2.3.2 advertise origin-as-validation

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

6. Configure Router B to permit routes with a BGP RPKI validation state of Valid.

# Configure a routing policy.

<RouterB> system-view

[RouterB] route-policy rpki_policy permit node 0

[RouterB-route-policy-rpki_policy-0] if-match rpki valid

[RouterB-route-policy-rpki_policy-0] quit

# Apply the routing policy.

[RouterB] bgp 100

[RouterB-bgp-default] address-family ipv4

[RouterB-bgp-default-ipv4] peer 1.2.3.1 route-policy rpki_policy import

Verifying the configuration

# Display information about the connection between Router A and the RPKI server.

[RouterA] display bgp rpki server

Server VPN-index Port State Time ROAs(IPv4/IPv6)

1.1.1.2 0 1234 Establish 00:04:43 5/4

The output shows that Router A has established a TCP connection to the RPKI server.

# Display the ROA information on Router A.

[RouterA] display bgp rpki table ipv4

Total number of entries: 5

Status codes: S - stale, U - used

Network Mask-range Origin-AS Server Status

1.2.3.4 8-24 100 1.1.1.2 U

2.2.3.6 8-32 100 1.1.1.2 U

2.2.3.6 10-24 4294967295 1.1.1.2 U

2.2.3.9 20-24 4294967295 1.1.1.2 U

3.2.3.5 8-26 200 1.1.1.2 U

The output shows that Router A has obtained the ROA information from the RPKI server.

# Display the BGP RPKI validation state on Router A.

[RouterA] display bgp routing-table ipv4 1.2.3.0

BGP local router ID: 2.2.2.2

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of 1.2.3.0/24:

Imported route.

Original nexthop: 0.0.0.0

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h28m30s

OutLabel : NULL

RxPathID : 0x0

TxPathID : 0x0

Org-validation : Valid

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, pref-val 32768

State : valid, local, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

The route to 1.2.3.0 matches the ROA with a prefix of 1.2.3.4, a mask length range of 8 to 24, and an origin AS number of 100. Therefore, the BGP RPKI validation state of the route to 1.2.3.0 is Valid.

# On Router B, display detailed information about the BGP IPv4 unicast route to 1.2.3.0.

[RouterB] display bgp routing-table ipv4 1.2.3.0

RR-client route.

From : 1.2.3.1 (192.168.56.22)

Rely nexthop : 1.2.3.1

Original nexthop: 1.2.3.1

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h28m33s

OutLabel : NULL

Ext-Community : <Origin Valid State: Valid >

RxPathID : 0x0

TxPathID : 0x0

Org-validation : Valid

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

The output displays information about the BGP IPv4 unicast route to 1.2.3.0 because Router B permits routes with a BGP RPKI validation state of Valid.

IPv6 BGP security feature configuration examples

Example: Configuring IPsec for IPv6 BGP packets

Network configuration

As shown in Figure 135, all routers run IPv6 BGP. Establish an IBGP connection between Router A and Router B, and establish an EBGP connection between Router B and Router C.

To enhance security, configure IPsec to protect IPv6 BGP packets.

Figure 135 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Establish an IBGP connection between Router A and Router B:

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 65008

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] group ibgp internal

[RouterA-bgp-default] peer 1::2 group ibgp

[RouterA-bgp-default] address-family ipv6 unicast

[RouterA-bgp-default-ipv6] peer ibgp enable

[RouterA-bgp-default-ipv6] quit

[RouterA-bgp-default] quit

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 65008

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] group ibgp internal

[RouterB-bgp-default] peer 1::1 group ibgp

[RouterB-bgp-default] address-family ipv6 unicast

[RouterB-bgp-default-ipv6] peer ibgp enable

[RouterB-bgp-default-ipv6] quit

3. Establish an EBGP connection between Router B and Router C:

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 65009

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] group ebgp external

[RouterC-bgp-default] peer 3::1 as-number 65008

[RouterC-bgp-default] peer 3::1 group ebgp

[RouterC-bgp-default] address-family ipv6 unicast

[RouterC-bgp-default-ipv6] peer ebgp enable

[RouterC-bgp-default-ipv6] quit

[RouterC-bgp-default] quit

# Configure Router B.

[RouterB-bgp-default] group ebgp external

[RouterB-bgp-default] peer 3::2 as-number 65009

[RouterB-bgp-default] peer 3::2 group ebgp

[RouterB-bgp-default] address-family ipv6 unicast

[RouterB-bgp-default-ipv6] peer ebgp enable

[RouterB-bgp-default-ipv6] quit

[RouterB-bgp-default] quit

4. Configure IPsec transform sets and IPsec profiles:

# On Router A, create an IPsec transform set named tran1.

[RouterA] ipsec transform-set tran1

# Set the encapsulation mode to transport mode.

[RouterA-ipsec-transform-set-tran1] encapsulation-mode transport

# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.

[RouterA-ipsec-transform-set-tran1] esp encryption-algorithm des

[RouterA-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[RouterA-ipsec-transform-set-tran1] quit

# Create an IPsec profile named policy001, and specify the manual mode for it.

[RouterA] ipsec profile policy001 manual

# Use IPsec transform set tran1.

[RouterA-ipsec-profile-policy001-manual] transform-set tran1

# Set the SPIs of the inbound and outbound SAs to 12345.

[RouterA-ipsec-profile-policy001-manual] sa spi outbound esp 12345

[RouterA-ipsec-profile-policy001-manual] sa spi inbound esp 12345

# Set the keys for the inbound and outbound SAs using ESP to abcdefg.

[RouterA-ipsec-profile-policy001-manual] sa string-key outbound esp simple abcdefg

[RouterA-ipsec-profile-policy001-manual] sa string-key inbound esp simple abcdefg

[RouterA-ipsec-profile-policy001-manual] quit

# On Router B, create an IPsec transform set named tran1.

[RouterB] ipsec transform-set tran1

# Set the encapsulation mode to transport mode.

[RouterB-ipsec-transform-set-tran1] encapsulation-mode transport

# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.

[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm des

[RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[RouterB-ipsec-transform-set-tran1] quit

# Create IPsec profile named policy001, and specify the manual mode for it.

[RouterB] ipsec profile policy001 manual

# Use IPsec transform set tran1.

[RouterB-ipsec-profile-policy001-manual] transform-set tran1

# Set the SPIs of the inbound and outbound SAs to 12345.

[RouterB-ipsec-profile-policy001-manual] sa spi outbound esp 12345

[RouterB-ipsec-profile-policy001-manual] sa spi inbound esp 12345

# Set the keys for the inbound and outbound SAs using ESP to abcdefg.

[RouterB-ipsec-profile-policy001-manual] sa string-key outbound esp simple abcdefg

[RouterB-ipsec-profile-policy001-manual] sa string-key inbound esp simple abcdefg

[RouterB-ipsec-profile-policy001-manual] quit

# Create an IPsec transform set named tran2.

[RouterB] ipsec transform-set tran2

# Set the encapsulation mode to transport mode.

[RouterB-ipsec-transform-set-tran2] encapsulation-mode transport

# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.

[RouterB-ipsec-transform-set-tran2] esp encryption-algorithm des

[RouterB-ipsec-transform-set-tran2] esp authentication-algorithm sha1

[RouterB-ipsec-transform-set-tran2] quit

# Create IPsec profile named policy002, and specify the manual mode for it.

[RouterB] ipsec profile policy002 manual

# Use IPsec transform set tran2.

[RouterB-ipsec-profile-policy002-manual] transform-set tran2

# Set the SPIs of the inbound and outbound SAs to 54321.

[RouterB-ipsec-profile-policy002-manual] sa spi outbound esp 54321

[RouterB-ipsec-profile-policy002-manual] sa spi inbound esp 54321

# Set the keys for the inbound and outbound SAs using ESP to gfedcba.

[RouterB-ipsec-profile-policy002-manual] sa string-key outbound esp simple gfedcba

[RouterB-ipsec-profile-policy002-manual] sa string-key inbound esp simple gfedcba

[RouterB-ipsec-profile-policy002-manual] quit

# On Router C, create an IPsec transform set named tran2.

[RouterC] ipsec transform-set tran2

# Set the encapsulation mode to transport mode.

[RouterC-ipsec-transform-set-tran2] encapsulation-mode transport

# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.

[RouterC-ipsec-transform-set-tran2] esp encryption-algorithm des

[RouterC-ipsec-transform-set-tran2] esp authentication-algorithm sha1

[RouterC-ipsec-transform-set-tran2] quit

# Create IPsec profile named policy002, and specify the manual mode for it.

[RouterC] ipsec profile policy002 manual

# Use IPsec transform set tran2.

[RouterC-ipsec-profile-policy002-manual] transform-set tran2

# Set the SPIs of the inbound and outbound SAs to 54321.

[RouterC-ipsec-profile-policy002-manual] sa spi outbound esp 54321

[RouterC-ipsec-profile-policy002-manual] sa spi inbound esp 54321

# Set the keys for the inbound and outbound SAs using ESP to gfedcba.

[RouterC-ipsec-profile-policy002-manual] sa string-key outbound esp simple gfedcba

[RouterC-ipsec-profile-policy002-manual] sa string-key inbound esp simple gfedcba

[RouterC-ipsec-profile-policy002-manual] quit

5. Configure IPsec to protect IPv6 BGP packets between Router A and Router B:

# Configure Router A.

[RouterA] bgp 65008

[RouterA-bgp-default] peer 1::2 ipsec-profile policy001

[RouterA-bgp-default] quit

# Configure Router B.

[RouterB] bgp 65008

[RouterB-bgp-default] peer 1::1 ipsec-profile policy001

[RouterB-bgp-default] quit

6. Configure IPsec to protect IPv6 BGP packets between Router B and Router C:

# Configure Router C.

[RouterC] bgp 65009

[RouterC-bgp-default] peer ebgp ipsec-profile policy002

[RouterC-bgp-default] quit

# Configure Router B.

[RouterB] bgp 65008

[RouterB-bgp-default] peer ebgp ipsec-profile policy002

[RouterB-bgp-default] quit

Verifying the configuration

# Display detailed information about IPv6 BGP peers on Router B.

[RouterB] display bgp peer ipv6 verbose

Peer: 1::1 Local: 2.2.2.2

Type: IBGP link

BGP version 4, remote router ID 1.1.1.1

Update group ID: 0

BGP current state: Established, Up for 00h05m54s

BGP current event: KATimerExpired

BGP last state: OpenConfirm

Port: Local - 24896 Remote - 179

Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec

Received : Active Hold Time: 180 sec

Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec

Peer optional capabilities:

Peer supports BGP multi-protocol extension

Peer supports BGP route refresh capability

Peer supports BGP route AS4 capability

Address family IPv6 Unicast: advertised and received

InQ updates: 0, OutQ updates: 0

NLRI statistics:

Rcvd: UnReach NLRI 0, Reach NLRI 0

Sent: UnReach NLRI 0, Reach NLRI 3

Message statistics:

Msg type Last rcvd time/ Current rcvd count/ History rcvd count/

Last sent time Current sent count History sent count

Open 18:59:15-2013.4.24 1 1

18:59:15-2013.4.24 1 2

Update - 0 0

18:59:16-2013.4.24 1 1

Notification - 0 0

18:59:15-2013.4.24 0 1

Keepalive 18:59:15-2013.4.24 1 1

18:59:15-2013.4.24 1 1

RouteRefresh - 0 0

- 0 0

Total - 2 2

- 3 5

Maximum allowed prefix number: 4294967295

Threshold: 75%

Authentication type configured: None

Minimum time between advertisements is 15 seconds

Optional capabilities:

Multi-protocol extended capability has been enabled

Route refresh capability has been enabled

Peer preferred value: 0

IPsec profile name: policy001

Site-of-Origin: Not specified

Routing policy configured:

No routing policy is configured

Peer: 3::2 Local: 2.2.2.2

Type: EBGP link

BGP version 4, remote router ID 3.3.3.3

Update group ID: 0

BGP current state: Established, Up for 00h05m00s

BGP current event: KATimerExpired

BGP last state: OpenConfirm

Port: Local - 24897 Remote - 179

Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec

Received : Active Hold Time: 180 sec

Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec

Peer optional capabilities:

Peer supports BGP multi-protocol extension

Peer supports BGP route refresh capability

Peer supports BGP route AS4 capability

Address family IPv6 Unicast: advertised and received

InQ updates: 0, OutQ updates: 0

NLRI statistics:

Rcvd: UnReach NLRI 0, Reach NLRI 0

Sent: UnReach NLRI 0, Reach NLRI 3

Message statistics:

Msg type Last rcvd time/ Current rcvd count/ History rcvd count/

Last sent time Current sent count History sent count

Open 18:59:15-2013.4.24 1 1

18:59:15-2013.4.24 1 2

Update - 0 0

18:59:16-2013.4.24 1 1

Notification - 0 0

18:59:15-2013.4.24 0 1

Keepalive 18:59:15-2013.4.24 1 1

18:59:15-2013.4.24 1 1

RouteRefresh - 0 0

- 0 0

Total - 2 2

- 3 5

Maximum allowed prefix number: 4294967295

Threshold: 75%

Authentication type configured: None

Minimum time between advertisements is 30 seconds

Optional capabilities:

Multi-protocol extended capability has been enabled

Route refresh capability has been enabled

Peer preferred value: 0

IPsec profile name: policy002

Site-of-Origin: Not specified

Routing policy configured:

No routing policy is configured

The output shows that IBGP and EBGP peers are established and both sent and received IPv6 BGP packets are encapsulated by IPsec.

Example: Configuring BGP RPKI

Network configuration

As shown in Figure 136, all routers run IPv6 BGP. Establish a TCP connection between Router A and the RPKI server, and establish an IBGP connection between Router A and Router B.

Configure Router A to advertise the BGP RPKI validation state to Router B, and configure a routing policy to filter routes based on the validation state for Router B.

Figure 136 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces and establish an IBGP connection between Router A and Router B. (Details not shown.)

2. Configure Router A to establish a TCP connection to the RPKI server.

<RouterA> system-view

[RouterA] bgp 100

[RouterA-bgp-default] rpki

[RouterA-bgp-default-rpki] server tcp 1::2

[RouterA-bgp-default-rpki-server] port 1234

[RouterA-bgp-default-rpki-server] quit

3. Enable BGP RPKI validation on Router A.

[RouterA-bgp-default-rpki] check-origin-validation

[RouterA-bgp-default-rpki] quit

4. Apply the BGP RPKI validation state to optimal route selection.

[RouterA-bgp-default] address-family ipv6

[RouterA-bgp-default-ipv6] bestroute origin-as-validation

5. Configure Router A to advertise the BGP RPKI validation state to peer 2001::2.

[RouterA-bgp-default-ipv6] peer 2001::2 advertise-ext-community

[RouterA-bgp-default-ipv6] peer 2001::2 advertise origin-as-validation

[RouterA-bgp-default-ipv6] quit

[RouterA-bgp-default] quit

6. Configure Router B to permit routes with a BGP RPKI validation state of Valid:

# Configure a routing policy.

<RouterB> system-view

[RouterB] route-policy rpki_policy permit node 0

[RouterB-route-policy-rpki_policy-0] if-match rpki valid

# Apply the routing policy.

[RouterB] bgp 100

[RouterB-bgp-default] address-family ipv6

[RouterB-bgp-default-ipv6] peer 2001::1 route-policy rpki_policy import

Verifying the configuration

# Display information about the connection between Router A and the RPKI server.

[RouterA] display bgp rpki server

Server VPN-index Port State Time ROAs(IPv4/IPv6)

1::2 0 1234 Establish 00:04:43 5/5

The output shows that Router A has established a TCP connection to the RPKI server.

# Display the ROA information on Router A.

[RouterA] display bgp rpki table ipv6

Total number of entries: 5

Status codes: S - stale, U - used

Network Mask-range Origin-AS Server Status

2001:4860:: 32-32 100 1::2 U

2404:6800:: 32-32 100 1::2 U

2607:F8B0:: 28-28 4294967295 1::2 U

2A03:ACE0:: 40-40 4294967295 1::2 U

2001::1 64-64 200 1::2 U

The output shows that Router A has obtained the ROA information from the RPKI server.

# Display the BGP RPKI validation state on Router A.

[RouterA] display bgp routing-table ipv6 2001::1 64

BGP local router ID: 2.2.2.2

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of 2001::1/64:

Imported route.

Original nexthop: 0.0.0.0

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h13m20s

OutLabel : NULL

RxPathID : 0x0

TxPathID : 0x0

Org-validation : Valid

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, pref-val 32768

State : valid, local, best

IP precedence : N/A

QoS local ID : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

The route to 2001::1 matches the ROA with a prefix of 2001::1, a prefix length range of 64 to 64, and an origin AS number of 200. Therefore, the BGP RPKI validation state of the route to 2001::1 is Valid.

# On Router B, display detailed information about the BGP IPv6 unicast route to 2001::1.

[RouterB] display bgp routing-table ipv6 2001::1 64

RR-client route.

From : 2001::1 64 (192.168.56.22)

Rely nexthop : 2001::1

Original nexthop: 2001::1

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h13m22s

OutLabel : NULL

Ext-Community : <Origin Valid State: Valid >

RxPathID : 0x0

TxPathID : 0x0

Org-validation : Invalid

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

The output displays information about the BGP IPv6 unicast route to 2001::1 because Router B permits routes with a BGP RPKI validation state of Valid.

IPv4 BGP network reliability improvement configuration examples

Example: Configuring BGP GR

Network configuration

As shown in Figure 137, run EBGP between Router A and Router B, and run IBGP between Router B and Router C.

Configure BGP GR so that the communication between Router A and Router C is not affected when an active/standby switchover occurs on Router B.

Figure 137 Network diagram

‌

Procedure

1. Configure Router A:

# Configure IP addresses for interfaces. (Details not shown.)

# Configure the EBGP connection.

<RouterA> system-view

[RouterA] bgp 65008

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 200.1.1.1 as-number 65009

# Enable GR capability for BGP.

[RouterA-bgp-default] graceful-restart

# Inject network 8.0.0.0/8 to the IPv4 BGP routing table.

[RouterA-bgp-default] address-family ipv4

[RouterA-bgp-default-ipv4] network 8.0.0.0

# Enable Router A to exchange IPv4 unicast routing information with Router B.

[RouterA-bgp-default-ipv4] peer 200.1.1.1 enable

2. Configure Router B:

# Configure IP addresses for interfaces. (Details not shown.)

# Configure the EBGP connection.

<RouterB> system-view

[RouterB] bgp 65009

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 200.1.1.2 as-number 65008

# Configure the IBGP connection.

[RouterB-bgp-default] peer 9.1.1.2 as-number 65009

# Enable GR capability for BGP.

[RouterB-bgp-default] graceful-restart

# Inject networks 200.1.1.0/24 and 9.1.1.0/24 to the IPv4 BGP routing table.

[RouterB-bgp-default] address-family ipv4

[RouterB-bgp-default-ipv4] network 200.1.1.0 24

[RouterB-bgp-default-ipv4] network 9.1.1.0 24

# Enable Router B to exchange IPv4 unicast routing information with Router A and Router C.

[RouterB-bgp-default-ipv4] peer 200.1.1.2 enable

[RouterB-bgp-default-ipv4] peer 9.1.1.2 enable

3. Configure Router C:

# Configure IP addresses for interfaces. (Details not shown.)

# Configure the IBGP connection.

<RouterC> system-view

[RouterC] bgp 65009

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 9.1.1.1 as-number 65009

# Enable GR capability for BGP.

[RouterC-bgp-default] graceful-restart

# Enable Router C to exchange IPv4 unicast routing information with Router B.

[RouterC-bgp-default] address-family ipv4

[RouterC-bgp-default-ipv4] peer 9.1.1.1 enable

Verifying the configuration

Ping Router C on Router A. Meanwhile, perform an active/standby switchover on Router B. The ping operation is successful during the whole switchover process. (Details not shown.)

Example: Configuring BFD for BGP

Network configuration

As shown in Figure 138, configure OSPF as the IGP in AS 200.

· Establish two IBGP connections between Router A and Router C. When both paths operate correctly, Router C uses the path Router A<—>Router B<—>Router C to communicate with network 1.1.1.0/24.

· Configure BFD over the path. When the path fails, BFD can quickly detect the failure and notify it to BGP. Then, the path Router A<—>Router D<—>Router C takes effect immediately.

Figure 138 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure OSPF so that Router A and Router C can reach each other. (Details not shown.)

3. Configure BGP on Router A:

# Establish two IBGP connections to Router C.

<RouterA> system-view

[RouterA] bgp 200

[RouterA-bgp-default] peer 3.0.2.2 as-number 200

[RouterA-bgp-default] peer 2.0.2.2 as-number 200

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 3.0.2.2 enable

[RouterA-bgp-default-ipv4] peer 2.0.2.2 enable

[RouterA-bgp-default-ipv4] quit

# Create IPv4 basic ACL 2000 to permit 1.1.1.0/24 to pass.

[RouterA] acl basic 2000

[RouterA-acl-ipv4-basic-2000] rule permit source 1.1.1.0 0.0.0.255

[RouterA-acl-ipv4-basic-2000] quit

# Create two routing policies to set the MED for route 1.1.1.0/24. The policy apply_med_50 sets the MED to 50, and the policy apply_med_100 sets the MED to 100.

[RouterA] route-policy apply_med_50 permit node 10

[RouterA-route-policy-apply_med_50-10] if-match ip address acl 2000

[RouterA-route-policy-apply_med_50-10] apply cost 50

[RouterA-route-policy-apply_med_50-10] quit

[RouterA] route-policy apply_med_100 permit node 10

[RouterA-route-policy-apply_med_100-10] if-match ip address acl 2000

[RouterA-route-policy-apply_med_100-10] apply cost 100

[RouterA-route-policy-apply_med_100-10] quit

# Apply routing policy apply_med_50 to routes outgoing to peer 3.0.2.2, and apply routing policy apply_med_100 to routes outgoing to peer 2.0.2.2.

[RouterA] bgp 200

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 3.0.2.2 route-policy apply_med_50 export

[RouterA-bgp-default-ipv4] peer 2.0.2.2 route-policy apply_med_100 export

[RouterA-bgp-default-ipv4] quit

# Enable BFD for peer 3.0.2.2.

[RouterA-bgp-default] peer 3.0.2.2 bfd

[RouterA-bgp-default] quit

4. Configure BGP on Router C:

# Establish two IBGP connections to Router A.

<RouterC> system-view

[RouterC] bgp 200

[RouterC-bgp-default] peer 3.0.1.1 as-number 200

[RouterC-bgp-default] peer 2.0.1.1 as-number 200

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 3.0.1.1 enable

[RouterC-bgp-default-ipv4] peer 2.0.1.1 enable

[RouterC-bgp-default-ipv4] quit

# Enable BFD for peer 3.0.1.1.

[RouterC-bgp-default] peer 3.0.1.1 bfd

[RouterC-bgp-default] quit

[RouterC] quit

Verifying the configuration

# Display detailed BFD session information on Router C.

<RouterC> display bfd session verbose

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv4 session working in control packet mode:

Local discr: 513 Remote discr: 513

Source IP: 3.0.2.2 Destination IP: 3.0.1.1

Destination port: 4784 Session state: Up

Interface: N/A

Min Tx interval: 500ms Actual Tx Interval: 500ms

Min Rx interval: 500ms Detection time: 2500ms

Rx count: 135 Tx count: 135

Connect type: Indirect Up duration: 00:00:20

Hold time: 2457ms Auth mode: None

Detection mode: Async Slot: 0

Protocol: BGP

Version:1

Diag info: No Diagnostic

Hardware mode: Disable

The output shows that a BFD session has been established between Router A and Router C.

# Display BGP peer information on Router C.

<RouterC> display bgp peer ipv4

BGP local router ID: 3.3.3.3

Local AS number: 200

Total number of peers: 2 Peers in established state: 2

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

2.0.1.1 200 4 5 0 0 00:01:55 Established

3.0.1.1 200 4 5 0 0 00:01:52 Established

The output shows that Router C has established two BGP connections with Router A, and both connections are in Established state.

# Display route 1.1.1.0/24 on Router C.

<RouterC> display ip routing-table 1.1.1.0 24 verbose

Summary count : 1

Destination: 1.1.1.0/24

Protocol: BGP

Process ID: 0

SubProtID: 0x1 Age: 00h00m09s

FlushedAge: 12h24m47s

Cost: 50 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x1 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x15000001 LastAs: 0

AttrID: 0x1

BkAttrID: 0xffffffff Neighbor: 3.0.1.1

Flags: 0x10060 OrigNextHop: 3.0.1.1

Label: NULL RealNextHop: 3.0.2.1

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: N/A

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

The output shows that Router C communicates with network 1.1.1.0/24 through the path Router C<—>Router B<—>Router A.

# Break down the link Router C<—>Router B<—>Router A and then display route 1.1.1.0/24 on Router C.

<RouterC> display ip routing-table 1.1.1.0 24 verbose

Summary count : 1

Destination: 1.1.1.0/24

Protocol: BGP

Process ID: 0

SubProtID: 0x1 Age: 00h03m08s

FlushedAge: 12h26m45s

Cost: 100 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x1 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 0

NibID: 0x15000000 LastAs: 0

AttrID: 0x0

BkAttrID: 0xffffffff Neighbor: 2.0.1.1

Flags: 0x10060 OrigNextHop: 2.0.1.1

Label: NULL RealNextHop: 2.0.2.1

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: N/A

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

The output shows that Router C communicates with network 1.1.1.0/24 through the path Router C<—>Router D<—>Router A.

Example: Configuring BGP FRR

Network configuration

As shown in Figure 139, configure BGP FRR so that when Link B fails, BGP uses Link A to forward traffic.

Figure 139 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure OSPF in AS 200 to ensure connectivity among Router B, Router C, and Router D. (Details not shown.)

3. Configure BGP connections:

# Configure Router A to establish EBGP sessions to Router B and Router C, and advertise network 1.1.1.1/32.

<RouterA> system-view

[RouterA] bgp 100

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 10.1.1.2 as-number 200

[RouterA-bgp-default] peer 30.1.1.3 as-number 200

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 10.1.1.2 enable

[RouterA-bgp-default-ipv4] peer 30.1.1.3 enable

[RouterA-bgp-default-ipv4] network 1.1.1.1 32

# Configure Router B to establish an EBGP session to Router A, and an IBGP session to Router D.

<RouterB> system-view

[RouterB] bgp 200

[RouterB-bgp-default] router-id 2.2.2.2

[RouterB-bgp-default] peer 10.1.1.1 as-number 100

[RouterB-bgp-default] peer 4.4.4.4 as-number 200

[RouterB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 10.1.1.1 enable

[RouterB-bgp-default-ipv4] peer 4.4.4.4 enable

[RouterB-bgp-default-ipv4] peer 4.4.4.4 next-hop-local

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# Configure Router C to establish an EBGP session to Router A, and an IBGP session to Router D.

<RouterC> system-view

[RouterC] bgp 200

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 30.1.1.1 as-number 100

[RouterC-bgp-default] peer 4.4.4.4 as-number 200

[RouterC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 30.1.1.1 enable

[RouterC-bgp-default-ipv4] peer 4.4.4.4 enable

[RouterC-bgp-default-ipv4] peer 4.4.4.4 next-hop-local

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

# Configure Router D to establish IBGP sessions to Router B and Router C, and advertise network 4.4.4.4/32.

<RouterD> system-view

[RouterD] bgp 200

[RouterD-bgp-default] router-id 4.4.4.4

[RouterD-bgp-default] peer 2.2.2.2 as-number 200

[RouterD-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterD-bgp-default] peer 3.3.3.3 as-number 200

[RouterD-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterD-bgp-default] address-family ipv4 unicast

[RouterD-bgp-default-ipv4] peer 2.2.2.2 enable

[RouterD-bgp-default-ipv4] peer 3.3.3.3 enable

[RouterD-bgp-default-ipv4] network 4.4.4.4 32

4. Configure preferred values so Link B is used to forward traffic between Router A and Router D:

# Configure Router A to set the preferred value to 100 for routes received from Router B.

[RouterA-bgp-default-ipv4] peer 10.1.1.2 preferred-value 100

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# Configure Router D to set the preferred value to 100 for routes received from Router B.

[RouterD-bgp-default-ipv4] peer 2.2.2.2 preferred-value 100

[RouterD-bgp-default-ipv4] quit

[RouterD-bgp-default] quit

5. Configure BGP FRR:

# On Router A, configure the source address of BFD echo packets as 11.1.1.1.

[RouterA] bfd echo-source-ip 11.1.1.1

# Create routing policy frr to set a backup next hop 30.1.1.3 (Router C) for the route destined for 4.4.4.4/32.

[RouterA] ip prefix-list abc index 10 permit 4.4.4.4 32

[RouterA] route-policy frr permit node 10

[RouterA-route-policy] if-match ip address prefix-list abc

[RouterA-route-policy] apply fast-reroute backup-nexthop 30.1.1.3

[RouterA-route-policy] quit

# Use BFD echo packet mode to detect the connectivity to Router D.

[RouterA] bgp 100

[RouterA-bgp-default] primary-path-detect bfd echo

# Apply the routing policy to BGP FRR for BGP IPv4 unicast address family.

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] fast-reroute route-policy frr

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

# On Router D, set the source address of BFD echo packets to 44.1.1.1.

[RouterD] bfd echo-source-ip 44.1.1.1

# Create routing policy frr to set a backup next hop 3.3.3.3 (Router C) for the route destined for 1.1.1.1/32.

[RouterD] ip prefix-list abc index 10 permit 1.1.1.1 32

[RouterD] route-policy frr permit node 10

[RouterD-route-policy] if-match ip address prefix-list abc

[RouterD-route-policy] apply fast-reroute backup-nexthop 3.3.3.3

[RouterD-route-policy] quit

# Use BFD echo packet mode to detect the connectivity to Router A.

[RouterD] bgp 200

[RouterD-bgp-default] primary-path-detect bfd echo

# Apply the routing policy to BGP FRR for BGP IPv4 unicast address family.

[RouterD-bgp-default] address-family ipv4 unicast

[RouterD-bgp-default-ipv4] fast-reroute route-policy frr

[RouterD-bgp-default-ipv4] quit

[RouterD-bgp-default] quit

Verifying the configuration

# Display detailed information about the route to 4.4.4.4/32 on Router A. The output shows the backup next hop for the route.

[RouterA] display ip routing-table 4.4.4.4 32 verbose

Summary count : 1

Destination: 4.4.4.4/32

Protocol: BGP Process ID: 0

SubProtID: 0x2 Age: 00h01m52s

FlushedAge: 13h26m47s

Cost: 0 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 200

NibID: 0x15000003 LastAs: 200

AttrID: 0x5

BkAttrID: 0x6 Neighbor: 10.1.1.2

Flags: 0x10060 OrigNextHop: 10.1.1.2

Label: NULL RealNextHop: 10.1.1.2

BkLabel: NULL BkNextHop: 30.1.1.3

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/2

Tunnel ID: Invalid IPInterface: InLoopBack0

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display detailed information about the route to 1.1.1.1/32 on Router D. The output shows the backup next hop for the route.

[RouterD] display ip routing-table 1.1.1.1 32 verbose

Summary count : 1

Destination: 1.1.1.1/32

Protocol: BGP Process ID: 0

SubProtID: 0x1 Age: 00h00m36s

FlushedAge: 13h28m49s

Cost: 0 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x2 OrigAs: 100

NibID: 0x15000003 LastAs: 100

AttrID: 0x1

BkAttrID: 0x3 Neighbor: 2.2.2.2

Flags: 0x10060 OrigNextHop: 2.2.2.2

Label: NULL RealNextHop: 20.1.1.2

BkLabel: NULL BkNextHop: 40.1.1.3

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/2

Tunnel ID: Invalid IPInterface: InLoopBack0

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

IPv6 BGP network reliability improvement configuration examples

Example: Configuring BFD for IPv6 BGP

Network configuration

As shown in Figure 140, configure OSPFv3 as the IGP in AS 200.

· Establish two IBGP connections between Router A and Router C. When both paths operate correctly, Router C uses the path Router A<—>Router B<—>Router C to exchange packets with network 1200::0/64.

· Configure BFD over the path. When the path fails, BFD can quickly detect the failure and notify it to IPv6 BGP. Then, the path Router A<—>Router D<—>Router C takes effect immediately.

Figure 140 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure OSPFv3 so that Router A and Router C can reach each other. (Details not shown.)

3. Configure IPv6 BGP on Router A:

# Establish two IBGP connections to Router C.

<RouterA> system-view

[RouterA] bgp 200

[RouterA-bgp-default] router-id 1.1.1.1

[RouterA-bgp-default] peer 2002::2 as-number 200

[RouterA-bgp-default] peer 3002::2 as-number 200

[RouterA-bgp-default] address-family ipv6

[RouterA-bgp-default-ipv6] peer 2002::2 enable

[RouterA-bgp-default-ipv6] peer 3002::2 enable

[RouterA-bgp-default-ipv6] quit

# Create IPv6 basic ACL 2000 to permit 1200::0/64 to pass.

[RouterA] acl ipv6 basic 2000

[RouterA-acl-ipv6-basic-2000] rule permit source 1200:: 64

[RouterA-acl-ipv6-basic-2000] quit

# Create two routing policies to set the MED for route 1200::0/64. The policy apply_med_50 sets the MED to 50, and the policy apply_med_100 sets the MED to 100.

[RouterA] route-policy apply_med_50 permit node 10

[RouterA-route-policy-apply_med_50-10] if-match ipv6 address acl 2000

[RouterA-route-policy-apply_med_50-10] apply cost 50

[RouterA-route-policy-apply_med_50-10] quit

[RouterA] route-policy apply_med_100 permit node 10

[RouterA-route-policy-apply_med_100-10] if-match ipv6 address acl 2000

[RouterA-route-policy-apply_med_100-10] apply cost 100

[RouterA-route-policy-apply_med_100-10] quit

# Apply routing policy apply_med_50 to routes outgoing to peer 3002::2, and apply routing policy apply_med_100 to routes outgoing to peer 2002::2.

[RouterA] bgp 200

[RouterA-bgp-default] address-family ipv6 unicast

[RouterA-bgp-default-ipv6] peer 3002::2 route-policy apply_med_50 export

[RouterA-bgp-default-ipv6] peer 2002::2 route-policy apply_med_100 export

[RouterA-bgp-default-ipv6] quit

# Enable BFD for peer 3002::2.

[RouterA-bgp-default] peer 3002::2 bfd

[RouterA-bgp-default] quit

4. Configure IPv6 BGP on Router C:

# Establish two IBGP connections to Router A.

<RouterC> system-view

[RouterC] bgp 200

[RouterC-bgp-default] router-id 3.3.3.3

[RouterC-bgp-default] peer 3001::1 as-number 200

[RouterC-bgp-default] peer 2001::1 as-number 200

[RouterC-bgp-default] address-family ipv6

[RouterC-bgp-default-ipv6] peer 3001::1 enable

[RouterC-bgp-default-ipv6] peer 2001::1 enable

[RouterC-bgp-default-ipv6] quit

# Enable BFD for peer 3001::1.

[RouterC-bgp-default] peer 3001::1 bfd

[RouterC-bgp-default] quit

[RouterC] quit

Verifying the configuration

# Display detailed BFD session information on Router C.

<RouterC> display bfd session verbose

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv6 session working in control packet mode:

Local discr: 513 Remote discr: 513

Source IP: 3002::2 Destination IP: 3001::1

Destination port: 4784 Session state: Up

Interface: N/A

Min Tx interval: 500ms Actual Tx interval: 500ms

Min Rx interval: 500ms Detection time: 2500ms

Rx count: 13 Tx count: 14

Connection type: Indirect Up duration: 00:00:05

Hold time: 2243ms Auth mode: None

Detection mode: Async Slot: 0

Protocol: BGP4+

Version: 1

Diag info: No Diagnostic

Hardware mode: Disable

The output shows that a BFD session has been established between Router A and Router C.

# Display BGP peer information on Router C.

<RouterC> display bgp peer ipv6

BGP local router ID: 3.3.3.3

Local AS number: 200

Total number of peers: 2 Peers in established state: 2

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

2001::1 200 8 8 0 0 00:04:45 Established

3001::1 200 5 4 0 0 00:01:53 Established

The output shows that Router C has established two BGP connections with Router A, and both connections are in Established state.

# Display route 1200::0/64 on Router C.

<RouterC> display ipv6 routing-table 1200::0 64 verbose

Summary count : 1

Destination: 1200::/64

Protocol: BGP4+

Process ID: 0

SubProtID: 0x1 Age: 00h01m07s

FlushedAge: 14h22m43s

Cost: 50 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x1 OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x25000001 LastAs: 0

AttrID: 0x1

BkAttrID: 0xffffffff Neighbor: 3001::1

Flags: 0x10060 OrigNextHop: 3001::1

Label: NULL RealNextHop: FE80::20C:29FF:FE4A:3873

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: N/A

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

The output shows that Router C communicates with network 1200::0/64 through the path Router C<—>Router B<—>Router A.

# Break down the path Router C<—>Router B<—>Router A and then display route 1200::0/64 on Router C.

<RouterC> display ipv6 routing-table 1200::0 64 verbose

Summary count : 1

Destination: 1200::/64

Protocol: BGP4+

Process ID: 0

SubProtID: 0x1 Age: 00h00m57s

FlushedAge: 14h26m44s

Cost: 100 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x1 OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x25000000 LastAs: 0

AttrID: 0x0

BkAttrID: 0xffffffff Neighbor: 2001::1

Flags: 0x10060 OrigNextHop: 2001::1

Label: NULL RealNextHop: FE80::20C:29FF:FE40:715

BkLabel: NULL BkNextHop: N/A

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: N/A

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

The output shows that Router C communicates with network 1200::0/64 through the path Router C<—>Router D<—>Router A.

Example: Configuring IPv6 BGP FRR

Network configuration

As shown in Figure 141, configure BGP FRR so that when Link B fails, BGP uses Link A to forward traffic.

Figure 141 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure OSPFv3 in AS 200 to ensure connectivity among Router B, Router C, and Router D. (Details not shown.)

3. Configure BGP connections:

# Configure Router A to establish EBGP sessions to Router B and Router C, and advertise network 1::/64.

<RouterA> system-view

[RouterA] bgp 100

[RouterA] router-id 1.1.1.1

[RouterA-bgp-default] peer 3001::2 as-number 200

[RouterA-bgp-default] peer 2001::2 as-number 200

[RouterA-bgp-default] address-family ipv6 unicast

[RouterA-bgp-default-ipv6] peer 3001::2 enable

[RouterA-bgp-default-ipv6] peer 2001::2 enable

[RouterA-bgp-default-ipv6] network 1:: 64

[RouterA-bgp-default-ipv6] quit

[RouterA-bgp-default] quit

# Configure Router B to establish an EBGP session to Router A, and an IBGP session to Router D.

<RouterB> system-view

[RouterB] bgp 200

[RouterB] router-id 2.2.2.2

[RouterB-bgp-default] peer 3001::1 as-number 100

[RouterB-bgp-default] peer 3002::2 as-number 200

[RouterB-bgp-default] address-family ipv6 unicast

[RouterB-bgp-default-ipv6] peer 3001::1 enable

[RouterB-bgp-default-ipv6] peer 3002::2 enable

[RouterB-bgp-default-ipv6] peer 3002::2 next-hop-local

[RouterB-bgp-default-ipv6] quit

[RouterB-bgp-default] quit

# Configure Router C to establish an EBGP session to Router A, and an IBGP session to Router D.

<RouterC> system-view

[RouterC] bgp 200

[RouterC] router-id 3.3.3.3

[RouterC-bgp-default] peer 2001::1 as-number 100

[RouterC-bgp-default] peer 2002::2 as-number 200

[RouterC-bgp-default] address-family ipv6 unicast

[RouterC-bgp-default-ipv6] peer 2001::1 enable

[RouterC-bgp-default-ipv6] peer 2002::2 enable

[RouterC-bgp-default-ipv6] peer 2002::2 next-hop-local

[RouterC-bgp-default-ipv6] quit

[RouterC-bgp-default] quit

# Configure Router D to establish IBGP sessions to Router B and Router C, and advertise network 4::/64.

<RouterD> system-view

[RouterD] bgp 200

[RouterD-bgp-default] peer 3002::1 as-number 200

[RouterD-bgp-default] peer 2002::1 as-number 200

[RouterD-bgp-default] address-family ipv6 unicast

[RouterD-bgp-default-ipv6] peer 3002::1 enable

[RouterD-bgp-default-ipv6] peer 2002::1 enable

[RouterD-bgp-default-ipv6] network 4:: 64

[RouterD-bgp-default-ipv6] quit

[RouterD-bgp-default] quit

4. Configure preferred values so Link B is used to forward traffic between Router A and Router D:

# Configure Router A to set the preferred value to 100 for routes received from Router B.

[RouterA-bgp-default-ipv6] peer 3001::2 preferred-value 100

[RouterA-bgp-default-ipv6] quit

[RouterA-bgp-default] quit

# Configure Router D to set the preferred value to 100 for routes received from Router B.

[RouterD-bgp-default-ipv6] peer 3002::1 preferred-value 100

[RouterD-bgp-default-ipv6] quit

[RouterD-bgp-default] quit

5. Configure BGP FRR:

# On Router A, create routing policy frr to set a backup next hop 2001::2 (Router C) for the route destined for 4::/64.

[RouterA] ipv6 prefix-list abc index 10 permit 4:: 64

[RouterA] route-policy frr permit node 10

[RouterA-route-policy] if-match ipv6 address prefix-list abc

[RouterA-route-policy] apply ipv6 fast-reroute backup-nexthop 2001::2

[RouterA-route-policy] quit

# Apply the routing policy to BGP FRR for BGP IPv6 unicast address family.

[RouterA] bgp 100

[RouterA-bgp-default] address-family ipv6 unicast

[RouterA-bgp-default-ipv6] fast-reroute route-policy frr

[RouterA-bgp-default-ipv6] quit

[RouterA-bgp-default] quit

# On Router D, create routing policy frr to set a backup next hop 2002::1 (Router C) for the route destined for 1::/64.

<RouterD> system-view

[RouterD] ipv6 prefix-list abc index 10 permit 1:: 64

[RouterD] route-policy frr permit node 10

[RouterD-route-policy] if-match ipv6 address prefix-list abc

[RouterD-route-policy] apply ipv6 fast-reroute backup-nexthop 2002::1

[RouterD-route-policy] quit

# Apply the routing policy to BGP FRR for BGP IPv6 unicast address family.

[RouterD] bgp 200

[RouterD-bgp-default] address-family ipv6 unicast

[RouterD-bgp-default-ipv6] fast-reroute route-policy frr

[RouterD-bgp-default-ipv6] quit

[RouterD-bgp-default] quit

Verifying the configuration

# Display detailed information about the route to 4::/64 on Router A. The output shows the backup next hop for the route.

[RouterA] display ipv6 routing-table 4:: 64 verbose

Summary count : 1

Destination: 4::/64

Protocol: BGP4+ Process ID: 0

SubProtID: 0x2 Age: 00h00m58s

FlushedAge: 13h22m44s

Cost: 0 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0xa OrigAs: 200

NibID: 0x25000003 LastAs: 200

AttrID: 0x3

BkAttrID: 0x4 Neighbor: 3001::2

Flags: 0x10060 OrigNextHop: 3001::2

Label: NULL RealNextHop: 3001::2

BkLabel: NULL BkNextHop: 2001::2

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/2

Tunnel ID: Invalid IPInterface: N/A

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display detailed information about the route to 1::/64 on Router D. The output shows the backup next hop for the route.

[RouterD] display ipv6 routing-table 1:: 64 verbose

Summary count : 1

Destination: 1::/64

Protocol: BGP4+ Process ID: 0

SubProtID: 0x1 Age: 00h03m24s

FlushedAge: 13h26m33s

Cost: 0 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0xa OrigAs: 100

NibID: 0x25000003 LastAs: 100

AttrID: 0x4

BkAttrID: 0x5 Neighbor: 3002::1

Flags: 0x10060 OrigNextHop: 3002::1

Label: NULL RealNextHop: 3002::1

BkLabel: NULL BkNextHop: 2002::1

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/1

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/2

Tunnel ID: Invalid IPInterface: N/A

BkTunnel ID: Invalid BkIPInterface: N/A

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

Extended IPv4 BGP feature configuration examples

Example: Configuring BGP LS

Network configuration

As shown in Figure 142, all routers run BGP. Run IBGP between Router A and Router B, between Router B and Router C, and between Router B and Router D.

Configure Router B as a route reflector with client Router A to allow Router A to learn LS information advertised by Router C and Router D.

Figure 142 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces and configure OSPF on Router C and Router D. (Details not shown.)

2. Configure BGP connections:

# Configure Router A.

<RouterA> system-view

[RouterA] bgp 100

[RouterA-bgp-default] peer 192.1.1.2 as-number 100

[RouterA-bgp-default] address-family link-state

[RouterA-bgp-default-ls] peer 192.1.1.2 enable

[RouterA-bgp-default-ls] quit

[RouterA-bgp-default] quit

# Configure Router B.

<RouterB> system-view

[RouterB] bgp 100

[RouterB-bgp-default] peer 192.1.1.1 as-number 100

[RouterB-bgp-default] peer 193.1.1.1 as-number 100

[RouterB-bgp-default] peer 194.1.1.1 as-number 100

[RouterB-bgp-default] address-family link-state

[RouterB-bgp-default-ls] peer 192.1.1.1 enable

[RouterB-bgp-default-ls] peer 193.1.1.1 enable

[RouterB-bgp-default-ls] peer 194.1.1.1 enable

[RouterB-bgp-default-ls] quit

[RouterB-bgp-default] quit

# Configure Router C.

<RouterC> system-view

[RouterC] bgp 100

[RouterC-bgp-default] peer 193.1.1.2 as-number 100

[RouterC-bgp-default] address-family link-state

[RouterC-bgp-default-ls] peer 193.1.1.2 enable

[RouterC-bgp-default-ls] quit

[RouterC-bgp-default] quit

[RouterC] ospf

[RouterC-ospf-1] distribute bgp-ls

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 0.0.0.0 0.0.0.0

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] bgp 100

[RouterD-bgp-default] peer 194.1.1.2 as-number 100

[RouterD-bgp-default] address-family link-state

[RouterD-bgp-default-ls] peer 194.1.1.2 enable

[RouterD-bgp-default-ls] quit

[RouterD-bgp-default] quit

[RouterD] ospf

[RouterD-ospf-1] distribute bgp-ls

[RouterD-ospf-1] area 0

[RouterD-ospf-1-area-0.0.0.0] network 0.0.0.0 0.0.0.0

[RouterD-ospf-1-area-0.0.0.0] quit

[RouterD-ospf-1] quit

3. Configure Router B as the route reflector.

[RouterB] bgp 100

[RouterB-bgp-default] address-family link-state

[RouterB-bgp-default-ls] peer 192.1.1.1 reflect-client

[RouterB-bgp-default-ls] quit

[RouterB-bgp-default] quit

Verifying the configuration

# Verify that Router A has learned LS information advertised by Router C and Router D.

[RouterA] display bgp link-state

Total number of routes: 4

BGP local router ID is 192.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Prefix codes: E link, V node, T4 IPv4 route, T6 IPv6 route, SD SRv6 SID desc

u/U unknown,

I Identifier, N local node, R remote node, L link, P prefix,

L1/L2 ISIS level-1/level-2, O OSPF, O3 OSPFv3,

D direct, S static, B BGP, SS SRv6 SID,

a area-ID, l link-ID, t topology-ID, s ISO-ID,

c confed-ID/ASN, b bgp-identifier, r router-ID,

i if-address, n peer-address, o OSPF Route-type, p IP-prefix

d designated router address/interface ID

ID Link Descriptor Identifier

i Network : [V][O][I0x0][N[c100][b193.1.1.1][a0.0.0.0][r193.1.1.1]]/376

NextHop : 193.1.1.1 LocPrf : 100

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: i

i Network : [V][O][I0x0][N[c100][b194.1.1.1][a0.0.0.0][r194.1.1.1]]/376

NextHop : 194.1.1.1 LocPrf : 100

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: i

i Network : [T4][O][I0x0][N[c100][b193.1.1.1][a0.0.0.0][r193.1.1.1]][P[o0x1][p193.1.1.0/24]]/480

NextHop : 193.1.1.1 LocPrf : 100

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: i

i Network : [T4][O][I0x0][N[c100][b194.1.1.1][a0.0.0.0][r194.1.1.1]][P[o0x1][p194.1.1.0/24]]/480

NextHop : 194.1.1.1 LocPrf : 100

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: i

Extended IPv6 BGP feature configuration examples

Example: Configuring 6PE

Network configuration

Use 6PE to connect two isolated IPv6 networks over an IPv4/MPLS network.

· The ISP uses OSPF as the IGP.

· PE 1 and PE 2 are edge devices of the ISP, and establish an IPv4 IBGP connection between them.

· CE 1 and CE 2 are edge devices of the IPv6 networks, and they connect the IPv6 networks to the ISP.

· A CE and a PE exchange IPv6 packets through IPv6 static routing.

Figure 143 Network diagram

‌

Procedure

1. Configure IPv6 addresses and IPv4 addresses for interfaces. (Details not shown.)

2. Configure PE 1:

# Enable LDP globally, and configure the LSP generation policy.

<PE1> system-view

[PE1] mpls lsr-id 2.2.2.2

[PE1] mpls ldp

[PE1-ldp] lsp-trigger all

[PE1-ldp] quit

# Enable MPLS and LDP on Ten-GigabitEthernet 3/0/2.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure IBGP, enable the peer's 6PE capabilities, and redistribute IPv6 direct and static routes.

[PE1] bgp 65100

[PE1-bgp-default] router-id 2.2.2.2

[PE1-bgp-default] peer 3.3.3.3 as-number 65100

[PE1-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[PE1-bgp-default] address-family ipv6

[PE1-bgp-default-ipv6] import-route direct

[PE1-bgp-default-ipv6] import-route static

[PE1-bgp-default-ipv6] peer 3.3.3.3 enable

[PE1-bgp-default-ipv6] peer 3.3.3.3 label-route-capability

[PE1-bgp-default-ipv6] quit

[PE1-bgp-default] quit

# Configure the static route to CE 1.

[PE1] ipv6 route-static 1::1 128 10::1

# Configure OSPF for the ISP.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

3. Configure PE 2:

# Enable LDP globally, and configure the LSP generation policy.

<PE2> system-view

[PE2] mpls lsr-id 3.3.3.3

[PE2] mpls ldp

[PE2-mpls-ldp] lsp-trigger all

[PE2-mpls-ldp] quit

# Enable MPLS and LDP on Ten-GigabitEthernet 3/0/2.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure IBGP, enable the peer's 6PE capabilities, and redistribute IPv6 direct and static routes.

[PE2] bgp 65100

[PE2-bgp-default] router-id 3.3.3.3

[PE2-bgp-default] peer 2.2.2.2 as-number 65100

[PE2-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[PE2-bgp-default] address-family ipv6

[PE2-bgp-default-ipv6] import-route direct

[PE2-bgp-default-ipv6] import-route static

[PE2-bgp-default-ipv6] peer 2.2.2.2 enable

[PE2-bgp-default-ipv6] peer 2.2.2.2 label-route-capability

[PE2-bgp-default-ipv6] quit

[PE2-bgp-default] quit

# Configure the static route to CE 2.

[PE2] ipv6 route-static 4::4 128 20::1

# Configure OSPF for the ISP.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

4. Configure a static route, with PE 1 as the default next hop.

<CE1> system-view

[CE1] ipv6 route-static :: 0 10::2

5. Configure a static route on CE 2, with PE 2 as the default next hop.

<CE2> system-view

[CE2] ipv6 route-static :: 0 20::2

Verifying the configuration

# Display the IPv6 BGP routing tables on PE 1 and PE 2. The output shows that each of them has two IPv6 network routes. The following shows the output on PE 1:

[PE1] display bgp routing-table ipv6

Total number of routes: 5

BGP local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

* > Network : 1::1 PrefixLen : 128

NextHop : 10::1 LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* >i Network : 4::4 PrefixLen : 128

NextHop : ::FFFF:3.3.3.3 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0

Path/Ogn: ?

* > Network : 10:: PrefixLen : 64

NextHop : :: LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* > Network : 10::2 PrefixLen : 128

NextHop : ::1 LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* >i Network : 20:: PrefixLen : 64

NextHop : ::FFFF:3.3.3.3 LocPrf : 100

PrefVal : 0 OutLabel : 1278

MED : 0

Path/Ogn: ?

# Verify that CE 1 can ping the IPv6 address 4::4 (loopback interface address) of CE 2. (Details not shown.)

PBR configuration examples

Example: Configuring packet type-based local PBR

Network configuration

As shown in Figure 144, Router B and Router C do not have a route to reach each other.

Configure PBR on Router A to forward all TCP packets to the next hop 1.1.2.2 (Router B).

Figure 144 Network diagram

‌

Procedure

1. Configure Router A:

# Configure the IP addresses of Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 1.1.2.1 24

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ip address 1.1.3.1 24

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure ACL 3101 to match TCP packets.

[RouterA] acl advanced 3101

[RouterA-acl-ipv4-adv-3101] rule permit tcp

[RouterA-acl-ipv4-adv-3101] quit

# Configure Node 5 for the policy aaa to forward TCP packets to next hop 1.1.2.2.

[RouterA] policy-based-route aaa permit node 5

[RouterA-pbr-aaa-5] if-match acl 3101

[RouterA-pbr-aaa-5] apply next-hop 1.1.2.2

[RouterA-pbr-aaa-5] quit

# Configure local PBR by applying the policy aaa to Router A.

[RouterA] ip local policy-based-route aaa

2. On Router B, configure the IP address of Ten-GigabitEthernet 3/0/1.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 1.1.2.2 24

3. On Router C, configure the IP address of Ten-GigabitEthernet 3/0/2.

<RouterC> system-view

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ip address 1.1.3.2 24

Verifying the configuration

1. Perform telnet operations to verify that local PBR on Router A operates as configured to forward the matching TCP packets to the next hop 1.1.2.2 (Router B), as follows:

# Verify that you can telnet to Router B from Router A successfully. (Details not shown.)

# Verify that you cannot telnet to Router C from Router A. (Details not shown.)

2. Verify that Router A forwards packets other than TCP packets through Ten-GigabitEthernet 3/0/2. For example, verify that you can ping Router C from Router A. (Details not shown.)

Example: Configuring packet type-based interface PBR

Network configuration

As shown in Figure 145, Router B and Router C do not have a route to reach each other.

Configure PBR on Router A to forward all TCP packets received on Ten-GigabitEthernet 3/0/1 to the next hop 1.1.2.2 (Router B).

Figure 145 Network diagram

‌

Procedure

1. Configure IP addresses and unicast routing protocol settings to make sure Router B and Router C can reach Host A. (Details not shown.)

2. Configure Router A:

# Configure ACL 3101 to match TCP packets.

[RouterA] acl advanced 3101

[RouterA-acl-ipv4-adv-3101] rule permit tcp

[RouterA-acl-ipv4-adv-3101] quit

# Configure Node 5 for the policy aaa to forward TCP packets to next hop 1.1.2.2.

[RouterA] policy-based-route aaa permit node 5

[RouterA-pbr-aaa-5] if-match acl 3101

[RouterA-pbr-aaa-5] apply next-hop 1.1.2.2

[RouterA-pbr-aaa-5] quit

# Configure interface PBR by applying the policy aaa to Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip policy-based-route aaa

[RouterA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

1. Perform telnet operations to verify that interface PBR on Router A operates as configured to forward the matching TCP packets to the next hop 1.1.2.2 (Router B), as follows:

# Verify that you can telnet to Router B from Host A successfully. (Details not shown.)

# Verify that you cannot telnet to Router C from Host A. (Details not shown.)

2. Verify that Router A forwards packets other than TCP packets through Ten-GigabitEthernet 3/0/3. For example, verify that you can ping Router C from Host A. (Details not shown.)

Example: Configuring source-IP-based interface PBR

Network configuration

As shown in Figure 146, Router B and Router C do not have a route to reach each other.

Configure interface PBR to guide the forwarding of packets received on Ten-GigabitEthernet 3/0/1 of Router A as follows:

· Set the next hop of packets sourced from 192.168.10.2 to 4.1.1.2/24.

· Set the next hop of other packets to 5.1.1.2/24.

Figure 146 Network diagram

‌

Procedure

1. Configure IP addresses and unicast routing protocol settings to make sure Router B can reach Host A and Host B, and Router C can reach Host A and Host B. (Details not shown.)

2. Configure Router A:

# Configure ACL 2000 to match packets sourced from 192.168.10.2.

[RouterA] acl basic 2000

[RouterA-acl-ipv4-basic-2000] rule 10 permit source 192.168.10.2 0

[RouterA-acl-ipv4-basic-2000] quit

# Configure Node 0 for the policy aaa to forward packets sourced from 192.168.10.2 to next hop 4.1.1.2. Configure Node 1 for the policy aaa to forward other packets to next hop 5.1.1.2.

[RouterA] policy-based-route aaa permit node 0

[RouterA-pbr-aaa-0] if-match acl 2000

[RouterA-pbr-aaa-0] apply next-hop 4.1.1.2

[RouterA-pbr-aaa-0] quit

[RouterA] policy-based-route aaa permit node 1

[RouterA-pbr-aaa-1] apply next-hop 5.1.1.2

[RouterA-pbr-aaa-1] quit

# Configure interface PBR by applying the policy aaa to Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip policy-based-route aaa

[RouterA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

1. Verify that interface PBR on Router A operates as configured to forward packets sourced from 192.168.10.2 to the next hop 4.1.1.2 and packets sourced from 192.168.10.3 to the next hop 5.1.1.2:

# Configure IP address 192.168.10.3/24 for Host B, and specify its gateway address as 192.168.10.1. (Details not shown.)

# Verify that you can ping Router B from Host A. (Details not shown.)

# Verify that you can ping Router C from Host B. (Details not shown.)

# Verify that you cannot ping Router B from Host B. (Details not shown.)

# Verify that you cannot ping Router C from Host A. (Details not shown.)

IPv6 static routing configuration examples

Example: Configuring basic IPv6 static route

Network configuration

As shown in Figure 147, configure IPv6 static routes so that hosts can reach each other.

Figure 147 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure IPv6 static routes:

# Configure the default IPv6 route on Router A.

<RouterA> system-view

[RouterA] ipv6 route-static :: 0 4::2

# Configure two IPv6 static routes on Router B.

<RouterB> system-view

[RouterB] ipv6 route-static 1:: 64 4::1

[RouterB] ipv6 route-static 3:: 64 5::1

# Configure the default IPv6 route on Router C.

<RouterC> system-view

[RouterC] ipv6 route-static :: 0 5::2

3. Configure the IPv6 addresses for all hosts and configure the default gateway of Host A, Host B, and Host C as 1::1, 2::1, and 3::1.

Verifying the configuration

# Display the IPv6 static route information on Router A.

[RouterA] display ipv6 routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination: :: Protocol : Static

NextHop : 4::2 Preference: 60

Interface : XGE3/0/2 Cost : 0

Static Routing table Status : <Inactive>

Summary Count : 0

# Display the IPv6 static route information on Router B.

[RouterB] display ipv6 routing-table protocol static

Summary Count : 2

Static Routing table Status : <Active>

Summary Count : 2

Destination: 1::/64 Protocol : Static

NextHop : 4::1 Preference: 60

Interface : XGE3/0/1 Cost : 0

Destination: 3::/64 Protocol : Static

NextHop : 5::1 Preference: 60

Interface : XGE3/0/2 Cost : 0

Static Routing table Status : <Inactive>

Summary Count : 0

# Use the ping command to test reachability.

[RouterA] ping ipv6 3::1

Ping6(56 data bytes) 4::1 --> 3::1, press CTRL_C to break

56 bytes from 3::1, icmp_seq=0 hlim=62 time=0.700 ms

56 bytes from 3::1, icmp_seq=1 hlim=62 time=0.351 ms

56 bytes from 3::1, icmp_seq=2 hlim=62 time=0.338 ms

56 bytes from 3::1, icmp_seq=3 hlim=62 time=0.373 ms

56 bytes from 3::1, icmp_seq=4 hlim=62 time=0.316 ms

--- Ping6 statistics for 3::1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.316/0.416/0.700/0.143 ms

Example: Configuring BFD for IPv6 static routes (direct next hop)

Network configuration

As shown in Figure 148:

· Configure an IPv6 static route to subnet 120::/64 on Router A.

· Configure an IPv6 static route to subnet 121::/64 on Router B.

· Enable BFD for both routes.

· Configure an IPv6 static route to subnet 120::/64 and an IPv6 static route to subnet 121::/64 on Router C.

When the link between Router A and Router B through the Layer 2 switch fails, BFD can detect the failure immediately and inform Router A and Router B to communicate through Router C.

Figure 148 Network diagram

‌

Table 21 Interface and IP address assignment

Device	Interface	IPv6 address
Router A	XGE3/0/1	12::1/64
Router A	XGE3/0/2	10::102/64
Router B	XGE3/0/1	12::2/64
Router B	XGE3/0/2	13::1/64
Router C	XGE3/0/1	10::100/64
Router C	XGE3/0/2	13::2/64

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure IPv6 static routes and BFD:

# Configure IPv6 static routes on Router A, and enable BFD control packet mode for the IPv6 static route that traverses Ten-GigabitEthernet 3/0/1.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 9

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] ipv6 route-static 120:: 64 ten-gigabitethernet 3/0/1 12::2 bfd control-packet

[RouterA] ipv6 route-static 120:: 64 10::100 preference 65

[RouterA] quit

# Configure IPv6 static routes on Router B, and enable BFD control packet mode for the IPv6 static route that traverses the Layer 2 switch.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 9

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] ipv6 route-static 121:: 64 ten-gigabitethernet 3/0/1 12::1 bfd control-packet

[RouterB] ipv6 route-static 121:: 64 13::2 preference 65

[RouterB] quit

# Configure IPv6 static routes on Router C.

<RouterC> system-view

[RouterC] ipv6 route-static 120:: 64 13::1

[RouterC] ipv6 route-static 121:: 64 10::102

Verifying the configuration

# Display BFD sessions on Router A.

<RouterA> display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv6 session working in control packet mode:

Local discr: 513 Remote discr: 33

Source IP: 12::1

Destination IP: 12::2

Session state: Up Interface: XGE3/0/1

Hold time: 2012ms

The output shows that the BFD session has been created.

# Display IPv6 static routes on Router A.

<RouterA> display ipv6 routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination: 120::/64 Protocol : Static

NextHop : 12::2 Preference: 60

Interface : XGE3/0/1 Cost : 0

Static Routing table Status : <Inactive>

Summary Count : 0

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/1. The link over Ten-GigabitEthernet 3/0/1 fails.

# Display IPv6 static routes on Router A.

<RouterA> display ipv6 routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination: 120::/64 Protocol : Static

NextHop : 10::100 Preference: 65

Interface : XGE3/0/2 Cost : 0

Static Routing table Status : <Inactive>

Summary Count : 0

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/2.

Example: Configuring BFD for IPv6 static routes (indirect next hop)

Network configuration

As shown in Figure 149:

· Router A has a route to interface Loopback 1 (2::9/128) on Router B, and the output interface is Ten-GigabitEthernet 3/0/1.

· Router B has a route to interface Loopback 1 (1::9/128) on Router A, and the output interface is Ten-GigabitEthernet 3/0/1.

· Router D has a route to 1::9/128, and the output interface is Ten-GigabitEthernet 3/0/1. It also has a route to 2::9/128, and the output interface is Ten-GigabitEthernet 3/0/2.

Configure the following:

· Configure an IPv6 static route to subnet 120::/64 on Router A.

· Configure an IPv6 static route to subnet 121::/64 on Router B.

· Enable BFD for both routes.

· Configure an IPv6 static route to subnet 120::/64 and an IPv6 static route to subnet 121::/64 on both Router C and Router D.

When the link between Router A and Router B through Router D fails, BFD can detect the failure immediately and Router A and Router B can communicate through Router C.

Figure 149 Network diagram

‌

Table 22 Interface and IP address assignment

Device	Interface	IPv6 address
Router A	XGE3/0/1	12::1/64
Router A	XGE3/0/2	10::102/64
Router A	Loop1	1::9/128
Router B	XGE3/0/1	11::2/64
Router B	XGE3/0/2	13::1/64
Router B	Loop1	2::9/128
Router C	XGE3/0/1	10::100/64
Router C	XGE3/0/2	13::2/64
Router D	XGE3/0/1	12::2/64
Router D	XGE3/0/2	11::1/64

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure IPv6 static routes and BFD:

# Configure IPv6 static routes on Router A and enable BFD control packet mode for the IPv6 static route that traverses Router D.

<RouterA> system-view

[RouterA] bfd multi-hop min-transmit-interval 500

[RouterA] bfd multi-hop min-receive-interval 500

[RouterA] bfd multi-hop detect-multiplier 9

[RouterA] ipv6 route-static 120:: 64 2::9 bfd control-packet bfd-source 1::9

[RouterA] ipv6 route-static 120:: 64 10::100 preference 65

[RouterA] ipv6 route-static 2::9 128 12::2

[RouterA] quit

# Configure IPv6 static routes on Router B and enable BFD control packet mode for the IPv6 static route that traverses Router D.

<RouterB> system-view

[RouterB] bfd multi-hop min-transmit-interval 500

[RouterB] bfd multi-hop min-receive-interval 500

[RouterB] bfd multi-hop detect-multiplier 9

[RouterB] ipv6 route-static 121:: 64 1::9 bfd control-packet bfd-source 2::9

[RouterB] ipv6 route-static 121:: 64 13::2 preference 65

[RouterB] ipv6 route-static 1::9 128 11::1

[RouterB] quit

# Configure IPv6 static routes on Router C.

<RouterC> system-view

[RouterC] ipv6 route-static 120:: 64 13::1

[RouterC] ipv6 route-static 121:: 64 10::102

# Configure IPv6 static routes on Router D.

<RouterD> system-view

[RouterD] ipv6 route-static 120:: 64 11::2

[RouterD] ipv6 route-static 121:: 64 12::1

[RouterD] ipv6 route-static 2::9 128 11::2

[RouterD] ipv6 route-static 1::9 128 12::1

Verifying the configuration

# Display BFD sessions on Router A.

<RouterA> display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv6 session working in control packet mode:

Local discr: 513 Remote discr: 33

Source IP: 1::9

Destination IP: 2::9

Session state: Up Interface: N/A

Hold time: 2012ms

The output shows that the BFD session has been created.

# Display IPv6 static routes on Router A.

<RouterA> display ipv6 routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination: 120::/64 Protocol : Static

NextHop : 2::9 Preference: 60

Interface : XGE3/0/1 Cost : 0

Static Routing table Status : <Inactive>

Summary Count : 0

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/1. The link over Ten-GigabitEthernet 3/0/1 fails.

# Display IPv6 static routes on Router A.

<RouterA> display ipv6 routing-table protocol static

Summary Count : 1

Static Routing table Status : <Active>

Summary Count : 1

Destination: 120::/64 Protocol : Static

NextHop : 10::100 Preference: 65

Interface : XGE3/0/2 Cost : 0

Static Routing table Status : <Inactive>

Summary Count : 0

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/2.

Example: Configuring IPv6 static route FRR

Network configuration

As shown in Figure 150, configure IPv6 static routes on Router A, Router B, and Router C, and configure IPv6 static route FRR. When Link A becomes unidirectional, traffic can be switched to Link B immediately.

Figure 150 Network diagram

‌

Table 23 Interface and IP address assignment

Device	Interface	IP address
Router A	XGE3/0/1	13::1/64
Router A	XGE3/0/2	12::1/64
Router A	Loopback 0	1::9/128
Router B	XGE3/0/1	23::2/64
Router B	XGE3/0/2	12::2/64
Router B	Loopback 0	2::9/128
Router C	XGE3/0/1	13::3/64
Router C	XGE3/0/2	23::3/64

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure IPv6 static route FRR to automatically select a backup next hop:

# Configure IPv6 static routes on Router A, and configure IPv6 static route FRR to automatically select a backup next hop.

<RouterA> system-view

[RouterA] ipv6 route-static 2::9 128 ten-gigabitethernet 3/0/2 12::2

[RouterA] ipv6 route-static 2::9 128 ten-gigabitethernet 3/0/1 13::3 preference 70

[RouterA] ipv6 route-static 23:: 64 ten-gigabitethernet 3/0/2 12::2

[RouterA] ipv6 route-static 23:: 64 ten-gigabitethernet 3/0/1 13::3 preference 70

[RouterA] ipv6 route-static fast-reroute auto

# Configure IPv6 static routes on Router B, and configure IPv6 static route FRR to automatically select a backup next hop.

<RouterB> system-view

[RouterB] ipv6 route-static 1::9 128 ten-gigabitethernet 3/0/2 12::1

[RouterB] ipv6 route-static 1::9 128 ten-gigabitethernet 3/0/1 23::3 preference 70

[RouterB] ipv6 route-static 13:: 64 ten-gigabitethernet 3/0/2 12::1

[RouterB] ipv6 route-static 13:: 64 ten-gigabitethernet 3/0/1 23::3 preference 70

[RouterB] ipv6 route-static fast-reroute auto

3. Configure IPv6 static routes on Router C.

<RouterC> system-view

[RouterC] ipv6 route-static 1::9 128 ten-gigabitethernet 3/0/1 13::1

[RouterC] ipv6 route-static 2::9 128 ten-gigabitethernet 3/0/2 23::2

Verifying the configuration

# Display route 2::9/128 on Router A to view the backup next hop information.

[RouterA] display ipv6 routing-table 2::9 verbose

Summary Count : 1

Destination: 2::9/128

Protocol: Static

Process ID: 0

SubProtID: 0x1 Age: 00h09m12s

FlushedAge: 15h28m49s

Cost: 0 Preference: 60

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x21000002 LastAs: 0

AttrID: 0xffffffff Neighbor: ::

Flags: 0x10040 OrigNextHop: 12::2

Label: NULL RealNextHop: 12::2

BkLabel: NULL BkNextHop: 13::3

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/1

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display route 1::9/128 on Router B to view the backup next hop information.

[RouterB] display ipv6 routing-table 1::9 verbose

Summary Count : 1

Destination: 1::9/128

Protocol: Static

Process ID: 0

SubProtID: 0x1 Age: 00h09m57s

FlushedAge: 15h28m49s

Cost: 0 Preference: 60

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x21000002 LastAs: 0

AttrID: 0xffffffff Neighbor: ::

Flags: 0x10040 OrigNextHop: 12::1

Label: NULL RealNextHop: 12::1

BkLabel: NULL BkNextHop: 23::3

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/1

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

RIPng configuration examples

Example: Configuring basic RIPng

Network configuration

As shown in Figure 151, Router A, Router B, and Router C learn IPv6 routing information through RIPng. Configure route filtering on Router B to accept all received routes except the route 2::/64 and to advertise only the route 4::/64.

Figure 151 Network diagram

‌

Procedure

1. Configure IPv6 addresses for the interfaces. (Details not shown.)

2. Configure basic RIPng settings:

# Configure Router A.

<RouterA> system-view

[RouterA] ripng 1

[RouterA-ripng-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ripng 1 enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ripng 1

[RouterB-ripng-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ripng 1 enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ripng 1

[RouterC-ripng-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ripng 1 enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] ripng 1 enable

[RouterC-Ten-GigabitEthernet3/0/3] quit

# Display the RIPng routing table on Router B.

[RouterB] display ripng 1 route

Route Flags: A - Aging, S - Suppressed, G - Garbage-collect, D – Direct

O - Optimal, F - Flush to RIB

----------------------------------------------------------------

Peer FE80::20F:E2FF:FE23:82F5 on Ten-GigabitEthernet3/0/1

Destination 2::/64,

via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, AOF, 6 secs

Peer FE80::20F:E2FF:FE00:100 on Ten-GigabitEthernet3/0/2

Destination 4::/64,

via FE80::20F:E2FF:FE00:100, cost 1, tag 0, AOF, 11 secs

Destination 5::/64,

via FE80::20F:E2FF:FE00:100, cost 1, tag 0, AOF, 11 secs

Local route

Destination 1::/64,

via ::, cost 0, tag 0, DOF

Destination 3::/64,

via ::, cost 0, tag 0, DOF

# Display the RIPng routing table on Router A.

[RouterA] display ripng 1 route

Route Flags: A - Aging, S - Suppressed, G - Garbage-collect, D – Direct

O - Optimal, F - Flush to RIB

----------------------------------------------------------------

Peer FE80::200:2FF:FE64:8904 on Ten-GigabitEthernet3/0/1

Destination 3::/64,

via FE80::200:2FF:FE64:8904, cost 1, tag 0, AOF, 31 secs

Destination 4::/64,

via FE80::200:2FF:FE64:8904, cost 2, tag 0, AOF, 31 secs

Destination 5::/64,

via FE80::200:2FF:FE64:8904, cost 2, tag 0, AOF, 31 secs

Local route

Destination 2::/64,

via ::, cost 0, tag 0, DOF

Destination 1::/64,

via ::, cost 0, tag 0, DOF

3. Configure route filtering:

# Use IPv6 prefix lists on Router B to filter received and redistributed routes.

[RouterB] ipv6 prefix-list aaa permit 4:: 64

[RouterB] ipv6 prefix-list bbb deny 2:: 64

[RouterB] ipv6 prefix-list bbb permit :: 0 less-equal 128

[RouterB] ripng 1

[RouterB-ripng-1] filter-policy prefix-list aaa export

[RouterB-ripng-1] filter-policy prefix-list bbb import

[RouterB-ripng-1] quit

# Display the RIPng routing tables on Router B and Router A.

[RouterB] display ripng 1 route

Route Flags: A - Aging, S - Suppressed, G - Garbage-collect, D – Direct

O - Optimal, F - Flush to RIB

----------------------------------------------------------------

Peer FE80::1:1 on Ten-GigabitEthernet3/0/1

Peer FE80::3:1 on Ten-GigabitEthernet3/0/2

Destination 4::/64,

via FE80::2:2, cost 1, tag 0, AOF, 11 secs

Destination 5::/64,

via FE80::2:2, cost 1, tag 0, AOF, 11 secs

Local route

Destination 1::/64,

via ::, cost 0, tag 0, DOF

Destination 3::/64,

via ::, cost 0, tag 0, DOF

[RouterA] display ripng 1 route

Route Flags: A - Aging, S - Suppressed, G - Garbage-collect, D – Direct

O - Optimal, F - Flush to RIB

----------------------------------------------------------------

Peer FE80::2:1 on Ten-GigabitEthernet3/0/1

Destination 4::/64,

via FE80::1:1, cost 2, tag 0, AOF, 2 secs

Local route

Destination 1::/64,

via ::, cost 0, tag 0, DOF

Destination 2::/64,

via ::, cost 0, tag 0, DOF

Example: Configuring RIPng route redistribution

Network configuration

As shown in Figure 152, Router B communicates with Router A through RIPng 100 and with Router C through RIPng 200.

Configure route redistribution on Router B, so the two RIPng processes can redistribute routes from each other.

Figure 152 Network diagram

‌

Procedure

1. Configure IPv6 addresses for the interfaces. (Details not shown.)

2. Configure basic RIPng settings:

# Enable RIPng 100 on Router A.

<RouterA> system-view

[RouterA] ripng 100

[RouterA-ripng-100] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ripng 100 enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ripng 100 enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable RIPng 100 and RIPng 200 on Router B.

<RouterB> system-view

[RouterB] ripng 100

[RouterB-ripng-100] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ripng 100 enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] ripng 200

[RouterB-ripng-200] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ripng 200 enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable RIPng 200 on Router C.

<RouterC> system-view

[RouterC] ripng 200

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ripng 200 enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ripng 200 enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Display the routing table on Router A.

[RouterA] display ipv6 routing-table

Destinations : 6 Routes : 6

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 1::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 1::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 2::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

3. Configure RIPng route redistribution:

# Configure route redistribution between the two RIPng processes on Router B.

[RouterB] ripng 100

[RouterB-ripng-100] import-route ripng 200

[RouterB-ripng-100] quit

[RouterB] ripng 200

[RouterB-ripng-200] import-route ripng 100

[RouterB-ripng-200] quit

# Display the routing table on Router A.

[RouterA] display ipv6 routing-table

Destinations : 7 Routes : 7

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 1::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 1::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 2::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 4::/64 Protocol : RIPng

NextHop : FE80::200:BFF:FE01:1C02 Preference: 100

Interface : XGE3/0/2 Cost : 1

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

Example: Configuring RIPng GR

Network configuration

As shown in Figure 153, Router A, Router B, and Router C learn IPv6 routing information through RIPng.

Configure Router A as the GR restarter. Configure Router B and Router C as the GR helpers to synchronize their routing tables with Router A by using GR.

Figure 153 Network diagram

‌

Procedure

1. Configure IPv6 addresses for the interfaces. (Details not shown.)

2. Configure RIPng on the routers to ensure the following: (Details not shown.)

¡ Router A, Router B, and Router C can communicate with each other at Layer 3.

¡ Dynamic route update can be implemented among them with RIPng.

3. Enable RIPng GR on Router A.

<RouterA> system-view

[RouterA] ripng 1

[RouterA-ripng-1] graceful-restart

[RouterA-ripng-1] quit

Verifying the configuration

# Restart RIPng or trigger an active/standby process switchover, and then display GR status on Router A.

[RouterA] display ripng 1 graceful-restart

RIPng process: 1

Graceful Restart capability : Enabled

Current GR state : Normal

Graceful Restart period : 60 seconds

Graceful Restart remaining time: 0 seconds

Example: Configuring RIPng FRR

Network configuration

As shown in Figure 154, Router A, Router B, and Router C run RIPng. Configure RIPng FRR so that when Link A becomes unidirectional, traffic can be switched to Link B immediately.

Figure 154 Network diagram

‌

Table 24 Interface and IP address assignment

Device	Interface	IP address
Router A	Ten-GigabitEthernet 3/0/1	1::1/64
Router A	Ten-GigabitEthernet 3/0/2	2::1/64
Router A	Loopback 0	10::1/128
Router B	Ten-GigabitEthernet 3/0/1	3::1/64
Router B	Ten-GigabitEthernet 3/0/2	2::2/64
Router B	Loopback 0	20::1/128
Router C	Ten-GigabitEthernet 3/0/1	1::2/64
Router C	Ten-GigabitEthernet 3/0/2	3::2/64

Procedure

1. Configure IPv6 addresses for the interfaces on the routers. (Details not shown.)

2. Configure RIPng on the routers to make sure Router A, Router B, and Router C can communicate with each other at the network layer. (Details not shown.)

3. Configure RIPng FRR:

# Configure Router A.

<RouterA> system-view

[RouterA] ipv6 prefix-list abc index 10 permit 20::1 128

[RouterA] route-policy frr permit node 10

[RouterA-route-policy-frr-10] if-match ipv6 address prefix-list abc

[RouterA-route-policy-frr-10] apply ipv6 fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 1::2

[RouterA-route-policy-frr-10] quit

[RouterA] ripng 1

[RouterA-ripng-1] fast-reroute route-policy frr

[RouterA-ripng-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ipv6 prefix-list abc index 10 permit 10::1 128

[RouterB] route-policy frr permit node 10

[RouterB-route-policy-frr-10] if-match ipv6 address prefix-list abc

[RouterB-route-policy-frr-10] apply ipv6 fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 3::2

[RouterB-route-policy-frr-10] quit

[RouterB] ripng 1

[RouterB-ripng-1] fast-reroute route-policy frr

[RouterB-ripng-1] quit

Verifying the configuration

# Display the route 20::1/128 on Router A to view the backup next hop information.

[RouterA] display ipv6 routing-table 20::1 128 verbose

Summary count : 1

Destination: 20::1/128

Protocol: RIPng

Process ID: 1

SubProtID: 0x0 Age: 00h17m42s

FlushedAge: 15h28m49s

Cost: 1 Preference: 100

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Inactive Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x22000003 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: FE80::34CD:9FF:FE2F:D02

Flags: 0x41 OrigNextHop: FE80::34CD:9FF:FE2F:D02

Label: NULL RealNextHop: FE80::34CD:9FF:FE2F:D02

BkLabel: NULL BkNextHop: FE80::7685:45FF:FEAD:102

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display the route 10::1/128 on Router B to view the backup next hop information.

[RouterB] display ipv6 routing-table 10::1 128 verbose

Summary count : 1

Destination: 10::1/128

Protocol: RIPng

Process ID: 1

SubProtID: 0x0 Age: 00h22m34s

FlushedAge: 15h28m49s

Cost: 1 Preference: 100

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Inactive Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x22000001 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: FE80::34CC:E8FF:FE5B:C02

Flags: 0x41 OrigNextHop: FE80::34CC:E8FF:FE5B:C02

Label: NULL RealNextHop: FE80::34CC:E8FF:FE5B:C02

BkLabel: NULL BkNextHop: FE80::7685:45FF:FEAD:102

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

Example: Using an IPsec profile to protect RIPng

Network configuration

As shown in Figure 155, configure RIPng on the routers, and configure IPsec profiles on the routers to authenticate and encrypt protocol packets.

Figure 155 Network diagram

‌

Procedure

1. Configure IPv6 addresses for the interfaces. (Details not shown.)

2. Configure basic RIPng settings:

# Configure Router A.

<RouterA> system-view

[RouterA] ripng 1

[RouterA-ripng-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ripng 1

[RouterB-ripng-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ripng 1 enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ripng 1

[RouterC-ripng-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

3. Configure RIPng IPsec profiles:

¡ On Router A:

# Create an IPsec transform set named protrf1.

[RouterA] ipsec transform-set protrf1

# Specify the ESP encryption and authentication algorithms.

[RouterA-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc

[RouterA-ipsec-transform-set-protrf1] esp authentication-algorithm md5

# Specify transport mode for encapsulation.

[RouterA-ipsec-transform-set-protrf1] encapsulation-mode transport

[RouterA-ipsec-transform-set-protrf1] quit

# Create a manual IPsec profile named profile001.

[RouterA] ipsec profile profile001 manual

# Reference IPsec transform set protrf1.

[RouterA-ipsec-profile-profile001-manual] transform-set protrf1

# Configure the inbound and outbound SPIs for ESP.

[RouterA-ipsec-profile-profile001-manual] sa spi inbound esp 256

[RouterA-ipsec-profile-profile001-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[RouterA-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc

[RouterA-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc

[RouterA-ipsec-profile-profile001-manual] quit

¡ On Router B:

# Create an IPsec transform set named protrf1.

[RouterB] ipsec transform-set protrf1

# Specify the ESP encryption and authentication algorithms.

[RouterB-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc

[RouterB-ipsec-transform-set-protrf1] esp authentication-algorithm md5

# Specify transport mode for encapsulation.

[RouterB-ipsec-transform-set-protrf1] encapsulation-mode transport

[RouterB-ipsec-transform-set-protrf1] quit

# Create a manual IPsec profile named profile001.

[RouterB] ipsec profile profile001 manual

# Reference IPsec transform set protrf1.

[RouterB-ipsec-profile-profile001-manual] transform-set protrf1

# Configure the inbound and outbound SPIs for ESP.

[RouterB-ipsec-profile-profile001-manual] sa spi inbound esp 256

[RouterB-ipsec-profile-profile001-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[RouterB-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc

[RouterB-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc

[RouterB-ipsec-profile-profile001-manual] quit

¡ On Router C:

# Create an IPsec transform set named protrf1.

[RouterC] ipsec transform-set protrf1

# Specify the ESP encryption and authentication algorithms.

[RouterC-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc

[RouterC-ipsec-transform-set-protrf1] esp authentication-algorithm md5

# Specify transport mode for encapsulation.

[RouterC-ipsec-transform-set-protrf1] encapsulation-mode transport

[RouterC-ipsec-transform-set-protrf1] quit

# Create a manual IPsec profile named profile001.

[RouterC] ipsec profile profile001 manual

# Reference IPsec transform set protrf1.

[RouterC-ipsec-profile-profile001-manual] transform-set protrf1

# Configure the inbound and outbound SPIs for ESP.

[RouterC-ipsec-profile-profile001-manual] sa spi inbound esp 256

[RouterC-ipsec-profile-profile001-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[RouterC-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc

[RouterC-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc

[RouterC-ipsec-profile-profile001-manual] quit

4. Apply the IPsec profiles to the RIPng process on each device:

¡ On Router A:

[RouterA] ripng 1

[RouterA-ripng-1] enable ipsec-profile profile001

[RouterA-ripng-1] quit

¡ On Router B:

[RouterB] ripng 1

[RouterB-ripng-1] enable ipsec-profile profile001

[RouterB-ripng-1] quit

¡ On Router C:

[RouterC] ripng 1

[RouterC-ripng-1] enable ipsec-profile profile001

[RouterC-ripng-1] quit

Verifying the configuration

# Verify that the RIPng packets between Routers A, B, and C are protected by IPsec. (Details not shown.)

OSPFv3 configuration examples

Example: Configuring OSPFv3 stub area

Network configuration

As shown in Figure 156:

· Enable OSPFv3 on all routers.

· Split the AS into three areas.

· Configure Router B and Router C as ABRs to forward routing information between areas.

· Configure Area 2 as a stub area to reduce LSAs in the area without affecting route reachability.

Figure 156 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure basic OSPFv3:

# On Router A, enable OSPFv3 and specify the router ID as 1.1.1.1.

<RouterA> system-view

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 1 area 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ospfv3 1 area 1

[RouterA-Ten-GigabitEthernet3/0/2] quit

# On Router B, enable OSPFv3 and specify the router ID as 2.2.2.2.

<RouterB> system-view

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospfv3 1 area 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

# On Router C, enable OSPFv3 and specify the router ID as 3.3.3.3.

<RouterC> system-view

[RouterC] ospfv3 1

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ospfv3 1 area 2

[RouterC-Ten-GigabitEthernet3/0/2] quit

# On Router D, enable OSPFv3 and specify the router ID as 4.4.4.4.

<RouterD> system-view

[RouterD] ospfv3 1

[RouterD-ospfv3-1] router-id 4.4.4.4

[RouterD-ospfv3-1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] ospfv3 1 area 2

[RouterD-Ten-GigabitEthernet3/0/2] quit

# Display OSPFv3 neighbors on Router B.

[RouterB] display ospfv3 peer

OSPFv3 Process 1 with Router ID 2.2.2.2

Area: 0.0.0.0

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

3.3.3.3 1 Full/BDR 00:00:40 0 XGE3/0/1

Area: 0.0.0.1

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

1.1.1.1 1 Full/DR 00:00:40 0 XGE3/0/2

# Display OSPFv3 neighbors on Router C.

[RouterC] display ospfv3 peer

OSPFv3 Process 1 with Router ID 3.3.3.3

Area: 0.0.0.0

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

2.2.2.2 1 Full/DR 00:00:40 0 XGE3/0/1

Area: 0.0.0.2

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

4.4.4.4 1 Full/BDR 00:00:40 0 XGE3/0/2

# Display OSPFv3 neighbors on Router D.

[RouterD] display ospfv3 routing

OSPFv3 Process 1 with Router ID 4.4.4.4

-------------------------------------------------------------------------

I - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route

IA - Inter area route, E2 - Type 2 external route, N2 - Type 2 NSSA route

* - Selected route

*Destination: 2001::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000004 Cost : 2

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:1::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000004 Cost : 3

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:2::/64

Type : I Area : 0.0.0.2

AdvRouter : 4.4.4.4 Preference : 10

NibID : 0x23000002 Cost : 1

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : ::

BkNexthop : N/A

Status : Direct

*Destination: 2001:3::1/128

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000004 Cost : 3

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

Total: 4

Intra area: 1 Inter area: 3 ASE: 0 NSSA: 0

3. Configure Area 2 as a stub area:

# Configure Router D.

[RouterD] ospfv3

[RouterD-ospfv3-1] area 2

[RouterD-ospfv3-1-area-0.0.0.2] stub

[RouterD-ospfv3-1-area-0.0.0.2] quit

[RouterD-ospfv3-1] quit

# Configure Router C, and specify the cost of the default route sent to the stub area as 10.

[RouterC] ospfv3

[RouterC-ospfv3-1] area 2

[RouterC-ospfv3-1-area-0.0.0.2] stub

[RouterC-ospfv3-1-area-0.0.0.2] default-cost 10

# Display OSPFv3 routing table on Router D.

[RouterD] display ospfv3 routing

OSPFv3 Process 1 with Router ID 4.4.4.4

-------------------------------------------------------------------------

I - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route

IA - Inter area route, E2 - Type 2 external route, N2 - Type 2 NSSA route

* - Selected route

*Destination: ::/0

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000003 Cost : 11

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000003 Cost : 2

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:1::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000003 Cost : 3

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:2::/64

Type : I Area : 0.0.0.2

AdvRouter : 4.4.4.4 Preference : 10

NibID : 0x23000001 Cost : 1

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : ::

BkNexthop : N/A

Status : Direct

*Destination: 2001:3::1/128

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000003 Cost : 3

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

Total: 5

Intra area: 1 Inter area: 4 ASE: 0 NSSA: 0

The output shows that a default route is added and its cost is the cost of a direct route plus the configured cost.

4. Configure Area 2 as a totally stub area to further reduce the stub area routing table size:

# Configure Area 2 as a totally stub area on Router C.

[RouterC-ospfv3-1-area-0.0.0.2] stub no-summary

# Display OSPFv3 routing table on Router D.

[RouterD] display ospfv3 routing

OSPFv3 Process 1 with Router ID 4.4.4.4

-------------------------------------------------------------------------

I - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route

IA - Inter area route, E2 - Type 2 external route, N2 - Type 2 NSSA route

* - Selected route

*Destination: ::/0

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000003 Cost : 11

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:2::/64

Type : I Area : 0.0.0.2

AdvRouter : 4.4.4.4 Preference : 10

NibID : 0x23000001 Cost : 1

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : ::

BkNexthop : N/A

Status : Direct

Total: 2

Intra area: 1 Inter area: 1 ASE: 0 NSSA: 0

The output shows that route entries are reduced. All indirect routes are removed, except the default route.

Example: Configuring OSPFv3 NSSA area

Network configuration

As shown in Figure 157:

· Configure OSPFv3 on all routers and split the AS into three areas.

· Configure Router B and Router C as ABRs to forward routing information between areas.

· Configure Area 1 as an NSSA area and configure Router A as an ASBR to redistribute static routes into the AS.

Figure 157 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure basic OSPFv3 (see "Example: Configuring OSPFv3 stub area").

3. Configure Area 1 as an NSSA area:

# Configure Router A.

<RouterA> system-view

[RouterA] ospfv3

[RouterA-ospfv3-1] area 1

[RouterA-ospfv3-1-area-0.0.0.1] nssa

[RouterA-ospfv3-1-area-0.0.0.1] quit

[RouterA-ospfv3-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospfv3

[RouterB-ospfv3-1] area 1

[RouterB-ospfv3-1-area-0.0.0.1] nssa

[RouterB-ospfv3-1-area-0.0.0.1] quit

[RouterB-ospfv3-1] quit

# Display OSPFv3 routing information on Router D.

[RouterD] display ospfv3 1 routing

OSPFv3 Process 1 with Router ID 4.4.4.4

-------------------------------------------------------------------------

I - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route

IA - Inter area route, E2 - Type 2 external route, N2 - Type 2 NSSA route

* - Selected route

*Destination: 2001::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000003 Cost : 2

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:1::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000003 Cost : 3

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:2::/64

Type : I Area : 0.0.0.2

AdvRouter : 4.4.4.4 Preference : 10

NibID : 0x23000001 Cost : 1

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : ::

BkNexthop : N/A

Status : Direct

*Destination: 2001:3::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000003 Cost : 4

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

Total: 4

Intra area: 1 Inter area: 3 ASE: 0 NSSA: 0

4. Configure route redistribution:

# Configure an IPv6 static route, and configure OSPFv3 to redistribute the static route on Router A.

[RouterA] ipv6 route-static 1234:: 64 null 0

[RouterA] ospfv3 1

[RouterA-ospfv3-1] import-route static

[RouterA-ospfv3-1] quit

# Display OSPFv3 routing information on Router D.

[RouterD] display ospfv3 1 routing

OSPFv3 Process 1 with Router ID 4.4.4.4

-------------------------------------------------------------------------

I - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route

IA - Inter area route, E2 - Type 2 external route, N2 - Type 2 NSSA route

* - Selected route

*Destination: 2001::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000002 Cost : 2

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:1::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000002 Cost : 3

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 2001:2::/64

Type : I Area : 0.0.0.2

AdvRouter : 4.4.4.4 Preference : 10

NibID : 0x23000004 Cost : 1

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : ::

BkNexthop : N/A

Status : Direct

*Destination: 2001:3::/64

Type : IA Area : 0.0.0.2

AdvRouter : 3.3.3.3 Preference : 10

NibID : 0x23000002 Cost : 4

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Rely

*Destination: 1234::/64

Type : E2 Tag : 1

AdvRouter : 2.2.2.2 Preference : 150

NibID : 0x23000001 Cost : 1

Interface : XGE3/0/2 BkInterface: N/A

Nexthop : FE80::48C0:26FF:FEDA:305

BkNexthop : N/A

Status : Normal

Total: 5

Intra area: 1 Inter area: 3 ASE: 1 NSSA: 0

The output shows an AS external route imported from the NSSA area exists on Router D.

Example: Configuring OSPFv3 DR election

Network configuration

As shown in Figure 158:

· Configure router priority 100 for Router A, the highest priority on the network, so it will become the DR.

· Configure router priority 2 for Router C, the second highest priority on the network, so it will become the BDR.

· Configure router priority 0 for Router B, so it cannot become a DR or BDR.

· Router D uses the default router priority 1.

Figure 158 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure basic OSPFv3:

# On Router A, enable OSPFv3, and specify the router ID as 1.1.1.1.

<RouterA> system-view

[RouterA] ospfv3

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterA-Ten-GigabitEthernet3/0/1] quit

# On Router B, enable OSPFv3, and specify the router ID as 2.2.2.2.

<RouterB> system-view

[RouterB] ospfv3

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# On Router C, enable OSPFv3, and specify the router ID as 3.3.3.3.

<RouterC> system-view

[RouterC] ospfv3

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterC-Ten-GigabitEthernet3/0/1] quit

# On Router D, enable OSPFv3, and specify the router ID as 4.4.4.4.

<RouterD> system-view

[RouterD] ospfv3

[RouterD-ospfv3-1] router-id 4.4.4.4

[RouterD-ospfv3-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Display neighbors on Router A. The routers have the same default router priority 1, so Router D (the router with the highest router ID) is elected as the DR, and Router C is the BDR.

[RouterA] display ospfv3 peer

OSPFv3 Process 1 with Router ID 1.1.1.1

Area: 0.0.0.0

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

2.2.2.2 1 2-Way/DROther 00:00:36 0 XGE3/0/1

3.3.3.3 1 Full/BDR 00:00:35 0 XGE3/0/1

4.4.4.4 1 Full/DR 00:00:33 0 XGE3/0/1

# Display neighbors on Router D. The neighbor states are all full.

[RouterD] display ospfv3 peer

OSPFv3 Process 1 with Router ID 4.4.4.4

Area: 0.0.0.0

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

1.1.1.1 1 Full/DROther 00:00:30 0 XGE3/0/1

2.2.2.2 1 Full/DROther 00:00:37 0 XGE3/0/1

3.3.3.3 1 Full/BDR 00:00:31 0 XGE3/0/1

3. Configure router priorities for interfaces:

# Set the router priority to 100 for the interface Ten-GigabitEthernet 3/0/1 of Router A.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 dr-priority 100

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Set the router priority to 0 for the interface Ten-GigabitEthernet 3/0/1 of Router B.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 dr-priority 0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Set the router priority to 2 for the interface Ten-GigabitEthernet 3/0/1 of Router C.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 dr-priority 2

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Display neighbors on Router A. The output shows that the router priorities have been changed, but the DR and BDR are not changed.

[RouterA] display ospfv3 peer

OSPFv3 Process 1 with Router ID 1.1.1.1

Area: 0.0.0.0

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

2.2.2.2 0 2-Way/DROther 00:00:36 0 XGE3/0/1

3.3.3.3 2 Full/BDR 00:00:35 0 XGE3/0/1

4.4.4.4 1 Full/DR 00:00:33 0 XGE3/0/1

# Display neighbors on Router D.

[RouterD] display ospfv3 peer

OSPFv3 Process 1 with Router ID 4.4.4.4

Area: 0.0.0.0

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

1.1.1.1 100 Full/DROther 00:00:30 0 XGE3/0/1

2.2.2.2 0 Full/DROther 00:00:37 0 XGE3/0/1

3.3.3.3 2 Full/BDR 00:00:31 0 XGE3/0/1

The output shows that the DR is still Router D.

4. Enable DR/BDR election:

# Perform the shutdown and undo shutdown commands on each interface to enable a new DR/BD election. (Details not shown.)

# Display neighbors on Router A. The output shows that Router C becomes the BDR.

[RouterA] display ospfv3 peer

OSPFv3 Process 1 with Router ID 1.1.1.1

Area: 0.0.0.0

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

2.2.2.2 0 Full/DROther 00:00:36 0 XGE3/0/1

3.3.3.3 2 Full/BDR 00:00:35 0 XGE3/0/1

4.4.4.4 1 Full/DROther 00:00:33 0 XGE3/0/1

# Display neighbors on Router D.

[RouterD] display ospfv3 peer

OSPFv3 Process 1 with Router ID 4.4.4.4

Area: 0.0.0.0

-------------------------------------------------------------------------

Router ID Pri State Dead-Time InstID Interface

1.1.1.1 100 Full/DR 00:00:30 0 XGE3/0/1

2.2.2.2 0 2-Way/DROther 00:00:37 0 XGE3/0/1

3.3.3.3 2 Full/BDR 00:00:31 0 XGE3/0/1

The output shows that Router A becomes the DR.

Example: Configuring OSPFv3 route redistribution

Network configuration

As shown in Figure 159:

· Router A, Router B, and Router C are in Area 2.

· OSPFv3 process 1 and OSPFv3 process 2 run on Router B. Router B communicates with Router A and Router C through OSPFv3 process 1 and OSPFv3 process 2.

· Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Router B, and set the metric for redistributed routes to 3. Router C can then learn the routes destined for 1::0/64 and 2::0/64, and Router A cannot learn the routes destined for 3::0/64 or 4::0/64.

Figure 159 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure basic OSPFv3:

# Enable OSPFv3 process 1 on Router A.

<RouterA> system-view

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ospfv3 1 area 2

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 1 area 2

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable OSPFv3 process 1 and OSPFv3 process 2 on Router B.

<RouterB> system-view

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospfv3 1 area 2

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] ospfv3 2

[RouterB-ospfv3-2] router-id 3.3.3.3

[RouterB-ospfv3-2] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 2 area 2

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable OSPFv3 process 2 on Router C.

<RouterC> system-view

[RouterC] ospfv3 2

[RouterC-ospfv3-2] router-id 4.4.4.4

[RouterC-ospfv3-2] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ospfv3 2 area 2

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 2 area 2

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Display the routing table on Router C.

[RouterC] display ipv6 routing-table

Destinations : 6 Routes : 6

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 3::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 3::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 4::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 4::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

3. Configure OSPFv3 route redistribution:

# Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Router B, and set the metric for redistributed routes to 3.

[RouterB] ospfv3 2

[RouterB-ospfv3-2] import-route ospfv3 1 cost 3

[RouterB-ospfv3-2] import-route direct cost 3

[RouterB-ospfv3-2] quit

# Display the routing table on Router C.

[RouterC] display ipv6 routing-table

Destinations : 8 Routes : 8

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 1::/64 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 3

Destination: 2::/64 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 3

Destination: 3::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 3::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 4::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 4::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

Example: Configuring OSPFv3 route summarization

Network configuration

As shown in Figure 160:

· Router A, Router B, and Router C are in Area 2.

· OSPFv3 process 1 and OSPFv3 process 2 run on Router B. Router B communicates with Router A and Router C through OSPFv3 process 1 and OSPFv3 process 2, respectively.

· On Router A, configure IPv6 addresses 2:1:1::1/64, 2:1:2::1/64, and 2:1:3::1/64 for Ten-GigabitEthernet 3/0/1.

· On Router B, configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1. Router C can then learn the routes destined for 2::/64, 2:1:1::/64, 2:1:2::/64, and 2:1:3::/64.

· On Router B, configure route summarization to advertise only summary route 2::/16 to Router C.

Figure 160 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure OSPFv3:

# Enable OSPFv3 process 1 on Router A.

<RouterA> system-view

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ospfv3 1 area 2

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 2:1:1::1 64

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 2:1:2::1 64

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 2:1:3::1 64

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 1 area 2

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable OSPFv3 process 1 and OSPFv3 process 2 on Router B.

<RouterB> system-view

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospfv3 1 area 2

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] ospfv3 2

[RouterB-ospfv3-2] router-id 3.3.3.3

[RouterB-ospfv3-2] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 2 area 2

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable OSPFv3 process 2 on Router C.

<RouterC> system-view

[RouterC] ospfv3 2

[RouterC-ospfv3-2] router-id 4.4.4.4

[RouterC-ospfv3-2] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ospfv3 2 area 2

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 2 area 2

[RouterC-Ten-GigabitEthernet3/0/1] quit

3. Configure OSPFv3 route redistribution:

# Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Router B.

[RouterB] ospfv3 2

[RouterB-ospfv3-2] import-route ospfv3 1

[RouterB-ospfv3-2] import-route direct

[RouterB-ospfv3-2] quit

# Display the routing table on Router C.

[RouterC] display ipv6 routing-table

Destinations : 11 Routes : 11

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 1::/64 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 1

Destination: 2::/64 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 1

Destination: 2:1:1::/64 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 1

Destination: 2:1:2::/64 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 1

Destination: 2:1:3::/64 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 1

Destination: 3::/64 Protocol : Direct

NextHop : 3::2 Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 3::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 4::/64 Protocol : Direct

NextHop : 4::1 Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 4::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

4. Configure ASBR route summarization:

# On Router B, configure OSPFv3 process 2 to advertise a summary route 2::/16.

[RouterB] ospfv3 2

[RouterB-ospfv3-2] asbr-summary 2:: 16

[RouterB-ospfv3-2] quit

# Display the routing table on Router C.

[RouterC] display ipv6 routing-table

Destinations : 8 Routes : 8

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 1::/64 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 1

Destination: 2::/16 Protocol : O_ASE2

NextHop : FE80::200:CFF:FE01:1C03 Preference: 150

Interface : XGE3/0/2 Cost : 1

Destination: 3::/64 Protocol : Direct

NextHop : 3::2 Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 3::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 4::/64 Protocol : Direct

NextHop : 4::1 Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 4::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

Example: Configuring OSPFv3 GR

Network configuration

As shown in Figure 161:

· Router A, Router B, and Router C that reside in the same AS and the same OSPFv3 routing domain are GR capable.

· Router A acts as the GR restarter. Router B and Router C act as GR helpers, and synchronize their LSDBs with Router A through GR.

Figure 161 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure basic OSPFv3:

# On Router A, enable OSPFv3 process 1, enable GR, and set the router ID to 1.1.1.1.

<RouterA> system-view

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] graceful-restart enable

[RouterA-ospfv3-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 1 area 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# On Router B, enable OSPFv3 and set the router ID to 2.2.2.2. (By default, GR helper is enabled on a router.)

<RouterB> system-view

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 1 area 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# On Router C, enable OSPFv3 and set the router ID to 3.3.3.3. (By default, GR helper is enabled on a router.)

<RouterC> system-view

[RouterC] ospfv3 1

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 1 area 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Perform an active/standby switchover on Router A to trigger an OSPFv3 GR operation. (Details not shown.)

Example: Configuring BFD for OSPFv3

Network configuration

As shown in Figure 162:

· Configure OSPFv3 on Router A, Router B and Router C and configure BFD over the link Router A<—>L2 Switch<—>Router B.

· After the link Router A<—>L2 Switch<—>Router B fails, BFD can quickly detect the failure and notify OSPFv3 of the failure. Then Router A and Router B communicate through Router C.

Figure 162 Network diagram

‌

Table 25 Interface and IP address assignment

Device	Interface	IPv6 address
Router A	XGE3/0/1	2001::1/64
Router A	XGE3/0/2	2001:2::1/64
Router B	XGE3/0/1	2001::2/64
Router B	XGE3/0/2	2001:3::2/64
Router C	XGE3/0/1	2001:2::2/64
Router C	XGE3/0/2	2001:3::1/64

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure basic OSPFv3:

# Enable OSPFv3 and set the router ID to 1.1.1.1 on Router A.

<RouterA> system-view

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable OSPFv3 and set the router ID to 2.2.2.2 on Router B.

<RouterB> system-view

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Enable OSPFv3 and set the router ID to 3.3.3.3 on Router C.

<RouterC> system-view

[RouterC] ospfv3 1

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[RouterC-Ten-GigabitEthernet3/0/2] quit

3. Configure BFD:

# Enable BFD and configure BFD parameters on Router A.

[RouterA] bfd session init-mode active

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 bfd enable

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterA-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 7

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable BFD and configure BFD parameters on Router B.

[RouterB] bfd session init-mode active

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 bfd enable

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-transmit-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd min-receive-interval 500

[RouterB-Ten-GigabitEthernet3/0/1] bfd detect-multiplier 6

[RouterB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display the BFD information on Router A.

[RouterA] display bfd session

Total sessions: 1 Up sessions: 1 Init mode: Active

IPv6 session working in control packet mode:

Local discr: 1441 Remote discr: 1450

Source IP: FE80::20F:FF:FE00:1202 (link-local address of Ten-GigabitEthernet3/0/1 on Router A)

Destination IP: FE80::20F:FF:FE00:1200 (link-local address of Ten-GigabitEthernet3/0/1 on Router B)

Session state: Up Interface: XGE3/0/1

Hold time: 2319ms

# Display routes destined for 2001:4::0/64 on Router A.

[RouterA] display ipv6 routing-table 2001:4::0 64

Summary Count : 1

Destination: 2001:4::/64 Protocol : O_INTRA

NextHop : FE80::20F:FF:FE00:1200 Preference: 10

Interface : XGE3/0/1 Cost : 1

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/1. Then the link over Ten-GigabitEthernet 3/0/1 fails.

# Display routes destined for 2001:4::0/64 on Router A.

[RouterA] display ipv6 routing-table 2001:4::0 64

Summary Count : 1

Destination: 2001:4::/64 Protocol : O_INTRA

NextHop : FE80::BAAF:67FF:FE27:DCD0 Preference: 10

Interface : XGE3/0/2 Cost : 2

The output shows that Router A communicates with Router B through Ten-GigabitEthernet 3/0/2.

Example: Configuring OSPFv3 FRR

Network configuration

As shown in Figure 163, Router A, Router B, and Router C reside in the same OSPFv3 domain. Configure OSPFv3 FRR so that when Link A fails, traffic is immediately switched to Link B.

Figure 163 Network diagram

‌

Table 26 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	1::1/64	Router B	XGE3/0/1	3::1/64
	XGE3/0/2	2::1/64		XGE3/0/2	2::2/64
	Loop0	10::1/128		Loop0	20::1/128
Router C	XGE3/0/1	1::2/64
	XGE3/0/2	3::2/64

Procedure

1. Configure IPv6 addresses for interfaces on the routers. (Details not shown.)

2. Configure OSPFv3 on the routers to ensure that Router A, Router B, and Router C can communicate with each other at the network layer. (Details not shown.)

3. Configure OSPFv3 FRR:

You can enable OSPFv3 FRR to either calculate a backup next hop by using the LFA algorithm, or specify a backup next hop by using a routing policy.

¡ (Method 1.) Enable OSPFv3 FRR to calculate a backup next hop by using the LFA algorithm:

# Configure Router A.

<RouterA> system-view

[RouterA] ospfv3 1

[RouterA-ospfv3-1] fast-reroute lfa

[RouterA-ospfv3-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospfv3 1

[RouterB-ospfv3-1] fast-reroute lfa

[RouterB-ospfv3-1] quit

¡ (Method 2.) Enable OSPFv3 FRR to specify a backup next hop by using a routing policy:

# Configure Router A.

<RouterA> system-view

[RouterA] ipv6 prefix-list abc index 10 permit 20::1 128

[RouterA] route-policy frr permit node 10

[RouterA-route-policy-frr-10] if-match ipv6 address prefix-list abc

[RouterA-route-policy-frr-10] apply ipv6 fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 1::2

[RouterA-route-policy-frr-10] quit

[RouterA] ospfv3 1

[RouterA-ospfv3-1] fast-reroute route-policy frr

[RouterA-ospfv3-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ipv6 prefix-list abc index 10 permit 10::1 128

[RouterB] route-policy frr permit node 10

[RouterB-route-policy-frr-10] if-match ipv6 address prefix-list abc

[RouterB-route-policy-frr-10] apply ipv6 fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 3::2

[RouterB-route-policy-frr-10] quit

[RouterB] ospfv3 1

[RouterB-ospfv3-1] fast-reroute route-policy frr

[RouterB-ospfv3-1] quit

Verifying the configuration

# Display the route 20::1/128 on Router A to view the backup next hop information.

[RouterA] display ipv6 routing-table 20::1 128 verbose

Summary count : 1

Destination: 20::1/128

Protocol: O_INTRA

Process ID: 1

SubProtID: 0x1 Age: 00h03m45s

FlushedAge: 15h28m49s

Cost: 6 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x23000005 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: ::

Flags: 0x10041 OrigNextHop: FE80::7685:45FF:FEAD:102

Label: NULL RealNextHop: FE80::7685:45FF:FEAD:102

BkLabel: NULL BkNextHop: FE80::34CD:9FF:FE2F:D02

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

# Display the route 10::1/128 on Router B to view the backup next hop information.

[RouterB] display ipv6 routing-table 10::1 128 verbose

Summary count : 1

Destination: 10::1/128

Protocol: O_INTRA

Process ID: 1

SubProtID: 0x1 Age: 00h03m10s

FlushedAge: 15h28m49s

Cost: 1 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0xa OrigAs: 0

NibID: 0x23000006 LastAs: 0

AttrID: 0xffffffff

BkAttrID: 0xffffffff Neighbor: ::

Flags: 0x10041 OrigNextHop: FE80::34CC:E8FF:FE5B:C02

Label: NULL RealNextHop: FE80::34CC:E8FF:FE5B:C02

BkLabel: NULL BkNextHop: FE80::7685:45FF:FEAD:102

SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2

BkSRLabel: NULL BkInterface: N/A

Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2

BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/1

InLabel: NULL ColorInterface: N/A

SIDIndex: NULL BkColorInterface: N/A

FtnIndex: 0x0 TunnelInterface: N/A

TrafficIndex: N/A BkTunnelInterface: N/A

Connector: N/A PathID: 0x0

UserID: 0x0 SRTunnelID: Invalid

SID Type: N/A NID: Invalid

FlushNID: Invalid BkNID: Invalid

BkFlushNID: Invalid StatFlags: 0x0

SID: N/A

BkSID: N/A

CommBlockLen: 0 Priority: Critical

MemberPort: N/A

Example: Configuring OSPFv3 IPsec profile

Network configuration

As shown in Figure 164, all routers run OSPFv3, and the AS is divided into two areas.

Configure IPsec profiles on the routers to authenticate and encrypt protocol packets.

Figure 164 Network diagram

‌

Procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure OSPFv3 basic features:

# On Router A, enable OSPFv3 and specify the router ID as 1.1.1.1.

<RouterA> system-view

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ospfv3 1 area 1

[RouterA-Ten-GigabitEthernet3/0/2] quit

# On Router B, enable OSPFv3 and specify the router ID as 2.2.2.2.

<RouterB> system-view

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospfv3 1 area 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

# On Router C, enable OSPFv3 and specify the router ID as 3.3.3.3.

<RouterC> system-view

[RouterC] ospfv3 1

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[RouterC-Ten-GigabitEthernet3/0/1] quit

3. Configure OSPFv3 IPsec profiles:

¡ On Router A:

# Create an IPsec transform set named trans.

[RouterA] ipsec transform-set trans

# Specify the encapsulation mode as transport.

[RouterA-ipsec-transform-set-trans] encapsulation-mode transport

# Specify the ESP encryption and authentication algorithms.

[RouterA-ipsec-transform-set-trans] protocol esp

[RouterA-ipsec-transform-set-trans] esp encryption-algorithm aes-cbc-128

[RouterA-ipsec-transform-set-trans] esp authentication-algorithm sha1

[RouterA-ipsec-transform-set-trans] quit

# Create a manual IPsec profile named profile001.

[RouterA] ipsec profile profile001 manual

# Use IPsec transform set trans.

[RouterA-ipsec-profile-manual-profile001] transform-set trans

# Configure the inbound and outbound SPIs for ESP.

[RouterA-ipsec-profile-manual-profile001] sa spi outbound esp 123456

[RouterA-ipsec-profile-manual-profile001] sa spi inbound esp 123456

# Configure the inbound and outbound SA keys for ESP.

[RouterA-ipsec-profile-manual-profile001] sa string-key outbound esp simple abcdefg

[RouterA-ipsec-profile-manual-profile001] sa string-key inbound esp simple abcdefg

[RouterA-ipsec-profile-manual-profile001] quit

¡ On Router B:

# Create an IPsec transform set named trans.

[RouterB] ipsec transform-set trans

# Specify the encapsulation mode as transport.

[RouterB-ipsec-transform-set-trans] encapsulation-mode transport

# Specify the ESP encryption and authentication algorithms.

[RouterB-ipsec-transform-set-trans] protocol esp

[RouterB-ipsec-transform-set-trans] esp encryption-algorithm aes-cbc-128

[RouterB-ipsec-transform-set-trans] esp authentication-algorithm sha1

[RouterB-ipsec-transform-set-trans] quit

# Create a manual IPsec profile named profile001.

[RouterB] ipsec profile profile001 manual

# Use IPsec transform set trans.

[RouterB-ipsec-profile-manual-profile001] transform-set trans

# Configure the inbound and outbound SPIs for ESP.

[RouterB-ipsec-profile-manual-profile001] sa spi outbound esp 123456

[RouterB-ipsec-profile-manual-profile001] sa spi inbound esp 123456

# Configure the inbound and outbound SA keys for ESP.

[RouterB-ipsec-profile-manual-profile001] sa string-key outbound esp simple abcdefg

[RouterB-ipsec-profile-manual-profile001] sa string-key inbound esp simple abcdefg

[RouterB-ipsec-profile-manual-profile001] quit

# Create a manual IPsec profile named profile002.

[RouterB] ipsec profile profile002 manual

# Use IPsec transform set trans.

[RouterB-ipsec-profile-manual-profile002] transform-set trans

# Configure the inbound and outbound SPIs for ESP.

[RouterB-ipsec-profile-manual-profile002] sa spi outbound esp 256

[RouterB-ipsec-profile-manual-profile002] sa spi inbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[RouterB-ipsec-profile-manual-profile002] sa string-key outbound esp simple byebye

[RouterB-ipsec-profile-manual-profile002] sa string-key inbound esp simple byebye

[RouterB-ipsec-profile-manual-profile002] quit

¡ On Router C:

# Create an IPsec transform set named trans.

[RouterC] ipsec transform-set trans

# Specify the encapsulation mode as transport.

[RouterC-ipsec-transform-set-trans] encapsulation-mode transport

# Specify the ESP encryption and authentication algorithms.

[RouterC-ipsec-transform-set-trans] protocol esp

[RouterC-ipsec-transform-set-trans] esp encryption-algorithm aes-cbc-128

[RouterC-ipsec-transform-set-trans] esp authentication-algorithm sha1

[RouterC-ipsec-transform-set-trans] quit

# Create a manual IPsec profile named profile002.

[RouterC] ipsec profile profile002 manual

# Use IPsec transform set trans.

[RouterC-ipsec-profile-manual-profile002] transform-set trans

# Configure the inbound and outbound SPIs for ESP.

[RouterC-ipsec-profile-manual-profile002] sa spi outbound esp 256

[RouterC-ipsec-profile-manual-profile002] sa spi inbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[RouterC-ipsec-profile-manual-profile002] sa string-key outbound esp simple byebye

[RouterC-ipsec-profile-manual-profile002] sa string-key inbound esp simple byebye

[RouterC-ipsec-profile-manual-profile002] quit

4. Apply the IPsec profiles to areas:

# Configure Router A.

[RouterA] ospfv3 1

[RouterA-ospfv3-1] area 1

[RouterA-ospfv3-1-area-0.0.0.1] enable ipsec-profile profile001

[RouterA-ospfv3-1-area-0.0.0.1] quit

[RouterA-ospfv3-1] quit

# Configure Router B.

[RouterB] ospfv3 1

[RouterB-ospfv3-1] area 0

[RouterB-ospfv3-1-area-0.0.0.0] enable ipsec-profile profile002

[RouterB-ospfv3-1-area-0.0.0.0] quit

[RouterB-ospfv3-1] area 1

[RouterB-ospfv3-1-area-0.0.0.1] enable ipsec-profile profile001

[RouterB-ospfv3-1-area-0.0.0.1] quit

[RouterB-ospfv3-1] quit

# Configure Router C.

[RouterC] ospfv3 1

[RouterC-ospfv3-1] area 0

[RouterC-ospfv3-1-area-0.0.0.0] enable ipsec-profile profile002

[RouterC-ospfv3-1-area-0.0.0.0] quit

[RouterC-ospfv3-1] quit

Verifying the configuration

# Verify that OSPFv3 packets between Routers A, B, and C are protected by IPsec. (Details not shown.)

IPv6 PBR configuration examples

Example: Configuring packet type-based IPv6 local PBR

Network configuration

As shown in Figure 165, Router B and Router C are connected through Router A. Router B and Router C do not have a route to reach each other.

Configure IPv6 PBR on Router A to forward all TCP packets to the next hop 1::2 (Router B).

Figure 165 Network diagram

‌

Procedure

1. Configure Router A:

# Configure the IPv6 addresses of Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 1::1 64

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 address 2::1 64

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure ACL 3001 to match TCP packets.

[RouterA] acl ipv6 advanced 3001

[RouterA-acl-ipv6-adv-3001] rule permit tcp

[RouterA-acl-ipv6-adv-3001] quit

# Configure Node 5 for policy aaa to forward TCP packets to next hop 1::2.

[RouterA] ipv6 policy-based-route aaa permit node 5

[RouterA-pbr6-aaa-5] if-match acl 3001

[RouterA-pbr6-aaa-5] apply next-hop 1::2

[RouterA-pbr6-aaa-5] quit

# Configure IPv6 local PBR by applying policy aaa to Router A.

[RouterA] ipv6 local policy-based-route aaa

2. On Router B, configure the IPv6 address of Ten-GigabitEthernet 3/0/1.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 address 1::2 64

3. On Router C, configure the IPv6 address of Ten-GigabitEthernet 3/0/2.

<RouterC> system-view

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ipv6 address 2::2 64

Verifying the configuration

1. Perform telnet operations to verify that IPv6 local PBR on Router A operates as configured to forward the matching TCP packets to the next hop 1::2 (Router B), as follows:

# Verify that you can telnet to Router B from Router A successfully. (Details not shown.)

# Verify that you cannot telnet to Router C from Router A. (Details not shown.)

2. Verify that Router A forwards packets other than TCP packets through Ten-GigabitEthernet 3/0/2. For example, verify that you can ping Router C from Router A. (Details not shown.)

Example: Configuring packet type-based IPv6 interface PBR

Network configuration

As shown in Figure 166, Router B and Router C do not have a route to reach each other.

Configure IPv6 PBR on Router A to forward all TCP packets received on Ten-GigabitEthernet 3/0/1 to the next hop 1::2 (Router B).

Figure 166 Network diagram

‌

Procedure

1. Configure IPv6 addresses and unicast routing protocol settings to make sure Router B and Router C each have a route to reach Host A. (Details not shown.)

2. Configure Router A:

# Configure ACL 3001 to match TCP packets.

[RouterA] acl ipv6 advanced 3001

[RouterA-acl-ipv6-adv-3001] rule permit tcp

[RouterA-acl-ipv6-adv-3001] quit

# Configure Node 5 for policy aaa to forward TCP packets to next hop 1::2.

[RouterA] ipv6 policy-based-route aaa permit node 5

[RouterA-pbr6-aaa-5] if-match acl 3001

[RouterA-pbr6-aaa-5] apply next-hop 1::2

[RouterA-pbr6-aaa-5] quit

# Configure IPv6 interface PBR by applying policy aaa to Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 policy-based-route aaa

[RouterA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

1. Enable IPv6 and configure the IPv6 address 10::3 for Host A.

C:\>ipv6 install

Installing...

Succeeded.

C:\>ipv6 adu 4/10::3

2. Perform telnet operations to verify that IPv6 interface PBR on Router A operates as configured to forward the matching TCP packets to the next hop 1::2 (Router B), as follows:

# Verify that you can telnet to Router B from Host A successfully. (Details not shown.)

# Verify that you cannot telnet to Router C from Host A. (Details not shown.)

3. Verify that Router A forwards packets other than TCP packets through Ten-GigabitEthernet 3/0/3. For example, verify that you can ping Router C from Host A. (Details not shown.)

Routing policy configuration examples

Example: Configuring a routing policy for IPv4 route redistribution

Network configuration

As shown in Figure 167, Router B exchanges routing information with Router A by using OSPF and with Router C by using IS-IS.

On Router B, enable route redistribution from IS-IS to OSPF. Use a routing policy to set the cost of route 172.17.1.0/24 to 100 and the tag of route 172.17.2.0/24 to 20.

Figure 167 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure IS-IS:

# Configure Router C.

<RouterC> system-view

[RouterC] isis

[RouterC-isis-1] is-level level-2

[RouterC-isis-1] network-entity 10.0000.0000.0001.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] isis enable

[RouterC-Ten-GigabitEthernet3/0/3] quit

[RouterC] interface ten-gigabitethernet 3/0/4

[RouterC-Ten-GigabitEthernet3/0/4] isis enable

[RouterC-Ten-GigabitEthernet3/0/4] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis

[RouterB-isis-1] is-level level-2

[RouterB-isis-1] network-entity 10.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

3. Configure OSPF and route redistribution:

# Configure OSPF on Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# On Router B, configure OSPF and enable route redistribution from IS-IS to OSPF.

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] import-route isis 1

[RouterB-ospf-1] quit

# Display the OSPF routing table on Router A to view the redistributed routes.

[RouterA] display ospf routing

OSPF Process 1 with Router ID 192.168.1.1

Routing Tables

Routing for Network

Destination Cost Type NextHop AdvRouter Area

192.168.1.0/24 1 Transit 192.168.1.1 192.168.1.1 0.0.0.0

Routing for ASEs

Destination Cost Type Tag NextHop AdvRouter

172.17.1.0/24 1 Type2 1 192.168.1.2 192.168.2.2

172.17.2.0/24 1 Type2 1 192.168.1.2 192.168.2.2

172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.2.2

Total Nets: 4

Intra Area: 1 Inter Area: 0 ASE: 3 NSSA: 0

4. Configure filtering lists on Router B:

# Configure IPv4 basic ACL 2002 to permit route 172.17.2.0/24.

[RouterB] acl basic 2002

[RouterB-acl-ipv4-basic-2002] rule permit source 172.17.2.0 0.0.0.255

[RouterB-acl-ipv4-basic-2002] quit

# Configure IP prefix list prefix-a to permit route 172.17.1.0/24.

[RouterB] ip prefix-list prefix-a index 10 permit 172.17.1.0 24

5. Configure a routing policy on Router B.

[RouterB] route-policy isis2ospf permit node 10

[RouterB-route-policy-isis2ospf-10] if-match ip address prefix-list prefix-a

[RouterB-route-policy-isis2ospf-10] apply cost 100

[RouterB-route-policy-isis2ospf-10] quit

[RouterB] route-policy isis2ospf permit node 20

[RouterB-route-policy-isis2ospf-20] if-match ip address acl 2002

[RouterB-route-policy-isis2ospf-20] apply tag 20

[RouterB-route-policy-isis2ospf-20] quit

[RouterB] route-policy isis2ospf permit node 30

[RouterB-route-policy-isis2ospf-30] quit

6. Apply the routing policy to route redistribution on Router B:

# On Router B, enable route redistribution from IS-IS to OSPF and apply the routing policy.

[RouterB] ospf

[RouterB-ospf-1] import-route isis 1 route-policy isis2ospf

[RouterB-ospf-1] quit

# Display OSPF routing table information on Router A.

[RouterA] display ospf routing

OSPF Process 1 with Router ID 192.168.1.1

Routing Tables

Routing for Network

Destination Cost Type NextHop AdvRouter Area

192.168.1.0/24 1 Transit 192.168.1.1 192.168.1.1 0.0.0.0

Routing for ASEs

Destination Cost Type Tag NextHop AdvRouter

172.17.1.0/24 100 Type2 1 192.168.1.2 192.168.2.2

172.17.2.0/24 1 Type2 20 192.168.1.2 192.168.2.2

172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.2.2

Total Nets: 4

Intra Area: 1 Inter Area: 0 ASE: 3 NSSA: 0

The output shows that the cost of route 172.17.1.0/24 is 100 and the tag of route 172.17.2.0/24 is 20.

Example: Configuring a routing policy for IPv6 route redistribution

Network configuration

As shown in Figure 168:

· Run RIPng on Router A and Router B.

· Configure three static routes on Router A.

· On Router A, apply a routing policy to redistribute static routes 20::/32 and 40::/32 and deny route 30::/32.

Figure 168 Network diagram

‌

Procedure

1. Configure Router A:

# Configure IPv6 addresses for interfaces Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 10::1 32

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 address 11::1 32

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable RIPng on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure three static routes with next hop 11::2, and make sure the static routes are active.

[RouterA] ipv6 route-static 20:: 32 11::2

[RouterA] ipv6 route-static 30:: 32 11::2

[RouterA] ipv6 route-static 40:: 32 11::2

# Configure a routing policy.

[RouterA] ipv6 prefix-list a index 10 permit 30:: 32

[RouterA] route-policy static2ripng deny node 0

[RouterA-route-policy-static2ripng-0] if-match ipv6 address prefix-list a

[RouterA-route-policy-static2ripng-0] quit

[RouterA] route-policy static2ripng permit node 10

[RouterA-route-policy-static2ripng-10] quit

# Enable RIPng and apply routing policy static2ripng to filter redistributed static routes on Router A.

[RouterA] ripng

[RouterA-ripng-1] import-route static route-policy static2ripng

[RouterA-ripng-1] quit

2. Configure Router B:

# Configure the IPv6 address of Ten-GigabitEthernet 3/0/1.

<RouterB> system-view

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 address 10::2 32

# Enable RIPng.

[RouterB] ripng

[RouterB-ripng-1] quit

# Enable RIPng on the interface.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display the RIPng routing table on Router B.

[RouterB] display ripng 1 route

Route Flags: A - Aging, S - Suppressed, G - Garbage-collect, D – Direct

O - Optimal, F - Flush to RIB

----------------------------------------------------------------

Peer FE80::7D58:0:CA03:1 on Ten-GigabitEthernet3/0/1

Destination 20::/32,

via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 8 secs

Destination 40::/32,

via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 3 secs

Local route

Destination 10::/32,

via ::, cost 0, tag 0, DOF

DCN configuration examples

Example: Configuring DCN

Network configuration

As shown in Figure 169, the GNE, Device A, and Device B run DCN in the same VPN instance. The NMS uses SNMP to manage the GNE, and the GNE automatically sends notifications to the NMS to report online or offline events of NEs.

Figure 169 Network diagram

‌

Procedure

1. Configure the GNE:

# Enable SNMP on the GNE. (Details not shown. For more information, see SNMP in Network Management and Monitoring Configuration Guide.)

# Enable DCN, configure the NE ID as 100001 and NE IP as 11.1.1.1/32, and enable the automatic report feature.

<GNE> system-view

[GNE] dcn

[GNE-dcn] ne-id 100001

[GNE-dcn] ne-ip 11.1.1.1 32

[GNE-dcn] auto-report

[GNE-dcn] quit

# Create a VPN instance named dcn_vpn.

[GNE] ip vpn-instance dcn_vpn

[GNE-vpn-instance-dcn_vpn] quit

# Create interface Loopback 1023, and associate it with VPN instance dcn_vpn.

[GNE] interface loopback 1023

[GNE-LoopBack1023] ip binding vpn-instance dcn_vpn

[GNE-LoopBack1023] quit

# Enable LLDP globally.

[GNE] lldp global enable

# Enable the nearest bridge agents on Ten-GigabitEthernet 3/0/1 to advertise basic LLDP TLVs and management address TLVs. The IP address of interface Loopback 1023 is specified as the management address.

[GNE] interface ten-gigabitethernet 3/0/1

[GNE-Ten-GigabitEthernet3/0/1] port link-mode route

[GNE-Ten-GigabitEthernet3/0/1] lldp tlv-enable basic-tlv management-address-tlv interface loopback 1023

# Configure the system to issue the generated ARP entry to the Layer 3 Ethernet subinterface associated with VLAN 4094 in Dot1q termination after Ten-GigabitEthernet 3/0/1 receives an LLDP frame.

[GNE-Ten-GigabitEthernet3/0/1] lldp management-address arp-learning vlan 4094

[GNE-Ten-GigabitEthernet3/0/1] quit

# Enable the nearest bridge agents on Ten-GigabitEthernet 3/0/2 to advertise basic LLDP TLVs and management address TLVs. The IP address of interface Loopback 1023 is specified as the management address.

[GNE] interface ten-gigabitethernet 3/0/2

[GNE-Ten-GigabitEthernet3/0/2] port link-mode route

[GNE-Ten-GigabitEthernet3/0/2] lldp tlv-enable basic-tlv management-address-tlv interface loopback 1023

# Configure the system to issue the generated ARP entry to the Layer 3 Ethernet subinterface associated with VLAN 4094 in Dot1q termination after Ten-GigabitEthernet 3/0/2 receives an LLDP frame.

[GNE-Ten-GigabitEthernet3/0/2] lldp management-address arp-learning vlan 4094

[GNE-Ten-GigabitEthernet3/0/2] quit

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/1.4094 that borrows the IP address of Loopback 1023, and enable Dot1q termination on the interface.

[GNE] interface ten-gigabitethernet 3/0/1.4094

[GNE-Ten-GigabitEthernet3/0/1.4094] ip binding vpn-instance dcn_vpn

[GNE-Ten-GigabitEthernet3/0/1.4094] ip address unnumbered interface loopback 1023

[GNE-Ten-GigabitEthernet3/0/1.4094] vlan-type dot1q vid 4094

[GNE-Ten-GigabitEthernet3/0/1.4094] quit

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/2.4094 that borrows the IP address of Loopback 1023, and enable Dot1q termination on the interface.

[GNE] interface ten-gigabitethernet 3/0/2.4094

[GNE-Ten-GigabitEthernet3/0/2.4094] ip binding vpn-instance dcn_vpn

[GNE-Ten-GigabitEthernet3/0/2.4094] ip address unnumbered interface loopback 1023

[GNE-Ten-GigabitEthernet3/0/2.4094] vlan-type dot1q vid 4094

[GNE-Ten-GigabitEthernet3/0/2.4094] quit

# Enable OSPF process 65535 to run in VPN instance dcn_vpn, and create area 0.

[GNE] ospf 65535 vpn-instance dcn_vpn

[GNE-ospf-65535] area 0

[GNE-ospf-65535-area-0.0.0.0] network 0.0.0.0 255.255.255.255

[GNE-ospf-65535-area-0.0.0.0] quit

[GNE-ospf-65535] quit

# Set the OSPF network type for Ten-GigabitEthernet 3/0/1.4094 to P2P.

[GNE] interface ten-gigabitethernet 3/0/1.4094

[GNE-Ten-GigabitEthernet3/0/1.4094] ospf network-type p2p

[GNE-Ten-GigabitEthernet3/0/1.4094] quit

# Set the OSPF network type for Ten-GigabitEthernet 3/0/2.4094 to P2P.

[GNE] interface ten-gigabitethernet 3/0/2.4094

[GNE-Ten-GigabitEthernet3/0/2.4094] ospf network-type p2p

[GNE-Ten-GigabitEthernet3/0/2.4094] quit

2. Configure Device A:

# Enable DCN, configure the NE ID as 200002 and NE IP as 22.2.2.2/32.

<DeviceA> system-view

[DeviceA] dcn

[DeviceA-dcn] ne-id 200002

[DeviceA-dcn] ne-ip 22.2.2.2 32

[DeviceA-dcn] quit

# Create a VPN instance named dcn_vpn.

[DeviceA] ip vpn-instance dcn_vpn

[DeviceA-vpn-instance-dcn_vpn] quit

# Create interface Loopback 1023, and associate it with VPN instance dcn_vpn.

[DeviceA] interface loopback 1023

[DeviceA-LoopBack1023] ip binding vpn-instance dcn_vpn

[DeviceA-LoopBack1023] quit

# Enable LLDP globally.

[DeviceA] lldp global enable

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-mode route

[DeviceA-Ten-GigabitEthernet3/0/1] lldp tlv-enable basic-tlv management-address-tlv interface loopback 1023

# Configure the system to issue the generated ARP entry to the Layer 3 Ethernet subinterface associated with VLAN 4094 in Dot1q termination after Ten-GigabitEthernet 3/0/1 receives an LLDP frame.

[DeviceA-Ten-GigabitEthernet3/0/1] lldp management-address arp-learning vlan 4094

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] port link-mode route

[DeviceA-Ten-GigabitEthernet3/0/2] lldp tlv-enable basic-tlv management-address-tlv interface loopback 1023

# Configure the system to issue the generated ARP entry to the Layer 3 Ethernet subinterface associated with VLAN 4094 in Dot1q termination after Ten-GigabitEthernet 3/0/2 receives an LLDP frame.

[DeviceA-Ten-GigabitEthernet3/0/2] lldp management-address arp-learning vlan 4094

[DeviceA-Ten-GigabitEthernet3/0/2] quit

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/1.4094 that borrows the IP address of Loopback 1023, and enable Dot1q termination on the interface.

[DeviceA] interface ten-gigabitethernet 3/0/1.4094

[DeviceA-Ten-GigabitEthernet3/0/1.4094] ip binding vpn-instance dcn_vpn

[DeviceA-Ten-GigabitEthernet3/0/1.4094] ip address unnumbered interface loopback 1023

[DeviceA-Ten-GigabitEthernet3/0/1.4094] vlan-type dot1q vid 4094

[DeviceA-Ten-GigabitEthernet3/0/1.4094] quit

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/2.4094 that borrows the IP address of Loopback 1023, and enable Dot1q termination on the interface.

[DeviceA] interface ten-gigabitethernet 3/0/2.4094

[DeviceA-Ten-GigabitEthernet3/0/2.4094] ip binding vpn-instance dcn_vpn

[DeviceA-Ten-GigabitEthernet3/0/2.4094] ip address unnumbered interface loopback 1023

[DeviceA-Ten-GigabitEthernet3/0/2.4094] vlan-type dot1q vid 4094

[DeviceA-Ten-GigabitEthernet3/0/2.4094] quit

# Enable OSPF process 65535 to run in VPN instance dcn_vpn, and create area 0.

[DeviceA] ospf 65535 vpn-instance dcn_vpn

[DeviceA-ospf-65535] area 0

[DeviceA-ospf-65535-area-0.0.0.0] network 0.0.0.0 255.255.255.255

[DeviceA-ospf-65535-area-0.0.0.0] quit

[DeviceA-ospf-65535] quit

# Set the OSPF network type for Ten-GigabitEthernet 3/0/1.4094 to P2P.

[DeviceA] interface ten-gigabitethernet 3/0/1.4094

[DeviceA-Ten-GigabitEthernet3/0/1.4094] ospf network-type p2p

[DeviceA-Ten-GigabitEthernet3/0/1.4094] quit

# Set the OSPF network type for Ten-GigabitEthernet 3/0/2.4094 to P2P.

[DeviceA] interface ten-gigabitethernet 3/0/2.4094

[DeviceA-Ten-GigabitEthernet3/0/2.4094] ospf network-type p2p

[DeviceA-Ten-GigabitEthernet3/0/2.4094] quit

3. Configure Device B:

# Enable DCN, configure the NE ID as 300003 and NE IP as 33.3.3.3/32.

<DeviceB> system-view

[DeviceB] dcn

[DeviceB-dcn] ne-id 300003

[DeviceB-dcn] ne-ip 33.3.3.3 32

[DeviceB-dcn] quit

# Create a VPN instance named dcn_vpn.

[DeviceB] ip vpn-instance dcn_vpn

[DeviceB-vpn-instance-dcn_vpn] quit

# Create interface Loopback 1023, and associate it with VPN instance dcn_vpn.

[DeviceB] interface loopback 1023

[DeviceB-LoopBack1023] ip binding vpn-instance dcn_vpn

[DeviceB-LoopBack1023] quit

# Enable LLDP globally.

[DeviceB] lldp global enable

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] port link-mode route

[DeviceB-Ten-GigabitEthernet3/0/1] lldp tlv-enable basic-tlv management-address-tlv interface loopback 1023

# Configure the system to issue the generated ARP entry to the Layer 3 Ethernet subinterface associated with VLAN 4094 in Dot1q termination after Ten-GigabitEthernet 3/0/1 receives an LLDP frame.

[DeviceB-Ten-GigabitEthernet3/0/1] lldp management-address arp-learning vlan 4094

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] port link-mode route

[DeviceB-Ten-GigabitEthernet3/0/2] lldp tlv-enable basic-tlv management-address-tlv interface loopback 1023

# Configure the system to issue the generated ARP entry to the Layer 3 Ethernet subinterface associated with VLAN 4094 in Dot1q termination after Ten-GigabitEthernet 3/0/2 receives an LLDP frame.

[DeviceB-Ten-GigabitEthernet3/0/2] lldp management-address arp-learning vlan 4094

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/1.4094 that borrows the IP address of Loopback 1023, and enable Dot1q termination on the interface.

[DeviceB] interface gigabitethernet 1/1/1.4094

[DeviceB-Ten-GigabitEthernet3/0/1.4094] ip binding vpn-instance dcn_vpn

[DeviceB-Ten-GigabitEthernet3/0/1.4094] ip address unnumbered interface loopback 1023

[DeviceB-Ten-GigabitEthernet3/0/1.4094] vlan-type dot1q vid 4094

[DeviceB-Ten-GigabitEthernet3/0/1.4094] quit

# Create Ethernet subinterface Ten-GigabitEthernet 3/0/2.4094 that borrows the IP address of Loopback 1023, and enable Dot1q termination on the interface.

[DeviceB] interface ten-gigabitethernet 3/0/2.4094

[DeviceB-Ten-GigabitEthernet3/0/2.4094] ip binding vpn-instance dcn_vpn

[DeviceB-Ten-GigabitEthernet3/0/2.4094] ip address unnumbered interface loopback 1023

[DeviceB-Ten-GigabitEthernet3/0/2.4094] vlan-type dot1q vid 4094

[DeviceB-Ten-GigabitEthernet3/0/2.4094] quit

# Enable OSPF process 65535 to run in VPN instance dcn_vpn, and create area 0.

[DeviceB] ospf 65535 vpn-instance dcn_vpn

[DeviceB-ospf-65535] area 0

[DeviceB-ospf-65535-area-0.0.0.0] network 0.0.0.0 255.255.255.255

[DeviceB-ospf-65535-area-0.0.0.0] quit

[DeviceB-ospf-65535] quit

# Set the OSPF network type for Ten-GigabitEthernet 3/0/1.4094 to P2P.

[DeviceB] interface ten-gigabitethernet 3/0/1.4094

[DeviceB-Ten-GigabitEthernet3/0/1.4094] ospf network-type p2p

[DeviceB-Ten-GigabitEthernet3/0/1.4094] quit

# Set the OSPF network type for Ten-GigabitEthernet 3/0/2.4094 to P2P.

[DeviceB] interface ten-gigabitethernet 3/0/2.4094

[DeviceB-Ten-GigabitEthernet3/0/2.4094] ospf network-type p2p

[DeviceB-Ten-GigabitEthernet3/0/2.4094] quit

Verifying the configuration

# Display brief DCN information on the GNE.

[GNE] display dcn

DCN Brief Information

NE ID : 0x100001

NE IP : 11.1.1.1

Mask : 255.255.255.255

DCN interface: LoopBack1023

Auto report : Enabled

# Display all DCN NE information on the GNE.

[GNE] display dcn ne-info

DCN Network Elements Information

NE ID NE IP Metric Device Type

0x100001 11.1.1.1 0 H3C MSR56-60

0x200002 22.2.2.2 1 H3C MSR56-60

0x300003 33.3.3.3 1 H3C SR6608-X

Total number: 3

The output shows that GNE, Device A, and Device B are online. The GNE notifies the NMS of the online event. You can successfully ping the NE IP addresses of Device A and Device B from the GNE.

# Remove Device B from the DCN network and display all DCN NE information for the GNE.

[GNE] display dcn ne-info

DCN Network Elements Information

NE ID NE IP Metric Device Type

0x100001 11.1.1.1 0 H3C MSR56-60

0x200002 22.2.2.2 1 H3C MSR56-60

Total number: 2

The output shows that GNE and Device A are online. The GNE notifies the NMS of the offline event of Device B. You can still successfully ping the NE IP address of Device A from the GNE.

IGMP snooping configuration examples

Example: Configuring VLAN-based IGMP snooping group polices and simulated joining

Network configuration

As shown in Figure 170, Router A runs IGMPv2 and acts as the IGMP querier. Device A runs IGMPv2 snooping.

Configure a multicast group policy and simulated joining to meet the following requirements:

· Host A and Host B receive only the multicast data addressed to multicast group 224.1.1.1. Multicast data can be forwarded through Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/4 of Device A uninterruptedly, even though Host A and Host B fail to receive the multicast data.

· Device A will drop unknown multicast data instead of flooding it in VLAN 100 .

Figure 170 Network diagram

‌

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Figure 170. (Details not shown.)

2. Configure Router A:

# Enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

3. Configure Device A:

# Enable IGMP snooping globally.

<DeviceA> system-view

[DeviceA] igmp-snooping

[DeviceA-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

# Enable IGMP snooping, and enable dropping unknown multicast data for VLAN 100.

[DeviceA-vlan100] igmp-snooping enable

[DeviceA-vlan100] igmp-snooping drop-unknown

[DeviceA-vlan100] quit

# Configure a multicast group policy so that hosts in VLAN 100 can join only multicast group 224.1.1.1.

[DeviceA] acl basic 2001

[DeviceA-acl-ipv4-basic-2001] rule permit source 224.1.1.1 0

[DeviceA-acl-ipv4-basic-2001] quit

[DeviceA] igmp-snooping

[DeviceA-igmp-snooping] group-policy 2001 vlan 100

[DeviceA-igmp-snooping] quit

# Configure Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/4 as simulated member hosts of multicast group 224.1.1.1.

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] igmp-snooping host-join 224.1.1.1 vlan 100

[DeviceA-Ten-GigabitEthernet3/0/3] quit

[DeviceA] interface ten-gigabitethernet 3/0/4

[DeviceA-Ten-GigabitEthernet3/0/4] igmp-snooping host-join 224.1.1.1 vlan 100

[DeviceA-Ten-GigabitEthernet3/0/4] quit

Verifying the configuration

# Send IGMP reports from Host A and Host B to join multicast groups 224.1.1.1 and 224.2.2.2. (Details not shown.)

# Display dynamic IGMP snooping group entries for VLAN 100 on Device A.

[DeviceA] display igmp-snooping group vlan 100

Total 1 entries.

VLAN 100: Total 1 entries.

(0.0.0.0, 224.1.1.1)

Host slots (0 in total):

Host ports (2 in total):

XGE3/0/3 (00:03:23)

XGE3/0/4 (00:04:10)

The output shows the following information:

· Host A and Host B have joined multicast group 224.1.1.1 through the member ports Ten-GigabitEthernet 3/0/4 and Ten-GigabitEthernet 3/0/3 on Device A, respectively.

· Host A and Host B have failed to join multicast group 224.2.2.2.

Example: Configuring VLAN-based IGMP snooping static ports

Network configuration

As shown in Figure 171:

· Router A runs IGMPv2 and acts as the IGMP querier. Device A, Device B, and Device C run IGMPv2 snooping.

· Host A and host C are permanent receivers of multicast group 224.1.1.1.

Configure static ports to meet the following requirements:

· To enhance the reliability of multicast traffic transmission, configure Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/5 on Device C as static member ports for multicast group 224.1.1.1.

· Suppose the STP runs on the network. To avoid data loops, the forwarding path from Device A to Device C is blocked. Multicast data flows to the receivers attached to Device C only along the path of Device A—Device B—Device C. When this path is blocked, a minimum of one IGMP query-response cycle must be completed before multicast data flows to the receivers along the path of Device A—Device C. In this case, the multicast delivery is interrupted during the process. For more information about the STP, see Layer 2—LAN Deviceing Configuration Guide.

Configure Ten-GigabitEthernet 3/0/3 on Device A as a static router port. Then, multicast data can flow to the receivers nearly uninterruptedly along the path of Device A—Device C when the path of Device A—Device B—Device C is blocked.

Figure 171 Network diagram

‌

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Figure 171. (Details not shown.)

2. Configure Router A:

# Enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

3. Configure Device A:

# Enable IGMP snooping globally.

<DeviceA> system-view

[DeviceA] igmp-snooping

[DeviceA-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/3

# Enable IGMP snooping for VLAN 100.

[DeviceA-vlan100] igmp-snooping enable

[DeviceA-vlan100] quit

# Configure Ten-GigabitEthernet 3/0/3 as a static router port.

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] igmp-snooping static-router-port vlan 100

[DeviceA-Ten-GigabitEthernet3/0/3] quit

4. Configure Device B:

# Enable IGMP snooping globally.

<DeviceB> system-view

[DeviceB] igmp-snooping

[DeviceB-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to the VLAN.

[DeviceB] vlan 100

[DeviceB-vlan100] port ten-gigabitethernet 3/0/1 ten-gigabitethernet 3/0/2

# Enable IGMP snooping for VLAN 100.

[DeviceB-vlan100] igmp-snooping enable

[DeviceB-vlan100] quit

5. Configure Device C:

# Enable IGMP snooping globally.

<DeviceC> system-view

[DeviceC] igmp-snooping

[DeviceC-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/5 to the VLAN.

[DeviceC] vlan 100

[DeviceC-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/5

# Enable IGMP snooping for VLAN 100.

[DeviceC-vlan100] igmp-snooping enable

[DeviceC-vlan100] quit

# Configure Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/5 as static member ports for multicast group 224.1.1.1.

[DeviceC] interface ten-gigabitethernet 3/0/3

[DeviceC-Ten-GigabitEthernet3/0/3] igmp-snooping static-group 224.1.1.1 vlan 100

[DeviceC-Ten-GigabitEthernet3/0/3] quit

[DeviceC] interface ten-gigabitethernet 3/0/5

[DeviceC-Ten-GigabitEthernet3/0/5] igmp-snooping static-group 224.1.1.1 vlan 100

[DeviceC-Ten-GigabitEthernet3/0/5] quit

Verifying the configuration

# Display static router port information for VLAN 100 on Device A.

[DeviceA] display igmp-snooping static-router-port vlan 100

VLAN 100:

Router slots (0 in total):

Router ports (1 in total):

XGE3/0/3

The output shows that Ten-GigabitEthernet 3/0/3 on Device A has become a static router port.

# Display static IGMP snooping group entries for VLAN 100 on Device C.

[DeviceC] display igmp-snooping static-group vlan 100

Total 1 entries.

VLAN 100: Total 1 entries.

(0.0.0.0, 224.1.1.1)

Host slots (0 in total):

Host ports (2 in total):

XGE3/0/3

XGE3/0/5

The output shows that Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/5 on Device C have become static member ports of multicast group 224.1.1.1.

Example: Configuring the VLAN-based IGMP snooping querier

Network configuration

As shown in Figure 172:

· The network is a Layer 2-only network.

· Source 1 and Source 2 send multicast data to multicast groups 224.1.1.1 and 225.1.1.1, respectively.

· Host A and Host C are receivers of multicast group 224.1.1.1, and Host B and Host D are receivers of multicast group 225.1.1.1.

· All host receivers run IGMPv2, and all switches run IGMPv2 snooping. Device A (which is close to the multicast sources) acts as the IGMP snooping querier.

Configure the switches to meet the following requirements:

· To prevent the switches from flooding unknown data in the VLAN, enable all the switches to drop unknown multicast data.

· A switch does not mark a port that receives an IGMP query with source IP address 0.0.0.0 as a dynamic router port. This adversely affects the establishment of Layer 2 forwarding entries and multicast traffic forwarding. To avoid this, configure the source IP address of IGMP queries as a non-zero IP address.

Figure 172 Network diagram

‌

Procedure

1. Configure Device A:

# Enable IGMP snooping globally.

<DeviceA> system-view

[DeviceA] igmp-snooping

[DeviceA-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/3

# Enable IGMP snooping, and enable dropping unknown multicast data for VLAN 100.

[DeviceA-vlan100] igmp-snooping enable

[DeviceA-vlan100] igmp-snooping drop-unknown

# Configure Device A as the IGMP snooping querier.

[DeviceA-vlan100] igmp-snooping querier

[DeviceA-vlan100] quit

# In VLAN 100, specify 192.168.1.1 as the source IP address of IGMP general queries.

[DeviceA-vlan100] igmp-snooping general-query source-ip 192.168.1.1

# In VLAN 100, specify 192.168.1.1 as the source IP address of IGMP group-specific queries.

[DeviceA-vlan100] igmp-snooping special-query source-ip 192.168.1.1

[DeviceA-vlan100] quit

2. Configure Device B:

# Enable IGMP snooping globally.

<DeviceB> system-view

[DeviceB] igmp-snooping

[DeviceB-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceB] vlan 100

[DeviceB-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

# Enable IGMP snooping, and enable dropping unknown multicast data for VLAN 100.

[DeviceB-vlan100] igmp-snooping enable

[DeviceB-vlan100] igmp-snooping drop-unknown

[DeviceB-vlan100] quit

3. Configure Device C:

# Enable IGMP snooping globally.

<DeviceC> system-view

[DeviceC] igmp-snooping

[DeviceC-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to the VLAN.

[DeviceC] vlan 100

[DeviceC-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/3

# Enable IGMP snooping, and enable dropping unknown multicast data for VLAN 100.

[DeviceC-vlan100] igmp-snooping enable

[DeviceC-vlan100] igmp-snooping drop-unknown

[DeviceC-vlan100] quit

4. Configure Device D:

# Enable IGMP snooping globally.

<DeviceD> system-view

[DeviceD] igmp-snooping

[DeviceD-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to the VLAN.

[DeviceD] vlan 100

[DeviceD-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/2

# Enable IGMP snooping, and enable dropping unknown multicast data for VLAN 100.

[DeviceD-vlan100] igmp-snooping enable

[DeviceD-vlan100] igmp-snooping drop-unknown

[DeviceD-vlan100] quit

Verifying the configuration

# Display statistics for IGMP messages and PIMv2 hello messages learned through IGMP snooping on Device B.

[DeviceB] display igmp-snooping statistics

Received IGMP general queries: 3

Received IGMPv1 reports: 0

Received IGMPv2 reports: 12

Received IGMP leaves: 0

Received IGMPv2 specific queries: 0

Sent IGMPv2 specific queries: 0

Received IGMPv3 reports: 0

Received IGMPv3 reports with right and wrong records: 0

Received IGMPv3 specific queries: 0

Received IGMPv3 specific sg queries: 0

Sent IGMPv3 specific queries: 0

Sent IGMPv3 specific sg queries: 0

Received PIMv2 hello: 0

Received error IGMP messages: 0

The output shows that all switches except Device A can receive the IGMP general queries after Device A acts as the IGMP snooping querier.

Example: Configuring VLAN-based IGMP snooping proxying

Network configuration

As shown in Figure 173, Router A runs IGMPv2 and acts as the IGMP querier. Device A runs IGMPv2 snooping. Configure IGMP snooping proxying so that Device A can perform the following actions:

· Forward IGMP report and leave messages to Router A.

· Respond to IGMP queries sent by Router A and forward the queries to downstream hosts.

Figure 173 Network diagram

‌

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Figure 173. (Details not shown.)

2. Configure Router A:

# Enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP and PIM-DM on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] pim dm

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

3. Configure Device A:

# Enable IGMP snooping globally.

<DeviceA> system-view

[DeviceA] igmp-snooping

[DeviceA-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

# Enable IGMP snooping and IGMP snooping proxying for the VLAN.

[DeviceA-vlan100] igmp-snooping enable

[DeviceA-vlan100] igmp-snooping proxy enable

[DeviceA-vlan100] quit

Verifying the configuration

# Send IGMP reports from Host A and Host B to join multicast groups 224.1.1.1 and 224.1.1.1. (Details not shown.)

# Display brief information about IGMP snooping group entries on Device A.

[DeviceA] display igmp-snooping group

Total 1 entries.

VLAN 100: Total 1 entries.

(0.0.0.0, 224.1.1.1)

Host ports (2 in total):

XGE3/0/3 (00:04:00)

XGE3/0/4 (00:04:04)

The output shows that Ten-GigabitEthernet3/0/3 and Ten-GigabitEthernet3/0/4 are member ports of multicast group 224.1.1.1. Host A and Host B become receivers of the group.

# Display IGMP group membership information on Router A.

[RouterA] display igmp group

IGMP groups in total: 1

Ten-GigabitEthernet3/0/1(10.1.1.1):

IGMP groups reported in total: 1

Group address Last reporter Uptime Expires

224.1.1.1 0.0.0.0 00:00:31 00:02:03

# Send an IGMP leave message from Host A to leave multicast group 224.1.1.1. (Details not shown.)

# Display brief information about IGMP snooping group entries on Device A.

[DeviceA] display igmp-snooping group

Total 1 entries.

VLAN 100: Total 1 entries.

(0.0.0.0, 224.1.1.1)

Host ports (1 in total):

XGE3/0/3 ( 00:01:23 )

The output shows that Ten-GigabitEthernet3/0/3 is the only member port of multicast group 224.1.1.1. Only Host B remains as the receiver of the group.

Example: Configuring VSI-based IGMP snooping

Network configuration

As shown in Figure 174:

· There are three sites in VPN a. They are connected through the VPLS network.

· In VLAN 100, Source in Site 1, Host A in Site 2, and Host B in Site 3 communicate with CE 1, CE 2, and CE 3, respectively.

Configure the devices so that Host A and Host B can receive multicast data from Source.

Figure 174 Network diagram

‌

Table 27 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Vlan-int101	10.110.1.1/24	PE 2	Loop0	2.2.2.2/32
PE 1	Vlan-int102	10.110.2.1/24	PE 3	Loop0	10.110.2.2/24
PE 1	Loop0	1.1.1.1/32	PE 3	Loop0	10.110.3.2/24
PE 2	Vlan-int101	10.110.1.2/24	PE 3	Loop0	3.3.3.3/32
PE 2	Vlan-int103	10.110.3.1/24

Procedure

1. Assign an IP address and subnet mask to each interface on the VPLS network, as shown in Table 27. (Details not shown.)

2. Configure OSPF on the switches on the VPLS network. (Details not shown.)

3. Configure CE 1:

# Enable IGMP snooping globally.

<CE1> system-view

[CE1] igmp-snooping

[CE1-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/2 to VLAN 100.

[CE1] vlan 100

[CE1-vlan100] port ten-gigabitethernet 3/0/2

# In VLAN 100, enable IGMP snooping, and enable dropping unknown multicast data.

[CE1-vlan100] igmp-snooping enable

[CE1-vlan100] igmp-snooping drop-unknown

# Configure Ten-GigabitEthernet 3/0/1 as a trunk port, and assign it to VLAN 100.

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] port link-type trunk

[CE1-Ten-GigabitEthernet3/0/1] port trunk permit vlan 100

[CE1-Ten-GigabitEthernet3/0/1] quit

# In VLAN 100, enable the IGMP snooping querier.

[CE1-vlan100] igmp-snooping querier

# In VLAN 100, specify 192.168.1.100 as the source IP address of IGMP general queries and IGMP group-specific queries.

[CE1-vlan100] igmp-snooping general-query source-ip 192.168.1.100

[CE1-vlan100] igmp-snooping special-query source-ip 192.168.1.100

4. Configure CE 2:

# Enable IGMP snooping globally.

<CE2> system-view

[CE2] igmp-snooping

[CE2-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/2 to VLAN100.

[CE2] vlan 100

[CE2-vlan100] port ten-gigabitethernet 3/0/2

# In VLAN 100, enable IGMP snooping, and enable dropping unknown multicast data.

[CE2-vlan100] igmp-snooping enable

[CE2-vlan100] igmp-snooping drop-unknown

# Configure Ten-GigabitEthernet 3/0/1 as a trunk port, and assign it to VLAN 100.

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] port link-type trunk

[CE2-Ten-GigabitEthernet3/0/1] port trunk permit vlan 100

[CE2-Ten-GigabitEthernet3/0/1] quit

5. Configure CE 3:

# Enable IGMP snooping globally.

<CE3> system-view

[CE3] igmp-snooping

[CE3-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/2 to VLAN100.

[CE3] vlan 100

[CE3-vlan100] port ten-gigabitethernet 3/0/2

# In VLAN 100, enable IGMP snooping, and dropping unknown multicast data.

[CE3-vlan100] igmp-snooping enable

[CE3-vlan100] igmp-snooping drop-unknown

# Configure Ten-GigabitEthernet 3/0/1 as a trunk port, and assign it to VLAN 100.

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] port link-type trunk

[CE3-Ten-GigabitEthernet3/0/1] port trunk permit vlan 100

[CE3-Ten-GigabitEthernet3/0/1] quit

6. Configure PE 1:

# Configure the LSR ID as 1.1.1.1 for the local node, and enable L2VPN and LDP.

<PE1> system-view

[PE1] mpls lsr-id 1.1.1.1

[PE1] l2vpn enable

[PE1] mpls ldp

[PE1-ldp] quit

# Enable MPLS and LDP on VLAN-interface 101.

[PE1] interface vlan-interface 101

[PE1-Vlan-interface101] mpls enable

[PE1-Vlan-interface101] mpls ldp enable

[PE1-Vlan-interface101] quit

# Enable MPLS and LDP on VLAN-interface 102.

[PE1] interface vlan-interface 102

[PE1-Vlan-interface102] mpls enable

[PE1-Vlan-interface102] mpls ldp enable

[PE1-Vlan-interface102] quit

# Create a VSI named aaa, and specify the VSI to establish PWs statically.

[PE1] vsi aaa

[PE1-vsi-aaa] pwsignaling static

# Configure PWs for VSI aaa.

[PE1-vsi-aaa-static] peer 2.2.2.2 pw-id 3 in-label 100 out-label 100

[PE1-vsi-aaa-static-2.2.2.2-3] quit

[PE1-vsi-aaa-static] peer 3.3.3.3 pw-id 3 in-label 200 out-label 200

[PE1-vsi-aaa-static-3.3.3.3-3] quit

[PE1-vsi-aaa-static] quit

[PE1-vsi-aaa] quit

# Bind Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] service-instance 1

[PE1-Ten-GigabitEthernet3/0/1-srv1] encapsulation s-vid 5

[PE1-Ten-GigabitEthernet3/0/1-srv1] xconnect vsi aaa

[PE1-Ten-GigabitEthernet3/0/1-srv1] quit

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable IGMP snooping globally.

[PE1] igmp-snooping

[PE1-igmp-snooping] quit

# Enable IGMP snooping, and enable dropping unknown multicast data for VSI aaa.

[PE1] vsi aaa

[PE1-vsi-aaa] igmp-snooping enable

[PE1-vsi-aaa] igmp-snooping drop-unknown

[PE1-vsi-aaa] quit

7. Configure PE 2:

# Configure the LSR ID as 2.2.2.2 for the local node, and enable L2VPN and LDP.

<PE2> system-view

[PE2] mpls lsr-id 2.2.2.2

[PE2] l2vpn enable

[PE2] mpls ldp

[PE2-ldp] quit

# Enable MPLS and LDP on VLAN-interface 101.

[PE2] interface vlan-interface 101

[PE2-Vlan-interface101] mpls enable

[PE2-Vlan-interface101] mpls ldp enable

[PE2-Vlan-interface101] quit

# Enable MPLS and LDP on VLAN-interface 103.

[PE2] interface vlan-interface 103

[PE2-Vlan-interface103] mpls enable

[PE2-Vlan-interface103] mpls ldp enable

[PE2-Vlan-interface103] quit

# Create a VSI named aaa, and specify the VSI to establish PWs statically.

[PE2] vsi aaa

[PE2-vsi-aaa] pwsignaling static

# Configure PWs for VSI aaa.

[PE2-vsi-aaa-static] peer 1.1.1.1 pw-id 3 in-label 100 out-label 100

[PE2-vsi-aaa-static-1.1.1.1-3] quit

[PE2-vsi-aaa-static] peer 3.3.3.3 pw-id 3 in-label 300 out-label 300

[PE2-vsi-aaa-static-3.3.3.3-3] quit

[PE2-vsi-aaa-static] quit

[PE2-vsi-aaa] quit

# Bind Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] service-instance 1

[PE2-Ten-GigabitEthernet3/0/1-srv1] encapsulation s-vid 5

[PE2-Ten-GigabitEthernet3/0/1-srv1] xconnect vsi aaa

[PE2-Ten-GigabitEthernet3/0/1-srv1] quit

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable IGMP snooping globally.

[PE2] igmp-snooping

[PE2-igmp-snooping] quit

# In VSI aaa, enable IGMP snooping, and enable dropping unknown multicast data.

[PE2] vsi aaa

[PE2-vsi-aaa] igmp-snooping enable

[PE2-vsi-aaa] igmp-snooping drop-unknown

[PE2-vsi-aaa] quit

8. Configure PE 3:

# Configure the LSR ID as 3.3.3.3 for the local node, and enable L2VPN and LDP.

<PE3> system-view

[PE3] mpls lsr-id 3.3.3.3

[PE3] l2vpn enable

[PE3] mpls ldp

[PE3-ldp] quit

# Enable MPLS and LDP on VLAN-interface 102.

[PE3] interface vlan-interface 102

[PE3-Vlan-interface102] mpls enable

[PE3-Vlan-interface102] mpls ldp enable

[PE3-Vlan-interface102] quit

# Enable MPLS and LDP on VLAN-interface 103.

[PE3] interface vlan-interface 103

[PE3-Vlan-interface103] mpls enable

[PE3-Vlan-interface103] mpls ldp enable

[PE3-Vlan-interface103] quit

# Create a VSI named aaa, and specify the VSI to establish PWs statically.

[PE3] vsi aaa

[PE3-vsi-aaa] pwsignaling static

# Configure PWs for VSI aaa.

[PE3-vsi-aaa-static] peer 1.1.1.1 pw-id 3 in-label 200 out-label 200

[PE3-vsi-aaa-static-1.1.1.1-3] quit

[PE3-vsi-aaa-static] peer 2.2.2.2 pw-id 3 in-label 300 out-label 300

[PE3-vsi-aaa-static-2.2.2.2-3] quit

[PE3-vsi-aaa-static] quit

[PE3-vsi-aaa] quit

# Bind Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] service-instance 1

[PE3-Ten-GigabitEthernet3/0/1-srv1] encapsulation s-vid 5

[PE3-Ten-GigabitEthernet3/0/1-srv1] xconnect vsi aaa

[PE3-Ten-GigabitEthernet3/0/1-srv1] quit

[PE3-Ten-GigabitEthernet3/0/1] quit

# Enable IGMP snooping globally.

[PE3] igmp-snooping

[PE3-igmp-snooping] quit

# In VSI aaa, enable IGMP snooping, and enable dropping unknown multicast data.

[PE3] vsi aaa

[PE3-vsi-aaa] igmp-snooping enable

[PE3-vsi-aaa] igmp-snooping drop-unknown

[PE3-vsi-aaa] quit

Verifying the configuration

# Display detailed information about dynamic IGMP snooping group entries for VSI aaa on PE 1.

[PE1] display igmp-snooping group vsi aaa verbose

Total 1 entries.

VSI aaa: Total 1 entries.

(0.0.0.0, 225.0.0.1)

Attribute: global port

FSM information: normal

Host slots (0 in total):

Host ports (1 in total):

NPW (VSI index 0 Link ID 9) (00:02:24)

VLAN pairs (1 in total):

Out VLAN 100 In VLAN 0 (00:02:24)

# Display detailed information about dynamic router ports for VSI aaa on PE 1.

[PE1] display igmp-snooping router-port vsi aaa verbose

VSI aaa:

Router slots (0 in total):

Router ports (1 in total):

AC (VSI index 0 Link ID 0) (00:01:46)

VLAN pairs (1 in total):

Out VLAN 100 In VLAN 0 (00:01:46)

# Display detailed information about dynamic IGMP snooping group entries for VSI aaa on PE 2.

[PE2] display igmp-snooping group vsi aaa verbose

Total 1 entries.

VSI aaa: Total 1 entries.

(0.0.0.0, 225.0.0.1)

Attribute: global port

FSM information: normal

Host slots (0 in total):

Host ports (1 in total):

NPW (VSI index 0 Link ID 8) (00:02:07)

VLAN pairs (1 in total):

Out VLAN 100 In VLAN 0 (00:02:07)

# Display detailed information about dynamic router ports for VSI aaa on PE 2.

[PE2] display igmp-snooping router-port vsi aaa verbose

VSI aaa:

Router slots (0 in total):

Router ports (1 in total):

NPW (VSI index 0 Link ID 9) (00:01:26)

VLAN pairs (1 in total):

Out VLAN 100 In VLAN 0 (00:01:26)

# Display detailed information about dynamic IGMP snooping group entries for VSI aaa on PE 3.

[PE3] display igmp-snooping group vsi aaa verbose

Total 1 entries.

VSI aaa: Total 1 entries.

(0.0.0.0, 225.0.0.1)

Attribute: global port

FSM information: normal

Host slots (0 in total):

Host ports (1 in total):

AC (VSI index 0 Link ID 0) (00:02:04)

VLAN pairs (1 in total):

Out VLAN 100 In VLAN 0 (00:02:04)

# Display detailed information about dynamic router ports for VSI aaa on PE 3.

[PE3] display igmp-snooping router-port vsi aaa verbose

VSI aaa:

Router slots (0 in total):

Router ports (1 in total):

NPW (VSI index 0 Link ID 9) (00:01:24)

VLAN pairs (1 in total):

Out VLAN 100 In VLAN 0 (00:01:24)

Example: Configuring VXLAN-based IGMP snooping

Network configuration

As shown in Figure 175:

· VXLAN 10 provides Layer 2 connectivity for VM 1, VM 2, and VM 3 across the network sites.

· VXLAN 10 uses the unicast mode for flood traffic.

Configure IGMP snooping on the switches to implement Layer 2 multicast forwarding and reduce the burden of replicating known multicast traffic for VTEPs in VXLAN 10.

Figure 175 Network diagram

‌

Table 28 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	Vlan-int11	11.1.1.1/24	Device C	Vlan-int13	13.1.1.3/24
Device A	Loop0	1.1.1.1/32	Device C	Loop0	3.3.3.3/32
Device B	Vlan-int12	12.1.1.2/24	Device D	Vlan-int11	11.1.1.4/24
Device B	Loop0	2.2.2.2/32	Device D	Vlan-int12	12.1.1.4/24
			Device D	Vlan-int13	13.1.1.4/24

Procedure

1. Assign an IP address and subnet mask to each interface on the transport network, as shown in Table 28. (Details not shown.)

2. Configure OSPF on all the switches in the transport network. (Details not shown.)

3. Configure Device A:

# Enable L2VPN.

<DeviceA> system-view

[DeviceA] l2vpn enable

# Enable Layer 2 forwarding for VXLANs.

[DeviceA] undo vxlan ip-forwarding

# Create a VSI named vpna, and create VXLAN 10.

[DeviceA] vsi vpna

[DeviceA-vsi-vpna] vxlan 10

[DeviceA-vsi-vpna-vxlan-10] quit

[DeviceA-vsi-vpna] quit

# Enable IGMP snooping globally.

[DeviceA] igmp-snooping

[DeviceA-igmp-snooping] quit

# Enable IGMP snooping and dropping unknown multicast data packets for VSI vpna.

[DeviceA] vsi vpna

[DeviceA-vsi-vpna] igmp-snooping enable

[DeviceA-vsi-vpna] igmp-snooping drop-unknown

[DeviceA-vsi-vpna] quit

# Assign an IP address to Loopback 0. This IP address will be used as the source address of the VXLAN tunnels to Device B and Device C.

[DeviceA] interface loopback 0

[DeviceA-Loopback0] ip address 1.1.1.1 255.255.255.255

[DeviceA-Loopback0] quit

# Create a VXLAN tunnel to Device B.

¡ The tunnel interface name is Tunnel 1.

¡ The source address and destination address of the tunnel interface are 1.1.1.1 and 2.2.2.2, respectively.

[DeviceA] interface tunnel 1 mode vxlan

[DeviceA-Tunnel1] source 1.1.1.1

[DeviceA-Tunnel1] destination 2.2.2.2

[DeviceA-Tunnel1] quit

# Create a VXLAN tunnel to Device C.

¡ The tunnel interface name is Tunnel 2.

¡ The source address and destination address of the tunnel interface are 1.1.1.1 and 3.3.3.3, respectively.

[DeviceA] interface tunnel 2 mode vxlan

[DeviceA-Tunnel2] source 1.1.1.1

[DeviceA-Tunnel2] destination 3.3.3.3

[DeviceA-Tunnel2] quit

# Assign Tunnel 1 and Tunnel 2 to VXLAN 10.

[DeviceA] vsi vpna

[DeviceA-vsi-vpna] vxlan 10

[DeviceA-vsi-vpna-vxlan-10] tunnel 1

[DeviceA-vsi-vpna-vxlan-10] tunnel 2

[DeviceA-vsi-vpna-vxlan-10] quit

[DeviceA-vsi-vpna] quit

# On Ten-GigabitEthernet 3/0/1, create Ethernet service instance 1000 to match VLAN 2.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] service-instance 1000

[DeviceA-Ten-GigabitEthernet3/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[DeviceA-Ten-GigabitEthernet3/0/1-srv1000] xconnect vsi vpna

[DeviceA-Ten-GigabitEthernet3/0/1-srv1000] quit

[DeviceA-Ten-GigabitEthernet3/0/1] quit

4. Configure Device B:

# Enable L2VPN.

<DeviceB> system-view

[DeviceB] l2vpn enable

# Enable Layer 2 forwarding for VXLANs.

[DeviceB] undo vxlan ip-forwarding

# Create a VSI named vpna, and create VXLAN 10.

[DeviceB] vsi vpna

[DeviceB-vsi-vpna] vxlan 10

[DeviceB-vsi-vpna-vxlan-10] quit

[DeviceB-vsi-vpna] quit

# Enable IGMP snooping globally.

[DeviceB] igmp-snooping

[DeviceB -igmp-snooping] quit

# Enable IGMP snooping and dropping unknown multicast data packets for VSI vpna.

[DeviceB] vsi vpna

[DeviceB-vsi-vpna] igmp-snooping enable

[DeviceB-vsi-vpna] igmp-snooping drop-unknown

[DeviceB-vsi-vpna] quit

# Assign an IP address to Loopback 0. This IP address will be used as the source address of the VXLAN tunnels to Device A and Device C.

[DeviceB] interface loopback 0

[DeviceB-Loopback0] ip address 2.2.2.2 255.255.255.255

[DeviceB-Loopback0] quit

# Create a VXLAN tunnel to Device A.

¡ The tunnel interface name is Tunnel 2.

¡ The source address and destination address of the tunnel interface are 2.2.2.2 and 1.1.1.1, respectively.

[DeviceB] interface tunnel 2 mode vxlan

[DeviceB-Tunnel2] source 2.2.2.2

[DeviceB-Tunnel2] destination 1.1.1.1

[DeviceB-Tunnel2] quit

# Create a VXLAN tunnel to Device C.

¡ The tunnel interface name is Tunnel 3.

¡ The source address and destination address of the tunnel interface are 2.2.2.2 and 3.3.3.3, respectively.

[DeviceB] interface tunnel 3 mode vxlan

[DeviceB-Tunnel3] source 2.2.2.2

[DeviceB-Tunnel3] destination 3.3.3.3

[DeviceB-Tunnel3] quit

# Assign Tunnel 2 and Tunnel 3 to VXLAN 10.

[DeviceB] vsi vpna

[DeviceB-vsi-vpna] vxlan 10

[DeviceB-vsi-vpna-vxlan-10] tunnel 2

[DeviceB-vsi-vpna-vxlan-10] tunnel 3

[DeviceB-vsi-vpna-vxlan-10] quit

[DeviceB-vsi-vpna] quit

# On Ten-GigabitEthernet 3/0/1, create Ethernet service instance 1000 to match VLAN 2.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] service-instance 1000

[DeviceB-Ten-GigabitEthernet3/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[DeviceB-Ten-GigabitEthernet3/0/1-srv1000] xconnect vsi vpna

[DeviceB-Ten-GigabitEthernet3/0/1-srv1000] quit

[DeviceB-Ten-GigabitEthernet3/0/1] quit

5. Configure Device C:

# Enable L2VPN.

<DeviceC> system-view

[DeviceC] l2vpn enable

# Enable Layer 2 forwarding for VXLANs.

[DeviceC] undo vxlan ip-forwarding

# Create a VSI named vpna, and create VXLAN 10.

[DeviceC] vsi vpna

[DeviceC-vsi-vpna] vxlan 10

[DeviceC-vsi-vpna-vxlan-10] quit

[DeviceC-vsi-vpna] quit

# Enable IGMP snooping globally.

[DeviceB] igmp-snooping

[DeviceB -igmp-snooping] quit

# Enable IGMP snooping for VSI vpna.

[DeviceC] vsi vpna

[DeviceC-vsi-vpna] igmp-snooping enable

# Enable dropping unknown multicast data packets for VSI vpna.

[DeviceC-vsi-vpna] igmp-snooping drop-unknown

# Specify 3.3.3.3 as the source IP address of IGMP general queries in VSI vpna.

[DeviceC-vsi-vpna] igmp-snooping general-query source-ip 3.3.3.3

# Enable the IGMP snooping querier.

[DeviceC-vsi-vpna] igmp-snooping querier

[DeviceC-vsi-vpna] quit

# Assign an IP address to Loopback 0. This address will be used as the source address of the VXLAN tunnels to Device A and Device B.

[DeviceC] interface loopback 0

[DeviceC-Loopback0] ip address 3.3.3.3 255.255.255.255

[DeviceC-Loopback0] quit

# Create a VXLAN tunnel to Device A.

¡ The tunnel interface name is Tunnel 1.

¡ The source address and destination address of the tunnel interface are 3.3.3.3 and 1.1.1.1, respectively.

[DeviceC] interface tunnel 1 mode vxlan

[DeviceC-Tunnel1] source 3.3.3.3

[DeviceC-Tunnel1] destination 1.1.1.1

[DeviceC-Tunnel1] quit

# Create a VXLAN tunnel to Device B.

¡ The tunnel interface name is Tunnel 3.

¡ The source address and destination address of the tunnel interface are 3.3.3.3 and 2.2.2.2, respectively.

[DeviceC] interface tunnel 3 mode vxlan

[DeviceC-Tunnel3] source 3.3.3.3

[DeviceC-Tunnel3] destination 2.2.2.2

[DeviceC-Tunnel3] quit

# Assign Tunnel 1 and Tunnel 3 to VSI vpna.

[DeviceC] vsi vpna

[DeviceC-vsi-vpna] vxlan 10

[DeviceC-vsi-vpna-vxlan-10] tunnel 1

[DeviceC-vsi-vpna-vxlan-10] tunnel 3

[DeviceC-vsi-vpna-vxlan-10] quit

[DeviceC-vsi-vpna] quit

# On Ten-GigabitEthernet 3/0/1, create Ethernet service instance 1000 to match VLAN 2.

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] service-instance 1000

[DeviceC-Ten-GigabitEthernet3/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[DeviceC-Ten-GigabitEthernet3/0/1-srv1000] xconnect vsi vpna

[DeviceC-Ten-GigabitEthernet3/0/1-srv1000] quit

[DeviceC-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display brief information about dynamic router ports for VSI vpna on Device A.

[DeviceA] display igmp-snooping router-port vsi vpna

VSI vpna:

Router slots (0 in total):

Router ports (1 in total):

NPW (VXLAN ID 10 Link ID 0X5000001) (00:04:17)

# Display brief information about dynamic router ports for VSI vpna on Device B.

[DeviceB] display igmp-snooping router-port vsi vpna

VSI vpna:

Router slots (0 in total):

Router ports (1 in total):

NPW (VXLAN ID 10 Link ID 0X5000001) (00:04:07)

Troubleshooting IGMP snooping

Layer 2 multicast forwarding cannot function

Symptom

Layer 2 multicast forwarding cannot function on the Layer 2 device.

Solution

To resolve the issue:

1. Use the display igmp-snooping command to display IGMP snooping status.

2. If IGMP snooping is not enabled, use the igmp-snooping command in system view to enable IGMP snooping globally. Then, use the igmp-snooping enable command in VLAN view or VSI view to enable IGMP snooping for the VLAN or VSI.

3. If IGMP snooping is enabled globally but not enabled for the VLAN or VSI, use the igmp-snooping enable command in VLAN view or VSI view to enable IGMP snooping for the VLAN or VSI.

4. If the issue persists, contact H3C Support.

Multicast group policy does not work

Symptom

Hosts can receive multicast data for multicast groups that are not permitted by the multicast group policy.

Solution

To resolve the issue:

1. Use the display acl command to verify that the configured ACL meets the multicast group policy requirements.

2. Use the display this command in IGMP-snooping view or in a corresponding interface view to verify that the correct multicast group policy has been applied. If the applied policy is not correct, use the group-policy or igmp-snooping group-policy command to apply the correct multicast group policy.

3. Use the display igmp-snooping command to verify that dropping unknown multicast data is enabled. If it is not, use the drop-unknown or igmp-snooping drop-unknown command to enable dropping unknown multicast data.

4. If the issue persists, contact H3C Support.

PIM snooping configuration examples

Example: Configuring PIM snooping

Network configuration

As shown in Figure 176:

· OSPF runs on the network.

· Source 1 and Source 2 send multicast data to multicast groups 224.1.1.1 and 225.1.1.1, respectively.

· Receiver 1 and Receiver 2 belong to multicast groups 224.1.1.1 and 225.1.1.1, respectively.

· Router C and Router D run IGMP on Ten-GigabitEthernet 3/0/1. Router A, Router B, Router C, and Router D run PIM-SM.

· Ten-GigabitEthernet 3/0/2 on Router A acts as a C-BSR and a C-RP.

Configure IGMP snooping and PIM snooping on Device A. Then, Device A forwards PIM protocol packets and multicast data packets only to the routers that are connected to receivers.

Figure 176 Network diagram

‌

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Figure 176. (Details not shown.)

2. Configure OSPF on the routers. (Details not shown.)

3. Configure Router A:

# Enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[RouterA] pim

[RouterA-pim] c-bsr 10.1.1.1

[RouterA-pim] c-rp 10.1.1.1

[RouterA-pim] quit

4. Configure Router B:

# Enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable PIM-SM on each interface.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] pim sm

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

5. Configure Router C:

# Enable IP multicast routing.

<RouterC> system-view

[RouterC] multicast routing

[RouterC-mrib] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] igmp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-SM on Ten-GigabitEthernet 3/0/2.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] pim sm

[RouterC-Ten-GigabitEthernet3/0/2] quit

6. Configure Router D:

# Enable IP multicast routing.

<RouterD> system-view

[RouterD] multicast routing

[RouterD-mrib] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] igmp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-SM on Ten-GigabitEthernet 3/0/2.

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] pim sm

[RouterD-Ten-GigabitEthernet3/0/2] quit

7. Configure Device A:

# Enable IGMP snooping globally.

<DeviceA> system-view

[DeviceA] igmp-snooping

[DeviceA-igmp-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

# Enable IGMP snooping and PIM snooping for VLAN 100.

[DeviceA-vlan100] igmp-snooping enable

[DeviceA-vlan100] pim-snooping enable

[DeviceA-vlan100] quit

Verifying the configuration

# On Device A, display PIM snooping neighbor information for VLAN 100.

[DeviceA] display pim-snooping neighbor vlan 100

Total 4 neighbors.

VLAN 100: Total 4 neighbors.

10.1.1.1

Slots (0 in total):

Ports (1 in total):

XGE3/0/1 (00:32:43)

10.1.1.2

Slots (0 in total):

Ports (1 in total):

XGE3/0/2 (00:32:43)

10.1.1.3

Slots (0 in total):

Ports (1 in total):

XGE3/0/3 (00:32:43)

10.1.1.4

Slots (0 in total):

Ports (1 in total):

XGE3/0/4 (00:32:43)

The output shows that Router A, Router B, Router C, and Router D are PIM snooping neighbors.

# On Device A, display PIM snooping routing entries for VLAN 100.

[DeviceA] display pim-snooping routing-table vlan 100

Total 2 entries.

FSM Flag: NI-no info, J-join, PP-prune pending

VLAN 100: Total 2 entries.

(*, 224.1.1.1)

Upstream neighbor: 10.1.1.1

Upstream Slots (0 in total):

Upstream Ports (1 in total):

XGE3/0/1

Downstream Slots (0 in total):

Downstream Ports (1 in total):

XGE3/0/3

Expires: 00:03:01, FSM: J

(*, 225.1.1.1)

Upstream neighbor: 10.1.1.2

Upstream Slots (0 in total):

Upstream Ports (1 in total):

XGE3/0/2

Downstream Slots (0 in total):

Downstream Ports (1 in total):

XGE3/0/4

Expires: 00:03:11, FSM: J

The output shows the following information:

· Device A will forward the multicast data intended for multicast group 224.1.1.1 only to Router C.

· Device A will forward the multicast data intended for multicast group 225.1.1.1 only to Router D.

Multicast VLAN configuration examples

Example: Configuring sub-VLAN-based multicast VLAN

Network configuration

As shown in Figure 177:

· Layer 3 device Device A runs IGMPv2 and acts as the IGMP querier. Layer 2 device Device B runs IGMPv2 snooping.

· The multicast source sends multicast data to multicast group 224.1.1.1. Receivers Host A, Host B, and Host C belong to VLAN 2, VLAN 3, and VLAN 4, respectively.

Configure a sub-VLAN-based multicast VLAN on Device B to meet the following requirements:

· Device A sends the multicast data to Device B through the multicast VLAN.

· Device B forwards the multicast data to the receivers in different user VLANs.

Figure 177 Network diagram

‌

Procedure

1. Configure Device A:

# Enable IP multicast routing.

<DeviceA> system-view

[DeviceA] multicast routing

[DeviceA-mrib] quit

# Create VLAN 20, and assign Ten-GigabitEthernet 3/0/2 to the VLAN.

[DeviceA] vlan 20

[DeviceA-vlan20] port ten-gigabitethernet 3/0/2

[DeviceA-vlan20] quit

# Assign an IP address to VLAN-interface 20, and enable PIM-DM on the interface.

[DeviceA] interface vlan-interface 20

[DeviceA-Vlan-interface20] ip address 1.1.1.2 24

[DeviceA-Vlan-interface20] pim dm

[DeviceA-Vlan-interface20] quit

# Create VLAN 10.

[DeviceA] vlan 10

[DeviceA-vlan10] quit

# Configure Ten-GigabitEthernet 3/0/1 as a hybrid port, and assign the port to VLAN 10 as a tagged VLAN member.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-type hybrid

[DeviceA-Ten-GigabitEthernet3/0/1] port hybrid vlan 10 tagged

[DeviceA-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to VLAN-interface 10, and enable IGMP on the interface.

[DeviceA] interface vlan-interface 10

[DeviceA-Vlan-interface10] ip address 10.110.1.1 24

[DeviceA-Vlan-interface10] igmp enable

[DeviceA-Vlan-interface10] quit

2. Configure Device B:

# Enable IGMP snooping globally.

<DeviceB> system-view

[DeviceB] igmp-snooping

[DeviceB-igmp-snooping] quit

# Create VLAN 2, assign Ten-GigabitEthernet 3/0/2 to the VLAN, and enable IGMP snooping for the VLAN.

[DeviceB] vlan 2

[DeviceB-vlan2] port ten-gigabitethernet 3/0/2

[DeviceB-vlan2] igmp-snooping enable

[DeviceB-vlan2] quit

# Create VLAN 3, assign Ten-GigabitEthernet 3/0/3 to the VLAN, and enable IGMP snooping in the VLAN.

[DeviceB] vlan 3

[DeviceB-vlan3] port ten-gigabitethernet 3/0/3

[DeviceB-vlan3] igmp-snooping enable

[DeviceB-vlan3] quit

# Create VLAN 4, assign GigabitEthernet 1/0/4 to the VLAN, and enable IGMP snooping in the VLAN.

[DeviceB] vlan 4

[DeviceB-vlan4] port ten-gigabitethernet 3/0/4

[DeviceB-vlan4] igmp-snooping enable

[DeviceB-vlan4] quit

# Create VLAN 10, and enable IGMP snooping for the VLAN.

[DeviceB] vlan 10

[DeviceB-vlan10] igmp-snooping enable

[DeviceB-vlan10] quit

# Configure Ten-GigabitEthernet 3/0/1 as a hybrid port, and assign the port to VLAN 10 as a tagged VLAN member.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] port link-type hybrid

[DeviceB-Ten-GigabitEthernet3/0/1] port hybrid vlan 10 tagged

[DeviceB-Ten-GigabitEthernet3/0/1] quit

# Configure VLAN 10 as a multicast VLAN, and assign VLAN 2 through VLAN 4 as sub-VLANs to multicast VLAN 10.

[DeviceB] multicast-vlan 10

[DeviceB-mvlan-10] subvlan 2 to 4

[DeviceB-mvlan-10] quit

Verifying the configuration

# Display information about all multicast VLANs on Device B.

[DeviceB] display multicast-vlan

Total 1 multicast VLANs.

Multicast VLAN 10:

Sub-VLAN list(3 in total):

2-4

# Display information about multicast groups in multicast VLANs on Device B.

[DeviceB] display multicast-vlan group

Total 1 entries.

Multicast VLAN 10: Total 1 entries.

(0.0.0.0, 224.1.1.1)

Sub-VLANs (3 in total):

VLAN 2

VLAN 3

VLAN 4

The output shows that multicast group 224.1.1.1 belongs to multicast VLAN 10. Multicast VLAN 10 contains sub-VLANs VLAN 2 through VLAN 4. Device B will replicate the multicast data of VLAN 10 to VLAN 2 through VLAN 4.

Multicast routing and forwarding configuration examples

Example: Changing an RPF route

Network configuration

As shown in Figure 178:

· PIM-DM runs on the network.

· All routers on the network support multicast.

· Router A, Router B, and Router C run OSPF.

· Typically, the receiver host can receive the multicast data from the source through the path: Router A to Router B, which is the same as the unicast route.

Configure the routers so that the multicast data from the source travels to the receiver along the following path: Router A to Router C to Router B. This path is different from the unicast route.

Figure 178 Network diagram

‌

Procedure

1. Assign an IP address and subnet mask for each interface, as shown in Figure 178. (Details not shown.)

2. Configure OSPF on the routers in the PIM-DM domain. (Details not shown.)

3. Enable IP multicast routing, and enable IGMP and PIM-DM:

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable IGMP on the receiver-side interface Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] igmp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on the other interfaces.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] pim dm

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] pim dm

[RouterB-Ten-GigabitEthernet3/0/3] quit

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-DM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim dm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] pim dm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Enable IP multicast routing and PIM-DM on Router C in the same way Router A is configured. (Details not shown.)

4. Display RPF information for the source on Router B.

[RouterB] display multicast rpf-info 50.1.1.100

RPF information about source 50.1.1.100:

RPF interface: Ten-GigabitEthernet3/0/3, RPF neighbor: 30.1.1.2

Referenced route/mask: 50.1.1.0/24

Referenced route type: igp

Route selection rule: preference-preferred

Load splitting rule: disable

Source AS: 0

C-multicast route target: 0x0000000000000000

The output shows that the current RPF route on Router B is contributed by a unicast routing protocol and the RPF neighbor is Router A.

5. On Router B, configure a static multicast route to the source and specify Router C as the RPF neighbor.

[RouterB] ip rpf-route-static 50.1.1.0 24 20.1.1.2

Verifying the configuration

# Display RPF information for the source on Router B.

[RouterB] display multicast rpf-info 50.1.1.100

RPF information about source 50.1.1.100:

RPF interface: Ten-GigabitEthernet3/0/2, RPF neighbor: 20.1.1.2

Referenced route/mask: 50.1.1.0/24

Referenced route type: multicast static

Route selection rule: preference-preferred

Load splitting rule: disable

Source AS: 0

C-multicast route target: 0x0000000000000000

The output shows the following information:

· The RPF route on Router B is the configured static multicast route.

· The RPF neighbor of Router B is Router C.

Example: Creating an RPF route

Network configuration

As shown in Figure 179:

· PIM-DM runs on the network.

· All routers on the network support IP multicast.

· Router B and Router C run OSPF, and have no unicast routes to Router A.

· Typically, the receiver host receives the multicast data from the source 1 in the OSPF domain.

Configure the routers so that the receiver host can receive multicast data from Source 2, which is outside the OSPF domain.

Figure 179 Network diagram

‌

Procedure

1. Assign an IP address and subnet mask for each interface, as shown in Figure 179. (Details not shown.)

2. Configure OSPF on Router B and Router C. (Details not shown.)

3. Enable IP multicast routing, and enable IGMP and PIM-DM:

# On Router C, enable IP multicast routing.

<RouterC> system-view

[RouterC] multicast routing

[RouterC-mrib] quit

# Enable IGMP on the receiver-side interface Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] igmp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] pim dm

[RouterC-Ten-GigabitEthernet3/0/2] quit

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-DM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim dm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable IP multicast routing and PIM-DM on Router B in the same way Router A is configured. (Details not shown.)

4. Display RPF information for Source 2 on Router B and Router C.

[RouterB] display multicast rpf-info 50.1.1.100

[RouterC] display multicast rpf-info 50.1.1.100

No output is displayed because no RPF routes to Source 2 exist on Router B and Router C.

5. Configure a static multicast route:

# Configure a static multicast route on Router B and specify Router A as its RPF neighbor to Source 2.

[RouterB] ip rpf-route-static 50.1.1.0 24 30.1.1.2

# Configure a static multicast route on Router C and specify Router B as its RPF neighbor to Source 2.

[RouterC] ip rpf-route-static 50.1.1.0 24 20.1.1.2

Verifying the configuration

# Display RPF information for Source 2 on Router B.

[RouterB] display multicast rpf-info 50.1.1.100

RPF information about source 50.1.1.100:

RPF interface: Ten-GigabitEthernet3/0/3, RPF neighbor: 30.1.1.2

Referenced route/mask: 50.1.1.0/24

Referenced route type: multicast static

Route selection rule: preference-preferred

Load splitting rule: disable

Source AS: 0

C-multicast route target: 0x0000000000000000

# Display RPF information for Source 2 on Router C.

[RouterC] display multicast rpf-info 50.1.1.100

RPF information about source 50.1.1.100:

RPF interface: Ten-GigabitEthernet3/0/2, RPF neighbor: 20.1.1.2

Referenced route/mask: 50.1.1.0/24

Referenced route type: multicast static

Route selection rule: preference-preferred

Load splitting rule: disable

Source AS: 0

C-multicast route target: 0x0000000000000000

The output shows that the RPF routes to Source 2 exist on Router B and Router C. These RPF routes are the configured static multicast routes .

Example: Configuring multicast forwarding over a GRE tunnel

Network configuration

As shown in Figure 180:

· Multicast routing and PIM-DM are enabled on Router A and Router C. Router B does not support multicast.

· Router A, Router B, and Router C run OSPF. The source-side interface Ten-GigabitEthernet 3/0/1 on Router A does not run OSPF.

Configure a GRE tunnel so that the receiver host can receive the multicast data from the source.

Figure 180 Network diagram

‌

Procedure

1. Assign an IP address and mask for each interface, as shown in Figure 180. (Details not shown.)

2. Configure OSPF on all the routers. Do not enable OSPF on Ten-GigabitEthernet 3/0/1 on Router A. (Details not shown.)

3. Configure a GRE tunnel:

# Create a GRE tunnel interface Tunnel 2 on Router A, and specify the tunnel mode as GRE/IPv4.

<RouterA> system-view

[RouterA] interface tunnel 2 mode gre

# Assign an IP address to interface Tunnel 2, and specify its source and destination addresses.

[RouterA-Tunnel2] ip address 50.1.1.1 24

[RouterA-Tunnel2] source 20.1.1.1

[RouterA-Tunnel2] destination 30.1.1.2

[RouterA-Tunnel2] quit

# Create a GRE tunnel interface Tunnel 2 on Router C, and specify the tunnel mode as GRE/IPv4.

<RouterC> system-view

[RouterC] interface tunnel 2 mode gre

# Assign an IP address to interface Tunnel 2, and specify its source and destination addresses.

[RouterC-Tunnel2] ip address 50.1.1.2 24

[RouterC-Tunnel2] source 30.1.1.2

[RouterC-Tunnel2] destination 20.1.1.1

[RouterC-Tunnel2] quit

4. Enable IP multicast routing, PIM-DM, and IGMP:

# On Router A, enable IP multicast routing.

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-DM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim dm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface tunnel 2

[RouterA-Tunnel2] pim dm

[RouterA-Tunnel2] quit

# On Router C, enable IP multicast routing.

[RouterC] multicast routing

[RouterC-mrib] quit

# Enable IGMP on the receiver-side interface Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] igmp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on other interfaces.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] pim dm

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface tunnel 2

[RouterC-Tunnel2] pim dm

[RouterC-Tunnel2] quit

5. On Router C, configure a static multicast route to the source and specify Router A as the RPF neighbor.

[RouterC] ip rpf-route-static 10.1.1.0 24 50.1.1.1

Verifying the configuration

# Send an IGMP report from Receiver to join multicast group 225.1.1.1. (Details not shown.)

# Send multicast data from the source to multicast group 225.1.1.1. (Details not shown.)

# Display PIM routing entries on Router C.

[RouterC] display pim routing-table

Total 1 (*, G) entry; 1 (S, G) entry

(*, 225.1.1.1)

Protocol: pim-dm, Flag: WC

UpTime: 00:04:25

Upstream interface: NULL

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: igmp, UpTime: 00:04:25, Expires: -

(10.1.1.100, 225.1.1.1)

Protocol: pim-dm, Flag: ACT

UpTime: 00:06:14

Upstream interface: Tunnel2

Upstream neighbor: 50.1.1.1

RPF prime neighbor: 50.1.1.1

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: pim-dm, UpTime: 00:04:25, Expires: -

The output shows that Router A is the RPF neighbor of Router C and the multicast data from Router A is delivered over the GRE tunnel to Router C.

IGMP configuration examples

Example: Configuring basic IGMP features

Network configuration

As shown in Figure 181:

· OSPF and PIM-DM run on the network.

· VOD streams are sent to receiver hosts in multicast. Receiver hosts of different organizations form stub networks N1 and N2. Host A and Host C are receiver hosts in N1 and N2, respectively.

· IGMPv2 runs between Router A and N1, and between the other two routers and N2. Router A acts as the IGMP querier in N1. Router B acts as the IGMP querier in N2 because it has a lower IP address.

Configure the routers to meet the following requirements:

· The hosts in N1 can join only multicast group 224.1.1.1.

· The hosts in N2 can join any multicast groups.

Figure 181 Network diagram

‌

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Figure 181. (Details not shown.)

2. Configure OSPF on the routers in the PIM-DM domain. (Details not shown.)

3. Enable IP multicast routing, and enable IGMP and PIM-DM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] igmp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] pim dm

[RouterB-Ten-GigabitEthernet3/0/2] quit

# On Router C, enable IP multicast routing.

<RouterC> system-view

[RouterC] multicast routing

[RouterC-mrib] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] igmp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] pim dm

[RouterC-Ten-GigabitEthernet3/0/2] quit

4. Configure a multicast group policy on Router A so that the hosts connected to Ten-GigabitEthernet 3/0/1 can join only multicast group 224.1.1.1.

[RouterA] acl basic 2001

[RouterA-acl-ipv4-basic-2001] rule permit source 224.1.1.1 0

[RouterA-acl-ipv4-basic-2001] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp group-policy 2001

[RouterA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display IGMP information for Ten-GigabitEthernet 3/0/1 on Router B.

[RouterB] display igmp interface ten-gigabitethernet 3/0/1

Ten-GigabitEthernet3/0/1(10.110.2.1):

IGMP is enabled.

IGMP version: 2

Query interval for IGMP: 125s

Other querier present time for IGMP: 255s

Maximum query response time for IGMP: 10s

Querier for IGMP: 10.110.2.1 (This router)

IGMP groups reported in total: 1

Example: Configuring IGMP SSM mapping

Network configuration

As shown in Figure 182:

· OSPF runs on the network.

· The PIM-SM domain uses the SSM model for multicast delivery. The SSM group range is 232.1.1.0/24.

· IGMPv3 runs on Ten-GigabitEthernet 3/0/1 on Router D. The receiver host runs IGMPv2, and does not support IGMPv3. The receiver host cannot specify multicast sources in its membership reports.

· Source 1, Source 2, and Source 3 send multicast packets to multicast groups in the SSM group range 232.1.1.0/24.

Configure the IGMP SSM mapping feature on Router D so that the receiver host can receive multicast data only from Source 1 and Source 3.

Figure 182 Network diagram

‌

Table 29 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Source 1	—	133.133.1.1/24	Source 3	—	133.133.3.1/24
Source 2	—	133.133.2.1/24	Receiver	—	133.133.4.1/24
Router A	XGE3/0/1	133.133.1.2/24	Router C	XGE3/0/1	133.133.3.2/24
Router A	XGE3/0/2	192.168.1.1/24	Router C	XGE3/0/2	192.168.3.1/24
Router A	XGE3/0/3	192.168.4.2/24	Router C	XGE3/0/3	192.168.2.2/24
Router B	XGE3/0/1	133.133.2.2/24	Router D	XGE3/0/1	133.133.4.2/24
Router B	XGE3/0/2	192.168.1.2/24	Router D	XGE3/0/2	192.168.3.2/24
Router B	XGE3/0/3	192.168.2.1/24	Router D	XGE3/0/3	192.168.4.1/24

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Figure 182. (Details not shown.)

2. Configure OSPF on the routers in the PIM-SM domain. (Details not shown.)

3. Enable IP multicast routing, PIM-SM, and IGMP:

# On Router D, enable IP multicast routing.

<RouterD> system-view

[RouterD] multicast routing

[RouterD-mrib] quit

# Enable IGMPv3 on the receiver-side interface (Ten-GigabitEthernet 3/0/1).

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] igmp enable

[RouterD-Ten-GigabitEthernet3/0/1] igmp version 3

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-SM on the other interfaces.

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] pim sm

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface ten-gigabitethernet 3/0/3

[RouterD-Ten-GigabitEthernet3/0/3] pim sm

[RouterD-Ten-GigabitEthernet3/0/3] quit

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Configure Router B and Router C in the same way Router A is configured. (Details not shown.)

4. Configure the SSM group range:

# On Router D, specify 232.1.1.0/24 as the SSM group range.

[RouterD] acl basic 2000

[RouterD-acl-ipv4-basic-2000] rule permit source 232.1.1.0 0.0.0.255

[RouterD-acl-ipv4-basic-2000] quit

[RouterD] pim

[RouterD-pim] ssm-policy 2000

[RouterD-pim] quit

# Configure the SSM group range on Router A, Router B, and Router C in the same way Router D is configured. (Details not shown.)

5. Configure IGMP SSM mappings on Router D.

[RouterD] igmp

[RouterD-igmp] ssm-mapping 133.133.1.1 2000

[RouterD-igmp] ssm-mapping 133.133.3.1 2000

[RouterD-igmp] quit

Verifying the configuration

# On Router D, display IGMP SSM mappings for multicast group 232.1.1.1 on the public network.

[RouterD] display igmp ssm-mapping 232.1.1.1

Group: 232.1.1.1

Source list:

133.133.1.1

133.133.3.1

# Display information about IGMP multicast groups that hosts have dynamically joined on the public network.

[RouterD] display igmp group

IGMP groups in total: 1

Ten-GigabitEthernet3/0/1(133.133.4.2):

IGMP groups reported in total: 1

Group address Last reporter Uptime Expires

232.1.1.1 133.133.4.1 00:02:04 off

# Display PIM routing entries on the public network.

[RouterD] display pim routing-table

Total 0 (*, G) entry; 2 (S, G) entry

(133.133.1.1, 232.1.1.1)

Protocol: pim-ssm, Flag:

UpTime: 00:13:25

Upstream interface: Ten-GigabitEthernet3/0/3

Upstream neighbor: 192.168.4.2

RPF prime neighbor: 192.168.4.2

Downstream interface information:

Total number of downstream interfaces: 1

1: Ten-GigabitEthernet3/0/1

Protocol: igmp, UpTime: 00:13:25, Expires: -

(133.133.3.1, 232.1.1.1)

Protocol: pim-ssm, Flag:

UpTime: 00:13:25

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 192.168.3.1

RPF prime neighbor: 192.168.3.1

Downstream interface information:

Total number of downstream interfaces: 1

1: Ten-GigabitEthernet3/0/1

Protocol: igmp, UpTime: 00:13:25, Expires: -

Example: Configuring IGMP proxying

Network configuration

As shown in Figure 183:

· PIM-DM runs on the core network.

· Host A and Host C on the stub network receive VOD information sent to multicast group 224.1.1.1.

Configure the IGMP proxying feature on Router B so that Router B can maintain group memberships and forward multicast traffic without running PIM-DM.

Figure 183 Network diagram

‌

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Figure 183. (Details not shown.)

2. Enable IP multicast routing, PIM-DM, IGMP, and IGMP proxying:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable IGMP proxying on Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] igmp proxy enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable IGMP on Ten-GigabitEthernet 3/0/2.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] igmp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Display multicast group membership information maintained by the IGMP proxy on Router B.

[RouterB] display igmp proxy group

IGMP proxy group records in total: 1

Ten-GigabitEthernet3/0/1(192.168.1.2):

IGMP proxy group records in total: 1

Group address Member state Expires

224.1.1.1 Delay 00:00:02

Example: Configuring PPPoE-based multicast access control

Network configuration

As shown in Figure 184:

· OSPF runs in the PIM-SM domain.

· Source 1, Source 2, and Source 3 send multicast data to multicast groups 224.1.1.1, 225.1.1.1, and 226.1.1.1, respectively.

· Ten-GigabitEthernet 3/0/2 on Router A acts as a C-BSR and a C-RP, and it is designated to all multicast groups.

· Router A acts as the BRAS, and it connects the users in ISP 1 and ISP 2 to the PIM-SM network.

Configure the multicast access control feature on Router A to meet the following requirements:

· Host A and Host B in ISP 1 can join only multicast groups 224.1.1.1 and 225.1.1.1.

· Host C and Host D in ISP 2 can join only multicast groups 225.1.1.1 and 226.1.1.1.

Figure 184 Network diagram

‌

Table 30 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Source 1	—	10.100.1.1/24	Host A	—	192.168.1.2/24
Source 2	—	10.100.2.1/24	Host B	—	192.168.1.3/24
Source 3	—	10.100.3.1/24	Host C	—	192.168.2.2/24
RADIUS server	—	11.110.4.2/24	Host D	—	192.168.2.3/24
Router B	XGE3/0/1	11.110.1.2/24	Router A	XGE3/0/1	11.110.1.1/24
Router B	XGE3/0/2	10.100.1.2/24	Router A	XGE3/0/2	11.110.2.1/24
Router C	XGE3/0/1	11.110.2.2/24	Router A	XGE3/0/3	11.110.3.1/24
Router C	XGE3/0/2	10.100.2.2/24	Router A	XGE3/0/4	11.110.4.1/24
Router D	XGE3/0/1	11.110.3.2/24	Router A	XGE3/0/5.1	192.168.1.1/24
Router D	XGE3/0/2	10.100.3.2/24	Router A	XGE3/0/5.2	192.168.2.1/24

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Table 30. (Details not shown.)

2. Configure OSPF in the PIM-SM domain. (Details not shown.)

3. Enable IP multicast routing, and configure PIM-SM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable PIM-SM on each interface.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] pim sm

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C and Router D in the same way Router B is configured. (Details not shown.)

# On Router A, configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[RouterA] pim

[RouterA-pim] c-bsr 11.110.2.1

[RouterA-pim] c-rp 11.110.2.1

[RouterA-pim] quit

4. Configure the access service on the BRAS:

# Configure a RADIUS scheme.

[RouterA] radius scheme spec

[RouterA-radius-spec] primary authentication 11.110.4.2 key simple 123456

[RouterA-radius-spec] primary accounting 11.110.4.2 key simple 123456

[RouterA-radius-spec] user-name-format without-domain

[RouterA-radius-spec] nas-ip 11.110.4.1

[RouterA-radius-spec] quit

# Create an ISP domain named isp1 and specify the STB service for users in the ISP domain.

[RouterA] domain name isp1

[RouterA-isp-isp1] service-type stb

# Configure AAA methods for ISP domain isp1.

[RouterA-isp-isp1] authentication ppp radius-scheme spec

[RouterA-isp-isp1] authorization ppp radius-scheme spec

[RouterA-isp-isp1] accounting ppp radius-scheme spec

[RouterA-isp-isp1] quit

# Create an ISP domain named isp2, and specify the STB service for users in the ISP domain.

[RouterA] domain name isp2

[RouterA-isp-isp2] service-type stb

# Configure AAA methods for ISP domain isp2.

[RouterA-isp-isp2] authentication ppp radius-scheme spec

[RouterA-isp-isp2] authorization ppp radius-scheme spec

[RouterA-isp-isp2] accounting ppp radius-scheme spec

[RouterA-isp-isp2] quit

# Create interface Virtual-Template 1, and assign an IP address and subnet mask to the interface.

[RouterA] interface virtual-template 1

[RouterA-Virtual-Template1] ip address 2.1.1.1 255.255.255.0

# Configure interface Virtual-Template 1 to authenticate users in ISP domain isp1 by using PAP.

[RouterA-Virtual-Template1] ppp authentication-mode pap domain isp1

[RouterA-Virtual-Template1] quit

# Create interface Virtual-Template 2, and assign an IP address and subnet mask to the interface.

[RouterA] interface virtual-template 2

[RouterA-Virtual-Template2] ip address 2.1.2.1 255.255.255.0

# Configure interface Virtual-Template 2 to authenticate users in ISP domain isp2 by using PAP.

[RouterA-Virtual-Template2] ppp authentication-mode pap domain isp2

[RouterA-Virtual-Template2] quit

# Configure Ten-GigabitEthernet 3/0/5.1 to terminate VLAN-tagged packets whose outer VLAN ID is 1 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface ten-gigabitethernet 3/0/5.1

[RouterA-Ten-GigabitEthernet3/0/5.1] vlan-type dot1q vid 1 second-dot1q 1 to 100

# Bind Ten-GigabitEthernet 3/0/5.1 to interface Virtual-Template 1.

[RouterA-Ten-GigabitEthernet3/0/5.1] pppoe-server bind virtual-template 1

[RouterA-Ten-GigabitEthernet3/0/5.1] quit

# Configure Ten-GigabitEthernet 3/0/5.2 to terminate VLAN-tagged packets whose outer VLAN ID is 2 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface ten-gigabitethernet 3/0/5.2

[RouterA-Ten-GigabitEthernet3/0/5.2] vlan-type dot1q vid 2 second-dot1q 1 to 100

# Bind subinterface Ten-GigabitEthernet 3/0/5.2 to interface Virtual-Template 2.

[RouterA-Ten-GigabitEthernet3/0/5.2] pppoe-server bind virtual-template 2

[RouterA-Ten-GigabitEthernet3/0/5.2] quit

5. Configure multicast access control on the BRAS:

# Enable IGMP and multicast access control on Ten-GigabitEthernet 3/0/5.1.

[RouterA] interface ten-gigabitethernet 3/0/5.1

[RouterA-Ten-GigabitEthernet3/0/5.1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/5.1] igmp authorization-enable

[RouterA-Ten-GigabitEthernet3/0/5.1] quit

# Enable IGMP and multicast access control on Ten-GigabitEthernet3/0/5.2.

[RouterA] interface ten-gigabitethernet 3/0/5.2

[RouterA-Ten-GigabitEthernet3/0/5.2] igmp enable

[RouterA-Ten-GigabitEthernet3/0/5.2] igmp authorization-enable

[RouterA-Ten-GigabitEthernet3/0/5.2] quit

# Configure an access policy in user profile profile1 to authorize IGMP users to join multicast groups 224.1.1.1 and 225.1.1.1.

[RouterA] acl basic 2000

[RouterA-acl-ipv4-basic-2000] rule permit source 224.1.1.1 0

[RouterA-acl-ipv4-basic-2000] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2000] quit

[RouterA] user-profile profile1

[RouterA-user-profile-profile1] igmp access-policy 2000

[RouterA-user-profile-profile1] quit

# Specify user profile profile1 for users in ISP domain isp1.

[RouterA] domain name isp1

[RouterA-isp-isp1] authorization-attribute user-profile profile1

[RouterA-isp-isp1] quit

# Configure an access policy in user profile profile2 to authorize IGMP users to join multicast groups 225.1.1.1 and 226.1.1.1.

[RouterA] acl basic 2001

[RouterA-acl-ipv4-basic-2001] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2001] rule permit source 226.1.1.1 0

[RouterA-acl-ipv4-basic-2001] quit

[RouterA] user-profile profile2

[RouterA-user-profile-profile2] igmp access-policy 2001

[RouterA-user-profile-profile2] quit

# Specify user profile profile2 for users in ISP domain isp2.

[RouterA] domain name isp2

[RouterA-isp-isp2] authorization-attribute user-profile profile2

[RouterA-isp-isp2] quit

Verifying the configuration

# Display authorized IGMP user information on Router A after Host A and Host C log in.

[RouterA] display igmp user-info

Authorized users in total: 2

User name: user1@isp1

Access type: PPP

Interface: Multicast-UA0

Access interface: Ten-GigabitEthernet3/0/5.1

User ID: 0x20000004 (Session ID 0x1, VLAN ID 1, Second VLAN ID 2)

Maximum allowed groups: 4

User profile: profile1

Authorized group list:

User name: user1@isp2

Interface: Multicast-UA1

Access interface: Ten-GigabitEthernet3/0/5.2

User ID: 0x20000005 (Session ID 0x2, VLAN ID 2, Second VLAN ID 2)

Maximum allowed groups: 4

User profile: profile2

Authorized group list:

Example: Configuring IPoE-based multicast access control

Network configuration

As shown in Figure 185:

· OSPF runs in the PIM-SM domain.

· Source 1, Source 2, and Source 3 send multicast data to multicast groups 224.1.1.1, 225.1.1.1, and 226.1.1.1, respectively.

· Ten-GigabitEthernet 3/0/2 on Router A acts as a C-BSR and a C-RP, and it is designated to all multicast groups.

· Router A acts as the BRAS, and connects the users in ISP 1 and ISP 2 to the PIM-SM network.

Configure the multicast access control feature on Router A to meet the following requirements:

· Host A and Host B in ISP 1 can join only multicast groups 224.1.1.1 and 225.1.1.1.

· Host C and Host D in ISP 2 can join only multicast groups 225.1.1.1 and 226.1.1.1.

Figure 185 Network diagram

‌

Table 31 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Source 1	—	10.100.1.1/24	Host A	—	192.168.1.2/24
Source 2	—	10.100.2.1/24	Host B	—	192.168.1.3/24
Source 3	—	10.100.3.1/24	Host C	—	192.168.2.2/24
RADIUS server	—	11.110.4.2/24	Host D	—	192.168.2.3/24
Router B	XGE3/0/1	11.110.1.2/24	Router A	XGE3/0/1	11.110.1.1/24
Router B	XGE3/0/2	10.100.1.2/24	Router A	XGE3/0/2	11.110.2.1/24
Router C	XGE3/0/1	11.110.2.2/24	Router A	XGE3/0/3	11.110.3.1/24
Router C	XGE3/0/2	10.100.2.2/24	Router A	XGE3/0/4	11.110.4.1/24
Router D	XGE3/0/1	11.110.3.2/24	Router A	XGE3/0/5.1	192.168.1.1/24
Router D	XGE3/0/2	10.100.3.2/24	Router A	XGE3/0/5.2	192.168.2.1/24

Procedure

1. Assign an IP address and subnet mask to each interface, as shown in Table 31. (Details not shown.)

2. Configure OSPF in the PIM-SM domain. (Details not shown.)

3. Enable IP multicast routing, and configure PIM-SM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable PIM-SM on each interface.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] pim sm

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C and Router D in the same way Router B is configured. (Details not shown.)

# On Router A, configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[RouterA] pim

[RouterA-pim] c-bsr 11.110.2.1

[RouterA-pim] c-rp 11.110.2.1

[RouterA-pim] quit

4. Configure the access service on the BRAS:

# Configure a RADIUS scheme.

[RouterA] radius scheme spec

[RouterA-radius-spec] primary authentication 11.110.4.2 key simple 123456

[RouterA-radius-spec] primary accounting 11.110.4.2 key simple 123456

[RouterA-radius-spec] user-name-format without-domain

[RouterA-radius-spec] nas-ip 11.110.4.1

[RouterA-radius-spec] quit

# Create an ISP domain named isp1, and specify the STB service for users in the ISP domain.

[RouterA] domain name isp1

[RouterA-isp-isp1] service-type stb

# Configure AAA methods for ISP domain isp1.

[RouterA-isp-isp1] authentication ipoe radius-scheme spec

[RouterA-isp-isp1] authorization ipoe radius-scheme spec

[RouterA-isp-isp1] accounting ipoe radius-scheme spec

[RouterA-isp-isp1] quit

# Create an ISP domain named isp2, and specify the STB service for users in the ISP domain.

[RouterA] domain name isp2

[RouterA-isp-isp2] service-type stb

# Configure AAA methods for ISP domain isp2.

[RouterA-isp-isp2] authentication ipoe radius-scheme spec

[RouterA-isp-isp2] authorization ipoe radius-scheme spec

[RouterA-isp-isp2] accounting ipoe radius-scheme spec

[RouterA-isp-isp2] quit

# Enable DHCP on Router A.

[RouterA] dhcp enable

# Enable the DHCP server to return a DHCP-NAK message if the client notions of their IP addresses are incorrect.

[RouterA] dhcp server request-ip-address check

# Create an IP pool named 1.

[RouterA] ip pool 1 bas local

# Specify the subnet 192.168.2.1/24 in IP pool 1.

[RouterA-ip-pool-bas-local-1] network 192.168.2.1 mask 255.255.255.0

# Specify the domain name isp1 in IP pool 1.

[RouterA-ip-pool-bas-local-1] domain-name isp1

[RouterA-ip-pool-bas-local-1] quit

# Create an IP pool named 2.

[RouterA] ip pool 2 bas local

# Specify the subnet 192.168.3.1/24 in IP pool 2.

[RouterA-ip-pool-bas-local-2] network 192.168.3.1 mask 255.255.255.0

# Specify the domain name isp2 in IP pool 2.

[RouterA-ip-pool-bas-local-2] domain-name isp2

[RouterA-ip-pool-bas-local-2] quit

# Configure Ten-GigabitEthernet 3/0/5.1 to terminate VLAN-tagged packets whose outer VLAN ID is 1 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface ten-gigabitethernet 3/0/5.1

[RouterA-Ten-GigabitEthernet3/0/5.1] vlan-type dot1q vid 1 second-dot1q 1 to 100

# Configure the DHCP service on Ten-GigabitEthernet 3/0/5.1.

[RouterA-Ten-GigabitEthernet3/0/5.1] dhcp server apply ip-pool 1

[RouterA-Ten-GigabitEthernet3/0/5.1] ip subscriber routed enable

[RouterA-Ten-GigabitEthernet3/0/5.1] ip subscriber dhcp domain isp1

[RouterA-Ten-GigabitEthernet3/0/5.1] quit

# Configure Ten-GigabitEthernet 3/0/5.2 to terminate VLAN-tagged packets whose outer VLAN ID is 2 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface ten-gigabitethernet 3/0/5.2

[RouterA-Ten-GigabitEthernet3/0/5.2] vlan-type dot1q vid 2 second-dot1q 1 to 100

# Configure the DHCP service on Ten-GigabitEthernet 3/0/5.2.

[RouterA-Ten-GigabitEthernet3/0/5.2] dhcp server apply ip-pool 2

[RouterA-Ten-GigabitEthernet3/0/5.2] ip subscriber routed enable

[RouterA-Ten-GigabitEthernet3/0/5.2] ip subscriber dhcp domain isp2

[RouterA-Ten-GigabitEthernet3/0/5.2] quit

5. Configure multicast access control on the BRAS:

# Enable IGMP and multicast access control, and enable per-session multicast forwarding on Ten-GigabitEthernet 3/0/5.1.

[RouterA] interface ten-gigabitethernet 3/0/5.1

[RouterA-Ten-GigabitEthernet3/0/5.1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/5.1] igmp authorization-enable

[RouterA-Ten-GigabitEthernet3/0/5.1] igmp join-by-session

[RouterA-Ten-GigabitEthernet3/0/5.1] quit

# Configure Ten-GigabitEthernet 3/0/5.2 in the same way Ten-GigabitEthernet 3/0/5.1 is configured. (Details not shown.)

# Configure an access policy in user profile profile1 to authorize IGMP users to join multicast groups 224.1.1.1 and 225.1.1.1.

[RouterA] acl basic 2000

[RouterA-acl-ipv4-basic-2000] rule permit source 224.1.1.1 0

[RouterA-acl-ipv4-basic-2000] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2000] quit

[RouterA] user-profile profile1

[RouterA-user-profile-profile1] igmp access-policy 2000

[RouterA-user-profile-profile1] quit

# Specify user profile profile1 for users in ISP domain isp1.

[RouterA] domain name isp1

[RouterA-isp-isp1] authorization-attribute user-profile profile1

[RouterA-isp-isp1] quit

# Configure an access policy in user profile profile2 to authorize IGMP users to join multicast groups 225.1.1.1 and 226.1.1.1.

[RouterA] acl basic 2001

[RouterA-acl-ipv4-basic-2001] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2001] rule permit source 226.1.1.1 0

[RouterA-acl-ipv4-basic-2001] quit

[RouterA] user-profile profile2

[RouterA-user-profile-profile2] igmp access-policy 2001

[RouterA-user-profile-profile2] quit

# Specify user profile profile2 for users in ISP domain isp2.

[RouterA] domain name isp2

[RouterA-isp-isp2] authorization-attribute user-profile profile2

[RouterA-isp-isp2] quit

Verifying the configuration

# Display authorized IGMP user information on Router A after Host A and Host C log in.

[RouterA] display igmp user-info

Authorized users in total: 2

User name: user1@isp1

Access type: IPoE

Interface: Multicast-UA1

Access interface: Ten-GigabitEthernet3/0/5.1

User address: 192.168.1.2

User mac-address: 0010-9400-001b

User ID: 0x30000000 (VLAN ID 1, Second VLAN ID 100)

VLAN ID: 1

Second VLAN ID: 2

Maximum allowed groups: 4

User profile: profile1

Authorized group list:

User name: user1@isp2

Access type: IPoE

Interface: Multicast-UA2

Access interface: Ten-GigabitEthernet3/0/5.2

User address: 192.168.2.2

User mac-address: 0010-9400-002b

User ID: 0x30000000 (VLAN ID 2, Second VLAN ID 100)

VLAN ID: 2

Second VLAN ID: 2

Maximum allowed groups: 4

User profile: profile2

Authorized pgroup rograms list:

PIM configuration examples

Example: Configuring PIM-DM

Network configuration

As shown in Figure 186:

· VOD streams are sent to receiver hosts in multicast. The receiver groups of different organizations form stub networks, and one or more receiver hosts exist on each stub network.

· The entire PIM domain operates in the dense mode.

· Host A and Host C are multicast receivers on two stub networks N1 and N2.

· IGMPv2 runs between Router A and N1, and between Router B, Router C, and N2.

Figure 186 Network diagram

‌

Table 32 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	10.110.1.1/24	Router C	XGE3/0/2	192.168.3.1/24
Router A	XGE3/0/2	192.168.1.1/24	Router D	XGE3/0/1	10.110.5.1/24
Router B	XGE3/0/1	10.110.2.1/24	Router D	XGE3/0/2	192.168.1.2/24
Router B	XGE3/0/2	192.168.2.1/24	Router D	XGE3/0/3	192.168.2.2/24
Router C	XGE3/0/1	10.110.2.2/24	Router D	XGE3/0/4	192.168.3.2/24

Prerequisites

Assign an IP address and subnet mask to each interface, and make sure the routers in the PIM-DM domain can reach other.

Procedure

1. Enable IP multicast routing, IGMP, and PIM-DM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP on the receiver-side interface (Ten-GigabitEthernet 3/0/1).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable IP multicast routing, IGMP, and PIM-DM on Router B and Router C in the same way Router A is configured. (Details not shown.)

# On Router D, enable IP multicast routing, and enable PIM-DM on each interface.

<RouterD> system-view

[RouterD] multicast routing

[RouterD-mrib] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] pim dm

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] pim dm

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface ten-gigabitethernet 3/0/3

[RouterD-Ten-GigabitEthernet3/0/3] pim dm

[RouterD-Ten-GigabitEthernet3/0/3] quit

[RouterD] interface ten-gigabitethernet 3/0/4

[RouterD-Ten-GigabitEthernet3/0/4] pim dm

[RouterD-Ten-GigabitEthernet3/0/4] quit

Verifying the configuration

# Display PIM information on Router D.

[RouterD] display pim interface

Interface: XGE3/0/1

NbrCnt: 0

HelloInt: 30

DR priority: 1

DR address: 10.110.5.1 (local)

Interface: XGE3/0/2

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: 192.168.1.2 (local)

Interface: XGE3/0/3

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: 192.168.2.2 (local)

Interface: XGE3/0/4

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: 192.168.3.2 (local)

# Display the PIM neighboring relationships on Router D.

[RouterD] display pim neighbor

Total Number of Neighbors = 3

Neighbor Interface Uptime Expires Dr-Priority Mode

192.168.1.1 XGE1/0/2 00:02:22 00:01:27 1

192.168.2.1 XGE1/0/3 00:00:22 00:01:29 3

192.168.3.1 XGE1/0/4 00:00:23 00:01:31 5

# Send an IGMP report from Host A to join multicast group 225.1.1.1. (Details not shown.)

# Send multicast data from multicast source 10.110.5.100/24 to multicast group 225.1.1.1. (Details not shown.)

# Display the PIM routing table on Router A.

[RouterA] display pim routing-table

Total 1 (*, G) entry; 1 (S, G) entry

(*, 225.1.1.1)

Protocol: pim-dm, Flag: WC

UpTime: 00:04:25

Upstream interface: NULL

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: igmp, UpTime: 00:04:25, Expires: -

(10.110.5.100, 225.1.1.1)

Protocol: pim-dm, Flag: ACT

UpTime: 00:06:14

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 192.168.1.2

RPF prime neighbor: 192.168.1.2

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: pim-dm, UpTime: 00:04:25, Expires: -

# Display the PIM routing table on Router D.

[RouterD] display pim routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.5.100, 225.1.1.1)

Protocol: pim-dm, Flag: LOC ACT

UpTime: 00:03:27

Upstream interface: Ten-GigabitEthernet3/0/1

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 2

1: Ten-GigabitEthernet3/0/2

Protocol: pim-dm, UpTime: 00:03:27, Expires: -

2: Ten-GigabitEthernet3/0/4

Protocol: pim-dm, UpTime: 00:03:27, Expires: -

The output shows the following information:

· Routers on the SPT path (Router A and Router D) have the correct (S, G) entries.

· Router A has the correct (*, G) entry.

Example: Configuring non-scoped PIM-SM

Network configuration

As shown in Figure 187:

· VOD streams are sent to receiver hosts in multicast. The receivers of different subnets form stub networks, and a minimum of one receiver host exist on each stub network.

· The entire PIM-SM domain contains only one BSR.

· Host A and Host C are multicast receivers in the stub networks N1 and N2.

· Specify Ten-GigabitEthernet 3/0/3 on Router E as a C-BSR and a C-RP. The C-RP is designated to multicast group range 225.1.1.0/24. Specify Ten-GigabitEthernet 3/0/2 of Router D as the static RP on all the routers to back up the dynamic RP.

· IGMPv2 runs between Router A and N1, and between Router B, Router C, and N2.

Figure 187 Network diagram

‌

Table 33 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	10.110.1.1/24	Router D	XGE3/0/1	10.110.5.1/24
Router A	XGE3/0/2	192.168.1.1/24	Router D	XGE3/0/2	192.168.1.2/24
Router A	XGE3/0/3	192.168.9.1/24	Router D	XGE3/0/3	192.168.4.2/24
Router B	XGE3/0/1	10.110.2.1/24	Router E	XGE3/0/1	192.168.3.2/24
Router B	XGE3/0/2	192.168.2.1/24	Router E	XGE3/0/2	192.168.2.2/24
Router C	XGE3/0/1	10.110.2.2/24	Router E	XGE3/0/3	192.168.9.2/24
Router C	XGE3/0/2	192.168.3.1/24	Router E	XGE3/0/4	192.168.4.1/24

Prerequisites

Assign an IP address and subnet mask to each interface, and make sure the routers in the PIM-DM domain can reach other.

Procedure

1. Enable IP multicast routing, IGMP and PIM-SM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP on the receiver-side interface (Ten-GigabitEthernet 3/0/1).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-SM on the other interfaces.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Enable IP multicast routing, IGMP and PIM-SM on Router B and Router C in the same way Router A is configured. (Details not shown.)

# Enable IP multicast routing and PIM-SM on Router D and Router E in the same way Router A is configured. (Details not shown.)

2. Configure C-BSRs, C-RPs, and the static RP:

# On Router E, configure the service scope of RP advertisements.

<RouterE> system-view

[RouterE] acl basic 2005

[RouterE-acl-ipv4-basic-2005] rule permit source 225.1.1.0 0.0.0.255

[RouterE-acl-ipv4-basic-2005] quit

# Configure Ten-GigabitEthernet 3/0/3 as a C-BSR and a C-RP, and configure Ten-GigabitEthernet 3/0/2 of Router D as the static RP.

[RouterE] pim

[RouterE-pim] c-bsr 192.168.9.2

[RouterE-pim] c-rp 192.168.9.2 group-policy 2005

[RouterE-pim] static-rp 192.168.1.2

[RouterE-pim] quit

# On Router A, configure Ten-GigabitEthernet 3/0/2 of Router D as the static RP.

[RouterA] pim

[RouterA-pim] static-rp 192.168.1.2

[RouterA-pim] quit

# Configure the static RP on Router B, Router C, and Router D in the same way Router A is configured. (Details not shown.)

Verifying the configuration

# Display PIM information on Router A.

[RouterA] display pim interface

Interface: XGE3/0/2

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: 192.168.1.2

Interface: XGE3/0/3

NbrCnt: 0

HelloInt: 30

DR priority: 1

DR address: 192.168.9.2

# Display BSR information on Router A.

[RouterA] display pim bsr-info

Scope: non-scoped

State: Accept Preferred

Bootstrap timer: 00:01:44

Elected BSR address: 192.168.9.2

Priority: 64

Hash mask length: 30

Uptime: 00:11:18

# Display BSR information on Router E.

[RouterE] display pim bsr-info

Scope: non-scoped

State: Elected

Bootstrap timer: 00:01:44

Elected BSR address: 192.168.9.2

Priority: 64

Hash mask length: 30

Uptime: 00:11:18

Candidate BSR address: 192.168.9.2

Priority: 64

Hash mask length: 30

# Display RP information on Router A.

[RouterA] display pim rp-info

BSR RP information:

Scope: non-scoped

Group/MaskLen: 225.1.1.0/24

RP address Priority HoldTime Uptime Expires

192.168.9.2 192 180 00:51:45 00:02:22

Static RP information:

RP address: 192.168.1.2

ACL: ----

Mode: pim-sm

Preferred: No

Priority: 192

Example: Configuring admin-scoped PIM-SM

Network configuration

As shown in Figure 188:

· VOD streams are sent to receiver hosts in multicast. The entire PIM-SM domain is divided into admin-scoped zone 1, admin-scoped zone 2, and the global-scoped zone. Router B, Router C, and Router D are ZBRs of the three zones, respectively.

· Source 1 and Source 2 send different multicast data to multicast group 239.1.1.1. Host A receives the multicast data only from Source 1, and Host B receives the multicast data only from Source 2. Source 3 sends multicast data to multicast group 224.1.1.1. Host C is a multicast receiver for multicast group 224.1.1.1.

· Ten-GigabitEthernet 3/0/2 of Router B acts as a C-BSR and a C-RP for admin-scoped zone 1, and Ten-GigabitEthernet 3/0/1 of Router D acts as a C-BSR and a C-RP for admin-scoped zone 2. Both of the two interfaces are designated to the multicast group range 239.0.0.0/8. Ten-GigabitEthernet 3/0/1 of Router F acts as a C-BSR and a C-RP for the global-scoped zone, and is designated to all the multicast groups that are not in the range 239.0.0.0/8.

· IGMPv2 runs between Router A, Router E, Router I, and the receivers that directly connect to them, respectively.

Figure 188 Network diagram

‌

Table 34 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	192.168.1.1/24	Router D	XGE3/0/1	10.110.5.2/24
Router A	XGE3/0/2	10.110.1.1/24	Router D	XGE3/0/2	10.110.7.1/24
Router B	XGE3/0/1	192.168.2.1/24	Router D	XGE3/0/3	10.110.8.1/24
Router B	XGE3/0/2	10.110.1.2/24	Router E	XGE3/0/1	192.168.4.1/24
Router B	XGE3/0/3	10.110.2.1/24	Router E	XGE3/0/2	10.110.4.2/24
Router B	XGE3/0/4	10.110.3.1/24	Router E	XGE3/0/3	10.110.7.2/24
Router C	XGE3/0/1	192.168.3.1/24	Router F	XGE3/0/1	10.110.9.1/24
Router C	XGE3/0/2	10.110.4.1/24	Router F	XGE3/0/2	10.110.8.2/24
Router C	XGE3/0/3	10.110.5.1/24	Router F	XGE3/0/3	10.110.3.2/24
Router C	XGE3/0/4	10.110.2.2/24	Router G	XGE3/0/1	192.168.5.1/24
Router C	XGE3/0/5	10.110.6.1/24	Router G	XGE3/0/2	10.110.9.2/24
Router H	XGE3/0/1	10.110.5.2/24	Source 1	—	192.168.2.10/24
Router H	XGE3/0/2	10.110.7.1/24	Source 2	—	192.168.3.10/24
Router I	XGE3/0/1	192.168.6.1/24	Source 3	—	192.168.5.10/24
Router I	XGE3/0/2	10.110.10.2/24

Prerequisites

Assign an IP address and subnet mask to each interface, and make sure the routers in the PIM-DM domain can reach other.

Procedure

1. Enable IP multicast routing, IGMP, and PIM-SM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP on the receiver-side interface (Ten-GigabitEthernet 3/0/1).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-SM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable IP multicast routing, IGMP and PIM-SM on Router E and Router I in the same way Router A is configured. (Details not shown.)

# On Router B, enable IP multicast routing, and enable PIM-SM on each interface.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] pim sm

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] pim sm

[RouterB-Ten-GigabitEthernet3/0/3] quit

[RouterB] interface ten-gigabitethernet 3/0/4

[RouterB-Ten-GigabitEthernet3/0/4] pim sm

[RouterB-Ten-GigabitEthernet3/0/4] quit

# Enable IP multicast routing and PIM-SM on Router C, Router D, Router F, Router G, and Router H in the same way Router B is configured. (Details not shown.)

2. Configure admin-scoped zone boundaries:

# On Router B, configure Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/4 as the boundaries of admin-scoped zone 1.

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] multicast boundary 239.0.0.0 8

[RouterB-Ten-GigabitEthernet3/0/3] quit

[RouterB] interface ten-gigabitethernet 3/0/4

[RouterB-Ten-GigabitEthernet3/0/4] multicast boundary 239.0.0.0 8

[RouterB-Ten-GigabitEthernet3/0/4] quit

# On Router C, configure Ten-GigabitEthernet 3/0/4 and Ten-GigabitEthernet 3/0/5 as the boundaries of admin-scoped zone 2.

<RouterC> system-view

[RouterC] interface ten-gigabitethernet 3/0/4

[RouterC-Ten-GigabitEthernet3/0/4] multicast boundary 239.0.0.0 8

[RouterC-Ten-GigabitEthernet3/0/4] quit

[RouterC] interface ten-gigabitethernet 3/0/5

[RouterC-Ten-GigabitEthernet3/0/5] multicast boundary 239.0.0.0 8

[RouterC-Ten-GigabitEthernet3/0/5] quit

# On Router D, configure Ten-GigabitEthernet 3/0/3 as the boundary of admin-scoped zone 2.

<RouterD> system-view

[RouterD] interface ten-gigabitethernet 3/0/3

[RouterD-Ten-GigabitEthernet3/0/3] multicast boundary 239.0.0.0 8

[RouterD-Ten-GigabitEthernet3/0/3] quit

3. Configure C-BSRs and C-RPs:

# On Router B, configure the service scope of RP advertisements.

[RouterB] acl basic 2001

[RouterB-acl-ipv4-basic-2001] rule permit source 239.0.0.0 0.255.255.255

[RouterB-acl-ipv4-basic-2001] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP for admin-scoped zone 1.

[RouterB] pim

[RouterB-pim] c-bsr 10.110.1.2 scope 239.0.0.0 8

[RouterB-pim] c-rp 10.110.1.2 group-policy 2001

[RouterB-pim] quit

# On Router D, configure the service scope of RP advertisements.

[RouterD] acl basic 2001

[RouterD-acl-ipv4-basic-2001] rule permit source 239.0.0.0 0.255.255.255

[RouterD-acl-ipv4-basic-2001] quit

# Configure Ten-GigabitEthernet 3/0/1 as a C-BSR and a C-RP for admin-scoped zone 2.

[RouterD] pim

[RouterD-pim] c-bsr 10.110.5.2 scope 239.0.0.0 8

[RouterD-pim] c-rp 10.110.5.2 group-policy 2001

[RouterD-pim] quit

# On Router F, configure Ten-GigabitEthernet 3/0/1 as a C-BSR and a C-RP for the global-scoped zone.

<RouterF> system-view

[RouterF] pim

[RouterF-pim] c-bsr 10.110.9.1

[RouterF-pim] c-rp 10.110.9.1

[RouterF-pim] quit

Verifying the configuration

# Display BSR information on Router B.

[RouterB] display pim bsr-info

Scope: non-scoped

State: Accept Preferred

Bootstrap timer: 00:01:44

Elected BSR address: 10.110.9.1

Priority: 64

Hash mask length: 30

Uptime: 00:01:45

Scope: 239.0.0.0/8

State: Elected

Bootstrap timer: 00:00:06

Elected BSR address: 10.110.1.2

Priority: 64

Hash mask length: 30

Uptime: 00:04:54

Candidate BSR address: 10.110.1.2

Priority: 64

Hash mask length: 30

# Display BSR information on Router D.

[RouterD] display pim bsr-info

Scope: non-scoped

State: Accept Preferred

Bootstrap timer: 00:01:44

Elected BSR address: 10.110.9.1

Priority: 64

Hash mask length: 30

Uptime: 00:01:45

Scope: 239.0.0.0/8

State: Elected

Bootstrap timer: 00:01:12

Elected BSR address: 10.110.5.2

Priority: 64

Hash mask length: 30

Uptime: 00:03:48

Candidate BSR address: 10.110.5.2

Priority: 64

Hash mask length: 30

# Display BSR information on Router F.

[RouterF] display pim bsr-info

Scope: non-scoped

State: Elected

Bootstrap timer: 00:00:49

Elected BSR address: 10.110.9.1

Priority: 64

Hash mask length: 30

Uptime: 00:11:11

Candidate BSR address: 10.110.9.1

Priority: 64

Hash mask length: 30

# Display RP information on Router B.

[RouterB] display pim rp-info

BSR RP information:

Scope: non-scoped

Group/MaskLen: 224.0.0.0/4

RP address Priority HoldTime Uptime Expires

10.110.9.1 192 180 00:03:39 00:01:51

Scope: 239.0.0.0/8

Group/MaskLen: 239.0.0.0/8

RP address Priority HoldTime Uptime Expires

10.110.1.2 (local) 192 180 00:07:44 00:01:51

# Display RP information on Router D.

[RouterD] display pim rp-info

BSR RP information:

Scope: non-scoped

Group/MaskLen: 224.0.0.0/4

RP address Priority HoldTime Uptime Expires

10.110.9.1 192 180 00:03:42 00:01:48

Scope: 239.0.0.0/8

Group/MaskLen: 239.0.0.0/8

RP address Priority HoldTime Uptime Expires

10.110.5.2 (local) 192 180 00:06:54 00:02:41

# Display RP information on Router F.

[RouterF] display pim rp-info

BSR RP information:

Scope: non-scoped

Group/MaskLen: 224.0.0.0/4

RP address Priority HoldTime Uptime Expires

10.110.9.1 (local) 192 180 00:00:32 00:01:58

Example: Configuring PIM-SSM

Network configuration

As shown in Figure 189:

· The receivers receive VOD information through multicast. The receiver groups of different organizations form stub networks, and one or more receiver hosts exist in each stub network. The entire PIM domain operates in the SSM mode.

· Host A and Host C are multicast receivers on two stub networks.

· The SSM group range is 232.1.1.0/24.

· IGMPv3 runs between Router A and N1, and between Router B, Router C, and N2.

Figure 189 Network diagram

‌

Table 35 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	10.110.1.1/24	Router D	XGE3/0/1	10.110.5.1/24
Router A	XGE3/0/2	192.168.1.1/24	Router D	XGE3/0/2	192.168.1.2/24
Router A	XGE3/0/3	192.168.9.1/24	Router D	XGE3/0/3	192.168.4.2/24
Router B	XGE3/0/1	10.110.2.1/24	Router E	XGE3/0/1	192.168.3.2/24
Router B	XGE3/0/2	192.168.2.1/24	Router E	XGE3/0/2	192.168.2.2/24
Router C	XGE3/0/1	10.110.2.2/24	Router E	XGE3/0/3	192.168.9.2/24
Router C	XGE3/0/2	192.168.3.1/24	Router E	XGE3/0/4	192.168.4.1/24

Prerequisites

Assign an IP address and subnet mask to each interface, and make sure the routers in the PIM-DM domain can reach other.

Procedure

1. Enable IP multicast routing, IGMP and PIM-SM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMPv3 on Ten-GigabitEthernet 3/0/1 (the interface that connects to the stub network).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] igmp version 3

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-SM on the other interfaces.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Enable IP multicast routing, IGMP, and PIM-SM on Router B and Router C in the same way Router A is configured. (Details not shown.)

# Enable IP multicast routing and PIM-SM on Router D and Router E in the same way Router A is configured. (Details not shown.)

2. Configure the SSM group range:

# On Router A, specify 232.1.1.0/24 as the SSM group range.

[RouterA] acl basic 2000

[RouterA-acl-ipv4-basic-2000] rule permit source 232.1.1.0 0.0.0.255

[RouterA-acl-ipv4-basic-2000] quit

[RouterA] pim

[RouterA-pim] ssm-policy 2000

[RouterA-pim] quit

# Configure the SSM group range on Router B, Router C, Router D, and Router E in the same way Router A is configured (Details not shown.)

Verifying the configuration

# Display PIM information on Router A.

[RouterA] display pim interface

Interface: XGE3/0/2

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: 192.168.1.2

Interface: XGE3/0/3

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: 192.168.9.2

# Send an IGMPv3 report from Host A to join multicast source and group (10.110.5.100/24, 232.1.1.1). (Details not shown.)

# Display the PIM routing table on Router A.

[RouterA] display pim routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.5.100, 232.1.1.1)

Protocol: pim-ssm, Flag: ACT

UpTime: 00:13:25

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 192.168.1.2

RPF prime neighbor: 192.168.1.2

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: igmp, UpTime: 00:13:25, Expires: 00:03:25

# Display PIM routing entries on Router D.

[RouterD] display pim routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.5.100, 232.1.1.1)

Protocol: pim-ssm, Flag: LOC

UpTime: 00:12:05

Upstream interface: Ten-GigabitEthernet3/0/1

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/2

Protocol: pim-ssm, UpTime: 00:12:05, Expires: 00:03:25

The output shows that routers on the SPT path (Router A and Router D) have generated the correct (S, G) entries.

MSDP configuration examples

Example: Configuring PIM-SM inter-domain multicast

Network configuration

As shown in Figure 190:

· OSPF runs within AS 100 and AS 200. BGP runs between the two ASs.

· Each PIM-SM domain has a minimum of one multicast source or receiver.

Set up MSDP peering relationships between the RPs in the PIM-SM domains to share multicast source information among the PIM-SM domains.

Figure 190 Network diagram

‌

Table 36 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	XGE3/0/1	10.110.1.2/24	Router D	XGE3/0/1	10.110.4.2/24
Router A	XGE3/0/2	10.110.2.1/24	Router D	XGE3/0/2	10.110.5.1/24
Router A	XGE3/0/3	10.110.3.1/24	Router E	XGE3/0/1	10.110.6.1/24
Router B	XGE3/0/1	10.110.1.1/24	Router E	XGE3/0/2	192.168.3.2/24
Router B	XGE3/0/2	192.168.1.1/24	Router E	Loop0	3.3.3.3/32
Router B	Loop0	1.1.1.1/32	Router F	XGE3/0/1	10.110.6.2/24
Router C	XGE3/0/1	10.110.4.1/24	Router F	XGE3/0/2	10.110.7.1/24
Router C	XGE3/0/2	192.168.3.1/24	Source 1	—	10.110.2.100/24
Router C	XGE3/0/3	192.168.1.2/24	Source 2	—	10.110.5.100/24
Router C	Loop0	2.2.2.2/32

Procedure

1. Assign an IP address and subnet mask to each interface according to Figure 190. (Details not shown.)

2. Configure OSPF on the routers in the ASs. (Details not shown.)

3. Enable IP multicast routing, enable PIM-SM and IGMP, and configure a PIM-SM domain border:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable IGMP on the receiver-side interface (Ten-GigabitEthernet 3/0/3).

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] igmp enable

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Enable IP multicast routing, PIM-SM, and IGMP on Router B, Router C, Router D, Router E, and Router F in the same way Router A is configured. (Details not shown.)

# Configure a PIM domain border on Router B.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure a PIM domain border separately on Router C and Router E in the same way Router B is configured. (Details not shown.)

4. Configure C-BSRs and C-RPs:

# Configure Loopback 0 on Router B as a C-BSR and a C-RP.

[RouterB] pim

[RouterB-pim] c-bsr 1.1.1.1

[RouterB-pim] c-rp 1.1.1.1

[RouterB-pim] quit

# Configure C-BSRs and C-RPs on Router C and Router E in the same way Router B is configured. (Details not shown.)

5. Configure BGP for mutual route redistribution between BGP and OSPF:

# On Router B, configure an EBGP peer and redistribute OSPF routes.

[RouterB] bgp 100

[RouterB-bgp-default] router-id 1.1.1.1

[RouterB-bgp-default] peer 192.168.1.2 as-number 200

[RouterB-bgp-default] address-family ipv4

[RouterB-bgp-default-ipv4] import-route ospf 1

[RouterB-bgp-default-ipv4] peer 192.168.1.2 enable

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default-default] address-family ipv4 multicast

[RouterB-bgp-default-default-mul-ipv4] peer 192.168.1.2 enable

[RouterB-bgp-default-default-mul-ipv4] quit

[RouterB-bgp-default-default] quit

# On Router C, configure an EBGP peer and redistribute OSPF routes.

[RouterC] bgp 200

[RouterC-bgp-default] router-id 2.2.2.2

[RouterC-bgp-default] peer 192.168.1.1 as-number 100

[RouterC-bgp-default] address-family ipv4

[RouterC-bgp-default-ipv4] import-route ospf 1

[RouterC-bgp-default-ipv4] peer 192.168.1.1 enable

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default-default] address-family ipv4 multicast

[RouterC-bgp-default-default-mul-ipv4] peer 192.168.1.1 enable

[RouterC-bgp-default-default-mul-ipv4] quit

[RouterC-bgp-default-default] quit

# Redistribute BGP routing information into OSPF on Router B.

[RouterB] ospf 1

[RouterB-ospf-1] import-route bgp

[RouterB-ospf-1] quit

# Redistribute BGP routing information into OSPF on Router C.

[RouterC] ospf 1

[RouterC-ospf-1] import-route bgp

[RouterC-ospf-1] quit

6. Configure MSDP peers:

# Configure an MSDP peer on Router B.

[RouterB] msdp

[RouterB-msdp] peer 192.168.1.2 connect-interface ten-gigabitethernet 3/0/2

[RouterB-msdp] quit

# Configure MSDP peers on Router C.

[RouterC] msdp

[RouterC-msdp] peer 192.168.1.1 connect-interface ten-gigabitethernet 3/0/3

[RouterC-msdp] peer 192.168.3.2 connect-interface ten-gigabitethernet 3/0/2

[RouterC-msdp] quit

# Configure an MSDP peer on Router E.

[RouterE] msdp

[RouterE-msdp] peer 192.168.3.1 connect-interface ten-gigabitethernet 3/0/2

[RouterE-msdp] quit

Verifying the configuration

# Display information about BGP IPv4 unicast peers or peer groups on Router B.

[RouterB] display bgp peer ipv4

BGP local router ID: 1.1.1.1

Local AS number: 100

Total number of peers: 1 Peers in established state: 1

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

192.168.1.2 200 24 21 0 6 00:13:09 Established

# Display information about BGP IPv4 unicast peers or peer groups on Router C.

[RouterC] display bgp peer ipv4

BGP local router ID: 2.2.2.2

Local AS number: 200

Total number of peers: 1 Peers in established state: 1

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

192.168.1.1 100 18 16 0 1 00:12:04 Established

# Display the BGP IPv4 unicast routing table on Router C.

[RouterC] display bgp routing-table ipv4

Total number of routes: 5

BGP local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* > 1.1.1.1/32 192.168.1.1 0 0 100?

* >i 2.2.2.2/32 0.0.0.0 0 0 ?

* > 192.168.1.0 0.0.0.0 0 0 ?

* > 192.168.1.1/32 0.0.0.0 0 0 ?

* > 192.168.1.2/32 0.0.0.0 0 0 ?

# Verify that hosts in PIM-SM 1 and PIM-SM 3 can receive the multicast data from Source 1 and Source 2. (Details not shown.)

# Display brief information about MSDP peer groups on Router B.

[RouterB] display msdp brief

Configured Established Listen Connect Shutdown Disabled

1 1 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

192.168.1.2 Established 00:12:19 200 13 0

# Display brief information about MSDP peer groups on Router C.

[RouterC] display msdp brief

Configured Established Listen Connect Shutdown Disabled

2 2 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

192.168.3.2 Established 00:15:19 ? 8 0

192.168.1.1 Established 00:06:11 100 13 0

# Display brief information about MSDP peer groups on Router E.

[RouterE] display msdp brief

Configured Established Listen Connect Shutdown Disabled

1 1 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

192.168.3.1 Established 01:12:19 ? 8 0

# Display detailed MSDP peer information on Router B.

[RouterB] display msdp peer-status

MSDP Peer 192.168.1.2; AS 200

Description:

Information about connection status:

State: Established

Up/down time: 00:15:47

Resets: 0

Connection interface: Ten-GigabitEthernet3/0/2 (192.168.1.1)

Received/sent messages: 16/16

Discarded input messages: 0

Discarded output messages: 0

Elapsed time since last connection or counters clear: 00:17:40

Mesh group peer joined: momo

Last disconnect reason: Hold timer expired with truncated message

Truncated packet: 5 bytes in buffer, type: 1, length: 20, without packet time: 75s

Information about (Source, Group)-based SA filtering policy:

Import policy: None

Export policy: None

Information about SA-Requests:

Policy to accept SA-Requests: None

Sending SA-Requests status: Disable

Minimum TTL to forward SA with encapsulated data: 0

SAs learned from this peer: 0, SA cache maximum for the peer: 4294967295

Input queue size: 0, Output queue size: 0

Counters for MSDP messages:

RPF check failure: 0

Incoming/outgoing SA: 0/0

Incoming/outgoing SA-Request: 0/0

Incoming/outgoing SA-Response: 0/0

Incoming/outgoing Keepalive: 867/867

Incoming/outgoing Notification: 0/0

Incoming/outgoing Traceroutes in progress: 0/0

Incoming/outgoing Traceroute reply: 0/0

Incoming/outgoing Unknown: 0/0

Incoming/outgoing data packet: 0/0

Example: Configuring inter-AS multicast by leveraging static RPF peers

Network configuration

As shown in Figure 191:

· The network has two ASs: AS 100 and AS 200. OSPF runs within each AS. BGP runs between the two ASs.

· PIM-SM 1 belongs to AS 100, and PIM-SM 2 and PIM-SM 3 belong to AS 200. Each PIM-SM domain has a minimum of one multicast source or receiver.

Configure inter-AS multicast as follows:

· Configure Loopback 0 as the C-BSR and C-RP of the related PIM-SM domain on Router A, Router D and Router G.

· According to the peer-RPF forwarding rule, the routers accept SA messages that pass the filtering policy from its static RPF peers. To share multicast source information among PIM-SM domains without changing the unicast topology structure, configure MSDP peering relationships for the RPs of the PIM-SM domains and configure the static RPF peering relationships.

Figure 191 Network diagram

‌

Table 37 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Source 1	—	192.168.1.100/24	Router D	XGE3/0/1	10.110.5.1/24
Source 2	—	192.168.3.100/24	Router D	XGE3/0/2	10.110.3.2/24
Router A	XGE3/0/1	10.110.1.1/24	Router D	Loop0	2.2.2.2/32
Router A	XGE3/0/2	10.110.2.1/24	Router E	XGE3/0/1	10.110.5.2/24
Router A	Loop0	1.1.1.1/32	Router E	XGE3/0/2	192.168.3.1/24
Router B	XGE3/0/1	10.110.1.2/24	Router F	XGE3/0/1	10.110.6.1/24
Router B	XGE3/0/2	192.168.1.1/24	Router F	XGE3/0/2	10.110.4.2/24
Router B	XGE3/0/3	10.110.3.1/24	Router G	XGE3/0/1	10.110.6.2/24
Router C	XGE3/0/1	10.110.2.2/24	Router G	XGE3/0/2	192.168.4.1/24
Router C	XGE3/0/2	192.168.2.1/24	Router G	Loop0	3.3.3.3/32
Router C	XGE3/0/3	10.110.4.1/24

Procedure

1. Assign an IP address and subnet mask to each interface according to Table 37. (Details not shown.)

2. Configure OSPF on the routers in the ASs. (Details not shown.)

3. Enable IP multicast routing, PIM-SM, and IGMP, and configure PIM-SM domain borders:

# On Router C, enable IP multicast routing.

<RouterC> system-view

[RouterC] multicast routing

[RouterC-mrib] quit

# Enable PIM-SM on each interface, and enable IGMP on the receiver-side interface (Ten-GigabitEthernet 3/0/2).

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] pim sm

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] igmp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] pim sm

[RouterC-Ten-GigabitEthernet3/0/3] quit

# Configure Router A, Router B, Router D, Router E, Router F, and Router G in the same way Router C is configured. (Details not shown.)

# On Router B, configure the PIM domain borders.

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] pim bsr-boundary

[RouterB-Ten-GigabitEthernet3/0/3] quit

# Configure the PIM domain borders on Router C, Router D, and Router F in the same way Router B is configured. (Details not shown.)

4. Configure C-BSRs and C-RPs:

# On Router A, configure Loopback 0 as a C-BSR and a C-RP.

[RouterA] pim

[RouterA-pim] c-bsr 1.1.1.1

[RouterA-pim] c-rp 1.1.1.1

[RouterA-pim] quit

# Configure C-BSRs and C-RPs on Router D and Router G in the same way Router A is configured. (Details not shown.)

5. Configure BGP, and redistribute BGP routing information into OSPF and OSPF routing information into BGP:

# On Router B, configure an EBGP peer, and redistribute OSPF routing information.

[RouterB] bgp 100

[RouterB-bgp-default] router-id 1.1.1.2

[RouterB-bgp-default] peer 10.110.3.2 as-number 200

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 10.110.3.2 enable

[RouterB-bgp-default-ipv4] import-route ospf 1

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

# On Router D, configure an EBGP peer, and redistribute OSPF routing information.

[RouterD] bgp 200

[RouterD-bgp-default-default] router-id 2.2.2.2

[RouterD-bgp-default-default] peer 10.110.3.1 as-number 100

[RouterD-bgp-default-default] address-family ipv4 unicast

[RouterD-bgp-default-default-ipv4] peer 10.110.3.1 enable

[RouterD-bgp-default-default-ipv4] import-route ospf 1

[RouterD-bgp-default-default-ipv4] quit

[RouterD-bgp-default-default] quit

# On Router C, configure an EBGP peer, and redistribute OSPF routing information.

[RouterC] bgp 100

[RouterC-bgp-default] router-id 1.1.1.3

[RouterC-bgp-default] peer 10.110.4.2 as-number 200

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 10.110.4.2 enable

[RouterC-bgp-default-ipv4] import-route ospf 1

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

# On Router F, configure an EBGP peer, and redistribute OSPF routing information.

[RouterF] bgp 200

[RouterF-bgp-default] router-id 3.3.3.1

[RouterF-bgp-default] peer 10.110.4.1 as-number 100

[RouterF-bgp-default] address-family ipv4 unicast

[RouterF-bgp-default-ipv4] peer 10.110.4.1 enable

[RouterF-bgp-default-ipv4] import-route ospf 1

[RouterF-bgp-default-ipv4] quit

[RouterF-bgp-default] quit

# On Router B, redistribute BGP routing information into OSPF.

[RouterB] ospf 1

[RouterB-ospf-1] import-route bgp

[RouterB-ospf-1] quit

# On Router D, redistribute BGP routing information into OSPF.

[RouterD] ospf 1

[RouterD-ospf-1] import-route bgp

[RouterD-ospf-1] quit

# On Router C, redistribute BGP routing information into OSPF.

[RouterC] ospf 1

[RouterC-ospf-1] import-route bgp

[RouterC-ospf-1] quit

# On Router F, redistribute BGP routing information into OSPF.

[RouterF] ospf 1

[RouterF-ospf-1] import-route bgp

[RouterF-ospf-1] quit

6. Configure MSDP peers and static RPF peers:

# On Router A, configure Router D and Router G as the MSDP peers and static RPF peers.

[RouterA] ip prefix-list list-dg permit 10.110.0.0 16 greater-equal 16 less-equal 32

[RouterA] msdp

[RouterA-msdp] peer 10.110.3.2 connect-interface ten-gigabitethernet 3/0/1

[RouterA-msdp] peer 10.110.6.2 connect-interface ten-gigabitethernet 3/0/2

[RouterA-msdp] static-rpf-peer 10.110.3.2 rp-policy list-dg

[RouterA-msdp] static-rpf-peer 10.110.6.2 rp-policy list-dg

[RouterA-msdp] quit

# On Router D, configure Router A as the MSDP peer and static RPF peer.

[RouterD] ip prefix-list list-a permit 10.110.0.0 16 greater-equal 16 less-equal 32

[RouterD] msdp

[RouterD-msdp] peer 10.110.1.1 connect-interface ten-gigabitethernet 3/0/2

[RouterD-msdp] static-rpf-peer 10.110.1.1 rp-policy list-a

[RouterD-msdp] quit

# On Router G, configure Router A as the MSDP peer and static RPF peer.

[RouterG] ip prefix-list list-a permit 10.110.0.0 16 greater-equal 16 less-equal 32

[RouterG] msdp

[RouterG-msdp] peer 10.110.2.1 connect-interface ten-gigabitethernet 3/0/1

[RouterG-msdp] static-rpf-peer 10.110.2.1 rp-policy list-a

[RouterG-msdp] quit

Verifying the configuration

# Display the BGP peering relationships on Router A.

[RouterA] display bgp peer

No information is output, because no BGP peering relationship has been established between Router A and Router D, or between Router A and Router G. This means that the unicast topology is not changed.

# Display brief information about MSDP peers on Router A.

[RouterA] display msdp brief

Configured Established Listen Connect Shutdown Disabled

2 2 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

10.110.3.2 Established 01:07:08 ? 8 0

10.110.6.2 Established 00:16:39 ? 13 0

# Display brief information about MSDP peers on Router D.

[RouterD] display msdp brief

Configured Established Listen Connect Shutdown Disabled

1 1 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

10.110.1.1 Established 01:07:09 ? 8 0

# Display brief information about MSDP peers on Router G.

[RouterG] display msdp brief

Configured Established Listen Connect Shutdown Disabled

1 1 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

10.110.2.1 Established 00:16:40 ? 13 0

# Verify that receivers in PIM-SM 1 and PIM-SM 3 can receive the multicast data from Source 1 and Source 2 to a multicast group. (Details not shown.)

Example: Configuring Anycast RP

Network configuration

As shown in Figure 192, OSPF runs within the domain to provide unicast routes.

Configure the Anycast RP application so that the receiver-side DRs and the source-side DRs can initiate a join process to their respective RPs that are topologically closest to them.

Configure the router IDs of Router B and Router D as 1.1.1.1 and 2.2.2.2, respectively. Set up an MSDP peering relationship between Router B and Router D.

Figure 192 Network diagram

‌

Table 38 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Source 1	—	10.110.5.100/24	Router C	XGE3/0/1	192.168.1.2/24
Source 2	—	10.110.6.100/24	Router C	XGE3/0/2	192.168.2.2/24
Router A	XGE3/0/1	10.110.5.1/24	Router D	XGE3/0/1	10.110.3.1/24
Router A	XGE3/0/2	10.110.2.2/24	Router D	XGE3/0/2	10.110.4.1/24
Router B	XGE3/0/1	10.110.1.1/24	Router D	XGE3/0/3	192.168.2.1/24
Router B	XGE3/0/2	10.110.2.1/24	Router D	Loop0	2.2.2.2/32
Router B	XGE3/0/3	192.168.1.1/24	Router D	Loop10	4.4.4.4/32
Router B	Loop0	1.1.1.1/32	Router D	Loop20	10.1.1.1/32
Router B	Loop10	3.3.3.3/32	Router E	XGE3/0/1	10.110.6.1/24
Router B	Loop20	10.1.1.1/32	Router E	XGE3/0/2	10.110.4.2/24

Procedure

1. Assign an IP address and subnet mask to each interface according to Figure 192. (Details not shown.)

2. Configure OSPF on the routers in the PIM-SM domain. (Details not shown.)

3. Enable IP multicast routing, IGMP, and PIM-SM:

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable IGMP on the receiver-side interface (Ten-GigabitEthernet 3/0/1).

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] igmp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-SM on the other interfaces.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] pim sm

[RouterB-Ten-GigabitEthernet3/0/3] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] pim sm

[RouterB-LoopBack0] quit

[RouterB] interface loopback 10

[RouterB-LoopBack10] pim sm

[RouterB-LoopBack10] quit

[RouterB] interface loopback 20

[RouterB-LoopBack20] pim sm

[RouterB-LoopBack20] quit

# Enable IP multicast routing, IGMP, and PIM-SM on Router A, Router C, Router D, and Router E in the same way Router B is configured. (Details not shown.)

4. Configure C-BSRs and C-RPs:

# On Router B, configure Loopback 10 as a C-BSR and configure Loopback 20 as a C-RP.

[RouterB] pim

[RouterB-pim] c-bsr 3.3.3.3

[RouterB-pim] c-rp 10.1.1.1

[RouterB-pim] quit

# Configure a C-BSR and a C-RP on Router D in the same way Router B is configured. (Details not shown.)

5. Configure MSDP peers:

# Configure an MSDP peer on Loopback 0 of Router B.

[RouterB] msdp

[RouterB-msdp] originating-rp loopback 0

[RouterB-msdp] peer 2.2.2.2 connect-interface loopback 0

[RouterB-msdp] quit

# Configure an MSDP peer on Loopback 0 of Router D.

[RouterD] msdp

[RouterD-msdp] originating-rp loopback 0

[RouterD-msdp] peer 1.1.1.1 connect-interface loopback 0

[RouterD-msdp] quit

Verifying the configuration

# Display brief information about MSDP peers on Router B.

[RouterB] display msdp brief

Configured Established Listen Connect Shutdown Disabled

1 1 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

2.2.2.2 Established 00:00:13 ? 0 0

# Display brief information about MSDP peers on Router D.

[RouterD] display msdp brief

Configured Established Listen Connect Shutdown Disabled

1 1 0 0 0 0

Peer address State Up/Down time AS SA count Reset count

1.1.1.1 Established 00:00:13 ? 0 0

# Send an IGMP report from Host A to join the multicast group 225.1.1.1. (Details not shown.)

# Send multicast data from Source 1 10.110.5.100/24 to the multicast group 225.1.1.1. (Details not shown.)

# Display the PIM routing table on Router D.

[RouterD] display pim routing-table

No information is output on Router D.

# Display the PIM routing table on Router B.

[RouterB] display pim routing-table

Total 1 (*, G) entry; 1 (S, G) entry

(*, 225.1.1.1)

RP: 10.1.1.1 (local)

Protocol: pim-sm, Flag: WC

UpTime: 00:15:04

Upstream interface: Register-Tunnel0

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: igmp, UpTime: 00:15:04, Expires: -

(10.110.5.100, 225.1.1.1)

RP: 10.1.1.1 (local)

Protocol: pim-sm, Flag: SPT 2MSDP ACT

UpTime: 00:46:28

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 10.110.2.2

RPF prime neighbor: 10.110.2.2

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: pim-sm, UpTime: - , Expires: -

The output shows that Router B now acts as the RP for Source 1 and Host A.

# Send an IGMP leave message from Host A to leave multicast group 225.1.1.1. (Details not shown.),

# Send an IGMP report from Host B to join multicast group 225.1.1.1. (Details not shown.)

# Send multicast data from Source 2 to multicast group 225.1.1.1. (Details not shown.)

# Display the PIM routing table on Router B.

[RouterB] display pim routing-table

No information is output on Router B.

# Display PIM routing information on Router D.

[RouterD] display pim routing-table

Total 1 (*, G) entry; 1 (S, G) entry

(*, 225.1.1.1)

RP: 10.1.1.1 (local)

Protocol: pim-sm, Flag: WC

UpTime: 00:12:07

Upstream interface: Register-Tunnel0

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: igmp, UpTime: 00:12:07, Expires: -

(10.110.6.100, 225.1.1.1)

RP: 10.1.1.1 (local)

Protocol: pim-sm, Flag: SPT 2MSDP ACT

UpTime: 00:40:22

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 10.110.4.2

RPF prime neighbor: 10.110.4.2

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: pim-sm, UpTime: - , Expires: -

The output shows that Router D now acts as the RP for Source 2 and Host B.

Example: Configuring SA message filtering

Network configuration

As shown in Figure 193:

· OSPF runs within and among the PIM-SM domains to provide unicast routing.

· Set up an MSDP peering relationship between Router A and Router C and between Router C and Router D.

· Source 1 sends multicast data to multicast groups 225.1.1.0/30 and 226.1.1.0/30. Source 2 sends multicast data to the multicast group 227.1.1.0/30.

Configure SA message policies to meet the following requirements:

· Host A and Host B receive the multicast data only addressed to multicast groups 225.1.1.0/30 and 226.1.1.0/30.

· Host C receives the multicast data only addressed to multicast groups 226.1.1.0/30 and 227.1.1.0/30.

Figure 193 Network diagram

‌

Table 39 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Source 1	—	10.110.3.100/24	Router C	XGE3/0/1	10.110.4.1/24
Source 2	—	10.110.6.100/24	Router C	XGE3/0/2	10.110.5.1/24
Router A	XGE3/0/1	10.110.1.1/24	Router C	XGE3/0/3	192.168.1.2/24
Router A	XGE3/0/2	10.110.2.1/24	Router C	XGE3/0/4	192.168.2.2/24
Router A	XGE3/0/3	192.168.1.1/24	Router C	Loop0	2.2.2.2/32
Router A	Loop0	1.1.1.1/32	Router D	XGE3/0/1	10.110.6.1/24
Router B	XGE3/0/1	10.110.3.1/24	Router D	XGE3/0/2	10.110.7.1/24
Router B	XGE3/0/2	10.110.2.2/24	Router D	XGE3/0/3	10.110.5.2/24
Router B	XGE3/0/3	192.168.2.1/24	Router D	Loop0	3.3.3.3/32

Procedure

1. Assign an IP address and subnet mask to each interface according to Figure 193. (Details not shown.)

2. Configure OSPF on the routers in the PIM-SM domains. (Details not shown.)

3. Enable IP multicast routing, IGMP, and PIM-SM, and configure a PIM domain border:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP on the receiver-side interface (Ten-GigabitEthernet 3/0/1).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] igmp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable PIM-SM on the other interfaces.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] pim sm

[RouterA-LoopBack0] quit

# Enable IP multicast routing, IGMP, and PIM-SM on Router B, Router C, and Router D in the same way Router A is configured. (Details not shown.)

# Configure PIM domain borders on Router C.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] pim bsr-boundary

[RouterC-Ten-GigabitEthernet3/0/3] quit

[RouterC] interface ten-gigabitethernet 3/0/4

[RouterC-Ten-GigabitEthernet3/0/4] pim bsr-boundary

[RouterC-Ten-GigabitEthernet3/0/4] quit

# Configure PIM domain borders on Router A, Router B, and Router D in the same way Router C is configured. (Details not shown.)

4. Configure C-BSRs and C-RPs:

# Configure Loopback 0 on Router A as a C-BSR and a C-RP.

[RouterA] pim

[RouterA-pim] c-bsr 1.1.1.1

[RouterA-pim] c-rp 1.1.1.1

[RouterA-pim] quit

# Configure C-BSRs and C-RPs on Router C and Router D in the same way Router A is configured. (Details not shown.)

5. Configure MSDP peers:

# Configure an MSDP peer on Router A.

[RouterA] msdp

[RouterA-msdp] peer 192.168.1.2 connect-interface ten-gigabitethernet 3/0/3

[RouterA-msdp] quit

# Configure MSDP peers on Router C.

[RouterC] msdp

[RouterC-msdp] peer 192.168.1.1 connect-interface ten-gigabitethernet 3/0/3

[RouterC-msdp] peer 10.110.5.2 connect-interface ten-gigabitethernet 3/0/2

[RouterC-msdp] quit

# Configure an MSDP peer on Router D.

[RouterD] msdp

[RouterD-msdp] peer 10.110.5.1 connect-interface ten-gigabitethernet 3/0/3

[RouterD-msdp] quit

6. Configure SA message policies:

# Configure an SA accepting and forwarding policy on Router C so that Router C will not forward SA messages for (Source 1, 225.1.1.0/30) to Router D.

[RouterC] acl advanced 3001

[RouterC-acl-ipv4-adv-3001] rule deny ip source 10.110.3.100 0 destination 225.1.1.0 0.0.0.3

[RouterC-acl-ipv4-adv-3001] rule permit ip source any destination any

[RouterC-acl-ipv4-adv-3001] quit

[RouterC] msdp

[RouterC-msdp] peer 10.110.5.2 sa-policy export acl 3001

[RouterC-msdp] quit

# Configure an SA creation policy on Router D so that Router D will not create SA messages for Source 2.

[RouterD] acl basic 2001

[RouterD-acl-ipv4-basic-2001] rule deny source 10.110.6.100 0

[RouterD-acl-ipv4-basic-2001] quit

[RouterD] msdp

[RouterD-msdp] import-source acl 2001

[RouterD-msdp] quit

Verifying the configuration

# Display the (S, G) entries in the SA message cache on Router C.

[RouterC] display msdp sa-cache

MSDP Total Source-Active Cache - 8 entries

Matched 8 entries

Source Group Origin RP Pro AS Uptime Expires

10.110.3.100 225.1.1.0 1.1.1.1 ? ? 02:03:30 00:05:31

10.110.3.100 225.1.1.1 1.1.1.1 ? ? 02:03:30 00:05:31

10.110.3.100 225.1.1.2 1.1.1.1 ? ? 02:03:30 00:05:31

10.110.3.100 225.1.1.3 1.1.1.1 ? ? 02:03:30 00:05:31

10.110.3.100 226.1.1.0 1.1.1.1 ? ? 02:03:30 00:05:31

10.110.3.100 226.1.1.1 1.1.1.1 ? ? 02:03:30 00:05:31

10.110.3.100 226.1.1.2 1.1.1.1 ? ? 02:03:30 00:05:31

10.110.3.100 226.1.1.3 1.1.1.1 ? ? 02:03:30 00:05:31

# Display the (S, G) entries in the SA message cache on Router D.

[RouterD] display msdp sa-cache

MSDP Total Source-Active Cache - 4 entries

Matched 4 entries

Source Group Origin RP Pro AS Uptime Expires

10.110.3.100 226.1.1.0 1.1.1.1 ? ? 00:32:53 00:05:07

10.110.3.100 226.1.1.1 1.1.1.1 ? ? 00:32:53 00:05:07

10.110.3.100 226.1.1.2 1.1.1.1 ? ? 00:32:53 00:05:07

10.110.3.100 226.1.1.3 1.1.1.1 ? ? 00:32:53 00:05:07

Multicast VPN configuration examples

Example: Configuring intra-AS MDT-based MVPN

Network configuration

As shown in Figure 194, configure intra-AS MDT-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 1, R 2, and R 3 are receivers. · In VPN instance b, S 2 is a multicast source, and R 4 is a receiver. · For VPN instance a, the default group is 239.1.1.1, and the data group range is 225.2.2.0 to 225.2.2.15. · For VPN instance b, the default group is 239.2.2.2, and the data group range is 225.4.4.0 to 225.4.4.15.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 and Ten-GigabitEthernet 3/0/3 belong to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/2 belongs to VPN instance b. Ten-GigabitEthernet 3/0/3 belongs to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 and Loopback 2 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and MPLS	· Configure OSPF on the public network, and configure RIP between the PEs and the CEs. · Establish BGP peer connections between PE 1, PE 2, and PE 3 on their respective Loopback 1. · Configure MPLS on the public network.
IP multicast routing	· Enable IP multicast routing on the P router. · Enable IP multicast routing on the public network instance on PE 1, PE 2, and PE 3. · Enable IP multicast routing for VPN instance a on PE 1, PE 2, and PE 3. · Enable IP multicast routing for VPN instance b on PE 2 and PE 3. · Enable IP multicast routing on CE a1, CE a2, CE a3, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/2 of PE 1. · Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2, CE a3, and CE b2.
PIM	Enable PIM-SM on the public network and for VPN instances a and b: · Enable PIM-SM on all interfaces of the P router. · Enable PIM-SM on all public and private network interfaces on PE 1, PE 2, and PE 3. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE a3, CE b1, and CE b2. · Configure Loopback 1 of P as a public network C-BSR and C-RP to provide services for all multicast groups. · Configure Loopback 1 of CE a2 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups. · Configure Loopback 2 of PE 3 as a C-BSR and a C-RP for VPN instance b to provide services for all multicast groups.

Figure 194 Network diagram

‌

Table 40 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	10.110.7.2/24	PE 3	XGE3/0/1	192.168.8.1/24
S 2	—	10.110.8.2/24	PE 3	XGE3/0/2	10.110.5.1/24
R 1	—	10.110.1.2/24	PE 3	XGE3/0/3	10.110.6.1/24
R 2	—	10.110.9.2/24	PE 3	Loop1	1.1.1.3/32
R 3	—	10.110.10.2/24	PE 3	Loop2	33.33.33.33/32
R 4	—	10.110.11.2/24	CE a1	XGE3/0/1	10.110.7.1/24
P	XGE3/0/1	192.168.6.2/24	CE a1	XGE3/0/2	10.110.2.2/24
P	XGE3/0/2	192.168.7.2/24	CE a2	XGE3/0/1	10.110.9.1/24
P	XGE3/0/3	192.168.8.2/24	CE a2	XGE3/0/2	10.110.4.2/24
P	Loop1	2.2.2.2/32	CE a2	XGE3/0/3	10.110.12.1/24
PE 1	XGE3/0/1	192.168.6.1/24	CE a2	Loop1	22.22.22.22/32
PE 1	XGE3/0/2	10.110.1.1/24	CE a3	XGE3/0/1	10.110.10.1/24
PE 1	XGE3/0/3	10.110.2.1/24	CE a3	XGE3/0/2	10.110.5.2/24
PE 1	Loop1	1.1.1.1/32	CE a3	XGE3/0/3	10.110.12.2/24
PE 2	XGE3/0/1	192.168.7.1/24	CE b1	XGE3/0/1	10.110.8.1/24
PE 2	XGE3/0/2	10.110.3.1/24	CE b1	XGE3/0/2	10.110.3.2/24
PE 2	XGE3/0/3	10.110.4.1/24	CE b2	XGE3/0/1	10.110.11.1/24
PE 2	Loop1	1.1.1.2/32	CE b2	XGE3/0/2	10.110.6.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE1> system-view

[PE1] router id 1.1.1.1

[PE1] multicast routing

[PE1-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing in VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] default-group 239.1.1.1

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE1-mvpn-vpn-instance-a-ipv4] data-group 225.2.2.0 28

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 192.168.6.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE1-Ten-GigabitEthernet3/0/1] pim sm

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable IGMP on the interface.

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.110.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] igmp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.110.2.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] pim sm

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] group vpn-g internal

[PE1-bgp-default] peer vpn-g connect-interface loopback 1

[PE1-bgp-default] peer 1.1.1.2 group vpn-g

[PE1-bgp-default] peer 1.1.1.3 group vpn-g

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route rip 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] peer vpn-g enable

[PE1–bgp-default-vpnv4] quit

[PE1-bgp-default] address-family ipv4 mdt

[PE1-bgp-default-mdt] peer vpn-g enable

[PE1-bgp-default-mdt] quit

[PE1–bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 192.168.6.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure RIP.

[PE1] rip 2 vpn-instance a

[PE1-rip-2] network 10.110.1.0 0.0.0.255

[PE1-rip-2] network 10.110.2.0 0.0.0.255

[PE1-rip-2] import-route bgp

[PE1-rip-2] quit

2. Configure PE 2:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE2> system-view

[PE2] router id 1.1.1.2

[PE2] multicast routing

[PE2-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE2] mpls lsr-id 1.1.1.2

[PE2] mpls ldp

[PE2-ldp] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance b

[PE2-vpn-instance-b] route-distinguisher 200:1

[PE2-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE2-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE2-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create an MDT-based MVPN for VPN instance b.

[PE2] multicast-vpn vpn-instance b mode mdt

# Create an MVPN IPv4 address family for VPN instance b.

[PE2-mvpn-vpn-instance-b] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance b.

[PE2-mvpn-vpn-instance-b-ipv4] default-group 239.2.2.2

[PE2-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE2-mvpn-vpn-instance-b-ipv4] data-group 225.4.4.0 28

[PE2-mvpn-vpn-instance-b-ipv4] quit

[PE2-mvpn-vpn-instance-b] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance a

[PE2-vpn-instance-a] route-distinguisher 100:1

[PE2-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE2] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE2-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, MVPN source interface, and the data group range for VPN instance a.

[PE2-mvpn-vpn-instance-a-ipv4] default-group 239.1.1.1

[PE2-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE2-mvpn-vpn-instance-a-ipv4] data-group 225.2.2.0 28

[PE2-mvpn-vpn-instance-a-ipv4] quit

[PE2-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 192.168.7.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE2-Ten-GigabitEthernet3/0/1] pim sm

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance b.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance b

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.110.3.1 24

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.110.4.1 24

[PE2-Ten-GigabitEthernet3/0/3] pim sm

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.2 32

[PE2-LoopBack1] pim sm

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] group vpn-g internal

[PE2-bgp-default] peer vpn-g connect-interface loopback 1

[PE2-bgp-default] peer 1.1.1.1 group vpn-g

[PE2-bgp-default] peer 1.1.1.3 group vpn-g

[PE2–bgp-default] ip vpn-instance a

[PE2-bgp-default-a] address-family ipv4

[PE2-bgp-default-ipv4-a] import-route rip 2

[PE2-bgp-default-ipv4-a] import-route direct

[PE2-bgp-default-ipv4-a] quit

[PE2-bgp-default-a] quit

[PE2–bgp-default] ip vpn-instance b

[PE2-bgp-default-b] address-family ipv4

[PE2-bgp-default-ipv4-b] import-route rip 3

[PE2-bgp-default-ipv4-b] import-route direct

[PE2-bgp-default-ipv4-b] quit

[PE2-bgp-default-b] quit

[PE2–bgp-default] address-family vpnv4

[PE2–bgp-default-vpnv4] peer vpn-g enable

[PE2–bgp-default-vpnv4] quit

[PE2–bgp-default] quit

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 1.1.1.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 192.168.7.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Configure RIP.

[PE2] rip 2 vpn-instance a

[PE2-rip-2] network 10.110.4.0 0.0.0.255

[PE2-rip-2] import-route bgp

[PE2-rip-2] quit

[PE2] rip 3 vpn-instance b

[PE2-rip-3] network 10.110.3.0 0.0.0.255

[PE2-rip-3] import-route bgp

[PE2-rip-3] return

3. Configure PE 3:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE3> system-view

[PE3] router id 1.1.1.3

[PE3] multicast routing

[PE3-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE3] mpls lsr-id 1.1.1.3

[PE3] mpls ldp

[PE3-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance a

[PE3-vpn-instance-a] route-distinguisher 100:1

[PE3-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE3-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE3-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE3] multicast routing vpn-instance a

[PE3-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE3] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE3-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance a.

[PE3-mvpn-vpn-instance-a-ipv4] default-group 239.1.1.1

[PE3-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE3-mvpn-vpn-instance-a-ipv4] data-group 225.2.2.0 28

[PE3-mvpn-vpn-instance-a-ipv4] quit

[PE3-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance b

[PE3-vpn-instance-b] route-distinguisher 200:1

[PE3-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE3-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE3-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE3] multicast routing vpn-instance b

[PE3-mrib-b] quit

# Create an MDT-based MVPN for VPN instance b.

[PE3] multicast-vpn vpn-instance b mode mdt

# Create an MVPN IPv4 address family for VPN instance b.

[PE3-mvpn-vpn-instance-b] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance b.

[PE3-mvpn-vpn-instance-b-ipv4] default-group 239.2.2.2

[PE3-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE3-mvpn-vpn-instance-b-ipv4] data-group 225.4.4.0 28

[PE3-mvpn-vpn-instance-b-ipv4] quit

[PE3-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 192.168.8.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE3-Ten-GigabitEthernet3/0/1] pim sm

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.1 24

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE3-Ten-GigabitEthernet3/0/3] ip address 10.110.6.1 24

[PE3-Ten-GigabitEthernet3/0/3] pim sm

[PE3-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on this interface.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 1.1.1.3 32

[PE3-LoopBack1] pim sm

[PE3-LoopBack1] quit

# Associate Loopback 2 with VPN instance b.

[PE3] interface loopback 2

[PE3-LoopBack2] ip binding vpn-instance b

# Assign an IP address to Loopback 2, and enable PIM-SM on the interface.

[PE3-LoopBack2] ip address 33.33.33.33 32

[PE3-LoopBack2] pim sm

[PE3-LoopBack2] quit

# Configure Loopback 2 as a C-BSR and a C-RP.

[PE3] pim vpn-instance b

[PE3-pim-b] c-bsr 33.33.33.33

[PE3-pim-b] c-rp 33.33.33.33

[PE3-pim-b] quit

# Configure BGP.

[PE3] bgp 100

[PE3-bgp-default] group vpn-g internal

[PE3-bgp-default] peer vpn-g connect-interface loopback 1

[PE3-bgp-default] peer 1.1.1.1 group vpn-g

[PE3-bgp-default] peer 1.1.1.2 group vpn-g

[PE3–bgp-default] ip vpn-instance a

[PE3-bgp-default-a] address-family ipv4

[PE3-bgp-default-ipv4-a] import-route rip 2

[PE3-bgp-default-ipv4-a] import-route direct

[PE3-bgp-default-ipv4-a] quit

[PE3-bgp-default-a] quit

[PE3–bgp-default] ip vpn-instance b

[PE3-bgp-default-b] address-family ipv4

[PE3-bgp-default-ipv4-b] import-route rip 3

[PE3-bgp-default-ipv4-b] import-route direct

[PE3-bgp-default-ipv4-b] quit

[PE3-bgp-default-b] quit

[PE3–bgp-default] address-family vpnv4

[PE3–bgp-default-vpnv4] peer vpn-g enable

[PE3–bgp-default-vpnv4] quit

[PE3–bgp-default] quit

# Configure OSPF.

[PE3] ospf 1

[PE3-ospf-1] area 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 1.1.1.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 192.168.8.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

# Configure RIP.

[PE3] rip 2 vpn-instance a

[PE3-rip-2] network 10.110.5.0 0.0.0.255

[PE3-rip-2] import-route bgp

[PE3-rip-2] quit

[PE3] rip 3 vpn-instance b

[PE3-rip-3] network 10.110.6.0 0.0.0.255

[PE3-rip-3] network 33.33.33.33 0.0.0.0

[PE3-rip-3] import-route bgp

[PE3-rip-3] return

4. Configure P:

# Enable IP multicast routing on the public network.

system-view

[P] multicast routing

[P-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[P] mpls lsr-id 2.2.2.2

[P] mpls ldp

[P-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ip address 192.168.6.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[P-Ten-GigabitEthernet3/0/1] pim sm

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ip address 192.168.7.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/2.

[P-Ten-GigabitEthernet3/0/2] pim sm

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3.

[P] interface ten-gigabitethernet 3/0/3

[P-Ten-GigabitEthernet3/0/3] ip address 192.168.8.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/3.

[P-Ten-GigabitEthernet3/0/3] pim sm

[P-Ten-GigabitEthernet3/0/3] mpls enable

[P-Ten-GigabitEthernet3/0/3] mpls ldp enable

[P-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[P] interface loopback 1

[P-LoopBack1] ip address 2.2.2.2 32

[P-LoopBack1] pim sm

[P-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP.

[P] pim

[P-pim] c-bsr 2.2.2.2

[P-pim] c-rp 2.2.2.2

[P-pim] quit

# Configure OSPF.

[P] ospf 1

[P-ospf-1] area 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 192.168.6.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.168.7.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.168.8.0 0.0.0.255

5. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 10.110.7.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 10.110.2.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEa1] rip 2

[CEa1-rip-2] network 10.110.2.0 0.0.0.255

[CEa1-rip-2] network 10.110.7.0 0.0.0.255

6. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 10.110.8.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 10.110.3.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb1] rip 3

[CEb1-rip-3] network 10.110.3.0 0.0.0.255

[CEb1-rip-3] network 10.110.8.0 0.0.0.255

7. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 10.110.9.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 10.110.4.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/3

[CEa2-Ten-GigabitEthernet3/0/3] ip address 10.110.12.1 24

[CEa2-Ten-GigabitEthernet3/0/3] pim sm

[CEa2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[CEa2] interface loopback 1

[CEa2-LoopBack1] ip address 22.22.22.22 32

[CEa2-LoopBack1] pim sm

[CEa2-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP.

[CEa2] pim

[CEa2-pim] c-bsr 22.22.22.22

[CEa2-pim] c-rp 22.22.22.22

[CEa2-pim] quit

# Configure RIP.

[CEa2] rip 2

[CEa2-rip-2] network 10.110.4.0 0.0.0.255

[CEa2-rip-2] network 10.110.9.0 0.0.0.255

[CEa2-rip-2] network 10.110.12.0 0.0.0.255

[CEa2-rip-2] network 22.22.22.22 0.0.0.0

8. Configure CE a3:

# Enable IP multicast routing.

<CEa3> system-view

[CEa3] multicast routing

[CEa3-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa3] interface ten-gigabitethernet 3/0/1

[CEa3-Ten-GigabitEthernet3/0/1] ip address 10.110.10.1 24

[CEa3-Ten-GigabitEthernet3/0/1] igmp enable

[CEa3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/2

[CEa3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.2 24

[CEa3-Ten-GigabitEthernet3/0/2] pim sm

[CEa3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/3

[CEa3-Ten-GigabitEthernet3/0/3] ip address 10.110.12.2 24

[CEa3-Ten-GigabitEthernet3/0/3] pim sm

[CEa3-Ten-GigabitEthernet3/0/3] quit

# Configure RIP.

[CEa3] rip 2

[CEa3-rip-2] network 10.110.5.0 0.0.0.255

[CEa3-rip-2] network 10.110.10.0 0.0.0.255

[CEa3-rip-2] network 10.110.12.0 0.0.0.255

9. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 10.110.11.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 10.110.6.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb2] rip 3

[CEb2-rip-3] network 10.110.6.0 0.0.0.255

[CEb2-rip-3] network 10.110.11.0 0.0.0.255

Verifying the configuration

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 1.

[PE1] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

239.1.1.1 1.1.1.1 MTunnel0 a

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 2.

[PE2] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

239.1.1.1 1.1.1.2 MTunnel0 a

239.1.1.1 1.1.1.2 MTunnel1 b

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 3.

[PE3] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

239.1.1.1 1.1.1.3 MTunnel0 a

239.2.2.2 1.1.1.3 MTunnel1 b

Example: Configuring intra-AS RSVP-TE-based MVPN

Network configuration

As shown in Figure 195, configure intra-AS RSVP-TE-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 1, R 2, and R 3 are receivers. · In VPN instance b, S 2 is a multicast source, and R 4 is a receiver.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 and Ten-GigabitEthernet 3/0/3 belong to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/2 belongs to VPN instance b. Ten-GigabitEthernet 3/0/3 belongs to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 and Loopback 2 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and MPLS	· Configure OSPF on the public network, and configure RIP between the PEs and the CEs. · Establish BGP peer connections between PE 1, PE 2, and PE 3 on their respective Loopback 1. · Configure MPLS TE and MPLS RSVP on the public network.
IP multicast routing	· Enable IP multicast routing for VPN instance a on PE 1, PE 2, and PE 3. · Enable IP multicast routing for VPN instance b on PE 2 and PE 3. · Enable IP multicast routing on CE a1, CE a2, CE a3, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/2 of PE 1. · Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2, CE a3, and CE b2.
PIM	· Enable PIM-SM on all interfaces that do not have attached receiver hosts on PE 1, PE 2, and PE 3. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE a3, CE b1, and CE b2. · Configure Loopback 1 of CE a2 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups. · Configure Loopback 2 of PE 3 as a C-BSR and a C-RP for VPN instance b to provide services for all multicast groups.
MSDP	· Enable MSDP on CE a2, and specify Ten-GigabitEthernet 3/0/2 as the local MSDP connection interface. · Enable MSDP on PE 2 for VPN instance a, and specify Ten-GigabitEthernet 3/0/3 as the local MSDP connection interface.

Figure 195 Network diagram

‌

Table 41 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	10.110.7.2/24	PE 3	XGE3/0/1	192.168.8.1/24
S 2	—	10.110.8.2/24	PE 3	XGE3/0/2	10.110.5.1/24
R 1	—	10.110.1.2/24	PE 3	XGE3/0/3	10.110.6.1/24
R 2	—	10.110.9.2/24	PE 3	Loop1	1.1.1.3/32
R 3	—	10.110.10.2/24	PE 3	Loop2	33.33.33.33/32
R 4	—	10.110.11.2/24	CE a1	XGE3/0/1	10.110.7.1/24
P	XGE3/0/1	192.168.6.2/24	CE a1	XGE3/0/2	10.110.2.2/24
P	XGE3/0/2	192.168.7.2/24	CE a2	XGE3/0/1	10.110.9.1/24
P	XGE3/0/3	192.168.8.2/24	CE a2	XGE3/0/2	10.110.4.2/24
P	Loop1	2.2.2.2/32	CE a2	XGE3/0/3	10.110.12.1/24
PE 1	XGE3/0/1	192.168.6.1/24	CE a2	Loop1	22.22.22.22/32
PE 1	XGE3/0/2	10.110.1.1/24	CE a3	XGE3/0/1	10.110.10.1/24
PE 1	XGE3/0/3	10.110.2.1/24	CE a3	XGE3/0/2	10.110.5.2/24
PE 1	Loop1	1.1.1.1/32	CE a3	XGE3/0/3	10.110.12.2/24
PE 2	XGE3/0/1	192.168.7.1/24	CE b1	XGE3/0/1	10.110.8.1/24
PE 2	XGE3/0/2	10.110.3.1/24	CE b1	XGE3/0/2	10.110.3.2/24
PE 2	XGE3/0/3	10.110.4.1/24	CE b2	XGE3/0/1	10.110.11.1/24
PE 2	Loop1	1.1.1.2/32	CE b2	XGE3/0/2	10.110.6.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure an LSR ID, and enable MPLS TE, MPLS LDP, and RSVP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] mpls ldp

[PE1-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing in VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create an RSVP-TE-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode rsvp-te

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation.

[PE1-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

# Enable dynamic selective tunnel creation.

[PE1-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 192.168.6.1 24

# Enable MPLS, MPLS TE, MPLS LDP, and RSVP on Ten-GigabitEthernet 3/0/1.

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls te enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] rsvp enable

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable IGMP on the interface.

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.110.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] igmp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.110.2.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 1.1.1.2 as-number 100

[PE1-bgp-default] peer 1.1.1.2 connect-interface loopback 1

[PE1-bgp-default] peer 1.1.1.3 as-number 100

[PE1-bgp-default] peer 1.1.1.3 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] peer 1.1.1.2 enable

[PE1-bgp-default-ipv4] peer 1.1.1.3 enable

[PE1-bgp-default-ipv4] quit

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 1.1.1.2 enable

[PE1-bgp-default-mvpn] peer 1.1.1.3 enable

[PE1-bgp-default-mvpn]quit

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1-bgp-default-vpnv4] peer 1.1.1.2 enable

[PE1-bgp-default-vpnv4] peer 1.1.1.3 enable

[PE1-bgp-default-vpnv4] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4 unicast

[PE1-bgp-default-ipv4-a] import-route rip 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 192.168.6.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure RIP.

[PE1] rip 2 vpn-instance a

[PE1-rip-2] network 10.110.1.0 0.0.0.255

[PE1-rip-2] network 10.110.2.0 0.0.0.255

[PE1-rip-2] import-route bgp

[PE1-rip-2] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 1.1.1.2

# Configure an LSR ID, and enable MPLS TE, MPLS LDP, and RSVP globally.

[PE2] mpls lsr-id 1.1.1.2

[PE2] mpls te

[PE2-te] quit

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] rsvp

[PE2-rsvp] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance b

[PE2-vpn-instance-b] route-distinguisher 200:1

[PE2-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE2-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE2-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create an RSVP-TE-based MVPN for VPN instance b.

[PE2] multicast-vpn vpn-instance b mode rsvp-te

# Create an MVPN IPv4 address family for VPN instance b.

[PE2-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE2-mvpn-vpn-instance-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation.

[PE2-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

# Enable dynamic selective tunnel creation.

[PE2-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE2-mvpn-vpn-instance-b-ipv4] quit

[PE2-mvpn-vpn-instance-b] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance a

[PE2-vpn-instance-a] route-distinguisher 100:1

[PE2-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Enable MSDP for VPN instance a.

[PE2] msdp vpn-instance a

[PE2-msdp-a] peer 10.110.4.2 connect-interface ten-gigabitethernet 3/0/3

[PE2-msdp-a] quit

# Create an RSVP-TE-based MVPN for VPN instance a.

[PE2] multicast-vpn vpn-instance a mode rsvp-te

# Create an MVPN IPv4 address family for VPN instance a.

[PE2-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE2-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation.

[PE2-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

# Enable dynamic selective tunnel creation.

[PE2-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE2-mvpn-vpn-instance-a-ipv4] quit

[PE2-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 192.168.7.1 24

# Enable MPLS, MPLS TE, MPLS LDP, and RSVP on Ten-GigabitEthernet 3/0/1.

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls te enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] rsvp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance b.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance b

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.110.3.1 24

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.110.4.1 24

[PE2-Ten-GigabitEthernet3/0/3] pim sm

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.2 32

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.1 as-number 100

[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE2-bgp-default] peer 1.1.1.3 as-number 100

[PE2-bgp-default] peer 1.1.1.3 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] peer 1.1.1.1 enable

[PE2-bgp-default-ipv4] peer 1.1.1.3 enable

[PE2-bgp-default-ipv4] quit

[PE2-bgp-default] address-family ipv4 mvpn

[PE2-bgp-default-mvpn] peer 1.1.1.1 enable

[PE2-bgp-default-mvpn] peer 1.1.1.3 enable

[PE2-bgp-default-mvpn]quit

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable

[PE2-bgp-default-vpnv4] peer 1.1.1.3 enable

[PE2-bgp-default-vpnv4] quit

[PE2–bgp-default] ip vpn-instance a

[PE2-bgp-default-a] address-family ipv4 unicast

[PE2-bgp-default-ipv4-a] import-route rip 2

[PE2-bgp-default-ipv4-a] import-route direct

[PE2-bgp-default-ipv4-a] quit

[PE2-bgp-default-a] quit

[PE2–bgp-default] ip vpn-instance b

[PE2-bgp-default-b] address-family ipv4 unicast

[PE2-bgp-default-ipv4-b] import-route rip 3

[PE2-bgp-default-ipv4-b] import-route direct

[PE2-bgp-default-ipv4-b] quit

[PE2-bgp-default-b] quit

[PE2–bgp-default] quit

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 1.1.1.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 192.168.7.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Configure RIP.

[PE2] rip 2 vpn-instance a

[PE2-rip-2] network 10.110.4.0 0.0.0.255

[PE2-rip-2] import-route bgp

[PE2-rip-2] quit

[PE2] rip 3 vpn-instance b

[PE2-rip-3] network 10.110.3.0 0.0.0.255

[PE2-rip-3] import-route bgp

[PE2-rip-3] quit

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 1.1.1.3

# Configure an LSR ID, and enable MPLS TE, MPLS LDP, and RSVP globally.

[PE3] mpls lsr-id 1.1.1.3

[PE3] mpls te

[PE3-te] quit

[PE3] mpls ldp

[PE3-ldp] quit

[PE3] rsvp

[PE3-rsvp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance a

[PE3-vpn-instance-a] route-distinguisher 100:1

[PE3-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE3-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE3-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE3] multicast routing vpn-instance a

[PE3-mrib-a] quit

# Create an RSVP-TE-based MVPN for VPN instance a.

[PE3] multicast-vpn vpn-instance a mode rsvp-te

# Create an MVPN IPv4 address family for VPN instance a.

[PE3-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE3-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation.

[PE3-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

# Enable dynamic selective tunnel creation.

[PE3-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE3-mvpn-vpn-instance-a-ipv4] quit

[PE3-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance b

[PE3-vpn-instance-b] route-distinguisher 200:1

[PE3-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE3-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE3-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE3] multicast routing vpn-instance b

[PE3-mrib-b] quit

# Create an RSVP-TE-based MVPN for VPN instance b.

[PE3] multicast-vpn vpn-instance b mode rsvp-te

# Create an MVPN IPv4 address family for VPN instance b.

[PE3-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE3-mvpn-vpn-instance-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation.

[PE3-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

# Enable dynamic selective tunnel creation.

[PE3-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE3-mvpn-vpn-instance-b-ipv4] quit

[PE3-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 192.168.8.1 24

# Enable MPLS, MPLS-TE, MPLS LDP, and RSVP on Ten-GigabitEthernet 3/0/1.

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls te enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] rsvp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.1 24

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE3-Ten-GigabitEthernet3/0/3] ip address 10.110.6.1 24

[PE3-Ten-GigabitEthernet3/0/3] pim sm

[PE3-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 1.1.1.3 32

[PE3-LoopBack1] quit

# Associate Loopback 2 with VPN instance b.

[PE3] interface loopback 2

[PE3-LoopBack2] ip binding vpn-instance b

# Assign an IP address to Loopback 2, and enable PIM-SM on the interface.

[PE3-LoopBack2] ip address 33.33.33.33 32

[PE3-LoopBack2] pim sm

[PE3-LoopBack2] quit

# Configure Loopback 2 as a C-BSR and a C-RP.

[PE3] pim vpn-instance b

[PE3-pim-b] c-bsr 33.33.33.33

[PE3-pim-b] c-rp 33.33.33.33

[PE3-pim-b] quit

# Configure BGP.

[PE3] bgp 100

[PE3-bgp-default] peer 1.1.1.1 as-number 100

[PE3-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE3-bgp-default] peer 1.1.1.2 as-number 100

[PE3-bgp-default] peer 1.1.1.2 connect-interface loopback 1

[PE3-bgp-default] address-family ipv4 unicast

[PE3-bgp-default-ipv4] peer 1.1.1.1 enable

[PE3-bgp-default-ipv4] peer 1.1.1.2 enable

[PE3-bgp-default-ipv4] quit

[PE3-bgp-default] address-family ipv4 mvpn

[PE3-bgp-default-mvpn] peer 1.1.1.1 enable

[PE3-bgp-default-mvpn] peer 1.1.1.2 enable

[PE3-bgp-default-mvpn]quit

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE3-bgp-default-vpnv4] peer 1.1.1.1 enable

[PE3-bgp-default-vpnv4] peer 1.1.1.2 enable

[PE3-bgp-default-vpnv4] quit

[PE3–bgp-default] ip vpn-instance a

[PE3-bgp-default-a] address-family ipv4 unicast

[PE3-bgp-default-ipv4-a] import-route rip 2

[PE3-bgp-default-ipv4-a] import-route direct

[PE3-bgp-default-ipv4-a] quit

[PE3-bgp-default-a] quit

[PE3–bgp-default] quit

# Configure OSPF.

[PE3] ospf 1

[PE3-ospf-1] area 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 1.1.1.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 192.168.8.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

# Configure RIP.

[PE3] rip 2 vpn-instance a

[PE3-rip-2] network 10.110.5.0 0.0.0.255

[PE3-rip-2] import-route bgp

[PE3-rip-2] quit

[PE3] rip 3 vpn-instance b

[PE3-rip-3] network 10.110.6.0 0.0.0.255

[PE3-rip-3] network 33.33.33.33 0.0.0.0

[PE3-rip-3] import-route bgp

[PE3-rip-3] quit

4. Configure P:

# Configure an LSR ID, and enable MPLS TE, MPLS LDP, and RSVP globally.

[P] mpls lsr-id 2.2.2.2

[P] mpls te

[P-te] quit

[P] mpls ldp

[P-ldp] quit

[P] rsvp

[P-rsvp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ip address 192.168.6.2 24

# Enable MPLS, MPLS TE, MPLS LDP, and RSVP on Ten-GigabitEthernet 3/0/1.

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls te enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] rsvp enable

[P-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ip address 192.168.7.2 24

# Enable MPLS, MPLS TE, MPLS LDP, and RSVP on Ten-GigabitEthernet 3/0/2.

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls te enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] rsvp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet3/0/3.

[P] interface ten-gigabitethernet 3/0/3

[P-Ten-GigabitEthernet3/0/3] ip address 192.168.8.2 24

# Enable MPLS, MPLS TE, MPLS LDP, and RSVP on Ten-GigabitEthernet3/0/3.

[P-Ten-GigabitEthernet3/0/3] mpls enable

[P-Ten-GigabitEthernet3/0/3] mpls te enable

[P-Ten-GigabitEthernet3/0/3] mpls ldp enable

[P-Ten-GigabitEthernet3/0/3] rsvp enable

[P-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[P] interface loopback 1

[P-LoopBack1] ip address 2.2.2.2 32

[P-LoopBack1] quit

# Configure OSPF.

[P] ospf 1

[P-ospf-1] area 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 192.168.6.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.168.7.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.168.8.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

5. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 10.110.7.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 10.110.2.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEa1] rip 2

[CEa1-rip-2] network 10.110.2.0 0.0.0.255

[CEa1-rip-2] network 10.110.7.0 0.0.0.255

[CEa1-rip-2] quit

6. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 10.110.8.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 10.110.3.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb1] rip 3

[CEb1-rip-3] network 10.110.3.0 0.0.0.255

[CEb1-rip-3] network 10.110.8.0 0.0.0.255

[CEb1-rip-2] quit

7. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 10.110.9.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 10.110.4.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/3

[CEa2-Ten-GigabitEthernet3/0/3] ip address 10.110.12.1 24

[CEa2-Ten-GigabitEthernet3/0/3] pim sm

[CEa2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[CEa2] interface loopback 1

[CEa2-LoopBack1] ip address 22.22.22.22 32

[CEa2-LoopBack1] pim sm

[CEa2-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP.

[CEa2] pim

[CEa2-pim] c-bsr 22.22.22.22

[CEa2-pim] c-rp 22.22.22.22

[CEa2-pim] quit

# Configure MSDP.

[CEa2] msdp

[CEa2-msdp] peer 10.110.4.1 connect-interface Ten-GigabitEthernet 3/0/2

[CEa2-msdp] quit

# Configure RIP.

[CEa2] rip 2

[CEa2-rip-2] network 10.110.4.0 0.0.0.255

[CEa2-rip-2] network 10.110.9.0 0.0.0.255

[CEa2-rip-2] network 10.110.12.0 0.0.0.255

[CEa2-rip-2] network 22.22.22.22 0.0.0.0

[CEa2-rip-2] quit

8. Configure CE a3:

# Enable IP multicast routing.

<CEa3> system-view

[CEa3] multicast routing

[CEa3-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa3] interface ten-gigabitethernet 3/0/1

[CEa3-Ten-GigabitEthernet3/0/1] ip address 10.110.10.1 24

[CEa3-Ten-GigabitEthernet3/0/1] igmp enable

[CEa3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/2

[CEa3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.2 24

[CEa3-Ten-GigabitEthernet3/0/2] pim sm

[CEa3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/3

[CEa3-Ten-GigabitEthernet3/0/3] ip address 10.110.12.2 24

[CEa3-Ten-GigabitEthernet3/0/3] pim sm

[CEa3-Ten-GigabitEthernet3/0/3] quit

# Configure RIP.

[CEa3] rip 2

[CEa3-rip-2] network 10.110.5.0 0.0.0.255

[CEa3-rip-2] network 10.110.10.0 0.0.0.255

[CEa3-rip-2] network 10.110.12.0 0.0.0.255

[CEa3-rip-2] quit

9. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 10.110.11.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 10.110.6.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb2] rip 3

[CEb2-rip-3] network 10.110.6.0 0.0.0.255

[CEb2-rip-3] network 10.110.11.0 0.0.0.255

[CEb2-rip-2] quit

Verifying the configuration

# Display the C-multicast A-D routing information VPN instances on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.7.2, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: Tunnel2

Leaf neighbors information:

Total number of Leaf neighbors: 2

1: 1.1.1.2

2: 1.1.1.3

# Display RSVP-TE tunnel neighbor information for VPN instances on PE 1.

[PE1] display multicast-vpn vpn-instance a neighbor

Total 1 Selective Tunnels in using

Total 0 Selective Tunnels in creating

Inclusive Tunnel : Tunnel1

Tunnel Identifier: RSVP P2MP <0x01010101, 0x0, 0x5, 0x01010101>

Neighbor State Up/DownTime

1.1.1.2 Up 02:50:49

1.1.1.3 Up 02:50:49

Selective Tunnel : Tunnel2

Tunnel Identifier: RSVP P2MP <0x01010101, 0x0, 0x8, 0x01010101>

Neighbor State Up/DownTime

1.1.1.2 Up 01:10:23

1.1.1.3 Up 01:10:23

# Display the C-multicast A-D routing information VPN instances on PE 2.

[PE2] display multicast-vpn vpn-instance b c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.8.2, 225.0.0.2)

UpTime: 02:54:43

Tunnel Information: Tunnel2

Leaf neighbors information:

Total number of Leaf neighbors: 1

1: 1.1.1.3

# Display RSVP-TE tunnel neighbor information for VPN instances on PE 2.

[PE2] display multicast-vpn vpn-instance b neighbor

Total 1 Selective Tunnels in using

Total 0 Selective Tunnels in creating

Inclusive Tunnel : Tunnel1

Tunnel Identifier: RSVP P2MP <0x01010102, 0x0, 0x8, 0x01010102>

Neighbor State Up/DownTime

1.1.1.3 Up 02:50:49

Selective Tunnel : Tunnel2

Tunnel Identifier: RSVP P2MP <0x01010102, 0x0, 0x8, 0x01010102>

Neighbor State Up/DownTime

1.1.1.3 Up 01:10:23

Example: Configuring intra-AS mLDP-based MVPN

Network configuration

As shown in Figure 196, configure intra-AS mLDP-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 1, R 2, and R 3 are receivers. · In VPN instance b, S 2 is a multicast source, and R 4 is a receiver.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 and Ten-GigabitEthernet 3/0/3 belong to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/2 belongs to VPN instance b. Ten-GigabitEthernet 3/0/3 belongs to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 and Loopback 2 belong to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and MPLS	· Configure OSPF on the public network, and configure RIP between the PEs and the CEs. · Establish BGP peer connections between PE 1, PE 2, and PE 3 on their respective Loopback 1. · Configure MPLS LDP on the public network.
IP multicast routing	· Enable IP multicast routing for VPN instance a on PE 1, PE 2, and PE 3. · Enable IP multicast routing for VPN instance b on PE 2 and PE 3. · Enable IP multicast routing on CE a1, CE a2, CE a3, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/2 of PE 1. · Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2, CE a3, and CE b2.
PIM	· Enable PIM-SM on all interfaces that do not have attached receiver hosts on PE 1, PE 2, and PE 3. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE a3, CE b1, and CE b2. · Configure Loopback 1 of CE a2 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups. · Configure Loopback 2 of PE 3 as a C-BSR and a C-RP for VPN instance b to provide services for all multicast groups.
MSDP	· Enable MSDP on CE a2, and specify Ten-GigabitEthernet 3/0/2 as the local MSDP connection interface. · Enable MSDP on PE 2 for VPN instance a, and specify Ten-GigabitEthernet 3/0/3 as the local MSDP connection interface.

Figure 196 Network diagram

‌

Table 42 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	10.110.7.2/24	PE 3	XGE3/0/1	192.168.8.1/24
S 2	—	10.110.8.2/24	PE 3	XGE3/0/2	10.110.5.1/24
R 1	—	10.110.1.2/24	PE 3	XGE3/0/3	10.110.6.1/24
R 2	—	10.110.9.2/24	PE 3	Loop1	1.1.1.3/32
R 3	—	10.110.10.2/24	PE 3	Loop2	33.33.33.33/32
R 4	—	10.110.11.2/24	CE a1	XGE3/0/1	10.110.7.1/24
P	XGE3/0/1	192.168.6.2/24	CE a1	XGE3/0/2	10.110.2.2/24
P	XGE3/0/2	192.168.7.2/24	CE a2	XGE3/0/1	10.110.9.1/24
P	XGE3/0/3	192.168.8.2/24	CE a2	XGE3/0/2	10.110.4.2/24
P	Loop1	2.2.2.2/32	CE a2	XGE3/0/3	10.110.12.1/24
PE 1	XGE3/0/1	192.168.6.1/24	CE a2	Loop1	22.22.22.22/32
PE 1	XGE3/0/2	10.110.1.1/24	CE a3	XGE3/0/1	10.110.10.1/24
PE 1	XGE3/0/3	10.110.2.1/24	CE a3	XGE3/0/2	10.110.5.2/24
PE 1	Loop1	1.1.1.1/32	CE a3	XGE3/0/3	10.110.12.2/24
PE 2	XGE3/0/1	192.168.7.1/24	CE b1	XGE3/0/1	10.110.8.1/24
PE 2	XGE3/0/2	10.110.3.1/24	CE b1	XGE3/0/2	10.110.3.2/24
PE 2	XGE3/0/3	10.110.4.1/24	CE b2	XGE3/0/1	10.110.11.1/24
PE 2	Loop1	1.1.1.2/32	CE b2	XGE3/0/2	10.110.6.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure an LSR ID, and enable MPLS LDP and mLDP P2MP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] mldp p2mp

[PE1-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing in VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 192.168.6.1 24

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable IGMP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.110.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] igmp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.110.2.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 1.1.1.2 as-number 100

[PE1-bgp-default] peer 1.1.1.2 connect-interface loopback 1

[PE1-bgp-default] peer 1.1.1.3 as-number 100

[PE1-bgp-default] peer 1.1.1.3 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 1.1.1.2 enable

[PE1-bgp-default-mvpn] peer 1.1.1.3 enable

[PE1-bgp-default-mvpn] quit

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1-bgp-default-vpnv4] peer 1.1.1.2 enable

[PE1-bgp-default-vpnv4] peer 1.1.1.3 enable

[PE1-bgp-default-vpnv4] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4 unicast

[PE1-bgp-default-ipv4-a] import-route rip 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 192.168.6.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure RIP.

[PE1] rip 2 vpn-instance a

[PE1-rip-2] network 10.110.1.0 0.0.0.255

[PE1-rip-2] network 10.110.2.0 0.0.0.255

[PE1-rip-2] import-route bgp

[PE1-rip-2] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 1.1.1.2

# Configure an LSR ID, and enable MPLS LDP and mLDP P2MP globally.

[PE2] mpls lsr-id 1.1.1.2

[PE2] mpls ldp

[PE2-ldp] mldp p2mp

[PE2-ldp] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance b

[PE2-vpn-instance-b] route-distinguisher 200:1

[PE2-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE2-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE2-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance b.

[PE2] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE2-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE2-mvpn-vpn-instance-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE2-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

[PE2-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE2-mvpn-vpn-instance-b-ipv4] quit

[PE2-mvpn-vpn-instance-b] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance a

[PE2-vpn-instance-a] route-distinguisher 100:1

[PE2-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE2] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE2-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE2-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE2-mvpn-vpn-instance-a-ipv4] quit

[PE2-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 192.168.7.1 24

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance b

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.110.3.1 24

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.110.4.1 24

[PE2-Ten-GigabitEthernet3/0/3] pim sm

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.2 32

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.1 as-number 100

[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE2-bgp-default] peer 1.1.1.3 as-number 100

[PE2-bgp-default] peer 1.1.1.3 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 mvpn

[PE2-bgp-default-mvpn] peer 1.1.1.1 enable

[PE2-bgp-default-mvpn] peer 1.1.1.3 enable

[PE2-bgp-default-mvpn] quit

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable

[PE2-bgp-default-vpnv4] peer 1.1.1.3 enable

[PE2-bgp-default-vpnv4] quit

[PE2–bgp-default] ip vpn-instance a

[PE2-bgp-default-a] address-family ipv4 unicast

[PE2-bgp-default-ipv4-a] import-route rip 2

[PE2-bgp-default-ipv4-a] import-route direct

[PE2-bgp-default-ipv4-a] quit

[PE2-bgp-default-a] quit

[PE2–bgp-default] ip vpn-instance b

[PE2-bgp-default-b] address-family ipv4 unicast

[PE2-bgp-default-ipv4-b] import-route rip 3

[PE2-bgp-default-ipv4-b] import-route direct

[PE2-bgp-default-ipv4-b] quit

[PE2-bgp-default-b] quit

[PE2–bgp-default] quit

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 1.1.1.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 192.168.7.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Configure RIP.

[PE2] rip 2 vpn-instance a

[PE2-rip-2] network 10.110.4.0 0.0.0.255

[PE2-rip-2] import-route bgp

[PE2-rip-2] quit

[PE2] rip 3 vpn-instance b

[PE2-rip-3] network 10.110.3.0 0.0.0.255

[PE2-rip-3] import-route bgp

[PE2-rip-3] quit

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 1.1.1.3

# Configure an LSR ID, and enable MPLS LDP and mLDP P2MP globally.

[PE3] mpls lsr-id 1.1.1.3

[PE3] mpls ldp

[PE3-ldp] mldp p2mp

[PE3-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance a

[PE3-vpn-instance-a] route-distinguisher 100:1

[PE3-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE3-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE3-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE3] multicast routing vpn-instance a

[PE3-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE3] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE3-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE3-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE3-mvpn-vpn-instance-a-ipv4] quit

[PE3-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance b

[PE3-vpn-instance-b] route-distinguisher 200:1

[PE3-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE3-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE3-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE3] multicast routing vpn-instance b

[PE3-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b.

[PE3] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE3-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE3-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE3-mvpn-vpn-instance-b-ipv4] quit

[PE3-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 192.168.8.1 24

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.1 24

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE3-Ten-GigabitEthernet3/0/3] ip address 10.110.6.1 24

[PE3-Ten-GigabitEthernet3/0/3] pim sm

[PE3-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 1.1.1.3 32

[PE3-LoopBack1] quit

# Associate Loopback 2 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface loopback 2

[PE3-LoopBack2] ip binding vpn-instance b

[PE3-LoopBack2] ip address 33.33.33.33 32

[PE3-LoopBack2] pim sm

[PE3-LoopBack2] quit

# Configure Loopback 2 as a C-BSR and a C-RP.

[PE3] pim vpn-instance b

[PE3-pim-b] c-bsr 33.33.33.33

[PE3-pim-b] c-rp 33.33.33.33

[PE3-pim-b] quit

# Configure BGP.

[PE3] bgp 100

[PE3-bgp-default] peer 1.1.1.1 as-number 100

[PE3-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE3-bgp-default] peer 1.1.1.2 as-number 100

[PE3-bgp-default] peer 1.1.1.2 connect-interface loopback 1

[PE3-bgp-default] address-family ipv4 mvpn

[PE3-bgp-default-mvpn] peer 1.1.1.1 enable

[PE3-bgp-default-mvpn] peer 1.1.1.2 enable

[PE3-bgp-default-mvpn]quit

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE3-bgp-default-vpnv4] peer 1.1.1.1 enable

[PE3-bgp-default-vpnv4] peer 1.1.1.2 enable

[PE3-bgp-default-vpnv4] quit

[PE3–bgp-default] ip vpn-instance a

[PE3-bgp-default-a] address-family ipv4 unicast

[PE3-bgp-default-ipv4-a] import-route rip 2

[PE3-bgp-default-ipv4-a] import-route direct

[PE3-bgp-default-ipv4-a] quit

[PE3-bgp-default-a] quit

[PE3–bgp-default] ip vpn-instance b

[PE3-bgp-default-b] address-family ipv4 unicast

[PE3-bgp-default-ipv4-b] import-route rip 3

[PE3-bgp-default-ipv4-b] import-route direct

[PE3-bgp-default-ipv4-b] quit

[PE3-bgp-default-b] quit

[PE3–bgp-default] quit

# Configure OSPF.

[PE3] ospf 1

[PE3-ospf-1] area 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 1.1.1.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 192.168.8.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

# Configure RIP.

[PE3] rip 2 vpn-instance a

[PE3-rip-2] network 10.110.5.0 0.0.0.255

[PE3-rip-2] import-route bgp

[PE3-rip-2] quit

[PE3] rip 3 vpn-instance b

[PE3-rip-3] network 10.110.6.0 0.0.0.255

[PE3-rip-3] network 33.33.33.33 0.0.0.0

[PE3-rip-3] import-route bgp

[PE3-rip-3] quit

4. Configure P:

# Configure an LSR ID, and enable MPLS LDP and mLDP P2MP globally.

[P] mpls lsr-id 2.2.2.2

[P] mpls ldp

[P-ldp] mldp p2mp

[P-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ip address 192.168.6.2 24

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ip address 192.168.7.2 24

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet3/0/3, and enable MPLS and IPv4 LDP on the interface.

[P] interface ten-gigabitethernet 3/0/3

[P-Ten-GigabitEthernet3/0/3] ip address 192.168.8.2 24

[P-Ten-GigabitEthernet3/0/3] mpls enable

[P-Ten-GigabitEthernet3/0/3] mpls ldp enable

[P-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[P] interface loopback 1

[P-LoopBack1] ip address 2.2.2.2 32

[P-LoopBack1] quit

# Configure OSPF.

[P] ospf 1

[P-ospf-1] area 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 192.168.6.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.168.7.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.168.8.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

5. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 10.110.7.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 10.110.2.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEa1] rip 2

[CEa1-rip-2] network 10.110.2.0 0.0.0.255

[CEa1-rip-2] network 10.110.7.0 0.0.0.255

[CEa1-rip-2] quit

6. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 10.110.8.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 10.110.3.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb1] rip 3

[CEb1-rip-3] network 10.110.3.0 0.0.0.255

[CEb1-rip-3] network 10.110.8.0 0.0.0.255

[CEb1-rip-2] quit

7. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 10.110.9.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 10.110.4.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/3

[CEa2-Ten-GigabitEthernet3/0/3] ip address 10.110.12.1 24

[CEa2-Ten-GigabitEthernet3/0/3] pim sm

[CEa2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[CEa2] interface loopback 1

[CEa2-LoopBack1] ip address 22.22.22.22 32

[CEa2-LoopBack1] pim sm

[CEa2-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP.

[CEa2] pim

[CEa2-pim] c-bsr 22.22.22.22

[CEa2-pim] c-rp 22.22.22.22

[CEa2-pim] quit

# Configure MSDP.

[CEa2] msdp

[CEa2-msdp] peer 10.110.4.1 connect-interface ten-gigabitethernet 3/0/2

[CEa2-msdp] quit

# Configure RIP.

[CEa2] rip 2

[CEa2-rip-2] network 10.110.4.0 0.0.0.255

[CEa2-rip-2] network 10.110.9.0 0.0.0.255

[CEa2-rip-2] network 10.110.12.0 0.0.0.255

[CEa2-rip-2] network 22.22.22.22 0.0.0.0

[CEa2-rip-2] quit

8. Configure CE a3:

# Enable IP multicast routing.

<CEa3> system-view

[CEa3] multicast routing

[CEa3-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa3] interface ten-gigabitethernet 3/0/1

[CEa3-Ten-GigabitEthernet3/0/1] ip address 10.110.10.1 24

[CEa3-Ten-GigabitEthernet3/0/1] igmp enable

[CEa3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/2

[CEa3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.2 24

[CEa3-Ten-GigabitEthernet3/0/2] pim sm

[CEa3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/3

[CEa3-Ten-GigabitEthernet3/0/3] ip address 10.110.12.2 24

[CEa3-Ten-GigabitEthernet3/0/3] pim sm

[CEa3-Ten-GigabitEthernet3/0/3] quit

# Configure RIP.

[CEa3] rip 2

[CEa3-rip-2] network 10.110.5.0 0.0.0.255

[CEa3-rip-2] network 10.110.10.0 0.0.0.255

[CEa3-rip-2] network 10.110.12.0 0.0.0.255

[CEa3-rip-2] quit

9. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 10.110.11.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 10.110.6.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb2] rip 3

[CEb2-rip-3] network 10.110.6.0 0.0.0.255

[CEb2-rip-3] network 10.110.11.0 0.0.0.255

[CEb2-rip-2] quit

Verifying the configuration

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel interface: LSPVOif0

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: Up

Opaque value: 0x010004e4000000

Root: 1.1.1.1 (local)

Leafs:

1: 1.1.1.2

2: 1.1.1.3

# Display information about mLDP selective tunnels for VPN instance a on PE 1.

[PE1]display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel interface: LSPVOif1

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: Up

Opaque value: 0x010004e4000001

Root: 1.1.1.1 (local)

# Display C-multicast A-D route information for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.7.2, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: LSPVOif1

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: --

Opaque value: 0x010004e4000000

Root: 1.1.1.1

Leaf:

1: 1.1.1.2 (local)

# Display information about mLDP selective tunnels for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: --

Opaque value: 0x010004e4000001

Root: 1.1.1.1

Leaf:

1: 1.1.1.2 (local)

# Display information about the mLDP inclusive tunnel for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b inclusive-tunnel local

Tunnel interface: LSPVOif0

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: Up

Opaque value: 0x010004e4000000

Root: 1.1.1.2 (local)

Leafs:

1: 1.1.1.1

2: 1.1.1.3

# Display information about mLDP selective tunnels for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel interface: LSPVOif1

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: Up

Opaque value: 0x010004e4000001

Root: 1.1.1.2 (local)

# Display C-multicast A-D route information for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.8.2, 225.0.0.2)

CreateTime: 02:54:43

Tunnel Information: LSPVOif1

# Display information about the mLDP inclusive tunnel for VPN instance b on PE 3.

[PE3] display multicast-vpn vpn-instance b inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: --

Opaque value: 0x010004e4000000

Root: 1.1.1.2

Leaf:

1: 1.1.1.3 (local)

# Display information about mLDP selective tunnels for VPN instance b on PE 3.

[PE3] display multicast-vpn vpn-instance b selective-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: --

Opaque value: 0x010004e4000001

Root: 1.1.1.2

Leaf:

1: 1.1.1.3 (local)

Example: Configuring inter-AS option B MDT-based MVPN

Network configuration

As shown in Figure 197, configure inter-AS option B MDT-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 2 is a receiver. · In VPN instance b, S 2 is a multicast source, and R 1 is a receiver. · For VPN instance a, the default group is 232.1.1.1, and the data group range is 232.2.2.0 to 232.2.2.15. They are in the SSM group range. · For VPN instance b, the default group is 232.3.3.3, and the data group range is 232.4.4.0 to 232.4.4.15. They are in the SSM group range.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, and Loopback 1 belong to the public network. · PE 4: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and MPLS	· Configure OSPF in AS 100 and AS 200, and configure OSPF between the PEs and CEs. · Establish IBGP peer connections between PE 1, PE 2, PE 3, and PE 4 on their respective Loopback 1. · Establish EBGP peer connections between Ten-GigabitEthernet 3/0/2 on PE 2 and PE 3. · Configure BGP MDT peer connections between PE 1, PE 2, PE 3, and PE 4 on their respective Loopback 1 and between PE 2 and PE 3 on their respective Ten-GigabitEthernet 3/0/2. · Configure MPLS in AS 100 and AS 200.
IP multicast routing	· Enable IP multicast routing on P 1 and P 2. · Enable IP multicast routing for the public network on PE 1, PE 2, PE 3, and PE 4. · Enable IP multicast routing for VPN instance a on PE 1 and PE 4. · Enable IP multicast routing for VPN instance b on PE 1 and PE 4. · Enable IP multicast routing on CE a1, CE a2, CE b1, and CE b2.
IGMPv2	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2. · Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE b2.
PIM	Enable PIM-SSM on the public network and PIM-SM for VPN instances a and b: · Enable PIM-SM on all interfaces of P 1 and P 2. · Enable PIM-SM on all public network interfaces of PE 2 and PE 3. · Enable PIM-SM on all public and private network interfaces of PE 1 and PE 4. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE b1, and CE b2. · Configure Ten-GigabitEthernet 3/0/2 of CE a1 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups. · Configure Ten-GigabitEthernet 3/0/2 of CE b1 as a C-BSR and a C-RP for VPN instance b to provide services for all multicast groups.
RPF vector	Enable the RPF vector feature on PE 1 and PE 4.

Figure 197 Network diagram

‌

Table 43 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	12.1.1.100/24	R 1	—	12.4.1.100/24
S 2	—	12.2.1.100/24	R 2	—	12.3.1.100/24
PE 1	XGE3/0/1	10.1.1.1/24	PE 3	XGE3/0/1	10.4.1.1/24
PE 1	XGE3/0/2	11.1.1.1/24	PE 3	XGE3/0/2	10.3.1.2/24
PE 1	XGE3/0/3	11.2.1.1/24	PE 3	Loop1	3.3.3.3/32
PE 1	Loop1	1.1.1.1/32	PE 4	XGE3/0/1	10.5.1.2/24
PE 2	XGE3/0/1	10.2.1.2/24	PE 4	XGE3/0/2	11.3.1.1/24
PE 2	XGE3/0/2	10.3.1.1/24	PE 4	XGE3/0/3	11.4.1.1/24
PE 2	Loop1	2.2.2.2/32	PE 4	Loop1	4.4.4.4/24
P 1	XGE3/0/1	10.1.1.2/24	P 2	XGE3/0/1	10.5.1.1/24
P 1	XGE3/0/2	10.2.1.1/24	P 2	XGE3/0/2	10.4.1.2/24
P 1	Loop1	5.5.5.5/32	P 2	Loop1	6.6.6.6/32
CE a1	XGE3/0/1	12.1.1.1/24	CE b1	XGE3/0/1	12.2.1.1/24
CE a1	XGE3/0/2	11.1.1.2/24	CE b1	XGE3/0/2	11.2.1.2/24
CE a2	XGE3/0/1	12.3.1.1/24	CE b2	XGE3/0/1	12.4.1.1/24
CE a2	XGE3/0/2	11.3.1.2/24	CE b2	XGE3/0/2	11.4.1.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE1> system-view

[PE1] router id 1.1.1.1

[PE1] multicast routing

[PE1-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing and RPF vector for VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] rpf proxy vector

[PE1-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] default-group 232.1.1.1

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE1-mvpn-vpn-instance-a-ipv4] data-group 232.2.2.0 28

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE1] ip vpn-instance b

[PE1-vpn-instance-b] route-distinguisher 200:1

[PE1-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE1-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE1-vpn-instance-b] quit

# Enable IP multicast routing and RPF vector for VPN instance b.

[PE1] multicast routing vpn-instance b

[PE1-mrib-b] rpf proxy vector

[PE1-mrib-b] quit

# Create an MDT-based MVPN for VPN instance b.

[PE1] multicast-vpn vpn-instance b mode mdt

# Create an MVPN IPv4 address family for VPN instance b.

[PE1-mvpn-vpn-instance-b] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance b.

[PE1-mvpn-vpn-instance-b-ipv4] default-group 232.3.3.3

[PE1-mvpn-vpn-instance-b-ivp4] source loopback 1

[PE1-mvpn-vpn-instance-b-ipv4] data-group 232.4.4.0 28

[PE1-mvpn-vpn-instance-b-ipv4] quit

[PE1-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE1-Ten-GigabitEthernet3/0/1] pim sm

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[PE1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] pim sm

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE1-Ten-GigabitEthernet3/0/3] ip address 11.2.1.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] pim sm

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.2 as-number 100

[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 1

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route ospf 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] ip vpn-instance b

[PE1-bgp-default-b] address-family ipv4

[PE1-bgp-default-ipv4-b] import-route ospf 3

[PE1-bgp-default-ipv4-b] import-route direct

[PE1-bgp-default-ipv4-b] quit

[PE1-bgp-default-b] quit

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] peer 2.2.2.2 enable

[PE1–bgp-default-vpnv4] quit

[PE1-bgp-default] address-family ipv4 mdt

[PE1-bgp-default-mdt] peer 2.2.2.2 enable

[PE1-bgp-default-mdt] quit

[PE1–bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure OSPF.

[PE1] ospf 2 vpn-instance a

[PE1-ospf-2] area 0.0.0.0

[PE1-ospf-2-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[PE1-ospf-2-area-0.0.0.0] quit

[PE1-ospf-2] quit

[PE1] ospf 3 vpn-instance b

[PE1-ospf-3] area 0.0.0.0

[PE1-ospf-3-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[PE1-ospf-3-area-0.0.0.0] quit

[PE1-ospf-3] quit

2. Configure PE 2:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE2> system-view

[PE2] router id 2.2.2.2

[PE2] multicast routing

[PE2-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE2] mpls lsr-id 2.2.2.2

[PE2] mpls ldp

[PE2-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE2-Ten-GigabitEthernet3/0/1] pim sm

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.1 24

# Enable PIM-SM and MPLS on Ten-GigabitEthernet 3/0/2.

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 2.2.2.2 32

[PE2-LoopBack1] pim sm

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.1 as-number 100

[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE2-bgp-default] peer 10.3.1.2 as-number 200

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] undo policy vpn-target

[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable

[PE2-bgp-default-vpnv4] peer 10.3.1.2 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] address-family ipv4 mdt

[PE2-bgp-default-mdt] peer 1.1.1.1 enable

[PE2-bgp-default-mdt] peer 10.3.1.2 enable

[PE2-bgp-default-mdt] quit

[PE2–bgp-default] quit

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

3. Configure PE 3:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE3> system-view

[PE3] router id 3.3.3.3

[PE3] multicast routing

[PE3-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE3] mpls lsr-id 3.3.3.3

[PE3] mpls ldp

[PE3-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 10.4.1.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE3-Ten-GigabitEthernet3/0/1] pim sm

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24

# Enable PIM-SM and MPLS on Ten-GigabitEthernet 3/0/2.

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] mpls enable

[PE3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 3.3.3.3 32

[PE3-LoopBack1] pim sm

[PE3-LoopBack1] quit

# Configure BGP.

[PE3] bgp 200

[PE3-bgp-default] peer 4.4.4.4 as-number 200

[PE3-bgp-default] peer 4.4.4.4 connect-interface loopback 1

[PE3-bgp-default] peer 10.3.1.1 as-number 100

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] undo policy vpn-target

[PE3-bgp-default-vpnv4] peer 4.4.4.4 enable

[PE3-bgp-default-vpnv4] peer 10.3.1.1 enable

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] address-family ipv4 mdt

[PE3-bgp-default-mdt] peer 4.4.4.4 enable

[PE3-bgp-default-mdt] peer 10.3.1.1 enable

[PE3-bgp-default-mdt] quit

[PE3–bgp-default] quit

# Configure OSPF.

[PE3] ospf 1

[PE3-ospf-1] area 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

4. Configure PE 4:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE4> system-view

[PE4] router id 4.4.4.4

[PE4] multicast routing

[PE4-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE4] mpls lsr-id 4.4.4.4

[PE4] mpls ldp

[PE4-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE4] ip vpn-instance a

[PE4-vpn-instance-a] route-distinguisher 100:1

[PE4-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE4-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE4-vpn-instance-a] quit

# Enable IP multicast routing and RPF vector for VPN instance a.

[PE4] multicast routing vpn-instance a

[PE4-mrib-a] rpf proxy vector

[PE4-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE4] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE4-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance a.

[PE4-mvpn-vpn-instance-a-ipv4] default-group 232.1.1.1

[PE4-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-a-ipv4] data-group 232.2.2.0 28

[PE4-mvpn-vpn-instance-a-ipv4] quit

[PE4-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE4] ip vpn-instance b

[PE4-vpn-instance-b] route-distinguisher 200:1

[PE4-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE4-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE4-vpn-instance-b] quit

# Enable IP multicast routing and RPF vector for VPN instance b.

[PE4] multicast routing vpn-instance b

[PE4-mrib-b] rpf proxy vector

[PE4-mrib-b] quit

# Create an MDT-based MVPN for VPN instance b,.

[PE4] multicast-vpn vpn-instance b mode mdt

# Create an MVPN IPv4 address family for VPN instance b.

[PE4-mvpn-vpn-instance-b] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance b.

[PE4-mvpn-vpn-instance-b-ipv4] default-group 232.3.3.3

[PE4-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-b-ipv4] data-group 232.4.4.0 28

[PE4-mvpn-vpn-instance-b-ipv4] quit

[PE4-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ip address 10.5.1.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE4-Ten-GigabitEthernet3/0/1] pim sm

[PE4-Ten-GigabitEthernet3/0/1] mpls enable

[PE4-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[PE4-Ten-GigabitEthernet3/0/2] ip address 11.3.1.1 24

[PE4-Ten-GigabitEthernet3/0/2] pim sm

[PE4-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b.

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE4-Ten-GigabitEthernet3/0/3] ip address 11.4.1.1 24

[PE4-Ten-GigabitEthernet3/0/3] pim sm

[PE4-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE4] interface loopback 1

[PE4-LoopBack1] ip address 4.4.4.4 32

[PE4-LoopBack1] pim sm

[PE4-LoopBack1] quit

# Configure BGP.

[PE4] bgp 200

[PE4-bgp-default] peer 3.3.3.3 as-number 200

[PE4-bgp-default] peer 3.3.3.3 connect-interface loopback 1

[PE4–bgp-default] ip vpn-instance a

[PE4-bgp-default-a] address-family ipv4

[PE4-bgp-default-ipv4-a] import-route ospf 2

[PE4-bgp-default-ipv4-a] import-route direct

[PE4-bgp-default-ipv4-a] quit

[PE4-bgp-default-a] quit

[PE4–bgp-default] ip vpn-instance b

[PE4-bgp-default-b] address-family ipv4

[PE4-bgp-default-ipv4-b] import-route ospf 3

[PE4-bgp-default-ipv4-b] import-route direct

[PE4-bgp-default-ipv4-b] quit

[PE4-bgp-default-b] quit

[PE4–bgp-default] address-family vpnv4

[PE4–bgp-default-vpnv4] peer 3.3.3.3 enable

[PE4–bgp-default-vpnv4] quit

[PE4-bgp-default] address-family ipv4 mdt

[PE4-bgp-default-mdt] peer 3.3.3.3 enable

[PE4-bgp-default-mdt] quit

[PE4–bgp-default] quit

# Configure OSPF.

[PE4] ospf 1

[PE4-ospf-1] area 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

[PE4-ospf-1-area-0.0.0.0] quit

[PE4-ospf-1] quit

[PE4] ospf 2 vpn-instance a

[PE4-ospf-2] area 0.0.0.0

[PE4-ospf-2-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[PE4-ospf-2-area-0.0.0.0] quit

[PE4-ospf-2] quit

[PE4] ospf 3 vpn-instance b

[PE4-ospf-3] area 0.0.0.0

[PE4-ospf-3-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[PE4-ospf-3-area-0.0.0.0] quit

[PE4-ospf-3] quit

5. Configure P 1:

# Enable IP multicast routing on the public network.

<P1> system-view

[P1] multicast routing

[P1-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[P1] mpls lsr-id 5.5.5.5

[P1] mpls ldp

[P1-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[P1] interface ten-gigabitethernet 3/0/1

[P1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[P1-Ten-GigabitEthernet3/0/1] pim sm

[P1-Ten-GigabitEthernet3/0/1] mpls enable

[P1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[P1] interface ten-gigabitethernet 3/0/2

[P1-Ten-GigabitEthernet3/0/2] ip address 10.2.1.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/2.

[P1-Ten-GigabitEthernet3/0/2] pim sm

[P1-Ten-GigabitEthernet3/0/2] mpls enable

[P1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P1-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[P1] interface loopback 1

[P1-LoopBack1] ip address 5.5.5.5 32

[P1-LoopBack1] pim sm

[P1-LoopBack1] quit

# Configure OSPF.

[P1] ospf 1

[P1-ospf-1] area 0.0.0.0

[P1-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0

[P1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[P1-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

6. Configure P 2:

# Enable IP multicast routing on the public network.

<P2> system-view

[P2] multicast routing

[P2-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[P2] mpls lsr-id 6.6.6.6

[P2] mpls ldp

[P2-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[P2] interface ten-gigabitethernet 3/0/1

[P2-Ten-GigabitEthernet3/0/1] ip address 10.5.1.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[P2-Ten-GigabitEthernet3/0/1] pim sm

[P2-Ten-GigabitEthernet3/0/1] mpls enable

[P2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[P2] interface ten-gigabitethernet 3/0/2

[P2-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/2.

[P2-Ten-GigabitEthernet3/0/2] pim sm

[P2-Ten-GigabitEthernet3/0/2] mpls enable

[P2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[P2] interface loopback 1

[P2-LoopBack1] ip address 6.6.6.6 32

[P2-LoopBack1] pim sm

[P2-LoopBack1] quit

# Configure OSPF.

[P2] ospf 1

[P2-ospf-1] area 0.0.0.0

[P2-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0

[P2-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[P2-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

7. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 12.1.1.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[CEa1] pim

[CEa1-pim] c-bsr 11.1.1.2

[CEa1-pim] c-rp 11.1.1.2

[CEa1-pim] quit

# Configure OSPF.

[CEa1] ospf 1

[CEa1-ospf-1] area 0.0.0.0

[CEa1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] quit

[CEa1-ospf-1] quit

8. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 12.2.1.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 11.2.1.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[CEb1] pim

[CEb1-pim] c-bsr 11.2.1.2 24

[CEb1-pim] c-rp 11.2.1.2 24

[CEb1-pim] quit

# Configure OSPF.

[CEb1] ospf 1

[CEb1-ospf-1] area 0.0.0.0

[CEb1-ospf-1-area-0.0.0.0] network 12.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] quit

[CEb1-ospf-1] quit

9. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 12.3.1.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 11.3.1.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEa2] ospf 1

[CEa2-ospf-1] area 0.0.0.0

[CEa2-ospf-1-area-0.0.0.0] network 12.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] quit

[CEa2-ospf-1] quit

10. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 12.4.1.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 11.4.1.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb2] ospf 1

[CEb2-ospf-1] area 0.0.0.0

[CEb2-ospf-1-area-0.0.0.0] network 12.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] quit

[CEb2-ospf-1] quit

Verifying the configuration

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 1.

[PE1] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

232.1.1.1 1.1.1.1 MTunnel0 a

232.3.3.3 1.1.1.1 MTunnel1 b

# Display information about the remote default group for IPv4 multicast transmission in each VPN instance on PE 1.

[PE1] display multicast-vpn default-group remote

MVPN remote default-group information:

Group address Source address Next hop VPN instance

232.1.1.1 4.4.4.4 2.2.2.2 a

232.3.3.3 4.4.4.4 2.2.2.2 b

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 4.

[PE4] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

232.1.1.1 4.4.4.4 MTunnel0 a

233.3.3.3 4.4.4.4 MTunnel1 b

# Display information about the remote default group for IPv4 multicast transmission in each VPN instance on PE 4.

[PE4] display multicast-vpn default-group remote

MVPN remote default-group information:

Group address Source address Next hop VPN instance

232.1.1.1 1.1.1.1 3.3.3.3 a

232.3.3.3 1.1.1.1 3.3.3.3 b

Example: Configuring inter-AS option C MDT-based MVPN

Network configuration

As shown in Figure 198, configure inter-AS option C MDT-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 2 is a receiver. · In VPN instance b, S 2 is a multicast source, and R 1 is a receiver. · For VPN instance a, the default group is 239.1.1.1, and the data group range is 225.1.1.0 to 225.1.1.15. · For VPN instance b, the default group is 239.4.4.4, and the data group range is 225.4.4.0 to 225.4.4.15.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network instance. · PE 2: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, Loopback 1, and Loopback 2 belong to the public network instance. · PE 3: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, Loopback 1, and Loopback 2 belong to the public network instance. · PE 4: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network instance.
Unicast routing protocols and MPLS	· Configure OSPF separately in AS 100 and AS 200, and configure OSPF between the PEs and CEs. · Establish BGP peer connections between PE 1, PE 2, PE 3, and PE 4 on their respective Loopback 1. · Configure MPLS separately in AS 100 and AS 200.
IP multicast routing	· Enable IP multicast routing on the public network on PE 1, PE 2, PE 3, and PE 4. · Enable IP multicast routing for VPN instance a on PE 1 and PE 4. · Enable IP multicast routing for VPN instance b on PE 1 and PE 4. · Enable IP multicast routing on CE a1, CE a2, CE b1, and CE b2.
IGMPv2	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2. · Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE b2.
PIM-SM	Enable PIM-SM on the public network and for VPN instances a and b: · Enable PIM-SM on all public network interfaces of PE 2 and PE 3. · Enable PIM-SM on all public and private network interfaces of PE 1 and PE 4. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE b1, and CE b2. · Configure Loopback 2 of PE 2 and PE 3 as a C-BSR and a C-RP for their own AS to provide services for all multicast groups. · Configure Loopback 0 of CE a1 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups. · Configure Loopback 0 of CE b1 as a C-BSR and a C-RP for VPN instance b to provide services for all multicast groups.
MSDP	Establish an MSDP peering relationship between PE 2 and PE 3 on their Loopback 1.

Figure 198 Network diagram

‌

Table 44 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	10.11.5.2/24	R 1	—	10.11.8.2/24
S 2	—	10.11.6.2/24	R 2	—	10.11.7.2/24
PE 1	XGE3/0/1	10.10.1.1/24	PE 3	XGE3/0/1	10.10.2.1/24
PE 1	XGE3/0/2	10.11.1.1/24	PE 3	XGE3/0/2	192.168.1.2/24
PE 1	XGE3/0/3	10.11.2.1/24	PE 3	Loop1	1.1.1.3/32
PE 1	Loop1	1.1.1.1/32	PE 3	Loop2	22.22.22.22/32
PE 2	XGE3/0/1	10.10.1.2/24	PE 4	XGE3/0/1	10.10.2.2/24
PE 2	XGE3/0/2	192.168.1.1/24	PE 4	XGE3/0/2	10.11.3.1/24
PE 2	Loop1	1.1.1.2/32	PE 4	XGE3/0/3	10.11.4.1/32
PE 2	Loop2	11.11.11.11/32	PE 4	Loop1	1.1.1.4/32
CE a1	XGE3/0/1	10.11.5.1/24	CE b1	XGE3/0/1	10.11.6.1/24
CE a1	XGE3/0/2	10.11.1.2/24	CE b1	XGE3/0/2	10.11.2.2/24
CE a1	Loop0	2.2.2.2/32	CE b2	XGE3/0/1	10.11.8.1/24
CE a2	XGE3/0/1	10.11.7.1/24	CE b2	XGE3/0/2	10.11.4.2/24
CE a2	XGE3/0/2	10.11.3.2/24	CE b2	Loop0	3.3.3.3/32

Procedure

1. Configure PE 1:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE1> system-view

[PE1] router id 1.1.1.1

[PE1] multicast routing

[PE1-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] default-group 239.1.1.1

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE1-mvpn-vpn-instance-a-ipv4] data-group 225.1.1.0 28

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance b

[PE1-vpn-instance-b] route-distinguisher 200:1

[PE1-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE1-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE1-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE1] multicast routing vpn-instance b

[PE1-mrib-b] quit

# Create an MDT-based MVPN for VPN instance b.

[PE1] multicast-vpn vpn-instance b mode mdt

# Create an MVPN IPv4 address family for VPN instance b.

[PE1-mvpn-vpn-instance-b] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance b.

[PE1-mvpn-vpn-instance-b-ipv4] default-group 239.4.4.4

[PE1-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE1-mvpn-vpn-instance-b-ipv4] data-group 225.4.4.0 28

[PE1-mvpn-vpn-instance-b-ipv4] quit

[PE1-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.10.1.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE1-Ten-GigabitEthernet3/0/1] pim sm

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.11.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] pim sm

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.11.2.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] pim sm

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] group pe1-pe2 internal

[PE1-bgp-default] peer pe1-pe2 connect-interface loopback 1

[PE1-bgp-default] peer 1.1.1.2 group pe1-pe2

[PE1-bgp-default] group pe1-pe4 external

[PE1-bgp-default] peer pe1-pe4 as-number 200

[PE1-bgp-default] peer pe1-pe4 ebgp-max-hop 255

[PE1-bgp-default] peer pe1-pe4 connect-interface loopback 1

[PE1-bgp-default] peer 1.1.1.4 group pe1-pe4

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route ospf 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] ip vpn-instance b

[PE1-bgp-default-b] address-family ipv4

[PE1-bgp-default-ipv4-b] import-route ospf 3

[PE1-bgp-default-ipv4-b] import-route direct

[PE1-bgp-default-ipv4-b] quit

[PE1-bgp-default-b] quit

[PE1–bgp-default] address-family ipv4

[PE1-bgp-default-ipv4] peer pe1-pe2 enable

[PE1-bgp-default-ipv4] peer pe1-pe2 label-route-capability

[PE1-bgp-default-ipv4] quit

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] peer pe1-pe4 enable

[PE1–bgp-default-vpnv4] quit

[PE1–bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.10.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

[PE1] ospf 2 vpn-instance a

[PE1-ospf-2] import-route bgp

[PE1-ospf-2] area 0.0.0.0

[PE1-ospf-2-area-0.0.0.0] network 10.11.1.0 0.0.0.255

[PE1-ospf-2-area-0.0.0.0] quit

[PE1-ospf-2] quit

[PE1] ospf 3 vpn-instance b

[PE1-ospf-3] import-route bgp

[PE1-ospf-3] area 0.0.0.0

[PE1-ospf-3-area-0.0.0.0] network 10.11.2.0 0.0.0.255

[PE1-ospf-3-area-0.0.0.0] quit

[PE1-ospf-3] quit

2. Configure PE 2:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE2> system-view

[PE2] router id 1.1.1.2

[PE2] multicast routing

[PE2-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE2] mpls lsr-id 1.1.1.2

[PE2] mpls ldp

[PE2-mpls-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.10.1.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE2-Ten-GigabitEthernet3/0/1] pim sm

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 192.168.1.1 24

# Enable PIM-SM and MPLS on Ten-GigabitEthernet 3/0/2.

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.2 32

[PE2-LoopBack1] pim sm

[PE2-LoopBack1] quit

# Assign an IP address to Loopback 2, and enable PIM-SM on the interface.

[PE2] interface loopback 2

[PE2-LoopBack2] ip address 11.11.11.11 32

[PE2-LoopBack2] pim sm

[PE2-LoopBack2] quit

# Configure Loopback 2 as a C-BSR and a C-RP.

[PE2] pim

[PE2-pim] c-bsr 11.11.11.11

[PE2-pim] c-rp 11.11.11.11

[PE2-pim] quit

# Configure Ten-GigabitEthernet 3/0/2 as a PIM-SM domain border.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[PE2-Ten-GigabitEthernet3/0/2] quit

# Establish an MSDP peering relationship.

[PE2] msdp

[PE2-msdp] encap-data-enable

[PE2-msdp] peer 1.1.1.3 connect-interface loopback 1

# Configure a static route.

[PE2] ip route-static 1.1.1.3 32 ten-gigabitethernet 3/0/2 192.168.1.2

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] group pe2-pe1 internal

[PE2-bgp-default] peer pe2-pe1 connect-interface loopback 1

[PE2-bgp-default] peer 1.1.1.1 group pe2-pe1

[PE2-bgp-default] group pe2-pe3 external

[PE2-bgp-default] peer pe2-pe3 as-number 200

[PE2-bgp-default] peer 192.168.1.2 group pe2-pe3

[PE2-bgp-default] address-family ipv4

[PE2-bgp-default-ipv4] peer pe2-pe1 enable

[PE2-bgp-default-ipv4] peer pe2-pe1 route-policy map2 export

[PE2-bgp-default-ipv4] peer pe2-pe1 label-route-capability

[PE2-bgp-default-ipv4] peer pe2-pe3 enable

[PE2-bgp-default-ipv4] peer pe2-pe3 route-policy map1 export

[PE2-bgp-default-ipv4] peer pe2-pe3 label-route-capability

[PE2-bgp-default-ipv4] import-route ospf 1

[PE2-bgp-default-ipv4] quit

[PE2–bgp-default] quit

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 1.1.1.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 11.11.11.11 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.10.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

3. Configure PE 3:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE3> system-view

[PE3] router id 1.1.1.3

[PE3] multicast routing

[PE3-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE3] mpls lsr-id 1.1.1.3

[PE3] mpls ldp

[PE3-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 10.10.2.1 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE3-Ten-GigabitEthernet3/0/1] pim sm

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip address 192.168.1.2 24

# Enable PIM-SM and MPLS on Ten-GigabitEthernet 3/0/2.

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] mpls enable

[PE3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 1.1.1.3 32

[PE3-LoopBack1] pim sm

[PE3-LoopBack1] quit

# Assign an IP address to Loopback 2, and enable PIM-SM on the interface.

[PE3] interface loopback 2

[PE3-LoopBack2] ip address 22.22.22.22 32

[PE3-LoopBack2] pim sm

[PE3-LoopBack2] quit

# Configure Loopback 2 as a C-BSR and a C-RP.

[PE3] pim

[PE3-pim] c-bsr 22.22.22.22

[PE3-pim] c-rp 22.22.22.22

[PE3-pim] quit

# Configure Ten-GigabitEthernet 3/0/2 as a PIM-SM domain border.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[PE3-Ten-GigabitEthernet3/0/2] quit

# Establish an MSDP peering relationship.

[PE3] msdp

[PE3-msdp] encap-data-enable

[PE3-msdp] peer 1.1.1.2 connect-interface loopback 1

# Configure a static route.

[PE3] ip route-static 1.1.1.2 32 ten-gigabitethernet 3/0/2 192.168.1.1

# Configure BGP.

[PE3] bgp 200

[PE3-bgp-default] group pe3-pe4 internal

[PE3-bgp-default] peer pe3-pe4 connect-interface loopback 1

[PE3-bgp-default] peer 1.1.1.4 group pe3-pe4

[PE3-bgp-default] group pe3-pe2 external

[PE3-bgp-default] peer pe3-pe2 as-number 100

[PE3-bgp-default] peer 192.168.1.1 group pe3-pe2

[PE3-bgp-default] address-family ipv4

[PE3-bgp-default-ipv4] peer pe3-pe4 enable

[PE3-bgp-default-ipv4] peer pe3-pe4 route-policy map2 export

[PE3-bgp-default-ipv4] peer pe3-pe4 label-route-capability

[PE3-bgp-default-ipv4] peer pe3-pe2 enable

[PE3-bgp-default-ipv4] peer pe3-pe2 route-policy map1 export

[PE3-bgp-default-ipv4] peer pe3-pe2 label-route-capability

[PE3-bgp-default-ipv4] import-route ospf 1

[PE3-bgp-default-ipv4] quit

[PE3–bgp-default] quit

# Configure OSPF.

[PE3] ospf 1

[PE3-ospf-1] area 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 1.1.1.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 22.22.22.22 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 10.10.2.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

4. Configure PE 4:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE4> system-view

[PE4] router id 1.1.1.4

[PE4] multicast routing

[PE4-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE4] mpls lsr-id 1.1.1.4

[PE4] mpls ldp

[PE4-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE4] ip vpn-instance a

[PE4-vpn-instance-a] route-distinguisher 100:1

[PE4-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE4-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE4-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE4] multicast routing vpn-instance a

[PE4-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE4] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE4-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance a.

[PE4-mvpn-vpn-instance-a-ipv4] default-group 239.1.1.1

[PE4-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-a-ipv4] data-group 225.1.1.0 28

[PE4-mvpn-vpn-instance-a-ipv4] quit

[PE4-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE4] ip vpn-instance b

[PE4-vpn-instance-b] route-distinguisher 200:1

[PE4-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE4-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE4-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE4] multicast routing vpn-instance b

[PE4-mrib-b] quit

# Create an MDT-based MVPN for VPN instance b.

[PE4] multicast-vpn vpn-instance b mode mdt

# Create an MVPN IPv4 address family for VPN instance b.

[PE4-mvpn-vpn-instance-b] address-family ipv4

# Specify the default group, MVPN source interface, and the data group range for VPN instance b.

[PE4-mvpn-vpn-instance-b-ipv4] default-group 239.4.4.4

[PE4-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-b-ipv4] data-group 225.4.4.0 28

[PE4-mvpn-vpn-instance-b-ipv4] quit

[PE4-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ip address 10.10.2.2 24

# Enable PIM-SM, MPLS, and IPv4 LDP on Ten-GigabitEthernet 3/0/1.

[PE4-Ten-GigabitEthernet3/0/1] pim sm

[PE4-Ten-GigabitEthernet3/0/1] mpls enable

[PE4-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[PE4-Ten-GigabitEthernet3/0/2] ip address 10.11.3.1 24

[PE4-Ten-GigabitEthernet3/0/2] pim sm

[PE4-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b.

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[PE4-Ten-GigabitEthernet3/0/3] ip address 10.11.4.1 24

[PE4-Ten-GigabitEthernet3/0/3] pim sm

[PE4-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE4] interface loopback 1

[PE4-LoopBack1] ip address 1.1.1.4 32

[PE4-LoopBack1] pim sm

[PE4-LoopBack1] quit

# Configure BGP.

[PE4] bgp 200

[PE4-bgp-default] group pe4-pe3 internal

[PE4-bgp-default] peer pe4-pe3 connect-interface loopback 1

[PE4-bgp-default] peer 1.1.1.3 group pe4-pe3

[PE4-bgp-default] group pe4-pe1 external

[PE4-bgp-default] peer pe4-pe1 as-number 100

[PE4-bgp-default] peer pe4-pe1 ebgp-max-hop 255

[PE4-bgp-default] peer pe4-pe1 connect-interface loopback 1

[PE4-bgp-default] peer 1.1.1.1 group pe4-pe1

[PE4–bgp-default] ip vpn-instance a

[PE4-bgp-default-a] address-family ipv4

[PE4-bgp-default-ipv4-a] import-route ospf 2

[PE4-bgp-default-ipv4-a] import-route direct

[PE4-bgp-default-ipv4-a] quit

[PE4-bgp-default-a] quit

[PE4–bgp-default] ip vpn-instance b

[PE4-bgp-default-b] address-family ipv4

[PE4-bgp-default-ipv4-b] import-route ospf 3

[PE4-bgp-default-ipv4-b] import-route direct

[PE4-bgp-default-ipv4-b] quit

[PE4-bgp-default-b] quit

[PE4–bgp-default] address-family ipv4

[PE4-bgp-default-ipv4] peer pe4-pe3 enable

[PE4-bgp-default-ipv4] peer pe4-pe3 label-route-capability

[PE4-bgp-default-ipv4] quit

[PE4–bgp-default] address-family vpnv4

[PE4–bgp-default-vpnv4] peer pe4-pe1 enable

[PE4–bgp-default-vpnv4] quit

[PE4–bgp-default] quit

# Configure OSPF.

[PE4] ospf 1

[PE4-ospf-1] area 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 1.1.1.4 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 10.10.2.0 0.0.0.255

[PE4-ospf-1-area-0.0.0.0] quit

[PE4-ospf-1] quit

[PE4] ospf 2 vpn-instance a

[PE4-ospf-2] import-route bgp

[PE4-ospf-2] area 0.0.0.0

[PE4-ospf-2-area-0.0.0.0] network 10.11.3.0 0.0.0.255

[PE4-ospf-2-area-0.0.0.0] quit

[PE4-ospf-2] quit

[PE4] ospf 3 vpn-instance b

[PE4-ospf-3] import-route bgp

[PE4-ospf-3] area 0.0.0.0

[PE4-ospf-3-area-0.0.0.0] network 10.11.4.0 0.0.0.255

[PE4-ospf-3-area-0.0.0.0] quit

[PE4-ospf-3] quit

5. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 10.11.5.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 10.11.1.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[CEa1] interface loopback 1

[CEa1-LoopBack1] ip address 2.2.2.2 32

[CEa1-LoopBack1] pim sm

[CEa1-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP.

[CEa1] pim

[CEa1-pim] c-bsr 2.2.2.2

[CEa1-pim] c-rp 2.2.2.2 1

[CEa1-pim] quit

# Configure OSPF.

[CEa1] ospf 1

[CEa1-ospf-1] area 0.0.0.0

[CEa1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[CEa1-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] network 10.11.5.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] quit

[CEa1-ospf-1] quit

6. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 10.11.6.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 10.11.2.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb1] ospf 1

[CEb1-ospf-1] area 0.0.0.0

[CEb1-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] network 10.11.6.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] quit

[CEb1-ospf-1] quit

7. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 10.11.7.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 10.11.3.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEa2] ospf 1

[CEa2-ospf-1] area 0.0.0.0

[CEa2-ospf-1-area-0.0.0.0] network 10.11.3.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] network 10.11.7.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] quit

[CEa2-ospf-1] quit

8. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 10.11.8.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 10.11.4.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[CEb2] interface loopback 1

[CEb2-LoopBack1] ip address 3.3.3.3 32

[CEb2-LoopBack1] pim sm

[CEb2-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP.

[CEb2] pim

[CEb2-pim] c-bsr 3.3.3.3

[CEb2-pim] c-rp 3.3.3.3

[CEb2-pim] quit

# Configure OSPF.

[CEb2] ospf 1

[CEb2-ospf-1] area 0.0.0.0

[CEb2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[CEb2-ospf-1-area-0.0.0.0] network 10.11.4.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] network 10.11.8.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] quit

[CEb2-ospf-1] quit

Verifying the configuration

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 1.

[PE1] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

239.1.1.1 1.1.1.1 MTunnel0 a

239.4.4.4 1.1.1.1 MTunnel1 b

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 4.

[PE4] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

239.1.1.1 1.1.1.4 MTunnel0 a

239.4.4.4 1.1.1.4 MTunnel1 b

Example: Configuring inter-AS option A mLDP-based MVPN

Network configuration

As shown in Figure 199, configure inter-AS option A mLDP-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 2 is a receiver. · In VPN instance b, S 2 is a multicast source, and R 1 is a receiver.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/1, and Loopback 1 belong to the public network. Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. · PE 3: Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. · PE 4: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and MPLS	· Configure OSPF in AS 100 and AS 200, and configure OSPF between the PEs and CEs. · Establish IBGP peer connections between PE 1, PE 2, PE 3, and PE 4 on their respective Loopback 1. · Establish EBGP peer connections between Ten-GigabitEthernet 3/0/2 on PE 2 and PE 3. · Configure BGP IPv4 MVPN peer connections between PE 1, PE 2, PE 3, and PE 4 on their respective Loopback 1. · Configure MPLS in AS 100 and AS 200. · Enable MPLS on P 1 and P 2.
IP multicast routing	· Enable IP multicast routing for VPN instance a on PE 1 and PE 4. · Enable IP multicast routing for VPN instance b on PE 1 and PE 4. · Enable IP multicast routing on CE a1, CE a2, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2. · Enable IGMPv3 on Ten-GigabitEthernet 3/0/1 of CE b2.
PIM	Enable PIM-SM for VPN instances a and b: · Enable PIM-SM on all private network interfaces of PE 1 and PE 4. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE b1, and CE b2. · Configure Ten-GigabitEthernet 3/0/2 of CE a1 as a C-BSR and a C-RP for VPN instance a in AS 100 to provide services for all multicast groups. · Configure Ten-GigabitEthernet 3/0/2 of CE b1 as a C-BSR and a C-RP for VPN instance b in AS 200 to provide services for all multicast groups.
MSDP	Enable MSDP on CE a1, and specify Ten-GigabitEthernet 3/0/2 as the local MSDP connection interface. Enable MSDP on CE a2, and specify Ten-GigabitEthernet 3/0/2 as the local MSDP connection interface.

Figure 199 Network diagram

‌

Table 45 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	12.1.1.100/24	R 1	—	12.4.1.100/24
S 2	—	12.2.1.100/24	R 2	—	12.3.1.100/24
PE 1	XGE3/0/1	10.1.1.1/24	PE 3	XGE3/0/1	10.4.1.1/24
PE 1	XGE3/0/2	11.1.1.1/24	PE 3	XGE3/0/2	10.3.1.2/24
PE 1	XGE3/0/3	11.2.1.1/24	PE 3	XGE3/0/3	10.6.1.2/24
PE 1	Loop1	1.1.1.1/32	PE 3	Loop1	3.3.3.3/32
PE 2	XGE3/0/1	10.2.1.2/24	PE 4	XGE3/0/1	10.5.1.2/24
PE 2	XGE3/0/2	10.3.1.1/24	PE 4	XGE3/0/2	11.3.1.1/24
PE 2	XGE3/0/3	10.6.1.1/24	PE 4	XGE3/0/3	11.4.1.1/24
PE 2	Loop1	2.2.2.2/32	PE 4	Loop1	4.4.4.4/24
P 1	XGE3/0/1	10.1.1.2/24	P 2	XGE3/0/1	10.5.1.1/24
P 1	XGE3/0/2	10.2.1.1/24	P 2	XGE3/0/2	10.4.1.2/24
P 1	Loop1	5.5.5.5/32	P 2	Loop1	6.6.6.6/32
CE a1	XGE3/0/1	12.1.1.1/24	CE b1	XGE3/0/1	12.2.1.1/24
CE a1	XGE3/0/2	11.1.1.2/24	CE b1	XGE3/0/2	11.2.1.2/24
CE a2	XGE3/0/1	12.3.1.1/24	CE b2	XGE3/0/1	12.4.1.1/24
CE a2	XGE3/0/2	11.3.1.2/24	CE b2	XGE3/0/2	11.4.1.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

[PE1] quit

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] mldp p2mp

[PE1-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation, dynamic selective tunnel creation, and inter-AS auto-discovery for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] auto-discovery inter-as

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE1] ip vpn-instance b

[PE1-vpn-instance-b] route-distinguisher 200:1

[PE1-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE1-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE1-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE1] multicast routing vpn-instance b

[PE1-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b.

[PE1] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE1-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE1-mvpn-vpn-instance-b-ivp4] source loopback 1

# Enable dynamic inclusive tunnel creation, dynamic selective tunnel creation, and inter-AS auto-discovery for VPN instance b.

[PE1-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

[PE1-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE1-mvpn-vpn-instance-b-ipv4] auto-discovery inter-as

[PE1-mvpn-vpn-instance-b-ipv4] quit

[PE1-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] pim sm

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE1-Ten-GigabitEthernet3/0/3] ip address 11.2.1.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.2 as-number 100

[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 2.2.2.2 enable

[PE1-bgp-default-mvpn] quit

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] peer 2.2.2.2 enable

[PE1–bgp-default-vpnv4] peer 2.2.2.2 next-hop-local

[PE1–bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1–bgp-default-vpnv4] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route ospf 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] ip vpn-instance b

[PE1-bgp-default-b] address-family ipv4

[PE1-bgp-default-ipv4-b] import-route ospf 3

[PE1-bgp-default-ipv4-b] import-route direct

[PE1-bgp-default-ipv4-b] quit

[PE1-bgp-default-b] quit

[PE1–bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

[PE1] ospf 2 vpn-instance a

[PE1-ospf-2] area 0.0.0.0

[PE1-ospf-2-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[PE1-ospf-2-area-0.0.0.0] quit

[PE1-ospf-2] quit

[PE1] ospf 3 vpn-instance b

[PE1-ospf-3] area 0.0.0.0

[PE1-ospf-3-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[PE1-ospf-3-area-0.0.0.0] quit

[PE1-ospf-3] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 2.2.2.2

[PE2] quit

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[PE2] mpls lsr-id 2.2.2.2

[PE2] mpls ldp

[PE2-ldp] mldp p2mp

[PE2-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE2] ip vpn-instance a

[PE2-vpn-instance-a] route-distinguisher 100:1

[PE2-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE2] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE2-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface, enable dynamic inclusive tunnel creation, and enable dynamic selective tunnel creation for VPN instance a.

[PE2-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE2-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

[PE2-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE2-mvpn-vpn-instance-a-ipv4] quit

[PE2-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE2] ip vpn-instance b

[PE2-vpn-instance-b] route-distinguisher 200:1

[PE2-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE2-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE2-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE2] multicast routing vpn-instance b

[PE2-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b.

[PE2] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE2-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface, enable dynamic inclusive tunnel creation, and enable dynamic selective tunnel creation for VPN instance b.

[PE2-mvpn-vpn-instance-b-ivp4] source loopback 1

[PE2-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

[PE2-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE2-mvpn-vpn-instance-b-ipv4] quit

[PE2-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, and assign an IP address to the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.1 24

# Enable PIM-SM on Ten-GigabitEthernet 3/0/2, and configure the interface as a PIM-SM domain border.

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[PE2-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.6.1.1 24

[PE2-Ten-GigabitEthernet3/0/3] pim sm

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 2.2.2.2 32

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.1 as-number 100

[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 mvpn

[PE2-bgp-default-mvpn] peer 1.1.1.1 enable

[PE2-bgp-default-mvpn] quit

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable

[PE2-bgp-default-vpnv4] peer 1.1.1.1 next-hop-local

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance a

[PE2-bgp-default] peer 10.3.1.2 as-number 200

[PE2-bgp-default-a] address-family ipv4 unicast

[PE2-bgp-default-ipv4-a] import-route direct

[PE2-bgp-default-ipv4-a] peer 10.3.1.2 enable

[PE2-bgp-default-ipv4-a] quit

[PE2-bgp-default-a] quit

[PE2-bgp-default]ip vpn-instance b

[PE2-bgp-default] peer 10.6.1.2 as-number 200

[PE2-bgp-default-b] address-family ipv4 unicast

[PE2-bgp-default-ipv4-b] import-route direct

[PE2-bgp-default-ipv4-b] peer 10.6.1.2 enable

[PE2-bgp-default-ipv4-b] quit

[PE2-bgp-default-b] quit

[PE2–bgp-default] quit

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 3.3.3.3

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[PE3] mpls lsr-id 3.3.3.3

[PE3] mpls ldp

[PE3-ldp] mldp p2mp

[PE3-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE3] ip vpn-instance a

[PE3-vpn-instance-a] route-distinguisher 300:1

[PE3-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE3-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE3-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE3] multicast routing vpn-instance a

[PE3-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE3] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE3-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE3-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation, dynamic selective tunnel creation, and inter-AS auto-discovery for VPN instance a.

[PE3-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

[PE3-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE3-mvpn-vpn-instance-a-ipv4] auto-discovery inter-as

[PE3-mvpn-vpn-instance-a-ipv4] quit

[PE3-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE3] ip vpn-instance b

[PE3-vpn-instance-b] route-distinguisher 400:1

[PE3-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE3-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE3-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE3] multicast routing vpn-instance b

[PE3-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b.

[PE3] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE3-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE3-mvpn-vpn-instance-b-ivp4] source loopback 1

# Enable dynamic inclusive tunnel creation, dynamic selective tunnel creation, and inter-AS auto-discovery for VPN instance b.

[PE3-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

[PE3-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE3-mvpn-vpn-instance-b-ipv4] auto-discovery inter-as

[PE3-mvpn-vpn-instance-b-ipv4] quit

[PE3-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 10.4.1.1 24

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, and assign an IP address to the interface

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24

# Enable PIM-SM on Ten-GigabitEthernet 3/0/2, and configure the interface as a PIM-SM domain border.

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[PE3-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24

[PE3-Ten-GigabitEthernet3/0/3] pim sm

[PE3-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 3.3.3.3 32

[PE3-LoopBack1] quit

# Configure BGP.

[PE3] bgp 200

[PE3-bgp-default] peer 4.4.4.4 as-number 200

[PE3-bgp-default] peer 4.4.4.4 connect-interface loopback 1

[PE3-bgp-default] address-family ipv4 mvpn

[PE3-bgp-default-mvpn] peer 4.4.4.4 enable

[PE3-bgp-default-mvpn] quit

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE3-bgp-default-vpnv4] peer 4.4.4.4 enable

[PE3-bgp-default-vpnv4] peer 4.4.4.4 next-hop-local

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default]ip vpn-instance a

[PE3-bgp-default-a] peer 10.3.1.1 as-number 100

[PE3-bgp-default-a] address-family ipv4 unicast

[PE3-bgp-default-ipv4-a] import-route direct

[PE3-bgp-default-ipv4-a] peer 10.3.1.1 enable

[PE3-bgp-default-ipv4-a] quit

[PE3-bgp-default-a] quit

[PE3-bgp-default]ip vpn-instance b

[PE3-bgp-default-b] peer 10.6.1.1 as-number 100

[PE3-bgp-default-b] address-family ipv4 unicast

[PE3-bgp-default-ipv4-b] import-route direct

[PE3-bgp-default-ipv4-b] peer 10.6.1.1 enable

[PE3-bgp-default-ipv4-b] quit

[PE3-bgp-default-b] quit

[PE3–bgp-default] quit

# Configure OSPF.

[PE3] ospf 1

[PE3-ospf-1] area 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

4. Configure PE 4:

# Configure a global router ID.

<PE4> system-view

[PE4] router id 4.4.4.4

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[PE4] mpls lsr-id 4.4.4.4

[PE4] mpls ldp

[PE4-ldp] mldp p2mp

[PE4-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE4] ip vpn-instance a

[PE4-vpn-instance-a] route-distinguisher 300:1

[PE4-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE4-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE4-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE4] multicast routing vpn-instance a

[PE4-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE4] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE4-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE4-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-a-ipv4] quit

[PE4-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE4] ip vpn-instance b

[PE4-vpn-instance-b] route-distinguisher 400:1

[PE4-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE4-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE4-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE4] multicast routing vpn-instance b

[PE4-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b,.

[PE4] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE4-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE4-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-b-ipv4] quit

[PE4-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ip address 10.5.1.2 24

[PE4-Ten-GigabitEthernet3/0/1] mpls enable

[PE4-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE4-Ten-GigabitEthernet3/0/2] ip address 11.3.1.1 24

[PE4-Ten-GigabitEthernet3/0/2] pim sm

[PE4-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE4-Ten-GigabitEthernet3/0/3] ip address 11.4.1.1 24

[PE4-Ten-GigabitEthernet3/0/3] pim sm

[PE4-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE4] interface loopback 1

[PE4-LoopBack1] ip address 4.4.4.4 32

[PE4-LoopBack1] pim sm

[PE4-LoopBack1] quit

# Configure BGP.

[PE4] bgp 200

[PE4-bgp-default] peer 3.3.3.3 as-number 200

[PE4-bgp-default] peer 3.3.3.3 connect-interface loopback 1

[PE4-bgp-default] address-family ipv4 mvpn

[PE4-bgp-default-mdt] peer 3.3.3.3 enable

[PE4-bgp-default-mdt] quit

[PE4–bgp-default] address-family vpnv4

[PE4–bgp-default-vpnv4] peer 3.3.3.3 enable

[PE4–bgp-default-vpnv4] peer 3.3.3.3 next-hop-local

[PE4–bgp-default-vpnv4] mvpn-advertise-rt-import

[PE4–bgp-default -vpnv4] quit

[PE4–bgp-default] ip vpn-instance a

[PE4-bgp-default-a] address-family ipv4

[PE4-bgp-default-ipv4-a] import-route ospf 2

[PE4-bgp-default-ipv4-a] import-route direct

[PE4-bgp-default-ipv4-a] quit

[PE4-bgp-default-a] quit

[PE4–bgp-default] ip vpn-instance b

[PE4-bgp-default-b] address-family ipv4

[PE4-bgp-default-ipv4-b] import-route ospf 3

[PE4-bgp-default-ipv4-b] import-route direct

[PE4-bgp-default-ipv4-b] quit

[PE4-bgp-default-b] quit

[PE4–bgp-default] quit

# Configure OSPF.

[PE4] ospf 1

[PE4-ospf-1] area 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

[PE4-ospf-1-area-0.0.0.0] quit

[PE4-ospf-1] quit

[PE4] ospf 2 vpn-instance a

[PE4-ospf-2] import-route bgp 200

[PE4-ospf-2] area 0.0.0.0

[PE4-ospf-2-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[PE4-ospf-2-area-0.0.0.0] quit

[PE4-ospf-2] quit

[PE4] ospf 3 vpn-instance b

[PE4-ospf-3] import-route bgp 200

[PE4-ospf-3] area 0.0.0.0

[PE4-ospf-3-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[PE4-ospf-3-area-0.0.0.0] quit

[PE4-ospf-3] quit

5. Configure P 1:

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[P1] mpls lsr-id 5.5.5.5

[P1] mpls ldp

[P1-ldp] mldp p2mp

[P1-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[P1] interface ten-gigabitethernet 3/0/1

[P1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[P1-Ten-GigabitEthernet3/0/1] mpls enable

[P1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[P1] interface ten-gigabitethernet 3/0/2

[P1-Ten-GigabitEthernet3/0/2] ip address 10.2.1.1 24

[P1-Ten-GigabitEthernet3/0/2] mpls enable

[P1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P1-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[P1] interface loopback 1

[P1-LoopBack1] ip address 5.5.5.5 32

[P1-LoopBack1] quit

# Configure OSPF.

[P1] ospf 1

[P1-ospf-1] area 0.0.0.0

[P1-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0

[P1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[P1-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

6. Configure P 2:

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[P2] mpls lsr-id 6.6.6.6

[P2] mpls ldp

[P2-ldp] mldp p2mp

[P2-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[P2] interface ten-gigabitethernet 3/0/1

[P2-Ten-GigabitEthernet3/0/1] ip address 10.5.1.1 24

[P2-Ten-GigabitEthernet3/0/1] mpls enable

[P2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[P2] interface ten-gigabitethernet 3/0/2

[P2-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24

[P2-Ten-GigabitEthernet3/0/2] mpls enable

[P2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[P2] interface loopback 1

[P2-LoopBack1] ip address 6.6.6.6 32

[P2-LoopBack1] quit

# Configure OSPF.

[P2] ospf 1

[P2-ospf-1] area 0.0.0.0

[P2-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0

[P2-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[P2-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

7. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 12.1.1.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[CEa1] pim

[CEa1-pim] c-bsr 11.1.1.2

[CEa1-pim] c-rp 11.1.1.2

# Configure OSPF.

[CEa1] ospf 1

[CEa1-ospf-1] area 0.0.0.0

[CEa1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] quit

[CEa1-ospf-1] quit

# Configure MSDP.

[CEa1] msdp

[CEa1-msdp] peer 11.3.1.2 connect-interface ten-gigabitethernet 3/0/2

[CEa1-msdp] quit

8. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 12.2.1.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 11.2.1.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb1] ospf 1

[CEb1-ospf-1] area 0.0.0.0

[CEb1-ospf-1-area-0.0.0.0] network 12.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] quit

[CEb1-ospf-1] quit

9. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 12.3.1.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 11.3.1.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[CEa2] pim

[CEa2-pim] c-bsr 11.3.1.2

[CEa2-pim] c-rp 11.3.1.2

[CEa2-pim] quit

# Configure OSPF.

[CEa2] ospf 1

[CEa2-ospf-1] area 0.0.0.0

[CEa2-ospf-1-area-0.0.0.0] network 12.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] quit

[CEa2-ospf-1] quit

# Configure MSDP.

[CEa2] msdp

[CEa2-msdp] peer 11.1.1.2 connect-interface ten-gigabitethernet 3/0/2

[CEa2-msdp] quit

10. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMPv3 on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 12.4.1.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] igmp version 3

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 11.4.1.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb2] ospf 1

[CEb2-ospf-1] area 0.0.0.0

[CEb2-ospf-1-area-0.0.0.0] network 12.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] quit

[CEb2-ospf-1] quit

Verifying the configuration

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 1.

[PE1]display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel interface: LSPVOif0

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: Up

Opaque value: 0x010004e4000000

Root: 1.1.1.1 (local)

Leafs:

1: 2.2.2.2

# Display information about mLDP selective tunnels for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel interface: LSPVOif1

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: Up

Opaque value: 0x010004e4000001

Root: 1.1.1.1 (local)

# Display C-multicast A-D route information for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(12.1.1.100, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: LSPVOif1

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: --

Opaque value: 0x010004e4000000

Root: 1.1.1.1

Leaf:

1: 2.2.2.2(local)

# Display information about mLDP selective tunnels for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: --

Opaque value: 0x010004e4000001

Root: 1.1.1.1

Leaf:

1: 2.2.2.2 (local)

# Display PIM routing entries for VPN instance a on PE 2.

[PE2] display pim vpn-instance a routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.1.1.100, 225.0.0.1)

RP: 11.1.1.2

Protocol: pim-sm, Flag: SPT ACT SC

UpTime: 00:56:25

Upstream interface: LSPVIif0(1.1.1.1)

Upstream neighbor: 1.1.1.1

RPF prime neighbor: 1.1.1.1

Downstream interface information:

Total number of downstream interfaces: 1

1: Ten-GigabitEthernet3/0/2

Protocol: pim-sm, UpTime: 00:56:25, Expires: 00:03:17

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 3.

[PE3]display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel interface: LSPVOif0

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: Up

Opaque value: 0x010004e4000000

Root: 3.3.3.3 (local)

Leafs:

1: 4.4.4.4

# Display information about mLDP selective tunnels for VPN instance a on PE 3.

[PE3]display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel interface: LSPVOif1

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: Up

Opaque value: 0x010004e4000001

Root: 3.3.3.3 (local)

# Display C-multicast A-D route information for VPN instance a on PE 3.

[PE3] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(12.1.1.100, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: LSPVOif1

# Display PIM routing entries for VPN instance a on PE 3.

[PE3] display pim vpn-instance a routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.1.1.100, 225.0.0.1)

RP: 11.3.1.2

Protocol: pim-sm, Flag: SPT ACT RC

UpTime: 00:54:22

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 10.3.1.1

RPF prime neighbor: 10.3.1.1

Downstream interface information:

Total number of downstream interfaces: 1

1: LSPVOif1

Protocol: MD, UpTime: 00:54:18, Expires: -

# Display information about the mLDP inclusive tunnel for VPN instance b on PE 4.

[PE4] display multicast-vpn vpn-instance b inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: --

Opaque value: 0x010004e4000000

Root: 3.3.3.3

Leaf:

1: 4.4.4.4 (local)

# Display information about mLDP selective tunnels for VPN instance a on PE 4.

[PE4] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: --

Opaque value: 0x010004e4000001

Root: 3.3.3.3

Leaf:

1: 4.4.4.4 (local)

Example: Configuring inter-AS option B mLDP-based MVPN

Network configuration

As shown in Figure 200, configure inter-AS option B mLDP-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 2 is a receiver. · In VPN instance b, S 2 is a multicast source, and R 1 is a receiver.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, and Loopback 1 belong to the public network. · PE 4: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and MPLS	· Configure OSPF in AS 100 and AS 200, and configure OSPF between the PEs and CEs. · Establish IBGP peer connections between PE 1, PE 2, PE 3, and PE 4 on their respective Loopback 1. · Establish EBGP peer connections between Ten-GigabitEthernet 3/0/2 on PE 2 and PE 3. · Configure a static route on PE 2 and PE 3. · Configure MPLS in AS 100 and AS 200. · Enable MPLS on P 1 and P 2.
IP multicast routing	· Enable IP multicast routing for VPN instance a on PE 1 and PE 4. · Enable IP multicast routing for VPN instance b on PE 1 and PE 4. · Enable IP multicast routing on CE a1, CE a2, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2. · Enable IGMPv3 on Ten-GigabitEthernet 3/0/1 of CE b2.
PIM	Enable PIM-SM for VPN instances a and b: · Enable PIM-SM on all private network interfaces of PE 1 and PE 4. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE b1, and CE b2. · Configure Ten-GigabitEthernet 3/0/2 of PE 1 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups.

Figure 200 Network diagram

Table 46 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	12.1.1.100/24	R 1	—	12.4.1.100/24
S 2	—	12.2.1.100/24	R 2	—	12.3.1.100/24
PE 1	XGE3/0/1	10.1.1.1/24	PE 3	XGE3/0/1	10.4.1.1/24
PE 1	XGE3/0/2	11.1.1.1/24	PE 3	XGE3/0/2	10.3.1.2/24
PE 1	XGE3/0/3	11.2.1.1/24	PE 3	Loop1	3.3.3.3/32
PE 1	Loop1	1.1.1.1/32	PE 4	XGE3/0/1	10.5.1.2/24
PE 2	XGE3/0/1	10.2.1.2/24	PE 4	XGE3/0/2	11.3.1.1/24
PE 2	XGE3/0/2	10.3.1.1/24	PE 4	XGE3/0/3	11.4.1.1/24
PE 2	Loop1	2.2.2.2/32	PE 4	Loop1	4.4.4.4/32
P 1	XGE3/0/1	10.1.1.2/24	P 2	XGE3/0/1	10.5.1.1/24
P 1	XGE3/0/2	10.2.1.1/24	P 2	XGE3/0/2	10.4.1.2/24
P 1	Loop1	5.5.5.5/32	P 2	Loop1	6.6.6.6/32
CE a1	XGE3/0/1	12.1.1.1/24	CE b1	XGE3/0/1	12.2.1.1/24
CE a1	XGE3/0/2	11.1.1.2/24	CE b1	XGE3/0/2	11.2.1.2/24
CE a2	XGE3/0/1	12.3.1.1/24	CE b2	XGE3/0/1	12.4.1.1/24
CE a2	XGE3/0/2	11.3.1.2/24	CE b2	XGE3/0/2	11.4.1.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] mldp p2mp

[PE1-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation, dynamic selective tunnel creation, and inter-AS auto-discovery for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] auto-discovery inter-as

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE1] ip vpn-instance b

[PE1-vpn-instance-b] route-distinguisher 200:1

[PE1-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE1-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE1-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE1] multicast routing vpn-instance b

[PE1-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b.

[PE1] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE1-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE1-mvpn-vpn-instance-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation, dynamic selective tunnel creation, and inter-AS auto-discovery for VPN instance b.

[PE1-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

[PE1-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE1-mvpn-vpn-instance-b-ipv4] auto-discovery inter-as

[PE1-mvpn-vpn-instance-b-ipv4] quit

[PE1-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and then enable MPLS and IPv4 LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and then enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] pim sm

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and then enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE1-Ten-GigabitEthernet3/0/3] ip address 11.2.1.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[PE1] pim vpn-instance a

[PE1-pim-a] c-bsr 11.1.1.1

[PE1-pim-a] c-rp 11.1.1.1

[PE1-pim-a] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.2 as-number 100

[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 1

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] peer 2.2.2.2 enable

[PE1–bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1–bgp-default-vpnv4] quit

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 2.2.2.2 enable

[PE1-bgp-default-mvpn] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route ospf 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] ip vpn-instance b

[PE1-bgp-default-b] address-family ipv4

[PE1-bgp-default-ipv4-b] import-route ospf 3

[PE1-bgp-default-ipv4-b] import-route direct

[PE1-bgp-default-ipv4-b] quit

[PE1-bgp-default-b] quit

[PE1–bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

[PE1] ospf 2 vpn-instance a

[PE1-ospf-2] area 0.0.0.0

[PE1-ospf-2-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[PE1-ospf-2-area-0.0.0.0] quit

[PE1-ospf-2] quit

[PE1] ospf 3 vpn-instance b

[PE1-ospf-3] area 0.0.0.0

[PE1-ospf-3-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[PE1-ospf-3-area-0.0.0.0] quit

[PE1-ospf-3] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 2.2.2.2

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[PE2] mpls lsr-id 2.2.2.2

[PE2] mpls ldp

[PE2-ldp] mldp p2mp

[PE2-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.1 24

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 2.2.2.2 32

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.1 as-number 100

[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE2-bgp-default] peer 10.3.1.2 as-number 200

[PE2-bgp-default] peer 10.3.1.2 connect-interface ten-gigabitethernet 3/0/2

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] undo policy vpn-target

[PE2–bgp-default-vpnv4] mvpn-advertise-rt-import

[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable

[PE2-bgp-default-vpnv4] peer 10.3.1.2 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] address-family ipv4 mvpn

[PE2-bgp-default-mvpn] undo policy vpn-target

[PE2-bgp-default-mvpn] peer 1.1.1.1 enable

[PE2-bgp-default-mvpn] peer 10.3.1.2 enable

[PE2-bgp-default-mvpn] quit

[PE2–bgp-default] quit

# Configure a static route.

[PE2]ip route-static 3.3.3.3 32 ten-gigabitethernet 3/0/2 10.3.1.2

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 3.3.3.3

# Configure an LSR ID, and enable LDP, mLDP P2MP, and mLDP recursive FEC globally.

[PE3] mpls lsr-id 3.3.3.3

[PE3] mpls ldp

[PE3-ldp] mldp p2mp

[PE3-ldp] mldp recursive-fec

[PE3-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 10.4.1.1 24

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24

[PE3-Ten-GigabitEthernet3/0/2] mpls enable

[PE3-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 3.3.3.3 32

[PE3-LoopBack1] quit

# Configure BGP.

[PE3] bgp 200

[PE3-bgp-default] peer 4.4.4.4 as-number 200

[PE3-bgp-default] peer 4.4.4.4 connect-interface loopback 1

[PE3-bgp-default] peer 10.3.1.1 as-number 100

[PE3-bgp-default] peer 10.3.1.1 connect-interface ten-gigabitethernet 3/0/2

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] undo policy vpn-target

[PE3-bgp-default-vpnv4] peer 4.4.4.4 enable

[PE3-bgp-default-vpnv4] peer 10.3.1.1 enable

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] address-family ipv4 mvpn

[PE3-bgp-default-mvpn] undo policy vpn-target

[PE3-bgp-default-mvpn] peer 4.4.4.4 enable

[PE3-bgp-default-mvpn] peer 10.3.1.1 enable

[PE3-bgp-default-mvpn] quit

[PE3–bgp-default] quit

# Configure a static route.

[PE3]ip route-static 2.2.2.2 32 ten-gigabitethernet 3/0/2 10.3.1.1

# Configure OSPF.

[PE3] ospf 1

[PE3-ospf-1] area 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

4. Configure PE 4:

# Configure a global router ID.

<PE4> system-view

[PE4] router id 4.4.4.4

# Configure an LSR ID, and enable LDP, mLDP P2MP, and mLDP recursive FEC globally.

[PE4] mpls lsr-id 4.4.4.4

[PE4] mpls ldp

[PE4-ldp] mldp p2mp

[PE4-ldp] mldp recursive-fec

[PE4-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE4] ip vpn-instance a

[PE4-vpn-instance-a] route-distinguisher 300:1

[PE4-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE4-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE4-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE4] multicast routing vpn-instance a

[PE4-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE4] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE4-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface, enable dynamic inclusive tunnel creation, and enable dynamic selective tunnel creation for VPN instance a.

[PE4-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

[PE4-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE4-mvpn-vpn-instance-a-ipv4] quit

[PE4-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE4] ip vpn-instance b

[PE4-vpn-instance-b] route-distinguisher 400:1

[PE4-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE4-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE4-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE4] multicast routing vpn-instance b

[PE4-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b,.

[PE4] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE4-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface, enable dynamic inclusive tunnel creation, and enable dynamic selective tunnel creation for VPN instance b.

[PE4-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

[PE4-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE4-mvpn-vpn-instance-b-ipv4] quit

[PE4-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ip address 10.5.1.2 24

[PE4-Ten-GigabitEthernet3/0/1] mpls enable

[PE4-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE4-Ten-GigabitEthernet3/0/2] ip address 11.3.1.1 24

[PE4-Ten-GigabitEthernet3/0/2] pim sm

[PE4-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE4-Ten-GigabitEthernet3/0/3] ip address 11.4.1.1 24

[PE4-Ten-GigabitEthernet3/0/3] pim sm

[PE4-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[PE4] interface loopback 1

[PE4-LoopBack1] ip address 4.4.4.4 32

[PE4-LoopBack1] pim sm

[PE4-LoopBack1] quit

# Configure BGP.

[PE4] bgp 200

[PE4-bgp-default] peer 3.3.3.3 as-number 200

[PE4-bgp-default] peer 3.3.3.3 connect-interface loopback 1

[PE4–bgp-default] address-family vpnv4

[PE4–bgp-default-vpnv4] peer 3.3.3.3 enable

[PE4–bgp-default-vpnv4] quit

[PE4-bgp-default] address-family ipv4 mvpn

[PE4-bgp-default-mvpn] peer 3.3.3.3 enable

[PE4-bgp-default-mvpn] quit

[PE4–bgp-default] ip vpn-instance a

[PE4-bgp-default-a] address-family ipv4

[PE4-bgp-default-ipv4-a] import-route ospf 2

[PE4-bgp-default-ipv4-a] import-route direct

[PE4-bgp-default-ipv4-a] quit

[PE4-bgp-default-a] quit

[PE4–bgp-default] ip vpn-instance b

[PE4-bgp-default-b] address-family ipv4

[PE4-bgp-default-ipv4-b] import-route ospf 3

[PE4-bgp-default-ipv4-b] import-route direct

[PE4-bgp-default-ipv4-b] quit

[PE4-bgp-default-b] quit

[PE4–bgp-default] quit

[PE4–bgp] quit

# Configure OSPF.

[PE4] ospf 1

[PE4-ospf-1] area 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

[PE4-ospf-1-area-0.0.0.0] quit

[PE4-ospf-1] quit

[PE4] ospf 2 vpn-instance a

[PE4-ospf-2] import-route bgp 200

[PE4-ospf-2] area 0.0.0.0

[PE4-ospf-2-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[PE4-ospf-2-area-0.0.0.0] quit

[PE4-ospf-2] quit

[PE4] ospf 3 vpn-instance b

[PE4-ospf-3] import-route bgp 200

[PE4-ospf-3] area 0.0.0.0

[PE4-ospf-3-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[PE4-ospf-3-area-0.0.0.0] quit

[PE4-ospf-3] quit

5. Configure P 1:

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[P1] mpls lsr-id 5.5.5.5

[P1] mpls ldp

[P1-ldp] mldp p2mp

[P1-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[P1] interface ten-gigabitethernet 3/0/1

[P1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[P1-Ten-GigabitEthernet3/0/1] mpls enable

[P1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[P1] interface ten-gigabitethernet 3/0/2

[P1-Ten-GigabitEthernet3/0/2] ip address 10.2.1.1 24

[P1-Ten-GigabitEthernet3/0/2] mpls enable

[P1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P1-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[P1] interface loopback 1

[P1-LoopBack1] ip address 5.5.5.5 32

[P1-LoopBack1] quit

# Configure OSPF.

[P1] ospf 1

[P1-ospf-1] area 0.0.0.0

[P1-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0

[P1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[P1-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

6. Configure P 2:

# Configure an LSR ID, and enable LDP, mLDP P2MP, and mLDP recursive FEC globally.

[P2] mpls lsr-id 6.6.6.6

[P2] mpls ldp

[P2-ldp] mldp p2mp

[PE3-ldp] mldp recursive-fec

[P2-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[P2] interface ten-gigabitethernet 3/0/1

[P2-Ten-GigabitEthernet3/0/1] ip address 10.5.1.1 24

[P2-Ten-GigabitEthernet3/0/1] mpls enable

[P2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[P2] interface ten-gigabitethernet 3/0/2

[P2-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24

[P2-Ten-GigabitEthernet3/0/2] mpls enable

[P2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[P2] interface loopback 1

[P2-LoopBack1] ip address 6.6.6.6 32

[P2-LoopBack1] quit

# Configure OSPF.

[P2] ospf 1

[P2-ospf-1] area 0.0.0.0

[P2-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0

[P2-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[P2-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

7. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 12.1.1.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEa1] ospf 1

[CEa1-ospf-1] area 0.0.0.0

[CEa1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] quit

[CEa1-ospf-1] quit

8. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 12.2.1.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 11.2.1.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb1] ospf 1

[CEb1-ospf-1] area 0.0.0.0

[CEb1-ospf-1-area-0.0.0.0] network 12.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] quit

[CEb1-ospf-1] quit

9. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 12.3.1.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 11.3.1.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEa2] ospf 1

[CEa2-ospf-1] area 0.0.0.0

[CEa2-ospf-1-area-0.0.0.0] network 12.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] quit

[CEa2-ospf-1] quit

10. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMPv3 on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 12.4.1.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] igmp version 3

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 11.4.1.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb2] ospf 1

[CEb2-ospf-1] area 0.0.0.0

[CEb2-ospf-1-area-0.0.0.0] network 12.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] quit

[CEb2-ospf-1] quit

Verifying the configuration

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 1.

[PE1]display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel interface: LSPVOif0

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: Up

Opaque value: 0x010004e4000000

Root: 1.1.1.1 (local)

Leafs:

1: 4.4.4.4

# Display information about mLDP selective tunnels for VPN instance a on PE 1.

[PE1]display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel interface: LSPVOif2

Tunnel identifier: mLDP P2MP <0xe4000002>

Tunnel state: Up

Opaque value: 0x010004e4000002

Root: 1.1.1.1 (local)

# Display C-multicast A-D route information for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(12.1.1.100, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: LSPVOif2

# Display PIM routing entries for VPN instance a on PE 1.

[PE1]display pim vpn-instance a routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.1.1.100, 225.0.0.1)

RP: 11.1.1.1 (local)

Protocol: pim-sm, Flag: SPT 2MSDP ACT RC SRC-ACT 2MVPN

UpTime: 00:00:43

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 11.1.1.2

RPF prime neighbor: 11.1.1.2

Downstream interface information:

Total number of downstream interfaces: 1

1: LSPVOif2

Protocol: MD, UpTime: 00:00:30, Expires: -

# Display information about the mLDP inclusive tunnel for VPN instance b on PE 1.

[PE1]display multicast-vpn vpn-instance b inclusive-tunnel local

Tunnel interface: LSPVOif1

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: up

Opaque value: 0x010004e4000001

Root: 1.1.1.1 (local)

Leafs:

1: 4.4.4.4

# Display information about mLDP selective tunnels for VPN instance b on PE 1.

[PE1]display multicast-vpn vpn-instance b selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel interface: LSPVOif3

Tunnel identifier: mLDP P2MP <0xe4000003>

Tunnel state: Up

Opaque value: 0x010004e4000003

Root: 1.1.1.1 (local)

# Display PIM routing entries for VPN instance b on PE 1.

[PE1]display pim vpn-instance b routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.2.1.100, 232.0.0.0)

Protocol: pim-ssm, Flag: RC

UpTime: 00:26:06

Upstream interface: Ten-GigabitEthernet3/0/3

Upstream neighbor: 11.2.1.2

RPF prime neighbor: 11.2.1.2

Downstream interface information:

Total number of downstream interfaces: 1

1: LSPVOif3

Protocol: MD, UpTime: 00:25:56, Expires: -

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 4.

[PE4] display multicast-vpn vpn-instance a inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: --

Opaque value: 0x010004e4000000

Root: 1.1.1.1

Leaf:

1: 4.4.4.4 (local)

# Display information about mLDP selective tunnels for VPN instance a on PE 4.

[PE4] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000002>

Tunnel state: --

Opaque value: 0x010004e4000002

Root: 1.1.1.1

Leaf:1:

4.4.4.4 (local)

# Display information about the mLDP inclusive tunnel for VPN instance b on PE 4.

[PE4] display multicast-vpn vpn-instance b inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: --

Opaque value: 0x010004e4000001

Root: 1.1.1.1

Leaf:

1: 4.4.4.4 (local)

# Display information about mLDP selective tunnels for VPN instance b on PE 4.

[PE4] display multicast-vpn vpn-instance b selective-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000003>

Tunnel state: --

Opaque value: 0x010004e4000003

Root: 1.1.1.1

Leaf:

1: 4.4.4.4 (local)

Example: Configuring inter-AS option C mLDP-based MVPN

Network configuration

As shown in Figure 201, configure inter-AS option C mLDP-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 2 is a receiver. · In VPN instance b, S 2 is a multicast source, and R 1 is a receiver.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, and Loopback 1 belong to the public network. · PE 4: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and MPLS	· Configure OSPF in AS 100 and AS 200, and configure OSPF between the PEs and CEs. · Establish IBGP peer connections between PE 1, PE 2, PE 3, and PE 4 on their respective Loopback 1. · Establish EBGP peer connections between Ten-GigabitEthernet 3/0/2 on PE 2 and PE 3. · Configure MPLS in AS 100 and AS 200. · Enable MPLS on P 1 and P 2.
IP multicast routing	· Enable IP multicast routing on the public network on PE 1, PE 2, PE 3, and PE 4. · Enable IP multicast routing for VPN instance a on PE 1 and PE 4. · Enable IP multicast routing for VPN instance b on PE 1 and PE 4. · Enable IP multicast routing on CE a1, CE a2, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2. · Enable IGMPv3 on Ten-GigabitEthernet 3/0/1 of CE b2.
PIM	Enable PIM-SM for VPN instances a and b: · Enable PIM-SM on all private network interfaces of PE 1 and PE 4. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE b1, and CE b2. · Configure Ten-GigabitEthernet 3/0/2 of PE 1 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups.

Figure 201 Network diagram

Table 47 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	12.1.1.100/24	R 1	—	12.4.1.100/24
S 2	—	12.2.1.100/24	R 2	—	12.3.1.100/24
PE 1	XGE3/0/1	10.1.1.1/24	PE 3	XGE3/0/1	10.4.1.1/24
PE 1	XGE3/0/2	11.1.1.1/24	PE 3	XGE3/0/2	10.3.1.2/24
PE 1	XGE3/0/3	11.2.1.1/24	PE 3	Loop1	3.3.3.3/32
PE 1	Loop1	1.1.1.1/32	PE 4	XGE3/0/1	10.5.1.2/24
PE 2	XGE3/0/1	10.2.1.2/24	PE 4	XGE3/0/2	11.3.1.1/24
PE 2	XGE3/0/2	10.3.1.1/24	PE 4	XGE3/0/3	11.4.1.1/24
PE 2	Loop1	2.2.2.2/32	PE 4	Loop1	4.4.4.4/24
P 1	XGE3/0/1	10.1.1.2/24	P 2	XGE3/0/1	10.5.1.1/24
P 1	XGE3/0/2	10.2.1.1/24	P 2	XGE3/0/2	10.4.1.2/24
P 1	Loop1	5.5.5.5/32	P 2	Loop1	6.6.6.6/32
CE a1	XGE3/0/1	12.1.1.1/24	CE b1	XGE3/0/1	12.2.1.1/24
CE a1	XGE3/0/2	11.1.1.2/24	CE b1	XGE3/0/2	11.2.1.2/24
CE a2	XGE3/0/1	12.3.1.1/24	CE b2	XGE3/0/1	12.4.1.1/24
CE a2	XGE3/0/2	11.3.1.2/24	CE b2	XGE3/0/2	11.4.1.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] mldp p2mp

[PE1-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation, dynamic selective tunnel creation, and inter-AS auto-discovery for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE1-mvpn-vpn-instance-a-ipv4] auto-discovery inter-as

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE1] ip vpn-instance b

[PE1-vpn-instance-b] route-distinguisher 200:1

[PE1-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE1-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE1-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE1] multicast routing vpn-instance b

[PE1-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b.

[PE1] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE1-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE1-mvpn-vpn-instance-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation, dynamic selective tunnel creation, and inter-AS auto-discovery for VPN instance b.

[PE1-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

[PE1-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE1-mvpn-vpn-instance-b-ipv4] auto-discovery inter-as

[PE1-mvpn-vpn-instance-b-ipv4] quit

[PE1-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and then enable MPLS and IPv4 LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and then enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] pim sm

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and then enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE1-Ten-GigabitEthernet3/0/3] ip address 11.2.1.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[PE1] pim vpn-instance a

[PE1-pim-a] c-bsr 11.1.1.1

[PE1-pim-a] c-rp 11.1.1.1

[PE1-pim-a] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.2 as-number 100

[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 1

[PE1-bgp-default] peer 4.4.4.4 as-number 200

[PE1-bgp-default] peer 4.4.4.4 connect-interface loopback 1

[PE1-bgp-default] peer 4.4.4.4 ebgp-max-hop 10

[PE1–bgp-default] address-family ipv4

[PE1-bgp-default-ipv4] peer 2.2.2.2 enable

[PE1-bgp-default-ipv4] peer 2.2.2.2 label-route-capability

[PE1-bgp-default-ipv4] quit

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 4.4.4.4 enable

[PE1-bgp-default-mvpn] quit

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1–bgp-default-vpnv4] peer 4.4.4.4 enable

[PE1–bgp-default-vpnv4] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route ospf 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] ip vpn-instance b

[PE1-bgp-default-b] address-family ipv4

[PE1-bgp-default-ipv4-b] import-route ospf 3

[PE1-bgp-default-ipv4-b] import-route direct

[PE1-bgp-default-ipv4-b] quit

[PE1-bgp-default-b] quit

[PE1-bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

[PE1] ospf 2 vpn-instance a

[PE1-ospf-2] import-route bgp

[PE1-ospf-2] area 0.0.0.0

[PE1-ospf-2-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[PE1-ospf-2-area-0.0.0.0] quit

[PE1-ospf-2] quit

[PE1] ospf 3 vpn-instance b

[PE1-ospf-3] import-route bgp

[PE1-ospf-3] area 0.0.0.0

[PE1-ospf-3-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[PE1-ospf-3-area-0.0.0.0] quit

[PE1-ospf-3] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 2.2.2.2

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[PE2] mpls lsr-id 2.2.2.2

[PE2] mpls ldp

[PE2-ldp] mldp p2mp

[PE2-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.1 24

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 2.2.2.2 32

[PE2-LoopBack1] quit

# Configure routing polices.

[PE2] route-policy map1 permit node 1

[PE2-route-policy-map1-1] apply mpls-label

[PE2-route-policy-map1-1] quit

[PE2] route-policy map2 permit node 1

[PE2-route-policy-map2-1] apply mpls-label

[PE2-route-policy-map2-1] if-match mpls-label

[PE2-route-policy-map2-1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.1 as-number 100

[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE2-bgp-default] peer 10.3.1.2 as-number 200

[PE2-bgp-default] address-family ipv4

[PE2-bgp-default-ipv4] peer 1.1.1.1 enable

[PE2-bgp-default-ipv4] peer 1.1.1.1 route-policy map2 export

[PE2-bgp-default-ipv4] peer 1.1.1.1 label-route-capability

[PE2-bgp-default-ipv4] peer 10.3.1.2 enable

[PE2-bgp-default-ipv4] peer 10.3.1.2 route-policy map1 export

[PE2-bgp-default-ipv4] peer 10.3.1.2 label-route-capability

[PE2-bgp-default-ipv4] import-route ospf 1

[PE2-bgp-default-ipv4] quit

[PE2–bgp-default] quit

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 3.3.3.3

# Configure an LSR ID, and enable LDP, mLDP P2MP, and mLDP recursive FEC globally.

[PE3] mpls lsr-id 3.3.3.3

[PE3] mpls ldp

[PE3-ldp] mldp p2mp

[PE3-ldp] mldp recursive-fec

[PE3-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 10.4.1.1 24

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24

[PE3-Ten-GigabitEthernet3/0/2] mpls enable

[PE3-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 3.3.3.3 32

[PE3-LoopBack1] quit

# Configure routing policies.

[PE3] route-policy map1 permit node 1

[PE3-route-policy-map1-1] apply mpls-label

[PE3-route-policy-map1-1] quit

[PE3] route-policy map2 permit node 1

[PE3-route-policy-map2-1] apply mpls-label

[PE3-route-policy-map2-1] if-match mpls-label

[PE3-route-policy-map2-1] quit

# Configure BGP.

[PE3] bgp 200

[PE3-bgp-default] peer 4.4.4.4 as-number 200

[PE3-bgp-default] peer 4.4.4.4 connect-interface loopback 1

[PE3-bgp-default] peer 10.3.1.1 as-number 100

[PE3-bgp-default] address-family ipv4

[PE3-bgp-default-ipv4] peer 4.4.4.4 enable

[PE3-bgp-default-ipv4] peer 4.4.4.4 route-policy map2 export

[PE3-bgp-default-ipv4] peer 4.4.4.4 label-route-capability

[PE3-bgp-default-ipv4] peer 10.3.1.1 enable

[PE3-bgp-default-ipv4] peer 10.3.1.1 route-policy map1 export

[PE3-bgp-default-ipv4] import-route ospf 1

[PE3-bgp-default-ipv4] quit

[PE3–bgp-default] quit

# Configure OSPF.

[PE3] ospf 1

[PE3-ospf-1] area 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

4. Configure PE 4:

# Configure a global router ID.

<PE4> system-view

[PE4] router id 4.4.4.4

[PE4] multicast routing

[PE4-mrib] quit

# Configure an LSR ID, and enable LDP, mLDP P2MP, and mLDP recursive FEC globally.

[PE4] mpls lsr-id 4.4.4.4

[PE4] mpls ldp

[PE4-ldp] mldp p2mp

[PE4-ldp] mldp recursive-fec

[PE4-ldp] quit

# Create a VPN instance named a, and configure the RD and route targets for the VPN instance.

[PE4] ip vpn-instance a

[PE4-vpn-instance-a] route-distinguisher 300:1

[PE4-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE4-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE4-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE4] multicast routing vpn-instance a

[PE4-mrib-a] quit

# Create an mLDP-based MVPN for VPN instance a.

[PE4] multicast-vpn vpn-instance a mode mldp

# Create an MVPN IPv4 address family for VPN instance a.

[PE4-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface, enable dynamic inclusive tunnel creation, and enable dynamic selective tunnel creation for VPN instance a.

[PE4-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic

[PE4-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic

[PE4-mvpn-vpn-instance-a-ipv4] quit

[PE4-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure the RD and route targets for the VPN instance.

[PE4] ip vpn-instance b

[PE4-vpn-instance-b] route-distinguisher 400:1

[PE4-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE4-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE4-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE4] multicast routing vpn-instance b

[PE4-mrib-b] quit

# Create an mLDP-based MVPN for VPN instance b,.

[PE4] multicast-vpn vpn-instance b mode mldp

# Create an MVPN IPv4 address family for VPN instance b.

[PE4-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface, enable dynamic inclusive tunnel creation, and enable dynamic selective tunnel creation for VPN instance b.

[PE4-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE4-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic

[PE4-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic

[PE4-mvpn-vpn-instance-b-ipv4] quit

[PE4-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ip address 10.5.1.2 24

[PE4-Ten-GigabitEthernet3/0/1] mpls enable

[PE4-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE4-Ten-GigabitEthernet3/0/2] ip address 11.3.1.1 24

[PE4-Ten-GigabitEthernet3/0/2] pim sm

[PE4-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE4-Ten-GigabitEthernet3/0/3] ip address 11.4.1.1 24

[PE4-Ten-GigabitEthernet3/0/3] pim sm

[PE4-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE4] interface loopback 1

[PE4-LoopBack1] ip address 4.4.4.4 32

[PE4-LoopBack1] quit

# Configure BGP.

[PE4] bgp 200

[PE4-bgp-default] peer 3.3.3.3 as-number 200

[PE4-bgp-default] peer 3.3.3.3 connect-interface loopback 1

[PE4-bgp-default] peer 1.1.1.1 as-number 100

[PE4-bgp-default] peer 1.1.1.1 ebgp-max-hop 10

[PE4-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE4-bgp-default] address-family ipv4

[PE4-bgp-default-ipv4] peer 3.3.3.3 enable

[PE4-bgp-default-ipv4] peer 3.3.3.3 label-route-capability

[PE4-bgp-default-ipv4] quit

[PE4–bgp-default] address-family ipv4 mvpn

[PE4–bgp-default-mvpn] peer 1.1.1.1 enable

[PE4–bgp-default-mvpn] quit

[PE4–bgp-default] address-family vpnv4

[PE4–bgp-default-vpnv4]mvpn-advertise-rt-import

[PE4–bgp-default-vpnv4] peer 1.1.1.1 enable

[PE4–bgp-default-vpnv4] quit

[PE4–bgp-default] ip vpn-instance a

[PE4-bgp-default-a] address-family ipv4

[PE4-bgp-default-ipv4-a] import-route ospf 2

[PE4-bgp-default-ipv4-a] import-route direct

[PE4-bgp-default-ipv4-a] quit

[PE4-bgp-default-a] quit

[PE4–bgp-default] ip vpn-instance b

[PE4-bgp-default-b] address-family ipv4

[PE4-bgp-default-ipv4-b] import-route ospf 3

[PE4-bgp-default-ipv4-b] import-route direct

[PE4-bgp-default-ipv4-b] quit

[PE4-bgp-default-b] quit

[PE4–bgp-default] quit

# Configure OSPF.

[PE4] ospf 1

[PE4-ospf-1] area 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[PE4-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

[PE4-ospf-1-area-0.0.0.0] quit

[PE4-ospf-1] quit

[PE4] ospf 2 vpn-instance a

[PE4-ospf-2] import-route bgp 200

[PE4-ospf-2] area 0.0.0.0

[PE4-ospf-2-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[PE4-ospf-2-area-0.0.0.0] quit

[PE4-ospf-2] quit

[PE4] ospf 3 vpn-instance b

[PE4-ospf-3] import-route bgp 200

[PE4-ospf-3] area 0.0.0.0

[PE4-ospf-3-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[PE4-ospf-3-area-0.0.0.0] quit

[PE4-ospf-3] quit

5. Configure P 1:

# Configure an LSR ID, and enable LDP and mLDP P2MP globally.

[P1] mpls lsr-id 5.5.5.5

[P1] mpls ldp

[P1-ldp] mldp p2mp

[P1-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[P1] interface ten-gigabitethernet 3/0/1

[P1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[P1-Ten-GigabitEthernet3/0/1] mpls enable

[P1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[P1] interface ten-gigabitethernet 3/0/2

[P1-Ten-GigabitEthernet3/0/2] ip address 10.2.1.1 24

[P1-Ten-GigabitEthernet3/0/2] mpls enable

[P1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P1-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[P1] interface loopback 1

[P1-LoopBack1] ip address 5.5.5.5 32

[P1-LoopBack1] quit

# Configure OSPF.

[P1] ospf 1

[P1-ospf-1] area 0.0.0.0

[P1-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0

[P1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[P1-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

6. Configure P 2:

# Configure an LSR ID, and enable LDP, mLDP P2MP, and mLDP recursive FEC globally.

[P2] mpls lsr-id 6.6.6.6

[P2] mpls ldp

[P2-ldp] mldp p2mp

[P2-ldp] mldp recursive-fec

[P2-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable MPLS and IPv4 LDP on the interface.

[P2] interface ten-gigabitethernet 3/0/1

[P2-Ten-GigabitEthernet3/0/1] ip address 10.5.1.1 24

[P2-Ten-GigabitEthernet3/0/1] mpls enable

[P2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable MPLS and IPv4 LDP on the interface.

[P2] interface ten-gigabitethernet 3/0/2

[P2-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24

[P2-Ten-GigabitEthernet3/0/2] mpls enable

[P2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1.

[P2] interface loopback 1

[P2-LoopBack1] ip address 6.6.6.6 32

[P2-LoopBack1] quit

# Configure OSPF.

[P2] ospf 1

[P2-ospf-1] area 0.0.0.0

[P2-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0

[P2-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255

[P2-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255

7. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 12.1.1.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEa1] ospf 1

[CEa1-ospf-1] area 0.0.0.0

[CEa1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] quit

[CEa1-ospf-1] quit

8. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 12.2.1.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 11.2.1.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb1] ospf 1

[CEb1-ospf-1] area 0.0.0.0

[CEb1-ospf-1-area-0.0.0.0] network 12.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] quit

[CEb1-ospf-1] quit

9. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 12.3.1.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 11.3.1.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEa2] ospf 1

[CEa2-ospf-1] area 0.0.0.0

[CEa2-ospf-1-area-0.0.0.0] network 12.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] quit

[CEa2-ospf-1] quit

10. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMPv3 on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 12.4.1.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] igmp version 3

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 11.4.1.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb2] ospf 1

[CEb2-ospf-1] area 0.0.0.0

[CEb2-ospf-1-area-0.0.0.0] network 12.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] quit

[CEb2-ospf-1] quit

Verifying the configuration

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 1.

[PE1]display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel interface: LSPVOif0

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: Up

Opaque value: 0x010004e4000000

Root: 1.1.1.1 (local)

Leafs:

1: 4.4.4.4

# Display information about mLDP selective tunnels for VPN instance a on PE 1.

[PE1]display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel interface: LSPVOif2

Tunnel identifier: mLDP P2MP <0xe4000002>

Tunnel state: Up

Opaque value: 0x010004e4000002

Root: 1.1.1.1 (local)

# Display C-multicast A-D route information for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(12.1.1.100, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: LSPVOif2

# Display PIM routing entries for VPN instance a on PE 1.

[PE1]display pim vpn-instance a routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.1.1.100, 225.0.0.1)

RP: 11.1.1.1 (local)

Protocol: pim-sm, Flag: SPT 2MSDP ACT RC SRC-ACT 2MVPN

UpTime: 00:00:43

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 11.1.1.2

RPF prime neighbor: 11.1.1.2

Downstream interface information:

Total number of downstream interfaces: 1

1: LSPVOif2

Protocol: MD, UpTime: 00:00:30, Expires: -

# Display information about the mLDP inclusive tunnel for VPN instance b on PE 2.

[PE1]display multicast-vpn vpn-instance b inclusive-tunnel local

Tunnel interface: LSPVOif1

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: up

Opaque value: 0x010004e4000001

Root: 1.1.1.1 (local)

Leafs:

1: 4.4.4.4

# Display information about mLDP selective tunnels for VPN instance b on PE 2.

[PE1]display multicast-vpn vpn-instance b selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel interface: LSPVOif3

Tunnel identifier: mLDP P2MP <0xe4000003>

Tunnel state: Up

Opaque value: 0x010004e4000003

Root: 1.1.1.1 (local)

# Display PIM routing entries for VPN instance b on PE 2.

[PE1]display pim vpn-instance b routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.2.1.100, 232.0.0.0)

Protocol: pim-ssm, Flag: RC

UpTime: 00:26:06

Upstream interface: Ten-GigabitEthernet3/0/3

Upstream neighbor: 11.2.1.2

RPF prime neighbor: 11.2.1.2

Downstream interface information:

Total number of downstream interfaces: 1

1: LSPVOif3

Protocol: MD, UpTime: 00:25:56, Expires: -

# Display information about the mLDP inclusive tunnel for VPN instance a on PE 4.

[PE4] display multicast-vpn vpn-instance a inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000000>

Tunnel state: --

Opaque value: 0x010004e4000000

Root: 1.1.1.1

Leaf:

1: 4.4.4.4 (local)

# Display information about mLDP selective tunnels for VPN instance a on PE 4.

[PE4] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000002>

Tunnel state: --

Opaque value: 0x010004e4000002

Root: 1.1.1.1

Leaf:

1: 4.4.4.4 (local)

# Display information about the mLDP inclusive tunnel for VPN instance b on PE 4.

[PE4] display multicast-vpn vpn-instance b inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: --

Opaque value: 0x010004e4000001

Root: 1.1.1.1

Leaf:

1: 4.4.4.4 (local)

# Display information about mLDP selective tunnels for VPN instance b on PE 4.

[PE4] display multicast-vpn vpn-instance b inclusive-tunnel remote

Tunnel interface: --

Tunnel identifier: mLDP P2MP <0xe4000001>

Tunnel state: --

Opaque value: 0x010004e4000001

Root: 1.1.1.1

Leaf:

1: 4.4.4.4(local)

Example: Configuring intra-AS BIER-based MVPN

Network configuration

As shown in Figure 202, configure intra-AS BIER-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 1, R 2, and R 3 are receivers. · In VPN instance b, S 2 is a multicast source, and R 4 is a receiver.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 and Ten-GigabitEthernet 3/0/3 belong to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/2 belongs to VPN instance b. Ten-GigabitEthernet 3/0/3 belongs to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 and Loopback 2 belong to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and BIER	· Configure IS-IS on the public network, and configure RIP between the PEs and the CEs. · Establish BGP peer connections between PE 1, PE 2, and PE 3 on their respective Loopback 1. · Configure BIER on the public network.
IP multicast routing	· Enable IP multicast routing for VPN instance a on PE 1, PE 2, and PE 3. · Enable IP multicast routing for VPN instance b on PE 2 and PE 3. · Enable IP multicast routing on CE a1, CE a2, CE a3, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/2 of PE 1. · Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2, CE a3, and CE b2.
PIM	· Enable PIM-SM on all interfaces that do not have attached receiver hosts on PE 1, PE 2, and PE 3. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE a3, CE b1, and CE b2. · Configure Loopback 1 of CE a2 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups. · Configure Loopback 2 of PE 3 as a C-BSR and a C-RP for VPN instance b to provide services for all multicast groups.
MSDP	· Enable MSDP on CE a2, and specify Ten-GigabitEthernet 3/0/2 as the local MSDP connection interface. · Enable MSDP on PE 2 for VPN instance a, and specify Ten-GigabitEthernet 3/0/3 as the local MSDP connection interface.

Figure 202 Network diagram

‌

Table 48 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	10.110.7.2/24	PE 3	XGE3/0/1	192.168.8.1/24
S 2	—	10.110.8.2/24	PE 3	XGE3/0/2	10.110.5.1/24
R 1	—	10.110.1.2/24	PE 3	XGE3/0/3	10.110.6.1/24
R 2	—	10.110.9.2/24	PE 3	Loop1	1.1.1.3/32
R 3	—	10.110.10.2/24	PE 3	Loop2	33.33.33.33/32
R 4	—	10.110.11.2/24	CE a1	XGE3/0/1	10.110.7.1/24
P	XGE3/0/1	192.168.6.2/24	CE a1	XGE3/0/2	10.110.2.2/24
P	XGE3/0/2	192.168.7.2/24	CE a2	XGE3/0/1	10.110.9.1/24
P	XGE3/0/3	192.168.8.2/24	CE a2	XGE3/0/2	10.110.4.2/24
P	Loop1	2.2.2.2/32	CE a2	XGE3/0/3	10.110.12.1/24
PE 1	XGE3/0/1	192.168.6.1/24	CE a2	Loop1	22.22.22.22/32
PE 1	XGE3/0/2	10.110.1.1/24	CE a3	XGE3/0/1	10.110.10.1/24
PE 1	XGE3/0/3	10.110.2.1/24	CE a3	XGE3/0/2	10.110.5.2/24
PE 1	Loop1	1.1.1.1/32	CE a3	XGE3/0/3	10.110.12.2/24
PE 2	XGE3/0/1	192.168.7.1/24	CE b1	XGE3/0/1	10.110.8.1/24
PE 2	XGE3/0/2	10.110.3.1/24	CE b1	XGE3/0/2	10.110.3.2/24
PE 2	XGE3/0/3	10.110.4.1/24	CE b2	XGE3/0/1	10.110.11.1/24
PE 2	Loop1	1.1.1.2/32	CE b2	XGE3/0/2	10.110.6.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure BIER.

[PE1] bier

[PE1-bier] sub-domain 0 ipv6

[PE1-bier-sub-domain-0-ipv6] bfr-id 1

[PE1-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE1-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE1-bier-sub-domain-0-ipv6] g-bier mpra 5001::1

# Configure SRv6.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 11::11

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2:: 96 static 8

# Configure a multicast service prefix.

[PE1] multicast-service-prefix ms1 ipv6-prefix 1234:1:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing in VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-vpn-instance-a-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-vpn-instance-a-ipv4] tunnel-source multicast-service-prefix ms1 service-id 12

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 9000:6::1 64

[PE1-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable IGMP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.110.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] igmp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.110.2.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable IS-IS on the interface.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] ipv6 address 1111::1111 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 1112::1112 as-number 100

[PE1-bgp-default] peer 1112::1112 connect-interface loopback 1

[PE1-bgp-default] peer 1113::1113 as-number 100

[PE1-bgp-default] peer 1113::1113 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 1112::1112 enable

[PE1-bgp-default-mvpn] peer 1113::1113 enable

[PE1-bgp-default-mvpn] quit

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1-bgp-default-vpnv4] peer 1112::1112 enable

[PE1-bgp-default-vpnv4] peer 1113::1113 enable

[PE1-bgp-default-vpnv4] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4 unicast

[PE1-bgp-default-ipv4-a] import-route rip 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] quit

# Configure IS-IS.

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] bier enable

[PE1-isis-1] network-entity 10.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure RIP.

[PE1] rip 2 vpn-instance a

[PE1-rip-2] network 10.110.1.0 0.0.0.255

[PE1-rip-2] network 10.110.2.0 0.0.0.255

[PE1-rip-2] import-route bgp

[PE1-rip-2] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 1.1.1.2

# Configure BIER.

[PE2] bier

[PE2-bier] sub-domain 0 ipv6

[PE2-bier-sub-domain-0-ipv6] bfr-id 2

[PE2-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE2-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE2-bier-sub-domain-0-ipv6] g-bier mpra 5002::1

# Configure SRv6.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 22::22

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 2:2:: 96 static 8

# Configure a multicast service prefix.

[PE2] multicast-service-prefix ms1 ipv6-prefix 1234:2:: 64 service-id-length 10

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance b

[PE2-vpn-instance-b] route-distinguisher 200:1

[PE2-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE2-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE2-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE2] multicast routing vpn-instance b

[PE2-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE2] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE2-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE2-mvpn-vpn-instance-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE2-mvpn-vpn-instance-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE2-mvpn-vpn-instance-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE2-mvpn-vpn-instance-b-ipv4] tunnel-source multicast-service-prefix ms1 service-id 12

[PE2-mvpn-vpn-instance-b-ipv4] quit

[PE2-mvpn-vpn-instance-b] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance a

[PE2-vpn-instance-a] route-distinguisher 100:1

[PE2-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE2] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE2-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE2-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE2-mvpn-vpn-instance-a-ipv4] quit

[PE2-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 9000:7::1 64

[PE2-Ten-GigabitEthernet3/0/1] is-is ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance b

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.110.3.1 24

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.110.4.1 24

[PE2-Ten-GigabitEthernet3/0/3] pim sm

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1 and enable IS-IS on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.2 32

[PE2-LoopBack1] ipv6 address 1112::1112 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1111::1111 as-number 100

[PE2-bgp-default] peer 1111::1111 connect-interface loopback 1

[PE2-bgp-default] peer 1113::1113 as-number 100

[PE2-bgp-default] peer 1113::1113 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 mvpn

[PE2-bgp-default-mvpn] peer 1111::1111 enable

[PE2-bgp-default-mvpn] peer 1113::1113 enable

[PE2-bgp-default-mvpn] quit

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE2-bgp-default-vpnv4] peer 1111::1111 enable

[PE2-bgp-default-vpnv4] peer 1113::1113 enable

[PE2-bgp-default-vpnv4] quit

[PE2–bgp-default] ip vpn-instance a

[PE2-bgp-default-a] address-family ipv4 unicast

[PE2-bgp-default-ipv4-a] import-route rip 2

[PE2-bgp-default-ipv4-a] import-route direct

[PE2-bgp-default-ipv4-a] quit

[PE2-bgp-default-a] quit

[PE2–bgp-default] ip vpn-instance b

[PE2-bgp-default-b] address-family ipv4 unicast

[PE2-bgp-default-ipv4-b] import-route rip 3

[PE2-bgp-default-ipv4-b] import-route direct

[PE2-bgp-default-ipv4-b] quit

[PE2-bgp-default-b] quit

[PE2–bgp-default] quit

# Configure IS-IS.

[PE2] isis 1

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] bier enable

[PE2-isis-1] network-entity 10.0000.0000.0002.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure RIP.

[PE2] rip 2 vpn-instance a

[PE2-rip-2] network 10.110.4.0 0.0.0.255

[PE2-rip-2] import-route bgp

[PE2-rip-2] quit

[PE2] rip 3 vpn-instance b

[PE2-rip-3] network 10.110.3.0 0.0.0.255

[PE2-rip-3] import-route bgp

[PE2-rip-3] quit

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 1.1.1.3

# Configure BIER.

[PE3] bier

[PE3-bier] sub-domain 0 ipv6

[PE3-bier-sub-domain-0-ipv6] bfr-id 1

[PE3-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE3-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE3-bier-sub-domain-0-ipv6] g-bier mpra 5003::1

# Configure SRv6.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 33::33

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 3:2:: 96 static 8

# Configure a multicast service prefix.

[PE3] multicast-service-prefix ms1 ipv6-prefix 1234:3:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance a

[PE3-vpn-instance-a] route-distinguisher 100:1

[PE3-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE3-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE3-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE3] multicast routing vpn-instance a

[PE3-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE3] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE3-mvpn-vpn-instance-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE3-mvpn-vpn-instance-a-ipv4] source loopback 1

[PE3-mvpn-vpn-instance-a-ipv4] quit

[PE3-mvpn-vpn-instance-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance b

[PE3-vpn-instance-b] route-distinguisher 200:1

[PE3-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE3-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE3-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE3] multicast routing vpn-instance b

[PE3-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE3] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE3-mvpn-vpn-instance-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE3-mvpn-vpn-instance-b-ipv4] source loopback 1

[PE3-mvpn-vpn-instance-b-ipv4] quit

[PE3-mvpn-vpn-instance-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ipv6 address 9000:8::1 64

[PE3-Ten-GigabitEthernet3/0/1] is-is ipv6 enable 1

[PE3-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.1 24

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE3-Ten-GigabitEthernet3/0/3] ip address 10.110.6.1 24

[PE3-Ten-GigabitEthernet3/0/3] pim sm

[PE3-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1 and enable IS-IS on the interface.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 1.1.1.3 32

[PE3-LoopBack1] ipv6 address 1113::1113 128

[PE3-LoopBack1] isis ipv6 enable 1

[PE3-LoopBack1] quit

# Associate Loopback 2 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface loopback 2

[PE3-LoopBack2] ip binding vpn-instance b

[PE3-LoopBack2] ip address 33.33.33.33 32

[PE3-LoopBack2] pim sm

[PE3-LoopBack2] quit

# Configure Loopback 2 as a C-BSR and a C-RP.

[PE3] pim vpn-instance b

[PE3-pim-b] c-bsr 33.33.33.33

[PE3-pim-b] c-rp 33.33.33.33

[PE3-pim-b] quit

# Configure BGP.

[PE3] bgp 100

[PE3-bgp-default] peer 1.1.1.1 as-number 100

[PE3-bgp-default] peer 1.1.1.1 connect-interface loopback 1

[PE3-bgp-default] peer 1.1.1.2 as-number 100

[PE3-bgp-default] peer 1.1.1.2 connect-interface loopback 1

[PE3-bgp-default] address-family ipv4 mvpn

[PE3-bgp-default-mvpn] peer 1.1.1.1 enable

[PE3-bgp-default-mvpn] peer 1.1.1.2 enable

[PE3-bgp-default-mvpn]quit

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE3-bgp-default-vpnv4] peer 1.1.1.1 enable

[PE3-bgp-default-vpnv4] peer 1.1.1.2 enable

[PE3-bgp-default-vpnv4] quit

[PE3–bgp-default] ip vpn-instance a

[PE3-bgp-default-a] address-family ipv4 unicast

[PE3-bgp-default-ipv4-a] import-route rip 2

[PE3-bgp-default-ipv4-a] import-route direct

[PE3-bgp-default-ipv4-a] quit

[PE3-bgp-default-a] quit

[PE3–bgp-default] ip vpn-instance b

[PE3-bgp-default-b] address-family ipv4 unicast

[PE3-bgp-default-ipv4-b] import-route rip 3

[PE3-bgp-default-ipv4-b] import-route direct

[PE3-bgp-default-ipv4-b] quit

[PE3-bgp-default-b] quit

[PE3–bgp-default] quit

# Configure IS-IS.

[PE3] isis 1

[PE3-isis-1] is-level level-1

[PE3-isis-1] cost-style wide

[PE3-isis-1] bier enable

[PE3-isis-1] network-entity 10.0000.0000.0003.00

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure RIP.

[PE3] rip 2 vpn-instance a

[PE3-rip-2] network 10.110.5.0 0.0.0.255

[PE3-rip-2] import-route bgp

[PE3-rip-2] quit

[PE3] rip 3 vpn-instance b

[PE3-rip-3] network 10.110.6.0 0.0.0.255

[PE3-rip-3] network 33.33.33.33 0.0.0.0

[PE3-rip-3] import-route bgp

[PE3-rip-3] quit

4. Configure P:

# Configure BIER.

[P] bier

[P-bier] sub-domain 0 ipv6

[P-bier-sub-domain-0-ipv6] bfr-id 4

[P-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[P-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[P-bier-sub-domain-0-ipv6] g-bier mpra 5004::1

# Configure SRv6.

[P] segment-routing ipv6

[P-segment-routing-ipv6] encapsulation source-address 44::44

[P-segment-routing-ipv6] locator aaa ipv6-prefix 4:2:: 96 static 8

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ipv6 address 9000:6::2 64

[P-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable IS-IS on the interface.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ipv6 address 9000:7::2 64

[P-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet3/0/3, and enable IS-IS on the interface.

[P] interface ten-gigabitethernet 3/0/3

[P-Ten-GigabitEthernet3/0/3] ipv6 address 9000:8::2 64

[P-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1 and enable IS-IS on the interface.

[P] interface loopback 1

[P-LoopBack1] ip address 2.2.2.2 32

[P-LoopBack1] ipv6 address 2222::2222 64

[P-LoopBack1] isis ipv6 enable 1

[P-LoopBack1] quit

# Configure IS-IS.

[P] isis 1

[P-isis-1] is-level level-1

[P-isis-1] cost-style wide

[P-isis-1] bier enable

[P-isis-1] network-entity 10.0000.0000.0004.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] segment-routing ipv6 locator aaa

[P-isis-1-ipv6] quit

[P-isis-1] quit

5. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 10.110.7.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 10.110.2.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEa1] rip 2

[CEa1-rip-2] network 10.110.2.0 0.0.0.255

[CEa1-rip-2] network 10.110.7.0 0.0.0.255

[CEa1-rip-2] quit

6. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 10.110.8.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 10.110.3.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb1] rip 3

[CEb1-rip-3] network 10.110.3.0 0.0.0.255

[CEb1-rip-3] network 10.110.8.0 0.0.0.255

[CEb1-rip-2] quit

7. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 10.110.9.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 10.110.4.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/3

[CEa2-Ten-GigabitEthernet3/0/3] ip address 10.110.12.1 24

[CEa2-Ten-GigabitEthernet3/0/3] pim sm

[CEa2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[CEa2] interface loopback 1

[CEa2-LoopBack1] ip address 22.22.22.22 32

[CEa2-LoopBack1] pim sm

[CEa2-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP.

[CEa2] pim

[CEa2-pim] c-bsr 22.22.22.22

[CEa2-pim] c-rp 22.22.22.22

[CEa2-pim] quit

# Configure MSDP.

[CEa2] msdp

[CEa2-msdp] peer 10.110.4.1 connect-interface ten-gigabitethernet 3/0/2

[CEa2-msdp] quit

# Configure RIP.

[CEa2] rip 2

[CEa2-rip-2] network 10.110.4.0 0.0.0.255

[CEa2-rip-2] network 10.110.9.0 0.0.0.255

[CEa2-rip-2] network 10.110.12.0 0.0.0.255

[CEa2-rip-2] network 22.22.22.22 0.0.0.0

[CEa2-rip-2] quit

8. Configure CE a3:

# Enable IP multicast routing.

<CEa3> system-view

[CEa3] multicast routing

[CEa3-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa3] interface ten-gigabitethernet 3/0/1

[CEa3-Ten-GigabitEthernet3/0/1] ip address 10.110.10.1 24

[CEa3-Ten-GigabitEthernet3/0/1] igmp enable

[CEa3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/2

[CEa3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.2 24

[CEa3-Ten-GigabitEthernet3/0/2] pim sm

[CEa3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/3

[CEa3-Ten-GigabitEthernet3/0/3] ip address 10.110.12.2 24

[CEa3-Ten-GigabitEthernet3/0/3] pim sm

[CEa3-Ten-GigabitEthernet3/0/3] quit

# Configure RIP.

[CEa3] rip 2

[CEa3-rip-2] network 10.110.5.0 0.0.0.255

[CEa3-rip-2] network 10.110.10.0 0.0.0.255

[CEa3-rip-2] network 10.110.12.0 0.0.0.255

[CEa3-rip-2] quit

9. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 10.110.11.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 10.110.6.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb2] rip 3

[CEb2-rip-3] network 10.110.6.0 0.0.0.255

[CEb2-rip-3] network 10.110.11.0 0.0.0.255

[CEb2-rip-2] quit

Verifying the configuration

# Display information about the BIER inclusive tunnel for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif0

Tunnel state: Up

Flags: 0x30

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 4001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.1 (local)

Leafs:

1: BFR-ID: 2 BFR prefix: 4002::

Uptime: 00:10:05 Originating router: 1.1.1.2

2: BFR-ID: 3 BFR prefix: 4003::

Uptime: 00:09:50 Originating router: 1.1.1.3

# Display information about BIER selective tunnels for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif1

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 4001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.1 (local)

Leafs:

1: BFR-ID: 2 BFR prefix: 4002::

Uptime: 00:00:23 Originating router: 1.1.1.2

# Display C-multicast A-D route information for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.7.2, 225.0.0.1)

CreateTime: 00:02:20

Tunnel Information: BIERVOif1

# Display information about the BIER inclusive tunnel for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID: 0

BFR-ID: 1

BFR prefix: 4001::

Root: 1.1.1.1

Leaf:

1: BFR-ID: 2 BFR prefix: 4002::

Uptime: -- Originating router: 1.1.1.2

# Display information about BIER selective tunnels for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID: 0

BFR-ID: 1

BFR prefix: 4001::

Root: 1.1.1.1

Leaf:

1: BFR-ID: 2 BFR prefix: 4002::

Uptime: -- Originating router: 1.1.1.2

# Display information about the BIER inclusive tunnel for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif0

Tunnel state: Up

Flags: 0x30

Sub-domain ID/BSL: 0/128

BFR-ID: 2

BFR prefix: 4002::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.2 (local)

Leafs:

1: BFR-ID: 1 BFR prefix: 4001::

Uptime: 00:10:05 Originating router: 1.1.1.1

2: BFR-ID: 3 BFR prefix: 4003::

Uptime: 00:09:50 Originating router: 1.1.1.3

# Display information about BIER selective tunnels for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif1

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 2

BFR prefix: 4002::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.2 (local)

Leafs:

1: BFR-ID: 3 BFR prefix: 4003::

Uptime: 00:00:23 Originating router: 1.1.1.3

# Display C-multicast A-D route information for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.8.2, 225.0.0.1)

CreateTime: 00:02:20

Tunnel Information: BIERVOif1

# Display information about the BIER inclusive tunnel for VPN instance b on PE 3.

[PE3] display multicast-vpn vpn-instance b inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID: 0

BFR-ID: 2

BFR prefix: 4002::

Root: 1.1.1.2

Leaf:

1: BFR-ID: 3 BFR prefix: 4003::

Uptime: -- Originating router: 1.1.1.3

# Display information about BIER selective tunnels for VPN instance b on PE 3.

[PE3] display multicast-vpn vpn-instance b selective-tunnel remote

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID: 0

BFR-ID: 2

BFR prefix: 4002::

Root: 1.1.1.2

Leaf:

1: BFR-ID: 3 BFR prefix: 4003::

Uptime: -- Originating router: 1.1.1.3

Example: Configuring intra-AS option A BIER-based MVPN

Network configuration

As shown in Figure 203, configure intra-AS option A BIER-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 2 is a receiver. · In VPN instance b, S 2 is a multicast source, and R 1 is a receiver. · PIM-SM is used in VPN instance a. · PIM-SSM is used in VPN instance b.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. · PE 3: Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 and Loopback 2 belong to VPN instance b. · PE 4: Ten-GigabitEthernet 3/0/2 belong to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and BIER	· Configure IS-IS in AS 100 and AS 200, and configure OSPF between the PEs and the CEs. · Establish IBGP peer connections between PE 1 and PE 2, and between PE 3 and PE 4 on their respective Loopback 1. Establish EBGP peer connections between PE 2 and PE 3 on Ten-GigabitEthernet 3/0/2. · Establish BGP IPv4 MVPN peer connections between PE 1 and PE 2, and between PE 3 and PE 4 on their respective Loopback 1. · Configure BIER in AS 100 and AS 200. · Emable BIER on P 1 and P 2.
IP multicast routing	· Enable IP multicast routing for VPN instance a on PE 1 and PE 4. · Enable IP multicast routing for VPN instance b on PE 1 and PE 4. · Enable IP multicast routing on CE a1, CE a2, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2. · Enable IGMPv3 on Ten-GigabitEthernet 3/0/1 of CE b2.
PIM	· Enable PIM-SM on all private interfaces on PE 1 and PE 4. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE b1, and CE b2. · Configure Ten-GigabitEthernet 3/0/2 of CE a1 as a C-BSR and a C-RP for VPN instance a in AS 100 to provide services for all multicast groups. · Configure Ten-GigabitEthernet 3/0/2 of CE a2 as a C-BSR and a C-RP for VPN instance b in AS 200 to provide services for all multicast groups.
MSDP	· Enable MSDP on CE a1, and specify Ten-GigabitEthernet 3/0/2 as the local MSDP connection interface. · Enable MSDP on CE a2 for and specify Ten-GigabitEthernet 3/0/2 as the local MSDP connection interface.

Figure 203 Network diagram

‌

Table 49 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	12.1.1.100/24	R 1	—	12.4.1.100/24
S 2	—	12.2.1.100/24	R 2	—	12.3.1.100/24
PE 1	XGE3/0/1	10.1.1.1/24 1011::1/80	PE 3	XGE3/0/1	10.4.1.1/24 1041::1/80
PE 1	XGE3/0/2	11.1.1.1/24	PE 3	XGE3/0/2	10.3.1.2/24
PE 1	-		PE 3	XGE3/0/3	10.6.1.2/24
PE 1	XGE3/0/3	11.2.1.1/24	PE 3	Loop1	3.3.3.3/32 3333::3333/128
PE 1	Loop1	1.1.1.1/32 1111::1111/128	PE 4	XGE3/0/1	10.5.1.2/24 1051::2/80
PE 2	XGE3/0/1	10.2.1.2/24 1021::2/80	PE 4	XGE3/0/2	11.3.1.1/24
PE 2	XGE3/0/2	10.3.1.1/24	PE 4	XGE3/0/3	11.4.1.1/24
PE 2	XGE3/0/3	10.6.1.1/24	PE 4	-
PE 2	Loop1	2.2.2.2/32 2222::2222/128	PE 4	Loop1	4.4.4.4/24 4444::4444/128
P 1	XGE3/0/1	10.1.1.2/24 1011::2/80	P 2	XGE3/0/1	10.5.1.1/24 1051::1/80
P 1	XGE3/0/2	10.2.1.1/24 1021::1/80	P 2	XGE3/0/2	10.4.1.2/24 1041::2/80
P 1	Loop1	5.5.5.5/32 5555::5555/128	P 2	Loop1	6.6.6.6/32 6666::6666/128
CE a1	XGE3/0/1	12.1.1.1/24	CE b1	XGE3/0/1	12.2.1.1/24
CE a1	XGE3/0/2	11.1.1.2/24	CE b1	XGE3/0/2	11.2.1.2/24
CE a2	XGE3/0/1	12.3.1.1/24	CE b2	XGE3/0/1	12.4.1.1/24
CE a2	XGE3/0/2	11.3.1.2/24	CE b2	XGE3/0/2	11.4.1.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure BIER.

[PE1] bier

[PE1-bier] sub-domain 0 ipv6

[PE1-bier-sub-domain-0-ipv6] bfr-id 1

[PE1-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE1-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE1-bier-sub-domain-0-ipv6] g-bier mpra 5001::1

# Configure SRv6.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 11::11

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2:: 96 static 8

# Configure a multicast service prefix.

[PE1] multicast-service-prefix ms1 ipv6-prefix 1234:1:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing in VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE1-mvpn-a-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-a-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-a-ipv4] tunnel-source multicast-service-prefix ms1 service-id 1

[PE1-mvpn-a-ipv4] quit

[PE1-mvpn-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance b

[PE1-vpn-instance-b] route-distinguisher 200:1

[PE1-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE1-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE1-vpn-instance-b] quit

# Enable IP multicast routing in VPN instance b.

[PE1] multicast routing vpn-instance b

[PE1-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE1] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE1-mvpn-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE1-mvpn-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE1-mvpn-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-b-ipv4] tunnel-source multicast-service-prefix ms1 service-id 2

[PE1-mvpn-b-ipv4] quit

[PE1-mvpn-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 1011::1 24

[PE1-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] pim sm

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE1-Ten-GigabitEthernet3/0/3] ip address 11.2.1.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign IP addresses to Loopback 1, and enable IS-IS on the interface.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] ipv6 address 1111::1111 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 2222::2222 as-number 100

[PE1-bgp-default] peer 2222::2222 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 2222::2222 enable

[PE1-bgp-default-mvpn] quit

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] peer 2222::2222 enable

[PE1–bgp-default-vpnv4] peer 2222::2222 next-hop-local

[PE1–bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1–bgp-default-vpnv4] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route ospf 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] ip vpn-instance b

[PE1-bgp-default-b] address-family ipv4

[PE1-bgp-default-ipv4-b] import-route ospf 3

[PE1-bgp-default-ipv4-b] import-route direct

[PE1-bgp-default-ipv4-b] quit

[PE1-bgp-default-b] quit

[PE1–bgp-default] quit

# Configure IS-IS.

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] bier enable

[PE1-isis-1] network-entity 10.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure OSPF.

[PE1] ospf 2 vpn-instance a

[PE1-ospf-2] area 0.0.0.0

[PE1-ospf-2-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[PE1-ospf-2-area-0.0.0.0] quit

[PE1-ospf-2] quit

[PE1] ospf 3 vpn-instance b

[PE1-ospf-3] area 0.0.0.0

[PE1-ospf-3-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[PE1-ospf-3-area-0.0.0.0] quit

[PE1-ospf-3] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 2.2.2.2

# Configure BIER.

[PE2] bier

[PE2-bier] sub-domain 0 ipv6

[PE2-bier-sub-domain-0-ipv6] bfr-id 2

[PE2-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE2-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE2-bier-sub-domain-0-ipv6] g-bier mpra 5002::1

# Configure SRv6.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 22::22

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 2:2:: 96 static 8

# Configure a multicast service prefix.

[PE2] multicast-service-prefix ms1 ipv6-prefix 1234:2:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance a

[PE2-vpn-instance-a] route-distinguisher 100:1

[PE2-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE2] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE2-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE2-mvpn-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE2-mvpn-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE2-mvpn-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE2-mvpn-a-ipv4] tunnel-source multicast-service-prefix ms1 service-id 1

[PE2-mvpn-a-ipv4] quit

[PE2-mvpn-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance b

[PE2-vpn-instance-b] route-distinguisher 200:1

[PE2-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE2-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE2-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE2] multicast routing vpn-instance b

[PE2-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE2] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE2-mvpn-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE2-mvpn-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE2-mvpn-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE2-mvpn-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE2-mvpn-b-ipv4] tunnel-source multicast-service-prefix ms1 service-id 2

[PE2-mvpn-b-ipv4] quit

[PE2-mvpn-b] quit

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 1021::2 80

[PE2-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.1 24

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[PE2-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.6.1.1 24

[PE2-Ten-GigabitEthernet3/0/3] pim sm

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign IP addresses to Loopback 1 and enable IS-IS on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.2 32

[PE2-LoopBack1] ipv6 address 2222::2222 80

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1111::1111 as-number 100

[PE2-bgp-default] peer 1111::1111 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 mvpn

[PE2-bgp-default-mvpn] peer 1111::1111 enable

[PE2-bgp-default-mvpn] quit

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE2-bgp-default-vpnv4] peer 1111::1111 enable

[PE2-bgp-default-vpnv4] peer 1111::1111 next-hop-local

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance a

[PE2-bgp-default] peer 10.3.1.2 as-number 200

[PE2-bgp-default-a] address-family ipv4 unicast

[PE2-bgp-default-ipv4-a] import-route direct

[PE2-bgp-default-ipv4-a] peer 10.3.1.2 enable

[PE2-bgp-default-ipv4-a] quit

[PE2-bgp-default-a] quit

[PE2-bgp-default] ip vpn-instance b

[PE2-bgp-default] peer 10.6.1.2 as-number 200

[PE2-bgp-default-b] address-family ipv4 unicast

[PE2-bgp-default-ipv4-b] import-route direct

[PE2-bgp-default-ipv4-b] peer 10.6.1.2 enable

[PE2-bgp-default-ipv4-b] quit

[PE2-bgp-default-b] quit

[PE2–bgp-default] quit

# Configure IS-IS.

[PE2] isis 1

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] bier enable

[PE2-isis-1] network-entity 10.0000.0000.0002.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator aaa

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 3.3.3.3

# Configure BIER.

[PE3] bier

[PE3-bier] sub-domain 0 ipv6

[PE3-bier-sub-domain-0-ipv6] bfr-id 3

[PE3-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE3-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE3-bier-sub-domain-0-ipv6] g-bier mpra 5003::1

# Configure SRv6.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 33::33

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 3:2:: 96 static 8

# Configure a multicast service prefix.

[PE3] multicast-service-prefix ms1 ipv6-prefix 1234:3:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance a

[PE3-vpn-instance-a] route-distinguisher 300:1

[PE3-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE3-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE3-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE3] multicast routing vpn-instance a

[PE3-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE3] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE3-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE3-mvpn-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE3-mvpn-a-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE3-mvpn-a-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE3-mvpn-a-ipv4] tunnel-source multicast-service-prefix ms1 service-id 1

[PE3-mvpn-a-ipv4] quit

[PE3-mvpn-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance b

[PE3-vpn-instance-b] route-distinguisher 400:1

[PE3-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE3-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE3-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE3] multicast routing vpn-instance b

[PE3-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE3] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE3-mvpn-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE3-mvpn-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE3-mvpn-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE3-mvpn-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE3-mvpn-b-ipv4] tunnel-source multicast-service-prefix ms1 service-id 2

[PE3-mvpn-b-ipv4] quit

[PE3-mvpn-b] quit

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ipv6 address 1041::1 80

[PE3-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE3-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] pim bsr-boundary

[PE3-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE3-Ten-GigabitEthernet3/0/3] ip address 10.6.1.2 24

[PE3-Ten-GigabitEthernet3/0/3] pim sm

[PE3-Ten-GigabitEthernet3/0/3] quit

# Assign IP addresses to Loopback 1 and enable IS-IS on the interface.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 3.3.3.3 32

[PE3-LoopBack1] ipv6 address 3333::3333 128

[PE3-LoopBack1] isis ipv6 enable 1

[PE3-LoopBack1] quit

# Configure BGP.

[PE3] bgp 200

[PE3-bgp-default] peer 4444::4444 as-number 200

[PE3-bgp-default] peer 4444::4444 connect-interface loopback 1

[PE3-bgp-default] address-family ipv4 mvpn

[PE3-bgp-default-mvpn] peer 4444::4444 enable

[PE3-bgp-default-mvpn] quit

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE3-bgp-default-vpnv4] peer 4444::4444 enable

[PE3-bgp-default-vpnv4] peer 4444::4444 next-hop-local

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default]ip vpn-instance a

[PE3-bgp-default-a] peer 10.3.1.1 as-number 100

[PE3-bgp-default-a] address-family ipv4 unicast

[PE3-bgp-default-ipv4-a] import-route direct

[PE3-bgp-default-ipv4-a] peer 10.3.1.1 enable

[PE3-bgp-default-ipv4-a] quit

[PE3-bgp-default-a] quit

[PE3-bgp-default]ip vpn-instance b

[PE3-bgp-default-b] peer 10.6.1.1 as-number 100

[PE3-bgp-default-b] address-family ipv4 unicast

[PE3-bgp-default-ipv4-b] import-route direct

[PE3-bgp-default-ipv4-b] peer 10.6.1.1 enable

[PE3-bgp-default-ipv4-b] quit

[PE3-bgp-default-b] quit

[PE3–bgp-default] quit

# Configure IS-IS.

[PE3] isis 1

[PE3-isis-1] is-level level-1

[PE3-isis-1] cost-style wide

[PE3-isis-1] bier enable

[PE3-isis-1] network-entity 10.0000.0000.0003.00

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] segment-routing ipv6 locator aaa

4. Configure PE 4:

# Configure a global router ID.

<PE4> system-view

[PE4] router id 4.4.4.4

# Configure BIER.

[PE4] bier

[PE4-bier] sub-domain 0 ipv6

[PE4-bier-sub-domain-0-ipv6] bfr-id 4

[PE4-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE4-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE4-bier-sub-domain-0-ipv6] g-bier mpra 5004::1

# Configure SRv6.

[PE4] segment-routing ipv6

[PE4-segment-routing-ipv6] encapsulation source-address 44::44

[PE4-segment-routing-ipv6] locator aaa ipv6-prefix 4:2:: 96 static 8

# Configure a multicast service prefix.

[PE4] multicast-service-prefix ms1 ipv6-prefix 1234:4:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE4] ip vpn-instance a

[PE4-vpn-instance-a] route-distinguisher 300:1

[PE4-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE4-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE4-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE4] multicast routing vpn-instance a

[PE4-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE4] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE4-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE4-mvpn-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE4-mvpn-a-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE4-mvpn-a-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE4-mvpn-a-ipv4] tunnel-source multicast-service-prefix ms1 service-id 1

[PE4-mvpn-a-ipv4] quit

[PE4-mvpn-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE4] ip vpn-instance b

[PE4-vpn-instance-b] route-distinguisher 400:1

[PE4-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE4-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE4-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE4] multicast routing vpn-instance b

[PE4-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE4] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE4-mvpn-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE4-mvpn-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE4-mvpn-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE4-mvpn-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE4-mvpn-b-ipv4] tunnel-source multicast-service-prefix ms1 service-id 2

[PE4-mvpn-b-ipv4] quit

[PE4-mvpn-b] quit

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ipv6 address 1051::2 24

[PE4-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE4-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE4-Ten-GigabitEthernet3/0/2] ip address 11.3.1.1 24

[PE4-Ten-GigabitEthernet3/0/2] pim sm

[PE4-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE4-Ten-GigabitEthernet3/0/3] ip address 11.4.1.1 24

[PE4-Ten-GigabitEthernet3/0/3] pim sm

[PE4-Ten-GigabitEthernet3/0/3] quit

# Assign IP addresses to Loopback 1 and enable IS-IS and PIM-SM on the interface.

[PE4] interface loopback 1

[PE4-LoopBack1] ip address 4.4.4.4 32

[PE4-LoopBack1] ipv6 address 4444::4444 128

[PE4-LoopBack1] isis ipv6 enable 1

[PE4-LoopBack1] pim sm

[PE4-LoopBack1] quit

# Configure BGP.

[PE4] bgp 200

[PE4-bgp-default] peer 3333::3333 as-number 200

[PE4-bgp-default] peer 3333::3333 connect-interface loopback 1

[PE4-bgp-default] address-family ipv4 mvpn

[PE4-bgp-default-mdt] peer 3333::3333 enable

[PE4-bgp-default-mdt] quit

[PE4–bgp-default] address-family vpnv4

[PE4–bgp-default-vpnv4] peer 3333::3333 enable

[PE4–bgp-default-vpnv4] peer 3333::3333 next-hop-local

[PE4–bgp-default-vpnv4] mvpn-advertise-rt-import

[PE4–bgp-default -vpnv4] quit

[PE4–bgp-default] ip vpn-instance a

[PE4-bgp-default-a] address-family ipv4

[PE4-bgp-default-ipv4-a] import-route ospf 2

[PE4-bgp-default-ipv4-a] import-route direct

[PE4-bgp-default-ipv4-a] quit

[PE4-bgp-default-a] quit

[PE4–bgp-default] ip vpn-instance b

[PE4-bgp-default-b] address-family ipv4

[PE4-bgp-default-ipv4-b] import-route ospf 3

[PE4-bgp-default-ipv4-b] import-route direct

[PE4-bgp-default-ipv4-b] quit

[PE4-bgp-default-b] quit

[PE4–bgp-default] quit

# Configure IS-IS.

[PE4] isis 1

[PE4-isis-1] is-level level-1

[PE4-isis-1] cost-style wide

[PE4-isis-1] bier enable

[PE4-isis-1] network-entity 10.0000.0000.0004.00

[PE4-isis-1] address-family ipv6 unicast

[PE4-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure OSPF.

[PE4] ospf 2 vpn-instance a

[PE4-ospf-2] import-route bgp 200

[PE4-ospf-2] area 0.0.0.0

[PE4-ospf-2-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[PE4-ospf-2-area-0.0.0.0] quit

[PE4-ospf-2] quit

[PE4] ospf 3 vpn-instance b

[PE4-ospf-3] import-route bgp 200

[PE4-ospf-3] area 0.0.0.0

[PE4-ospf-3-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[PE4-ospf-3-area-0.0.0.0] quit

[PE4-ospf-3] quit

5. Configure P 1:

# Configure BIER.

[P1] bier

[P1-bier] sub-domain 0 ipv6

[P1-bier-sub-domain-0-ipv6] bfr-id 5

[P1-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[P1-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[P1-bier-sub-domain-0-ipv6] g-bier mpra 5005::1

# Configure SRv6.

[P1] segment-routing ipv6

[P1-segment-routing-ipv6] encapsulation source-address 55::55

[P1-segment-routing-ipv6] locator aaa ipv6-prefix 5:2:: 96 static 8

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[P1] interface ten-gigabitethernet 3/0/1

[P1-Ten-GigabitEthernet3/0/1] ipv6 address 1011::2 80

[P1-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[P1-Ten-GigabitEthernet3/0/1] quit

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/2, and enable IS-IS on the interface.

[P1] interface ten-gigabitethernet 3/0/2

[P1-Ten-GigabitEthernet3/0/2] ipv6 address 1021::1 80

[P1-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P1-Ten-GigabitEthernet3/0/2] quit

# Assign IP addresses to Loopback 1 and enable IS-IS on the interface.

[P1] interface loopback 1

[P1-LoopBack1] ip address 5.5.5.5 32

[P1-LoopBack1] ipv6 address 5555::5555 128

[P1-LoopBack1] isis ipv6 enable 1

[P1-LoopBack1] quit

# Configure IS-IS.

[P1] isis 1

[P1-isis-1] is-level level-1

[P1-isis-1] cost-style wide

[P1-isis-1] bier enable

[P1-isis-1] network-entity 10.0000.0000.0005.00

[P1-isis-1] address-family ipv6 unicast

[P1-isis-1-ipv6] segment-routing ipv6 locator aaa

[P1-isis-1-ipv6] quit

[P1-isis-1] quit

6. Configure P 2:

# Configure BIER.

[P2] bier

[P2-bier] sub-domain 0 ipv6

[P2-bier-sub-domain-0-ipv6] bfr-id 6

[P2-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[P2-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[P2-bier-sub-domain-0-ipv6] g-bier mpra 5006::1

# Configure SRv6.

[P2] segment-routing ipv6

[P2-segment-routing-ipv6] encapsulation source-address 66::66

[P2-segment-routing-ipv6] locator aaa ipv6-prefix 6:2:: 96 static 8

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[P2] interface ten-gigabitethernet 3/0/1

[P2-Ten-GigabitEthernet3/0/1] ipv6 address 1051::1 24

[P2-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[P2-Ten-GigabitEthernet3/0/1] quit

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/2, and enable IS-IS on the interface.

[P2] interface ten-gigabitethernet 3/0/2

[P2-Ten-GigabitEthernet3/0/2] ipv6 address 1041::2 24

[P2-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P2-Ten-GigabitEthernet3/0/2] quit

# Assign IP addresses to Loopback 1 and enable IS-IS on the interface.

[P2] interface loopback 1

[P2-LoopBack1] ip address 6.6.6.6 32

[P2-LoopBack1] ipv6 address 6666::6666 128

[P2-LoopBack1] isis ipv6 enable 1

[P2-LoopBack1] quit

# Configure IS-IS.

[P2] isis 1

[P2-isis-1] is-level level-1

[P2-isis-1] cost-style wide

[P2-isis-1] bier enable

[P2-isis-1] network-entity 10.0000.0000.0006.00

[P2-isis-1] address-family ipv6 unicast

[P2-isis-1-ipv6] segment-routing ipv6 locator aaa

[P2-isis-1-ipv6] quit

[P2-isis-1] quit

7. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 12.1.1.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[CEa1] pim

[CEa1-pim] c-bsr 11.1.1.2

[CEa1-pim] c-rp 11.1.1.2

# Configure OSPF.

[CEa1] ospf 1

[CEa1-ospf-1] area 0.0.0.0

[CEa1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] quit

# Configure MSDP.

[CEa1] msdp

[CEa1-msdp] peer 11.3.1.2 connect-interface ten-gigabitethernet 3/0/2

[CEa1-msdp] quit

8. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 12.2.1.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 11.2.1.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb1] ospf 1

[CEb1-ospf-1] area 0.0.0.0

[CEb1-ospf-1-area-0.0.0.0] network 12.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] quit

[CEb1-ospf-1] quit

9. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 12.3.1.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 11.3.1.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[CEa2] pim

[CEa2-pim] c-bsr 11.3.1.2

[CEa2-pim] c-rp 11.3.1.2

[CEa2-pim] quit

# Configure OSPF.

[CEa2] ospf 1

[CEa2-ospf-1] area 0.0.0.0

[CEa2-ospf-1-area-0.0.0.0] network 12.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] quit

[CEa2-ospf-1] quit

# Configure MSDP.

[CEa2] msdp

[CEa2-msdp] peer 11.1.1.2 connect-interface ten-gigabitethernet 3/0/2

[CEa2-msdp] quit

10. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 12.4.1.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] igmp version 3

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 11.4.1.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb2] ospf 1

[CEb2-ospf-1] area 0.0.0.0

[CEb2-ospf-1-area-0.0.0.0] network 12.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] quit

[CEb2-ospf-1] quit

Verifying the configuration

# Display information about the BIER inclusive tunnel for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif0

Tunnel identifier: BIER <0x0, 0x1, 5001::>

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 5001:: (local)

Leafs:

1: BFR-ID: 2 BFR prefix: 5002::

Uptime: 00:01:00 Originating router: 5002::

# Display information about BIER selective tunnels for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnels in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif2

Tunnel identifier: BIER <0x0, 0x1, 5001::>

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 4001:: (local)

Leafs:

1: BFR-ID: 2 BFR prefix: 5002::

Uptime: 00:10:01 Originating router: 5002::

# Display C-multicast A-D route information for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(12.1.1.100, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: BIERVOif1

# Display information about the BIER inclusive tunnel for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Root: 5001::

Leaf:

1: BFR-ID: 2 BFR prefix: 5002::

Uptime: -- Originating router: 5002::

# Display information about BIER selective tunnels for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Root: 5001::

Leaf:

1: BFR-ID: 2 BFR prefix: 5002::

Uptime: -- Originating router: 5002::

# Display information about the PIM routing table for VPN instance a on PE 2.

[PE2] display pim vpn-instance a routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.1.1.100, 225.0.0.1)

RP: 11.1.1.2

Protocol: pim-sm, Flag: SPT ACT SC

UpTime: 00:56:25

Upstream interface: BIERVIif0(1.1.1.1)

Upstream neighbor: 1.1.1.1

RPF prime neighbor: 1.1.1.1

Downstream interface information:

Total number of downstream interfaces: 1

1: Ten-GigabitEthernet3/0/2

Protocol: pim-sm, UpTime: 00:56:25, Expires: 00:03:17

# Display information about the BIER inclusive tunnel for VPN instance a on PE 3.

[PE3] display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif0

Tunnel identifier: BIER <0x0, 0x1, 5003::>

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 3

BFR prefix: 5003::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 5003:: (local)

Leafs:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: 00:01:00 Originating router: 5004::

# Display information about BIER selective tunnels for VPN instance a on PE 3.

[PE3] display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif1

Tunnel identifier: BIER <0x0, 0x1, 5003::>

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 3

BFR prefix: 5003::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 4001:: (local)

Leafs:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: 00:10:01 Originating router: 5004::

# Display C-multicast A-D route information for VPN instance a on PE 3.

[PE3] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(12.1.1.100, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: BIERVOif1

# Display information about the PIM routing table for VPN instance a on PE 3.

[PE3] display pim vpn-instance a routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.1.1.100, 225.0.0.1)

RP: 11.3.1.2

Protocol: pim-sm, Flag: SPT ACT RC

UpTime: 00:54:22

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 10.3.1.1

RPF prime neighbor: 10.3.1.1

Downstream interface information:

Total number of downstream interfaces: 1

1: BIERVOif1

Protocol: MD, UpTime: 00:54:18, Expires: -

# Display information about the BIER inclusive tunnel for VPN instance b on PE 4.

[PE4] display multicast-vpn vpn-instance b inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 3

BFR prefix: 5003::

Root: 5003::

Leaf:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: -- Originating router: 5004::

# Display information about BIER selective tunnels for VPN instance a on PE 4.

[PE4] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 4

BFR prefix: 5003::

Root: 5003::

Leaf:

1: BFR-ID: 2 BFR prefix: 5004::

Uptime: -- Originating router: 5004::

Example: Configuring intra-AS option C BIER-based MVPN

Network configuration

As shown in Figure 204, configure intra-AS option C BIER-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 2 is a receiver. · In VPN instance b, S 2 is a multicast source, and R 1 is a receiver. · PIM-SSM is used in VPN instance a. · PIM-SM is used in VPN instance b.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/1, Ten-GigabitEthernet 3/0/2, and Loopback 1 belong to the public network. · PE 4: Ten-GigabitEthernet 3/0/2 belong to VPN instance a. Ten-GigabitEthernet 3/0/3 belongs to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and BIER	· Configure OSPF in AS 100 and AS 200, and configure OSPF between the PEs and the CEs. · Establish BGP peer connections between the following devices on their respective Loopback 1: PE 1 and PE 2, PE 2 and PE 3, PE 3 and PE 4, PE 4 and PE 1. Establish EBGP peer connections between PE 2 and PE 3 on Ten-GigabitEthernet 3/0/2. · Configure BIER in AS 100 and AS 200. · Emable BIER on P 1 and P 2.
IP multicast routing	· Enable IP multicast routing on PE 1, PE 2, PE 3, and PE 4. · Enable IP multicast routing for VPN instance a on PE 1 and PE 4. · Enable IP multicast routing for VPN instance b on PE 1 and PE 4. · Enable IP multicast routing on CE a1, CE a2, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2. · Enable IGMPv3 on Ten-GigabitEthernet 3/0/1 of CE b2.
PIM	· Enable PIM-SM on all private interfaces on PE 1 and PE 4. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE b1, and CE b2. · Configure Ten-GigabitEthernet 3/0/2 of PE 1 as a C-BSR and a C-RP for VPN instance ato provide services for all multicast groups.

Figure 204 Network diagram

‌

Table 50 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	12.1.1.100/24	R 1	—	12.4.1.100/24
S 2	—	12.2.1.100/24	R 2	—	12.3.1.100/24
PE 1	XGE3/0/1	1011::1/80	PE 3	XGE3/0/1	1041::1/80
PE 1	XGE3/0/2	11.1.1.1/24	PE 3	XGE3/0/2	1031::2/80
PE 1	XGE3/0/3	11.2.1.1/24	PE 3	Loop1	3.3.3.3/32 3333::3333/128
PE 1	Loop1	1.1.1.1/32 1111::1111/128	PE 4	XGE3/0/1	1051::2/80
PE 2	XGE3/0/1	1021::2/80	PE 4	XGE3/0/2	11.3.1.1/24
PE 2	XGE3/0/2	1031::1/80	PE 4	XGE3/0/3	11.4.1.1/24
PE 2	Loop1	2.2.2.2/32 2222::2222/128	PE 4	Loop1	4.4.4.4/32 4444::4444/128
P 1	XGE3/0/1	1011::2/80	P 2	XGE3/0/1	1051::1/80
P 1	XGE3/0/2	1021::1/80	P 2	XGE3/0/2	1041::2/80
P 1	Loop1	5.5.5.5/32 5555::5555/128	P 2	Loop1	6.6.6.6/32 6666::6666/128
CE a1	XGE3/0/1	12.1.1.1/24	CE b1	XGE3/0/1	12.2.1.1/24
CE a1	XGE3/0/2	11.1.1.2/24	CE b1	XGE3/0/2	11.2.1.2/24
CE a2	XGE3/0/1	12.3.1.1/24	CE b2	XGE3/0/1	12.4.1.1/24
CE a2	XGE3/0/2	11.3.1.2/24	CE b2	XGE3/0/2	11.4.1.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure BIER.

[PE1] bier

[PE1-bier] sub-domain 0 ipv6

[PE1-bier-sub-domain-0-ipv6] bfr-id 1

[PE1-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE1-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE1-bier-sub-domain-0-ipv6] g-bier mpra 5001::1

# Configure SRv6.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 11::11

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2:: 96 static 8

# Configure a multicast service prefix.

[PE1] multicast-service-prefix ms1 ipv6-prefix 1234:1:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing in VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE1-mvpn-a-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-a-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-a-ipv4] auto-discovery inter-as

[PE1-mvpn-a-ipv4] tunnel-source multicast-service-prefix ms1 service-id 1

[PE1-mvpn-a-ipv4] quit

[PE1-mvpn-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance b

[PE1-vpn-instance-b] route-distinguisher 200:1

[PE1-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE1-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE1-vpn-instance-b] quit

# Enable IP multicast routing in VPN instance b.

[PE1] multicast routing vpn-instance b

[PE1-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE1] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE1-mvpn-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE1-mvpn-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE1-mvpn-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-b-ipv4] auto-discovery inter-as

[PE1-mvpn-b-ipv4] tunnel-source multicast-service-prefix ms1 service-id 2

[PE1-mvpn-b-ipv4] quit

[PE1-mvpn-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 1011::1 24

[PE1-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] pim sm

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE1-Ten-GigabitEthernet3/0/3] ip address 11.2.1.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign IP addresses to Loopback 1, and enable IS-IS on the interface.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] ipv6 address 1111::1111 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP for VPN instance a.

[PE1] pim vpn-instance a

[PE1-pim-a] c-bsr 11.1.1.1

[PE1-pim-a] c-rp 11.1.1.1

[PE1-pim-a] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 2222::2222 as-number 100

[PE1-bgp-default] peer 2222::2222 connect-interface loopback 1

[PE1-bgp-default] peer 4444::4444 as-number 200

[PE1-bgp-default] peer 4444::4444 connect-interface loopback 1

[PE1-bgp-default] peer 4444::4444 ebgp-max-hop 10

[PE1–bgp-default] address-family ipv4

[PE1-bgp-default-ipv4] peer 2222::2222 enable

[PE1-bgp-default-ipv4] peer 2222::2222 label-route-capability

[PE1-bgp-default-ipv4] quit

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 4444::4444 enable

[PE1-bgp-default-mvpn] quit

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1–bgp-default-vpnv4] peer 4444::4444 enable

[PE1–bgp-default-vpnv4] peer 4444::4444 prefix-sid

[PE1–bgp-default-vpnv4] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route ospf 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] ip vpn-instance b

[PE1-bgp-default-b] address-family ipv4

[PE1-bgp-default-ipv4-b] import-route ospf 3

[PE1-bgp-default-ipv4-b] import-route direct

[PE1-bgp-default-ipv4-b] quit

[PE1-bgp-default-b] quit

[PE1-bgp-default] quit

# Configure IS-IS.

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] bier enable

[PE1-isis-1] network-entity 10.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure OSPF.

[PE1] ospf 2 vpn-instance a

[PE1-ospf-2] import-route bgp

[PE1-ospf-2] area 0.0.0.0

[PE1-ospf-2-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[PE1-ospf-2-area-0.0.0.0] quit

[PE1-ospf-2] quit

[PE1] ospf 3 vpn-instance b

[PE1-ospf-3] import-route bgp

[PE1-ospf-3] area 0.0.0.0

[PE1-ospf-3-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[PE1-ospf-3-area-0.0.0.0] quit

[PE1-ospf-3] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 2.2.2.2

# Configure BIER.

[PE2] bier

[PE2-bier] sub-domain 0 ipv6

[PE2-bier-sub-domain-0-ipv6] bfr-id 2

[PE2-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE2-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE2-bier-sub-domain-0-ipv6] g-bier mpra 5002::1

# Configure SRv6.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 22::22

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 2:2:: 96 static 8

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 1021::2 80

[PE2-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 1031::1 80

[PE2-Ten-GigabitEthernet3/0/2] quit

# Assign IP addresses to Loopback 1 and enable IS-IS on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.2 32

[PE2-LoopBack1] ipv6 address 2222::2222 80

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1111::1111 as-number 100

[PE2-bgp-default] peer 1111::1111 connect-interface loopback 1

[PE2-bgp-default] peer 1031::2 as-number 200

[PE2-bgp-default] address-family ipv6

[PE2-bgp-default-ipv6] peer 1111::1111 enable

[PE2-bgp-default-ipv6] peer 1031::2 enable

[PE2-bgp-default-ipv6] import-route isisv6 1

[PE2-bgp-default-ipv6] segment-routing ipv6 locator aaa

[PE2-bgp-default-ipv6] bier enable

[PE2-bgp-default-ipv6] bier bfr-prefix proxy

[PE2-bgp-default-ipv6] import-bier isisv6 1

[PE2-bgp-default-ipv6] import-route isisv6

[PE2-bgp-default-ipv4] quit

[PE2–bgp-default] quit

# Configure IS-IS.

[PE2] isis 1

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] bier enable

[PE2-isis-1] network-entity 10.0000.0000.0002.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator aaa

[PE2-isis-1-ipv6] import-bier bgp4+

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 3.3.3.3

# Configure BIER.

[PE3] bier

[PE3-bier] sub-domain 0 ipv6

[PE3-bier-sub-domain-0-ipv6] bfr-id 3

[PE3-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE3-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE3-bier-sub-domain-0-ipv6] g-bier mpra 5003::1

# Configure SRv6.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 33::33

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 3:2:: 96 static 8

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ipv6 address 1041::1 80

[PE3-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE3-Ten-GigabitEthernet3/0/1] quit

# Assign an Iv6 address to Ten-GigabitEthernet 3/0/2.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ipv6 address 1031::2 80

[PE3-Ten-GigabitEthernet3/0/2] quit

# Assign IP addresses to Loopback 1 and enable IS-IS on the interface.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 3.3.3.3 32

[PE3-LoopBack1] ipv6 address 3333::3333 128

[PE3-LoopBack1] isis ipv6 enable 1

[PE3-LoopBack1] quit

# Configure BGP.

[PE3] bgp 200

[PE3-bgp-default] peer 4444::4444 as-number 200

[PE3-bgp-default] peer 4444::4444 connect-interface loopback 1

[PE3-bgp-default] peer 1031::1 as-number 100

[PE3-bgp-default] address-family ipv6

[PE3-bgp-default-ipv6] peer 4444::4444 enable

[PE3-bgp-default-ipv6] peer 1031::1 enable

[PE3-bgp-default-ipv6] import-route isisv6 1

[PE3-bgp-default-ipv6] segment-routing ipv6 locator aaa

[PE3-bgp-default-ipv6] bier enable

[PE3-bgp-default-ipv6] bier bfr-prefix proxy

[PE3-bgp-default-ipv6] import-bier isisv6 1

[PE3-bgp-default-ipv6] import-route isisv6

[PE3-bgp-default-ipv6] quit

[PE3–bgp-default] quit

# Configure IS-IS.

[PE3] isis 1

[PE3-isis-1] is-level level-1

[PE3-isis-1] cost-style wide

[PE3-isis-1] bier enable

[PE3-isis-1] network-entity 10.0000.0000.0003.00

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] segment-routing ipv6 locator aaa

[PE3-isis-1-ipv6] import-bier bgp4+

4. Configure PE 4:

# Configure a global router ID.

<PE4> system-view

[PE4] router id 4.4.4.4

[PE4] multicast routing

[PE4-mrib] quit

# Configure BIER.

[PE4] bier

[PE4-bier] sub-domain 0 ipv6

[PE4-bier-sub-domain-0-ipv6] bfr-id 4

[PE4-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE4-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE4-bier-sub-domain-0-ipv6] g-bier mpra 5004::1

# Configure SRv6.

[PE4] segment-routing ipv6

[PE4-segment-routing-ipv6] encapsulation source-address 44::44

[PE4-segment-routing-ipv6] locator aaa ipv6-prefix 4:2:: 96 static 8

# Configure a multicast service prefix.

[PE4] multicast-service-prefix ms1 ipv6-prefix 1234:4:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE4] ip vpn-instance a

[PE4-vpn-instance-a] route-distinguisher 300:1

[PE4-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE4-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE4-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE4] multicast routing vpn-instance a

[PE4-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE4] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE4-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE4-mvpn-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE4-mvpn-a-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE4-mvpn-a-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE4-mvpn-a-ipv4] tunnel-source multicast-service-prefix ms1 service-id 1

[PE4-mvpn-a-ipv4] quit

[PE4-mvpn-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE4] ip vpn-instance b

[PE4-vpn-instance-b] route-distinguisher 400:1

[PE4-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE4-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE4-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE4] multicast routing vpn-instance b

[PE4-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE4] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE4-mvpn-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE4-mvpn-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE4-mvpn-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE4-mvpn-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE4-mvpn-b-ipv4] tunnel-source multicast-service-prefix ms1 service-id 2

[PE4-mvpn-b-ipv4] quit

[PE4-mvpn-b] quit

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ipv6 address 1051::2 80

[PE4-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE4-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE4-Ten-GigabitEthernet3/0/2] ip address 11.3.1.1 24

[PE4-Ten-GigabitEthernet3/0/2] pim sm

[PE4-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE4-Ten-GigabitEthernet3/0/3] ip address 11.4.1.1 24

[PE4-Ten-GigabitEthernet3/0/3] pim sm

[PE4-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1.

[PE4] interface loopback 1

[PE4-LoopBack1] ip address 4.4.4.4 32

[PE4-LoopBack1] quit

# Configure BGP.

[PE4] bgp 200

[PE4-bgp-default] peer 3333::3333 as-number 200

[PE4-bgp-default] peer 3333::3333 connect-interface loopback 1

[PE4-bgp-default] peer 1111::1111 as-number 100

[PE4-bgp-default] peer 1111::1111 ebgp-max-hop 10

[PE4-bgp-default] peer 1111::1111 connect-interface loopback 1

[PE4-bgp-default] address-family ipv4

[PE4-bgp-default-ipv4] peer 3333::3333 enable

[PE4-bgp-default-ipv4] peer 3333::3333 label-route-capability

[PE4-bgp-default-ipv4] quit

[PE4–bgp-default] address-family ipv4 mvpn

[PE4–bgp-default-mvpn] peer 1111::1111 enable

[PE4–bgp-default-mvpn] quit

[PE4–bgp-default] address-family vpnv4

[PE4–bgp-default-vpnv4]mvpn-advertise-rt-import

[PE4–bgp-default-vpnv4] peer 1111::1111 enable

[PE4–bgp-default-vpnv4] peer 1111::1111 prefix-sid

[PE4–bgp-default-vpnv4] quit

[PE4–bgp-default] ip vpn-instance a

[PE4-bgp-default-a] address-family ipv4

[PE4-bgp-default-ipv4-a] import-route ospf 2

[PE4-bgp-default-ipv4-a] import-route direct

[PE4-bgp-default-ipv4-a] quit

[PE4-bgp-default-a] quit

[PE4–bgp-default] ip vpn-instance b

[PE4-bgp-default-b] address-family ipv4

[PE4-bgp-default-ipv4-b] import-route ospf 3

[PE4-bgp-default-ipv4-b] import-route direct

[PE4-bgp-default-ipv4-b] quit

[PE4-bgp-default-b] quit

[PE4–bgp-default] quit

# Configure IS-IS.

[PE4] isis 1

[PE4-isis-1] is-level level-1

[PE4-isis-1] cost-style wide

[PE4-isis-1] bier enable

[PE4-isis-1] network-entity 10.0000.0000.0004.00

[PE4-isis-1] address-family ipv6 unicast

[PE4-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure OSPF.

[PE4] ospf 2 vpn-instance a

[PE4-ospf-2] import-route bgp 200

[PE4-ospf-2] area 0.0.0.0

[PE4-ospf-2-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[PE4-ospf-2-area-0.0.0.0] quit

[PE4-ospf-2] quit

[PE4] ospf 3 vpn-instance b

[PE4-ospf-3] import-route bgp 200

[PE4-ospf-3] area 0.0.0.0

[PE4-ospf-3-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[PE4-ospf-3-area-0.0.0.0] quit

[PE4-ospf-3] quit

5. Configure P 1:

# Configure BIER.

[P1] bier

[P1-bier] sub-domain 0 ipv6

[P1-bier-sub-domain-0-ipv6] bfr-id 5

[P1-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[P1-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[P1-bier-sub-domain-0-ipv6] g-bier mpra 5005::1

# Configure SRv6.

[P1] segment-routing ipv6

[P1-segment-routing-ipv6] encapsulation source-address 55::55

[P1-segment-routing-ipv6] locator aaa ipv6-prefix 5:2:: 96 static 8

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[P1] interface ten-gigabitethernet 3/0/1

[P1-Ten-GigabitEthernet3/0/1] ipv6 address 1011::2 80

[P1-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[P1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable IS-IS on the interface.

[P1] interface ten-gigabitethernet 3/0/2

[P1-Ten-GigabitEthernet3/0/2] ipv6 address 1021::1 80

[P1-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P1-Ten-GigabitEthernet3/0/2] quit

# Assign IP addresses to Loopback 1 and enable IS-IS on the interface.

[P1] interface loopback 1

[P1-LoopBack1] ip address 5.5.5.5 32

[P1-LoopBack1] ipv6 address 5555::5555 128

[P1-LoopBack1] isis ipv6 enable 1

[P1-LoopBack1] quit

# Configure IS-IS.

[P1] isis 1

[P1-isis-1] is-level level-1

[P1-isis-1] cost-style wide

[P1-isis-1] bier enable

[P1-isis-1] network-entity 10.0000.0000.0005.00

[P1-isis-1] address-family ipv6 unicast

[P1-isis-1-ipv6] segment-routing ipv6 locator aaa

[P1-isis-1-ipv6] quit

[P1-isis-1] quit

6. Configure P 2:

# Configure BIER.

[P2] bier

[P2-bier] sub-domain 0 ipv6

[P2-bier-sub-domain-0-ipv6] bfr-id 6

[P2-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[P2-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[P2-bier-sub-domain-0-ipv6] g-bier mpra 5006::1

# Configure SRv6.

[P2] segment-routing ipv6

[P2-segment-routing-ipv6] encapsulation source-address 66::66

[P2-segment-routing-ipv6] locator aaa ipv6-prefix 6:2:: 96 static 8

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[P2] interface ten-gigabitethernet 3/0/1

[P2-Ten-GigabitEthernet3/0/1] ipv6 address 1051::1 80

[P2-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[P2-Ten-GigabitEthernet3/0/1] quit

# Assign an IPv6 address to Ten-GigabitEthernet 3/0/2, and enable IS-IS on the interface.

[P2] interface ten-gigabitethernet 3/0/2

[P2-Ten-GigabitEthernet3/0/2] ipv6 address 1041::2 80

[P2-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P2-Ten-GigabitEthernet3/0/2] quit

# Assign IP addresses to Loopback 1 and enable IS-IS on the interface.

[P2] interface loopback 1

[P2-LoopBack1] ip address 6.6.6.6 32

[P2-LoopBack1] ipv6 address 6666::6666 128

[P2-LoopBack1] isis ipv6 enable 1

[P2-LoopBack1] quit

# Configure IS-IS.

[P2] isis 1

[P2-isis-1] is-level level-1

[P2-isis-1] cost-style wide

[P2-isis-1] bier enable

[P2-isis-1] network-entity 10.0000.0000.0006.00

[P2-isis-1] address-family ipv6 unicast

[P2-isis-1-ipv6] segment-routing ipv6 locator aaa

[P2-isis-1-ipv6] quit

[P2-isis-1] quit

7. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 12.1.1.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEa1] ospf 1

[CEa1-ospf-1] area 0.0.0.0

[CEa1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[CEa1-ospf-1-area-0.0.0.0] quit

[CEa1-ospf-1] quit

8. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 12.2.1.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 11.2.1.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb1] ospf 1

[CEb1-ospf-1] area 0.0.0.0

[CEb1-ospf-1-area-0.0.0.0] network 12.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255

[CEb1-ospf-1-area-0.0.0.0] quit

[CEb1-ospf-1] quit

9. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 12.3.1.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 11.3.1.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEa2] ospf 1

[CEa2-ospf-1] area 0.0.0.0

[CEa2-ospf-1-area-0.0.0.0] network 12.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] network 11.3.1.0 0.0.0.255

[CEa2-ospf-1-area-0.0.0.0] quit

[CEa2-ospf-1] quit

10. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 12.4.1.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] igmp version 3

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 11.4.1.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[CEb2] ospf 1

[CEb2-ospf-1] area 0.0.0.0

[CEb2-ospf-1-area-0.0.0.0] network 12.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] network 11.4.1.0 0.0.0.255

[CEb2-ospf-1-area-0.0.0.0] quit

[CEb2-ospf-1] quit

Verifying the configuration

# Display information about the BIER inclusive tunnel for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif0

Tunnel identifier: BIER <0x0, 0x1, 5001::>

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 5001:: (local)

Leafs:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: 00:01:00 Originating router: 5004::

# Display information about BIER selective tunnels for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnels in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif2

Tunnel identifier: BIER <0x0, 0x1, 5001::>

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 4001:: (local)

Leafs:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: 00:10:01 Originating router: 5004::

# Display C-multicast A-D route information for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(12.1.1.100, 225.0.0.1)

CreateTime: 02:54:43

Tunnel Information: BIERVOif2

# Display information about the PIM-SM routing entries for VPN instance a on PE 1.

[PE1] display pim vpn-instance a routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.1.1.100, 225.0.0.1)

RP: 11.1.1.1 (local)

Protocol: pim-sm, Flag: SPT 2MSDP ACT RC SRC-ACT 2MVPN

UpTime: 00:00:43

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 11.1.1.2

RPF prime neighbor: 11.1.1.2

Downstream interface information:

Total number of downstream interfaces: 1

1: BIERVOif2

Protocol: MD, UpTime: 00:00:30, Expires: -

# Display information about the BIER inclusive tunnel for VPN instance b on PE 1.

[PE1]display multicast-vpn vpn-instance b inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif3

Tunnel identifier: BIER <0x0, 0x1, 5001::>

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 5001:: (local)

Leafs:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: 00:01:00 Originating router: 5004::

# Display information about BIER selective tunnels for VPN instance b on PE 1.

[PE1]display multicast-vpn vpn-instance b selective-tunnel local

Total 1 selective tunnels in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif4

Tunnel identifier: BIER <0x0, 0x1, 5001::>

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 4001:: (local)

Leafs:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: 00:10:01 Originating router: 5004::

# Display information about the PIM-SSM routing entries for VPN instance b on PE 1.

[PE1] display pim vpn-instance b routing-table

Total 0 (*, G) entries; 1 (S, G) entries

(12.2.1.100, 232.0.0.0)

Protocol: pim-ssm, Flag: RC

UpTime: 00:26:06

Upstream interface: Ten-GigabitEthernet3/0/3

Upstream neighbor: 11.2.1.2

RPF prime neighbor: 11.2.1.2

Downstream interface information:

Total number of downstream interfaces: 1

1: BIERVOif4

Protocol: MD, UpTime: 00:25:56, Expires: -

# Display information about the BIER inclusive tunnel for VPN instance a on PE 4.

[PE4] display multicast-vpn vpn-instance a inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Root: 5001::

Leaf:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: -- Originating router: 5004::

# Display information about BIER selective tunnels for VPN instance a on PE 4.

[PE4] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Root: 5001::

Leaf:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: -- Originating router: 5004::

# Display information about the BIER inclusive tunnel for VPN instance b on PE 4.

[PE4] display multicast-vpn vpn-instance b inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Root: 5001::

Leaf:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: -- Originating router: 5004::

# Display information about BIER selective tunnels for VPN instance b on PE 4.

[PE4] display multicast-vpn vpn-instance b selective-tunnel remote

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 5001::

Root: 5001::

Leaf:

1: BFR-ID: 4 BFR prefix: 5004::

Uptime: -- Originating router: 5004::

Example: Configuring receiver-PE-based MVPN extranet

Network configuration

As shown in Figure 205, configure MVPN extranet to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source. · In VPN instance b, R 1 is a receiver. · For VPN instance a, the default group is 239.1.1.1, and the data group range is 225.2.2.0 to 225.2.2.15.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet3/0/1 belongs to VPN instance a. Ten-GigabitEthernet3/0/2 and Loopback 0 belong to the public network instance. · PE 2: Ten-GigabitEthernet3/0/2 belongs to VPN instance b. Ten-GigabitEthernet3/0/1 and Loopback 0 belong to the public network instance.
Unicast routing protocols and MPLS	· Configure OSPF on the public network and configure RIP between PEs and CEs. · Establish BGP peer connections between PE 1 and PE 2 on their respective Loopback 0. · Configure MPLS on the public network.
IP multicast routing	· Enable IP multicast routing on the P device. · Enable IP multicast routing for the public network on PE 1 and PE 2. · Enable IP multicast routing for VPN instance a on PE 1. · Enable IP multicast routing for VPN instance b on PE 2. · Enable IP multicast routing on CE 1 and CE 2.
IGMPv2	Enable IGMPv2 on Ten-GigabitEthernet3/0/2 of CE 2.
PIM-SM	Enable PIM-SM on the public network and for VPN instances a and b: · Enable PIM-SM on all interfaces of the P device. · Enable PIM-SM on all public and private network interfaces of PE 1 and PE 2. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE 1 and CE 2. · Configure Loopback 0 of the P device as a C-BSR and a C-RP for the public network to provide services for all multicast groups. · Configure Loopback 1 of CE 1 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups. · Configure Loopback 1 of PE 2 as a C-BSR and a C-RP for VPN instance b to provide services for all multicast groups.

Figure 205 Network diagram

Table 51 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	10.110.7.2/24	PE 2	XGE3/0/1	192.168.7.1/24
R 1	—	10.110.11.2/24	PE 2	XGE3/0/2	10.110.3.2/24
P	XGE3/0/1	192.168.6.1/24	PE 2	Loop0	1.1.1.2/32
P	XGE3/0/2	192.168.7.2/24	PE 2	Loop1	20.20.20.20/32
P	Loop0	2.2.2.2/32	PE 2	Loop2	100.100.100.100/32
PE 1	XGE3/0/1	10.110.2.1/24	CE 1	XGE3/0/1	10.110.7.1/24
PE 1	XGE3/0/2	192.168.6.2/24	CE 1	XGE3/0/2	10.110.2.2/24
PE 1	Loop0	1.1.1.1/32	CE 1	Loop1	11.11.11.11/32
			CE 2	XGE3/0/1	10.110.3.1/24
			CE 2	XGE3/0/2	10.110.11.1/24

Procedure

1. Configure PE 1:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE1> system-view

[PE1] router id 1.1.1.1

[PE1] multicast routing

[PE1-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance a.

[PE1-mvpn-vpn-instance-a-ipv4] default-group 239.1.1.1

[PE1-mvpn-vpn-instance-a-ipv4] source loopback 0

[PE1-mvpn-vpn-instance-a-ipv4] data-group 225.2.2.0 28

[PE1-mvpn-vpn-instance-a-ipv4] quit

[PE1-mvpn-vpn-instance-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM, MPLS, and IPv4 LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 192.168.6.2 24

[PE1-Ten-GigabitEthernet3/0/2] pim sm

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance a, assign an IP address to the interface and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.110.2.1 24

[PE1-Ten-GigabitEthernet3/0/1] pim sm

[PE1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Loopback 0, and enable PIM-SM on the interface.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.1 32

[PE1-LoopBack0] pim sm

[PE1-LoopBack0] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] group vpn-g internal

[PE1-bgp-default] peer vpn-g connect-interface loopback 0

[PE1-bgp-default] peer 1.1.1.2 group vpn-g

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4

[PE1-bgp-default-ipv4-a] import-route rip 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] address-family vpnv4

[PE1–bgp-default-vpnv4] peer vpn-g enable

[PE2–bgp-default-vpnv4] quit

[PE1–bgp-default] address-family ipv4 mdt

[PE1–bgp-default-mdt] peer vpn-g enable

[PE1–bgp-default-mdt] quit

[PE1–bgp-default] quit

# Configure OSPF.

[PE1] ospf 1

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 192.168.6.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure RIP.

[PE1] rip 2 vpn-instance a

[PE1-rip-2] network 10.110.2.0 0.0.0.255

[PE1-rip-2] import-route bgp

[PE1-rip-2] quit

2. Configure PE 2:

# Configure a global router ID, and enable IP multicast routing on the public network.

<PE2> system-view

[PE2] router id 1.1.1.2

[PE2] multicast routing

[PE2-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[PE2] mpls lsr-id 1.1.1.2

[PE2] mpls ldp

[PE2-ldp] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance a

[PE2-vpn-instance-a] route-distinguisher 100:1

[PE2-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create an MDT-based MVPN for VPN instance a.

[PE2] multicast-vpn vpn-instance a mode mdt

# Create an MVPN IPv4 address family for VPN instance a.

[PE2-mvpn-vpn-instance-a] address-family ipv4

# Specify the default group, the MVPN source interface, and the data group range for VPN instance a.

[PE2-mvpn-vpn-instance-a-ipv4] default-group 239.1.1.1

[PE2-mvpn-vpn-instance-a-ipv4] source loopback 0

[PE2-mvpn-vpn-instance-a-ipv4] data-group 225.2.2.0 28

[PE2-mvpn-vpn-instance-a-ipv4] quit

[PE2-mvpn-vpn-instance-a] quit

# Create a VPN instance named b.

[PE2] ip vpn-instance b

[PE2-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE2] multicast routing vpn-instance b

# Configure IPv4 MVPN extranet RPF selection policies.

[PE2-mrib-b] multicast extranet select-rpf vpn-instance a source 10.110.7.2 32 group 226.1.1.0 24

[PE2-mrib-b] multicast extranet select-rpf vpn-instance a source 20.20.20.20 32 group 226.1.1.0 24

[PE2-mrib-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM, MPLS, and IPv4 LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 192.168.7.1 24

[PE2-Ten-GigabitEthernet3/0/1] pim sm

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance b

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.110.3.2 24

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 0, and enable PIM-SM on the interface.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 1.1.1.2 32

[PE2-LoopBack0] pim sm

[PE2-LoopBack0] quit

# Associate Loopback 1 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip binding vpn-instance b

[PE2-LoopBack1] ip address 20.20.20.20 32

[PE2-LoopBack1] pim sm

[PE2-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP for VPN instance b.

[PE2] pim vpn-instance b

[PE2-pim-b] c-bsr 20.20.20.20

[PE2-pim-b] c-rp 20.20.20.20

[PE2-pim-b] quit

# Associate Loopback 2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface loopback 2

[PE2-LoopBack2] ip binding vpn-instance a

[PE2-LoopBack2] ip address 100.100.100.100 32

[PE2-LoopBack2] pim sm

[PE2-LoopBack2] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] group vpn-g internal

[PE2-bgp-default] peer vpn-g connect-interface loopback 0

[PE2-bgp-default] peer 1.1.1.1 group vpn-g

[PE2–bgp-default] ip vpn-instance a

[PE2-bgp-default-a] address-family ipv4

[PE2-bgp-default-ipv4-a] import-route direct

[PE2-bgp-default-ipv4-a] quit

[PE2-bgp-default-a] quit

[PE2–bgp-default] address-family vpnv4

[PE2–bgp-default-vpnv4] peer vpn-g enable

[PE2–bgp-default-vpnv4] quit

[PE2–bgp-default] address-family ipv4 mdt

[PE2–bgp-default-mdt] peer vpn-g enable

[PE2–bgp-default-mdt] quit

[PE2–bgp-default] quit

# Configure OSPF.

[PE2] ospf 1

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 1.1.1.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 192.168.7.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Configure RIP.

[PE2] rip 3 vpn-instance b

[PE2-rip-3] network 10.110.3.0 0.0.0.255

[PE2-rip-3] network 20.20.20.20 0.0.0.0

[PE2-rip-3] import-route bgp

[PE2-rip-3] quit

3. Configure the P device:

# Enable IP multicast routing on the public network.

system-view

[P] multicast routing

[P-mrib] quit

# Configure an LSR ID, and enable LDP globally.

[P] mpls lsr-id 2.2.2.2

[P] mpls ldp

[P-ldp] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM, MPLS, and IPv4 LDP on the interface.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ip address 192.168.6.1 24

[P-Ten-GigabitEthernet3/0/1] pim sm

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM, MPLS, and IPv4 LDP on the interface.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ip address 192.168.7.2 24

[P-Ten-GigabitEthernet3/0/2] pim sm

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 0, and enable PIM-SM on the interface.

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.2 32

[P-LoopBack0] pim sm

[P-LoopBack0] quit

# Configure Loopback 0 as a C-BSR and a C-RP for the public network.

[P] pim

[P-pim] c-bsr 2.2.2.2

[P-pim] c-rp 2.2.2.2

[P-pim] quit

# Configure OSPF.

[P] ospf 1

[P-ospf-1] area 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 192.168.6.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.168.7.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] quit

4. Configure CE 1:

# Enable IP multicast routing.

<CE1> system-view

[CE1] multicast routing

[CE1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 10.110.7.1 24

[CE1-Ten-GigabitEthernet3/0/1] pim sm

[CE1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CE1] interface ten-gigabitethernet 3/0/2

[CE1-Ten-GigabitEthernet3/0/2] ip address 10.110.2.2 24

[CE1-Ten-GigabitEthernet3/0/2] pim sm

[CE1-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[CE1] interface loopback 1

[CE1-LoopBack1] ip address 11.11.11.11 32

[CE1-LoopBack1] pim sm

[CE1-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP for VPN instance a.

[CE1] pim

[CE1-pim] c-bsr 11.11.11.11

[CE1-pim] c-rp 11.11.11.11

[CE1-pim] quit

# Configure RIP.

[CE1] rip 2

[CE1-rip-2] network 10.110.2.0 0.0.0.255

[CE1-rip-2] network 10.110.7.0 0.0.0.255

[CE1-rip-2] network 11.11.11.11 0.0.0.0

[CE1-rip-2] quit

5. Configure CE 2:

# Enable IP multicast routing.

<CE2> system-view

[CE2] multicast routing

[CE2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 10.110.3.1 24

[CE2-Ten-GigabitEthernet3/0/1] pim sm

[CE2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CE2] interface ten-gigabitethernet 3/0/2

[CE2-Ten-GigabitEthernet3/0/2] ip address 10.110.11.1 24

[CE2-Ten-GigabitEthernet3/0/2] igmp enable

[CE2-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CE2] rip 3

[CE2-rip-3] network 10.110.3.0 0.0.0.255

[CE2-rip-3] network 10.110.11.0 0.0.0.255

[CE2-rip-3] quit

Verifying the configuration

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 1.

[PE1] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

239.1.1.1 1.1.1.1 MTunnel0 a

# Display information about the local default group for IPv4 multicast transmission in each VPN instance on PE 2.

[PE2] display multicast-vpn default-group local

MVPN local default-group information:

Group address Source address Interface VPN instance

239.1.1.1 1.1.1.2 MTunnel0 a

# Display PIM routing entries for MVPN extranet of VPN instance a on PE 2.

[PE2] display pim vpn-instance a routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 226.1.1.1)

RP: 11.11.11.11

Protocol: pim-sm, Flag: WC

UpTime: 07:06:11

Upstream interface: MTunnel0

Upstream neighbor: 1.1.1.1

RPF prime neighbor: 1.1.1.1

Downstream interface information:

Total number of downstream interfaces: 1

1: Extranet (VPN: b)

Protocol: MD, UpTime: 01:12:52, Expires: -

(10.110.7.2, 226.1.1.1)

RP: 11.11.11.11

Protocol: pim-sm, Flag: SPT ACT RQ

UpTime: 07:06:10

Upstream interface: MTunnel0

Upstream neighbor: 1.1.1.1

RPF prime neighbor: 1.1.1.1

Downstream interface information:

Total number of downstream interfaces: 1

1: Extranet (VPN: b)

Protocol: MD, UpTime: 01:12:52, Expires: -

# Display PIM routing entries for MVPN extranet of VPN instance b on PE 2.

[PE2] display pim vpn-instance b routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 226.1.1.1)

RP: 20.20.20.20

Protocol: pim-sm, Flag: WC

UpTime: 07:06:11

Upstream interface: Extranet (VPN: a)

Upstream neighbor: 127.0.0.1

RPF prime neighbor: 127.0.0.1

Downstream interface information:

Total number of downstream interfaces: 1

1: Ten-GigabitEthernet3/0/2

Protocol: igmp, UpTime: 01:12:52, Expires: -

(10.110.7.2, 226.1.1.1)

RP: 20.20.20.20

Protocol: pim-sm, Flag: SPT ACT 2MVPN

UpTime: 07:06:10

Upstream interface: Extranet (VPN: a)

Upstream neighbor: 127.0.0.1

RPF prime neighbor: 127.0.0.1

Downstream interface information:

Total number of downstream interfaces: 1

Protocol: igmp, UpTime: 01:12:52, Expires: -

MLD snooping configuration examples

Example: Configuring VLAN-based IPv6 group policy and simulated joining

Network configuration

As shown in Figure 206, Router A runs MLDv1 and acts as the MLD querier, and Device A runs MLDv1 snooping.

Configure the group policy and simulate joining to meet the following requirements:

· Host A and Host B receive only the IPv6 multicast data addressed to the IPv6 multicast group FF1E::101. IPv6 multicast data can be forwarded through Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/4 of Device A uninterruptedly, even though Host A and Host B fail to receive the multicast data.

· Device A will drop unknown IPv6 multicast data instead of flooding it in VLAN 100.

Figure 206 Network diagram

‌

Procedure

1. Assign an IPv6 address and prefix length to each interface, as shown in Figure 206. (Details not shown.)

2. Configure Router A:

# Enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

3. Configure Device A:

# Enable MLD snooping globally.

<DeviceA> system-view

[DeviceA] mld-snooping

[DeviceA-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

# Enable MLD snooping, and enable dropping IPv6 unknown multicast data for VLAN 100.

[DeviceA-vlan100] mld-snooping enable

[DeviceA-vlan100] mld-snooping drop-unknown

[DeviceA-vlan100] quit

# Configure an IPv6 multicast group policy so that hosts in VLAN 100 can join only IPv6 multicast group FF1E::101.

[DeviceA] acl ipv6 basic 2001

[DeviceA-acl-ipv6-basic-2001] rule permit source ff1e::101 128

[DeviceA-acl-ipv6-basic-2001] quit

[DeviceA] mld-snooping

[DeviceA–mld-snooping] group-policy 2001 vlan 100

[DeviceA–mld-snooping] quit

# Configure Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/4 as simulated member hosts to join IPv6 multicast group FF1E::101.

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] mld-snooping host-join ff1e::101 vlan 100

[DeviceA-Ten-GigabitEthernet3/0/3] quit

[DeviceA] interface ten-gigabitethernet 3/0/4

[DeviceA-Ten-GigabitEthernet3/0/4] mld-snooping host-join ff1e::101 vlan 100

[DeviceA-Ten-GigabitEthernet3/0/4] quit

Verifying the configuration

# Send MLD reports from Host A and Host B to join IPv6 multicast groups FF1E::101 and FF1E::202. (Details not shown.)

# Display dynamic MLD snooping group entries for VLAN 100 on Device A.

[DeviceA] display mld-snooping group vlan 100

Total 1 entries.

VLAN 100: Total 1 entries.

(::, FF1E::101)

Host slots (0 in total):

Host ports (2 in total):

XGE3/0/3 (00:03:23)

XGE3/0/4 (00:04:10)

The output shows the following information:

· Host A and Host B have joined IPv6 multicast group FF1E::101 through the member ports Ten-GigabitEthernet 3/0/4 and Ten-GigabitEthernet 3/0/3 on Device A, respectively.

· Host A and Host B have failed to join the multicast group FF1E::202.

Example: Configuring VLAN-based static ports

Network configuration

As shown in Figure 207:

· Router A runs MLDv1 and acts as the MLD querier. Device A, Device B, and Device C run MLDv1 snooping.

· Host A and Host C are permanent receivers of IPv6 multicast group FF1E::101.

Configure static ports to meet the following requirements:

· To enhance the reliability of IPv6 multicast traffic transmission, configure Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/5 on Device C as static member ports for IPv6 multicast group FF1E::101.

· Suppose the STP runs on the network. To avoid data loops, the forwarding path from Device A to Device C is blocked. IPv6 multicast data flows to the receivers attached to Device C only along the path of Device A—Device B—Device C. When this path is blocked, a minimum of one MLD query-response cycle must be completed before IPv6 multicast data flows to the receivers along the path of Device A—Device C. In this case, the multicast delivery is interrupted during the process. For more information about the STP, see Layer 2—LAN Deviceing Configuration Guide.

Configure Ten-GigabitEthernet 3/0/3 on Device A as a static router port. Then, IPv6 multicast data can flow to the receivers nearly uninterrupted along the path of Device A—Device C when the path of Device A—Device B—Device C is blocked.

Figure 207 Network diagram

‌

Procedure

1. Assign an IPv6 address and prefix length to each interface, as shown in Figure 207. (Details not shown.)

2. Configure Router A:

# Enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

3. Configure Device A:

# Enable MLD snooping globally.

<DeviceA> system-view

[DeviceA] mld-snooping

[DeviceA-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/3

# Enable MLD snooping for VLAN 100.

[DeviceA-vlan100] mld-snooping enable

[DeviceA-vlan100] quit

# Configure Ten-GigabitEthernet 3/0/3 as a static router port.

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] mld-snooping static-router-port vlan 100

[DeviceA-Ten-GigabitEthernet3/0/3] quit

4. Configure Device B:

# Enable MLD snooping globally.

<DeviceB> system-view

[DeviceB] mld-snooping

[DeviceB-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to the VLAN.

[DeviceB] vlan 100

[DeviceB-vlan100] port ten-gigabitethernet 3/0/1 ten-gigabitethernet 3/0/2

# Enable MLD snooping for VLAN 100.

[DeviceB-vlan100] mld-snooping enable

[DeviceB-vlan100] quit

5. Configure Device C:

# Enable MLD snooping globally.

<DeviceC> system-view

[DeviceC] mld-snooping

[DeviceC-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/5 to the VLAN.

[DeviceC] vlan 100

[DeviceC-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/5

# Enable MLD snooping for VLAN 100.

[DeviceC-vlan100] mld-snooping enable

[DeviceC-vlan100] quit

# Configure Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/5 as static member ports for IPv6 multicast group FF1E::101.

[DeviceC] interface ten-gigabitethernet 3/0/3

[DeviceC-Ten-GigabitEthernet3/0/3] mld-snooping static-group ff1e::101 vlan 100

[DeviceC-Ten-GigabitEthernet3/0/3] quit

[DeviceC] interface ten-gigabitethernet 3/0/5

[DeviceC-Ten-GigabitEthernet3/0/5] mld-snooping static-group ff1e::101 vlan 100

[DeviceC-Ten-GigabitEthernet3/0/5] quit

Verifying the configuration

# Display static router port information for VLAN 100 on Device A.

[DeviceA] display mld-snooping static-router-port vlan 100

VLAN 100:

Router slots (0 in total):

Router ports (1 in total):

XGE3/0/3

The output shows that Ten-GigabitEthernet 3/0/3 on Device A has become a static router port.

# Display static MLD snooping group entries in VLAN 100 on Device C.

[DeviceC] display mld-snooping static-group vlan 100

Total 1 entries).

VLAN 100: Total 1 entries).

(::, FF1E::101)

Host slots (0 in total):

Host ports (2 in total):

XGE3/0/3

XGE3/0/5

The output shows that Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/5 on Device C have become static member ports of IPv6 multicast group FF1E::101.

Example: Configuring the VLAN-based MLD snooping querier

Network configuration

As shown in Figure 208:

· The network is a Layer 2-only network.

· Source 1 and Source 2 send multicast data to IPv6 multicast groups FF1E::101 and FF1E::102, respectively.

· Host A and Host C are receivers of IPv6 multicast group FF1E::101, and Host B and Host D are receivers of IPv6 multicast group FF1E::102.

· All host receivers run MLDv1 and all devices run MLDv1 snooping. Device A (which is close to the multicast sources) acts as the MLD snooping querier.

To prevent the switches from flooding unknown IPv6 packets in the VLAN, enable all the switches to drop unknown IPv6 multicast packets.

Figure 208 Network diagram

‌

Procedure

1. Configure Device A:

# Enable MLD snooping globally.

<DeviceA> system-view

[DeviceA] mld-snooping

[DeviceA-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/3

# Enable MLD snooping, and enable dropping unknown IPv6 multicast data for VLAN 100.

[DeviceA-vlan100] mld-snooping enable

[DeviceA-vlan100] mld-snooping drop-unknown

# Configure Device A as the MLD snooping querier.

[DeviceA-vlan100] MLD-snooping querier

[DeviceA-vlan100] quit

2. Configure Device B:

# Enable MLD snooping globally.

<DeviceB> system-view

[DeviceB] mld-snooping

[DeviceB-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceB] vlan 100

[DeviceB-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

# Enable MLD snooping, and enable dropping unknown IPv6 multicast data for VLAN 100.

[DeviceB-vlan100] mld-snooping enable

[DeviceB-vlan100] mld-snooping drop-unknown

[DeviceB-vlan100] quit

3. Configure Device C:

# Enable MLD snooping globally.

<DeviceC> system-view

[DeviceC] mld-snooping

[DeviceC-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3 to the VLAN.

[DeviceC] vlan 100

[DeviceC-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/3

# Enable MLD snooping, and enable dropping unknown IPv6 multicast data for VLAN 100.

[DeviceC-vlan100] mld-snooping enable

[DeviceC-vlan100] mld-snooping drop-unknown

[DeviceC-vlan100] quit

4. Configure Device D:

# Enable MLD snooping globally.

<DeviceD> system-view

[DeviceD] mld-snooping

[DeviceD-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to the VLAN.

[DeviceD] vlan 100

[DeviceD-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/2

# Enable MLD snooping, and enable dropping unknown IPv6 multicast data for VLAN 100.

[DeviceD-vlan100] mld-snooping enable

[DeviceD-vlan100] mld-snooping drop-unknown

[DeviceD-vlan100] quit

Verifying the configuration

# Display statistics for MLD messages and IPv6 PIM hello messages learned through MLD snooping on Device B.

[DeviceB] display mld-snooping statistics

Received MLD general queries: 3

Received MLDv1 specific queries: 0

Received MLDv1 reports: 12

Received MLD dones: 0

Sent MLDv1 specific queries: 0

Received MLDv2 reports: 0

Received MLDv2 reports with right and wrong records: 0

Received MLDv2 specific queries: 0

Received MLDv2 specific sg queries: 0

Sent MLDv2 specific queries: 0

Sent MLDv2 specific sg queries: 0

Received IPv6 PIM hello: 0

Received error MLD messages: 0

The output shows that all switches except Device A can receive the MLD general queries after Device A acts as the MLD snooping querier.

Example: Configuring VLAN-based MLD snooping proxying

Network configuration

As shown in Figure 209, Router A runs MLDv1 and acts as the MLD querier. Device A runs MLDv1 snooping. Configure MLD snooping proxying so that Device A can perform the following actions:

· Forward MLD report and done messages to Router A.

· Respond to MLD queries sent by Router A and forward the queries to downstream hosts.

Figure 209 Network diagram

‌

Procedure

1. Assign an IPv6 address and subnet mask to each interface, as shown in Figure 209. (Details not shown.)

2. Configure Router A:

# Enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD and IPv6 PIM-DM on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

3. Configure Device A:

# Enable MLD snooping globally.

<DeviceA> system-view

[DeviceA] mld-snooping

[DeviceA-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

# Enable MLD snooping and MLD snooping proxying for the VLAN.

[DeviceA-vlan100] mld-snooping enable

[DeviceA-vlan100] mld-snooping proxy enable

[DeviceA-vlan100] quit

Verifying the configuration

# Send MLD reports from Host A and Host B to join IPv6 multicast group FF1E::101. (Details not shown.)

# Display MLD snooping group entries on Device A.

[DeviceA] display mld-snooping group

Total 1 entries.

VLAN 100: Total 1 entries.

(::, FF1E::101)

Host ports (2 in total):

XGE3/0/3 (00:04:09)

XGE3/0/4 (00:03:06)

The output shows that Ten-GigabitEthernet3/0/1 and Ten-GigabitEthernet3/0/1 are member ports of IPv6 multicast group FF1E::101. Host A and Host B will receive IPv6 multicast data for the group.

# Display MLD group membership information on Router A.

[RouterA] display mld group

MLD groups in total: 1

Ten-GigabitEthernet3/0/1(2001::1):

MLD groups reported in total: 1

Group address: FF1E::101

Last reporter: FE80::2FF:FFFF:FE00:1

Uptime: 00:00:31

Expires: 00:03:48

# Send an MLD done message from Host A to leave IPv6 multicast group FF1E::101. (Details not shown.)

# Display MLD snooping group entries on Device A.

[DeviceA] display mld-snooping group

Total 1 entries.

VLAN 100: Total 1 entries.

(::, FF1E::101)

Host ports (1 in total):

XGE3/0/3 (00:01:23)

The output shows that Ten-GigabitEthernet3/0/1 is the only member port of IPv6 multicast group FF1E::101. Only Host B will receive IPv6 multicast data for the group.

IPv6 PIM snooping configuration examples

Example: Configuring IPv6 PIM snooping

Network configuration

As shown in Figure 210:

· OSPFv3 runs on the network.

· Source 1 and Source 2 send IPv6 multicast data to IPv6 multicast groups FF1E::101 and FF2E::101, respectively.

· Receiver 1 and Receiver 2 belong to IPv6 multicast groups FF1E::101 and FF2E::101, respectively.

· Router C and Router D run MLD on Ten-GigabitEthernet 3/0/1.

· Router A, Router B, Router C, and Router D run IPv6 PIM-SM. Ten-GigabitEthernet 3/0/2 on Router A acts as a C-BSR and a C-RP.

Configure MLD snooping and IPv6 PIM snooping on Device A. Then, Device A forwards IPv6 PIM protocol packets and IPv6 multicast data packets only to routers that are connected to receivers.

Figure 210 Network diagram

‌

Procedure

1. Assign an IPv6 address and prefix length to each interface, as shown in Figure 210. (Details not shown.)

2. Configure OSPFv3 on the routers. (Details not shown.)

3. Configure Router A:

# Enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable IPv6 PIM-SM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[RouterA] ipv6 pim

[RouterA-pim6] c-bsr 1001::1

[RouterA-pim6] c-rp 1001::1

[RouterA-pim6] quit

4. Configure Router B:

# Enable IPv6 multicast routing.

<RouterB> system-view

[RouterB] ipv6 multicast routing

[RouterB-mrib6] quit

# Enable IPv6 PIM-SM on each interface.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

5. Configure Router C:

# Enable IPv6 multicast routing.

<RouterC> system-view

[RouterC] ipv6 multicast routing

[RouterC-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mld enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-SM on Ten-GigabitEthernet 3/0/2.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterC-Ten-GigabitEthernet3/0/2] quit

6. Configure Router D:

# Enable IPv6 multicast routing.

<RouterD> system-view

[RouterD] ipv6 multicast routing

[RouterD-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mld enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-SM on Ten-GigabitEthernet 3/0/2.

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterD-Ten-GigabitEthernet3/0/2] quit

7. Configure Device A:

# Enable MLD snooping globally.

<DeviceA> system-view

[DeviceA] mld-snooping

[DeviceA-mld-snooping] quit

# Create VLAN 100, and assign Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to the VLAN.

[DeviceA] vlan 100

[DeviceA-vlan100] port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/4

# Enable MLD snooping and IPv6 PIM snooping for VLAN 100.

[DeviceA-vlan100] mld-snooping enable

[DeviceA-vlan100] ipv6 pim-snooping enable

[DeviceA-vlan100] quit

Verifying the configuration

# On Device A, display IPv6 PIM snooping neighbor information for VLAN 100.

[DeviceA] display ipv6 pim-snooping neighbor vlan 100

Total 4 neighbors.

VLAN 100: Total 4 neighbors.

FE80::1

Slots (0 in total):

Ports (1 in total):

XGE3/0/1 (00:32:43)

FE80::2

Slots (0 in total):

Ports (1 in total):

XGE3/0/2 (00:32:43)

FE80::3

Slots (0 in total):

Ports (1 in total):

XGE3/0/3 (00:32:43)

FE80::4

Slots (0 in total):

Ports (1 in total):

XGE3/0/4 (00:32:43)

The output shows that Router A, Router B, Router C, and Router D are IPv6 PIM snooping neighbors.

# On Device A, display IPv6 PIM snooping routing entries for VLAN 100.

[DeviceA] display ipv6 pim-snooping routing-table vlan 100

Total 2 entries.

FSM flag: NI-no info, J-join, PP-prune pending

VLAN 100: Total 2 entries.

(*, FF1E::101)

Upstream neighbor: FE80::1

Upstream Slots (0 in total):

Upstream ports (1 in total):

XGE3/0/1

Downstream Slots (0 in total):

Downstream ports (1 in total):

XGE3/0/3

Expires: 00:03:01, FSM: J

(*, FF2E::101)

Upstream neighbor: FE80::2

Upstream Slots (0 in total):

Upstream ports (1 in total):

XGE3/0/2

Downstream Slots (0 in total):

Downstream ports (1 in total):

XGE3/0/4

Expires: 00:03:01, FSM: J

The output shows the following information:

· Device A will forward the multicast data intended for IPv6 multicast group FF1E::101 to only Router C.

· Device A will forward the multicast data intended for IPv6 multicast group FF2E::101 to only Router D.

IPv6 multicast VLAN configuration examples

Example: Configuring sub-VLAN-based IPv6 multicast VLAN

Network configuration

As shown in Figure 211:

· Layer 3 device Device A runs MLD and acts as the MLD querier. Layer 2 device Device B runs MLDv1 snooping.

· The IPv6 multicast source sends IPv6 multicast data to IPv6 multicast group FF1E::101. Receivers Host A, Host B, and Host C belong to VLAN 2, VLAN 3, and VLAN 4, respectively.

Configure a sub-VLAN-based IPv6 multicast VLAN on Device B to meet the following requirements:

· Device A sends the IPv6 multicast data to Device B through the IPv6 multicast VLAN.

· Device B forwards the IPv6 multicast data to the receivers in different user VLANs.

Figure 211 Network diagram

‌

Procedure

1. Configure Device A:

# Enable IPv6 multicast routing.

<DeviceA> system-view

[DeviceA] ipv6 multicast routing

[DeviceA-mrib6] quit

# Create VLAN 20, and assign Ten-GigabitEthernet 3/0/2 to the VLAN.

[DeviceA] vlan 20

[DeviceA-vlan20] port ten-gigabitethernet 3/0/2

[DeviceA-vlan20] quit

# Assign an IPv6 address to VLAN-interface 20, and enable IPv6 PIM-DM on the interface.

[DeviceA] interface vlan-interface 20

[DeviceA-Vlan-interface20] ipv6 address 1::2 64

[DeviceA-Vlan-interface20] ipv6 pim dm

[DeviceA-Vlan-interface20] quit

# Create VLAN 10.

[DeviceA] vlan 10

[DeviceA-vlan10] quit

# Configure Ten-GigabitEthernet 3/0/1 as a hybrid port, and assign the port to VLAN 10 as a tagged VLAN member.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port link-type hybrid

[DeviceA-Ten-GigabitEthernet3/0/1] port hybrid vlan 10 tagged

[DeviceA-Ten-GigabitEthernet3/0/1] quit

# Assign an IPv6 address to VLAN-interface 10, and enable MLD on the interface.

[DeviceA] interface vlan-interface 10

[DeviceA-Vlan-interface10] ipv6 address 2001::1 64

[DeviceA-Vlan-interface10] mld enable

[DeviceA-Vlan-interface10] quit

2. Configure Device B:

# Enable MLD snooping globally.

<DeviceB> system-view

[DeviceB] mld-snooping

[DeviceB-mld-snooping] quit

# Create VLAN 2, assign Ten-GigabitEthernet 3/0/2 to the VLAN, and enable MLD snooping for the VLAN.

[DeviceB] vlan 2

[DeviceB-vlan2] port ten-gigabitethernet 3/0/2

[DeviceB-vlan2] mld-snooping enable

[DeviceB-vlan2] quit

# Create VLAN 3, assign Ten-GigabitEthernet 3/0/3 to the VLAN, and enable MLD snooping for the VLAN.

[DeviceB] vlan 3

[DeviceB-vlan3] port ten-gigabitethernet 3/0/3

[DeviceB-vlan3] mld-snooping enable

[DeviceB-vlan3] quit

# Create VLAN 4, assign Ten-GigabitEthernet 3/0/4 to the VLAN, and enable MLD snooping for the VLAN.

[DeviceB] vlan 4

[DeviceB-vlan4] port ten-gigabitethernet 3/0/4

[DeviceB-vlan4] mld-snooping enable

[DeviceB-vlan4] quit

# Create VLAN 10, and enable MLD snooping for the VLAN.

[DeviceB] vlan 10

[DeviceB-vlan10] mld-snooping enable

[DeviceB-vlan10] quit

# Configure Ten-GigabitEthernet 3/0/1 as a hybrid port, and assign the port to VLAN 10 as a tagged VLAN member.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] port link-type hybrid

[DeviceB-Ten-GigabitEthernet3/0/1] port hybrid vlan 10 tagged

[DeviceB-Ten-GigabitEthernet3/0/1] quit

# Configure VLAN 10 as an IPv6 multicast VLAN, and assign VLAN 2 through VLAN 4 as sub-VLANs to multicast VLAN 10.

[DeviceB] ipv6 multicast-vlan 10

[DeviceB-ipv6-mvlan-10] subvlan 2 to 4

[DeviceB-ipv6-mvlan-10] quit

Verifying the configuration

# Display information about all IPv6 multicast VLANs on Device B.

[DeviceB] display ipv6 multicast-vlan

Total 1 IPv6 multicast VLANs.

IPv6 multicast VLAN 10:

Sub-VLAN list(3 in total):

2-4

# Display information about IPv6 multicast groups in IPv6 multicast VLANs on Device B.

[DeviceB] display ipv6 multicast-vlan group

Total 1 entries.

IPv6 multicast VLAN 10: Total 1 entries.

(::, FF1E::101)

Sub-VLANs (3 in total):

VLAN 2

VLAN 3

VLAN 4

The output shows that IPv6 multicast group FF1E::101 belongs to IPv6 multicast VLAN 10. IPv6 multicast VLAN 10 contains sub-VLANs VLAN 2 through VLAN 4. Device B will replicate the IPv6 multicast data of VLAN 10 to VLAN 2 through VLAN 4.

IPv6 multicast routing and forwarding configuration examples

Example: Changing an IPv6 RPF route

Network configuration

As shown in Figure 212:

· IPv6 PIM-DM runs on the network.

· All routers on the network support IPv6 multicast.

· Router A, Router B, and Router C run OSPFv3.

· Typically, the receiver host can receive the IPv6 multicast data from the source through the path: Router A to Router B, which is the same as the unicast route.

Configure the routers so that the IPv6 multicast data from the source travels to the receiver along the following path: Router A to Router C to Router B. This path is different from the unicast route.

Figure 212 Network diagram

‌

Prerequisites

1. Assign an IP address and prefix length to each interface, as shown in Figure 212.

2. Configure OSPFv3 on the routers in the IPv6 PIM-DM domain.

Procedure

1. Enable IPv6 multicast routing, and enable MLD and IPv6 PIM-DM:

# On Router B, enable IPv6 multicast routing.

<RouterB> system-view

[RouterB] ipv6 multicast routing

[RouterB-mrib6] quit

# Enable MLD on the receiver-side interface Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mld enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on the other interfaces.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] ipv6 pim dm

[RouterB-Ten-GigabitEthernet3/0/3] quit

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable IPv6 PIM-DM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Enable IPv6 multicast routing and IPv6 PIM-DM on Router C in the same way Router A is configured. (Details not shown.)

2. Display RPF information for the source on Router B.

[RouterB] display ipv6 multicast rpf-info 500::100

RPF information about source 500::100:

RPF interface: Ten-GigabitEthernet3/0/3, RPF neighbor: 300::2

Referenced prefix/prefix length: 500::/64

Referenced route type: igp

Route selection rule: preference-preferred

Load splitting rule: disable

Source AS: 0

C-multicast route target: 0x0000000000000000

The output shows that the current RPF route on Router B is contributed by a unicast routing protocol and the RPF neighbor is Router A.

3. On Router B, configure a static IPv6 multicast route to the source and specify Router C as the RPF neighbor.

[RouterB] ipv6 rpf-route-static 500::100 64 200::2

Verifying the configuration

# Display RPF information for the source on Router B.

[RouterB] display ipv6 multicast rpf-info 500::100

RPF information about source 500::100

RPF interface: Ten-GigabitEthernet3/0/2, RPF neighbor: 200::2

Referenced prefix/prefix length: 500::/64

Referenced route type: multicast static

Route selection rule: preference-preferred

Load splitting rule: disable

Source AS: 0

C-multicast route target: 0x0000000000000000

The output shows the following information:

· The RPF route on Router B is the configured static IPv6 multicast route.

· The RPF neighbor of Router B is Router C.

Example: Creating an IPv6 RPF route

Network configuration

As shown in Figure 213:

· IPv6 PIM-DM runs on the network.

· All routers on the network support IP multicast.

· Router B and Router C run OSPFv3, and have no unicast routes to Router A.

· Typically, the receiver host receives the IPv6 multicast data from Source 1 in the OSPFv3 domain.

Configure the routers so that the receiver host can receive IPv6 multicast data from Source 2, which is outside the OSPFv3 domain.

Figure 213 Network diagram

‌

Prerequistes

1. Assign an IP address and subnet mask for each interface, as shown in Figure 213.

2. Configure OSPFv3 on Router B and Router C.

Procedure

1. Enable IPv6 multicast routing, and enable MLD and IPv6 PIM-DM:

# On Router C, enable IPv6 multicast routing.

<RouterC> system-view

[RouterC] ipv6 multicast routing

[RouterC-mrib6] quit

# Enable MLD on the receiver-side interface Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mld enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterC-Ten-GigabitEthernet3/0/2] quit

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable IPv6 PIM-DM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable IPv6 multicast routing and IPv6 PIM-DM on Router B in the same way Router A is configured. (Details not shown.)

2. Display RPF information for Source 2 on Router B and Router C.

[RouterB] display ipv6 multicast rpf-info 500::100

[RouterC] display ipv6 multicast rpf-info 500::100

No output is displayed because no RPF routes to Source 2 exist on Router B and Router C.

3. Configure a static IPv6 multicast route:

# Configure a static IPv6 multicast route on Router B and specify Router A as its RPF neighbor to Source 2.

[RouterB] ipv6 rpf-route-static 500::100 64 300::2

# Configure a static IPv6 multicast route on Router C and specify Router B as its RPF neighbor to Source 2.

[RouterC] ipv6 rpf-route-static 500::100 64 200::2

Verifying the configuration

# Display RPF information for Source 2 on Router B.

[RouterB] display ipv6 multicast rpf-info 500::100

RPF information about source 500::100:

RPF interface: Ten-GigabitEthernet3/0/3, RPF neighbor: 300::2

Referenced prefix/prefix length: 500::/64

Referenced route type: multicast static

Route selection rule: preference-preferred

Load splitting rule: disable

Source AS: 0

C-multicast route target: 0x0000000000000000

# Display RPF information for Source 2 on Router C.

[RouterC] display ipv6 multicast rpf-info 500::100

RPF information about source 500::100:

RPF interface: Ten-GigabitEthernet3/0/2, RPF neighbor: 200::2

Referenced prefix/prefix length: 500::/64

Referenced route type: multicast static

Route selection rule: preference-preferred

Load splitting rule: disable

Source AS: 0

C-multicast route target: 0x0000000000000000

The output shows that the RPF routes to Source 2 exist on Router B and Router C. These RPF routes are the configured static IPv6 multicast routes.

MLD configuration examples

Example: Configuring basic MLD features

Network configuration

As shown in Figure 214:

· OSPFv3 and IPv6 PIM-DM run on the network.

· VOD streams are sent to receiver hosts in multicast. Receiver hosts of different organizations form stub networks N1 and N2. Host A and Host C are multicast receiver hosts in N1 and N2, respectively.

· MLDv1 runs between Router A and N1, and between the other two routers (Router B and Router C) and N2.

· Router A acts as the MLD querier in N1. Router B acts as the MLD querier in N2 because it has a lower IPv6 address.

Configure the routers to meet the following requirements:

· The hosts in N1 can only join IPv6 multicast group FF1E::101.

· The hosts in N2 can join any IPv6 multicast groups.

Figure 214 Network diagram

‌

Procedure

1. Assign an IPv6 address and prefix length to each interface, as shown in Figure 214. (Details not shown.)

2. Configure OSPFv3 on the routers in the IPv6 PIM-DM domain. (Details not shown.)

3. Enable the IPv6 multicast routing, MLD, and IPv6 PIM-DM:

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# On Router B, enable IPv6 multicast routing.

<RouterB> system-view

[RouterB] ipv6 multicast routing

[RouterB-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mld enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterB-Ten-GigabitEthernet3/0/2] quit

# On Router C, enable IPv6 multicast routing.

<RouterC> system-view

[RouterC] ipv6 multicast routing

[RouterC-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mld enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterC-Ten-GigabitEthernet3/0/2] quit

4. Configure an IPv6 multicast group policy on Router A so that hosts connected to Ten-GigabitEthernet 3/0/1 can join only IPv6 multicast group FF1E::101.

[RouterA] acl ipv6 basic 2001

[RouterA-acl-ipv6-basic-2001] rule permit source ff1e::101 128

[RouterA-acl-ipv6-basic-2001] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld group-policy 2001

[RouterA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display MLD information for Ten-GigabitEthernet 3/0/1 on Router B.

[RouterB] display mld interface ten-gigabitethernet 3/0/1

Ten-GigabitEthernet3/0/1(FE80::200:5EFF:FE66:5100):

MLD is enabled.

MLD version: 1

Query interval for MLD: 125s

Other querier present time for MLD: 255s

Maximum query response time for MLD: 10s

Querier for MLD: FE80::200:5EFF:FE66:5100 (this router)

MLD groups reported in total: 1

Example: Configuring MLD SSM mapping

Network configuration

As shown in Figure 215:

· OSPFv3 runs on the network.

· The IPv6 PIM-SM domain uses the SSM model for IPv6 multicast delivery. The IPv6 SSM group range is FF3E::/64.

· MLDv2 runs on Ten-GigabitEthernet 3/0/1 of Router D. The receiver host runs MLDv1, and does not support MLDv2. The receiver host cannot specify multicast sources in its membership reports.

· Source 1, Source 2, and Source 3 send IPv6 multicast packets to multicast groups in the IPv6 SSM group range.

Configure the MLD SSM mapping feature on Router D so that the receiver host will receive IPv6 multicast data only from Source 1 and Source 3.

Figure 215 Network diagram

‌

Table 52 Interface and IPv6 address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Source 1	—	1001::1/64	Source 3	—	3001::1/64
Source 2	—	2001::1/64	Receiver	—	4001::1/64
Router A	XGE3/0/1	1001::2/64	Router C	XGE3/0/1	3001::2/64
Router A	XGE3/0/2	1002::1/64	Router C	XGE3/0/2	3002::1/64
Router A	XGE3/0/3	1003::1/64	Router C	XGE3/0/3	2002::2/64
Router B	XGE3/0/1	2001::2/64	Router D	XGE3/0/1	4001::2/64
Router B	XGE3/0/2	1002::2/64	Router D	XGE3/0/2	3002::2/64
Router B	XGE3/0/3	2002::1/64	Router D	XGE3/0/3	1003::2/64

Procedure

1. Assign an IPv6 address and prefix length to each interface, as shown in Table 52. (Details not shown.)

2. Configure OSPFv3 on the routers in the IPv6 PIM-SM domain. (Details not shown.)

3. Enable IPv6 multicast routing, IPv6 PIM-SM, and MLD:

# On Router D, enable IPv6 multicast routing.

<RouterD> system-view

[RouterD] ipv6 multicast routing

[RouterD-mrib6] quit

# Enable MLDv2 on the receiver-side interface (Ten-GigabitEthernet 3/0/1).

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mld enable

[RouterD-Ten-GigabitEthernet3/0/1] mld version 2

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-SM on the other interfaces.

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface ten-gigabitethernet 3/0/3

[RouterD-Ten-GigabitEthernet3/0/3] ipv6 pim sm

[RouterD-Ten-GigabitEthernet3/0/3] quit

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable IPv6 PIM-SM on each interface.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Configure Router B and Router C in the same way Router A is configured. (Details not shown.)

4. Configure the IPv6 SSM group range:

# On Router D, specify FF3E::/64 as the IPv6 SSM group range.

[RouterD] acl ipv6 basic 2000

[RouterD-acl-ipv6-basic-2000] rule permit source ff3e:: 64

[RouterD-acl-ipv6-basic-2000] quit

[RouterD] ipv6 pim

[RouterD-pim6] ssm-policy 2000

[RouterD-pim6] quit

# Configure Router A, Router B, and Router C in the same way Router D is configured. (Details not shown.)

5. Configure MLD SSM mappings on Router D.

[RouterD] mld

[RouterD-mld] ssm-mapping 1001::1 2000

[RouterD-mld] ssm-mapping 3001::1 2000

[RouterD-mld] quit

Verifying the configuration

# Display MLD SSM mappings for IPv6 multicast group FF3E::101 on Router D.

[RouterD] display mld ssm-mapping ff3e::101

Group: FF3E::101

Source list:

1001::1

3001::1

# On Router D, display information about MLD multicast groups that hosts have dynamically joined.

[RouterD] display mld group

MLD groups in total: 1

Ten-GigabitEthernet3/0/1(FE80::101):

MLD groups reported in total: 1

Group address: FF3E::101

Last reporter: FE80::1

Uptime: 00:02:04

Expires: Off

# Display IPv6 PIM routing entries on Router D.

[RouterD] display ipv6 pim routing-table

Total 0 (*, G) entry; 2 (S, G) entry

(1001::1, FF3E::101)

Protocol: pim-ssm, Flag:

UpTime: 00:13:25

Upstream interface: Ten-GigabitEthernet3/0/3

Upstream neighbor: FE80::1

RPF prime neighbor: FE80::1

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: mld, UpTime: 00:13:25, Expires: -

(3001::1, FF3E::101)

Protocol: pim-ssm, Flag:

UpTime: 00:13:25

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: FE80::1

RPF prime neighbor: FE80::1

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: mld, UpTime: 00:13:25, Expires: -

Example: Configuring MLD proxying

Network configuration

As shown in Figure 216:

· IPv6 PIM-DM runs on the core network.

· Host A and Host C on the stub network receive VOD information sent to IPv6 multicast group FF3E::101.

Configure the MLD proxying feature on Router B so that Router B can maintain group memberships and forward IPv6 multicast traffic without running IPv6 PIM-DM.

Figure 216 Network diagram

‌

Procedure

1. Assign an IPv6 address and prefix length to each interface, as shown in Figure 216. (Details not shown.)

2. Enable IPv6 multicast routing, IPv6 PIM-DM, MLD, and MLD proxying:

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# On Router B, enable IPv6 multicast routing.

<RouterB> system-view

[RouterB] ipv6 multicast routing

[RouterB-mrib6] quit

# Enable MLD proxying on Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mld proxy enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Enable MLD on Ten-GigabitEthernet 3/0/2.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mld enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# On Router B, display IPv6 multicast group membership information maintained by the MLD proxy.

[RouterB] display mld proxy group

MLD proxy group records in total: 1

Ten-GigabitEthernet3/0/1(FE80::16:1):

MLD proxy group records in total: 1

Group address: FF1E::1

Member state: Delay

Expires: 00:00:02

Example: Configuring PPPoE-based IPv6 multicast access control

Network configuration

As shown in Figure 217:

· OSPF runs in the PIM-SM domain.

· Source 1, Source 2, and Source 3 send IPv6 multicast data to the IPv6 multicast groups FF1E::101, FF1E::102, and FF1E::103, respectively.

· Ten-GigabitEthernet 3/0/2 on Router A acts as a C-BSR and a C-RP, and it is designated to all IPv6 multicast groups.

· Router A acts as the BRAS, and it connects the users in ISP 1 and ISP 2 to the PIM-SM network.

Configure the IPv6 multicast access control feature on Router A to meet the following requirements:

· Host A and Host B in ISP 1 can join only IPv6 multicast groups FF1E::101 and FF1E::102.

· Host C and Host D in ISP 2 can join only IPv6 multicast groups FF1E::102 and FF1E::103.

Figure 217 Network diagram

‌

Table 53 Interface and IPv6 address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Source 1	—	1001::1/64	Host A	—	3001::2/64
Source 2	—	1002::1/64	Host B	—	3001::3/64
Source 3	—	1003::1/64	Host C	—	3002::2/64
RADIUS server	—	2004::2/64	Host D	—	3002::3/64
Router B	XGE3/0/1	2001::2/64	Router A	XGE3/0/1	2001::1/64
Router B	XGE3/0/2	1001::2/64	Router A	XGE3/0/2	2002::1/64
Router C	XGE3/0/1	2002::2/64	Router A	XGE3/0/3	2003::1/64
Router C	XGE3/0/2	1002::2/64	Router A	XGE3/0/4	2004::1/64
Router D	XGE3/0/1	2003::2/64	Router A	XGE3/0/5.1	3001::1/64
Router D	XGE3/0/2	1003::2/64	Router A	XGE3/0/5.2	3002::1/64

Procedure

1. Assign an IPv6 address and prefix length to each interface, as shown in Table 53. (Details not shown.)

2. Configure OSPFv3 in the IPv6 PIM-SM domain. (Details not shown.)

3. Enable IPv6 multicast routing, and configure IPv6 PIM-SM:

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable IPv6 PIM-SM on Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# On Router B, enable IPv6 multicast routing.

<RouterB> system-view

[RouterB] ipv6 multicast routing

[RouterB-mrib6] quit

# Enable IPv6 PIM-SM on each interface.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C and Router D in the same way Router B is configured. (Details not shown.)

# On Router A, configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[RouterA] ipv6 pim

[RouterA-pim6] c-bsr 2002::1

[RouterA-pim6] c-rp 2002::1

[RouterA-pim6] quit

4. Configure the access service on the BRAS:

# Configure a RADIUS scheme.

[RouterA] radius scheme spec

[RouterA-radius-spec] primary authentication ipv6 2004::2 key simple 123456

[RouterA-radius-spec] primary accounting ipv6 2004::2 key simple 123456

[RouterA-radius-spec] user-name-format without-domain

[RouterA-radius-spec] nas-ip ipv6 2004::1

[RouterA-radius-spec] quit

# Create an ISP domain named isp1 and specify the STB service for users in the ISP domain.

[RouterA] domain name isp1

[RouterA-isp-isp1] service-type stb

# Configure AAA methods for ISP domain isp1.

[RouterA-isp-isp1] authentication ppp radius-scheme spec

[RouterA-isp-isp1] authorization ppp radius-scheme spec

[RouterA-isp-isp1] accounting ppp radius-scheme spec

[RouterA-isp-isp1] quit

# Create an ISP domain named isp2, and specify the STB service for users in the ISP domain.

[RouterA] domain name isp2

[RouterA-isp-isp2] service-type stb

# Configure AAA methods for ISP domain isp2.

[RouterA-isp-isp2] authentication ppp radius-scheme spec

[RouterA-isp-isp2] authorization ppp radius-scheme spec

[RouterA-isp-isp2] accounting ppp radius-scheme spec

[RouterA-isp-isp2] quit

# Create interface Virtual-Template 1, and assign an IPv6 address and prefix length to the interface.

[RouterA] interface virtual-template 1

[RouterA-Virtual-Template1] ipv6 address 4001::1 64

# Configure interface Virtual-Template 1 to authenticate users in ISP domain isp1 by using PAP.

[RouterA-Virtual-Template1] ppp authentication-mode pap domain isp1

[RouterA-Virtual-Template1] quit

# Create interface Virtual-Template 2, and assign an IPv6 address and prefix length to the interface.

[RouterA] interface virtual-template 2

[RouterA-Virtual-Template2] ipv6 address 4002::1 64

# Configure interface Virtual-Template 2 to authenticate users in ISP domain isp2 by using PAP.

[RouterA-Virtual-Template2] ppp authentication-mode pap domain isp2

[RouterA-Virtual-Template2] quit

# Configure Ten-GigabitEthernet 3/0/5.1 to terminate VLAN-tagged packets whose outer VLAN ID is 1 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface ten-gigabitethernet 3/0/5.1

[RouterA-Ten-GigabitEthernet3/0/5.1] vlan-type dot1q vid 1 second-dot1q 1 to 100

# Bind Ten-GigabitEthernet 3/0/5.1 to interface Virtual-Template 1.

[RouterA-Ten-GigabitEthernet3/0/5.1] pppoe-server bind virtual-template 1

[RouterA-Ten-GigabitEthernet3/0/5.1] quit

# Configure Ten-GigabitEthernet 3/0/5.2. to terminate VLAN-tagged packets whose outer VLAN ID is 2 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface ten-gigabitethernet 3/0/5.2

[RouterA-Ten-GigabitEthernet3/0/5.2] vlan-type dot1q vid 2 second-dot1q 1 to 100

# Bind subinterface Ten-GigabitEthernet 3/0/5.2 to interface Virtual-Template 2.

[RouterA-Ten-GigabitEthernet3/0/5.2] pppoe-server bind virtual-template 2

[RouterA-Ten-GigabitEthernet3/0/5.2] quit

5. Configure IPv6 multicast access control on the BRAS:

# Enable MLD and IPv6 multicast access control on Ten-GigabitEthernet 3/0/5. 1.

[RouterA] interface ten-gigabitethernet 3/0/5.1

[RouterA-Ten-GigabitEthernet3/0/5.1] mld enable

[RouterA-Ten-GigabitEthernet3/0/5.1] mld authorization-enable

[RouterA-Ten-GigabitEthernet3/0/5.1] quit

# Enable MLD and IPv6 multicast access control on Ten-GigabitEthernet 3/0/5. 2.

[RouterA] interface ten-gigabitethernet 3/0/5.2

[RouterA-Ten-GigabitEthernet3/0/5.2] mld enable

[RouterA-Ten-GigabitEthernet3/0/5.2] mld authorization-enable

[RouterA-Ten-GigabitEthernet3/0/5.2] quit

# Configure an access policy in user profile profile1 to authorize MLD users to join IPv6 multicast groups FF03::101 and FF03::102.

[RouterA] acl ipv6 basic 2000

[RouterA-acl-ipv6-basic-2000] rule permit source ff1e::101 128

[RouterA-acl-ipv6-basic-2000] rule permit source ff1e::102 128

[RouterA-acl-ipv6-basic-2000] quit

[RouterA] user-profile profile1

[RouterA-user-profile-profile1] mld access-policy 2000

[RouterA-user-profile-profile1] quit

# Specify user profile profile1 for users in ISP domain isp1.

[RouterA] domain name isp1

[RouterA-isp-isp1] authorization-attribute user-profile profile1

[RouterA-isp-isp1] quit

# Configure an access policy in user profile profile2 to authorize MLD users to join IPv6 multicast groups FF03::102 and FF03::103.

[RouterA] acl ipv6 basic 2001

[RouterA-acl-ipv6-basic-2001] rule permit source ff1e::102 128

[RouterA-acl-ipv6-basic-2001] rule permit source ff1e::103 128

[RouterA-acl-ipv6-basic-2001] quit

[RouterA] user-profile profile2

[RouterA-user-profile-profile2] mld access-policy 2001

[RouterA-user-profile-profile2] quit

# Specify user profile profile2 for users in ISP domain isp2.

[RouterA] domain name isp2

[RouterA-isp-isp2] authorization-attribute user-profile profile2

[RouterA-isp-isp2] quit

Verifying the configuration

# Display authorized MLD user information on Router A after Host A and Host C log in.

[RouterA] display mld user-info

Authorized users in total: 2

User name: user1@isp1

Access type: PPP

Interface: Multicast-UA0

Access interface: Bas-interface0 (Ten-GigabitEthernet3/0/5.1)

User ID: 0x20000006 (Session ID 0x1, VLAN ID 1, Second VLAN ID 2)

Maximum groups for order: 10

User profile: profile1

Authorized group list:

User name: user1@isp2

Access type: PPP

Interface: Multicast-UA1

Access interface: Bas-interface1 (Ten-GigabitEthernet3/0/5.2)

User ID: 0x20000007 (Session ID 0x2, VLAN ID 2, Second VLAN ID 2)

Maximum groups for order: 10

User profile: profile2

Authorized group list:

Example: Configuring IPoE-based IPv6 multicast access control

Network configuration

As shown in Figure 218:

· OSPF runs in the PIM-SM domain.

· Source 1, Source 2, and Source 3 send IPv6 multicast data to IPv6 multicast groups FF1E::101, FF1E::102, and FF1E::103, respectively.

· Ten-GigabitEthernet 3/0/2 on Router A acts as a C-BSR and a C-RP, and it is designated to all IPv6 multicast groups.

· Router A acts as the BRAS, and connects the users in ISP 1 and ISP 2 to the PIM-SM network.

Configure the IPv6 multicast access control feature on Router A to meet the following requirements:

· Host A and Host B in ISP 1 can join only IPv6 multicast groups FF1E::101 and FF1E::102.

· Host C and Host D in ISP 2 can join only IPv6 multicast groups FF1E::102 and FF1E::103.

Figure 218 Network diagram

‌

Table 54 Interface and IPv6 address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Source 1	—	1001::1/64	Host A	—	3001::2/64
Source 2	—	1002::1/64	Host B	—	3001::3/64
Source 3	—	1003::1/64	Host C	—	3002::2/64
RADIUS server	—	2004::2/64	Host D	—	3002::3/64
Router B	XGE3/0/1	2001::2/64	Router A	XGE3/0/1	2001::1/64
Router B	XGE3/0/2	1001::2/64	Router A	XGE3/0/2	2002::1/64
Router C	XGE3/0/1	2002::2/64	Router A	XGE3/0/3	2003::1/64
Router C	XGE3/0/2	1002::2/64	Router A	XGE3/0/4	2004::1/64
Router D	XGE3/0/1	2003::2/64	Router A	XGE3/0/5.1	3001::1/64
Router D	XGE3/0/2	1003::2/64	Router A	XGE3/0/5.2	3002::1/64

Procedure

1. Assign an IPv6 address and prefix length to each interface, as shown in Table 54. (Details not shown.)

2. Configure OSPFv3 in the IPv6 PIM-SM domain. (Details not shown.)

3. Enable IPv6 multicast routing, and configure IPv6 PIM-SM:

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable IPv6 PIM-SM on Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/3.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# On Router B, enable IPv6 multicast routing.

<RouterB> system-view

[RouterB] ipv6 multicast routing

[RouterB-mrib6] quit

# Enable IPv6 PIM-SM on each interface.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C and Router D in the same way Router B is configured. (Details not shown.)

# On Router A, configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP.

[RouterA] ipv6 pim

[RouterA-pim6] c-bsr 2002::1

[RouterA-pim6] c-rp 2002::1

[RouterA-pim6] quit

4. Configure the access service on the BRAS:

# Configure a RADIUS scheme.

[RouterA] radius scheme spec

[RouterA-radius-spec] primary authentication ipv6 2004::2 key simple 123456

[RouterA-radius-spec] primary accounting ipv6 2004::2 key simple 123456

[RouterA-radius-spec] user-name-format without-domain

[RouterA-radius-spec] nas-ip ipv6 2004::1

[RouterA-radius-spec] quit

# Create ISP domain isp1, and specify the STB service for users in the ISP domain.

[RouterA] domain name isp1

[RouterA-isp-isp1] service-type stb

# Configure AAA methods for ISP domain isp1.

[RouterA-isp-isp1] authentication ipoe radius-scheme spec

[RouterA-isp-isp1] authorization ipoe radius-scheme spec

[RouterA-isp-isp1] accounting ipoe radius-scheme spec

[RouterA-isp-isp1] quit

# Create ISP domain isp2, and specify the STB service for users in the ISP domain.

[RouterA] domain name isp2

[RouterA-isp-isp2] service-type stb

# Configure AAA methods for ISP domain isp2.

[RouterA-isp-isp2] authentication ipoe radius-scheme spec

[RouterA-isp-isp2] authorization ipoe radius-scheme spec

[RouterA-isp-isp2] accounting ipoe radius-scheme spec

[RouterA-isp-isp2] quit

# Enable DHCP on Router A.

[RouterA] dhcp enable

# Create an IPv6 address pool named 1.

[RouterA] ipv6 pool 1 bas local

# Specify a subnet of 4000::1/96 for IPv6 address pool 1.

[RouterA-ipv6-pool-bas-local-1] network 4000::1/96 preferred-lifetime 172800 valid-lifetime 345600

# Specify a domain name of isp1 for IPv6 address pool 1.

[RouterA-ipv6-pool-bas-local-1] domain-name isp1

[RouterA-ipv6-pool-bas-local-1] quit

# Create an IPv6 address pool named 2.

[RouterA] ipv6 pool 2 bas local

# Specify a subnet of 4000::1/96 for IPv6 address pool 2.

[RouterA-ipv6-pool-bas-local-2] network 4001::1/96 preferred-lifetime 172800 valid-lifetime 345600

# Specify a domain name of isp2 for IPv6 address pool 2.

[RouterA-ipv6-pool-bas-local-2] domain-name isp2

[RouterA-ipv6-pool-bas-local-2] quit

# Configure Ten-GigabitEthernet 3/0/5.1 to terminate VLAN-tagged packets whose outer VLAN ID is 1 and inner VLAN ID is in the range of 1 to 100..

[RouterA] interface ten-gigabitethernet 3/0/5.1

[RouterA-Ten-GigabitEthernet3/0/5.1] vlan-type dot1q vid 1 second-dot1q 1 to 100

# Configure the DHCP service on Ten-GigabitEthernet 3/0/5.1.

[RouterA-Ten-GigabitEthernet3/0/5.1] ipv6 dhcp select server

[RouterA-Ten-GigabitEthernet3/0/5.1] ip subscriber l2-connected enable

[RouterA-Ten-GigabitEthernet3/0/5.1] ip subscriber dhcp domain isp1

[RouterA-Ten-GigabitEthernet3/0/5.1] quit

# Configure Ten-GigabitEthernet 3/0/5.2 to terminate VLAN-tagged packets whose outer VLAN ID is 2 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface ten-gigabitethernet 3/0/5.2

[RouterA-Ten-GigabitEthernet3/0/5.2] vlan-type dot1q vid 2 second-dot1q 1 to 100

# Configure DHCP service on Ten-GigabitEthernet 3/0/5.2.

[RouterA-Ten-GigabitEthernet3/0/5.2] ipv6 dhcp select server

[RouterA-Ten-GigabitEthernet3/0/5.2] ip subscriber l2-connected enable

[RouterA-Ten-GigabitEthernet3/0/5.2] ip subscriber dhcp domain isp2

[RouterA-Ten-GigabitEthernet3/0/5.2] quit

5. Configure IPv6 multicast access control on the BRAS:

# Enable MLD on Ten-GigabitEthernet 3/0/5.1.

[RouterA] interface ten-gigabitethernet 3/0/5.1

[RouterA-Ten-GigabitEthernet3/0/5.1] mld enable

# Enable IPv6 multicast access control on Ten-GigabitEthernet 3/0/5.1.

[RouterA-Ten-GigabitEthernet3/0/5.1] mld authorization-enable

# Enable per-session IPv6 multicast forwarding on Ten-GigabitEthernet 3/0/5.1.

[RouterA-Ten-GigabitEthernet3/0/5.1] mld join-by-session

[RouterA-Ten-GigabitEthernet3/0/5.1] quit

# Configure Ten-GigabitEthernet 3/0/5.2 in the same way Ten-GigabitEthernet 3/0/5.1 is configured. (Details not shown.)

# Configure an access policy in user profile profile1 to authorize MLD users to join IPv6 multicast groups FF03::101 and FF03::102.

[RouterA] acl ipv6 basic 2000

[RouterA-acl-ipv6-basic-2000] rule permit source ff1e::101 128

[RouterA-acl-ipv6-basic-2000] rule permit source ff1e::102 128

[RouterA-acl-ipv6-basic-2000] quit

[RouterA] user-profile profile1

[RouterA-user-profile-profile1] mld access-policy 2000

[RouterA-user-profile-profile1] quit

# Specify user profile profile1 for users in ISP domain isp1.

[RouterA] domain name isp1

[RouterA-isp-isp1] authorization-attribute user-profile profile1

[RouterA-isp-isp1] quit

# Configure an access policy in user profile profile2 to authorize MLD users to join IPv6 multicast groups FF03::102 and FF03::103.

[RouterA] acl ipv6 basic 2001

[RouterA-acl-ipv6-basic-2001] rule permit source ff1e::102 128

[RouterA-acl-ipv6-basic-2001] rule permit source ff1e::103 128

[RouterA-acl-ipv6-basic-2001] quit

# Specify user profile profile2 for users in ISP domain isp2.

[RouterA] user-profile profile2

[RouterA-user-profile-profile2] mld access-policy 2001

[RouterA-user-profile-profile2] quit

[RouterA] domain name isp2

[RouterA-isp-isp2] authorization-attribute user-profile profile2

[RouterA-isp-isp2] quit

Verifying the configuration

# Display authorized MLD user information on Router A after Host A and Host C log in.

[RouterA] display mld user-info

Authorized users in total: 2

User name: user1@isp1

Access type: IPoE

Interface: Multicast-UA1

Access interface: Ten-GigabitEthernet3/0/5.1

VLAN ID: 1

Second VLAN ID: 2

Maximum groups for order: 10

User profile: profile1

Authorized group list:

User name: user1@isp2

Access type: IPoE

Interface: Multicast-UA2

Access interface: Ten-GigabitEthernet3/0/5.2

VLAN ID: 2

Second VLAN ID: 2

Maximum groups for order: 10

User profile: profile2

Authorized group list:

IPv6 PIM configuration examples

Example: Configuring IPv6 PIM-DM

Network configuration

As shown in Figure 219:

· VOD streams are sent to receiver hosts in multicast. The receiver groups of different organizations form stub networks, and a minimum of one receiver host exists on each stub network. The entire IPv6 PIM domain is operating in the dense mode.

· Host A and Host C are IPv6 multicast receivers on two stub networks N1 and N2.

· MLDv1 runs between Router A and N1, and between Router B, Router C, and N2.

Figure 219 Network diagram

‌

Table 55 Interface and IPv6 address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Router A	XGE3/0/1	1001::1/64	Router C	XGE3/0/2	3001::1/64
Router A	XGE3/0/2	1002::1/64	Router D	XGE3/0/1	4001::1/64
Router B	XGE3/0/1	2001::1/64	Router D	XGE3/0/2	1002::2/64
Router B	XGE3/0/2	2002::1/64	Router D	XGE3/0/3	2002::2/64
Router C	XGE3/0/1	2001::2/64	Router D	XGE3/0/4	3001::2/64

Prerequisites

Assign an IPv6 address and prefix length to each interface, and make sure the routers in the IPv6 PIM-DM domain can reach other.

Procedure

1. Enable IPv6 multicast routing, MLD, and IPv6 PIM-DM:

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1 (the interface that connects to the stub network).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-DM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable IPv6 multicast routing, MLD, and IPv6 PIM-DM on Router B and Router C in the same way Router A is configured. (Details not shown.)

# On Router D, enable IPv6 multicast routing, and enable IPv6 PIM-DM on each interface.

<RouterD> system-view

[RouterD] ipv6 multicast routing

[RouterD-mrib6] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] ipv6 pim dm

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] ipv6 pim dm

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface ten-gigabitethernet 3/0/3

[RouterD-Ten-GigabitEthernet3/0/3] ipv6 pim dm

[RouterD-Ten-GigabitEthernet3/0/3] quit

[RouterD] interface ten-gigabitethernet 3/0/4

[RouterD-Ten-GigabitEthernet3/0/4] ipv6 pim dm

[RouterD-Ten-GigabitEthernet3/0/4] quit

Verifying the configuration

# Display IPv6 PIM information on Router D.

[RouterD] display ipv6 pim interface

Interface: XGE3/0/1

NbrCnt: 0

HelloInt: 30

DR priority: 1

DR address: FE80::A01:201:1 (local)

Interface: XGE3/0/2

NbrCnt: 0

HelloInt: 30

DR priority: 1

DR address: FE80::A01:201:2 (local)

Interface: XGE3/0/3

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: FE80::A01:201:3 (local)

Interface: XGE3/0/4

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: FE80::A01:201:4 (local)

# Display IPv6 PIM neighboring relationship on Router D.

[RouterD] display ipv6 pim neighbor

Total Number of Neighbors = 3

Neighbor Interface Uptime Expires Dr-Priority

FE80::A01:101:1 XGE3/0/2 00:04:00 00:01:29 1

FE80::B01:102:2 XGE3/0/3 00:04:16 00:01:29 3

FE80::C01:103:3 XGE3/0/4 00:03:54 00:01:17 5

# Send an MLD report from Host A to join IPv6 multicast group FF0E::101. (Details not shown.)

# Send IPv6 multicast data from IPv6 multicast source 4001::100/64 to IPv6 multicast group FF0E::101. (Details not shown.)

# Display IPv6 PIM multicast routing table information on Router A.

[RouterA] display ipv6 pim routing-table

Total 1 (*, G) entry; 1 (S, G) entry

(*, FF0E::101)

Protocol: pim-dm, Flag: WC

UpTime: 00:01:24

Upstream interface: NULL

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: mld, UpTime: 00:01:20, Expires: -

(4001::100, FF0E::101)

Protocol: pim-dm, Flag: ACT

UpTime: 00:01:20

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 1002::2

RPF prime neighbor: 1002::2

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: pim-dm, UpTime: 00:01:20, Expires: -

# Display IPv6 PIM multicast routing table information on Router D.

[RouterD] display ipv6 pim routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(4001::100, FF0E::101)

Protocol: pim-dm, Flag: LOC ACT

UpTime: 00:02:19

Upstream interface: Ten-GigabitEthernet3/0/1

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 2

1: Ten-GigabitEthernet3/0/2

Protocol: pim-dm, UpTime: 00:02:19, Expires: -

2: Ten-GigabitEthernet3/0/4

Protocol: pim-dm, UpTime: 00:02:19, Expires: -

The output shows the following information:

· Routers on the SPT path (Router A and Router D) have the correct (S, G) entries.

· Router A has the correct (*, G) entry.

Example: Configuring non-scoped IPv6 PIM-SM

Network configuration

As shown in Figure 220:

· VOD streams are sent to receiver hosts in multicast. The receivers of different subnets form stub networks, and a minimum of one receiver host exist in each stub network. The entire IPv6 PIM-SM domain contains only one BSR.

· Host A and Host C are multicast receivers on the stub networks N1 and N2.

· Specify Ten-GigabitEthernet 3/0/3 on Router E as a C-BSR and a C-RP. The C-RP is designated to the IPv6 multicast group range FF0E::101/64. Specify Ten-GigabitEthernet 3/0/2 of Router D as a static RP on all the routers to back up the dynamic RP.

· MLDv1 runs between Router A and N1, and between Router B, Router C, and N2.

Figure 220 Network diagram

‌

Table 56 Interface and IPv6 address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Router A	XGE3/0/1	1001::1/64	Router D	XGE3/0/1	4001::1/64
Router A	XGE3/0/2	1002::1/64	Router D	XGE3/0/2	1002::2/64
Router A	XGE3/0/3	1003::1/64	Router D	XGE3/0/3	4002::1/64
Router B	XGE3/0/1	2001::1/64	Router E	XGE3/0/1	3001::2/64
Router B	XGE3/0/2	2002::1/64	Router E	XGE3/0/2	2002::2/64
Router C	XGE3/0/1	2001::2/64	Router E	XGE3/0/3	1003::2/64
Router C	XGE3/0/2	3001::1/64	Router E	XGE3/0/4	4002::2/64

Prerequisites

Assign an IPv6 address and prefix length to each interface, and make sure the routers in the IPv6 PIM-DM domain can reach other.

Procedure

1. Enable IPv6 multicast routing, and enable MLD and IPv6 PIM-SM:

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD on Ten-GigabitEthernet 3/0/1 (the interface that connects to the stub network).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-SM on the other interfaces.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet 3/0/3] ipv6 pim sm

[RouterA-Ten-GigabitEthernet 3/0/3] quit

# Enable IPv6 multicast routing, MLD and IPv6 PIM-SM on Router B and Router C in the same way Router A is configured. (Details not shown.)

# Enable IPv6 multicast routing and IPv6 PIM-SM on Router D and Router E in the same way Router A is configured. (Details not shown.)

2. Configure C-BSRs, C-RPs, and the static RP:

# On Router E, configure the service scope of RP advertisements.

<RouterE> system-view

[RouterE] acl ipv6 basic 2005

[RouterE-acl-ipv6-basic-2005] rule permit source ff0e::101 64

[RouterE-acl-ipv6-basic-2005] quit

# Configure Ten-GigabitEthernet 3/0/3 as a C-BSR and a C-RP, and configure Ten-GigabitEthernet 3/0/2 of Router D as the static RP.

[RouterE] ipv6 pim

[RouterE-pim6] c-bsr 1003::2

[RouterE-pim6] c-rp 1003::2 group-policy 2005

[RouterE-pim6] static-rp 1002::2

[RouterE-pim6] quit

# On Router A, configure Ten-GigabitEthernet 3/0/2 of Router D as a static RP.

[RouterA] ipv6 pim

[RouterA-pim6] static-rp 1002::2

[RouterA-pim6] quit

# Configure a static RP on Router B, Router C, and Router D in the same way Router A is configured. (Details not shown.)

Verifying the configuration

# Display IPv6 PIM information on Router A.

[RouterA] display ipv6 pim interface

Interface: XGE3/0/2

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: FE80::A01:201:2

Interface: XGE3/0/3

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: FE80::A01:201:3

# Display BSR information on Router A.

[RouterA] display ipv6 pim bsr-info

Scope: non-scoped

State: Accept Preferred

Bootstrap timer: 00:01:44

Elected BSR address: 1003::2

Priority: 64

Hash mask length: 126

Uptime: 00:11:18

# Display BSR information on Router E.

[RouterE] display ipv6 pim bsr-info

Scope: non-scoped

State: Elected

Bootstrap timer: 00:01:44

Elected BSR address: 1003::2

Priority: 64

Hash mask length: 126

Uptime: 00:11:18

Candidate BSR address: 1003::2

Priority: 64

Hash mask length: 126

# Display RP information on Router A.

[RouterA] display ipv6 pim rp-info

BSR RP information:

Scope: non-scoped

Group/MaskLen: FF0E::101/64

RP address Priority HoldTime Uptime Expires

1003::2 192 180 00:05:19 00:02:11

Static RP information:

RP address: 1002::2

ACL: ----

Mode: pim-sm

Preferred: No

Priority: 192

Example: Configuring admin-scoped IPv6 PIM-SM

Network configuration

As shown in Figure 221:

· VOD streams are sent to receiver hosts in multicast. The entire IPv6 PIM-SM domain is divided into IPv6 admin-scoped zone 1, IPv6 admin-scoped zone 2, and the IPv6 global-scoped zone. Router B, Router C, and Router D are ZBRs of the three zones, respectively.

· Source 1 and Source 2 send different IPv6 multicast data to the IPv6 multicast group FF14::101. Host A receives the IPv6 multicast data only from Source 1, and Host B receives the IPv6 multicast data only from Source 2. Source 3 sends IPv6 multicast data to the IPv6 multicast group FF1E::202. Host C is an IPv6 multicast receiver for the IPv6 multicast group FF1E::202.

· Ten-GigabitEthernet 3/0/2 of Router B acts as a C-BSR and a C-RP for IPv6 admin-scoped zone 1, and Ten-GigabitEthernet 3/0/1 of Router D acts as a C-BSR and a C-RP for IPv6 admin-scoped zone 2. Both of the two interfaces are designated to the IPv6 multicast groups with the scope field of 4. Ten-GigabitEthernet 3/0/1 of Router F acts as a C-BSR and a C-RP for the IPv6 global-scoped zone, and is designated to the IPv6 multicast groups with the scope field value of 14.

· MLDv1 separately runs between Router A, Router E, Router I, and the receivers that directly connect to them.

Figure 221 Network diagram

‌

Table 57 Interface and IPv6 address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Router A	XGE3/0/1	1001::1/64	Router E	XGE3/0/2	3002::2/64
Router A	XGE3/0/2	1002::1/64	Router E	XGE3/0/3	6001::2/64
Router B	XGE3/0/1	2001::1/64	Router F	XGE3/0/1	8001::1/64
Router B	XGE3/0/2	1002::2/64	Router F	XGE3/0/2	6002::2/64
Router B	XGE3/0/3	2002::1/64	Router F	XGE3/0/3	2003::2/64
Router B	XGE3/0/4	2003::1/64	Router G	XGE3/0/1	9001::1/64
Router C	XGE3/0/1	3001::1/64	Router G	XGE3/0/2	8001::2/64
Router C	XGE3/0/2	3002::1/64	Router H	XGE3/0/1	4001::1/64
Router C	XGE3/0/3	3003::1/64	Router H	XGE3/0/2	3004::2/64
Router C	XGE3/0/4	2002::2/64	Router I	XGE3/0/1	5001::1/64
Router C	XGE3/0/5	3004::1/64	Router I	XGE3/0/2	4001::2/64
Router D	XGE3/0/1	3003::2/64	Source 1	—	2001::100/64
Router D	XGE3/0/3	6001::1/64	Source 2	—	3001::100/64
Router D	XGE3/0/3	6002::1/64	Source 3	—	9001::100/64
Router E	XGE3/0/1	7001::1/64

Prerequisites

Assign an IPv6 address and prefix length to each interface, and make sure the routers in the IPv6 PIM-DM domain can reach other.

Procedure

1. Enable IPv6 multicast routing, MLD, and IPv6 PIM-SM:

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD on the receiver-side interface (Ten-GigabitEthernet 3/0/1).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-SM on Ten-GigabitEthernet 3/0/2.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Enable IPv6 multicast routing, MLD, and IPv6 PIM-SM on Router E and Router I in the same way Router A is configured. (Details not shown.)

# On Router B, enable IPv6 multicast routing, and enable IPv6 PIM-SM on each interface.

<RouterB> system-view

[RouterB] ipv6 multicast routing

[RouterB-mrib6] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/3] quit

[RouterB] interface ten-gigabitethernet 3/0/4

[RouterB-Ten-GigabitEthernet3/0/4] ipv6 pim sm

[RouterB-Ten-GigabitEthernet3/0/4] quit

# Enable IPv6 multicast routing and IPv6 PIM-SM on Router C, Router D, Router F, Router G, and Router H in the same way Router B is configured. (Details not shown.)

2. Configure IPv6 admin-scoped zone boundaries:

# On Router B, configure Ten-GigabitEthernet 3/0/3 and Ten-GigabitEthernet 3/0/4 as the boundaries of IPv6 admin-scoped zone 1.

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] ipv6 multicast boundary scope 4

[RouterB-Ten-GigabitEthernet3/0/3] quit

[RouterB] interface ten-gigabitethernet 3/0/4

[RouterB-Ten-GigabitEthernet3/0/4] ipv6 multicast boundary scope 4

[RouterB-Ten-GigabitEthernet3/0/4] quit

# On Router C, configure Ten-GigabitEthernet 3/0/4 and Ten-GigabitEthernet 3/0/5 as the boundaries of IPv6 admin-scoped zone 2.

<RouterC> system-view

[RouterC] interface ten-gigabitethernet 3/0/4

[RouterC-Ten-GigabitEthernet3/0/4] ipv6 multicast boundary scope 4

[RouterC-Ten-GigabitEthernet3/0/4] quit

[RouterC] interface ten-gigabitethernet 3/0/5

[RouterC-Ten-GigabitEthernet3/0/5] ipv6 multicast boundary scope 4

[RouterC-Ten-GigabitEthernet3/0/5] quit

# On Router D, configure Ten-GigabitEthernet 3/0/3 as the boundary of IPv6 admin-scoped zone 2.

<RouterD> system-view

[RouterD] interface ten-gigabitethernet 3/0/3

[RouterD-Ten-GigabitEthernet3/0/3] ipv6 multicast boundary scope 4

[RouterD-Ten-GigabitEthernet3/0/3] quit

3. Configure C-BSRs and C-RPs:

# On Router B, configure Ten-GigabitEthernet 3/0/2 as a C-BSR and a C-RP for IPv6 admin-scoped zone 1.

[RouterB] ipv6 pim

[RouterB-pim6] c-bsr 1002::2 scope 4

[RouterB-pim6] c-rp 1002::2 scope 4

[RouterB-pim6] quit

# On Router D, configure Ten-GigabitEthernet 3/0/1 as a C-BSR and a C-RP for IPv6 admin-scoped zone 2.

[RouterD] ipv6 pim

[RouterD-pim6] c-bsr 3003::2 scope 4

[RouterD-pim6] c-rp 3003::2 scope 4

[RouterD-pim6] quit

# On Router F, configure Ten-GigabitEthernet 3/0/1 as a C-BSR and a C-RP for the IPv6 global-scoped zone.

<RouterF> system-view

[RouterF] ipv6 pim

[RouterF-pim6] c-bsr 8001::1

[RouterF-pim6] c-rp 8001::1

[RouterF-pim6] quit

Verifying the configuration

# Display BSR information on Router B.

[RouterB] display ipv6 pim bsr-info

Scope: non-scoped

State: Accept Preferred

Bootstrap timer: 00:01:25

Elected BSR address: 8001::1

Priority: 64

Hash mask length: 126

Uptime: 00:01:45

Scope: 4

State: Elected

Bootstrap timer: 00:00:06

Elected BSR address: 1002::2

Priority: 64

Hash mask length: 126

Uptime: 00:04:54

Candidate BSR address: 1002::2

Priority: 64

Hash mask length: 126

# Display BSR information on Router D.

[RouterD] display ipv6 pim bsr-info

Scope: non-scoped

State: Accept Preferred

Bootstrap timer: 00:01:25

Elected BSR address: 8001::1

Priority: 64

Hash mask length: 126

Uptime: 00:01:45

Scope: 4

State: Elected

Bootstrap timer: 00:01:25

Elected BSR address: 3003::2

Priority: 64

Hash mask length: 126

Uptime: 00:01:45

Candidate BSR address: 3003::2

Priority: 64

Hash mask length: 126

# Display BSR information on Router F.

[RouterF] display ipv6 pim bsr-info

Scope: non-scoped

State: Elected

Bootstrap timer: 00:00:49

Elected BSR address: 8001::1

Priority: 64

Hash mask length: 126

Uptime: 00:01:11

Candidate BSR address: 8001::1

Priority: 64

Hash mask length: 126

# Display RP information on Router B.

[RouterB] display ipv6 pim rp-info

BSR RP information:

Scope: non-scoped

Group/MaskLen: FF00::/8

RP address Priority HoldTime Uptime Expires

8001::1 192 180 00:01:14 00:02:46

Scope: 4

Group/MaskLen: FF04::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF14::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF24::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF34::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF44::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF54::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF64::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF74::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF84::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF94::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FFA4::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FFB4::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FFC4::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FFD4::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FFE4::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FFF4::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

Group/MaskLen: FF04::/16

RP address Priority HoldTime Uptime Expires

1002::2 (local) 192 180 00:02:03 00:02:56

# Display RP information on Router F.

[RouterF] display ipv6 pim rp-info

BSR RP information:

Scope: non-scoped

Group/MaskLen: FF00::/8

RP address Priority HoldTime Uptime Expires

8001::1 (local) 192 180 00:10:28 00:02:31

Example: Configuring IPv6 PIM-SSM

Network configuration

As shown in Figure 222:

· Host A and Host C are IPv6 multicast receivers in two stub networks, N1 and N2.

· The SSM group range is FF3E::/64.

· MLDv2 runs between Router A and N1, and between Router B, Router C, and N2.

Figure 222 Network diagram

‌

Table 58 Interface and IPv6 address assignment

Device	Interface	IPv6 address	Device	Interface	IPv6 address
Router A	XGE3/0/1	1001::1/64	Router D	XGE3/0/1	4001::1/64
Router A	XGE3/0/2	1002::1/64	Router D	XGE3/0/2	1002::2/64
Router A	XGE3/0/3	1003::1/64	Router D	XGE3/0/3	4002::1/64
Router B	XGE3/0/1	2001::1/64	Router E	XGE3/0/1	3001::2/64
Router B	XGE3/0/2	2002::1/64	Router E	XGE3/0/2	2002::2/64
Router C	XGE3/0/1	2001::2/64	Router E	XGE3/0/3	1003::2/64
Router C	XGE3/0/2	3001::1/64	Router E	XGE3/0/4	4002::2/64

Prerequisites

Assign an IPv6 address and prefix length to each interface, and make sure the routers in the IPv6 PIM-DM domain can reach other.

Procedure

1. Enable IPv6 multicast routing, MLD and IPv6 PIM-SM:

# On Router A, enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLDv2 on Ten-GigabitEthernet 3/0/1 (the interface that connects to the stub network).

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mld enable

[RouterA-Ten-GigabitEthernet3/0/1] mld version 2

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable IPv6 PIM-SM on other interfaces.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] ipv6 pim sm

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Enable IPv6 multicast routing, MLD and IPv6 PIM-SM on Router B and Router C in the same way Router A is configured. (Details not shown.)

# Enable IPv6 multicast routing and IPv6 PIM-SM on Router D and Router E in the same way Router A is configured. (Details not shown.)

2. Configure the IPv6 SSM group range FF3E::/64 on Router A.

[RouterA] acl ipv6 basic 2000

[RouterA-acl-ipv6-basic-2000] rule permit source ff3e:: 64

[RouterA-acl-ipv6-basic-2000] quit

[RouterA] ipv6 pim

[RouterA-pim6] ssm-policy 2000

[RouterA-pim6] quit

3. Configure the IPv6 SSM group range on Router B, Router C, Router D and Router E in the same way Router A is configured. (Details not shown.)

Verifying the configuration

# Display IPv6 PIM information on Router A.

[RouterA] display ipv6 pim interface

Interface: XGE3/0/2

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: FE80::A01:201:2

Interface: XGE3/0/3

NbrCnt: 1

HelloInt: 30

DR priority: 1

DR address: FE80::A01:201:3

# Send an MLDv2 report from Host A to join IPv6 multicast source and group (4001::100/64, FF3E::101). (Details not shown.)

# Display IPv6 PIM multicast routing table information on Router A.

[RouterA] display ipv6 pim routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(4001::100, FF3E::101)

Protocol: pim-ssm, Flag: ACT

UpTime: 00:00:11

Upstream interface: Ten-GigabitEthernet3/0/2

Upstream neighbor: 1002::2

RPF prime neighbor: 1002::2

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/1

Protocol: mld, UpTime: 00:00:11, Expires: 00:03:25

# Display IPv6 PIM multicast routing table information on Router D.

[RouterD] display ipv6 pim routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(4001::100, FF3E::101)

Protocol: pim-ssm, Flag: LOC

UpTime: 00:08:02

Upstream interface: Ten-GigabitEthernet3/0/1

Upstream neighbor: NULL

RPF prime neighbor: NULL

Downstream interface(s) information:

Total number of downstreams: 1

1: Ten-GigabitEthernet3/0/2

Protocol: pim-ssm, UpTime: 00:08:02, Expires: 00:03:25

The output shows that routers on the SPT path (Router A and Router D) have generated the correct (S, G) entries.

BIER configuration examples

Example: Configuring intra-AS BIER-based MVPN

Network configuration

As shown in Figure 223, configure intra-AS BIER-based MVPN to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	· In VPN instance a, S 1 is a multicast source, and R 1, R 2, and R 3 are receivers. · In VPN instance b, S 2 is a multicast source, and R 4 is a receiver.
VPN instances to which PE interfaces belong	· PE 1: Ten-GigabitEthernet 3/0/2 and Ten-GigabitEthernet 3/0/3 belong to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 2: Ten-GigabitEthernet 3/0/2 belongs to VPN instance b. Ten-GigabitEthernet 3/0/3 belongs to VPN instance a. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network. · PE 3: Ten-GigabitEthernet 3/0/2 belongs to VPN instance a. Ten-GigabitEthernet 3/0/3 and Loopback 2 belong to VPN instance b. Ten-GigabitEthernet 3/0/1 and Loopback 1 belong to the public network.
Unicast routing protocols and BIER	· Configure IS-IS on the public network, and configure RIP between the PEs and the CEs. · Establish BGP peer connections between PE 1, PE 2, and PE 3 on their respective Loopback 1. · Configure BIER on the public network.
IP multicast routing	· Enable IP multicast routing for VPN instance a on PE 1, PE 2, and PE 3. · Enable IP multicast routing for VPN instance b on PE 2 and PE 3. · Enable IP multicast routing on CE a1, CE a2, CE a3, CE b1, and CE b2.
IGMP	· Enable IGMPv2 on Ten-GigabitEthernet 3/0/2 of PE 1. · Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE a2, CE a3, and CE b2.
PIM	· Enable PIM-SM on all interfaces that do not have attached receiver hosts on PE 1, PE 2, and PE 3. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE a1, CE a2, CE a3, CE b1, and CE b2. · Configure Loopback 1 of CE a2 as a C-BSR and a C-RP for VPN instance a to provide services for all multicast groups. · Configure Loopback 2 of PE 3 as a C-BSR and a C-RP for VPN instance b to provide services for all multicast groups.
MSDP	· Enable MSDP on CE a2, and specify Ten-GigabitEthernet 3/0/2 as the local MSDP connection interface. · Enable MSDP on PE 2 for VPN instance a, and specify Ten-GigabitEthernet 3/0/3 as the local MSDP connection interface.

Figure 223 Network diagram

‌

Table 59 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	10.110.7.2/24	PE 3	XGE3/0/1	192.168.8.1/24
S 2	—	10.110.8.2/24	PE 3	XGE3/0/2	10.110.5.1/24
R 1	—	10.110.1.2/24	PE 3	XGE3/0/3	10.110.6.1/24
R 2	—	10.110.9.2/24	PE 3	Loop1	1.1.1.3/32
R 3	—	10.110.10.2/24	PE 3	Loop2	33.33.33.33/32
R 4	—	10.110.11.2/24	CE a1	XGE3/0/1	10.110.7.1/24
P	XGE3/0/1	192.168.6.2/24	CE a1	XGE3/0/2	10.110.2.2/24
P	XGE3/0/2	192.168.7.2/24	CE a2	XGE3/0/1	10.110.9.1/24
P	XGE3/0/3	192.168.8.2/24	CE a2	XGE3/0/2	10.110.4.2/24
P	Loop1	2.2.2.2/32	CE a2	XGE3/0/3	10.110.12.1/24
PE 1	XGE3/0/1	192.168.6.1/24	CE a2	Loop1	22.22.22.22/32
PE 1	XGE3/0/2	10.110.1.1/24	CE a3	XGE3/0/1	10.110.10.1/24
PE 1	XGE3/0/3	10.110.2.1/24	CE a3	XGE3/0/2	10.110.5.2/24
PE 1	Loop1	1.1.1.1/32	CE a3	XGE3/0/3	10.110.12.2/24
PE 2	XGE3/0/1	192.168.7.1/24	CE b1	XGE3/0/1	10.110.8.1/24
PE 2	XGE3/0/2	10.110.3.1/24	CE b1	XGE3/0/2	10.110.3.2/24
PE 2	XGE3/0/3	10.110.4.1/24	CE b2	XGE3/0/1	10.110.11.1/24
PE 2	Loop1	1.1.1.2/32	CE b2	XGE3/0/2	10.110.6.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure BIER.

[PE1] bier

[PE1-bier] sub-domain 0 ipv6

[PE1-bier-sub-domain-0-ipv6] bfr-id 1

[PE1-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE1-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE1-bier-sub-domain-0-ipv6] g-bier mpra 5001::1

# Configure SRv6.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 11::11

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2:: 96 static 8

# Configure a multicast service prefix.

[PE1] multicast-service-prefix ms1 ipv6-prefix 1234:1:: 64 service-id-length 10

# Configure SRv6.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 11::11

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2:: 96 static 8

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE1] ip vpn-instance a

[PE1-vpn-instance-a] route-distinguisher 100:1

[PE1-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-a] quit

# Enable IP multicast routing in VPN instance a.

[PE1] multicast routing vpn-instance a

[PE1-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE1] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE1-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE1-mvpn-a-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance a.

[PE1-mvpn-a-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-a-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-a-ipv4] tunnel-source multicast-service-prefix ms1 service-id 12

[PE1-mvpn-a-ipv4] quit

[PE1-mvpn-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on Ten-GigabitEthernet 3/0/1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 9000:6::1 64

[PE1-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE1-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable IGMP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.110.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] igmp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.110.2.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable IS-IS on the interface.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] ipv6 address 1111::1111 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 1112::1112 as-number 100

[PE1-bgp-default] peer 1112::1112 connect-interface loopback 1

[PE1-bgp-default] peer 1113::1113 as-number 100

[PE1-bgp-default] peer 1113::1113 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 1112::1112 enable

[PE1-bgp-default-mvpn] peer 1113::1113 enable

[PE1-bgp-default-mvpn] quit

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE1-bgp-default-vpnv4] peer 1112::1112 enable

[PE1-bgp-default-vpnv4] peer 1113::1113 enable

[PE1-bgp-default-vpnv4] peer 1112::1112 prefix-sid

[PE1-bgp-default-vpnv4] peer 1113::1113 prefix-sid

[PE1-bgp-default-vpnv4] quit

[PE1–bgp-default] ip vpn-instance a

[PE1-bgp-default-a] address-family ipv4 unicast

[PE1-bgp-default-ipv4-a] import-route rip 2

[PE1-bgp-default-ipv4-a] import-route direct

[PE1-bgp-default-ipv4-a] segment-routing ipv6 best-effort

[PE1-bgp-default-ipv4-a] segment-routing ipv6 locator aaa

[PE1-bgp-default-ipv4-a] quit

[PE1-bgp-default-a] quit

[PE1–bgp-default] quit

# Configure IS-IS.

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] bier enable

[PE1-isis-1] network-entity 10.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure RIP.

[PE1] rip 2 vpn-instance a

[PE1-rip-2] network 10.110.1.0 0.0.0.255

[PE1-rip-2] network 10.110.2.0 0.0.0.255

[PE1-rip-2] import-route bgp

[PE1-rip-2] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 1.1.1.2

# Configure BIER.

[PE2] bier

[PE2-bier] sub-domain 0 ipv6

[PE2-bier-sub-domain-0-ipv6] bfr-id 2

[PE2-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE2-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE2-bier-sub-domain-0-ipv6] g-bier mpra 5002::1

# Configure SRv6.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 22::22

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 2:2:: 96 static 8

# Configure a multicast service prefix.

[PE2] multicast-service-prefix ms1 ipv6-prefix 1234:2:: 64 service-id-length 10

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance b

[PE2-vpn-instance-b] route-distinguisher 200:1

[PE2-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE2-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE2-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE2] multicast routing vpn-instance b

[PE2-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE2] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE2-mvpn-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE2-mvpn-b-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for VPN instance b.

[PE2-mvpn-b-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE2-mvpn-b-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE2-mvpn-b-ipv4] tunnel-source multicast-service-prefix ms1 service-id 12

[PE2-mvpn-b-ipv4] quit

[PE2-mvpn-b] quit

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE2] ip vpn-instance a

[PE2-vpn-instance-a] route-distinguisher 100:1

[PE2-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE2] multicast routing vpn-instance a

[PE2-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE2] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE2-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE2-mvpn-a-ipv4] source loopback 1

[PE2-mvpn-a-ipv4] quit

[PE2-mvpn-a] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 9000:7::1 64

[PE2-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance b

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.110.3.1 24

[PE2-Ten-GigabitEthernet3/0/2] pim sm

[PE2-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance a

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.110.4.1 24

[PE2-Ten-GigabitEthernet3/0/3] pim sm

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1 and enable IS-IS on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.2 32

[PE2-LoopBack1] ipv6 address 1112::1112 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1111::1111 as-number 100

[PE2-bgp-default] peer 1111::1111 connect-interface loopback 1

[PE2-bgp-default] peer 1113::1113 as-number 100

[PE2-bgp-default] peer 1113::1113 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 mvpn

[PE2-bgp-default-mvpn] peer 1111::1111 enable

[PE2-bgp-default-mvpn] peer 1113::1113 enable

[PE2-bgp-default-mvpn] quit

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE2-bgp-default-vpnv4] peer 1111::1111 enable

[PE2-bgp-default-vpnv4] peer 1113::1113 enable

[PE2-bgp-default-vpnv4] peer 1111::1111 prefix-sid

[PE2-bgp-default-vpnv4] peer 1113::1113 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2–bgp-default] ip vpn-instance a

[PE2-bgp-default-a] address-family ipv4 unicast

[PE2-bgp-default-ipv4-a] import-route rip 2

[PE2-bgp-default-ipv4-a] import-route direct

[PE2-bgp-default-ipv4-a] segment-routing ipv6 best-effort

[PE2-bgp-default-ipv4-a] segment-routing ipv6 locator aaa

[PE2-bgp-default-ipv4-a] quit

[PE2-bgp-default-a] quit

[PE2–bgp-default] ip vpn-instance b

[PE2-bgp-default-b] address-family ipv4 unicast

[PE2-bgp-default-ipv4-b] import-route rip 3

[PE2-bgp-default-ipv4-b] import-route direct

[PE2-bgp-default-ipv4-b] segment-routing ipv6 best-effort

[PE2-bgp-default-ipv4-b] segment-routing ipv6 locator aaa

[PE2-bgp-default-ipv4-b] quit

[PE2-bgp-default-b] quit

[PE2–bgp-default] quit

# Configure IS-IS.

[PE2] isis 1

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] bier enable

[PE2-isis-1] network-entity 10.0000.0000.0002.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure RIP.

[PE2] rip 2 vpn-instance a

[PE2-rip-2] network 10.110.4.0 0.0.0.255

[PE2-rip-2] import-route bgp

[PE2-rip-2] quit

[PE2] rip 3 vpn-instance b

[PE2-rip-3] network 10.110.3.0 0.0.0.255

[PE2-rip-3] import-route bgp

[PE2-rip-3] quit

3. Configure PE 3:

# Configure a global router ID.

<PE3> system-view

[PE3] router id 1.1.1.3

# Configure BIER.

[PE3] bier

[PE3-bier] sub-domain 0 ipv6

[PE3-bier-sub-domain-0-ipv6] bfr-id 1

[PE3-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE3-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE3-bier-sub-domain-0-ipv6] g-bier mpra 5003::1

# Configure SRv6.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 33::33

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 3:2:: 96 static 8

# Configure a multicast service prefix.

[PE3] multicast-service-prefix ms1 ipv6-prefix 1234:3:: 64 service-id-length 10

# Create a VPN instance named a, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance a

[PE3-vpn-instance-a] route-distinguisher 100:1

[PE3-vpn-instance-a] vpn-target 100:1 export-extcommunity

[PE3-vpn-instance-a] vpn-target 100:1 import-extcommunity

[PE3-vpn-instance-a] quit

# Enable IP multicast routing for VPN instance a.

[PE3] multicast routing vpn-instance a

[PE3-mrib-a] quit

# Create a BIER-based MVPN for VPN instance a.

[PE3] multicast-vpn vpn-instance a mode bier

# Create an MVPN IPv4 address family for VPN instance a.

[PE3-mvpn-a] address-family ipv4

# Specify the MVPN source interface for VPN instance a.

[PE3-mvpn-a-ipv4] source loopback 1

[PE3-mvpn-a-ipv4] quit

[PE3-mvpn-a] quit

# Create a VPN instance named b, and configure an RD and route targets for the VPN instance.

[PE3] ip vpn-instance b

[PE3-vpn-instance-b] route-distinguisher 200:1

[PE3-vpn-instance-b] vpn-target 200:1 export-extcommunity

[PE3-vpn-instance-b] vpn-target 200:1 import-extcommunity

[PE3-vpn-instance-b] quit

# Enable IP multicast routing for VPN instance b.

[PE3] multicast routing vpn-instance b

[PE3-mrib-b] quit

# Create a BIER-based MVPN for VPN instance b.

[PE3] multicast-vpn vpn-instance b mode bier

# Create an MVPN IPv4 address family for VPN instance b.

[PE3-mvpn-b] address-family ipv4

# Specify the MVPN source interface for VPN instance b.

[PE3-mvpn-b-ipv4] source loopback 1

[PE3-mvpn-b-ipv4] quit

[PE3-mvpn-b] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ipv6 address 9000:8::1 64

[PE3-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE3-Ten-GigabitEthernet3/0/1] quit

# Associate Ten-GigabitEthernet 3/0/2 with VPN instance a, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance a

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.1 24

[PE3-Ten-GigabitEthernet3/0/2] pim sm

[PE3-Ten-GigabitEthernet3/0/2] quit

# Associate Ten-GigabitEthernet 3/0/3 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ip binding vpn-instance b

[PE3-Ten-GigabitEthernet3/0/3] ip address 10.110.6.1 24

[PE3-Ten-GigabitEthernet3/0/3] pim sm

[PE3-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1 and enable IS-IS on the interface.

[PE3] interface loopback 1

[PE3-LoopBack1] ip address 1.1.1.3 32

[PE3-LoopBack1] ipv6 address 1113::1113 128

[PE3-LoopBack1] isis ipv6 enable 1

[PE3-LoopBack1] quit

# Associate Loopback 2 with VPN instance b, assign an IP address to the interface, and enable PIM-SM on the interface.

[PE3] interface loopback 2

[PE3-LoopBack2] ip binding vpn-instance b

[PE3-LoopBack2] ip address 33.33.33.33 32

[PE3-LoopBack2] pim sm

[PE3-LoopBack2] quit

# Configure Loopback 2 as a C-BSR and a C-RP.

[PE3] pim vpn-instance b

[PE3-pim-b] c-bsr 33.33.33.33

[PE3-pim-b] c-rp 33.33.33.33

[PE3-pim-b] quit

# Configure BGP.

[PE3] bgp 100

[PE3-bgp-default] peer 1111::1111 as-number 100

[PE3-bgp-default] peer 1111::1111 connect-interface loopback 1

[PE3-bgp-default] peer 1112::1112 as-number 100

[PE3-bgp-default] peer 1112::1112 connect-interface loopback 1

[PE3-bgp-default] address-family ipv4 mvpn

[PE3-bgp-default-mvpn] peer 1111::1111 enable

[PE3-bgp-default-mvpn] peer 1112::1112 enable

[PE3-bgp-default-mvpn]quit

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] mvpn-advertise-rt-import

[PE3-bgp-default-vpnv4] peer 1111::1111 enable

[PE3-bgp-default-vpnv4] peer 1112::1112 enable

[PE3-bgp-default-vpnv4] peer 1111::1111 prefix-sid

[PE3-bgp-default-vpnv4] peer 1112::1112 prefix-sid

[PE3-bgp-default-vpnv4] quit

[PE3–bgp-default] ip vpn-instance a

[PE3-bgp-default-a] address-family ipv4 unicast

[PE3-bgp-default-ipv4-a] import-route rip 2

[PE3-bgp-default-ipv4-a] import-route direct

[PE3-bgp-default-ipv4-a] segment-routing ipv6 best-effort

[PE3-bgp-default-ipv4-a] segment-routing ipv6 locator aaa

[PE3-bgp-default-ipv4-a] quit

[PE3-bgp-default-a] quit

[PE3–bgp-default] ip vpn-instance b

[PE3-bgp-default-b] address-family ipv4 unicast

[PE3-bgp-default-ipv4-b] import-route rip 3

[PE3-bgp-default-ipv4-b] import-route direct

[PE3-bgp-default-ipv4-b] segment-routing ipv6 best-effort

[PE3-bgp-default-ipv4-b] segment-routing ipv6 locator aaa

[PE3-bgp-default-ipv4-b] quit

[PE3-bgp-default-b] quit

[PE3–bgp-default] quit

# Configure IS-IS.

[PE3] isis 1

[PE3-isis-1] is-level level-1

[PE3-isis-1] cost-style wide

[PE3-isis-1] bier enable

[PE3-isis-1] network-entity 10.0000.0000.0003.00

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] segment-routing ipv6 locator aaa

# Configure RIP.

[PE3] rip 2 vpn-instance a

[PE3-rip-2] network 10.110.5.0 0.0.0.255

[PE3-rip-2] import-route bgp

[PE3-rip-2] quit

[PE3] rip 3 vpn-instance b

[PE3-rip-3] network 10.110.6.0 0.0.0.255

[PE3-rip-3] network 33.33.33.33 0.0.0.0

[PE3-rip-3] import-route bgp

[PE3-rip-3] quit

4. Configure P:

# Configure BIER.

[P] bier

[P-bier] sub-domain 0 ipv6

[P-bier-sub-domain-0-ipv6] bfr-id 4

[P-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[P-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[P-bier-sub-domain-0-ipv6] g-bier mpra 5004::1

# Configure SRv6.

[P] segment-routing ipv6

[P-segment-routing-ipv6] encapsulation source-address 44::44

[P-segment-routing-ipv6] locator aaa ipv6-prefix 4:2:: 96 static 8

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IS-IS on the interface.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ipv6 address 9000:6::2 64

[P-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable IS-IS on the interface.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ipv6 address 9000:7::2 64

[P-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet3/0/3, and enable IS-IS on the interface.

[P] interface ten-gigabitethernet 3/0/3

[P-Ten-GigabitEthernet3/0/3] ipv6 address 9000:8::2 64

[P-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1 and enable IS-IS on the interface.

[P] interface loopback 1

[P-LoopBack1] ip address 2.2.2.2 32

[P-LoopBack1] ipv6 address 2222::2222 64

[P-LoopBack1] isis ipv6 enable 1

[P-LoopBack1] quit

# Configure IS-IS.

[P] isis 1

[P-isis-1] is-level level-1

[P-isis-1] cost-style wide

[P-isis-1] bier enable

[P-isis-1] network-entity 10.0000.0000.0004.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] segment-routing ipv6 locator aaa

[P-isis-1-ipv6] quit

[P-isis-1] quit

5. Configure CE a1:

# Enable IP multicast routing.

<CEa1> system-view

[CEa1] multicast routing

[CEa1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/1

[CEa1-Ten-GigabitEthernet3/0/1] ip address 10.110.7.1 24

[CEa1-Ten-GigabitEthernet3/0/1] pim sm

[CEa1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa1] interface ten-gigabitethernet 3/0/2

[CEa1-Ten-GigabitEthernet3/0/2] ip address 10.110.2.2 24

[CEa1-Ten-GigabitEthernet3/0/2] pim sm

[CEa1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEa1] rip 2

[CEa1-rip-2] network 10.110.2.0 0.0.0.255

[CEa1-rip-2] network 10.110.7.0 0.0.0.255

[CEa1-rip-2] quit

6. Configure CE b1:

# Enable IP multicast routing.

<CEb1> system-view

[CEb1] multicast routing

[CEb1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/1

[CEb1-Ten-GigabitEthernet3/0/1] ip address 10.110.8.1 24

[CEb1-Ten-GigabitEthernet3/0/1] pim sm

[CEb1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb1] interface ten-gigabitethernet 3/0/2

[CEb1-Ten-GigabitEthernet3/0/2] ip address 10.110.3.2 24

[CEb1-Ten-GigabitEthernet3/0/2] pim sm

[CEb1-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb1] rip 3

[CEb1-rip-3] network 10.110.3.0 0.0.0.255

[CEb1-rip-3] network 10.110.8.0 0.0.0.255

[CEb1-rip-2] quit

7. Configure CE a2:

# Enable IP multicast routing.

<CEa2> system-view

[CEa2] multicast routing

[CEa2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa2] interface ten-gigabitethernet 3/0/1

[CEa2-Ten-GigabitEthernet3/0/1] ip address 10.110.9.1 24

[CEa2-Ten-GigabitEthernet3/0/1] igmp enable

[CEa2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/2

[CEa2-Ten-GigabitEthernet3/0/2] ip address 10.110.4.2 24

[CEa2-Ten-GigabitEthernet3/0/2] pim sm

[CEa2-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa2] interface ten-gigabitethernet 3/0/3

[CEa2-Ten-GigabitEthernet3/0/3] ip address 10.110.12.1 24

[CEa2-Ten-GigabitEthernet3/0/3] pim sm

[CEa2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable PIM-SM on the interface.

[CEa2] interface loopback 1

[CEa2-LoopBack1] ip address 22.22.22.22 32

[CEa2-LoopBack1] pim sm

[CEa2-LoopBack1] quit

# Configure Loopback 1 as a C-BSR and a C-RP.

[CEa2] pim vpn-instance a

[CEa2-pim] c-bsr 22.22.22.22

[CEa2-pim] c-rp 22.22.22.22

[CEa2-pim] quit

# Configure MSDP.

[CEa2] msdp

[CEa2-msdp] peer 10.110.4.1 connect-interface ten-gigabitethernet 3/0/2

[CEa2-msdp] quit

# Configure RIP.

[CEa2] rip 2

[CEa2-rip-2] network 10.110.4.0 0.0.0.255

[CEa2-rip-2] network 10.110.9.0 0.0.0.255

[CEa2-rip-2] network 10.110.12.0 0.0.0.255

[CEa2-rip-2] network 22.22.22.22 0.0.0.0

[CEa2-rip-2] quit

8. Configure CE a3:

# Enable IP multicast routing.

<CEa3> system-view

[CEa3] multicast routing

[CEa3-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEa3] interface ten-gigabitethernet 3/0/1

[CEa3-Ten-GigabitEthernet3/0/1] ip address 10.110.10.1 24

[CEa3-Ten-GigabitEthernet3/0/1] igmp enable

[CEa3-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/2

[CEa3-Ten-GigabitEthernet3/0/2] ip address 10.110.5.2 24

[CEa3-Ten-GigabitEthernet3/0/2] pim sm

[CEa3-Ten-GigabitEthernet3/0/2] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3, and enable PIM-SM on the interface.

[CEa3] interface ten-gigabitethernet 3/0/3

[CEa3-Ten-GigabitEthernet3/0/3] ip address 10.110.12.2 24

[CEa3-Ten-GigabitEthernet3/0/3] pim sm

[CEa3-Ten-GigabitEthernet3/0/3] quit

# Configure RIP.

[CEa3] rip 2

[CEa3-rip-2] network 10.110.5.0 0.0.0.255

[CEa3-rip-2] network 10.110.10.0 0.0.0.255

[CEa3-rip-2] network 10.110.12.0 0.0.0.255

[CEa3-rip-2] quit

9. Configure CE b2:

# Enable IP multicast routing.

<CEb2> system-view

[CEb2] multicast routing

[CEb2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1, and enable IGMP on the interface.

[CEb2] interface ten-gigabitethernet 3/0/1

[CEb2-Ten-GigabitEthernet3/0/1] ip address 10.110.11.1 24

[CEb2-Ten-GigabitEthernet3/0/1] igmp enable

[CEb2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/2, and enable PIM-SM on the interface.

[CEb2] interface ten-gigabitethernet 3/0/2

[CEb2-Ten-GigabitEthernet3/0/2] ip address 10.110.6.2 24

[CEb2-Ten-GigabitEthernet3/0/2] pim sm

[CEb2-Ten-GigabitEthernet3/0/2] quit

# Configure RIP.

[CEb2] rip 3

[CEb2-rip-3] network 10.110.6.0 0.0.0.255

[CEb2-rip-3] network 10.110.11.0 0.0.0.255

[CEb2-rip-2] quit

Verifying the configuration

# Display information about the BIER inclusive tunnel for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif0

Tunnel state: Up

Flags: 0x30

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 4001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.1 (local)

Leafs:

1: BFR-ID: 2 BFR prefix: 4002::

Uptime: 00:10:05 Originating router: 1.1.1.2

2: BFR-ID: 3 BFR prefix: 4003::

Uptime: 00:09:50 Originating router: 1.1.1.3

# Display information about BIER selective tunnels for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif1

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 4001::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.1 (local)

Leafs:

1: BFR-ID: 2 BFR prefix: 4002::

Uptime: 00:00:23 Originating router: 1.1.1.2

# Display C-multicast A-D route information for VPN instance a on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.7.2, 225.0.0.1)

CreateTime: 00:02:20

Tunnel Information: BIERVOif1

# Display information about the BIER inclusive tunnel for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 4001::

Root: 1.1.1.1

Leaf:

1: BFR-ID: 2 BFR prefix: 4002::

Uptime: -- Originating router: 1.1.1.2

# Display information about BIER selective tunnels for VPN instance a on PE 2.

[PE2] display multicast-vpn vpn-instance a selective-tunnel remote

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 4001::

Root: 1.1.1.1

Leaf:

1: BFR-ID: 2 BFR prefix: 4002::

Uptime: -- Originating router: 1.1.1.2

# Display information about the BIER inclusive tunnel for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif0

Tunnel state: Up

Flags: 0x30

Sub-domain ID/BSL: 0/128

BFR-ID: 2

BFR prefix: 4002::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.2 (local)

Leafs:

1: BFR-ID: 1 BFR prefix: 4001::

Uptime: 00:10:05 Originating router: 1.1.1.1

2: BFR-ID: 3 BFR prefix: 4003::

Uptime: 00:09:50 Originating router: 1.1.1.3

# Display information about BIER selective tunnels for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif1

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 2

BFR prefix: 4002::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.2 (local)

Leafs:

1: BFR-ID: 3 BFR prefix: 4003::

Uptime: 00:00:23 Originating router: 1.1.1.3

# Display C-multicast A-D route information for VPN instance b on PE 2.

[PE2] display multicast-vpn vpn-instance b c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.8.2, 225.0.0.1)

CreateTime: 00:02:20

Tunnel Information: BIERVOif1

# Display information about the BIER inclusive tunnel for VPN instance b on PE 3.

[PE3] display multicast-vpn vpn-instance b inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 2

BFR prefix: 4002::

Root: 1.1.1.2

Leaf:

1: BFR-ID: 3 BFR prefix: 4003::

Uptime: -- Originating router: 1.1.1.3

# Display information about BIER selective tunnels for VPN instance b on PE 3.

[PE3] display multicast-vpn vpn-instance b selective-tunnel remote

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 2

BFR prefix: 4002::

Root: 1.1.1.2

Leaf:

1: BFR-ID: 3 BFR prefix: 4003::

Uptime: -- Originating router: 1.1.1.3

Example: Configuring BIER-based MVPN for the public instance

Network configuration

As shown in Figure 224, configure BIER-based MVPN for the public instance to meet the following requirements:

Item	Network configuration
Multicast sources and receivers	In the public instance, S 1 is a multicast source, and R 1 is a receiver.
Instances to which PE interfaces belong	All interfaces belong to the public instance.
Unicast routing protocols and BIER	· Configure IS-IS on the public network, and configure RIP between the PEs and the CEs. · Establish BGP peer connections between PE 1 and PE 2 by using Loopback 1. · Configure BIER on the public network.
IP multicast routing	· Enable IP multicast routing for the public instance on PE 1 and PE 2. · Enable IP multicast routing on CE 1 and CE 2.
IGMP	Enable IGMPv2 on Ten-GigabitEthernet 3/0/1 of CE 2.
PIM	· Enable PIM-SM on Ten-GigabitEthernet 3/0/1 on PE 1 and Ten-GigabitEthernet 3/0/1 on PE 2. · Enable PIM-SM on all interfaces that do not have attached receiver hosts on CE 1 and CE 2. · Configure Loopback 2 of PE 2 as a C-BSR and a C-RP for the public instance to provide services for all multicast groups.

Figure 224 Network diagram

‌

Table 60 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
S 1	—	10.110.7.2/24	R 1	—	10.110.1.2/24
PE 1	XGE3/0/1	9000:6::1/64	P	XGE3/0/1	9000:6::2/64
PE 1	XGE3/0/2	10.110.2.1/24	P	XGE3/0/3	9000:8::2/64
PE 1	Loop1	1.1.1.1/32 1111::1111/128	P	Loop1	2.2.2.2/32 2222::2222/128
PE 2	XGE3/0/1	9000:8::1/64	CE 1	XGE3/0/1	10.110.7.1/24
PE 2	XGE3/0/2	10.110.5.1/24	CE 1	XGE3/0/2	10.110.2.2/24
PE 2	Loop1	1.1.1.3/32 1113::1113/128	CE 2	XGE3/0/1	10.110.10.1/24
PE 2	Loop2	33.33.33.33/32	CE 2	XGE3/0/2	10.110.5.2/24

Procedure

1. Configure PE 1:

# Configure a global router ID.

<PE1> system-view

[PE1] router id 1.1.1.1

# Configure BIER.

[PE1] bier

[PE1-bier] sub-domain 0 ipv6

[PE1-bier-sub-domain-0-ipv6] bfr-id 1

[PE1-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE1-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE1-bier-sub-domain-0-ipv6] g-bier mpra 5001::1

[PE1-bier-sub-domain-0-ipv6] quit

[PE1-bier] quit

# Configure a multicast service prefix.

[PE1] multicast-service-prefix ms1 ipv6-prefix 1234:1:: 64 service-id-length 10

# Create the public instance, and configure route targets for the public instance.

[PE1] ip public-instance

[PE1-public-instance] vpn-target 100:1 export-extcommunity

[PE1-public-instance] vpn-target 100:1 import-extcommunity

[PE1-public-instance] quit

# Enable IP multicast routing for the public instance.

[PE1] multicast routing

[PE1-mrib] quit

# Create a BIER-based MVPN for the public instance.

[PE1] multicast-vpn public-instance mode bier

# Create an MVPN IPv4 address family for the public instance.

[PE1-mvpn-public-instance] address-family ipv4

# Specify the MVPN source interface for the public instance.

[PE1-mvpn-public-instance-ipv4] source loopback 1

# Enable dynamic inclusive tunnel creation and dynamic selective tunnel creation for the public instance.

[PE1-mvpn-public-instance-ipv4] inclusive-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-public-instance-ipv4] selective-tunnel dynamic sub-domain 0 bsl 128

[PE1-mvpn-public-instance-ipv4] tunnel-source multicast-service-prefix ms1 service-id 12

[PE1-mvpn-public-instance-ipv4] quit

[PE1-mvpn-public-instance] quit

# Configure IS-IS.

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] bier enable

[PE1-isis-1] network-entity 10.0000.0000.0001.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1 on the public network, and enable IS-IS on it.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 9000:6::1 64

[PE1-Ten-GigabitEthernet3/0/1 isis ipv6 enable 1

[PE1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3 on the public network, and enable PIM-SM on it.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.110.2.1 24

[PE1-Ten-GigabitEthernet3/0/3] pim sm

[PE1-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable IS-IS on the interface.

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.1 32

[PE1-LoopBack1] ipv6 address 1111::1111 128

[PE1-LoopBack1] isis ipv6 enable 1

[PE1-LoopBack1] quit

# Configure BGP.

[PE1] bgp 100

[PE1-bgp-default] peer 1113::1113 as-number 100

[PE1-bgp-default] peer 1113::1113 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 mvpn

[PE1-bgp-default-mvpn] peer 1113::1113 enable

[PE1-bgp-default-mvpn] quit

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] mvpn-advertise-rt-import

[PE1-bgp-default-ipv4] peer 1113::1113 enable

[PE1-bgp-default-ipv4] peer 1113::1113 advertise-ext-community

[PE1-bgp-default-ipv4] import-route rip 2

[PE1-bgp-default-ipv4] import-route direct

[PE1-bgp-default-ipv4] quit

[PE1-bgp-default] quit

# Configure RIP.

[PE1] rip 2

[PE1-rip-2] network 10.110.2.0 0.0.0.255

[PE1-rip-2] import-route bgp

[PE1-rip-2] quit

2. Configure PE 2:

# Configure a global router ID.

<PE2> system-view

[PE2] router id 1.1.1.3

# Configure BIER.

[PE2] bier

[PE2-bier] sub-domain 0 ipv6

[PE2-bier-sub-domain-0-ipv6] bfr-id 3

[PE2-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[PE2-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[PE2-bier-sub-domain-0-ipv6] g-bier mpra 5003::1

[PE2-bier-sub-domain-0-ipv6] quit

[PE2-bier] quit

# Create the public instance, and configure route targets for the public instance.

[PE2] ip public-instance

[PE2-public-instance] vpn-target 100:1 export-extcommunity

[PE2-public-instance] vpn-target 100:1 import-extcommunity

[PE2-public-instance] quit

# Enable IP multicast routing for the public instance.

[PE2] multicast routing

[PE2-mrib] quit

# Create a BIER-based MVPN for the public instance.

[PE2] multicast-vpn public-instance mode bier

# Create an MVPN IPv4 address family for the public instance.

[PE2-mvpn-public-instance] address-family ipv4

# Specify the MVPN source interface for the public instance.

[PE2-mvpn-public-instance-ipv4] source loopback 1

[PE2-mvpn-public-instance-ipv4] quit

[PE2-mvpn-public-instance] quit

# Configure IS-IS.

[PE2] isis 1

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] bier enable

[PE2-isis-1] network-entity 10.0000.0000.0003.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1 on the public network, and enable IS-IS on it.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 9000:8::1 64

[PE2-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3 on the public network, and enable PIM-SM on it.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.110.5.1 24

[PE2-Ten-GigabitEthernet3/0/3] pim sm

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable IS-IS on the interface.

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 1.1.1.3 32

[PE2-LoopBack1] ipv6 address 1113::1113 128

[PE2-LoopBack1] isis ipv6 enable 1

[PE2-LoopBack1] quit

# Assign an IP address to Loopback 2, and enable PIM-SM on the interface.

[PE2] interface loopback 2

[PE2-LoopBack2] ip address 33.33.33.33 32

[PE2-LoopBack2] pim sm

[PE2-LoopBack2] quit

# Configure Loopback 2 as a C-BSR and a C-RP of the public network.

[PE2] pim

[PE2-pim] c-bsr 33.33.33.33

[PE2-pim] c-rp 33.33.33.33

[PE2-pim] quit

# Configure BGP.

[PE2] bgp 100

[PE2-bgp-default] peer 1111::1111 as-number 100

[PE2-bgp-default] peer 1111::1111 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 mvpn

[PE2-bgp-default-mvpn] peer 1111::1111 enable

[PE2-bgp-default-mvpn]quit

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] mvpn-advertise-rt-import

[PE2-bgp-default-ipv4] peer 1111::1111 enable

[PE2-bgp-default-ipv4] peer 1111::1111 advertise-ext-community

[PE2-bgp-default-ipv4] import-route rip 2

[PE2-bgp-default-ipv4] import-route direct

[PE2-bgp-default-ipv4] quit

[PE2-bgp-default] quit

# Configure RIP.

[PE2] rip 2

[PE2-rip-2] network 10.110.5.0 0.0.0.255

[PE2-rip-2] import-route bgp

[PE2-rip-2] quit

3. Configure P:

# Configure BIER.

[P] bier

[P-bier] sub-domain 0 ipv6

[P-bier-sub-domain-0-ipv6] bfr-id 4

[P-bier-sub-domain-0-ipv6] bfr-prefix interface LoopBack1

[P-bier-sub-domain-0-ipv6] encapsulation-type g-bier bsl 128 max-si 32

[P-bier-sub-domain-0-ipv6] g-bier mpra 5004::1

# Configure IS-IS.

[P] isis 1

[P-isis-1] is-level level-1

[P-isis-1] cost-style wide

[P-isis-1] bier enable

[P-isis-1] network-entity 10.0000.0000.0004.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1 on the public network, and enable IS-IS on it.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ipv6 address 9000:6::2 64

[P-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3 on the public network, and enable IS-IS on it.

[P] interface ten-gigabitethernet 3/0/3

[P-Ten-GigabitEthernet3/0/3] ipv6 address 9000:8::2 64

[P-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/3] quit

# Assign an IP address to Loopback 1, and enable IS-IS on the interface.

[P] interface loopback 1

[P-LoopBack1] ip address 2.2.2.2 32

[P-LoopBack1] ipv6 address 2222::2222 64

[P-LoopBack1] isis ipv6 enable 1

[P-LoopBack1] quit

4. Configure CE 1:

# Enable IP multicast routing.

<CE1> system-view

[CE1] multicast routing

[CE1-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1 on the public network, and enable PIM-SM on it.

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 10.110.7.1 24

[CE1-Ten-GigabitEthernet3/0/1] pim sm

[CE1-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3 on the public network, and enable PIM-SM on it.

[CE1] interface ten-gigabitethernet 3/0/3

[CE1-Ten-GigabitEthernet3/0/3] ip address 10.110.2.2 24

[CE1-Ten-GigabitEthernet3/0/3] pim sm

[CE1-Ten-GigabitEthernet3/0/3] quit

# Configure RIP.

[CE1] rip 2

[CE1-rip-2] network 10.110.2.0 0.0.0.255

[CE1-rip-2] network 10.110.7.0 0.0.0.255

[CE1-rip-2] quit

5. Configure CE 2:

# Enable IP multicast routing.

<CE2> system-view

[CE2] multicast routing

[CE2-mrib] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/1 on the public network, and enable IGMP on it.

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 10.110.10.1 24

[CE2-Ten-GigabitEthernet3/0/1] igmp enable

[CE2-Ten-GigabitEthernet3/0/1] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/3 on the public network, and enable PIM-SM on it.

[CE2] interface ten-gigabitethernet 3/0/3

[CE2-Ten-GigabitEthernet3/0/3] ip address 10.110.5.2 24

[CE2-Ten-GigabitEthernet3/0/3] pim sm

[CE2-Ten-GigabitEthernet3/0/3] quit

# Configure RIP.

[CE2] rip 2

[CE2-rip-2] network 10.110.5.0 0.0.0.255

[CE2-rip-2] network 10.110.10.0 0.0.0.255

[CE2-rip-2] quit

Verifying the configuration

# Display information about the BIER inclusive tunnel for the public instance on PE 1.

[PE1] display multicast-vpn public-instance inclusive-tunnel local

Tunnel type: BIER

Tunnel interface: BIERVOif0

Tunnel state: Up

Flags: 0x30

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 1111::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.1 (local)

Leafs:

1: BFR-ID: 3 BFR prefix: 1113::

Uptime: 00:09:50 Originating router: 1.1.1.3

# Display information about BIER selective tunnels for the public instance on PE 1.

[PE1] display multicast-vpn public-instance selective-tunnel local

Total 1 selective tunnel in using

Total 0 selective tunnel in creating

Tunnel type: BIER

Tunnel interface: BIERVOif1

Tunnel state: Up

Flags: 0x10

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 1111::

Multicast service prefix:

Prefix length ID length ID offset MS Flags

64 10 0 0

Root: 1.1.1.1 (local)

Leafs:

1: BFR-ID: 3 BFR prefix: 1113::

Uptime: 00:00:23 Originating router: 1.1.1.3

# Display C-multicast A-D route information for the public instance on PE 1.

[PE1] display multicast-vpn vpn-instance a c-multicast routing-table

Total 0 (*, G) entry; 1 (S, G) entry

(10.110.7.2, 225.0.0.1)

CreateTime: 00:02:20

Tunnel Information: BIERVOif1

# Display information about the BIER inclusive tunnel for the public instance on PE 2.

[PE3] display multicast-vpn public-instance inclusive-tunnel remote

Total 1 inclusive tunnel

Tunnel type: BIER

Tunnel state: --

Flags: 0x0

Sub-domain ID/BSL: 0/128

BFR-ID: 1

BFR prefix: 1111::

Root: 1.1.1.1

Leaf:

1: BFR-ID: 3 BFR prefix: 1113::

Uptime: -- Originating router: 1.1.1.3

Static LSP configuration examples

Example: Configuring static LSPs

Network configuration

Router A, Router B, and Router C all support MPLS.

Establish static LSPs between Router A and Router C, so that subnets 11.1.1.0/24 and 21.1.1.0/24 can access each other over MPLS.

Figure 225 Network diagram

‌

Procedure

1. Configure IP addresses for all interfaces, including the loopback interfaces, as shown in Figure 225. (Details not shown.)

2. Configure a static route to the destination address of each static LSP:

# On Router A, configure a static route to network 21.1.1.0/24.

<RouterA> system-view

[RouterA] ip route-static 21.1.1.0 24 10.1.1.2

# On Router C, configure a static route to network 11.1.1.0/24.

<RouterC> system-view

[RouterC] ip route-static 11.1.1.0 255.255.255.0 20.1.1.1

3. Configure basic MPLS on the routers:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

4. Configure a static LSP from Router A to Router C:

# Configure the LSP ingress node, Router A.

[RouterA] static-lsp ingress AtoC destination 21.1.1.0 24 nexthop 10.1.1.2 out-label 30

# Configure the LSP transit node, Router B.

[RouterB] static-lsp transit AtoC in-label 30 nexthop 20.1.1.2 out-label 50

# Configure the LSP egress node, Router C.

[RouterC] static-lsp egress AtoC in-label 50

5. Create a static LSP from Router C to Router A:

# Configure the LSP ingress node, Router C.

[RouterC] static-lsp ingress CtoA destination 11.1.1.0 24 nexthop 20.1.1.1 out-label 40

# Configure the LSP transit node, Router B.

[RouterB] static-lsp transit CtoA in-label 40 nexthop 10.1.1.1 out-label 70

# Configure the LSP egress node, Router A.

[RouterA] static-lsp egress CtoA in-label 70

Verifying the configuration

# Display static LSP information on routers, for example, on Router A.

[RouterA] display mpls static-lsp

Total: 2

Name FEC In/Out Label Nexthop/Out Interface State

AtoC 21.1.1.0/24 NULL/30 10.1.1.2 Up

CtoA -/- 70/NULL - Up

# Test the connectivity of the LSP from Router A to Router C.

[RouterA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24

MPLS ping FEC 21.1.1.0/24 with 100 bytes of data:

100 bytes from 20.1.1.2: Sequence=1 time=4 ms

100 bytes from 20.1.1.2: Sequence=2 time=1 ms

100 bytes from 20.1.1.2: Sequence=3 time=1 ms

100 bytes from 20.1.1.2: Sequence=4 time=1 ms

100 bytes from 20.1.1.2: Sequence=5 time=1 ms

--- Ping statistics for FEC 21.1.1.0/24 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 1/1/4 ms

# Test the connectivity of the LSP from Router C to Router A.

[RouterC] ping mpls -a 21.1.1.1 ipv4 11.1.1.0 24

MPLS ping FEC 11.1.1.0/24 with 100 bytes of data:

100 bytes from 10.1.1.1: Sequence=1 time=5 ms

100 bytes from 10.1.1.1: Sequence=2 time=1 ms

100 bytes from 10.1.1.1: Sequence=3 time=1 ms

100 bytes from 10.1.1.1: Sequence=4 time=1 ms

100 bytes from 10.1.1.1: Sequence=5 time=1 ms

--- Ping statistics for FEC 11.1.1.0/24 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 1/1/5 ms

IPv4 LDP configuration examples

Example: Configuring LDP LSPs

Network configuration

Router A, Router B, and Router C all support MPLS.

Configure LDP to establish LSPs between Router A and Router C, so subnets 11.1.1.0/24 and 21.1.1.0/24 can reach each other over MPLS.

Configure LDP to establish LSPs only for destinations 1.1.1.9/32, 2.2.2.9/32, 3.3.3.9/32, 11.1.1.0/24, and 21.1.1.0/24 on Router A, Router B, and Router C.

Figure 226 Network diagram

‌

Analysis

· To ensure that the LSRs establish IPv4 LSPs automatically, enable IPv4 LDP on each LSR.

· To establish IPv4 LDP LSPs, configure an IPv4 routing protocol to ensure IP connectivity between the LSRs. This example uses OSPF.

· To control the number of IPv4 LSPs, configure an IPv4 LSP generation policy on each LSR.

Procedure

1. Configure IP addresses and masks for interfaces, including the loopback interfaces, as shown in Figure 226. (Details not shown.)

2. Configure OSPF on each router to ensure IP connectivity between them:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] network 21.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

# Verify that the routers have learned the routes to each other. This example uses Router A.

[RouterA] display ip routing-table

Destinations : 19 Routes : 19

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 O_INTRA 10 1 10.1.1.2 XGE3/0/1

3.3.3.9/32 O_INTRA 10 2 10.1.1.2 XGE3/0/1

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.0/32 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/1

11.1.1.0/24 Direct 0 0 11.1.1.1 XGE3/0/2

11.1.1.0/32 Direct 0 0 11.1.1.1 XGE3/0/2

11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.1 XGE3/0/2

20.1.1.0/24 O_INTRA 10 2 10.1.1.2 XGE3/0/1

21.1.1.0/24 O_INTRA 10 3 10.1.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

3. Enable MPLS and IPv4 LDP:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls ldp

[RouterA-ldp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

4. Configure IPv4 LSP generation policies:

# On Router A, create IP prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterA] ip prefix-list routera index 10 permit 1.1.1.9 32

[RouterA] ip prefix-list routera index 20 permit 2.2.2.9 32

[RouterA] ip prefix-list routera index 30 permit 3.3.3.9 32

[RouterA] ip prefix-list routera index 40 permit 11.1.1.0 24

[RouterA] ip prefix-list routera index 50 permit 21.1.1.0 24

[RouterA] mpls ldp

[RouterA-ldp] lsp-trigger prefix-list routera

[RouterA-ldp] quit

# On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterB] ip prefix-list routerb index 10 permit 1.1.1.9 32

[RouterB] ip prefix-list routerb index 20 permit 2.2.2.9 32

[RouterB] ip prefix-list routerb index 30 permit 3.3.3.9 32

[RouterB] ip prefix-list routerb index 40 permit 11.1.1.0 24

[RouterB] ip prefix-list routerb index 50 permit 21.1.1.0 24

[RouterB] mpls ldp

[RouterB-ldp] lsp-trigger prefix-list routerb

[RouterB-ldp] quit

# On Router C, create IP prefix list routerc, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterC] ip prefix-list routerc index 10 permit 1.1.1.9 32

[RouterC] ip prefix-list routerc index 20 permit 2.2.2.9 32

[RouterC] ip prefix-list routerc index 30 permit 3.3.3.9 32

[RouterC] ip prefix-list routerc index 40 permit 11.1.1.0 24

[RouterC] ip prefix-list routerc index 50 permit 21.1.1.0 24

[RouterC] mpls ldp

[RouterC-ldp] lsp-trigger prefix-list routerc

[RouterC-ldp] quit

Verifying the configuration

# Display LDP LSP information on the routers, for example, on Router A.

[RouterA] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 5 Ingress: 3 Transit: 3 Egress: 2

FEC In/Out Label Nexthop OutInterface

1.1.1.9/32 3/-

-/1279(L)

2.2.2.9/32 -/3 10.1.1.2 XGE3/0/1

1279/3 10.1.1.2 XGE3/0/1

3.3.3.9/32 -/1278 10.1.1.2 XGE3/0/1

1278/1278 10.1.1.2 XGE3/0/1

11.1.1.0/24 1277/-

-/1277(L)

21.1.1.0/24 -/1276 10.1.1.2 XGE3/0/1

1276/1276 10.1.1.2 XGE3/0/1

# Test the connectivity of the LDP LSP from Router A to Router C.

[RouterA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24

MPLS ping FEC 21.1.1.0/24 with 100 bytes of data:

100 bytes from 20.1.1.2: Sequence=1 time=1 ms

100 bytes from 20.1.1.2: Sequence=2 time=1 ms

100 bytes from 20.1.1.2: Sequence=3 time=8 ms

100 bytes from 20.1.1.2: Sequence=4 time=2 ms

100 bytes from 20.1.1.2: Sequence=5 time=1 ms

--- Ping statistics for FEC 21.1.1.0/24 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 1/2/8 ms

# Test the connectivity of the LDP LSP from Router C to Router A.

[RouterC] ping mpls -a 21.1.1.1 ipv4 11.1.1.0 24

MPLS ping FEC 11.1.1.0/24 with 100 bytes of data:

100 bytes from 10.1.1.1: Sequence=1 time=1 ms

100 bytes from 10.1.1.1: Sequence=2 time=1 ms

100 bytes from 10.1.1.1: Sequence=3 time=1 ms

100 bytes from 10.1.1.1: Sequence=4 time=1 ms

100 bytes from 10.1.1.1: Sequence=5 time=1 ms

--- Ping statistics for FEC 11.1.1.0/24 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 1/1/1 ms

Example: Configuring label acceptance control

Network configuration

Two links, Router A—Router B—Router C and Router A—Router D—Router C, exist between subnets 11.1.1.0/24 and 21.1.1.0/24.

Configure LDP to establish LSPs only for routes to subnets 11.1.1.0/24 and 21.1.1.0/24.

Configure LDP to establish LSPs only on the link Router A—Router B—Router C to forward traffic between subnets 11.1.1.0/24 and 21.1.1.0/24.

Figure 227 Network diagram

‌

Analysis

· To ensure that the LSRs establish IPv4 LSPs automatically, enable IPv4 LDP on each LSR.

· To establish IPv4 LDP LSPs, configure an IPv4 routing protocol to ensure IP connectivity between the LSRs. This example uses OSPF.

· To ensure that LDP establishes IPv4 LSPs only for the routes 11.1.1.0/24 and 21.1.1.0/24, configure IPv4 LSP generation policies on each LSR.

· To ensure that LDP establishes IPv4 LSPs only over the link Router A—Router B—Router C, configure IPv4 label acceptance policies as follows:

¡ Router A accepts only the label mapping for FEC 21.1.1.0/24 received from Router B. Router A denies the label mapping for FEC 21.1.1.0/24 received from Router D.

¡ Router C accepts only the label mapping for FEC 11.1.1.0/24 received from Router B. Router C denies the label mapping for FEC 11.1.1.0/24 received from Router D.

Procedure

1. Configure IP addresses and masks for interfaces, including the loopback interfaces, as shown in Figure 227. (Details not shown.)

2. Configure OSPF on each router to ensure IP connectivity between them. (Details not shown.)

3. Enable MPLS and IPv4 LDP:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls ldp

[RouterA-ldp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] mpls enable

[RouterA-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls ldp

[RouterD-ldp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] mpls enable

[RouterD-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/2] quit

4. Configure IPv4 LSP generation policies:

# On Router A, create IP prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterA] ip prefix-list routera index 10 permit 11.1.1.0 24

[RouterA] ip prefix-list routera index 20 permit 21.1.1.0 24

[RouterA] mpls ldp

[RouterA-ldp] lsp-trigger prefix-list routera

[RouterA-ldp] quit

# On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterB] ip prefix-list routerb index 10 permit 11.1.1.0 24

[RouterB] ip prefix-list routerb index 20 permit 21.1.1.0 24

[RouterB] mpls ldp

[RouterB-ldp] lsp-trigger prefix-list routerb

[RouterB-ldp] quit

# On Router C, create IP prefix list routerc, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterC] ip prefix-list routerc index 10 permit 11.1.1.0 24

[RouterC] ip prefix-list routerc index 20 permit 21.1.1.0 24

[RouterC] mpls ldp

[RouterC-ldp] lsp-trigger prefix-list routerc

[RouterC-ldp] quit

# On Router D, create IP prefix list routerd, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterD] ip prefix-list routerd index 10 permit 11.1.1.0 24

[RouterD] ip prefix-list routerd index 20 permit 21.1.1.0 24

[RouterD] mpls ldp

[RouterD-ldp] lsp-trigger prefix-list routerd

[RouterD-ldp] quit

5. Configure IPv4 label acceptance policies:

# On Router A, create IP prefix list prefix-from-b to permit subnet 21.1.1.0/24. Router A uses this list to filter FEC-label mappings received from Router B.

[RouterA] ip prefix-list prefix-from-b index 10 permit 21.1.1.0 24

# On Router A, create IP prefix list prefix-from-d to deny subnet 21.1.1.0/24. Router A uses this list to filter FEC-label mappings received from Router D.

[RouterA] ip prefix-list prefix-from-d index 10 deny 21.1.1.0 24

# On Router A, configure label acceptance policies to filter FEC-label mappings received from Router B and Router D.

[RouterA] mpls ldp

[RouterA-ldp] accept-label peer 2.2.2.9 prefix-list prefix-from-b

[RouterA-ldp] accept-label peer 4.4.4.9 prefix-list prefix-from-d

[RouterA-ldp] quit

# On Router C, create IP prefix list prefix-from-b to permit subnet 11.1.1.0/24. Router C uses this list to filter FEC-label mappings received from Router B.

[RouterC] ip prefix-list prefix-from-b index 10 permit 11.1.1.0 24

# On Router C, create IP prefix list prefix-from-d to deny subnet 11.1.1.0/24. Router A uses this list to filter FEC-label mappings received from Router D.

[RouterC] ip prefix-list prefix-from-d index 10 deny 11.1.1.0 24

# On Router C, configure label acceptance policies to filter FEC-label mappings received from Router B and Router D.

[RouterC] mpls ldp

[RouterC-ldp] accept-label peer 2.2.2.9 prefix-list prefix-from-b

[RouterC-ldp] accept-label peer 4.4.4.9 prefix-list prefix-from-d

[RouterC-ldp] quit

Verifying the configuration

# Display LDP LSP information on the routers, for example, on Router A.

[RouterA] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 1 Transit 1 Egress: 1

FEC In/Out Label Nexthop OutInterface

11.1.1.0/24 1277/-

-/1148(L)

21.1.1.0/24 -/1276 10.1.1.2 XGE3/0/1

1276/1276 10.1.1.2 XGE3/0/1

The output shows that the next hop of the LSP for FEC 21.1.1.0/24 is Router B (10.1.1.2). The LSP has been established over the link Router A—Router B—Router C, not over the link Router A—Router D—Router C.

# Test the connectivity of the LDP LSP from Router A to Router C.

[RouterA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24

MPLS ping FEC 21.1.1.0/24 with 100 bytes of data:

100 bytes from 20.1.1.2: Sequence=1 time=1 ms

100 bytes from 20.1.1.2: Sequence=2 time=1 ms

100 bytes from 20.1.1.2: Sequence=3 time=8 ms

100 bytes from 20.1.1.2: Sequence=4 time=2 ms

100 bytes from 20.1.1.2: Sequence=5 time=1 ms

--- Ping statistics for FEC 21.1.1.0/24 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 1/2/8 ms

# Test the connectivity of the LDP LSP from Router C to Router A.

[RouterC] ping mpls -a 21.1.1.1 ipv4 11.1.1.0 24

MPLS ping FEC 11.1.1.0/24 with 100 bytes of data:

100 bytes from 10.1.1.1: Sequence=1 time=1 ms

100 bytes from 10.1.1.1: Sequence=2 time=1 ms

100 bytes from 10.1.1.1: Sequence=3 time=1 ms

100 bytes from 10.1.1.1: Sequence=4 time=1 ms

100 bytes from 10.1.1.1: Sequence=5 time=1 ms

--- Ping statistics for FEC 11.1.1.0/24 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 1/1/1 ms

Example: Configuring label advertisement control

Network configuration

Two links, Router A—Router B—Router C and Router A—Router D—Router C, exist between subnets 11.1.1.0/24 and 21.1.1.0/24.

Configure LDP to establish LSPs only for routes to subnets 11.1.1.0/24 and 21.1.1.0/24.

Configure LDP to establish LSPs only on the link Router A—Router B—Router C to forward traffic between subnets 11.1.1.0/24 and 21.1.1.0/24.

Figure 228 Network diagram

‌

Analysis

· To ensure that the LSRs establish IPv4 LSPs automatically, enable IPv4 LDP on each LSR.

· To establish IPv4 LDP LSPs, configure an IPv4 routing protocol to ensure IP connectivity between the LSRs. This example uses OSPF.

· To ensure that LDP establishes IPv4 LSPs only for the routes 11.1.1.0/24 and 21.1.1.0/24, configure IPv4 LSP generation policies on each LSR.

· To ensure that LDP establishes IPv4 LSPs only over the link Router A—Router B—Router C, configure IPv4 label advertisement policies as follows:

¡ Router A advertises only the label mapping for FEC 11.1.1.0/24 to Router B.

¡ Router C advertises only the label mapping for FEC 21.1.1.0/24 to Router B.

¡ Router D does not advertise label mapping for FEC 21.1.1.0/24 to Router A. Router D does not advertise label mapping for FEC 11.1.1.0/24 to Router C.

Procedure

1. Configure IP addresses and masks for interfaces, including the loopback interfaces, as shown in Figure 228. (Details not shown.)

2. Configure OSPF on each router to ensure IP connectivity between them. (Details not shown.)

3. Enable MPLS and IPv4 LDP:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls ldp

[RouterA-ldp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] mpls enable

[RouterA-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls ldp

[RouterD-ldp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] mpls enable

[RouterD-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/2] quit

4. Configure IPv4 LSP generation policies:

# On Router A, create IP prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterA] ip prefix-list routera index 10 permit 11.1.1.0 24

[RouterA] ip prefix-list routera index 20 permit 21.1.1.0 24

[RouterA] mpls ldp

[RouterA-ldp] lsp-trigger prefix-list routera

[RouterA-ldp] quit

# On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterB] ip prefix-list routerb index 10 permit 11.1.1.0 24

[RouterB] ip prefix-list routerb index 20 permit 21.1.1.0 24

[RouterB] mpls ldp

[RouterB-ldp] lsp-trigger prefix-list routerb

[RouterB-ldp] quit

# On Router C, create IP prefix list routerc, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterC] ip prefix-list routerc index 10 permit 11.1.1.0 24

[RouterC] ip prefix-list routerc index 20 permit 21.1.1.0 24

[RouterC] mpls ldp

[RouterC-ldp] lsp-trigger prefix-list routerc

[RouterC-ldp] quit

# On Router D, create IP prefix list routerd, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

[RouterD] ip prefix-list routerd index 10 permit 11.1.1.0 24

[RouterD] ip prefix-list routerd index 20 permit 21.1.1.0 24

[RouterD] mpls ldp

[RouterD-ldp] lsp-trigger prefix-list routerd

[RouterD-ldp] quit

5. Configure IPv4 label advertisement policies:

# On Router A, create IP prefix list prefix-to-b to permit subnet 11.1.1.0/24. Router A uses this list to filter FEC-label mappings advertised to Router B.

[RouterA] ip prefix-list prefix-to-b index 10 permit 11.1.1.0 24

# On Router A, create IP prefix list peer-b to permit 2.2.2.9/32. Router A uses this list to filter peers.

[RouterA] ip prefix-list peer-b index 10 permit 2.2.2.9 32

# On Router A, configure a label advertisement policy to advertise only the label mapping for FEC 11.1.1.0/24 to Router B.

[RouterA] mpls ldp

[RouterA-ldp] advertise-label prefix-list prefix-to-b peer peer-b

[RouterA-ldp] quit

# On Router C, create IP prefix list prefix-to-b to permit subnet 21.1.1.0/24. Router C uses this list to filter FEC-label mappings advertised to Router B.

[RouterC] ip prefix-list prefix-to-b index 10 permit 21.1.1.0 24

# On Router C, create IP prefix list peer-b to permit 2.2.2.9/32. Router C uses this list to filter peers.

[RouterC] ip prefix-list peer-b index 10 permit 2.2.2.9 32

# On Router C, configure a label advertisement policy to advertise only the label mapping for FEC 21.1.1.0/24 to Router B.

[RouterC] mpls ldp

[RouterC-ldp] advertise-label prefix-list prefix-to-b peer peer-b

[RouterC-ldp] quit

# On Router D, create IP prefix list prefix-to-a to deny subnet 21.1.1.0/24. Router D uses this list to filter FEC-label mappings to be advertised to Router A.

[RouterD] ip prefix-list prefix-to-a index 10 deny 21.1.1.0 24

[RouterD] ip prefix-list prefix-to-a index 20 permit 0.0.0.0 0 less-equal 32

# On Router D, create IP prefix list peer-a to permit 1.1.1.9/32. Router D uses this list to filter peers.

[RouterD] ip prefix-list peer-a index 10 permit 1.1.1.9 32

# On Router D, create IP prefix list prefix-to-c to deny subnet 11.1.1.0/24. Router D uses this list to filter FEC-label mappings to be advertised to Router C.

[RouterD] ip prefix-list prefix-to-c index 10 deny 11.1.1.0 24

[RouterD] ip prefix-list prefix-to-c index 20 permit 0.0.0.0 0 less-equal 32

# On Router D, create IP prefix list peer-c to permit subnet 3.3.3.9/32. Router D uses this list to filter peers.

[RouterD] ip prefix-list peer-c index 10 permit 3.3.3.9 32

# On Router D, configure a label advertisement policy. This policy ensures that Router D does not advertise label mappings for FEC 21.1.1.0/24 to Router A, and does not advertise label mappings for FEC 11.1.1.0/24 to Router C.

[RouterD] mpls ldp

[RouterD-ldp] advertise-label prefix-list prefix-to-a peer peer-a

[RouterD-ldp] advertise-label prefix-list prefix-to-c peer peer-c

[RouterD-ldp] quit

Verifying the configuration

# Display LDP LSP information on each router.

[RouterA] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 1 Transit: 1 Egress: 1

FEC In/Out Label Nexthop OutInterface

11.1.1.0/24 1277/-

-/1151(L)

-/1277(L)

21.1.1.0/24 -/1276 10.1.1.2 XGE3/0/1

1276/1276 10.1.1.2 XGE3/0/1

[RouterB] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 2 Transit: 2 Egress: 0

FEC In/Out Label Nexthop OutInterface

11.1.1.0/24 -/1277 10.1.1.1 XGE3/0/1

1277/1277 10.1.1.1 XGE3/0/1

21.1.1.0/24 -/1149 20.1.1.2 XGE3/0/2

1276/1149 20.1.1.2 XGE3/0/2

[RouterC] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 1 Transit: 1 Egress: 1

FEC In/Out Label Nexthop OutInterface

11.1.1.0/24 -/1277 20.1.1.1 XGE3/0/1

1148/1277 20.1.1.1 XGE3/0/1

21.1.1.0/24 1149/-

-/1276(L)

-/1150(L)

[RouterD] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 0 Transit: 0 Egress: 2

FEC In/Out Label Nexthop OutInterface

11.1.1.0/24 1151/-

-/1277(L)

21.1.1.0/24 1150/-

The output shows that Router A and Router C have received FEC-label mappings only from Router B. Router B has received FEC-label mappings from both Router A and Router C. Router D does not receive FEC-label mappings from Router A or Router C. LDP has established an LSP only over the link Router A—Router B—Router C.

# Test the connectivity of the LDP LSP from Router A to Router C.

[RouterA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24

MPLS ping FEC 21.1.1.0/24 with 100 bytes of data:

100 bytes from 20.1.1.2: Sequence=1 time=1 ms

100 bytes from 20.1.1.2: Sequence=2 time=1 ms

100 bytes from 20.1.1.2: Sequence=3 time=8 ms

100 bytes from 20.1.1.2: Sequence=4 time=2 ms

100 bytes from 20.1.1.2: Sequence=5 time=1 ms

--- Ping statistics for FEC 21.1.1.0/24 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 1/2/8 ms

# Test the connectivity of the LDP LSP from Router C to Router A.

[RouterC] ping mpls -a 21.1.1.1 ipv4 11.1.1.0 24

MPLS ping FEC 11.1.1.0/24 with 100 bytes of data:

100 bytes from 10.1.1.1: Sequence=1 time=1 ms

100 bytes from 10.1.1.1: Sequence=2 time=1 ms

100 bytes from 10.1.1.1: Sequence=3 time=1 ms

100 bytes from 10.1.1.1: Sequence=4 time=1 ms

100 bytes from 10.1.1.1: Sequence=5 time=1 ms

--- Ping statistics for FEC 11.1.1.0/24 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 1/1/1 ms

Example: Configuring LDP FRR

Network configuration

Router S, Router A, and Router D reside in the same OSPF domain. Configure OSPF FRR so LDP can establish a primary LSP and a backup LSP on the Router S—Router D and the Router S—Router A—Router D links, respectively.

When the primary LSP operates correctly, traffic between subnets 11.1.1.0/24 and 21.1.1.0/24 is forwarded through the LSP.

When the primary LSP fails, traffic between the two subnets can be immediately switched to the backup LSP.

Figure 229 Network diagram

‌

Analysis

· To ensure that the LSRs establish IPv4 LSPs automatically, enable IPv4 LDP on each LSR.

· To establish IPv4 LDP LSPs, configure an IPv4 routing protocol to ensure IP connectivity between the LSRs. This example uses OSPF.

· To ensure that LDP establishes IPv4 LSPs only for the routes 11.1.1.0/24 and 21.1.1.0/24, configure IPv4 LSP generation policies on each LSR.

· To allow LDP to establish backup LSRs, configure OSPF FRR on Router S and Router D.

Procedure

1. Configure IP addresses and masks for interfaces, including the loopback interfaces, as shown in Figure 229. (Details not shown.)

2. Configure OSPF on each router to ensure IP connectivity between them. (Details not shown.)

3. Configure OSPF FRR by using one of the following methods:

¡ (Method 1.) Enable OSPF FRR to calculate a backup next hop by using the LFA algorithm:

# Configure Router S.

<RouterS> system-view

[RouterS] bfd echo-source-ip 10.10.10.10

[RouterS] ospf 1

[RouterS-ospf-1] fast-reroute lfa

[RouterS-ospf-1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] bfd echo-source-ip 11.11.11.11

[RouterD] ospf 1

[RouterD-ospf-1] fast-reroute lfa

[RouterD-ospf-1] quit

¡ (Method 2.) Enable OSPF FRR to specify a backup next hop by using a routing policy:

# Configure Router S.

<RouterS> system-view

[RouterS] bfd echo-source-ip 10.10.10.10

[RouterS] ip prefix-list abc index 10 permit 21.1.1.0 24

[RouterS] route-policy frr permit node 10

[RouterS-route-policy-frr-10] if-match ip address prefix-list abc

[RouterS-route-policy-frr-10] apply fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 12.12.12.2

[RouterS-route-policy-frr-10] quit

[RouterS] ospf 1

[RouterS-ospf-1] fast-reroute route-policy frr

[RouterS-ospf-1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] bfd echo-source-ip 10.10.10.10

[RouterD] ip prefix-list abc index 10 permit 11.1.1.0 24

[RouterD] route-policy frr permit node 10

[RouterD-route-policy-frr-10] if-match ip address prefix-list abc

[RouterD-route-policy-frr-10] apply fast-reroute backup-interface ten-gigabitethernet 3/0/1 backup-nexthop 24.24.24.2

[RouterD-route-policy-frr-10] quit

[RouterD] ospf 1

[RouterD-ospf-1] fast-reroute route-policy frr

[RouterD-ospf-1] quit

4. Enable MPLS and IPv4 LDP:

# Configure Router S.

[RouterS] mpls lsr-id 1.1.1.1

[RouterS] mpls ldp

[RouterS-mpls-ldp] quit

[RouterS] interface ten-gigabitethernet 3/0/1

[RouterS-Ten-GigabitEthernet3/0/1] mpls enable

[RouterS-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterS-Ten-GigabitEthernet3/0/1] quit

[RouterS] interface ten-gigabitethernet 3/0/2

[RouterS-Ten-GigabitEthernet3/0/2] mpls enable

[RouterS-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterS-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

[RouterD] mpls lsr-id 3.3.3.3

[RouterD] mpls ldp

[RouterD-mpls-ldp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] mpls enable

[RouterD-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/2] quit

# Configure Router A.

[RouterA] mpls lsr-id 2.2.2.2

[RouterA] mpls ldp

[RouterA-mpls-ldp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] mpls enable

[RouterA-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

5. Configure IPv4 LSP generation policies so LDP uses all static routes and IGP routes to establish LSPs:

# Configure Router S.

[RouterS] mpls ldp

[RouterS-ldp] lsp-trigger all

[RouterS-ldp] quit

# Configure Router D.

[RouterD] mpls ldp

[RouterD-ldp] lsp-trigger all

[RouterD-ldp] quit

# Configure Router A.

[RouterA] mpls ldp

[RouterA-ldp] lsp-trigger all

[RouterA-ldp] quit

Verifying the configuration

# Verify that primary and backup LSPs have been established.

[RouterS] display mpls ldp lsp 21.1.1.0 24

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 1 Ingress: 2 Transit: 2 Egress: 0

FEC In/Out Label Nexthop OutInterface

21.1.1.0/24 -/1276 13.13.13.2 XGE3/0/2

2174/1276 13.13.13.2 XGE3/0/2

-/1276(B) 12.12.12.2 XGE3/0/1

2174/1276(B) 12.12.12.2 XGE3/0/1

IPv6 LDP configuration examples

Example: Configuring IPv6 LDP LSP

Network configuration

Router A, Router B, and Router C all support MPLS.

Configure LDP to establish IPv6 LSPs between Router A and Router C, so subnets 11::0/64 and 21::0/64 can reach each other over MPLS.

Configure LDP to establish LSPs only for destinations 100::1/128, 100::2/128, 100::3/128, 11::0/64, and 21::0/64 on Router A, Router B, and Router C.

Figure 230 Network diagram

‌

Analysis

· To ensure that the LSRs establish IPv6 LSPs automatically, enable IPv6 LDP on each LSR.

· To establish IPv6 LDP LSPs, configure an IPv6 routing protocol to ensure IP connectivity between the LSRs. This example uses OSPFv3.

· To control the number of IPv6 LSPs, configure an IPv6 LSP generation policy on each LSR.

Procedure

1. Configure IPv6 addresses and prefix lengths for interfaces, including the loopback interfaces, as shown in Figure 230. (Details not shown.)

2. Configure OSPFv3 on each router to ensure IP connectivity between them:

# Configure Router A.

<RouterA> system-view

[RouterA] ospfv3

[RouterA-ospfv3-1] router-id 1.1.1.9

[RouterA-ospfv3-1] area 0

[RouterA-ospfv3-1-area-0.0.0.0] quit

[RouterA-ospfv3-1] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] ospfv3 1 area 0.0.0.0

[RouterA-LoopBack0] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[RouterA-Ten-GigabitEthernet3/0/2] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospfv3

[RouterB-ospfv3-1] router-id 2.2.2.9

[RouterB-ospfv3-1] area 0

[RouterB-ospfv3-1-area-0.0.0.0] quit

[RouterB-ospfv3-1] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] ospfv3 1 area 0.0.0.0

[RouterB-LoopBack0] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospfv3

[RouterC-ospfv3-1] router-id 3.3.3.9

[RouterC-ospfv3-1] area 0

[RouterC-ospfv3-1-area-0.0.0.0] quit

[RouterC-ospfv3-1] quit

[RouterC] interface loopback 0

[RouterC-LoopBack0] ospfv3 1 area 0.0.0.0

[RouterC-LoopBack0] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Verify that the routers have learned the routes to each other. This example uses Router A.

[RouterA] display ipv6 routing-table

Destinations : 11 Routes : 11

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 10::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 10::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 11::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 11::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 20::/64 Protocol : O_INTRA

NextHop : FE80::20C:29FF:FE9D:EAC0 Preference: 10

Interface : XGE3/0/1 Cost : 2

Destination: 21::/64 Protocol : O_INTRA

NextHop : FE80::20C:29FF:FE9D:EAC0 Preference: 10

Interface : XGE3/0/1 Cost : 3

Destination: 100::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 100::2/128 Protocol : O_INTRA

NextHop : FE80::20C:29FF:FE9D:EAC0 Preference: 10

Interface : XGE3/0/1 Cost : 1

Destination: 100::3/128 Protocol : O_INTRA

NextHop : FE80::20C:29FF:FE9D:EAC0 Preference: 10

Interface : XGE3/0/1 Cost : 2

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : InLoop0 Cost : 0

3. Enable MPLS and IPv6 LDP:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls ldp

[RouterA-ldp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 10::1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 10::2

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 20::1

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 20::2

[RouterC-Ten-GigabitEthernet3/0/1] quit

4. Configure IPv6 LSP generation policies:

# On Router A, create IPv6 prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterA] ipv6 prefix-list routera index 10 permit 100::1 128

[RouterA] ipv6 prefix-list routera index 20 permit 100::2 128

[RouterA] ipv6 prefix-list routera index 30 permit 100::3 128

[RouterA] ipv6 prefix-list routera index 40 permit 11::0 64

[RouterA] ipv6 prefix-list routera index 50 permit 21::0 64

[RouterA] mpls ldp

[RouterA-ldp] ipv6 lsp-trigger prefix-list routera

[RouterA-ldp] quit

# On Router B, create IPv6 prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterB] ipv6 prefix-list routerb index 10 permit 100::1 128

[RouterB] ipv6 prefix-list routerb index 20 permit 100::2 128

[RouterB] ipv6 prefix-list routerb index 30 permit 100::3 128

[RouterB] ipv6 prefix-list routerb index 40 permit 11::0 64

[RouterB] ipv6 prefix-list routerb index 50 permit 21::0 64

[RouterB] mpls ldp

[RouterB-ldp] ipv6 lsp-trigger prefix-list routerb

[RouterB-ldp] quit

# On Router C, create IPv6 prefix list routerc, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterC] ipv6 prefix-list routerc index 10 permit 100::1 128

[RouterC] ipv6 prefix-list routerc index 20 permit 100::2 128

[RouterC] ipv6 prefix-list routerc index 30 permit 100::3 128

[RouterC] ipv6 prefix-list routerc index 40 permit 11::0 64

[RouterC] ipv6 prefix-list routerc index 50 permit 21::0 64

[RouterC] mpls ldp

[RouterC-ldp] ipv6 lsp-trigger prefix-list routerc

[RouterC-ldp] quit

Verifying the configuration

# Display IPv6 LDP LSP information on the routers, for example, on Router A.

[RouterA] display mpls ldp lsp ipv6

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 5 Ingress: 3 Transit: 3 Egress: 2

FEC: 11::/64

In/Out Label: 2426/- OutInterface : -

Nexthop : -

In/Out Label: -/2424(L) OutInterface : -

Nexthop : -

FEC: 21::/64

In/Out Label: -/2425 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

In/Out Label: 2423/2425 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

FEC: 100::1/128

In/Out Label: 1040377/- OutInterface : -

Nexthop : -

In/Out Label: -/2426(L) OutInterface : -

Nexthop : -

FEC: 100::2/128

In/Out Label: -/1040379 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

In/Out Label: 2425/1040379 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

FEC: 100::3/128

In/Out Label: -/2427 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

In/Out Label: 2424/2427 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

# Test the connectivity of the IPv6 LDP LSP from Router A to Router C.

[RouterA] ping ipv6 -a 11::1 21::1

Ping6(56 data bytes) 11::1 --> 21::1, press CTRL_C to break

56 bytes from 21::1, icmp_seq=0 hlim=63 time=2.000 ms

56 bytes from 21::1, icmp_seq=1 hlim=63 time=1.000 ms

56 bytes from 21::1, icmp_seq=2 hlim=63 time=3.000 ms

56 bytes from 21::1, icmp_seq=3 hlim=63 time=3.000 ms

56 bytes from 21::1, icmp_seq=4 hlim=63 time=2.000 ms

--- Ping6 statistics for 21::1 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/2.200/3.000/0.748 ms

# Test the connectivity of the IPv6 LDP LSP from Router C to Router A.

[RouterC] ping ipv6 -a 21::1 11::1

Ping6(56 data bytes) 21::1 --> 11::1, press CTRL_C to break

56 bytes from 11::1, icmp_seq=0 hlim=63 time=2.000 ms

56 bytes from 11::1, icmp_seq=1 hlim=63 time=1.000 ms

56 bytes from 11::1, icmp_seq=2 hlim=63 time=1.000 ms

56 bytes from 11::1, icmp_seq=3 hlim=63 time=1.000 ms

56 bytes from 11::1, icmp_seq=4 hlim=63 time=1.000 ms

--- Ping6 statistics for 11::1 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms

Example: Configuring IPv6 label acceptance control

Network configuration

Two links, Router A—Router B—Router C and Router A—Router D—Router C, exist between subnets 11::0/64 and 21::0/64.

Configure LDP to establish LSPs only for routes to subnets 11::0/64 and 21::0/64.

Configure LDP to establish LSPs only on the link Router A—Router B—Router C to forward traffic between subnets 11::0/64 and 21::0/64.

Figure 231 Network diagram

‌

Analysis

· To ensure that the LSRs establish IPv6 LSPs automatically, enable IPv6 LDP on each LSR.

· To establish IPv6 LDP LSPs, configure an IPv6 routing protocol to ensure IP connectivity between the LSRs. This example uses OSPFv3.

· To ensure that LDP establishes IPv6 LSPs only for the routes 11::0/64 and 21::0/64, configure IPv6 LSP generation policies on each LSR.

· To ensure that LDP establishes IPv6 LSPs only over the link Router A—Router B—Router C, configure IPv6 label acceptance policies as follows:

¡ Router A accepts only the label mapping for FEC 21::0/64 received from Router B. Router A denies the label mapping for FEC 21::0/64 received from Router D.

¡ Router C accepts only the label mapping for FEC 11::0/64 received from Router B. Router C denies the label mapping for FEC 11::0/64 received from Router D.

Procedure

1. Configure IPv6 addresses and prefix lengths for interfaces, including the loopback interfaces, as shown in Figure 231. (Details not shown.)

2. Configure OSPFv3 on each router to ensure IP connectivity between them. (Details not shown.)

3. Enable MPLS and IPv6 LDP:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls ldp

[RouterA-ldp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 10::1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] mpls enable

[RouterA-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterA-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 30::1

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 10::2

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 20::1

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 20::2

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 40::2

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls ldp

[RouterD-ldp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 30::2

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] mpls enable

[RouterD-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterD-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 40::1

[RouterD-Ten-GigabitEthernet3/0/2] quit

4. Configure IPv6 LSP generation policies:

# On Router A, create IPv6 prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterA] ipv6 prefix-list routera index 10 permit 11::0 64

[RouterA] ipv6 prefix-list routera index 20 permit 21::0 64

[RouterA] mpls ldp

[RouterA-ldp] ipv6 lsp-trigger prefix-list routera

[RouterA-ldp] quit

# On Router B, create IPv6 prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterB] ipv6 prefix-list routerb index 10 permit 11::0 64

[RouterB] ipv6 prefix-list routerb index 20 permit 21::0 64

[RouterB] mpls ldp

[RouterB-ldp] ipv6 lsp-trigger prefix-list routerb

[RouterB-ldp] quit

# On Router C, create IPv6 prefix list routerc, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterC] ipv6 prefix-list routerc index 10 permit 11::0 64

[RouterC] ipv6 prefix-list routerc index 20 permit 21::0 64

[RouterC] mpls ldp

[RouterC-ldp] ipv6 lsp-trigger prefix-list routerc

[RouterC-ldp] quit

# On Router D, create IPv6 prefix list routerd, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterD] ipv6 prefix-list routerd index 10 permit 11::0 64

[RouterD] ipv6 prefix-list routerd index 20 permit 21::0 64

[RouterD] mpls ldp

[RouterD-ldp] ipv6 lsp-trigger prefix-list routerd

[RouterD-ldp] quit

5. Configure IPv6 label acceptance policies:

# On Router A, create IPv6 prefix list prefix-from-b to permit subnet 21::0/64. Router A uses this list to filter FEC-label mappings received from Router B.

[RouterA] ipv6 prefix-list prefix-from-b index 10 permit 21::0 64

# On Router A, create IPv6 prefix list prefix-from-d to deny subnet 21::0/64. Router A uses this list to filter FEC-label mappings received from Router D.

[RouterA] ipv6 prefix-list prefix-from-d index 10 deny 21::0 64

# On Router A, configure IPv6 label acceptance policies to filter FEC-label mappings received from Router B and Router D.

[RouterA] mpls ldp

[RouterA-ldp] ipv6 accept-label peer 2.2.2.9 prefix-list prefix-from-b

[RouterA-ldp] ipv6 accept-label peer 4.4.4.9 prefix-list prefix-from-d

[RouterA-ldp] quit

# On Router C, create IPv6 prefix list prefix-from-b to permit subnet 11::0/64. Router C uses this list to filter FEC-label mappings received from Router B.

[RouterC] ipv6 prefix-list prefix-from-b index 10 permit 11::0 64

# On Router C, create IPv6 prefix list prefix-from-d to deny subnet 11::0/64. Router A uses this list to filter FEC-label mappings received from Router D.

[RouterC] ipv6 prefix-list prefix-from-d index 10 deny 11::0 64

# On Router C, configure IPv6 label acceptance policies to filter FEC-label mappings received from Router B and Router D.

[RouterC] mpls ldp

[RouterC-ldp] ipv6 accept-label peer 2.2.2.9 prefix-list prefix-from-b

[RouterC-ldp] ipv6 accept-label peer 4.4.4.9 prefix-list prefix-from-d

[RouterC-ldp] quit

Verifying the configuration

# Display IPv6 LDP LSP information on the routers, for example, on Router A.

[RouterA] display mpls ldp lsp ipv6

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 1 Transit 1 Egress: 1

FEC: 11::/64

In/Out Label: 2417/- OutInterface : -

Nexthop : -

FEC: 21::/64

In/Out Label: -/2416 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

In/Out Label: 2415/2416 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

The output shows that the next hop of the IPv6 LSP for FEC 21::0/64 is Router B (FE80::20C:29FF:FE9D:EAC0). The IPv6 LSP has been established over the link Router A—Router B—Router C, not over the link Router A—Router D—Router C.

# Test the connectivity of the IPv6 LDP LSP from Router A to Router C.

[RouterA] ping ipv6 -a 11::1 21::1

Ping6(56 data bytes) 11::1 --> 21::1, press CTRL_C to break

56 bytes from 21::1, icmp_seq=0 hlim=63 time=4.000 ms

56 bytes from 21::1, icmp_seq=1 hlim=63 time=3.000 ms

56 bytes from 21::1, icmp_seq=2 hlim=63 time=3.000 ms

56 bytes from 21::1, icmp_seq=3 hlim=63 time=2.000 ms

56 bytes from 21::1, icmp_seq=4 hlim=63 time=1.000 ms

--- Ping6 statistics for 21::1 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/2.600/4.000/1.020 ms

# Test the connectivity of the IPv6 LDP LSP from Router C to Router A.

[RouterC] ping ipv6 -a 21::1 11::1

Ping6(56 data bytes) 21::1 --> 11::1, press CTRL_C to break

56 bytes from 11::1, icmp_seq=0 hlim=63 time=1.000 ms

56 bytes from 11::1, icmp_seq=1 hlim=63 time=2.000 ms

56 bytes from 11::1, icmp_seq=2 hlim=63 time=1.000 ms

56 bytes from 11::1, icmp_seq=3 hlim=63 time=2.000 ms

56 bytes from 11::1, icmp_seq=4 hlim=63 time=1.000 ms

--- Ping6 statistics for 11::1 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms

Example: Configuring IPv6 label advertisement control

Network configuration

Two links, Router A—Router B—Router C and Router A—Router D—Router C, exist between subnets 11::0/64 and 21::0/64.

Configure LDP to establish LSPs only for routes to subnets 11::0/64 and 21::0/64.

Configure LDP to establish LSPs only on the link Router A—Router B—Router C to forward traffic between subnets 11::0/64 and 21::0/64.

Figure 232 Network diagram

‌

Analysis

· To ensure that the LSRs establish IPv6 LSPs automatically, enable IPv6 LDP on each LSR.

· To establish IPv6 LDP LSPs, configure an IPv6 routing protocol to ensure IP connectivity between the LSRs. This example uses OSPFv3.

· To ensure that LDP establishes IPv6 LSPs only for the routes 11::0/64 and 21::0/64, configure IPv6 LSP generation policies on each LSR.

· To ensure that LDP establishes IPv6 LSPs only over the link Router A—Router B—Router C, configure IPv6 label advertisement policies as follows:

¡ Router A advertises only the label mapping for FEC 11::0/64 to Router B.

¡ Router C advertises only the label mapping for FEC 21::0/64 to Router B.

¡ Router D does not advertise label mapping for FEC 21::0/64 to Router A. Router D does not advertise label mapping for FEC 11::0/64 to Router C.

Procedure

1. Configure IPv6 addresses and prefix lengths for interfaces, including the loopback interfaces, as shown in Figure 232. (Details not shown.)

2. Configure OSPFv3 on each router to ensure IP connectivity between them. (Details not shown.)

3. Enable MPLS and IPv6 LDP:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls ldp

[RouterA-ldp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 10::1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] mpls enable

[RouterA-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterA-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 30::1

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 10::2

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 20::1

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 20::2

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 40::2

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls ldp

[RouterD-ldp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp ipv6 enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp transport-address 30::2

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] mpls enable

[RouterD-Ten-GigabitEthernet3/0/2] mpls ldp ipv6 enable

[RouterD-Ten-GigabitEthernet3/0/2] mpls ldp transport-address 40::1

[RouterD-Ten-GigabitEthernet3/0/2] quit

4. Configure IPv6 LSP generation policies:

# On Router A, create IPv6 prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterA] ipv6 prefix-list routera index 10 permit 11::0 64

[RouterA] ipv6 prefix-list routera index 20 permit 21::0 64

[RouterA] mpls ldp

[RouterA-ldp] ipv6 lsp-trigger prefix-list routera

[RouterA-ldp] quit

# On Router B, create IPv6 prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterB] ipv6 prefix-list routerb index 10 permit 11::0 64

[RouterB] ipv6 prefix-list routerb index 20 permit 21::0 64

[RouterB] mpls ldp

[RouterB-ldp] ipv6 lsp-trigger prefix-list routerb

[RouterB-ldp] quit

# On Router C, create IPv6 prefix list routerc, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterC] ipv6 prefix-list routerc index 10 permit 11::0 64

[RouterC] ipv6 prefix-list routerc index 20 permit 21::0 64

[RouterC] mpls ldp

[RouterC-ldp] ipv6 lsp-trigger prefix-list routerc

[RouterC-ldp] quit

# On Router D, create IPv6 prefix list routerd, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.

[RouterD] ipv6 prefix-list routerd index 10 permit 11::0 64

[RouterD] ipv6 prefix-list routerd index 20 permit 21::0 64

[RouterD] mpls ldp

[RouterD-ldp] ipv6 lsp-trigger prefix-list routerd

[RouterD-ldp] quit

5. Configure IPv6 label advertisement policies:

# On Router A, create IPv6 prefix list prefix-to-b to permit subnet 11::0/64. Router A uses this list to filter FEC-label mappings advertised to Router B.

[RouterA] ipv6 prefix-list prefix-to-b index 10 permit 11::0 64

# On Router A, create IP prefix list peer-b to permit 2.2.2.9/32. Router A uses this list to filter peers.

[RouterA] ip prefix-list peer-b index 10 permit 2.2.2.9 32

# On Router A, configure an IPv6 label advertisement policy to advertise only the label mapping for FEC 11::0/64 to Router B.

[RouterA] mpls ldp

[RouterA-ldp] ipv6 advertise-label prefix-list prefix-to-b peer peer-b

[RouterA-ldp] quit

# On Router C, create IPv6 prefix list prefix-to-b to permit subnet 21::0/64. Router C uses this list to filter FEC-label mappings advertised to Router B.

[RouterC] ipv6 prefix-list prefix-to-b index 10 permit 21::0 64

# On Router C, create IP prefix list peer-b to permit 2.2.2.9/32. Router C uses this list to filter peers.

[RouterC] ip prefix-list peer-b index 10 permit 2.2.2.9 32

# On Router C, configure an IPv6 label advertisement policy to advertise only the label mapping for FEC 21::0/64 to Router B.

[RouterC] mpls ldp

[RouterC-ldp] ipv6 advertise-label prefix-list prefix-to-b peer peer-b

[RouterC-ldp] quit

# On Router D, create IPv6 prefix list prefix-to-a to deny subnet 21::0/64. Router D uses this list to filter FEC-label mappings to be advertised to Router A.

[RouterD] ipv6 prefix-list prefix-to-a index 10 deny 21::0 64

[RouterD] ipv6 prefix-list prefix-to-a index 20 permit 0::0 0 less-equal 128

# On Router D, create IP prefix list peer-a to permit 1.1.1.9/32. Router D uses this list to filter peers.

[RouterD] ip prefix-list peer-a index 10 permit 1.1.1.9 32

# On Router D, create IPv6 prefix list prefix-to-c to deny subnet 11::0/64. Router D uses this list to filter FEC-label mappings to be advertised to Router C.

[RouterD] ipv6 prefix-list prefix-to-c index 10 deny 11::0 64

[RouterD] ipv6 prefix-list prefix-to-c index 20 permit 0::0 0 less-equal 128

# On Router D, create IP prefix list peer-c to permit subnet 3.3.3.9/32. Router D uses this list to filter peers.

[RouterD] ip prefix-list peer-c index 10 permit 3.3.3.9 32

# On Router D, configure an IPv6 label advertisement policy. This policy ensures that Router D does not advertise label mappings for FEC 21::0/64 to Router A, and does not advertise label mappings for FEC 11::0/64 to Router C.

[RouterD] mpls ldp

[RouterD-ldp] ipv6 advertise-label prefix-list prefix-to-a peer peer-a

[RouterD-ldp] ipv6 advertise-label prefix-list prefix-to-c peer peer-c

[RouterD-ldp] quit

Verifying the configuration

# Display LDP LSP information on the routers, for example, on Router A.

[RouterA] display mpls ldp lsp ipv6

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 1 Transit: 1 Egress: 1

FEC: 11::/64

In/Out Label: 2417/- OutInterface : -

Nexthop : -

In/Out Label: -/1098(L) OutInterface : -

Nexthop : -

In/Out Label: -/2418(L) OutInterface : -

Nexthop : -

FEC: 21::/64

In/Out Label: -/2416 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

In/Out Label: 2415/2416 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAC0

[RouterB] display mpls ldp lsp ipv6

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 2 Transit: 2 Egress: 0

FEC: 11::/64

In/Out Label: -/2417 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EA8E

In/Out Label: 2418/2417 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EA8E

FEC: 21::/64

In/Out Label: -/1099 OutInterface : XGE3/0/2

Nexthop : FE80::20C:29FF:FE05:1C01

In/Out Label: 2416/1099 OutInterface : XGE3/0/2

Nexthop : FE80::20C:29FF:FE05:1C01

[RouterC] display mpls ldp lsp ipv6

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 1 Transit: 1 Egress: 1

FEC: 11::/64

In/Out Label: -/2418 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAA2

In/Out Label: 1098/2418 OutInterface : XGE3/0/1

Nexthop : FE80::20C:29FF:FE9D:EAA2

FEC: 21::/64

In/Out Label: 1099/- OutInterface : -

Nexthop : -

In/Out Label: -/2416(L) OutInterface : -

Nexthop : -

In/Out Label: -/1097(L) OutInterface : -

Nexthop : -

[RouterD] display mpls ldp lsp ipv6

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 2 Ingress: 0 Transit: 0 Egress: 2

FEC: 11::/64

In/Out Label: 1098/- OutInterface : -

Nexthop : -

FEC: 21::/64

In/Out Label: 1097/- OutInterface : -

Nexthop : -

The output shows that Router A and Router C have received FEC-label mappings only from Router B. Router B has received FEC-label mappings from both Router A and Router C. Router D does not receive FEC-label mappings from Router A or Router C. LDP has established an IPv6 LSP only over the link Router A—Router B—Router C.

# Test the connectivity of the IPv6 LDP LSP from Router A to Router C.

[RouterA] ping ipv6 -a 11::1 21::1

Ping6(56 data bytes) 11::1 --> 21::1, press CTRL_C to break

56 bytes from 21::1, icmp_seq=0 hlim=63 time=4.000 ms

56 bytes from 21::1, icmp_seq=1 hlim=63 time=3.000 ms

56 bytes from 21::1, icmp_seq=2 hlim=63 time=3.000 ms

56 bytes from 21::1, icmp_seq=3 hlim=63 time=2.000 ms

56 bytes from 21::1, icmp_seq=4 hlim=63 time=1.000 ms

--- Ping6 statistics for 21::1 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/2.600/4.000/1.020 ms

# Test the connectivity of the IPv6 LDP LSP from Router C to Router A.

[RouterC] ping ipv6 -a 21::1 11::1

Ping6(56 data bytes) 21::1 --> 11::1, press CTRL_C to break

56 bytes from 11::1, icmp_seq=0 hlim=63 time=1.000 ms

56 bytes from 11::1, icmp_seq=1 hlim=63 time=2.000 ms

56 bytes from 11::1, icmp_seq=2 hlim=63 time=1.000 ms

56 bytes from 11::1, icmp_seq=3 hlim=63 time=2.000 ms

56 bytes from 11::1, icmp_seq=4 hlim=63 time=1.000 ms

--- Ping6 statistics for 11::1 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms

MPLS TE configuration examples

Example: Establishing an MPLS TE tunnel over a static CRLSP

Network configuration

Router A, Router B, and Router C run IS-IS.

Establish an MPLS TE tunnel over a static CRLSP from Router A to Router C to transmit data between the two IP networks.

The MPLS TE tunnel requires a bandwidth of 2000 kbps. The maximum bandwidth of the link that the tunnel traverses is 10000 kbps. The maximum reservable bandwidth of the link is 5000 kbps.

Figure 233 Network diagram

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] isis enable 1

[RouterA-LoopBack0] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] isis enable 1

[RouterB-LoopBack0] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface loopback 0

[RouterC-LoopBack0] isis enable 1

[RouterC-LoopBack0] quit

# Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.)

3. Configure an LSR ID, and enable MPLS and MPLS TE:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls te

[RouterA-te] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls te

[RouterB-te] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] mpls te

[RouterC-te] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

4. Configure MPLS TE attributes of links:

# Set the maximum link bandwidth and maximum reservable bandwidth on Router A.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router B.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router C.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterC-Ten-GigabitEthernet3/0/1] quit

5. Configure an MPLS TE tunnel on Router A:

# Configure MPLS TE tunnel interface Tunnel 0.

[RouterA] interface tunnel 0 mode mpls-te

[RouterA-Tunnel0] ip address 6.1.1.1 255.255.255.0

# Specify the tunnel destination address as the LSR ID of Router C.

[RouterA-Tunnel0] destination 3.3.3.3

# Configure MPLS TE to use a static CRLSP to establish the tunnel.

[RouterA-Tunnel0] mpls te signaling static

[RouterA-Tunnel0] quit

6. Create a static CRLSP:

# Configure Router A as the ingress node of the static CRLSP, and specify the next hop address as 2.1.1.2, outgoing label as 20, and bandwidth for the tunnel as 2000 kbps.

[RouterA] static-cr-lsp ingress static-cr-lsp-1 nexthop 2.1.1.2 out-label 20 bandwidth 2000

# On Router A, configure Tunnel 0 to use static CRLSP static-cr-lsp-1.

[RouterA] interface tunnel0

[RouterA-Tunnel0] mpls te static-cr-lsp static-cr-lsp-1

[RouterA-Tunnel0] quit

# Configure Router B as the transit node of the static CRLSP, and specify the incoming label as 20, next hop address as 3.2.1.2, outgoing label as 30, and bandwidth for the tunnel as 2000 kbps.

[RouterB] static-cr-lsp transit static-cr-lsp-1 in-label 20 nexthop 3.2.1.2 out-label 30 bandwidth 2000

# Configure Router C as the egress node of the static CRLSP, and specify the incoming label as 30.

[RouterC] static-cr-lsp egress static-cr-lsp-1 in-label 30

7. Configure a static route on Router A to direct traffic destined for subnet 100.1.2.0/24 to MPLS TE tunnel 0.

[RouterA] ip route-static 100.1.2.0 24 tunnel 0 preference 1

Verifying the configuration

# Verify that the tunnel interface is up on Router A.

[RouterA] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 6.1.1.1/24 (primary)

Tunnel source unknown, destination 3.3.3.3

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 0

Tunnel State : Up (Main CRLSP up)

Tunnel Attributes :

LSP ID : 1 Tunnel ID : 0

Admin State : Normal

Ingress LSR ID : 1.1.1.1 Egress LSR ID : 3.3.3.3

Signaling : Static Static CRLSP Name : static-cr-lsp-1

Static SRLSP Name : -

Resv Style : -

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : - Tunnel Bandwidth : -

Reserved Bandwidth : -

Setup Priority : 0 Holding Priority : 0

Affinity Attr/Mask : -/-

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : - Record Label : -

FRR Flag : - Bandwidth Protection : -

Backup Bandwidth Flag: - Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : - Auto Created : -

Route Pinning : -

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : - Reoptimization Freq : -

Backup Type : - Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : - Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

# Display static CRLSP information on each router.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.1/0/1 StaticCR -/20 XGE3/0/1

2.1.1.2 Local -/- XGE3/0/1

Tunnel0 Local -/- NHLFE1025

[RouterB] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

- StaticCR 20/30 XGE3/0/2

3.2.1.2 Local -/- XGE3/0/2

[RouterC] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

- StaticCR 30/- -

[RouterA] display mpls static-cr-lsp

Name LSR Type In/Out Label Out Interface State

static-cr-lsp-1 Ingress Null/20 XGE3/0/1 Up

[RouterB] display mpls static-cr-lsp

Name LSR Type In/Out Label Out Interface State

static-cr-lsp-1 Transit 20/30 XGE3/0/2 Up

[RouterC] display mpls static-cr-lsp

Name LSR Type In/Out Label Out Interface State

static-cr-lsp-1 Egress 30/Null - Up

# Execute the display ip routing-table command on Router A. The output shows a static route entry with interface Tunnel 0 as the output interface. (Details not shown.)

Example: Establishing an MPLS TE tunnel with RSVP-TE

Network configuration

Router A, Router B, Router C, and Router D run IS-IS and all of them are Level-2 routers.

Use RSVP-TE to establish an MPLS TE tunnel from Router A to Router D to transmit data between the two IP networks. The MPLS TE tunnel requires a bandwidth of 2000 kbps.

The maximum bandwidth of the link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth of the link is 5000 kbps.

Figure 234 Network diagram

‌

Table 61 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.9/32	Router C	Loop0	3.3.3.9/32
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	30.1.1.1/24
	XGE3/0/2	100.1.1.1/24		XGE3/0/2	20.1.1.2/24
Router B	Loop0	2.2.2.9/32	Router D	Loop0	4.4.4.9/32
	XGE3/0/1	10.1.1.2/24		XGE3/0/1	30.1.1.2/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/2	100.1.2.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] isis enable 1

[RouterA-LoopBack0] isis circuit-level level-2

[RouterA-LoopBack0] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] isis circuit-level level-2

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] isis enable 1

[RouterB-LoopBack0] isis circuit-level level-2

[RouterB-LoopBack0] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] isis circuit-level level-2

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 0

[RouterC-LoopBack0] isis enable 1

[RouterC-LoopBack0] isis circuit-level level-2

[RouterC-LoopBack0] quit

# Configure Router D.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] network-entity 00.0005.0000.0000.0004.00

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface loopback 0

[RouterD-LoopBack0] isis enable 1

[RouterD-LoopBack0] isis circuit-level level-2

[RouterD-LoopBack0] quit

# Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.)

3. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls te

[RouterB-te] quit

[RouterB] rsvp

[RouterB-rsvp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls te

[RouterC-te] quit

[RouterC] rsvp

[RouterC-rsvp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls te

[RouterD-te] quit

[RouterD] rsvp

[RouterD-rsvp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterD-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

4. Configure IS-IS TE:

# Configure Router A.

[RouterA] isis 1

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] mpls te enable level-2

[RouterA-isis-1] quit

# Configure Router B.

[RouterB] isis 1

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] mpls te enable level-2

[RouterB-isis-1] quit

# Configure Router C.

[RouterC] isis 1

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] mpls te enable level-2

[RouterC-isis-1] quit

# Configure Router D.

[RouterD] isis 1

[RouterD-isis-1] cost-style wide

[RouterD-isis-1] mpls te enable level-2

[RouterD-isis-1] quit

5. Configure MPLS TE attributes of links:

# Set the maximum link bandwidth and maximum reservable bandwidth on Router A.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router B.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router C.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[RouterC-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router D.

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterD-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterD-Ten-GigabitEthernet3/0/1] quit

6. Configure an MPLS TE tunnel on Router A:

# Configure MPLS TE tunnel interface Tunnel 1.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0

# Specify the tunnel destination address as the LSR ID of Router D.

[RouterA-Tunnel1] destination 4.4.4.9

# Configure MPLS TE to use RSVP-TE to establish the tunnel.

[RouterA-Tunnel1] mpls te signaling rsvp-te

# Assign 2000 kbps bandwidth to the tunnel.

[RouterA-Tunnel1] mpls te bandwidth 2000

[RouterA-Tunnel1] quit

7. Configure a static route on Router A to direct the traffic destined for subnet 100.1.2.0/24 to MPLS TE tunnel 1.

[RouterA] ip route-static 100.1.2.0 24 tunnel 1 preference 1

Verifying the configuration

# Verify that the tunnel interface is up on Router A.

[RouterA] display interface tunnel

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 7.1.1.1/24 (primary)

Tunnel source unknown, destination 4.4.4.9

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Last clearing of counters: Never

Last 300 seconds input: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 1

Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP down)

Tunnel Attributes :

LSP ID : 23331 Tunnel ID : 1

Admin State : Normal

Ingress LSR ID : 1.1.1.9 Egress LSR ID : 4.4.4.9

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 2000 kbps

Reserved Bandwidth : 2000 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : Disabled Record Label : Disabled

FRR Flag : Disabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : No Auto Created : No

Route Pinning : Disabled

Retry Limit : 10 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

# Execute the display ip routing-table command on Router A. The output shows a static route entry with interface Tunnel 1 as the output interface. (Details not shown.)

Example: Establishing an inter-AS MPLS TE tunnel with RSVP-TE

Network configuration

Router A and Router B are in AS 100. Router C and Router D are in AS 200. AS 100 and AS 200 use OSPF as the IGP.

Establish an EBGP connection between ASBRs Router B and Router C. Redistribute BGP routes into OSPF and OSPF routes into BGP, so that AS 100 and AS 200 can reach each other.

Use RSVP-TE to establish an MPLS TE tunnel from Router A to Router D to transmit data between the two IP networks. The tunnel requires a bandwidth of 2000 kbps. The maximum bandwidth of the link that the tunnel traverses is 10000 kbps, and the maximum reservable bandwidth of the link is 5000 kbps.

Figure 235 Network diagram

‌

Table 62 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.9/32	Router C	Loop0	3.3.3.9/32
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	30.1.1.1/24
	XGE3/0/2	100.1.1.0/24		XGE3/0/2	20.1.1.2/24
Router B	Loop0	2.2.2.9/32	Router D	Loop0	4.4.4.9/32
	XGE3/0/1	10.1.1.2/24		XGE3/0/1	30.1.1.2/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/2	100.1.2.0/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure OSPF to advertise routes within the ASs, and redistribute the direct and BGP routes into OSPF on Router B and Router C:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospf

[RouterB-ospf-1] import-route direct

[RouterB-ospf-1] import-route bgp

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf-1] import-route direct

[RouterC-ospf-1] import-route bgp

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] ospf

[RouterD-ospf-1] area 0

[RouterD-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255

[RouterD-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[RouterD-ospf-1-area-0.0.0.0] quit

[RouterD-ospf-1] quit

# Verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. This example uses Router A.

[RouterA] display ip routing-table

Destinations : 6 Routes : 6

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 O_INTRA 10 1 10.1.1.2 XGE3/0/1

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

3. Configure BGP on Router B and Router C to ensure that the ASs can communicate with each other:

# Configure Router B.

[RouterB] bgp 100

[RouterB-bgp] peer 20.1.1.2 as-number 200

[RouterB-bgp] address-family ipv4 unicast

[RouterB-bgp-ipv4] peer 20.1.1.2 enable

[RouterB-bgp-ipv4] import-route ospf

[RouterB-bgp-ipv4] import-route direct

[RouterB-bgp-ipv4] quit

[RouterB-bgp] quit

# Configure Router C.

[RouterC] bgp 200

[RouterC-bgp] peer 20.1.1.1 as-number 100

[RouterC-bgp] address-family ipv4 unicast

[RouterC-bgp-ipv4] peer 20.1.1.1 enable

[RouterC-bgp-ipv4] import-route ospf

[RouterC-bgp-ipv4] import-route direct

[RouterC-bgp-ipv4] quit

[RouterC-bgp] quit

# Verify that the routers have learned the AS-external routes. This example uses Router A.

[RouterA] display ip routing-table

Destinations : 10 Routes : 10

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 O_INTRA 10 1 10.1.1.2 XGE3/0/1

3.3.3.9/32 O_ASE 150 1 10.1.1.2 XGE3/0/1

4.4.4.9/32 O_ASE 150 1 10.1.1.2 XGE3/0/1

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

20.1.1.0/24 O_ASE 150 1 10.1.1.2 XGE3/0/1

30.1.1.0/24 O_ASE 150 1 10.1.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

4. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls te

[RouterB-te] quit

[RouterB] rsvp

[RouterB-rsvp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls te

[RouterC-te] quit

[RouterC] rsvp

[RouterC-rsvp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls te

[RouterD-te] quit

[RouterD] rsvp

[RouterD-rsvp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterD-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

5. Configure OSPF TE:

# Configure Router A.

[RouterA] ospf

[RouterA-ospf-1] opaque-capability enable

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] mpls te enable

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# Configure Router B.

[RouterB] ospf

[RouterB-ospf-1] opaque-capability enable

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] mpls te enable

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

[RouterC] ospf

[RouterC-ospf-1] opaque-capability enable

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] mpls te enable

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

# Configure Router D.

[RouterD] ospf

[RouterD-ospf-1] opaque-capability enable

[RouterD-ospf-1] area 0

[RouterD-ospf-1-area-0.0.0.0] mpls te enable

[RouterD-ospf-1-area-0.0.0.0] quit

[RouterD-ospf-1] quit

6. Configure an explicit path on Router A. Specify Router B and Router D as loose nodes, and Router C as a strict node.

[RouterA] explicit-path atod

[RouterA-explicit-path-atod] nexthop 10.1.1.2 include loose

[RouterA-explicit-path-atod] nexthop 20.1.1.2 include strict

[RouterA-explicit-path-atod] nexthop 30.1.1.2 include loose

[RouterA-explicit-path-atod] quit

7. Configure MPLS TE attributes of links:

# Set the maximum link bandwidth and maximum reservable bandwidth on Router A.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router B.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router C.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[RouterC-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router D.

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterD-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterD-Ten-GigabitEthernet3/0/1] quit

8. Configure an MPLS TE tunnel on Router A:

# Configure MPLS TE tunnel interface Tunnel 1.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0

# Specify the tunnel destination address as the LSR ID of Router D.

[RouterA-Tunnel1] destination 4.4.4.9

# Configure MPLS TE to use RSVP-TE to establish the tunnel.

[RouterA-Tunnel1] mpls te signaling rsvp-te

# Assign 2000 kbps bandwidth to the tunnel.

[RouterA-Tunnel1] mpls te bandwidth 2000

# Specify explicit path atod for the tunnel.

[RouterA-Tunnel1] mpls te path preference 5 explicit-path atod

[RouterA-Tunnel1] quit

9. Configure a static route on Router A to direct the traffic destined for subnet 100.1.2.0/24 to MPLS TE tunnel 1.

[RouterA] ip route-static 100.1.2.0 24 tunnel 1 preference 1

Verifying the configuration

# Verify that the tunnel interface is up on Router A.

[RouterA] display interface tunnel 1

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 7.1.1.1/24 (primary)

Tunnel source unknown, destination 4.4.4.9

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Last clearing of counters: Never

Last 300 seconds input: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 1

Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP down)

Tunnel Attributes :

LSP ID : 23549 Tunnel ID : 1

Admin State : Normal

Ingress LSR ID : 1.1.1.9 Egress LSR ID : 4.4.4.9

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 2000 kbps

Reserved Bandwidth : 2000 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : atod

Backup Explicit Path : -

Metric Type : TE

Record Route : Disabled Record Label : Disabled

FRR Flag : Disabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : No Auto Created : No

Route Pinning : Disabled

Retry Limit : 10 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

# Verify that Router A has a static route entry with interface Tunnel 1 as the output interface.

[RouterA] display ip routing-table

Destinations : 14 Routes : 14

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 O_INTRA 10 1 10.1.1.2 XGE3/0/1

3.3.3.9/32 O_ASE 150 1 10.1.1.2 XGE3/0/1

4.4.4.9/32 O_ASE 150 1 10.1.1.2 XGE3/0/1

7.1.1.0/24 Direct 0 0 7.1.1.1 Tun1

7.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

20.1.1.0/24 O_ASE 150 1 10.1.1.2 XGE3/0/1

100.1.2.0/24 Static 1 0 0.0.0.0 Tun1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

Example: Configuring bidirectional MPLS TE tunnel

Network configuration

Router A, Router B, Router C, and Router D all run IS-IS and they are all level-2 routers.

Use RSVP-TE to establish a bidirectional MPLS TE tunnel between Router A and Router D.

Figure 236 Network diagram

‌

Table 63 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.9/32	Router C	Loop0	3.3.3.9/32
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	30.1.1.1/24
	XGE3/0/2	100.1.1.1/24		XGE3/0/2	20.1.1.2/24
Router B	Loop0	2.2.2.9/32	Router D	Loop0	4.4.4.9/32
	XGE3/0/1	10.1.1.2/24		XGE3/0/1	30.1.1.2/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/2	100.1.2.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address:

For more information, see "Example: Establishing an MPLS TE tunnel with RSVP-TE."

3. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE on each router. Configure Router A and Router D to assign a non-null label to the penultimate hop:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls label advertise non-null

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls te

[RouterB-te] quit

[RouterB] rsvp

[RouterB-rsvp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls te

[RouterC-te] quit

[RouterC-] rsvp

[RouterC-rsvp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls label advertise non-null

[RouterD] mpls te

[RouterD-te] quit

[RouterD] rsvp

[RouterD-rsvp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterD-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

4. Configure IS-IS TE:

# Configure Router A.

[RouterA] isis 1

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] mpls te enable level-2

[RouterA-isis-1] quit

# Configure Router B.

[RouterB] isis 1

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] mpls te enable level-2

[RouterB-isis-1] quit

# Configure Router C.

[RouterC] isis 1

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] mpls te enable level-2

[RouterC-isis-1] quit

# Configure Router D.

[RouterD] isis 1

[RouterD-isis-1] cost-style wide

[RouterD-isis-1] mpls te enable level-2

[RouterD-isis-1] quit

5. Configure a co-routed bidirectional MPLS TE tunnel:

# Configure Router A as the active end of the co-routed bidirectional tunnel.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0

[RouterA-Tunnel1] destination 4.4.4.9

[RouterA-Tunnel1] mpls te signaling rsvp-te

[RouterA-Tunnel1] mpls te resv-style ff

[RouterA-Tunnel1] mpls te bidirectional co-routed active

[RouterA-Tunnel1] quit

# Configure Router D as the passive end of the co-routed bidirectional tunnel.

[RouterD] interface tunnel 4 mode mpls-te

[RouterD-Tunnel4] ip address 8.1.1.1 255.255.255.0

[RouterD-Tunnel4] destination 1.1.1.9

[RouterD-Tunnel4] mpls te signaling rsvp-te

[RouterD-Tunnel4] mpls te resv-style ff

[RouterD-Tunnel4] mpls te bidirectional co-routed passive reverse-lsp lsr-id 1.1.1.9 tunnel-id 1

[RouterD-Tunnel4] quit

6. Creates static routes to direct the traffic to the MPLS TE tunnels.

# Create a static route on Router A to direct traffic destined for 100.1.2.0/24 to MPLS TE tunnel 1.

[RouterA] ip route-static 100.1.2.0 24 tunnel 1 preference 1

# Create a static route on Router D to direct traffic destined for 100.1.1.0/24 to MPLS TE tunnel 4.

[RouterD] ip route-static 100.1.1.0 24 tunnel 4 preference 1

Verifying the configuration

# Verify that the tunnel interface is up on Router A.

[RouterA] display interface tunnel

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 7.1.1.1/24 (primary)

Tunnel source unknown, destination 4.4.4.9

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 1

Tunnel State : Up (Main CRLSP up, Reverse CRLSP up)

Tunnel Attributes :

LSP ID : 30478 Tunnel ID : 1

Admin State : Normal

Ingress LSR ID : 1.1.1.9 Egress LSR ID : 4.4.4.9

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : FF

Tunnel mode : Co-routed, active

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 0 kbps

Reserved Bandwidth : 0 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : Disabled Record Label : Disabled

FRR Flag : Disabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : No Auto Created : No

Route Pinning : Disabled

Retry Limit : 10 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

# Display detailed information about the bidirectional MPLS TE tunnel on Router A.

[RouterA] display mpls lsp verbose

Destination : 4.4.4.9

FEC : 1.1.1.9/1/30478

Protocol : RSVP

LSR Type : Ingress

Service : -

NHLFE ID : 1027

State : Active

Out-Label : 1149

Nexthop : 10.1.1.2

Out-Interface: XGE3/0/1

Destination : 4.4.4.9

FEC : 1.1.1.9/1/30478

Protocol : RSVP

LSR Type : Egress

Service : -

In-Label : 1151

State : Active

Nexthop : 127.0.0.1

Out-Interface: -

Destination : 10.1.1.2

FEC : 10.1.1.2

Protocol : Local

LSR Type : Ingress

Service : -

NHLFE ID : 1026

State : Active

Nexthop : 10.1.1.2

Out-Interface: XGE3/0/1

Destination : 4.4.4.9

FEC : Tunnel1

Protocol : Local

LSR Type : Ingress

Service : -

NHLFE ID : 268435457

State : Active

Out-Interface: NHLFE74

# Verify that the tunnel interface is up on Router D.

[RouterD] display interface tunnel

Tunnel4

Current state: UP

Line protocol state: UP

Description: Tunnel4 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 8.1.1.1/24 (primary)

Tunnel source unknown, destination 1.1.1.9

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel on Router D.

[RouterD] display mpls te tunnel-interface

Tunnel Name : Tunnel 4

Tunnel State : Up (Main CRLSP up, Reverse CRLSP up)

Tunnel Attributes :

LSP ID : - Tunnel ID : 4

Admin State : Normal

Ingress LSR ID : - Egress LSR ID : -

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : FF

Tunnel mode : Co-routed, passive

Reverse-LSP name : -

Reverse-LSP LSR ID : 1.1.1.9 Reverse-LSP Tunnel ID: 1

Class Type : - Tunnel Bandwidth : -

Reserved Bandwidth : -

Setup Priority : - Holding Priority : -

Affinity Attr/Mask : -/-

Explicit Path : -

Backup Explicit Path : -

Metric Type : -

Record Route : - Record Label : -

FRR Flag : - Bandwidth Protection : -

Backup Bandwidth Flag: - Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : - Auto Created : -

Route Pinning : -

Retry Limit : - Retry Interval : -

Reoptimization : - Reoptimization Freq : -

Backup Type : - Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : - Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

# Display detailed information about the bidirectional MPLS TE tunnel on Router D.

[RouterD] display mpls lsp verbose

Destination : 4.4.4.9

FEC : 1.1.1.9/1/30478

Protocol : RSVP

LSR Type : Egress

Service : -

In-Label : 3

State : Active

Nexthop : 127.0.0.1

Out-Interface: -

Destination : 4.4.4.9

FEC : 1.1.1.9/1/30478

Protocol : RSVP

LSR Type : Ingress

Service : -

NHLFE ID : 1025

State : Active

Out-Label : 1150

Nexthop : 30.1.1.1

Out-Interface: XGE3/0/1

Destination : 30.1.1.1

FEC : 30.1.1.1

Protocol : Local

LSR Type : Ingress

Service : -

NHLFE ID : 1024

State : Active

Nexthop : 30.1.1.1

Out-Interface: XGE3/0/1

Destination : 1.1.1.9

FEC : Tunnel1

Protocol : Local

LSR Type : Ingress

Service : -

NHLFE ID : 268435457

State : Active

Out-Interface: NHLFE74

Example: Configuring CRLSP backup

Network configuration

Router A, Router B, Router C, and Router D run IS-IS and IS-IS TE.

Use RSVP-TE to establish an MPLS TE tunnel from Router A to Router C to transmit data between the two IP networks. Enable CRLSP hot-standby backup for the tunnel to simultaneously establish a primary CRLSP and a backup CRLSP. When the primary CRLSP fails, traffic is switched to the backup CRLSP.

Figure 237 Network diagram

‌

Table 64 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.9/32	Router D	Loop0	4.4.4.9/32
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	30.1.1.2/24
	XGE3/0/2	100.1.1.1/24		XGE3/0/2	40.1.1.1/24
	XGE3/0/3	30.1.1.1/24	Router C	Loop0	3.3.3.9/32
Router B	Loop0	2.2.2.9/32		XGE3/0/1	20.1.1.2/24
	XGE3/0/1	10.1.1.2/24		XGE3/0/2	100.1.2.1/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/3	40.1.1.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address, and configure IS-IS TE. (Details not shown.)

3. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/3

[RouterA-Ten-GigabitEthernet3/0/3] mpls enable

[RouterA-Ten-GigabitEthernet3/0/3] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/3] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/3] quit

# Configure Router B, Router C, and Router D in the same way that Router A is configured. (Details not shown.)

4. Configure an MPLS TE tunnel on Router A:

# Configure MPLS TE tunnel interface Tunnel 3.

[RouterA] interface tunnel 3 mode mpls-te

[RouterA-Tunnel3] ip address 9.1.1.1 255.255.255.0

# Specify the tunnel destination address as the LSR ID of Router C.

[RouterA-Tunnel3] destination 3.3.3.9

# Configure MPLS TE to use RSVP-TE to establish the tunnel.

[RouterA-Tunnel3] mpls te signaling rsvp-te

# Enable CRLSP hot-standby backup for the tunnel.

[RouterA-Tunnel3] mpls te backup hot-standby

[RouterA-Tunnel3] quit

5. Configure a static route on Router A to direct the traffic destined for subnet 100.1.2.0/24 to MPLS TE tunnel 3.

[RouterA] ip route-static 100.1.2.0 24 tunnel 3 preference 1

Verifying the configuration

# Verify that the tunnel interface Tunnel 3 is up on Router A.

[RouterA] display interface tunnel

Tunnel3

Current state: UP

Line protocol state: UP

Description: Tunnel3 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 9.1.1.1/24 (primary)

Tunnel source unknown, destination 3.3.3.9

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that two CRLSPs exist on Router A, one with the output interface Ten-GigabitEthernet 3/0/1 and the other with the output interface Ten-GigabitEthernet 3/0/3.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.9/3/34311 RSVP -/1150 XGE3/0/1

1.1.1.9/3/34312 RSVP -/1151 XGE3/0/3

10.1.1.2 Local -/- XGE3/0/1

30.1.1.2 Local -/- XGE3/0/3

Tunnel3 Local -/- NHLFE1026

Backup -/- NHLFE1028

# Display the paths used by the two CRLSPs on Router A.

[RouterA] display rsvp lsp verbose

Tunnel name: RouterA_t3

Destination: 3.3.3.9 Source: 1.1.1.9

Tunnel ID: 3 LSP ID: 30106

LSR type: Ingress Direction: Unidirectional

Setup priority: 7 Holding priority: 7

In-Label: - Out-Label: 1137

In-Interface: - Out-Interface: XGE3/0/1

Nexthop: 10.1.1.2 Exclude-any: 0

Include-Any: 0 Include-all: 0

Mean rate (CIR): 0 kbps Mean burst size (CBS): 1000.00 bytes

Path MTU: 1500 Class type: CT0

RRO number: 6

10.1.1.1/32 Flag: 0x00 (No FRR)

10.1.1.2/32 Flag: 0x00 (No FRR/In-Int)

2.2.2.9/32 Flag: 0x20 (No FRR/Node-ID)

20.1.1.1/32 Flag: 0x00 (No FRR)

20.1.1.2/32 Flag: 0x00 (No FRR/In-Int)

3.3.3.9/32 Flag: 0x20 (No FRR/Node-ID)

Fast Reroute protection: None

Tunnel name: RouterA_t3

Destination: 3.3.3.9 Source: 1.1.1.9

Tunnel ID: 3 LSP ID: 30107

LSR type: Ingress Direction: Unidirectional

Setup priority: 7 Holding priority: 7

In-Label: - Out-Label: 1150

In-Interface: - Out-Interface: XGE3/0/3

Nexthop: 30.1.1.2 Exclude-any: 0

Include-Any: 0 Include-all: 0

Mean rate (CIR): 0 kbps Mean burst size (CBS): 1000.00 bytes

Path MTU: 1500 Class type: CT0

RRO number: 6

30.1.1.1/32 Flag: 0x00 (No FRR)

30.1.1.2/32 Flag: 0x00 (No FRR/In-Int)

4.4.4.9/32 Flag: 0x20 (No FRR/Node-ID)

40.1.1.1/32 Flag: 0x00 (No FRR)

40.1.1.2/32 Flag: 0x00 (No FRR/In-Int)

3.3.3.9/32 Flag: 0x20 (No FRR/Node-ID)

Fast Reroute protection: None

# Trace the path that MPLS TE tunnel 3 traverses. The output shows that the used CRLSP is the one that traverses Router B.

[RouterA] tracert mpls te tunnel 3

MPLS trace route TE tunnel Tunnel3

TTL Replier Time Type Downstream

0 Ingress 10.1.1.2/[1147]

1 10.1.1.2 1 ms Transit 20.1.1.2/[3]

2 20.1.1.2 2 ms Egress

# Shut down interface Ten-GigabitEthernet 3/0/2 on Router B, and then tracert tunnel 3. The output shows that packets are forwarded on the CRLSP that traverses Router D.

[RouterA] tracert mpls te tunnel 3

MPLS trace route TE tunnel Tunnel3

TTL Replier Time Type Downstream

0 Ingress 30.1.1.2/[1148]

1 30.1.1.2 2 ms Transit 40.1.1.2/[3]

2 40.1.1.2 3 ms Egress

# Verify that only one CRLSP exists on Router A.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.9/3/34313 RSVP -/1150 XGE3/0/3

30.1.1.2 Local -/- XGE3/0/3

Tunnel3 Local -/- NHLFE1029

# Execute the display ip routing-table command on Router A. The output shows a static route entry with interface Tunnel 3 as the output interface. (Details not shown.)

Example: Configuring manual bypass tunnel for FRR

Network configuration

On the primary CRLSP Router A—Router B—Router C—Router D, use FRR to protect the link Router B—Router C.

Use RSVP-TE to establish the primary CRLSP and bypass tunnel based on the constraints of the explicit paths to transmit data between the two IP networks. The bypass tunnel uses path Router B—Router E—Router C. Router B is the PLR and Router C is the MP.

Configure BFD for RSVP-TE between Router B and Router C. When the link between Router B and Router C fails, BFD can detect the failure quickly and notify RSVP-TE of the failure, so RSVP-TE can switch traffic to the bypass tunnel.

Figure 238 Network diagram

‌

Table 65 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.1/32	Router B	Loop0	2.2.2.2/32
	XGE3/0/1	2.1.1.1/24		XGE3/0/1	2.1.1.2/24
	XGE3/0/2	100.1.1.1/24		XGE3/0/2	3.1.1.1/24
Router D	Loop0	4.4.4.4/32		XGE3/0/4	3.2.1.1/24
	XGE3/0/1	4.1.1.2/24	Router C	Loop0	3.3.3.3/32
	XGE3/0/2	100.1.2.1/24		XGE3/0/1	4.1.1.1/24
Router E	Loop0	5.5.5.5/32		XGE3/0/2	3.1.1.2/24
	XGE3/0/3	3.3.1.1/24		XGE3/0/4	3.3.1.2/24
	XGE3/0/4	3.2.1.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address. (Details not shown.)

3. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE on each router. Enable BFD for RSVP-TE on Router B and Router C:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls te

[RouterB-te] quit

[RouterB] rsvp

[RouterB-rsvp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp bfd enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/4

[RouterB-Ten-GigabitEthernet3/0/4] mpls enable

[RouterB-Ten-GigabitEthernet3/0/4] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/4] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/4] quit

# Configure Router C in the same way that Router B is configured. Configure Router D and Router E in the same way that Router A is configured. (Details not shown.)

4. Configure an MPLS TE tunnel on Router A, the ingress node of the primary CRLSP:

# Configure an explicit path for the primary CRLSP.

[RouterA] explicit-path pri-path

[RouterA-explicit-path-pri-path] nexthop 2.1.1.2

[RouterA-explicit-path-pri-path] nexthop 3.1.1.2

[RouterA-explicit-path-pri-path] nexthop 4.1.1.2

[RouterA-explicit-path-pri-path] nexthop 4.4.4.4

[RouterA-explicit-path-pri-path] quit

# Create MPLS TE tunnel interface Tunnel 4 for the primary CRLSP.

[RouterA] interface tunnel 4 mode mpls-te

[RouterA-Tunnel4] ip address 10.1.1.1 255.255.255.0

# Specify the tunnel destination address as the LSR ID of Router D.

[RouterA-Tunnel4] destination 4.4.4.4

# Specify the tunnel signaling protocol as RSVP-TE.

[RouterA-Tunnel4] mpls te signaling rsvp-te

# Specify the explicit path as pri-path.

[RouterA-Tunnel4] mpls te path preference 1 explicit-path pri-path

# Enable FRR for the MPLS TE tunnel.

[RouterA-Tunnel4] mpls te fast-reroute

[RouterA-Tunnel4] quit

# Verify that the tunnel interface Tunnel 4 is up on Router A.

[RouterA] display interface tunnel

Tunnel4

Current state: UP

Line protocol state: UP

Description: Tunnel4 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 10.1.1.1/24 (primary)

Tunnel source unknown, destination 4.4.4.4

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 1911 bytes/sec, 15288 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 1526 packets, 22356852 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 4

Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP down)

Tunnel Attributes :

LSP ID : 48960 Tunnel ID : 4

Admin State : Normal

Ingress LSR ID : 1.1.1.1 Egress LSR ID : 3.3.3.3

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 0 kbps

Reserved Bandwidth : 0 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : pri-path

Backup Explicit Path : -

Metric Type : TE

Record Route : Enabled Record Label : Enabled

FRR Flag : Enabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : No Auto Created : No

Route Pinning : Disabled

Retry Limit : 10 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

5. Configure a bypass tunnel on Router B (the PLR):

# Configure an explicit path for the bypass tunnel.

[RouterB] explicit-path by-path

[RouterB-explicit-path-by-path] nexthop 3.2.1.2

[RouterB-explicit-path-by-path] nexthop 3.3.1.2

[RouterB-explicit-path-by-path] nexthop 3.3.3.3

[RouterB-explicit-path-by-path] quit

# Create MPLS TE tunnel interface Tunnel 5 for the bypass tunnel.

[RouterB] interface tunnel 5 mode mpls-te

[RouterB-Tunnel5] ip address 11.1.1.1 255.255.255.0

# Specify the tunnel destination address as LSR ID of Router C.

[RouterB-Tunnel5] destination 3.3.3.3

# Specify the tunnel signaling protocol as RSVP-TE.

[RouterB-Tunnel5] mpls te signaling rsvp-te

# Specify the explicit path to be used as by-path.

[RouterB-Tunnel5] mpls te path preference 1 explicit-path by-path

# Set the bandwidth that the bypass tunnel can protect.

[RouterB-Tunnel5] mpls te backup bandwidth un-limited

[RouterB-Tunnel5] quit

# Bind the bypass tunnel to the protected interface.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls te fast-reroute bypass-tunnel tunnel 5

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Execute the display interface tunnel command on Router B. The output shows that the tunnel interface Tunnel 5 is up. (Details not shown.)

6. Configure a static route on Router A to direct the traffic destined for subnet 100.1.2.0/24 to MPLS TE tunnel 4.

[RouterA] ip route-static 100.1.2.0 24 tunnel 4 preference 1

Verifying the configuration

# Display LSP entries on each router to verify that Router B and Router C each have two CRLSPs and the bypass tunnel backs up the primary CRLSP.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.1/4/48960 RSVP -/1245 XGE3/0/1

2.1.1.2 Local -/- XGE3/0/1

[RouterB] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.1/4/48960 RSVP 1245/3 XGE3/0/2

Backup 1245/3 Tun5

2.2.2.2/5/31857 RSVP -/3 XGE3/0/2

3.2.1.2 Local -/- XGE3/0/4

3.1.1.2 Local -/- XGE3/0/2

# Shut down the protected interface Ten-GigabitEthernet 3/0/2 on the PLR (Router B).

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] shutdown

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Execute the display interface tunnel 4 command on Router A to display information about the primary CRLSP. The output shows that the tunnel interface is still up. (Details not shown.)

# Display detailed information about the tunnel interface on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 4

Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP being set up)

Tunnel Attributes :

LSP ID : 18753 Tunnel ID : 4

Admin State : Normal

Ingress LSR ID : 1.1.1.1 Egress LSR ID : 3.3.3.3

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 0 kbps

Reserved Bandwidth : 0 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : pri-path

Backup Explicit Path : -

Metric Type : TE

Record Route : Enabled Record Label : Enabled

FRR Flag : Enabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : No Auto Created : No

Route Pinning : Disabled

Retry Limit : 10 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

NOTE:

If you execute the display mpls te tunnel-interface command immediately after an FRR, you can see two CRLSPs in up state. This is because FRR uses the make-before-break mechanism to set up a new LSP, and the old LSP is deleted after the new one has been established for a while.

‌

# Verify that the bypass tunnel is in use on Router B.

[RouterB] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.1/4/18753 RSVP 1122/3 Tun5

2.2.2.2/5/40312 RSVP -/1150 XGE3/0/4

3.2.1.2 Local -/- XGE3/0/4

# On the PLR, set the interval for selecting an optimal bypass tunnel to 5 seconds.

[RouterB] mpls te

[RouterB-te] fast-reroute timer 5

[RouterB-te] quit

# On the PLR, bring up the protected interface Ten-GigabitEthernet 3/0/2.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] undo shutdown

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Execute the display interface tunnel 4 command on Router A to display information about the primary CRLSP. The output shows that the tunnel interface is in up state. (Details not shown.)

# Wait for about 5 seconds, execute the display mpls lsp verbose command on Router B. The output shows that Tunnel 5 is bound to interface Ten-GigabitEthernet 3/0/2 but not in use. (Details not shown.)

# Execute the display ip routing-table command on Router A. The output shows a static route entry with interface Tunnel 4 as the output interface. (Details not shown.)

Example: Configuring auto FRR

Network configuration

Use RSVP-TE to set up a primary CRLSP that explicitly uses path Router A—Router B—Router C—Router D.

Configure auto FRR on Router B to automatically set up bypass tunnels for the primary CRLSP.

Figure 239 Network diagram

‌

Table 66 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.1/32	Router E	Loop0	5.5.5.5/32
	XGE3/0/1	2.1.1.1/24		XGE3/0/3	3.2.1.2/24
Router B	Loop0	2.2.2.2/32		XGE3/0/4	3.4.1.1/24
	XGE3/0/1	2.1.1.2/24	Router C	Loop0	3.3.3.3/32
	XGE3/0/2	3.1.1.1/24		XGE3/0/1	4.1.1.1/24
	XGE3/0/3	3.2.1.1/24		XGE3/0/2	3.1.1.2/24
	XGE3/0/4	3.3.1.1/24		XGE3/0/3	3.4.1.2/24
Router D	Loop0	4.4.4.4/32	Router F	Loop0	6.6.6.6/32
	XGE3/0/1	4.1.1.2/24		XGE3/0/3	3.3.1.2/24
	XGE3/0/3	4.2.1.2/24		XGE3/0/4	4.2.1.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address. (Details not shown.)

3. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE on each router. Enable BFD for RSVP-TE on Router B and Router C:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls te

[RouterB-te] quit

[RouterB] rsvp

[RouterB-rsvp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp bfd enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] mpls enable

[RouterB-Ten-GigabitEthernet3/0/3] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/3] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/3] quit

[RouterB] interface ten-gigabitethernet 3/0/4

[RouterB-Ten-GigabitEthernet3/0/4] mpls enable

[RouterB-Ten-GigabitEthernet3/0/4] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/4] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/4] quit

# Configure Router C in the same way that Router B is configured. Configure Router D, Router E, and Router F in the same way that Router A is configured. (Details not shown.)

4. Configure an MPLS TE tunnel on Router A, the ingress node of the primary CRLSP:

# Configure an explicit path named pri-path for the primary CRLSP.

[RouterA] explicit-path pri-path

[RouterA-explicit-path-pri-path] nexthop 2.1.1.2

[RouterA-explicit-path-pri-path] nexthop 3.1.1.2

[RouterA-explicit-path-pri-path] nexthop 4.1.1.2

[RouterA-explicit-path-pri-path] nexthop 4.4.4.4

[RouterA-explicit-path-pri-path] quit

# Create MPLS TE tunnel interface Tunnel 1 for the primary CRLSP.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 10.1.1.1 255.255.255.0

# Specify the tunnel destination address as the LSR ID of Router D.

[RouterA-Tunnel1] destination 4.4.4.4

# Specify the tunnel signaling protocol as RSVP-TE.

[RouterA-Tunnel1] mpls te signaling rsvp-te

# Specify the explicit path as pri-path.

[RouterA-Tunnel1] mpls te path preference 1 explicit-path pri-path

# Enable FRR for the MPLS TE tunnel.

[RouterA-Tunnel1] mpls te fast-reroute

[RouterA-Tunnel1] quit

# Verify that the MPLS TE interface Tunnel 1 is up on Router A.

[RouterA] display interface tunnel

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel4 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 10.1.1.1/24 (primary)

Tunnel source unknown, destination 4.4.4.4

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 1911 bytes/sec, 15288 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 1526 packets, 22356852 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel interface on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 1

Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP down)

Tunnel Attributes :

LSP ID : 16802 Tunnel ID : 1

Admin State : Normal

Ingress LSR ID : 2.2.2.2 Egress LSR ID : 4.4.4.4

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 0 kbps

Reserved Bandwidth : 0 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : exp1

Backup Explicit Path : -

Metric Type : TE

Record Route : Enabled Record Label : Enabled

FRR Flag : Enabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : No Auto Created : No

Route Pinning : Disabled

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

5. Configure auto FRR on Router B (the PLR):

# Enable the automatic bypass tunnel setup feature globally.

[RouterB] mpls te

[RouterB-te] auto-tunnel backup

# Specify interface numbers 50 to 100 for the automatically created bypass tunnels.

[RouterB-te-auto-bk] tunnel-number min 50 max 100

[RouterB-te-auto-bk] quit

Verifying the configuration

# Verify that two tunnels have been created automatically on Router B.

[RouterB] display interface tunnel brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

Tun50 UP DOWN --

Tun51 UP DOWN --

# Display information about Tunnel 50 and Tunnel 51 on Router B. The output shows that Tunnel 50 and Tunnel 51 are automatically created bypass tunnels. Tunnel 50 is a node-protection bypass tunnel (egress LSR ID is 4.4.4.4, the LSR ID of Router D). Tunnel 51 is a link-protection bypass tunnel (egress LSR ID is 3.3.3.3, the LSR ID of Router C).

[RouterB] display mpls te tunnel-interface tunnel 50

Tunnel Name : Tunnel 50

Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP down)

Tunnel Attributes :

LSP ID : 16802 Tunnel ID : 50

Admin State : Normal

Ingress LSR ID : 2.2.2.2 Egress LSR ID : 4.4.4.4

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 0 kbps

Reserved Bandwidth : 0 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : Enabled Record Label : Disabled

FRR Flag : Disabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : Yes Auto Created : Yes

Route Pinning : Disabled

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

[RouterB] display mpls te tunnel-interface tunnel 51

Tunnel Name : Tunnel 51

Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP down)

Tunnel Attributes :

LSP ID : 16802 Tunnel ID : 51

Admin State : Normal

Ingress LSR ID : 2.2.2.2 Egress LSR ID : 3.3.3.3

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 0 kbps

Reserved Bandwidth : 0 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : Enabled Record Label : Disabled

FRR Flag : Disabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : Yes Auto Created : Yes

Route Pinning : Disabled

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

# Verify that the current bypass tunnel that protects the primary CRLSP is Tunnel 50.

[RouterB] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

2.2.2.2/51/16802 RSVP -/3 XGE3/0/3

2.2.2.2/1/16802 RSVP -/1151 XGE3/0/2

Backup -/3 Tun50

2.2.2.2/50/16802 RSVP -/3 XGE3/0/4

3.2.1.2 Local -/- XGE3/0/4

3.3.1.2 Local -/- XGE3/0/3

# Display detailed information about MPLS TE tunnel 1 (the tunnel for the primary CRLSP) on Router B. The output shows that Tunnel1 is protected by the bypass tunnel Tunnel50, and the protected node is 3.1.1.1.

[RouterB] display rsvp lsp tunnel-id 1 verbose

Tunnel name: Tunnel1

Destination: 4.4.4.4 Source: 1.1.1.1

Tunnel ID: 1 LSP ID: 16802

LSR type: Transit Direction: Unidirectional

Setup priority: 7 Holding priority: 7

In-Label: 1150 Out-Label: 1151

In-Interface: XGE3/0/1 Out-Interface: XGE3/0/2

Nexthop: 3.1.1.2 Exclude-any: 0

Include-Any: 0 Include-all: 0

Average bitrate: 0 kbps Maximum burst: 1000.00 bytes

Path MTU: 1500 Class type: CT0

RRO number: 12

2.1.1.1/32 Flag: 0x00 (No FRR)

2.1.1.2/32 Flag: 0x00 (No FRR)

1150 Flag: 0x01 (Global label)

2.2.2.2/32 Flag: 0x20 (No FRR/Node-ID)

3.1.1.1/32 Flag: 0x09 (FRR Avail/Node-Prot)

3.1.1.2/32 Flag: 0x00 (No FRR)

1151 Flag: 0x01 (Global label)

3.3.3.3/32 Flag: 0x20 (No FRR/Node-ID)

4.1.1.1/32 Flag: 0x00 (No FRR)

4.1.1.2/32 Flag: 0x00 (No FRR)

3 Flag: 0x01 (Global label)

4.4.4.4/32 Flag: 0x20 (No FRR/Node-ID)

Fast Reroute protection: Ready

FRR inner label: 3 Bypass tunnel: Tunnel50

Example: Configuring CBTS

Network configuration

As shown in Figure 240, all routers run IS-IS.

Use RSVP-TE to establish the following MPLS TE tunnels between Router A and Router E:

· Router A—Router B—Router E.

· Router A—Router C—Router E.

· Router A—Router D—Router E.

Assign the MPLS TE tunnels different service class values for different classes of services.

Figure 240 Network diagram

‌

Table 67 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.1/32	Router D	Loop0	4.4.4.4/32
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	30.1.1.2/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/2	40.1.1.1/24
	XGE3/0/3	30.1.1.1/24	Router E	Loop0	5.5.5.5/32
	XGE3/0/4	100.1.1.1/24		XGE3/0/1	100.1.1.2/24
Router B	Loop0	2.2.2.2/32		XGE3/0/2	200.1.1.2/24
	XGE3/0/1	10.1.1.2/24		XGE3/0/3	40.1.1.1.2/24
	XGE3/0/2	100.1.1.1/24
Router C	Loop0	3.3.3.3/32
	XGE3/0/1	20.1.1.2/24
	XGE3/0/2	200.1.1.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces, including the loopback interfaces, as shown in Figure 240. (Details not shown.)

2. Configure IS-IS to advertise interface addresses including loopback interface addresses, and configure IS-IS TE. (Details not shown.)

3. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE on each router. (Details not shown.)

4. Use RSVP-TE to establish three MPLS TE tunnels: Tunnel 1, Tunnel 2, and Tunnel 3. Tunnel 1 uses path Router A—Router B—Router E. Tunnel 2 uses path Router A—Router C—Router E. Tunnel 3 uses path Router A—Router D—Router E. (Details not shown.)

5. Configure a QoS policy on Router A.

# Create a traffic class.

<RouterA> system-view

[RouterA] traffic classifier class

[RouterA-classifier-class] if-match any

[RouterA-classifier-class] quit

# Create a traffic behavior.

[RouterA] traffic behavior behave

[RouterA-behavior-behave] remark service-class 3

[RouterA-behavior-behave] quit

# Create a QoS policy.

[RouterA] qos policy policy

[RouterA-qospolicy-policy] classifier class behavior behave

[RouterA-qospolicy-policy] quit

# Apply the QoS policy to GigabitEthernet 1/0/4.

[RouterA] interface ten-gigabitethernet 3/0/4

[RouterA-Ten-GigabitEthernet3/0/4] qos apply policy policy inbound

[RouterA-Ten-GigabitEthernet3/0/4] quit

6. Set the service class values for the MPLS TE tunnels.

# Set the service class value to 3 for Tunnel 2.

[RouterA]interface Tunnel 2 mode mpls-te

[RouterA-Tunnel2] mpls te service-class 3

[RouterA-Tunnel2] quit

# Set the service class value to 6 for Tunnel 3.

[RouterA]interface Tunnel 3 mode mpls-te

[RouterA-Tunnel3] mpls te service-class 6

[RouterA-Tunnel3] quit

Verifying the configuration

# Display information about Tunnel 1 on Router A.

[RouterA] display mpls te tunnel-interface Tunnel 1

Tunnel Name : Tunnel 1

Tunnel State : Up (Main CRLSP up)

Tunnel Attributes :

LSP ID : 17419 Tunnel ID : 1

Admin State : Normal

Ingress LSR ID : 10.1.1.1 Egress LSR ID : 40.1.1.1

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : -

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : - Tunnel Bandwidth : -

Reserved Bandwidth : -

Setup Priority : 0 Holding Priority : 0

Affinity Attr/Mask : -/-

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : - Record Label : -

FRR Flag : - Bandwidth Protection : -

Backup Bandwidth Flag: - Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : - Auto Created : -

Route Pinning : -

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : - Reoptimization Freq : -

Backup Type : - Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : - Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

The Service-Class field has no value, indicating that no service class value is set for Tunnel 1.

# Display information about Tunnel 2 and Tunnel 3 on Router A.

[RouterA]display mpls te tunnel-interface Tunnel 2

Tunnel Name : Tunnel 2

Tunnel State : Up (Main CRLSP up)

Tunnel Attributes :

LSP ID : 17418 Tunnel ID : 2

Admin State : Normal

Ingress LSR ID : 10.1.1.1 Egress LSR ID : 40.1.1.1

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : -

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : - Tunnel Bandwidth : -

Reserved Bandwidth : -

Setup Priority : 0 Holding Priority : 0

Affinity Attr/Mask : -/-

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : - Record Label : -

FRR Flag : - Bandwidth Protection : -

Backup Bandwidth Flag: - Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : - Auto Created : -

Route Pinning : -

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : - Reoptimization Freq : -

Backup Type : - Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : - Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : 3

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

[RouterA]display mpls te tunnel-interface Tunnel 3

Tunnel Name : Tunnel 3

Tunnel State : Up (Main CRLSP up)

Tunnel Attributes :

LSP ID : 17418 Tunnel ID : 3

Admin State : Normal

Ingress LSR ID : 10.1.1.1 Egress LSR ID : 40.1.1.1

Signaling : RSVP-TE Static CRLSP Name : -

Static SRLSP Name : -

Resv Style : -

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : - Tunnel Bandwidth : -

Reserved Bandwidth : -

Setup Priority : 0 Holding Priority : 0

Affinity Attr/Mask : -/-

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : - Record Label : -

FRR Flag : - Bandwidth Protection : -

Backup Bandwidth Flag: - Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : - Auto Created : -

Route Pinning : -

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : - Reoptimization Freq : -

Backup Type : - Backup LSP ID : -

Backup Restore Time : 10 sec

Auto Bandwidth : - Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : 6

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

The Service-Class fields show that the service class values of Tunnel 2 and Tunnel 3 are 3 and 6, respectively. According to the QoS policy, traffic arrives at Ten-GigabitEthernet 3/0/4 of Router A is assigned service class value 3. So CBTS uses Tunnel 2 to forward the traffic.

Example: Configuring bit error detection for an MPLS TE tunnel

Network configuration

Router A, Router B, Router C, and Router D run IS-IS and IS-IS TE.

Use RSVP-TE to establish a bidirectional MPLS TE tunnel between Router A and Router C.

Enable CRLSP hot-standby backup for the tunnel to simultaneously establish the primary and backup CRLSPs. Configure bit error detection for the tunnel, so when the primary CRLSP fails because of bit errors, traffic is switched to the backup CRLSP.

Figure 241 Network diagram

‌

Table 68 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.9/32	Router D	Loop0	4.4.4.9/32
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	30.1.1.2/24
	XGE3/0/2	100.1.1.1/24		XGE3/0/2	40.1.1.1/24
	XGE3/0/3	30.1.1.1/24	Router C	Loop0	3.3.3.9/32
Router B	Loop0	2.2.2.9/32		XGE3/0/1	20.1.1.2/24
	XGE3/0/1	10.1.1.2/24		XGE3/0/2	100.1.2.1/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/3	40.1.1.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise the interface addresses, including loopback interface addresses:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] isis enable 1

[RouterA-LoopBack0] isis circuit-level level-2

[RouterA-LoopBack0] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] isis circuit-level level-2

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] isis enable 1

[RouterB-LoopBack0] isis circuit-level level-2

[RouterB-LoopBack0] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] isis circuit-level level-2

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 0

[RouterC-LoopBack0] isis enable 1

[RouterC-LoopBack0] isis circuit-level level-2

[RouterC-LoopBack0] quit

# Configure Router D.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] network-entity 00.0005.0000.0000.0004.00

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface loopback 0

[RouterD-LoopBack0] isis enable 1

[RouterD-LoopBack0] isis circuit-level level-2

[RouterD-LoopBack0] quit

3. Configure LSR IDs, and enable MPLS, MPLS TE, and RSVP-TE on each router. Configure Router A and Router C to assign non-null labels to the penultimate hop:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls label advertise non-null

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls te

[RouterB-te] quit

[RouterB] rsvp

[RouterB-rsvp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls label advertise non-null

[RouterC] mpls te

[RouterC-te] quit

[RouterC-] rsvp

[RouterC-rsvp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls te

[RouterD-te] quit

[RouterD] rsvp

[RouterD-rsvp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterD-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

4. Configure IS-IS TE:

# Configure Router A.

[RouterA] isis 1

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] mpls te enable level-2

[RouterA-isis-1] quit

# Configure Router B.

[RouterB] isis 1

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] mpls te enable level-2

[RouterB-isis-1] quit

# Configure Router C.

[RouterC] isis 1

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] mpls te enable level-2

[RouterC-isis-1] quit

# Configure Router D.

[RouterD] isis 1

[RouterD-isis-1] cost-style wide

[RouterD-isis-1] mpls te enable level-2

[RouterD-isis-1] quit

5. Configure a bidirectional MPLS TE tunnel:

# Configure an associated bidirectional MPLS TE tunnel on Router A.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0

[RouterA-Tunnel1] destination 3.3.3.9

[RouterA-Tunnel1] mpls te signaling rsvp-te

[RouterA-Tunnel1] mpls te resv-style ff

[RouterA-Tunnel1] mpls te bidirectional associated reverse-lsp lsr-id 3.3.3.9 tunnel-id 1

[RouterA-Tunnel1] quit

# Configure an associated bidirectional MPLS TE tunnel on Router C.

[RouterC] interface tunnel 1 mode mpls-te

[RouterC-Tunnel1] ip address 8.1.1.1 255.255.255.0

[RouterC-Tunnel1] destination 1.1.1.9

[RouterC-Tunnel1] mpls te signaling rsvp-te

[RouterC-Tunnel1] mpls te resv-style ff

[RouterC-Tunnel1] mpls te bidirectional associated reverse-lsp lsr-id 1.1.1.9 tunnel-id 1

[RouterC-Tunnel1] quit

6. Configure CRLSP backup:

# Configure Router A:

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] mpls te backup hot-standby

[RouterA-Tunnel1] quit

# Configure Router C:

[RouterC] interface tunnel 1 mode mpls-te

[RouterC-Tunnel1] mpls te backup hot-standby

[RouterC-Tunnel1] quit

7. Configure static routes to direct traffic to the MPLS TE tunnels:

# Configure a static route on Router A, so traffic destined for network 100.1.2.0/24 is forwarded through MPLS TE tunnel interface Tunnel 1.

[RouterA] ip route-static 100.1.2.0 24 tunnel 1 preference 1

# Configure a static route on Router C, so traffic destined for network 100.1.1.0/24 is forwarded through MPLS TE tunnel interface Tunnel 1.

[RouterC] ip route-static 100.1.1.0 24 tunnel 1 preference 1

8. Configure bit error detection for the MPLS TE tunnels:

# For the MPLS TE tunnel from Router A to Router C, enable bit error detection and configure the switch and revert thresholds on the tunnel egress node Router C.

[RouterC] interface tunnel 1 mode mpls-te

[RouterC] mpls te bit-error-detection mode bidirectional

[RouterC] mpls te bit-error-detection threshold switch 1 4 resume 1 5

# For the MPLS TE tunnel from Router C to Router A, enable bit error detection and configure the switch and revert thresholds on the tunnel egress node Router A.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA] mpls te bit-error-detection mode bidirectional

[RouterA] mpls te bit-error-detection threshold switch 1 4 resume 1 5

Verifying the configuration

Execute the display mpls te bit-error-detection tunnel-interface command on Router C. The output shows bit error information about the bidirectional tunnels that are up and configured with hot-standby CRLSP backup.

<RouterC> display mpls te bit-error-detection tunnel-interface

Tunnel ID LSP type BED state BED rate(R/L)

1 Main Start e-4/e-4

1 Backup Stop e-5/e-5

Static CRLSP configuration examples

Example: Configuring a static CRLSP

Network configuration

Router A, Router B, and Router C run IS-IS.

Establish an MPLS TE tunnel over a static CRLSP from Router A to Router C to transmit data between the two IP networks. The required bandwidth for the tunnel is 2000 kbps.

The maximum bandwidth for MPLS TE traffic is 10000 kbps, and the maximum reservable bandwidth is 5000 kbps.

Figure 242 Network diagram

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] isis enable 1

[RouterA-LoopBack0] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] isis enable 1

[RouterB-LoopBack0] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface loopback 0

[RouterC-LoopBack0] isis enable 1

[RouterC-LoopBack0] quit

# Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.)

3. Configure an LSR ID, and enable MPLS and MPLS TE:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls te

[RouterA-te] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls te

[RouterB-te] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] mpls te

[RouterC-te] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

4. Configure MPLS TE attributes:

# On Router A, set the maximum bandwidth and the maximum reservable bandwidth.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterA-Ten-GigabitEthernet3/0/1] quit

# On Router B, set the maximum bandwidth and the maximum reservable bandwidth.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/2] quit

# On Router C, set the maximum bandwidth and the maximum reservable bandwidth.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterC-Ten-GigabitEthernet3/0/1] quit

5. Configure an MPLS TE tunnel on Router A:

# Configure the MPLS TE tunnel interface Tunnel 0.

[RouterA] interface tunnel 0 mode mpls-te

[RouterA-Tunnel0] ip address 6.1.1.1 255.255.255.0

# Specify the tunnel destination address as the LSR ID of Router C.

[RouterA-Tunnel0] destination 3.3.3.3

# Configure MPLS TE to use a static CRLSP to establish the tunnel.

[RouterA-Tunnel0] mpls te signaling static

[RouterA-Tunnel0] quit

6. Create a static CRLSP:

# Configure Router A as the ingress node of the static CRLSP, and specify the next hop address as 2.1.1.2, outgoing label as 20, and required bandwidth as 2000 kbps.

[RouterA] static-cr-lsp ingress static-cr-lsp-1 nexthop 2.1.1.2 out-label 20 bandwidth 2000

# On Router A, configure tunnel 0 to use the static CRLSP static-cr-lsp-1.

[RouterA] interface tunnel 0

[RouterA-Tunnel0] mpls te static-cr-lsp static-cr-lsp-1

[RouterA-Tunnel0] quit

# Configure Router B as the transit node of the static CRLSP, and specify the incoming label as 20, next hop address as 3.2.1.2, outgoing label as 30, and required bandwidth as 2000 kbps.

[RouterB] static-cr-lsp transit static-cr-lsp-1 in-label 20 nexthop 3.2.1.2 out-label 30 bandwidth 2000

# Configure Router C as the egress node of the static CRLSP, and specify the incoming label as 30.

[RouterC] static-cr-lsp egress static-cr-lsp-1 in-label 30

7. Configure a static route on Router A to direct traffic destined for subnet 100.1.2.0/24 to MPLS TE tunnel 0.

[RouterA] ip route-static 100.1.2.0 24 tunnel 0 preference 1

Verifying the configuration

# Verify that the tunnel interface is up on Router A.

[RouterA] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1496

Internet address: 6.1.1.1/24 (primary)

Tunnel source unknown, destination 3.3.3.3

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 0

Tunnel State : Up (Main CRLSP up)

Tunnel Attributes :

LSP ID : 1 Tunnel ID : 0

Admin State : Normal

Ingress LSR ID : 1.1.1.1 Egress LSR ID : 3.3.3.3

Signaling : Static Static CRLSP Name : static-cr-lsp-1

Static SRLSP Name : -

Resv Style : -

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : - Tunnel Bandwidth : -

Reserved Bandwidth : -

Setup Priority : 0 Holding Priority : 0

Affinity Attr/Mask : -/-

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : - Record Label : -

FRR Flag : - Backup Bandwidth Flag: -

Backup Bandwidth Type: - Backup Bandwidth : -

Route Pinning : -

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : - Reoptimization Freq : -

Backup Type : - Backup LSP ID : -

Auto Bandwidth : - Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class :

# Display static CRLSP information on each router.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.1/0/1 StaticCR -/20 XGE3/0/1

2.1.1.2 Local -/- XGE3/0/1

[RouterB] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

- StaticCR 20/30 XGE3/0/2

3.2.1.2 Local -/- XGE3/0/2

[RouterC] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

- StaticCR 30/- -

[RouterA] display mpls static-cr-lsp

Name LSR Type In/Out Label Out Interface State

static-cr-lsp-1 Ingress Null/20 XGE3/0/1 Up

[RouterB] display mpls static-cr-lsp

Name LSR Type In/Out Label Out Interface State

static-cr-lsp-1 Transit 20/30 XGE3/0/2 Up

[RouterC] display mpls static-cr-lsp

Name LSR Type In/Out Label Out Interface State

static-cr-lsp-1 Egress 30/Null - Up

# Verify that Router A has a static route entry with interface Tunnel 0 as the output interface.

[RouterA] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

2.1.1.0/24 Direct 0 0 2.1.1.1 XGE3/0/1

2.1.1.0/32 Direct 0 0 2.1.1.1 XGE3/0/1

2.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

2.1.1.255/32 Direct 0 0 2.1.1.1 XGE3/0/1

2.2.2.2/32 IS_L1 15 10 2.1.1.2 XGE3/0/1

100.1.2.0/24 Static 1 0 0.0.0.0 Tun0

3.3.3.3/32 IS_L1 15 20 2.1.1.2 XGE3/0/1

6.1.1.0/24 Direct 0 0 6.1.1.1 Tun0

6.1.1.0/32 Direct 0 0 6.1.1.1 Tun0

6.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

6.1.1.255/32 Direct 0 0 6.1.1.1 Tun0

RSVP configuration examples

Example: Establishing an MPLS TE tunnel with RSVP-TE

Network configuration

Router A, Router B, Router C, and Router D run IS-IS and all of them are Layer 2 routers.

Use RSVP-TE to establish an MPLS TE tunnel from Router A to Router D to transmit data between the two IP networks. The MPLS TE tunnel requires a bandwidth of 2000 kbps.

The maximum bandwidth of the link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth of the link is 5000 kbps.

Figure 243 Network diagram

‌

Table 69 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.9/32	Router C	Loop0	3.3.3.9/32
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	30.1.1.1/24
	XGE3/0/2	100.1.1.1/24		XGE3/0/2	20.1.1.2/24
Router B	Loop0	2.2.2.9/32	Router D	Loop0	4.4.4.9/32
	XGE3/0/1	10.1.1.2/24		XGE3/0/1	30.1.1.2/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/2	100.1.2.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address:

# Configure Router A.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 0

[RouterA-LoopBack0] isis enable 1

[RouterA-LoopBack0] isis circuit-level level-2

[RouterA-LoopBack0] quit

# Configure Router B.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] isis circuit-level level-2

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 0

[RouterB-LoopBack0] isis enable 1

[RouterB-LoopBack0] isis circuit-level level-2

[RouterB-LoopBack0] quit

# Configure Router C.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] isis circuit-level level-2

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 0

[RouterC-LoopBack0] isis enable 1

[RouterC-LoopBack0] isis circuit-level level-2

[RouterC-LoopBack0] quit

# Configure Router D.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] network-entity 00.0005.0000.0000.0004.00

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] isis circuit-level level-2

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface loopback 0

[RouterD-LoopBack0] isis enable 1

[RouterD-LoopBack0] isis circuit-level level-2

[RouterD-LoopBack0] quit

# Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.)

3. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls te

[RouterB-te] quit

[RouterB] rsvp

[RouterB-rsvp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls te

[RouterC-te] quit

[RouterC] rsvp

[RouterC-rsvp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure Router D.

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls te

[RouterD-te] quit

[RouterD] rsvp

[RouterD-rsvp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterD-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

4. Configure IS-IS TE:

# Configure Router A.

[RouterA] isis 1

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] mpls te enable level-2

[RouterA-isis-1] quit

# Configure Router B.

[RouterB] isis 1

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] mpls te enable level-2

[RouterB-isis-1] quit

# Configure Router C.

[RouterC] isis 1

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] mpls te enable level-2

[RouterC-isis-1] quit

# Configure Router D.

[RouterD] isis 1

[RouterD-isis-1] cost-style wide

[RouterD-isis-1] mpls te enable level-2

[RouterD-isis-1] quit

5. Configure MPLS TE attributes of links:

# Set the maximum link bandwidth and maximum reservable bandwidth on Router A.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterA-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router B.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[RouterB-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router C.

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterC-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[RouterC-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Set the maximum link bandwidth and maximum reservable bandwidth on Router D.

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[RouterD-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[RouterD-Ten-GigabitEthernet3/0/1] quit

6. Configure an MPLS TE tunnel on Router A:

# Configure MPLS TE tunnel interface Tunnel 1.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0

# Specify the tunnel destination address as the LSR ID of Router D.

[RouterA-Tunnel1] destination 4.4.4.9

# Configure MPLS TE to use RSVP-TE to establish the tunnel.

[RouterA-Tunnel1] mpls te signaling rsvp-te

# Assign 2000 kbps bandwidth to the tunnel.

[RouterA-Tunnel1] mpls te bandwidth 2000

[RouterA-Tunnel1] quit

7. Configure a static route on Router A to direct the traffic destined for subnet 100.1.2.0/24 to MPLS TE tunnel 1.

[RouterA] ip route-static 100.1.2.0 24 tunnel 1 preference 1

Verifying the configuration

# Verify that the tunnel interface is up on Router A.

[RouterA] display interface tunnel

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64kbps

Maximum transmission unit: 64000

Internet address: 7.1.1.1/24 (primary)

Tunnel source unknown, destination 4.4.4.9

Tunnel TTL 255

Tunnel protocol/transport CR_LSP

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display detailed information about the MPLS TE tunnel on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 1

Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP down)

Tunnel Attributes :

LSP ID : 23331 Tunnel ID : 1

Admin State : Normal

Ingress LSR ID : 1.1.1.9 Egress LSR ID : 4.4.4.9

Signaling : RSVP-TE Static CRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 2000 kbps

Reserved Bandwidth : 2000 kbps

Setup Priority : 7 Holding Priority : 7

Affinity Attr/Mask : 0/0

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : Disabled Record Label : Disabled

FRR Flag : Disabled Backup Bandwidth Flag: Disabled

Backup Bandwidth Type: - Backup Bandwidth : -

Route Pinning : Disabled

Retry Limit : 10 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

# Execute the display ip routing-table command on Router A to verify that a static route entry with interface Tunnel 1 as the output interface exists. (Details not shown.)

Example: Configuring RSVP GR

Network configuration

Router A, Router B, and Router C run IS-IS, and all of them are Layer 2 devices.

Use RSVP-TE to establish a TE tunnel from Router A to Router C.

Configure RSVP GR on the routers to ensure continuous forwarding when a router reboots.

Figure 244 Network diagram

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface address. (Details not shown.)

3. Configure an LSR ID, enable MPLS, MPLS TE, RSVP, and RSVP hello:

# Configure Router A.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls te

[RouterA-te] quit

[RouterA] rsvp

[RouterA-rsvp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterA-Ten-GigabitEthernet3/0/1] rsvp hello enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls te

[RouterB-te] quit

[RouterB] rsvp

[RouterB] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/1] rsvp hello enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp enable

[RouterB-Ten-GigabitEthernet3/0/2] rsvp hello enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls te

[RouterC-te] quit

[RouterC] rsvp

[RouterC-rsvp] rsvp

[RouterC-mpls] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] rsvp enable

[RouterC-Ten-GigabitEthernet3/0/1] rsvp hello enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

4. Configure IS-IS TE. (Details not shown.)

5. Configure an MPLS TE tunnel. (Details not shown.)

6. Configure RSVP GR:

# Configure Router A.

[RouterA] rsvp

[RouterA-rsvp] graceful-restart enable

# Configure Router B.

[RouterB] rsvp

[RouterB-rsvp] graceful-restart enable

# Configure Router C.

[RouterC] rsvp

[RouterC-rsvp] graceful-restart enable

Verifying the configuration

After a tunnel is established from Router A to Router C, display detailed RSVP neighbor information on Router A.

<RouterA> display rsvp peer verbose

Peer: 10.1.1.2 Interface: XGE3/0/1

Hello state: Up Hello type: Active

P2P PSB count: 0 P2P RSB count: 1

P2MP PSB count: 0 P2MP RSB count: 0

Src instance: 0x1f08 Dst instance: 0x22

Summary refresh: Disabled Graceful Restart state: Ready

Peer GR restart time: 120000 ms Peer GR recovery time: 0 ms

The output shows that the neighbor's GR state is Ready.

Tunnel policy configuration examples

Example: Configuring exclusive tunnels

Network configuration

PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 2, and one LDP LSP tunnel.

Two MPLS VPNs, vpna and vpnb, exist on PE 1. The VPN vpna exclusively uses the MPLS TE tunnel 1, and the VPN vpnb exclusively uses the MPLS TE tunnel 2.

Procedure

1. Configure tunnel policies on PE 1:

# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.

<PE1> system-view

[PE1] tunnel-policy preferredte1

[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1

[PE1-tunnel-policy-preferredte1] quit

# Create tunnel policy preferredte2, and configure tunnel 2 as the preferred tunnel.

[PE1] tunnel-policy preferredte2

[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2

[PE1-tunnel-policy-preferredte2] quit

2. Configure MPLS VPN instances and apply tunnel policies to the VPN instances:

# Create MPLS VPN instance vpna, and apply tunnel policy preferredte1 to it.

[PE1] ip vpn-instance vpna

[PE1-vpn-instance-vpna] route-distinguisher 100:1

[PE1-vpn-instance-vpna] vpn-target 100:1

[PE1-vpn-instance-vpna] tnl-policy preferredte1

[PE1-vpn-instance-vpna] quit

# Create MPLS VPN instance vpnb, and apply tunnel policy preferredte2 to it.

[PE1] ip vpn-instance vpnb

[PE1-vpn-instance-vpnb] route-distinguisher 100:2

[PE1-vpn-instance-vpnb] vpn-target 100:2

[PE1-vpn-instance-vpnb] tnl-policy preferredte2

Example: Configuring tunnel bindings in a tunnel policy

Network configuration

PE 1 has multiple tunnels to reach PE 2, including two MPLS TE tunnels. An MPLS VPN exists on PE 1. Configure a tunnel policy, so the two MPLS TE tunnels are only used to forward traffic for that VPN.

Procedure

1. Reserve the MPLS TE tunnels only for tunnel bindings:

# Reserve MPLS TE tunnel 1 for tunnel bindings.

<PE1> system-view

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] mpls te reserved-for-binding

[PE1-Tunnel1] quit

# Reserve MPLS TE tunnel 2 for tunnel bindings.

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] mpls te reserved-for-binding

[PE1-Tunnel2] quit

2. Configure a tunnel policy on PE 1.

# Create a tunnel policy named text, binding the MPLS TE tunnels to the IP address of the MP-BGP peer, so that the tunnels can forward traffic only for a specific VPN.

<PE1> system-view

[PE1] tunnel-policy text

[PE1-tunnel-policy-text] binding-destination 2.2.2.2 te tunnel 1 tunnel 2

[PE1-tunnel-policy-text] quit

3. Create MPLS VPN instance vpna, and apply tunnel policy text to it.

[PE1] ip vpn-instance vpna

[PE1-vpn-instance-vpna] route-distinguisher 100:1

[PE1-vpn-instance-vpna] vpn-target 100:1

[PE1-vpn-instance-vpna] tnl-policy text

[PE1-vpn-instance-vpna] quit

Example: Configuring preferred tunnels and tunnel selection order

Network configuration

PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 2, and one LDP LSP tunnel.

PE 1 has multiple MPLS VPN instances: vpna, vpnb, vpnc, vpnd, and vpne. Table 70 shows the tunnel policy that PE 1 uses for each VPN instance.

Table 70 Tunnel policies used for VPN instances

VPN instance	Tunnel policy
vpna, vpnb	Use MPLS TE tunnel Tunnel 1 as the preferred tunnel.
vpnc, vpnd	Use MPLS TE tunnel Tunnel 2 as the preferred tunnel.
vpne	Uses one tunnel selected in LDP LSP-MPLS TE order.

‌

Procedure

1. Configure tunnel policies on PE 1:

# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.

<PE1> system-view

[PE1] tunnel-policy preferredte1

[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1

[PE1-tunnel-policy-preferredte1] quit

# Create tunnel policy preferredte2, and configure tunnel 2 as the preferred tunnel.

[PE1] tunnel-policy preferredte2

[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2

[PE1-tunnel-policy-preferredte2] quit

# Create tunnel policy select-lsp.

[PE1] tunnel-policy select-lsp

# Configure the policy to select only one tunnel in LDP LSP-MPLS TE order.

[PE1-tunnel-policy-select-lsp] select-seq lsp cr-lsp load-balance-number 1

[PE1-tunnel-policy-select-lsp] quit

2. Configure MPLS VPN instances and apply tunnel policies to the VPN instances:

# Create MPLS VPN instances vpna and vpnb, and apply tunnel policy preferredte1 to them.

[PE1] ip vpn-instance vpna

[PE1-vpn-instance-vpna] route-distinguisher 100:1

[PE1-vpn-instance-vpna] vpn-target 100:1

[PE1-vpn-instance-vpna] tnl-policy preferredte1

[PE1-vpn-instance-vpna] quit

[PE1] ip vpn-instance vpnb

[PE1-vpn-instance-vpnb] route-distinguisher 100:2

[PE1-vpn-instance-vpnb] vpn-target 100:2

[PE1-vpn-instance-vpnb] tnl-policy preferredte1

[PE1-vpn-instance-vpnb] quit

# Create MPLS VPN instances vpnc and vpnd, and apply tunnel policy preferredte2 to them.

[PE1] ip vpn-instance vpnc

[PE1-vpn-instance-vpnc] route-distinguisher 100:3

[PE1-vpn-instance-vpnc] vpn-target 100:3

[PE1-vpn-instance-vpnc] tnl-policy preferredte2

[PE1-vpn-instance-vpnc] quit

[PE1] ip vpn-instance vpnd

[PE1-vpn-instance-vpnd] route-distinguisher 100:4

[PE1-vpn-instance-vpnd] vpn-target 100:4

[PE1-vpn-instance-vpnd] tnl-policy preferredte2

[PE1-vpn-instance-vpnd] quit

# Create MPLS VPN instance vpne, and apply tunnel policy select-lsp to it.

[PE1] ip vpn-instance vpne

[PE1-vpn-instance-vpne] route-distinguisher 100:5

[PE1-vpn-instance-vpne] vpn-target 100:5

[PE1-vpn-instance-vpne] tnl-policy select-lsp

Tunnel selector configuration examples

Example: Configuring tunnel selectors for MPLS L3VPN inter-AS option B

Network configuration

As shown in Figure 245, site 1 and site 2 belong to the same VPN. CE 1 in site 1 accesses the MPLS network from PE 1 in AS 100. CE 2 in site 2 accesses the MPLS network from PE 2 in AS 600. IS-IS is running within the ASs.

PE 1 and ASBR-PE 1 exchange VPNv4 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv4 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv4 routes through MP-EBGP.

A tunnel policy is applied on the PEs and a tunnel selector is applied on the ASBRs so the devices can select an MPLS TE tunnel to forward traffic between the sites.

The ASBRs do not perform route target filtering of received VPNv4 routes.

Figure 245 Network diagram

‌

Table 71 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30.0.0.1/8		XGE3/0/1	20.0.0.1/8
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8

‌

Procedure

1. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Bind the interface connected to CE 1 to the created VPN instance.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 8

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Configure IBGP peer 3.3.3.9 as a VPNv4 peer.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

# Redistribute direct routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of ASBR-PE 1 (3.3.3.9). Assign 2000 kbps bandwidth to the tunnel.

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls te enable

[PE1-Ten-GigabitEthernet3/0/5] mpls te max-link-bandwidth 10000

[PE1-Ten-GigabitEthernet3/0/5] mpls te max-reservable-bandwidth 5000

[PE1-Ten-GigabitEthernet3/0/5] rsvp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address unnumbered interface LoopBack0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.

[PE1] tunnel-policy tpolicy1

[PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1

[PE1-tunnel-policy-tpolicy1] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy tpolicy1

[PE1-vpn-instance-vpn1] quit

2. Configure ASBR-PE 1:

# Configure IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Configure BGP on ASBR-PE 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface ten-gigabitethernet 3/0/4

# Disable route target based filtering of received VPNv4 routes.

[ASBR-PE1-bgp-default] address-family vpnv4

[ASBR-PE1-bgp-default-vpnv4] undo policy vpn-target

# Configure IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv4 peers.

[ASBR-PE1-bgp-default-vpnv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-vpnv4] quit

[ASBR-PE1-bgp-default] quit

# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of PE 1 (2.2.2.9). Assign 2000 kbps bandwidth to the tunnel.

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

[ASBR-PE1] rsvp

[ASBR-PE1-rsvp] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls te enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls te max-link-bandwidth 10000

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls te max-reservable-bandwidth 5000

[ASBR-PE1-Ten-GigabitEthernet3/0/5] rsvp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] cost-style wide

[ASBR-PE1-isis-1] mpls te enable level-2

[ASBR-PE1-isis-1] quit

[ASBR-PE1] interface tunnel 1 mode mpls-te

[ASBR-PE1-Tunnel1] ip address unnumbered interface LoopBack0

[ASBR-PE1-Tunnel1] destination 2.2.2.9

[ASBR-PE1-Tunnel1] mpls te signaling rsvp-te

[ASBR-PE1-Tunnel1] mpls te bandwidth 2000

[ASBR-PE1-Tunnel1] quit

# Configure tunnel policy tpolicy1 and tunnel selector ts1, specify the tunnel policy for the tunnel selector, and then apply the tunnel selector in BGP VPNv4 view.

[ASBR-PE1] tunnel-policy tpolicy1

[ASBR-PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1

[ASBR-PE1-tunnel-policy-tpolicy1] quit

[ASBR-PE1] tunnel-selector ts1 permit node 1

[ASBR-PE1-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1

[ASBR-PE1-tunnel-selector-ts1-1] quit

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] address-family vpnv4

[ASBR-PE1-bgp-default-vpnv4] apply tunnel-selector ts1

[ASBR-PE1-bgp-default-vpnv4] quit

[ASBR-PE1-bgp-default] quit

3. Configure ASBR-PE 2:

# Configure IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Configure BGP on ASBR-PE 2.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface ten-gigabitethernet 3/0/4

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

# Disable route target based filtering of received VPNv4 routes.

[ASBR-PE2-bgp-default] address-family vpnv4

[ASBR-PE2-bgp-default-vpnv4] undo policy vpn-target

# Configure IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv4 peers.

[ASBR-PE2-bgp-default-vpnv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-vpnv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-vpnv4] quit

[ASBR-PE2-bgp-default] quit

# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of PE 2 (5.5.5.9). Assign 2000 kbps bandwidth to the tunnel.

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

[ASBR-PE2] rsvp

[ASBR-PE2-rsvp] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls te enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls te max-link-bandwidth 10000

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls te max-reservable-bandwidth 5000

[ASBR-PE2-Ten-GigabitEthernet3/0/5] rsvp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] cost-style wide

[ASBR-PE2-isis-1] mpls te enable level-2

[ASBR-PE2-isis-1] quit

[ASBR-PE2] interface tunnel 1 mode mpls-te

[ASBR-PE2-Tunnel1] ip address unnumbered interface LoopBack0

[ASBR-PE2-Tunnel1] destination 5.5.5.9

[ASBR-PE2-Tunnel1] mpls te signaling rsvp-te

[ASBR-PE2-Tunnel1] mpls te bandwidth 2000

[ASBR-PE2-Tunnel1] quit

# Configure tunnel policy tpolicy1 and tunnel selector ts1, specify the tunnel policy for the tunnel selector, and then apply the tunnel selector in BGP VPNv4 view.

[ASBR-PE2] tunnel-policy tpolicy1

[ASBR-PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1

[ASBR-PE2-tunnel-policy-tpolicy1] quit

[ASBR-PE2] tunnel-selector ts1 permit node 1

[ASBR-PE2-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1

[ASBR-PE2-tunnel-selector-ts1-1] quit

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] address-family vpnv4

[ASBR-PE2-bgp-default-vpnv4] apply tunnel-selector ts1

[ASBR-PE2-bgp-default-vpnv4] quit

[ASBR-PE2-bgp-default] quit

4. Configure PE 2:

# Configure IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 12:12

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Bind the interface connected to CE 2 to the created VPN instance.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 8

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Configure IBGP peer 4.4.4.9 as a VPNv4 peer.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE2-bgp-default-vpnv4] quit

# Redistribute direct routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] import-route direct

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of ASBR-PE 2 (4.4.4.9). Assign 2000 kbps bandwidth to the tunnel.

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls te enable

[PE2-Ten-GigabitEthernet3/0/5] mpls te max-link-bandwidth 10000

[PE2-Ten-GigabitEthernet3/0/5] mpls te max-reservable-bandwidth 5000

[PE2-Ten-GigabitEthernet3/0/5] rsvp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

[PE2] interface tunnel 1 mode mpls-te

[PE2-Tunnel1] ip address unnumbered interface LoopBack0

[PE2-Tunnel1] destination 4.4.4.9

[PE2-Tunnel1] mpls te signaling rsvp-te

[PE2-Tunnel1] mpls te bandwidth 2000

[PE2-Tunnel1] quit

# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.

[PE2] tunnel-policy tpolicy1

[PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1

[PE2-tunnel-policy-tpolicy1] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] tnl-policy tpolicy1

[PE2-vpn-instance-vpn1] quit

Verifying the configuration

# Verify that the CE-facing interfaces (Ten-GigabitEthernet 3/0/1) on PE 1 and PE 2 can ping each other.

# Verify that tunnel policy tpolicy1 has been successfully applied between PE 1 and ASBR-PE 1 and between PE 2 and ASBR-PE 2. The devices select MPLS TE tunnel 1 as instructed by the tunnel policy.

Example: Configuring tunnel selectors for MPLS L3VPN inter-AS option C

Network configuration

As shown in Figure 246, site 1 and site 2 belong to the same VPN. CE 1 in site 1 accesses the MPLS network from PE 1 in AS 100. CE 2 in site 2 accesses the MPLS network from PE 2 in AS 600. OSPF is running within the ASs as the IGP.

PE 1 and ASBR-PE 1 exchange labeled IPv4 routes through IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes through IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv4 routes through MP-EBGP. PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.

On the PE and ASBR devices, enable MPLS SR for OSPF and BGP. Configure the loopback interfaces to use dynamically allocated SIDs to establish SRLSPs. Create MPLS TE tunnels that use the SRLSPs to forward traffic.

On the PEs, apply a tunnel selector so they can select MPLS TE tunnels to forward traffic between the sites with guaranteed bandwidth.

Figure 246 Network diagram

‌

Table 72 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure CE 1:

# Configure an IP address for Ten-GigabitEthernet 3/0/1, and configure a static route.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] ip route-static 100.0.0.0 24 30.0.0.1

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] network 100.0.0.0 24

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Configure OSPF, configure the LSR ID, and enable MPLS and MPLS TE.

<PE1> system-view

[PE1] ospf 1 router-id 2.2.2.9

[PE1-ospf-1] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] ospf 1 area 0

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls te

[PE1-te] quit

# Enable MPLS SR in OSPF view, and configure a prefix SID index.

[PE1] ospf 1

[PE1-ospf-1] segment-routing mpls

[PE1-ospf-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ospf 1 prefix-sid index 20

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Create a routing policy named policy1. Configure a label index for the matching routes.

[PE1] route-policy policy1 permit node 1

[PE1-route-policy-policy1-1] apply label-index 20

[PE1-route-policy-policy1-1] quit

# Enable BGP to exchange labeled IPv4 routes with IBGP peer 3.3.3.9.

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] peer 3.3.3.9 enable

[PE1-bgp-default-ipv4] peer 3.3.3.9 label-route-capability

# Enable MPLS SR for BGP.

[PE1-bgp-default-ipv4] segment-routing mpls

# Inject the IP address of Loopback 0 to the BGP routing table, and apply routing policy policy1.

[PE1-bgp-default-ipv4] network 2.2.2.9 32 route-policy policy1

[PE1-bgp-default-ipv4] quit

# Enable BGP to establish an EBGP session to indirectly connected peer 5.5.5.9, and set the maximum hop count to 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure static SRLSPs. The outgoing labels are 16030 and 16050, which are the prefix SIDs assigned to PE 1 by ASBR-PE 1 and PE 2, respectively.

[PE1] static-sr-mpls lsp static-sr-lsp-1 out-label 16030 16050

[PE1] static-sr-mpls lsp static-sr-lsp-2 out-label 16030 16050

# Establish MPLS tunnels Tunnel 1 and Tunnel 2 to PE 2. Configure the tunnel destination address as 5.5.5.9, the IP address of the loopback interface on PE 2. Configure the tunnels to use static SRLSPs.

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address unnumbered interface LoopBack0

[PE1-Tunnel1] destination 5.5.5.9

[PE1-Tunnel1] mpls te signaling static

[PE1-Tunnel1] mpls te static-sr-mpls static-sr-lsp-1

[PE1-Tunnel1] quit

[PE1] interface tunnel 2 mode mpls-te

[PE1-Tunnel2] ip address unnumbered interface LoopBack0

[PE1-Tunnel2] destination 5.5.5.9

[PE1-Tunnel2] mpls te signaling static

[PE1-Tunnel2] mpls te static-sr-mpls static-sr-lsp-2

[PE1-Tunnel2] quit

# Configure IP prefix lists p1 and p2. Create tunnel policies tp1 and tp2. Create tunnel selector ts1. Apply the tunnel selector in BGP VPNv4 view.

[PE1] ip prefix-list p1 permit 20.0.0.0 24

[PE1] ip prefix-list p2 permit 200.0.0.0 24

[PE1] tunnel-policy tp1

[PE1-tunnel-policy-tp1] preferred-path tunnel 1

[PE1-tunnel-policy-tp1] quit

[PE1] tunnel-policy tp2

[PE1-tunnel-policy-tp2] preferred-path tunnel 2

[PE1-tunnel-policy-tp2] quit

[PE1] tunnel-selector ts1 permit node 1

[PE1-tunnel-selector-ts1-1] if-match ip address prefix-list p1

[PE1-tunnel-selector-ts1-1] apply tunnel-policy tp1

[PE1-tunnel-selector-ts1-1] quit

[PE1] tunnel-selector ts1 permit node 2

[PE1-tunnel-selector-ts1-2] if-match ip address prefix-list p2

[PE1-tunnel-selector-ts1-2] apply tunnel-policy tp2

[PE1-tunnel-selector-ts1-2] quit

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] apply tunnel-selector ts1

3. Configure ASBR-PE 1:

# Configure OSPF, configure the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE1> system-view

[ASBR-PE1] ospf 1 router-id 3.3.3.9

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] ospf 1 area 0

[ASBR-PE1-LoopBack0] quit

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

# Enable MPLS SR in OSPF view, and configure a prefix SID index.

[ASBR-PE1] ospf 1

[ASBR-PE1-ospf-1] segment-routing mpls

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ospf 1 prefix-sid index 30

[ASBR-PE1-LoopBack0] quit

# Enable BGP to exchange labeled IPv4 routes with IBGP peer 2.2.2.9.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 label-route-capability

# Enable MPLS SR for BGP.

[ASBR-PE1-bgp-default-ipv4] segment-routing mpls

[ASBR-PE1-bgp-default-ipv4] quit

# Enable BGP to exchange labeled IPv4 routes with EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability

[ASBR-PE1-bgp-default-ipv4] quit

[ASBR-PE1-bgp-default] quit

4. Configure ASBR-PE 2:

# Configure OSPF, configure the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE2> system-view

[ASBR-PE2] ospf 1 router-id 4.4.4.9

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] ospf 1 area 0

[ASBR-PE2-LoopBack0] quit

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls te

# Enable MPLS SR in OSPF view, and configure a prefix SID index.

[ASBR-PE2] ospf 1

[ASBR-PE2-ospf-1] segment-routing mpls

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ospf 1 prefix-sid index 40

[ASBR-PE2-LoopBack0] quit

# Enable BGP to exchange labeled IPv4 routes with EBGP peer 5.5.5.9.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 label-route-capability

# Enable MPLS SR for BGP.

[ASBR-PE2-bgp-default-ipv4] segment-routing mpls

[ASBR-PE2-bgp-default-ipv4] quit

# Enable BGP to exchange labeled IPv4 routes with EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability

[ASBR-PE2-bgp-default-ipv4] quit

[ASBR-PE2-bgp-default] quit

5. Configure PE 2:

# Configure IS-IS, configure the MPLS LSR ID, and enable MPLS and LDP.

<PE2> system-view

[PE2] ospf 1 router-id 5.5.5.9

[PE2-ospf-1] quit

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] ospf 1 area 0

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls te

[PE2-te] quit

# Enable MPLS SR in OSPF view, and configure a prefix SID index.

[PE2] ospf 1

[PE2-ospf-1] segment-routing mpls

[PE2] interface loopback 0

[PE2-LoopBack0] ospf 1 prefix-sid index 50

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Create a routing policy named policy1. Configure a label index for the matching routes.

[PE2] route-policy policy1 permit node 1

[PE2-route-policy-policy1-1] apply label-index 50

[PE2-route-policy-policy1-1] quit

# Enable BGP to exchange labeled IPv4 routes with IBGP peer 4.4.4.9.

[PE2] bgp 600

[PE2-bgp-default] peer 4.4.4.9 as-number 100

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] peer 4.4.4.9 enable

[PE2-bgp-default-ipv4] peer 4.4.4.9 label-route-capability

# Enable MPLS SR for BGP.

[PE2-bgp-default-ipv4] segment-routing mpls

# Inject the IP address of Loopback 0 to the BGP routing table, and apply routing policy policy1.

[PE2-bgp-default-ipv4] network 5.5.5.9 32 route-policy policy1

[PE2-bgp-default-ipv4] quit

# Enable BGP to establish an EBGP session to indirectly connected peer 2.2.2.9, and set the maximum hop count to 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 600

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65001

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# Configure static SRLSPs. The outgoing labels are 16040 and 16020, which are the prefix SIDs assigned to PE 2 by ASBR-PE 2 and PE 1, respectively.

[PE2] static-sr-mpls lsp static-sr-lsp-1 out-label 16040 16020

[PE2] static-sr-mpls lsp static-sr-lsp-2 out-label 16040 16020

# Establish MPLS tunnels Tunnel 1 and Tunnel 2 to PE 1. Configure the tunnel destination address as 2.2.2.9, the IP address of the loopback interface on PE 1. Configure the tunnels to use static SRLSPs.

[PE2] interface tunnel 1 mode mpls-te

[PE2-Tunnel1] ip address unnumbered interface LoopBack0

[PE2-Tunnel1] destination 2.2.2.9

[PE2-Tunnel1] mpls te signaling static

[PE2-Tunnel1] mpls te static-sr-mpls static-sr-lsp-1

[PE2-Tunnel1] quit

[PE2] interface tunnel 2 mode mpls-te

[PE2-Tunnel2] ip address unnumbered interface LoopBack0

[PE2-Tunnel2] destination 2.2.2.9

[PE2-Tunnel2] mpls te signaling static

[PE2-Tunnel2] mpls te static-sr-mpls static-sr-lsp-2

[PE2-Tunnel2] quit

# Configure IP prefix lists p1 and p2. Create tunnel policies tp1 and tp2. Create tunnel selector ts1. Apply the tunnel selector in BGP VPNv4 view.

[PE2] ip prefix-list p1 permit 30.0.0.0 24

[PE2] ip prefix-list p2 permit 100.0.0.0 24

[PE2] tunnel-policy tp1

[PE2-tunnel-policy-tp1] preferred-path tunnel 1

[PE2-tunnel-policy-tp1] quit

[PE2] tunnel-policy tp2

[PE2-tunnel-policy-tp2] preferred-path tunnel 2

[PE2-tunnel-policy-tp2] quit

[PE2] tunnel-selector ts1 permit node 1

[PE2-tunnel-selector-ts1-1] if-match ip address prefix-list p1

[PE2-tunnel-selector-ts1-1] apply tunnel-policy tp1

[PE2-tunnel-selector-ts1-1] quit

[PE2] tunnel-selector ts1 permit node 2

[PE2-tunnel-selector-ts1-2] if-match ip address prefix-list p2

[PE2-tunnel-selector-ts1-2] apply tunnel-policy tp2

[PE2-tunnel-selector-ts1-2] quit

[PE2] bgp 600

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] apply tunnel-selector ts1

6. Configure CE 2:

# Configure an IP address for Ten-GigabitEthernet 3/0/1, and configure a static route.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

[CE2] ip route-static 200.0.0.0 24 20.0.0.1

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] network 200.0.0.0 24

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Use the display ip routing-table command to verify that CE 1 and CE 2 have a route to reach each other.

# Verify that CE 1 and CE 2 can ping each other.

Example: Configuring tunnel selectors for HoVPN

Network configuration

As shown in Figure 247, the MPLS VPN network is a two-level HoVPN. The PE devices on the level 1 network are SPEs. The PE devices on the level 2 network are UPEs.

The SPEs provide access service for the UPEs. The UPEs provide access service for the end users of the VPNs.

Configure routing policies on the SPEs to filter routes to be advertised to the UPEs. So, CE 1 and CE 3 in VPN 1 can communicate with each other, but CE 2 and CE 4 in VPN 2 cannot communicate with each other.

Apply a tunnel selector on the SPEs and UPEs, so the VPN traffic can be forwarded by MPLS TE tunnels with guaranteed bandwidth.

Figure 247 Network diagram

‌

Table 73 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.2.1.1/24	CE 3	XGE3/0/1	10.1.1.1/24
CE 2	XGE3/0/1	10.4.1.1/24	CE 4	XGE3/0/1	10.3.1.1/24
UPE 1	Loop0	1.1.1.9/32	UPE 2	Loop0	4.4.4.9/32
	XGE3/0/1	10.2.1.2/24		XGE3/0/1	172.2.1.1/24
	XGE3/0/2	10.4.1.2/24		XGE3/0/2	10.1.1.2/24
	XGE3/0/3	172.1.1.1/24		XGE3/0/3	10.3.1.2/24
SPE 1	Loop0	2.2.2.9/32	SPE 2	Loop0	3.3.3.9/32
	XGE3/0/1	172.1.1.2/24		XGE3/0/1	180.1.1.2/24
	XGE3/0/2	180.1.1.1/24		XGE3/0/2	172.2.1.2/24

‌

Procedure

1. Configure UPE 1:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<UPE1> system-view

[UPE1] interface loopback 0

[UPE1-LoopBack0] ip address 1.1.1.9 32

[UPE1-LoopBack0] quit

[UPE1] mpls lsr-id 1.1.1.9

[UPE1] mpls ldp

[UPE1-ldp] quit

[UPE1] interface ten-gigabitethernet 3/0/3

[UPE1-Ten-GigabitEthernet3/0/3] ip address 172.1.1.1 24

[UPE1-Ten-GigabitEthernet3/0/3] mpls enable

[UPE1-Ten-GigabitEthernet3/0/3] mpls ldp enable

[UPE1-Ten-GigabitEthernet3/0/3] quit

# Configure the IGP (OSPF in this example).

[UPE1] ospf

[UPE1-ospf-1] area 0

[UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[UPE1-ospf-1-area-0.0.0.0] quit

[UPE1-ospf-1] quit

# Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1.

[UPE1] ip vpn-instance vpn1

[UPE1-vpn-instance-vpn1] route-distinguisher 100:1

[UPE1-vpn-instance-vpn1] vpn-target 100:1 both

[UPE1-vpn-instance-vpn1] quit

[UPE1] ip vpn-instance vpn2

[UPE1-vpn-instance-vpn2] route-distinguisher 100:2

[UPE1-vpn-instance-vpn2] vpn-target 100:2 both

[UPE1-vpn-instance-vpn2] quit

[UPE1] interface ten-gigabitethernet 3/0/1

[UPE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[UPE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

[UPE1-Ten-GigabitEthernet3/0/1] quit

[UPE1] interface ten-gigabitethernet 3/0/2

[UPE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[UPE1-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24

[UPE1-Ten-GigabitEthernet3/0/2] quit

# Establish an MP-IBGP peer relationship with SPE 1.

[UPE1] bgp 100

[UPE1-bgp-default] peer 2.2.2.9 as-number 100

[UPE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[UPE1-bgp-default] address-family vpnv4

[UPE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[UPE1-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 1.

[UPE1-bgp-default] ip vpn-instance vpn1

[UPE1-bgp-default-vpn1] peer 10.2.1.1 as-number 65410

[UPE1-bgp-default-vpn1] address-family ipv4 unicast

[UPE1-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable

[UPE1-bgp-default-ipv4-vpn1] quit

[UPE1-bgp-default-vpn1] quit

# Establish an EBGP peer relationship with CE 2.

[UPE1-bgp-default] ip vpn-instance vpn2

[UPE1-bgp-default-vpn2] peer 10.4.1.1 as-number 65420

[UPE1-bgp-default-vpn2] address-family ipv4 unicast

[UPE1-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable

[UPE1-bgp-default-ipv4-vpn2] quit

[UPE1-bgp-default-vpn2] quit

[UPE1-bgp-default] quit

# Enable MPLS TE, RSVP-TE, and OSPF TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnels (Tunnel 1 and Tunnel 2). Set the tunnels' destination address as the LSR ID of SPE 1 (2.2.2.9). Assign 2000 kbps bandwidth to the tunnels.

[UPE1] mpls te

[UPE1-te] quit

[UPE1] rsvp

[UPE1-rsvp] quit

[UPE1] interface ten-gigabitethernet 3/0/3

[UPE1-Ten-GigabitEthernet3/0/3] mpls enable

[UPE1-Ten-GigabitEthernet3/0/3] mpls te enable

[UPE1-Ten-GigabitEthernet3/0/3] mpls te max-link-bandwidth 10000

[UPE1-Ten-GigabitEthernet3/0/3] mpls te max-reservable-bandwidth 5000

[UPE1-Ten-GigabitEthernet3/0/3] rsvp enable

[UPE1-Ten-GigabitEthernet3/0/3] quit

[UPE1] ospf 1

[UPE1-ospf-1] area 0

[UPE1-ospf-1-area-0.0.0.0] mpls te enable

[UPE1-ospf-1] quit

[UPE1] interface tunnel 1 mode mpls-te

[UPE1-Tunnel1] ip address unnumbered interface LoopBack0

[UPE1-Tunnel1] destination 2.2.2.9

[UPE1-Tunnel1] mpls te signaling rsvp-te

[UPE1-Tunnel1] mpls te bandwidth 2000

[UPE1-Tunnel1] quit

[UPE1] interface tunnel 2 mode mpls-te

[UPE1-Tunnel2] ip address unnumbered interface LoopBack0

[UPE1-Tunnel2] destination 2.2.2.9

[UPE1-Tunnel2] mpls te signaling rsvp-te

[UPE1-Tunnel2] mpls te bandwidth 2000

[UPE1-Tunnel2] quit

# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.

[UPE1] tunnel-policy tpolicy1

[UPE1-tunnel-policy-tpolicy1] select-seq cr-lsp lsp load-balance-number 2

[UPE1-tunnel-policy-tpolicy1] quit

[UPE1] ip vpn-instance vpn1

[UPE1-vpn-instance-vpn1] tnl-policy tpolicy1

[UPE1-vpn-instance-vpn1] quit

2. Configure CE 1:

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 255.255.255.0

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] bgp 65410

[CE1-bgp-default] peer 10.2.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.2.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3. Configure CE 2:

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 10.4.1.1 255.255.255.0

[CE2-Ten-GigabitEthernet3/0/1] quit

[CE2] bgp 65420

[CE2-bgp-default] peer 10.4.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.4.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

4. Configure UPE 2:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<UPE2> system-view

[UPE2] interface loopback 0

[UPE2-LoopBack0] ip address 4.4.4.9 32

[UPE2-LoopBack0] quit

[UPE2] mpls lsr-id 4.4.4.9

[UPE2] mpls ldp

[UPE2-ldp] quit

[UPE2] interface ten-gigabitethernet 3/0/1

[UPE2-Ten-GigabitEthernet3/0/1] ip address 172.2.1.1 24

[UPE2-Ten-GigabitEthernet3/0/1] mpls enable

[UPE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[UPE2-Ten-GigabitEthernet3/0/1] quit

# Configure the IGP (OSPF in this example).

[UPE2] ospf

[UPE2-ospf-1] area 0

[UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[UPE2-ospf-1-area-0.0.0.0] quit

[UPE2-ospf-1] quit

# Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.

[UPE2] ip vpn-instance vpn1

[UPE2-vpn-instance-vpn1] route-distinguisher 300:1

[UPE2-vpn-instance-vpn1] vpn-target 100:1 both

[UPE2-vpn-instance-vpn1] quit

[UPE2] ip vpn-instance vpn2

[UPE2-vpn-instance-vpn2] route-distinguisher 400:2

[UPE2-vpn-instance-vpn2] vpn-target 100:2 both

[UPE2-vpn-instance-vpn2] quit

[UPE2] interface ten-gigabitethernet 3/0/2

[UPE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1

[UPE2-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 24

[UPE2-Ten-GigabitEthernet3/0/2] quit

[UPE2] interface ten-gigabitethernet 3/0/3

[UPE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance vpn2

[UPE2-Ten-GigabitEthernet3/0/3] ip address 10.3.1.2 24

[UPE2-Ten-GigabitEthernet3/0/3] quit

# Establish an MP-IBGP peer relationship with SPE 2.

[UPE2] bgp 100

[UPE2-bgp-default] peer 3.3.3.9 as-number 100

[UPE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[UPE2-bgp-default] address-family vpnv4

[UPE2-bgp-default-vpnv4] peer 3.3.3.9 enable

[UPE2-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 3.

[UPE2-bgp-default] ip vpn-instance vpn1

[UPE2-bgp-default-vpn1] peer 10.1.1.1 as-number 65430

[UPE2-bgp-default-vpn1] address-family ipv4 unicast

[UPE2-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[UPE2-bgp-default-ipv4-vpn1] quit

[UPE2-bgp-default-vpn1] quit

# Establish an EBGP peer relationship with CE 4.

[UPE2-bgp-default] ip vpn-instance vpn2

[UPE2-bgp-default-vpn2] peer 10.3.1.1 as-number 65440

[UPE2-bgp-default-vpn2] address-family ipv4 unicast

[UPE2-bgp-default-ipv4-vpn2] peer 10.3.1.1 enable

[UPE2-bgp-default-ipv4-vpn2] quit

[UPE2-bgp-default-vpn2] quit

[UPE2-bgp-default] quit

# Enable MPLS TE, RSVP-TE, and OSPF TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnels (Tunnel 1 and Tunnel 2). Set the tunnels' destination address as the LSR ID of SPE 2 (3.3.3.9). Assign 2000 kbps bandwidth to the tunnels.

[UPE2] mpls te

[UPE2-te] quit

[UPE2] rsvp

[UPE2-rsvp] quit

[UPE2] interface ten-gigabitethernet 3/0/3

[UPE2-Ten-GigabitEthernet3/0/3] mpls enable

[UPE2-Ten-GigabitEthernet3/0/3] mpls te enable

[UPE2-Ten-GigabitEthernet3/0/3] mpls te max-link-bandwidth 10000

[UPE2-Ten-GigabitEthernet3/0/3] mpls te max-reservable-bandwidth 5000

[UPE2-Ten-GigabitEthernet3/0/3] rsvp enable

[UPE2-Ten-GigabitEthernet3/0/3] quit

[UPE2] ospf 1

[UPE2-ospf-1] area 0

[UPE2-ospf-1-area-0.0.0.0] mpls te enable

[UPE2-ospf-1] quit

[UPE2] interface tunnel 1 mode mpls-te

[UPE2-Tunnel1] ip address unnumbered interface LoopBack0

[UPE2-Tunnel1] destination 3.3.3.9

[UPE2-Tunnel1] mpls te signaling rsvp-te

[UPE2-Tunnel1] mpls te bandwidth 2000

[UPE2-Tunnel1] quit

[UPE2] interface tunnel 2 mode mpls-te

[UPE2-Tunnel2] ip address unnumbered interface LoopBack0

[UPE2-Tunnel2] destination 3.3.3.9

[UPE2-Tunnel2] mpls te signaling rsvp-te

[UPE2-Tunnel2] mpls te bandwidth 2000

[UPE2-Tunnel2] quit

# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.

[UPE2] tunnel-policy tpolicy1

[UPE2-tunnel-policy-tpolicy1] select-seq cr-lsp lsp load-balance-number 2

[UPE2-tunnel-policy-tpolicy1] quit

[UPE2] ip vpn-instance vpn1

[UPE2-vpn-instance-vpn1] tnl-policy tpolicy1

[UPE2-vpn-instance-vpn1] quit

5. Configure CE 3:

<CE3> system-view

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 255.255.255.0

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] bgp 65430

[CE3-bgp-default] peer 10.1.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 10.1.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

6. Configure CE 4:

<CE4> system-view

[CE4] interface ten-gigabitethernet 3/0/1

[CE4-Ten-GigabitEthernet3/0/1] ip address 10.3.1.1 255.255.255.0

[CE4-Ten-GigabitEthernet3/0/1] quit

[CE4] bgp 65440

[CE4-bgp-default] peer 10.3.1.2 as-number 100

[CE4-bgp-default] address-family ipv4 unicast

[CE4-bgp-default-ipv4] peer 10.3.1.2 enable

[CE4-bgp-default-ipv4] import-route direct

[CE4-bgp-default-ipv4] quit

[CE4-bgp-default] quit

7. Configure SPE 1:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<SPE1> system-view

[SPE1] interface loopback 0

[SPE1-LoopBack0] ip address 2.2.2.9 32

[SPE1-LoopBack0] quit

[SPE1] mpls lsr-id 2.2.2.9

[SPE1] mpls ldp

[SPE1-ldp] quit

[SPE1] interface ten-gigabitethernet 3/0/1

[SPE1-Ten-GigabitEthernet3/0/1] ip address 172.1.1.2 24

[SPE1-Ten-GigabitEthernet3/0/1] mpls enable

[SPE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[SPE1-Ten-GigabitEthernet3/0/1] quit

[SPE1] interface ten-gigabitethernet 3/0/2

[SPE1-Ten-GigabitEthernet3/0/2] ip address 180.1.1.1 24

[SPE1-Ten-GigabitEthernet3/0/2] mpls enable

[SPE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[SPE1-Ten-GigabitEthernet3/0/2] quit

# Configure the IGP (OSPF in this example).

[SPE1] ospf

[SPE1-ospf-1] area 0

[SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] quit

[SPE1-ospf-1] quit

# Configure VPN instances vpn1 and vpn2.

[SPE1] ip vpn-instance vpn1

[SPE1-vpn-instance-vpn1] route-distinguisher 500:1

[SPE1-vpn-instance-vpn1] vpn-target 100:1 both

[SPE1-vpn-instance-vpn1] quit

[SPE1] ip vpn-instance vpn2

[SPE1-vpn-instance-vpn2] route-distinguisher 700:1

[SPE1-vpn-instance-vpn2] vpn-target 100:2 both

[SPE1-vpn-instance-vpn2] quit

# Establish MP-IBGP peer relationships with SPE 2 and UPE 1, and specify UPE 1 as a UPE.

[SPE1] bgp 100

[SPE1-bgp-default] peer 1.1.1.9 as-number 100

[SPE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[SPE1-bgp-default] peer 3.3.3.9 as-number 100

[SPE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[SPE1-bgp-default] address-family vpnv4

[SPE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 enable

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 upe

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 next-hop-local

[SPE1-bgp-default-vpnv4] quit

# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

[SPE1-bgp-default] ip vpn-instance vpn1

[SPE1-bgp-default-vpn1] quit

[SPE1-bgp-default] ip vpn-instance vpn2

[SPE1-bgp-default-vpn2] quit

[SPE1-bgp-default] quit

# Advertise to UPE 1 the routes permitted by a routing policy (the routes of CE 3).

[SPE1] ip prefix-list hope index 10 permit 10.1.1.1 24

[SPE1] route-policy hope permit node 0

[SPE1-route-policy-hope-0] if-match ip address prefix-list hope

[SPE1-route-policy-hope-0] quit

[SPE1] bgp 100

[SPE1-bgp-default] address-family vpnv4

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 upe route-policy hope export

[SPE1-bgp-default-vpnv4] quit

[SPE1-bgp-default] quit

# Enable MPLS TE, RSVP-TE, and OSPF TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnels (Tunnel 1 through Tunnel 4). Set the tunnel destination address for Tunnel 1 and Tunnel 2 as the LSR ID of UPE 1 (1.1.1.9) and that for Tunnel 3 and Tunnel 4 as the LSR ID of SPE 2 (3.3.3.9). Assign 2000 kbps bandwidth to all these tunnels.

[SPE1] mpls te

[SPE1-te] quit

[SPE1] rsvp

[SPE1-rsvp] quit

[SPE1] interface ten-gigabitethernet 3/0/1

[SPE1-Ten-GigabitEthernet3/0/1] mpls enable

[SPE1-Ten-GigabitEthernet3/0/1] mpls te enable

[SPE1-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[SPE1-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[SPE1-Ten-GigabitEthernet3/0/1] rsvp enable

[SPE1-Ten-GigabitEthernet3/0/1] quit

[SPE1] interface ten-gigabitethernet 3/0/2

[SPE1-Ten-GigabitEthernet3/0/2] mpls enable

[SPE1-Ten-GigabitEthernet3/0/2] mpls te enable

[SPE1-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[SPE1-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[SPE1-Ten-GigabitEthernet3/0/2] rsvp enable

[SPE1-Ten-GigabitEthernet3/0/2] quit

[SPE1] ospf 1

[SPE1-ospf-1] area 0

[SPE1-ospf-1-area-0.0.0.0] mpls te enable

[SPE1-ospf-1] quit

[SPE1] interface tunnel 1 mode mpls-te

[SPE1-Tunnel1] ip address unnumbered interface LoopBack0

[SPE1-Tunnel1] destination 1.1.1.9

[SPE1-Tunnel1] mpls te signaling rsvp-te

[SPE1-Tunnel1] mpls te bandwidth 2000

[SPE1-Tunnel1] quit

[SPE1] interface tunnel 2 mode mpls-te

[SPE1-Tunnel2] ip address unnumbered interface LoopBack0

[SPE1-Tunnel2] destination 1.1.1.9

[SPE1-Tunnel2] mpls te signaling rsvp-te

[SPE1-Tunnel2] mpls te bandwidth 2000

[SPE1-Tunnel2] quit

[SPE1] interface tunnel 3 mode mpls-te

[SPE1-Tunnel3] ip address unnumbered interface LoopBack0

[SPE1-Tunnel3] destination 3.3.3.9

[SPE1-Tunnel3] mpls te signaling rsvp-te

[SPE1-Tunnel3] mpls te bandwidth 2000

[SPE1-Tunnel3] quit

[SPE1] interface tunnel 4 mode mpls-te

[SPE1-Tunnel4] ip address unnumbered interface LoopBack0

[SPE1-Tunnel4] destination 3.3.3.9

[SPE1-Tunnel4] mpls te signaling rsvp-te

[SPE1-Tunnel4] mpls te bandwidth 2000

[SPE1-Tunnel4] quit

# Configure IP prefix lists pt1, pt2, pt3, and pt4 to permit the IP addresses of the CEs.

[SPE1] ip prefix-list pt1 index 10 permit 10.2.1.1 24

[SPE1] ip prefix-list pt2 index 10 permit 10.4.1.1 24

[SPE1] ip prefix-list pt3 index 10 permit 10.1.1.1 24

[SPE1] ip prefix-list pt4 index 10 permit 10.3.1.1 24

# Create tunnel policies tp1, tp2, tp3, and tp4 and specify the MPLS TE tunnels as the preferred tunnels of the tunnel policies.

[SPE1] tunnel-policy tp1

[SPE1-tunnel-policy-tp1] preferred-path tunnel 1

[SPE1-tunnel-policy-tp1] quit

[SPE1] tunnel-policy tp2

[SPE1-tunnel-policy-tp2] preferred-path tunnel 2

[SPE1-tunnel-policy-tp2] quit

[SPE1] tunnel-policy tp3

[SPE1-tunnel-policy-tp3] preferred-path tunnel 3

[SPE1-tunnel-policy-tp3] quit

[SPE1] tunnel-policy tp4

[SPE1-tunnel-policy-tp4] preferred-path tunnel 4

[SPE1-tunnel-policy-tp4] quit

# Configure tunnel selectors ts1 and ts2 to apply the tunnel policies to routes that match the IP prefix lists.

[SPE1] tunnel-selector ts1 permit node 1

[SPE1-tunnel-selector-ts1-1] if-match ip address prefix-list pt1

[SPE1-tunnel-selector-ts1-1] apply tunnel-policy tp1

[SPE1-tunnel-selector-ts1-1] quit

[SPE1] tunnel-selector ts1 permit node 2

[SPE1-tunnel-selector-ts1-2] if-match ip address prefix-list pt3

[SPE1-tunnel-selector-ts1-2] apply tunnel-policy tp3

[SPE1-tunnel-selector-ts1-2] quit

[SPE1] tunnel-selector ts2 permit node 1

[SPE1-tunnel-selector-ts2-1] if-match ip address prefix-list pt2

[SPE1-tunnel-selector-ts2-1] apply tunnel-policy tp2

[SPE1-tunnel-selector-ts2-1] quit

[SPE1] tunnel-selector ts2 permit node 2

[SPE1-tunnel-selector-ts2-2] if-match ip address prefix-list pt4

[SPE1-tunnel-selector-ts2-2] apply tunnel-policy tp4

[SPE1-tunnel-selector-ts2-2] quit

# Apply the tunnel selectors in BGP-VPN IPv4 unicast address family view.

[SPE1] bgp 100

[SPE1-bgp-default] ip vpn-instance vpn1

[SPE1-bgp-default-vpn1] address-family ipv4

[SPE1-bgp-default-ipv4-vpn1] apply tunnel-selector ts1

[SPE1-bgp-default-ipv4-vpn1] quit

[SPE1-bgp-default-vpn1] quit

[SPE1-bgp-default] ip vpn-instance vpn2

[SPE1-bgp-default-vpn2] address-family ipv4

[SPE1-bgp-default-ipv4-vpn2] apply tunnel-selector ts2

[SPE1-bgp-default-ipv4-vpn2] quit

[SPE1-bgp-default-vpn2] quit

[SPE1-bgp-default] quit

8. Configure SPE 2:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<SPE2> system-view

[SPE2] interface loopback 0

[SPE2-LoopBack0] ip address 3.3.3.9 32

[SPE2-LoopBack0] quit

[SPE2] mpls lsr-id 3.3.3.9

[SPE2] mpls ldp

[SPE2-ldp] quit

[SPE2] interface ten-gigabitethernet 3/0/1

[SPE2-Ten-GigabitEthernet3/0/1] ip address 180.1.1.2 24

[SPE2-Ten-GigabitEthernet3/0/1] mpls enable

[SPE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[SPE2-Ten-GigabitEthernet3/0/1] quit

[SPE2] interface ten-gigabitethernet 3/0/2

[SPE2-Ten-GigabitEthernet3/0/2] ip address 172.2.1.2 24

[SPE2-Ten-GigabitEthernet3/0/2] mpls enable

[SPE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[SPE2-Ten-GigabitEthernet3/0/2] quit

# Configure the IGP (OSPF in this example).

[SPE2] ospf

[SPE2-ospf-1] area 0

[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] quit

[SPE2-ospf-1] quit

# Configure VPN instances vpn1 and vpn2.

[SPE2] ip vpn-instance vpn1

[SPE2-vpn-instance-vpn1] route-distinguisher 600:1

[SPE2-vpn-instance-vpn1] vpn-target 100:1 both

[SPE2-vpn-instance-vpn1] quit

[SPE2] ip vpn-instance vpn2

[SPE2-vpn-instance-vpn2] route-distinguisher 800:1

[SPE2-vpn-instance-vpn2] vpn-target 100:2 both

[SPE2-vpn-instance-vpn2] quit

# Establish MP-IBGP peer relationships with SPE 1 and UPE 2, and specify UPE 2 as a UPE.

[SPE2] bgp 100

[SPE2-bgp-default] peer 4.4.4.9 as-number 100

[SPE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[SPE2-bgp-default] peer 2.2.2.9 as-number 100

[SPE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[SPE2-bgp-default] address-family vpnv4

[SPE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 upe

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 next-hop-local

[SPE2-bgp-default-vpnv4] quit

# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

[SPE2-bgp-default] ip vpn-instance vpn1

[SPE2-bgp-default-vpn1] quit

[SPE2-bgp-default] ip vpn-instance vpn2

[SPE2-bgp-default-vpn2] quit

[SPE2-bgp-default] quit

# Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1).

[SPE2] ip prefix-list hope index 10 permit 10.2.1.1 24

[SPE2] route-policy hope permit node 0

[SPE2-route-policy-hope-0] if-match ip address prefix-list hope

[SPE2-route-policy-hope-0] quit

[SPE2] bgp 100

[SPE2-bgp-default] address-family vpnv4

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 upe route-policy hope export

[SPE2-bgp-default-vpnv4] quit

[SPE2-bgp-default] quit

# Enable MPLS TE, RSVP-TE, and OSPF TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnels (Tunnel 1 through Tunnel 4). Set the tunnel destination address for Tunnel 1 and Tunnel 2 as the LSR ID of UPE 2 (4.4.4.9) and that for Tunnel 3 and Tunnel 4 as the LSR ID of SPE 1 (2.2.2.9). Assign 2000 kbps bandwidth to all these tunnels.

[SPE2] mpls te

[SPE2-te] quit

[SPE2] rsvp

[SPE2-rsvp] quit

[SPE2] interface ten-gigabitethernet 3/0/1

[SPE2-Ten-GigabitEthernet3/0/1] mpls enable

[SPE2-Ten-GigabitEthernet3/0/1] mpls te enable

[SPE2-Ten-GigabitEthernet3/0/1] mpls te max-link-bandwidth 10000

[SPE2-Ten-GigabitEthernet3/0/1] mpls te max-reservable-bandwidth 5000

[SPE2-Ten-GigabitEthernet3/0/1] rsvp enable

[SPE2-Ten-GigabitEthernet3/0/1] quit

[SPE2] interface ten-gigabitethernet 3/0/2

[SPE2-Ten-GigabitEthernet3/0/2] mpls enable

[SPE2-Ten-GigabitEthernet3/0/2] mpls te enable

[SPE2-Ten-GigabitEthernet3/0/2] mpls te max-link-bandwidth 10000

[SPE2-Ten-GigabitEthernet3/0/2] mpls te max-reservable-bandwidth 5000

[SPE2-Ten-GigabitEthernet3/0/2] rsvp enable

[SPE2-Ten-GigabitEthernet3/0/2] quit

[SPE2] ospf 1

[SPE2-ospf-1] area 0

[SPE2-ospf-1-area-0.0.0.0] mpls te enable

[SPE2-ospf-1] quit

[SPE2] interface tunnel 1 mode mpls-te

[SPE2-Tunnel1] ip address unnumbered interface LoopBack0

[SPE2-Tunnel1] destination 4.4.4.9

[SPE2-Tunnel1] mpls te signaling rsvp-te

[SPE2-Tunnel1] mpls te bandwidth 2000

[SPE2-Tunnel1] quit

[SPE2] interface tunnel 2 mode mpls-te

[SPE2-Tunnel2] ip address unnumbered interface LoopBack0

[SPE2-Tunnel2] destination 4.4.4.9

[SPE2-Tunnel2] mpls te signaling rsvp-te

[SPE2-Tunnel2] mpls te bandwidth 2000

[SPE2-Tunnel2] quit

[SPE2] interface tunnel 3 mode mpls-te

[SPE2-Tunnel3] ip address unnumbered interface LoopBack0

[SPE2-Tunnel3] destination 2.2.2.9

[SPE2-Tunnel3] mpls te signaling rsvp-te

[SPE2-Tunnel3] mpls te bandwidth 2000

[SPE2-Tunnel3] quit

[SPE2] interface tunnel 4 mode mpls-te

[SPE2-Tunnel4] ip address unnumbered interface LoopBack0

[SPE2-Tunnel4] destination 2.2.2.9

[SPE2-Tunnel4] mpls te signaling rsvp-te

[SPE2-Tunnel4] mpls te bandwidth 2000

[SPE2-Tunnel4] quit

# Configure IP prefix lists pt1, pt2, pt3, and pt4 to permit the IP addresses of the CEs.

[SPE2] ip prefix-list pt1 index 10 permit 10.1.1.1 24

[SPE2] ip prefix-list pt2 index 10 permit 10.3.1.1 24

[SPE2] ip prefix-list pt3 index 10 permit 10.2.1.1 24

[SPE2] ip prefix-list pt4 index 10 permit 10.4.1.1 24

# Create tunnel policies tp1, tp2, tp3, and tp4 and specify the MPLS TE tunnels as the preferred tunnels of the tunnel policies.

[SPE2] tunnel-policy tp1

[SPE2-tunnel-policy-tp1] preferred-path tunnel 1

[SPE2-tunnel-policy-tp1] quit

[SPE2] tunnel-policy tp2

[SPE2-tunnel-policy-tp2] preferred-path tunnel 2

[SPE2-tunnel-policy-tp2] quit

[SPE2] tunnel-policy tp3

[SPE2-tunnel-policy-tp3] preferred-path tunnel 3

[SPE2-tunnel-policy-tp3] quit

[SPE2] tunnel-policy tp4

[SPE2-tunnel-policy-tp4] preferred-path tunnel 4

[SPE2-tunnel-policy-tp4] quit

# Configure tunnel selectors ts1 and ts2 to apply the tunnel policies to routes that match the IP prefix lists.

[SPE2] tunnel-selector ts1 permit node 1

[SPE2-tunnel-selector-ts1-1] if-match ip address prefix-list pt1

[SPE2-tunnel-selector-ts1-1] apply tunnel-policy tp1

[SPE2-tunnel-selector-ts1-1] quit

[SPE2] tunnel-selector ts1 permit node 2

[SPE2-tunnel-selector-ts1-2] if-match ip address prefix-list pt3

[SPE2-tunnel-selector-ts1-2] apply tunnel-policy tp3

[SPE2-tunnel-selector-ts1-2] quit

[SPE2] tunnel-selector ts2 permit node 1

[SPE2-tunnel-selector-ts2-1] if-match ip address prefix-list pt2

[SPE2-tunnel-selector-ts2-1] apply tunnel-policy tp2

[SPE2-tunnel-selector-ts2-1] quit

[SPE2] tunnel-selector ts2 permit node 2

[SPE2-tunnel-selector-ts2-2] if-match ip address prefix-list pt4

[SPE2-tunnel-selector-ts2-2] apply tunnel-policy tp4

[SPE2-tunnel-selector-ts2-2] quit

# Apply the tunnel selectors in BGP-VPN IPv4 unicast address family view.

[SPE2] bgp 100

[SPE2-bgp-default] ip vpn-instance vpn1

[SPE2-bgp-default-vpn1] address-family ipv4

[SPE2-bgp-default-ipv4-vpn1] apply tunnel-selector ts1

[SPE2-bgp-default-ipv4-vpn1] quit

[SPE2-bgp-default-vpn1] quit

[SPE2-bgp-default] ip vpn-instance vpn2

[SPE2-bgp-default-vpn2] address-family ipv4

[SPE2-bgp-default-ipv4-vpn2] apply tunnel-selector ts2

[SPE2-bgp-default-ipv4-vpn2] quit

[SPE2-bgp-default-vpn2] quit

[SPE2-bgp-default] quit

Verifying the configuration

# Verify that C 1 and CE 3 have a route to reach each other, and they can ping each other successfully.

# Verify that CE 2 and CE 4 do not have a route to reach each other and they cannot ping each other.

# Verify that the UPEs and SPEs have successfully applied the tunnel policies to the labeled VPNv4 routes. The VPN traffic is forwarded over the MPLS TE tunnels as instructed by the tunnel policies.

Example: Configuring tunnel selectors for IPv6 MPLS L3VPN inter-AS option B

Network configuration

As shown in Figure 248, site 1 and site 2 belong to the same VPN. CE 1 in site 1 accesses the MPLS network from PE 1 in AS 100. CE 2 in site 2 accesses the MPLS network from PE 2 in AS 600. IS-IS is running within the ASs.

PE 1 and ASBR-PE 1 exchange VPNv6 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv6 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv6 routes through MP-EBGP.

A tunnel policy is applied on the PEs and a tunnel selector is applied on the ASBRs so the devices can select an MPLS TE tunnel to forward traffic between the sites.

The ASBRs do not perform route target filtering of received VPNv6 routes.

Figure 248 Network diagram

‌

Table 74 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30::1/64		XGE3/0/1	20::1/64
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8

‌

Procedure

1. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Bind the interface connected to CE 1 to the created VPN instance.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30::1 64

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Configure IBGP peer 3.3.3.9 as a VPNv6 peer.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-vpnv6] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv6] quit

# Redistribute direct routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] import-route direct

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls te enable

[PE1-Ten-GigabitEthernet3/0/5] mpls te max-link-bandwidth 10000

[PE1-Ten-GigabitEthernet3/0/5] mpls te max-reservable-bandwidth 5000

[PE1-Ten-GigabitEthernet3/0/5] rsvp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address unnumbered interface LoopBack0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.

[PE1] tunnel-policy tpolicy1

[PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1

[PE1-tunnel-policy-tpolicy1] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy tpolicy1

[PE1-vpn-instance-vpn1] quit

2. Configure ASBR-PE 1:

# Configure IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Configure BGP on ASBR-PE 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface ten-gigabitethernet 3/0/4

# Disable route target based filtering of received VPNv6 routes.

[ASBR-PE1-bgp-default] address-family vpnv6

[ASBR-PE1-bgp-default-vpnv6] undo policy vpn-target

# Configure IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv6 peers.

[ASBR-PE1-bgp-default-vpnv6] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-vpnv6] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-vpnv6] quit

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

[ASBR-PE1] rsvp

[ASBR-PE1-rsvp] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls te enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls te max-link-bandwidth 10000

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls te max-reservable-bandwidth 5000

[ASBR-PE1-Ten-GigabitEthernet3/0/5] rsvp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] cost-style wide

[ASBR-PE1-isis-1] mpls te enable level-2

[ASBR-PE1-isis-1] quit

[ASBR-PE1] interface tunnel 1 mode mpls-te

[ASBR-PE1-Tunnel1] ip address unnumbered interface LoopBack0

[ASBR-PE1-Tunnel1] destination 2.2.2.9

[ASBR-PE1-Tunnel1] mpls te signaling rsvp-te

[ASBR-PE1-Tunnel1] mpls te bandwidth 2000

[ASBR-PE1-Tunnel1] quit

# Configure tunnel policy tpolicy1 and tunnel selector ts1, specify the tunnel policy for the tunnel selector, and then apply the tunnel selector in BGP VPNv6 view.

[ASBR-PE1] tunnel-policy tpolicy1

[ASBR-PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1

[ASBR-PE1-tunnel-policy-tpolicy1] quit

[ASBR-PE1] tunnel-selector ts1 permit node 1

[ASBR-PE1-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1

[ASBR-PE1-tunnel-selector-ts1-1] quit

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] address-family vpnv6

[ASBR-PE1-bgp-default-vpnv6] apply tunnel-selector ts1

[ASBR-PE1-bgp-default-vpnv6] quit

[ASBR-PE1-bgp-default] quit

3. Configure ASBR-PE 2:

# Configure IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Configure BGP on ASBR-PE 2.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface ten-gigabitethernet 3/0/4

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

# Disable route target based filtering of received VPNv6 routes.

[ASBR-PE2-bgp-default] address-family vpnv6

[ASBR-PE2-bgp-default-vpnv6] undo policy vpn-target

# Configure IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv6 peers.

[ASBR-PE2-bgp-default-vpnv6] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-vpnv6] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-vpnv6] quit

[ASBR-PE2-bgp-default] quit

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

[ASBR-PE2] rsvp

[ASBR-PE2-rsvp] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls te enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls te max-link-bandwidth 10000

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls te max-reservable-bandwidth 5000

[ASBR-PE2-Ten-GigabitEthernet3/0/5] rsvp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] cost-style wide

[ASBR-PE2-isis-1] mpls te enable level-2

[ASBR-PE2-isis-1] quit

[ASBR-PE2] interface tunnel 1 mode mpls-te

[ASBR-PE2-Tunnel1] ip address unnumbered interface LoopBack0

[ASBR-PE2-Tunnel1] destination 5.5.5.9

[ASBR-PE2-Tunnel1] mpls te signaling rsvp-te

[ASBR-PE2-Tunnel1] mpls te bandwidth 2000

[ASBR-PE2-Tunnel1] quit

# Configure tunnel policy tpolicy1 and tunnel selector ts1, specify the tunnel policy for the tunnel selector, and then apply the tunnel selector in BGP VPNv6 view.

[ASBR-PE2] tunnel-policy tpolicy1

[ASBR-PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1

[ASBR-PE2-tunnel-policy-tpolicy1] quit

[ASBR-PE2] tunnel-selector ts1 permit node 1

[ASBR-PE2-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1

[ASBR-PE2-tunnel-selector-ts1-1] quit

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] address-family vpnv6

[ASBR-PE2-bgp-default-vpnv6] apply tunnel-selector ts1

[ASBR-PE2-bgp-default-vpnv6] quit

[ASBR-PE2-bgp-default] quit

4. Configure PE 2:

# Configure IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 12:12

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Bind the interface connected to CE 1 to the created VPN instance.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20::1 64

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Configure IBGP peer 4.4.4.9 as a VPNv6 peer.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv6

[PE2-bgp-default-vpnv6] peer 4.4.4.9 enable

[PE2-bgp-default-vpnv6] quit

# Redistribute direct routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls te enable

[PE2-Ten-GigabitEthernet3/0/5] mpls te max-link-bandwidth 10000

[PE2-Ten-GigabitEthernet3/0/5] mpls te max-reservable-bandwidth 5000

[PE2-Ten-GigabitEthernet3/0/5] rsvp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

[PE2] interface tunnel 1 mode mpls-te

[PE2-Tunnel1] ip address unnumbered interface LoopBack0

[PE2-Tunnel1] destination 4.4.4.9

[PE2-Tunnel1] mpls te signaling rsvp-te

[PE2-Tunnel1] mpls te bandwidth 2000

[PE2-Tunnel1] quit

# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.

[PE2] tunnel-policy tpolicy1

[PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1

[PE2-tunnel-policy-tpolicy1] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] tnl-policy tpolicy1

[PE2-vpn-instance-vpn1] quit

Verifying the configuration

# Verify that the CE-facing interfaces (Ten-GigabitEthernet 3/0/1) on PE 1 and PE 2 can ping each other.

# Verify that tunnel policy tpolicy1 has been successfully applied between PE 1 and ASBR-PE 1 and between PE 2 and ASBR-PE 2. The devices select MPLS TE tunnel 1 as instructed by the tunnel policy.

MPLS L3VPN configuration examples

Example: Configuring basic MPLS L3VPN

Network configuration

CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2.

VPN 1 uses route target attribute 111:1. VPN 2 uses route target attribute 222:2. Users of different VPNs cannot access each other.

A PE and its connected CE use EBGP to exchange VPN routing information.

PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.

Figure 249 Network diagram

‌

Table 75 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.1/24	P	Loop0	2.2.2.9/32
PE 1	Loop0	1.1.1.9/32		XGE3/0/4	172.1.1.2/24
	XGE3/0/1	10.1.1.2/24		XGE3/0/5	172.2.1.1/24
	XGE3/0/2	10.2.1.2/24	PE 2	Loop0	3.3.3.9/32
	XGE3/0/4	172.1.1.1/24		XGE3/0/1	10.3.1.2/24
CE 2	XGE3/0/1	10.2.1.1/24		XGE3/0/2	10.4.1.2/24
CE 3	XGE3/0/1	10.3.1.1/24		XGE3/0/4	172.2.1.2/24
CE 4	XGE3/0/1	10.4.1.1/24

‌

Procedure

1. Configure OSPF on the MPLS backbone to ensure IP connectivity within the backbone:

# Configure PE 1.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip address 172.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/4] quit

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure the P device.

system-view

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] quit

[P] interface ten-gigabitethernet 3/0/4

[P-Ten-GigabitEthernet3/0/4] ip address 172.1.1.2 24

[P-Ten-GigabitEthernet3/0/4] quit

[P] interface ten-gigabitethernet 3/0/5

[P-Ten-GigabitEthernet3/0/5] ip address 172.2.1.1 24

[P-Ten-GigabitEthernet3/0/5] quit

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

# Configure PE 2.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] quit

[PE2] interface ten-gigabitethernet 3/0/4

[PE2-Ten-GigabitEthernet3/0/4] ip address 172.2.1.2 24

[PE2-Ten-GigabitEthernet3/0/4] quit

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Execute the display ospf peer command to verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. Execute the display ip routing-table command to verify that the PEs have learned the routes to the loopback interfaces of each other. (Details not shown.)

2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:

# Configure PE 1.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/4] quit

# Configure the P device.

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

[P] interface ten-gigabitethernet 3/0/4

[P-Ten-GigabitEthernet3/0/4] mpls enable

[P-Ten-GigabitEthernet3/0/4] mpls ldp enable

[P-Ten-GigabitEthernet3/0/4] quit

[P] interface ten-gigabitethernet 3/0/5

[P-Ten-GigabitEthernet3/0/5] mpls enable

[P-Ten-GigabitEthernet3/0/5] mpls ldp enable

[P-Ten-GigabitEthernet3/0/5] quit

# Configure PE 2.

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface ten-gigabitethernet 3/0/4

[PE2-Ten-GigabitEthernet3/0/4] mpls enable

[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/4] quit

# Execute the display mpls ldp peer command to verify that LDP sessions in Operational state have been established between PE 1, P, and PE 2. Execute the display mpls ldp lsp command to verify that the LSPs have been established by LDP. (Details not shown.)

3. Configure VPN instances on PEs to allow CE access:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 100:2

[PE1-vpn-instance-vpn2] vpn-target 222:2

[PE1-vpn-instance-vpn2] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.2.1.2 24

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] ip vpn-instance vpn2

[PE2-vpn-instance-vpn2] route-distinguisher 200:2

[PE2-vpn-instance-vpn2] vpn-target 222:2

[PE2-vpn-instance-vpn2] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.3.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure IP addresses for the CEs according to Figure 249. (Details not shown.)

# Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance, for example, on PE 1.

[PE1] display ip vpn-instance

Total VPN-Instances configured : 2

Total IPv4 VPN-Instances configured : 2

Total IPv6 VPN-Instances configured : 0

VPN-Instance Name RD Address family Create time

vpn1 100:1 IPv4 2012/02/13 12:49:08

vpn2 100:2 IPv4 2012/02/13 12:49:20

# Use the ping command on the PEs to verify that the PEs can ping their attached CEs, for example, on PE 1.

[PE1] ping -vpn-instance vpn1 10.1.1.1

Ping 10.1.1.1 (10.1.1.1): 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms

56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=2.000 ms

56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=1.000 ms

56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms

--- Ping statistics for 10.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms

4. Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP:

# Configure CE 1.

<CE1> system-view

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# Configure the other three CEs in the same way that CE 1 is configured. (Details not shown.)

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] ip vpn-instance vpn2

[PE1-bgp-default-vpn2] peer 10.2.1.1 as-number 65420

[PE1-bgp-default-vpn2] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn2] peer 10.2.1.1 enable

[PE1-bgp-default-ipv4-vpn2] quit

[PE1-bgp-default-vpn2] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)

5. Create an MP-IBGP peer relationship between PEs:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)

Verifying the configuration

# Execute the display ip routing-table vpn-instance command on the PEs.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/1

10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/0/1

10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/1

10.3.1.0/24 BGP 255 0 3.3.3.9 XGE3/0/4

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

The output shows that PE 1 has a route to the remote CE. Output on PE 2 is similar.

# Verify that CEs of the same VPN can ping each other, whereas those of different VPNs cannot. For example, CE 1 can ping CE 3 (10.3.1.1), but it cannot ping CE 4 (10.4.1.1). (Details not shown.)

Example: Configuring MPLS L3VPN over a GRE tunnel

Network configuration

CE 1 and CE 2 belong to VPN 1. The PEs support MPLS. The P router does not support MPLS and provides only IP features.

On the backbone, use a GRE tunnel to encapsulate and forward VPN packets to implement MPLS L3VPN.

Configure tunnel policies on the PEs, and specify the tunnel type for VPN traffic as GRE.

Figure 250 Network diagram

‌

Table 76 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.1/24	P	XGE3/0/4	172.1.1.2/24
PE 1	Loop0	1.1.1.9/32		XGE3/0/5	172.2.1.1/24
	XGE3/0/1	10.1.1.2/24	PE 2	Loop0	2.2.2.9/32
	XGE3/0/5	172.1.1.1/24		XGE3/0/1	10.2.1.2/24
	Tunnel0	20.1.1.1/24		XGE3/0/4	172.2.1.2/24
CE 2	XGE3/0/1	10.2.1.1/24		Tunnel0	20.1.1.2/24

‌

Procedure

1. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone.

This example uses OSPF. (Details not shown.)

2. Configure basic MPLS on the PEs:

# Configure PE 1.

<PE1> system-view

[PE1] mpls lsr-id 1.1.1.9

# Configure PE 2.

<PE2> system-view

[PE2] mpls lsr-id 2.2.2.9

3. Configure VPN instances on PEs to allow CE access, and apply tunnel policies to the VPN instances, using a GRE tunnel for VPN packet forwarding:

# Configure PE 1.

[PE1] tunnel-policy gre1

[PE1-tunnel-policy-gre1] select-seq gre load-balance-number 1

[PE1-tunnel-policy-gre1] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1 both

[PE1-vpn-instance-vpn1] tnl-policy gre1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Configure PE 2.

[PE2] tunnel-policy gre1

[PE2-tunnel-policy-gre1] select-seq gre load-balance-number 1

[PE2-tunnel-policy-gre1] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:2

[PE2-vpn-instance-vpn1] vpn-target 100:1 both

[PE2-vpn-instance-vpn1] tnl-policy gre1

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance, for example, on PE 1.

[PE1] display ip vpn-instance

Total VPN-Instances configured : 1

Total IPv4 VPN-Instances configured : 1

Total IPv6 VPN-Instances configured : 0

VPN-Instance Name RD Address family Create time

vpn1 100:1 IPv4 2012/02/13 15:59:50

# Use the ping command on the PEs to verify that the PEs can ping their attached CEs, for example, on PE 1.

[PE1] ping -vpn-instance vpn1 10.1.1.1

Ping 10.1.1.1 (10.1.1.1): 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms

56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms

56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms

--- Ping statistics for 10.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.200/1.000/0.400 ms

4. Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP:

# Configure CE 1.

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 next-hop-local

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure CE 2 and PE 2 in the same way that CE 1 and PE 1 are configured. (Details not shown.)

# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)

5. Configure an MP-IBGP peer relationship between PEs:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.9 as-number 100

[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)

6. Configure a GRE tunnel:

# Configure PE 1.

[PE1] interface tunnel 0 mode gre

[PE1-Tunnel0] source loopback 0

[PE1-Tunnel0] destination 2.2.2.9

[PE1-Tunnel0] ip address 20.1.1.1 24

[PE1-Tunnel0] mpls enable

[PE1-Tunnel0] quit

# Configure PE 2.

[PE2] interface tunnel 0 mode gre

[PE2-Tunnel0] source loopback 0

[PE2-Tunnel0] destination 1.1.1.9

[PE2-Tunnel0] ip address 20.1.1.2 24

[PE2-Tunnel0] mpls enable

[PE2-Tunnel0] quit

Verifying the configuration

# Use the following command on CE 1 to verify that the CEs have learned the interface route from each other.

[CE1] display ip routing-table

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.0/32 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/1

10.2.1.0/24 BGP 255 0 10.1.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring a hub-spoke network

Network configuration

The Spoke-CEs cannot communicate directly. They can communicate only through Hub-CE.

Configure EBGP between the Spoke-CEs and Spoke-PEs and between Hub-CE and Hub-PE to exchange VPN routing information.

Configure OSPF between the Spoke-PEs and Hub-PE to implement communication between the PEs, and configure MP-IBGP between them to exchange VPN routing information.

Figure 251 Network diagram

‌

Table 77 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Spoke-CE 1	XGE3/0/1	10.1.1.1/24	Hub-CE	XGE3/0/1	10.3.1.1/24
Spoke-PE 1	Loop0	1.1.1.9/32		XGE3/0/2	10.4.1.1/24
	XGE3/0/1	10.1.1.2/24	Hub-PE	Loop0	2.2.2.9/32
	XGE3/0/4	172.1.1.1/24		XGE3/0/4	172.1.1.2/24
Spoke-CE 2	XGE3/0/1	10.2.1.1/24		XGE3/0/5	172.2.1.2/24
Spoke-PE 2	Loop0	3.3.3.9/32		XGE3/0/1	10.3.1.2/24
	XGE3/0/1	10.2.1.2/24		XGE3/0/2	10.4.1.2/24
	XGE3/0/4	172.2.1.1/24

‌

Procedure

1. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone:

# Configure Spoke-PE 1.

<Spoke-PE1> system-view

[Spoke-PE1] interface loopback 0

[Spoke-PE1-LoopBack0] ip address 1.1.1.9 32

[Spoke-PE1-LoopBack0] quit

[Spoke-PE1] interface ten-gigabitethernet 3/0/4

[Spoke-PE1-Ten-GigabitEthernet3/0/4] ip address 172.1.1.1 24

[Spoke-PE1-Ten-GigabitEthernet3/0/4] quit

[Spoke-PE1] ospf

[Spoke-PE1-ospf-1] area 0

[Spoke-PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[Spoke-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[Spoke-PE1-ospf-1-area-0.0.0.0] quit

[Spoke-PE1-ospf-1] quit

# Configure Spoke-PE 2.

<Spoke-PE2> system-view

[Spoke-PE2] interface loopback 0

[Spoke-PE2-LoopBack0] ip address 3.3.3.9 32

[Spoke-PE2-LoopBack0] quit

[Spoke-PE2] interface ten-gigabitethernet 3/0/4

[Spoke-PE2-Ten-GigabitEthernet3/0/4] ip address 172.2.1.1 24

[Spoke-PE2-Ten-GigabitEthernet3/0/4] quit

[Spoke-PE2] ospf

[Spoke-PE2-ospf-1] area 0

[Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[Spoke-PE2-ospf-1-area-0.0.0.0] quit

[Spoke-PE2-ospf-1] quit

# Configure Hub-PE.

<Hub-PE> system-view

[Hub-PE] interface loopback 0

[Hub-PE-LoopBack0] ip address 2.2.2.9 32

[Hub-PE-LoopBack0] quit

[Hub-PE] interface ten-gigabitethernet 3/0/4

[Hub-PE-Ten-GigabitEthernet3/0/4] ip address 172.1.1.2 24

[Hub-PE-Ten-GigabitEthernet3/0/4] quit

[Hub-PE] interface ten-gigabitethernet 3/0/5

[Hub-PE-Ten-GigabitEthernet3/0/5] ip address 172.2.1.2 24

[Hub-PE-Ten-GigabitEthernet3/0/5] quit

[Hub-PE] ospf

[Hub-PE-ospf-1] area 0

[Hub-PE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[Hub-PE-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[Hub-PE-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[Hub-PE-ospf-1-area-0.0.0.0] quit

[Hub-PE-ospf-1] quit

# Execute the display ospf peer command on the devices to verify that OSPF adjacencies in Full state have been established between Spoke-PE 1, Spoke-PE 2, and Hub-PE. Execute the display ip routing-table command on the devices to verify that the PEs have learned the routes to the loopback interfaces of each other. (Details not shown.)

2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:

# Configure Spoke-PE 1.

[Spoke-PE1] mpls lsr-id 1.1.1.9

[Spoke-PE1] mpls ldp

[Spoke-PE1-ldp] quit

[Spoke-PE1] interface ten-gigabitethernet 3/0/4

[Spoke-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[Spoke-PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[Spoke-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure Spoke-PE 2.

[Spoke-PE2] mpls lsr-id 3.3.3.9

[Spoke-PE2] mpls ldp

[Spoke-PE2-ldp] quit

[Spoke-PE2] interface ten-gigabitethernet 3/0/4

[Spoke-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[Spoke-PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable

[Spoke-PE2-Ten-GigabitEthernet3/0/4] quit

# Configure Hub-PE.

[Hub-PE] mpls lsr-id 2.2.2.9

[Hub-PE] mpls ldp

[Hub-PE-ldp] quit

[Hub-PE] interface ten-gigabitethernet 3/0/4

[Hub-PE-Ten-GigabitEthernet3/0/4] mpls enable

[Hub-PE-Ten-GigabitEthernet3/0/4] mpls ldp enable

[Hub-PE-Ten-GigabitEthernet3/0/4] quit

[Hub-PE] interface ten-gigabitethernet 3/0/5

[Hub-PE-Ten-GigabitEthernet3/0/5] mpls enable

[Hub-PE-Ten-GigabitEthernet3/0/5] mpls ldp enable

[Hub-PE-Ten-GigabitEthernet3/0/5] quit

# Execute the display mpls ldp peer command on the devices to verify that LDP sessions in Operational state have been established between Spoke-PE 1, Spoke-PE 2, and Hub-PE. Execute the display mpls ldp lsp command on the devices to verify that the LSPs have been established by LDP. (Details not shown.)

3. Configure VPN instances on the Spoke-PEs and Hub-PE:

# Configure Spoke-PE 1.

[Spoke-PE1] ip vpn-instance vpn1

[Spoke-PE1-vpn-instance-vpn1] route-distinguisher 100:1

[Spoke-PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity

[Spoke-PE1-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity

[Spoke-PE1-vpn-instance-vpn1] quit

[Spoke-PE1] interface ten-gigabitethernet 3/0/1

[Spoke-PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[Spoke-PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[Spoke-PE1-Ten-GigabitEthernet3/0/1] quit

# Configure Spoke-PE 2.

[Spoke-PE2] ip vpn-instance vpn1

[Spoke-PE2-vpn-instance-vpn1] route-distinguisher 100:2

[Spoke-PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity

[Spoke-PE2-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity

[Spoke-PE2-vpn-instance-vpn1] quit

[Spoke-PE2] interface ten-gigabitethernet 3/0/1

[Spoke-PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[Spoke-PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

[Spoke-PE2-Ten-GigabitEthernet3/0/1] quit

# Configure Hub-PE.

[Hub-PE] ip vpn-instance vpn1-in

[Hub-PE-vpn-instance-vpn1-in] route-distinguisher 100:3

[Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity

[Hub-PE-vpn-instance-vpn1-in] quit

[Hub-PE] ip vpn-instance vpn1-out

[Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4

[Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity

[Hub-PE-vpn-instance-vpn1-out] quit

[Hub-PE] interface ten-gigabitethernet 3/0/1

[Hub-PE-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1-in

[Hub-PE-Ten-GigabitEthernet3/0/1] ip address 10.3.1.2 24

[Hub-PE-Ten-GigabitEthernet3/0/1] quit

[Hub-PE] interface ten-gigabitethernet 3/0/2

[Hub-PE-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1-out

[Hub-PE-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24

[Hub-PE-Ten-GigabitEthernet3/0/2] quit

# Configure IP addresses for the CEs according to Table 77. (Details not shown.)

# Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance, for example, on Spoke-PE 1.

[Spoke-PE1] display ip vpn-instance

Total VPN-Instances configured : 1

Total IPv4 VPN-Instances configured : 1

Total IPv6 VPN-Instances configured : 0

VPN-Instance Name RD Address family Create time

vpn1 100:1 IPv4 2009/04/08 10:55:07

# Use the ping command on the PEs to verify that the PEs can ping their attached CEs, for example, on Spoke-PE 1.

[Spoke-PE1] ping -vpn-instance vpn1 10.1.1.1

Ping 10.1.1.1 (10.1.1.1): 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.1: icmp_seq=0 ttl=128 time=1.913 ms

56 bytes from 10.1.1.1: icmp_seq=1 ttl=128 time=2.381 ms

56 bytes from 10.1.1.1: icmp_seq=2 ttl=128 time=1.707 ms

56 bytes from 10.1.1.1: icmp_seq=3 ttl=128 time=1.666 ms

56 bytes from 10.1.1.1: icmp_seq=4 ttl=128 time=2.710 ms

--- Ping statistics for 10.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.666/2.075/2.710/0.406 ms

4. Establish EBGP peer relationships between the PEs and CEs, and redistribute VPN routes into BGP:

# Configure Spoke-CE 1.

<Spoke-CE1> system-view

[Spoke-CE1] bgp 65410

[Spoke-CE1-bgp-default] peer 10.1.1.2 as-number 100

[Spoke-CE1-bgp-default] address-family ipv4

[Spoke-CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[Spoke-CE1-bgp-default-ipv4] import-route direct

[Spoke-CE1-bgp-default-ipv4] quit

[Spoke-CE1-bgp-default] quit

# Configure Spoke-CE 2.

<Spoke-CE2> system-view

[Spoke-CE2] bgp 65420

[Spoke-CE2-bgp-default] peer 10.2.1.2 as-number 100

[Spoke-CE2-bgp-default] address-family ipv4

[Spoke-CE2-bgp-default-ipv4] peer 10.2.1.2 enable

[Spoke-CE2-bgp-default-ipv4] import-route direct

[Spoke-CE2-bgp-default-ipv4] quit

[Spoke-CE2-bgp-default] quit

# Configure Hub-CE.

<Hub-CE> system-view

[Hub-CE] bgp 65430

[Hub-CE-bgp-default] peer 10.3.1.2 as-number 100

[Hub-CE-bgp-default] peer 10.4.1.2 as-number 100

[Hub-CE-bgp-default] address-family ipv4

[Hub-CE-bgp-default-ipv4] peer 10.3.1.2 enable

[Hub-CE-bgp-default-ipv4] peer 10.4.1.2 enable

[Hub-CE-bgp-default-ipv4] import-route direct

[Hub-CE-bgp-default-ipv4] quit

[Hub-CE-bgp-default] quit

# Configure Spoke-PE 1.

[Spoke-PE1] bgp 100

[Spoke-PE1-bgp-default] ip vpn-instance vpn1

[Spoke-PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410

[Spoke-PE1-bgp-default-vpn1] address-family ipv4

[Spoke-PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[Spoke-PE1-bgp-default-ipv4-vpn1] quit

[Spoke-PE1-bgp-default-vpn1] quit

[Spoke-PE1-bgp-default] quit

# Configure Spoke-PE 2.

[Spoke-PE2] bgp 100

[Spoke-PE2-bgp-default] ip vpn-instance vpn1

[Spoke-PE2-bgp-default-vpn1] peer 10.2.1.1 as-number 65420

[Spoke-PE2-bgp-default-vpn1] address-family ipv4

[Spoke-PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable

[Spoke-PE2-bgp-default-ipv4-vpn1] quit

[Spoke-PE2-bgp-default-vpn1] quit

[Spoke-PE2-bgp-default] quit

# Configure Hub-PE.

[Hub-PE] bgp 100

[Hub-PE-bgp-default] ip vpn-instance vpn1-in

[Hub-PE-bgp-default-vpn1-in] peer 10.3.1.1 as-number 65430

[Hub-PE-bgp-default-vpn1-in] address-family ipv4

[Hub-PE-bgp-default-ipv4-vpn1-in] peer 10.3.1.1 enable

[Hub-PE-bgp-default-ipv4-vpn1-in] quit

[Hub-PE-bgp-default-vpn1-in] quit

[Hub-PE-bgp-default] ip vpn-instance vpn1-out

[Hub-PE-bgp-default-vpn1-out] peer 10.4.1.1 as-number 65430

[Hub-PE-bgp-default-vpn1-out] address-family ipv4

[Hub-PE-bgp-default-ipv4-vpn1-out] peer 10.4.1.1 enable

[Hub-PE-bgp-default-ipv4-vpn1-out] peer 10.4.1.1 allow-as-loop 2

[Hub-PE-bgp-default-ipv4-vpn1-out] quit

[Hub-PE-bgp-default-vpn1-out] quit

[Hub-PE-bgp-default] quit

# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)

5. Establish an MP-IBGP peer relationship between the Spoke-PEs and Hub-PE:

# Configure Spoke-PE 1.

[Spoke-PE1] bgp 100

[Spoke-PE1-bgp-default] peer 2.2.2.9 as-number 100

[Spoke-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[Spoke-PE1-bgp-default] address-family vpnv4

[Spoke-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[Spoke-PE1-bgp-default-vpnv4] quit

[Spoke-PE1-bgp-default] quit

# Configure Spoke-PE 2.

[Spoke-PE2] bgp 100

[Spoke-PE2-bgp-default] peer 2.2.2.9 as-number 100

[Spoke-PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[Spoke-PE2-bgp-default] address-family vpnv4

[Spoke-PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[Spoke-PE2-bgp-default-vpnv4] quit

[Spoke-PE2-bgp-default] quit

# Configure Hub-PE.

[Hub-PE] bgp 100

[Hub-PE-bgp-default] peer 1.1.1.9 as-number 100

[Hub-PE-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[Hub-PE-bgp-default] peer 3.3.3.9 as-number 100

[Hub-PE-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[Hub-PE-bgp-default] address-family vpnv4

[Hub-PE-bgp-default-vpnv4] peer 1.1.1.9 enable

[Hub-PE-bgp-default-vpnv4] peer 3.3.3.9 enable

[Hub-PE-bgp-default-vpnv4] quit

[Hub-PE-bgp-default] quit

# Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)

Verifying the configuration

# Execute the display ip routing-table vpn-instance command on the PEs to display the routes to the CEs. This example uses Spoke-PE 1 to verify that the next hop of the route from a Spoke-PE to its connected Spoke-CE is Hub-PE.

[Spoke-PE1] display ip routing-table vpn-instance vpn1

Destinations : 13 Routes : 13

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/1

10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/0/1

10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/1

10.2.1.0/24 BGP 255 0 2.2.2.9 XGE3/0/4

10.3.1.0/24 BGP 255 0 2.2.2.9 XGE3/0/4

10.4.1.0/24 BGP 255 0 2.2.2.9 XGE3/0/4

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that Spoke-CE 1 and Spoke-CE 2 can ping each other. The TTL value indicates that traffic from Spoke-CE 1 to Spoke-CE 2 passes six hops (255-250+1) and is forwarded through Hub-CE. This example uses Spoke-CE 1 to verify their connectivity.

[Spoke-CE1] ping 10.2.1.1

Ping 10.2.1.1 (10.2.1.1): 56 data bytes, press CTRL_C to break

56 bytes from 10.2.1.1: icmp_seq=0 ttl=250 time=1.000 ms

56 bytes from 10.2.1.1: icmp_seq=1 ttl=250 time=2.000 ms

56 bytes from 10.2.1.1: icmp_seq=2 ttl=250 time=0.000 ms

56 bytes from 10.2.1.1: icmp_seq=3 ttl=250 time=1.000 ms

56 bytes from 10.2.1.1: icmp_seq=4 ttl=250 time=0.000 ms

--- Ping statistics for 10.2.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms

Example: Configuring MPLS L3VPN inter-AS option A

Network configuration

CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100, and CE 2 accesses the network through PE 2 in AS 200.

Configure inter-AS option A MPLS L3VPN, and use the VRF-to-VRF method to manage VPN routes.

Run OSPF on the MPLS backbone of each AS.

Figure 252 Network diagram

‌

Table 78 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.1/24	CE 2	XGE3/0/1	10.2.1.1/24
PE 1	Loop0	1.1.1.9/32	PE 2	Loop0	4.4.4.9/32
	XGE3/0/1	10.1.1.2/24		XGE3/0/1	10.2.1.2/24
	XGE3/0/4	172.1.1.2/24		XGE3/0/4	162.1.1.2/24
ASBR-PE1	Loop0	2.2.2.9/32	ASBR-PE2	Loop0	3.3.3.9/32
	XGE3/0/4	172.1.1.1/24		XGE3/0/4	162.1.1.1/24
	XGE3/0/5	192.1.1.1/24		XGE3/0/5	192.1.1.2/24

‌

Restrictions and guidelines

For the same VPN, the route targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. This is not required for PEs in different ASs.

Procedure

1. Configure IGP on the MPLS backbone.

This example uses OSPF. (Details not shown.)

# Execute the display ospf peer command to verify that each ASBR-PE has established an OSPF adjacency in Full state with the PE in the same AS, and that PEs and ASBR-PEs in the same AS have learned the routes to the loopback interfaces of each other. Verify that each ASBR-PE and the PE in the same AS can ping each other. (Details not shown.)

2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:

# Configure basic MPLS on PE 1, and enable MPLS LDP on the interface connected to ASBR-PE 1.

<PE1> system-view

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/4] quit

# Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP on the interface connected to PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] mpls lsr-id 2.2.2.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure basic MPLS on ASBR-PE 2, and enable MPLS LDP on the interface connected to PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] mpls lsr-id 3.3.3.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Configure basic MPLS on PE 2, and enable MPLS LDP on the interface connected to ASBR-PE 2.

<PE2> system-view

[PE2] mpls lsr-id 4.4.4.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface ten-gigabitethernet 3/0/4

[PE2-Ten-GigabitEthernet3/0/4] mpls enable

[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/4] quit

# Execute the display mpls ldp peer command on the devices to verify that the LDP session status is Operational, and that each PE and the ASBR-PE in the same AS have established an LDP neighbor relationship. (Details not shown.)

3. Configure VPN instances on PEs:

# Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:2

[PE1-vpn-instance-vpn1] vpn-target 100:1 both

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Configure PE 2.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:2

[PE2-vpn-instance-vpn1] vpn-target 200:1 both

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# On ASBR-PE 1, create a VPN instance, and bind the instance to the interface connected to ASBR-PE 2. ASBR-PE 1 considers ASBR-PE 2 to be its CE.

[ASBR-PE1] ip vpn-instance vpn1

[ASBR-PE1-vpn-instance-vpn1] route-distinguisher 100:1

[ASBR-PE1-vpn-instance-vpn1] vpn-target 100:1 both

[ASBR-PE1-vpn-instance-vpn1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 192.1.1.1 24

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# On ASBR-PE 2, create a VPN instance, and bind the instance to the interface connected to ASBR-PE 1. ASBR-PE 2 considers ASBR-PE 1 to be its CE.

[ASBR-PE2] ip vpn-instance vpn1

[ASBR-PE2-vpn-instance-vpn1] route-distinguisher 200:1

[ASBR-PE2-vpn-instance-vpn1] vpn-target 200:1 both

[ASBR-PE2-vpn-instance-vpn1] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 192.1.1.2 24

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Execute the display ip vpn-instance command to display VPN instance configurations. Verify that the PEs can ping their attached CEs, and the ASBR-PEs can ping each other. (Details not shown.)

4. Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP:

# Configure CE 1.

[CE1] bgp 65001

[CE1-bgp-default] peer 10.1.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure CE 2.

[CE2] bgp 65002

[CE2-bgp-default] peer 10.2.1.2 as-number 200

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.2.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

# Configure PE 2.

[PE2] bgp 200

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.2.1.1 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

5. Establish an MP-IBGP peer relationship between each PE and the ASBR-PE in the same AS, and an EBGP peer relationship between the ASBR-PEs:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.9 as-number 100

[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE1-bgp-default-vpnv4] peer 2.2.2.9 next-hop-local

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure ASBR-PE 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] ip vpn-instance vpn1

[ASBR-PE1-bgp-default-vpn1] peer 192.1.1.2 as-number 200

[ASBR-PE1-bgp-default-vpn1] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4-vpn1] peer 192.1.1.2 enable

[ASBR-PE1-bgp-default-ipv4-vpn1] quit

[ASBR-PE1-bgp-default-vpn1] quit

[ASBR-PE1-bgp-default] peer 1.1.1.9 as-number 100

[ASBR-PE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] address-family vpnv4

[ASBR-PE1-bgp-default-vpnv4] peer 1.1.1.9 enable

[ASBR-PE1-bgp-default-vpnv4] peer 1.1.1.9 next-hop-local

[ASBR-PE1-bgp-default-vpnv4] quit

[ASBR-PE1-bgp-default] quit

# Configure ASBR-PE 2.

[ASBR-PE2] bgp 200

[ASBR-PE2-bgp-default] ip vpn-instance vpn1

[ASBR-PE2-bgp-default-vpn1] peer 192.1.1.1 as-number 100

[ASBR-PE2-bgp-default-vpn1] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4-vpn1] peer 192.1.1.1 enable

[ASBR-PE2-bgp-default-ipv4-vpn1] quit

[ASBR-PE2-bgp-default-vpn1] quit

[ASBR-PE2-bgp-default] peer 4.4.4.9 as-number 200

[ASBR-PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[ASBR-PE2-bgp-default] address-family vpnv4

[ASBR-PE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[ASBR-PE2-bgp-default-vpnv4] peer 4.4.4.9 next-hop-local

[ASBR-PE2-bgp-default-vpnv4] quit

[ASBR-PE2-bgp-default] quit

# Configure PE 2.

[PE2] bgp 200

[PE2-bgp-default] peer 3.3.3.9 as-number 200

[PE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE2-bgp-default-vpnv4] peer 3.3.3.9 next-hop-local

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

Verifying the configuration

# Verify that the CEs can learn the interface routes from each other and ping each other. (Details not shown.)

Example: Configuring MPLS L3VPN inter-AS option B

Network configuration

Site 1 and Site 2 belong to the same VPN. CE 1 of Site 1 accesses the network through PE 1 in AS 100, and CE 2 of Site 2 accesses the network through PE 2 in AS 600.

PEs in the same AS run IS-IS.

PE 1 and ASBR-PE 1 exchange VPNv4 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv4 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv4 routes through MP-EBGP.

ASBRs do not perform route target filtering of received VPN-IPv4 routes.

Figure 253 Network diagram

‌

Table 79 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30.0.0.1/8		XGE3/0/1	20.0.0.1/8
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8

‌

Procedure

1. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 1:1 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Bind the interface connected to CE 1 to the created VPN instance.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 8

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Configure IBGP peer 3.3.3.9 as a VPNv4 peer.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

# Redistribute direct routes to the VPN routing table of vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

2. Configure ASBR-PE 1:

# Enable IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Enable BGP on ASBR-PE 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface ten-gigabitethernet 3/0/4

# Disable route target based filtering of received VPNv4 routes.

[ASBR-PE1-bgp-default] address-family vpnv4

[ASBR-PE1-bgp-default-vpnv4] undo policy vpn-target

# Configure both IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv4 peers.

[ASBR-PE1-bgp-default-vpnv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-vpnv4] quit

3. Configure ASBR-PE 2:

# Enable IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Enable BGP on ASBR-PE 2.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface ten-gigabitethernet 3/0/4

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

# Disable route target based filtering of received VPNv4 routes.

[ASBR-PE2-bgp-default] address-family vpnv4

[ASBR-PE2-bgp-default-vpnv4] undo policy vpn-target

# Configure both IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv4 peers.

[ASBR-PE2-bgp-default-vpnv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-vpnv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-vpnv4] quit

[ASBR-PE2-bgp-default] quit

4. Configure PE 2:

# Enable IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# Configure the LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 12:12

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 2:2 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Bind the interface connected to CE 1 to the created VPN instance.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 8

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Configure IBGP peer 4.4.4.9 as a VPNv4 peer.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE2-bgp-default-vpnv4] quit

# Redistribute direct routes to the VPN routing table of vpn1.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE2-bgp-default-vpnv4] quit

Verifying the configuration

# Use the following command on PE 1 to verify its connectivity to PE 2.

[PE1] ping -a 30.0.0.1 -vpn-instance vpn1 20.0.0.1

Ping 20.0.0.1 (20.0.0.1) from 30.0.0.1: 56 data bytes, press CTRL_C to break

56 bytes from 20.0.0.1: icmp_seq=0 ttl=255 time=1.208 ms

56 bytes from 20.0.0.1: icmp_seq=1 ttl=255 time=0.867 ms

56 bytes from 20.0.0.1: icmp_seq=2 ttl=255 time=0.551 ms

56 bytes from 20.0.0.1: icmp_seq=3 ttl=255 time=0.566 ms

56 bytes from 20.0.0.1: icmp_seq=4 ttl=255 time=0.570 ms

--- Ping statistics for 20.0.0.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.551/0.752/1.208/0.257 ms

Example: Configuring MPLS L3VPN inter-AS option C (method 1) (exchanging labeled routes in BGP IPv4 unicast address family)

Network configuration

Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.

PE 1 and ASBR-PE 1 exchange labeled IPv4 routes through IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes through IBGP. PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.

ASBR-PE 1 and ASBR-PE 2 use routing policies and label the routes received from each other.

ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes.

Figure 254 Network diagram

‌

Table 80 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure CE 1:

# Configure an IP address for Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Enable the capability to advertise labeled routes to IBGP peer 3.3.3.9 and to receive labeled routes from the peer.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] peer 3.3.3.9 enable

[PE1-bgp-default-ipv4] peer 3.3.3.9 label-route-capability

[PE1-bgp-default-ipv4] quit

# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

3. Configure ASBR-PE 1:

# Enable IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# Configure the LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Create routing policies.

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] apply mpls-label

[ASBR-PE1-route-policy-policy1-1] quit

[ASBR-PE1] route-policy policy2 permit node 1

[ASBR-PE1-route-policy-policy2-1] if-match mpls-label

[ASBR-PE1-route-policy-policy2-1] apply mpls-label

[ASBR-PE1-route-policy-policy2-1] quit

# Enable BGP on ASBR-PE 1, and apply the routing policy policy2 to routes advertised to IBGP peer 2.2.2.9.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 route-policy policy2 export

# Enable the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled routes from the peer.

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 label-route-capability

# Redistribute routes from IS-IS process 1 to BGP.

[ASBR-PE1-bgp-default-ipv4] import-route isis 1

[ASBR-PE1-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export

# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive labeled routes from the peer.

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability

[ASBR-PE1-bgp-default-ipv4] quit

[ASBR-PE1-bgp-default] quit

4. Configure ASBR-PE 2:

# Enable IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

# Configure the LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Create routing policies.

[ASBR-PE2] route-policy policy1 permit node 1

[ASBR-PE2-route-policy-policy1-1] apply mpls-label

[ASBR-PE2-route-policy-policy1-1] quit

[ASBR-PE2] route-policy policy2 permit node 1

[ASBR-PE2-route-policy-policy2-1] if-match mpls-label

[ASBR-PE2-route-policy-policy2-1] apply mpls-label

[ASBR-PE2-route-policy-policy2-1] quit

# Enable BGP on ASBR-PE 2, and enable the capability to advertise labeled routes to IBGP peer 5.5.5.9 and to receive labeled routes from the peer.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 label-route-capability

# Apply routing policy policy2 to routes advertised to IBGP peer 5.5.5.9.

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 route-policy policy2 export

# Redistribute routes from IS-IS process 1.

[ASBR-PE2-bgp-default-ipv4] import-route isis 1

[ASBR-PE2-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export

# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability

[ASBR-PE2-bgp-default-ipv4] quit

[ASBR-PE2-bgp-default] quit

5. Configure PE 2:

# Enable IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# Configure the LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Enable the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] peer 4.4.4.9 enable

[PE2-bgp-default-ipv4] peer 4.4.4.9 label-route-capability

[PE2-bgp-default-ipv4] quit

# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

6. Configure CE 2:

# Configure an IP address for Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring MPLS L3VPN inter-AS option C (method 1) (exchanging labeled routes in BGP IPv4 labeled unicast address family

Network configuration

Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.

PE 1 and ASBR-PE 1 establish a session in BGP IPv4 labeled unicast address family to exchange IPv4 labeled routes.

PE 2 and ASBR-PE 2 establish a session in BGP IPv4 labeled unicast address family to exchange IPv4 labeled routes.

PE 1 and PE 2 establish an MP-EBGP session to exchange VPNv4 routes.

ASBR-PE 1 and ASBR-PE 2 establish a session in BGP IPv4 labeled unicast address family to exchange IPv4 labeled routes.

Figure 255 Network diagram

‌

Table 81 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure CE 1:

# Configure an IP address for Ten-GigabitEthernet3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Configure IBGP peer 3.3.3.9 as a BGP IPv4 labeled unicast peer.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family ipv4 labeled-unicast

[PE1-bgp-default-labeled-ipv4] peer 3.3.3.9 enable

[PE1-bgp-default-labeled-ipv4] quit

# Redistribute BGP routes in BGP IPv4 labeled unicast address family to the BGP routing table of BGP IPv4 unicast address family, and add the redistributed BGP routes to the public network routing table.

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] import-rib public labeled-unicast

[PE1-bgp-default-ipv4] quit

# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

3. Configure ASBR-PE 1:

# Enable IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# Configure the LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Enable BGP on ASBR-PE 1, and configure peers 2.2.2.9 and 11.0.0.1 as BGP IPv4 labeled unicast peers.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE1-bgp-default-labeled-ipv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-labeled-ipv4] peer 11.0.0.1 enable

# Redistribute routes from IS-IS process 1 to BGP.

[ASBR-PE1-bgp-default-labeled-ipv4] import-route isis 1

[ASBR-PE1-bgp-default-labeled-ipv4] quit

[ASBR-PE2-bgp-default] quit

4. Configure ASBR-PE 2:

# Enable IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

# Configure the LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Enable BGP on ASBR-PE 2, and configure peers 5.5.5.9 and 11.0.0.2 as BGP IPv4 labeled unicast peers.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE2-bgp-default-labeled-ipv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-labeled-ipv4] peer 11.0.0.2 enable

# Redistribute routes from IS-IS process 1.

[ASBR-PE2-bgp-default-labeled-ipv4] import-route isis 1

[ASBR-PE2-bgp-default-labeled-ipv4] quit

[ASBR-PE2-bgp-default] quit

5. Configure PE 2:

# Enable IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# Configure the LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Configure IBGP peer 4.4.4.9 as BGP IPv4 labeled unicast peer.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family ipv4 labeled-unicast

[PE2-bgp-default-labeled-ipv4] peer 4.4.4.9 enable

[PE2-bgp-default-labeled-ipv4] quit

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] import-rib public labeled-unicast

[PE2-bgp-default-ipv4] quit

# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

6. Configure CE 2:

# Configure an IP address for Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring MPLS L3VPN inter-AS option C (method 2) (exchanging labeled routes in BGP IPv4 unicast address family)

Network configuration

Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.

PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.

ASBR-PE 1 and ASBR-PE 2 label the routes received from each other, use EBGP to exchange labeled IPv4 routes, and redistribute IGP and BGP routes from each other.

Figure 256 Network diagram

‌

Table 82 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure CE 1:

# Configure an IP address for Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Enable IS-IS, MPLS, and LDP on interface Ten-GigabitEthernet 3/0/5.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Enable IS-IS on interface Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IP address for the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

3. Configure ASBR-PE1:

# Enable IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

# Redistribute BGP routes.

[ASBR-PE1-isis-1] address-family ipv4 unicast

[ASBR-PE1-isis-1-ipv4] import-route bgp

[ASBR-PE1-isis-1-ipv4] quit

[ASBR-PE1-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Create routing policy policy1.

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] apply mpls-label

[ASBR-PE1-route-policy-policy1-1] quit

# Enable BGP on ASBR-PE 1, and redistribute routes from IS-IS process 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] import-route isis 1

[ASBR-PE1-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export

# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive labeled routes from the peer.

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability

[ASBR-PE1-bgp-default-ipv4] quit

[ASBR-PE1-bgp-default] quit

4. Configure ASBR-PE 2:

# Enable IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

# Redistribute BGP routes.

[ASBR-PE2-isis-1] address-family ipv4 unicast

[ASBR-PE2-isis-1-ipv4] import-route bgp

[ASBR-PE2-isis-1-ipv4] quit

[ASBR-PE2-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Create routing policy policy1.

[ASBR-PE2] route-policy policy1 permit node 1

[ASBR-PE2-route-policy-policy1-1] apply mpls-label

[ASBR-PE2-route-policy-policy1-1] quit

# Enable BGP on ASBR-PE 2, and redistribute routes from IS-IS process 1.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] import-route isis 1

[ASBR-PE2-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export

# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability

[ASBR-PE2-bgp-default-ipv4] quit

[ASBR-PE2-bgp-default] quit

5. Configure PE 2:

# Enable IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IP address for the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

6. Configure CE 2:

# Configure an IP address for interface Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring MPLS L3VPN inter-AS option C (method 2) (exchanging labeled routes in BGP IPv4 labeled unicast address family)

Network configuration

Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.

PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.

ASBR-PE 1 and ASBR-PE 2 label the routes received from each other, use EBGP to exchange labeled IPv4 routes, and redistribute IGP and BGP routes from each other.

Figure 257 Network diagram

‌

Table 83 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure CE 1:

# Configure an IP address for Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Enable IS-IS, MPLS, and LDP on interface Ten-GigabitEthernet 3/0/5.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Enable IS-IS on interface Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IP address for the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

3. Configure ASBR-PE1:

# Enable IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

# Redistribute BGP routes.

[ASBR-PE1-isis-1] address-family ipv4 unicast

[ASBR-PE1-isis-1-ipv4] import-route bgp

[ASBR-PE1-isis-1-ipv4] quit

[ASBR-PE1-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Create routing policy policy1.

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] apply mpls-label

[ASBR-PE1-route-policy-policy1-1] quit

# Enable BGP on ASBR-PE 1, and redistribute routes from IS-IS process 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] import-route isis 1

[ASBR-PE1-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export

# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive labeled routes from the peer.

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability

[ASBR-PE1-bgp-default-ipv4] quit

[ASBR-PE1-bgp-default] quit

4. Configure ASBR-PE 2:

# Enable IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

# Redistribute BGP routes.

[ASBR-PE2-isis-1] address-family ipv4 unicast

[ASBR-PE2-isis-1-ipv4] import-route bgp

[ASBR-PE2-isis-1-ipv4] quit

[ASBR-PE2-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Create routing policy policy1.

[ASBR-PE2] route-policy policy1 permit node 1

[ASBR-PE2-route-policy-policy1-1] apply mpls-label

[ASBR-PE2-route-policy-policy1-1] quit

# Enable BGP on ASBR-PE 2, and redistribute routes from IS-IS process 1.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] import-route isis 1

[ASBR-PE2-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export

# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability

[ASBR-PE2-bgp-default-ipv4] quit

[ASBR-PE2-bgp-default] quit

5. Configure PE 2:

# Enable IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IP address for the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

6. Configure CE 2:

# Configure an IP address for interface Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing-table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring MPLS L3VPN carrier's carrier in the same AS

Network configuration

Configure carrier's carrier for the scenario shown in Figure 258. In this scenario:

· PE 1 and PE 2 are the provider carrier's PE routers. They provide VPN services for the customer carrier.

· CE 1 and CE 2 are the customer carrier's routers. They are connected to the provider carrier's backbone as CE routers.

· PE 3 and PE 4 are the customer carrier's PE routers. They provide MPLS L3VPN services for the end customers.

· CE 3 and CE 4 are customers of the customer carrier.

· The customer carrier and the provider carrier reside in the same AS.

The key to carrier's carrier deployment is to configure exchange of two kinds of routes:

· Exchange of the customer carrier's internal routes on the provider carrier's backbone.

· Exchange of the end customers' VPN routes between PE 3 and PE 4, the PEs of the customer carrier. In this process, an MP-IBGP peer relationship must be established between PE 3 and PE 4.

Figure 258 Network diagram

‌

Table 84 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 3	XGE3/0/1	100.1.1.1/24	CE 4	XGE3/0/1	120.1.1.1/24
PE 3	Loop0	1.1.1.9/32	PE 4	Loop0	6.6.6.9/32
	XGE3/0/1	100.1.1.2/24		XGE3/0/1	120.1.1.2/24
	XGE3/0/5	10.1.1.1/24		XGE3/0/5	20.1.1.2/24
CE 1	Loop0	2.2.2.9/32	CE 2	Loop0	5.5.5.9/32
	XGE3/0/4	10.1.1.2/24		XGE3/0/4	21.1.1.2/24
	XGE3/0/5	11.1.1.1/24		XGE3/0/5	20.1.1.1/24
PE 1	Loop0	3.3.3.9/32	PE 2	Loop0	4.4.4.9/32
	XGE3/0/4	11.1.1.2/24		XGE3/0/4	30.1.1.2/24
	XGE3/0/5	30.1.1.1/24		XGE3/0/5	21.1.1.1/24

‌

Procedure

1. Configure MPLS L3VPN on the provider carrier backbone. Enable IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs:

# Configure PE 1.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 3.3.3.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 3.3.3.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] isis 1

[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] bgp 100

[PE1-bgp-default] peer 4.4.4.9 as-number 100

[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# On PE 1 or PE 2, execute the following commands:

¡ Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display isis peer command to verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. (Details not shown.)

2. Configure the customer carrier network. Enable IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:

# Configure PE 3.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 1.1.1.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 1.1.1.9

[PE3] mpls ldp

[PE3-ldp] quit

[PE3] isis 2

[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00

[PE3-isis-2] quit

[PE3] interface loopback 0

[PE3-LoopBack0] isis enable 2

[PE3-LoopBack0] quit

[PE3] interface ten-gigabitethernet 3/0/5

[PE3-Ten-GigabitEthernet3/0/5] ip address 10.1.1.1 24

[PE3-Ten-GigabitEthernet3/0/5] isis enable 2

[PE3-Ten-GigabitEthernet3/0/5] mpls enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE3-Ten-GigabitEthernet3/0/5] quit

# Configure CE 1.

<CE1> system-view

[CE1] interface loopback 0

[CE1-LoopBack0] ip address 2.2.2.9 32

[CE1-LoopBack0] quit

[CE1] mpls lsr-id 2.2.2.9

[CE1] mpls ldp

[CE1-ldp] quit

[CE1] isis 2

[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00

[CE1-isis-2] quit

[CE1] interface loopback 0

[CE1-LoopBack0] isis enable 2

[CE1-LoopBack0] quit

[CE1] interface ten-gigabitethernet 3/0/4

[CE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.2 24

[CE1-Ten-GigabitEthernet3/0/4] isis enable 2

[CE1-Ten-GigabitEthernet3/0/4] mpls enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface

[CE1-Ten-GigabitEthernet3/0/4] quit

PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.

# Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.)

3. Allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 200:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] mpls ldp

[PE1-ldp] vpn-instance vpn1

[PE1-ldp-vpn-instance-vpn1] quit

[PE1-ldp] quit

[PE1] isis 2 vpn-instance vpn1

[PE1-isis-2] network-entity 10.0000.0000.0000.0003.00

[PE1-isis-2] address-family ipv4

[PE1-isis-2-ipv4] import-route bgp

[PE1-isis-2-ipv4] quit

[PE1-isis-2] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/4] ip address 11.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/4] isis enable 2

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface

[PE1-Ten-GigabitEthernet3/0/4] quit

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] import isis 2

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure CE 1.

[CE1] interface ten-gigabitethernet 3/0/5

[CE1-Ten-GigabitEthernet3/0/5] ip address 11.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/5] isis enable 2

[CE1-Ten-GigabitEthernet3/0/5] mpls enable

[CE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[CE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[CE1-Ten-GigabitEthernet3/0/5] quit

PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.

# Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.)

4. Connect CEs of the end customers and the PEs of the customer carrier:

# Configure CE 3.

<CE3> system-view

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] bgp 65410

[CE3-bgp-default] peer 100.1.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 100.1.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

# Configure PE 3.

[PE3] ip vpn-instance vpn1

[PE3-vpn-instance-vpn1] route-distinguisher 100:1

[PE3-vpn-instance-vpn1] vpn-target 1:1

[PE3-vpn-instance-vpn1] quit

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[PE3-Ten-GigabitEthernet3/0/1] quit

[PE3] bgp 100

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] peer 100.1.1.1 as-number 65410

[PE3-bgp-default-vpn1] address-family ipv4 unicast

[PE3-bgp-default-ipv4-vpn1] peer 100.1.1.1 enable

[PE3-bgp-default-ipv4-vpn1] quit

[PE3-bgp-default-vpn1] quit

[PE3-bgp-default] quit

# Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.)

5. Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers:

# Configure PE 3.

[PE3] bgp 100

[PE3-bgp-default] peer 6.6.6.9 as-number 100

[PE3-bgp-default] peer 6.6.6.9 connect-interface loopback 0

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] peer 6.6.6.9 enable

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] quit

# Configure PE 4 in the same way that PE 3 is configured. (Details not shown.)

Verifying the configuration

1. Display the public network routing table and VPN routing table on the provider carrier PEs, for example, on PE 1:

# Verify that the public network routing table contains only routes of the provider carrier network.

[PE1] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0

4.4.4.9/32 IS_L1 15 10 30.1.1.2 XGE3/0/5

30.1.1.0/24 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.0/32 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.255/32 Direct 0 0 30.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table contains the internal routes of the customer carrier, but it does not contain the VPN routes that the customer carrier maintains.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 16 Routes : 16

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 IS_L1 15 20 11.1.1.1 XGE3/0/4

2.2.2.9/32 IS_L1 15 10 11.1.1.1 XGE3/0/4

5.5.5.9/32 BGP 255 10 4.4.4.9 XGE3/0/5

6.6.6.9/32 BGP 255 20 4.4.4.9 XGE3/0/5

10.1.1.0/24 IS_L1 15 20 11.1.1.1 XGE3/0/4

11.1.1.0/24 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.0/32 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.2 XGE3/0/4

20.1.1.0/24 BGP 255 20 4.4.4.9 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

2. Display the routing table on the customer carrier CEs, for example, on CE 1:

# Verify that the routing table contains the internal routes of the customer carrier network, but it does not contain the VPN routes that the customer carrier maintains.

[CE1] display ip routing-table

Destinations : 19 Routes : 19

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 IS_L1 15 10 10.1.1.1 XGE3/0/4

2.2.2.9/32 Direct 0 0 127.0.0.1 InLoop0

5.5.5.9/32 IS_L2 15 74 11.1.1.2 XGE3/0/5

6.6.6.9/32 IS_L2 15 74 11.1.1.2 XGE3/0/5

10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/4

10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/0/4

10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/4

11.1.1.0/24 Direct 0 0 11.1.1.1 XGE3/0/5

11.1.1.0/32 Direct 0 0 11.1.1.1 XGE3/0/5

11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.1 XGE3/0/5

20.1.1.0/24 IS_L2 15 74 11.1.1.2 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

3. Display the public network routing table and VPN routing table on the customer carrier PEs, for example, on PE 3:

# Verify that the public network routing table contains the internal routes of the customer carrier network.

[PE3] display ip routing-table

Destinations : 16 Routes : 16

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 IS_L1 15 10 10.1.1.2 XGE3/0/5

5.5.5.9/32 IS_L2 15 84 10.1.1.2 XGE3/0/5

6.6.6.9/32 IS_L2 15 84 10.1.1.2 XGE3/0/5

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/5

10.1.1.0/32 Direct 0 0 10.1.1.1 XGE3/0/5

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/5

11.1.1.0/24 IS_L1 15 20 10.1.1.2 XGE3/0/5

20.1.1.0/24 IS_L2 15 84 10.1.1.2 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table contains the route to the remote VPN customer.

[PE3] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.0/24 Direct 0 0 100.1.1.2 XGE3/0/1

100.1.1.0/32 Direct 0 0 100.1.1.2 XGE3/0/1

100.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.255/32 Direct 0 0 100.1.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

120.1.1.0/24 BGP 255 0 6.6.6.9 XGE3/0/5

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

4. Verify that PE 3 and PE 4 can ping each other. (Details not shown.)

5. Verify that CE 3 and CE 4 can ping each other. (Details not shown.)

Example: Configuring MPLS L3VPN carrier's carrier in different ASs (exchanging labeled routes in BGP IPv4 unicast address family)

Network configuration

Configure carrier's carrier for the scenario shown in Figure 259. In this scenario:

· PE 1 and PE 2 are the provider carrier's PE routers. They provide VPN services for the customer carrier.

· CE 1 and CE 2 are the customer carrier's routers. They are connected to the provider carrier's backbone as CE routers.

· PE 3 and PE 4 are the customer carrier's PE routers. They provide MPLS L3VPN services for the end customers.

· CE 3 and CE 4 are customers of the customer carrier.

· The customer carrier and the provider carrier reside in different ASs.

The key to carrier's carrier deployment is to configure exchange of two kinds of routes:

· Exchange of the customer carrier's internal routes on the provider carrier's backbone.

· Exchange of the end customers' VPN routes between PE 3 and PE 4, the PEs of the customer carrier. In this process, an MP-EBGP peer relationship must be established between PE 3 and PE 4.

Figure 259 Network diagram

‌

Table 85 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 3	XGE3/0/1	100.1.1.1/24	CE 4	XGE3/0/1	120.1.1.1/24
PE 3	Loop0	1.1.1.9/32	PE 4	Loop0	6.6.6.9/32
	XGE3/0/1	100.1.1.2/24		XGE3/0/1	120.1.1.2/24
	XGE3/0/5	10.1.1.1/24		XGE3/0/5	20.1.1.2/24
CE 1	Loop0	2.2.2.9/32	CE 2	Loop0	5.5.5.9/32
	XGE3/0/4	10.1.1.2/24		XGE3/0/4	21.1.1.2/24
	XGE3/0/5	11.1.1.1/24		XGE3/0/5	20.1.1.1/24
PE 1	Loop0	3.3.3.9/32	PE 2	Loop0	4.4.4.9/32
	XGE3/0/4	11.1.1.2/24		XGE3/0/4	30.1.1.2/24
	XGE3/0/5	30.1.1.1/24		XGE3/0/5	21.1.1.1/24

‌

Procedure

1. Configure MPLS L3VPN on the provider carrier backbone. Enable IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs:

# Configure PE 1.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 3.3.3.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 3.3.3.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] isis 1

[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] bgp 200

[PE1-bgp-default] peer 4.4.4.9 as-number 200

[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# On PE 1 or PE 2, execute the following commands:

¡ Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display isis peer command to verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. (Details not shown.)

2. Configure the customer carrier network. Enable IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:

# Configure PE 3.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 1.1.1.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 1.1.1.9

[PE3] mpls ldp

[PE3-ldp] quit

[PE3] isis 2

[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00

[PE3-isis-2] quit

[PE3] interface loopback 0

[PE3-LoopBack0] isis enable 2

[PE3-LoopBack0] quit

[PE3] interface ten-gigabitethernet 3/0/5

[PE3-Ten-GigabitEthernet3/0/5] ip address 10.1.1.1 24

[PE3-Ten-GigabitEthernet3/0/5] isis enable 2

[PE3-Ten-GigabitEthernet3/0/5] mpls enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE3-Ten-GigabitEthernet3/0/5] quit

# Configure CE 1.

<CE1> system-view

[CE1] interface loopback 0

[CE1-LoopBack0] ip address 2.2.2.9 32

[CE1-LoopBack0] quit

[CE1] mpls lsr-id 2.2.2.9

[CE1] mpls ldp

[CE1-ldp] import bgp

[CE1-ldp] quit

[CE1] isis 2

[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00

[CE1-isis-2] address-family ipv4

[CE1-isis-2-ipv4] import-route bgp

[CE1-isis-2-ipv4] quit

[CE1-isis-2] quit

[CE1] interface loopback 0

[CE1-LoopBack0] isis enable 2

[CE1-LoopBack0] quit

[CE1] interface ten-gigabitethernet 3/0/4

[CE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.2 24

[CE1-Ten-GigabitEthernet3/0/4] isis enable 2

[CE1-Ten-GigabitEthernet3/0/4] mpls enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface

[CE1-Ten-GigabitEthernet3/0/4] quit

PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.

# Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.)

3. Allow CEs of the customer carrier to access PEs of the provider carrier:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 200:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/4] ip address 11.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] quit

[PE1] bgp 200

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 11.1.1.1 as-number 100

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 label-route-capability

[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 route-policy csc export

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

[PE1] route-policy csc permit node 0

[PE1-route-policy-csc-0] apply mpls-label

[PE1-route-policy-csc-0] quit

# Configure CE 1.

[CE1] interface ten-gigabitethernet 3/0/5

[CE1-Ten-GigabitEthernet3/0/5] ip address 11.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/5] mpls enable

[CE1-Ten-GigabitEthernet3/0/5] quit

[CE1] bgp 100

[CE1-bgp-default] peer 11.1.1.2 as-number 200

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 11.1.1.2 enable

[CE1-bgp-default-ipv4] peer 11.1.1.2 label-route-capability

[CE1-bgp-default-ipv4] peer 11.1.1.2 route-policy csc export

[CE1-bgp-default-ipv4] import isis 2

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

[CE1] route-policy csc permit node 0

[CE1-route-policy-csc-0] apply mpls-label

[CE1-route-policy-csc-0] quit

PE 1 and CE 1 can establish a BGP session and exchange labeled IPv4 unicast routes through BGP.

# Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.)

4. Connect CEs of the end customers and the PEs of the customer carrier:

# Configure CE 3.

<CE3> system-view

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] bgp 65410

[CE3-bgp-default] peer 100.1.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 100.1.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

# Configure PE 3.

[PE3] ip vpn-instance vpn1

[PE3-vpn-instance-vpn1] route-distinguisher 100:1

[PE3-vpn-instance-vpn1] vpn-target 1:1

[PE3-vpn-instance-vpn1] quit

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[PE3-Ten-GigabitEthernet3/0/1] quit

[PE3] bgp 100

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] peer 100.1.1.1 as-number 65410

[PE3-bgp-default-vpn1] address-family ipv4 unicast

[PE3-bgp-default-ipv4-vpn1] peer 100.1.1.1 enable

[PE3-bgp-default-ipv4-vpn1] quit

[PE3-bgp-default-vpn1] quit

[PE3-bgp-default] quit

# Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.)

5. Configure an MP-EBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers:

# Configure PE 3.

[PE3] bgp 100

[PE3-bgp-default] peer 6.6.6.9 as-number 300

[PE3-bgp-default] peer 6.6.6.9 connect-interface loopback 0

[PE3-bgp-default] peer 6.6.6.9 ebgp-max-hop 10

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] peer 6.6.6.9 enable

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] quit

# Configure PE 4 in the same way that PE 3 is configured. (Details not shown.)

Verifying the configuration

1. Display the public network routing table and VPN routing table on the provider carrier PEs, for example, on PE 1:

# Verify that the public network routing table contains only routes of the provider carrier network.

[PE1] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0

4.4.4.9/32 IS_L1 15 10 30.1.1.2 XGE3/0/5

30.1.1.0/24 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.0/32 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.255/32 Direct 0 0 30.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table contains the internal routes of the customer carrier, but it does not contain the VPN routes that the customer carrier maintains.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 BGP 255 10 11.1.1.1 XGE3/0/4

6.6.6.9/32 BGP 255 10 4.4.4.9 XGE3/0/5

11.1.1.0/24 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.0/32 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.2 XGE3/0/4

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

2. Display the routing table on the customer carrier CEs, for example, on CE 1.

# Verify that the routing table contains the internal routes of the customer carrier network, but it does not contain the VPN routes that the customer carrier maintains.

[CE1] display ip routing-table

Destinations : 17 Routes : 17

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 IS_L1 15 10 10.1.1.1 XGE3/0/4

2.2.2.9/32 Direct 0 0 127.0.0.1 InLoop0

6.6.6.9/32 BGP 255 0 11.1.1.2 XGE3/0/5

10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/4

10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/0/4

10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/4

11.1.1.0/24 Direct 0 0 11.1.1.1 XGE3/0/5

11.1.1.0/32 Direct 0 0 11.1.1.1 XGE3/0/5

11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

3. Display the public network routing table and VPN routing table on the customer carrier PEs, for example, on PE 3:

# Verify that the public network routing table contains the internal routes of the customer carrier network.

[PE3] display ip routing-table

Destinations : 13 Routes : 13

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 IS_L1 15 10 10.1.1.2 XGE3/0/5

6.6.6.9/32 IS_L2 15 74 10.1.1.2 XGE3/0/5

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/5

10.1.1.0/32 Direct 0 0 10.1.1.1 XGE3/0/5

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table contains the route to the remote VPN customer.

[PE3] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.0/24 Direct 0 0 100.1.1.2 XGE3/0/1

100.1.1.0/32 Direct 0 0 100.1.1.2 XGE3/0/1

100.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.255/32 Direct 0 0 100.1.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

120.1.1.0/24 BGP 255 0 6.6.6.9 XGE3/0/5

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

4. Verify that PE 3 and PE 4 can ping each other. (Details not shown.)

5. Verify that CE 3 and CE 4 can ping each other. (Details not shown.)

Example: Configuring MPLS L3VPN carrier's carrier in different ASs (exchanging labeled routes in BGP IPv4 labeled unicast address family)

Network configuration

Configure carrier's carrier for the scenario shown in Figure 260. In this scenario:

· PE 1 and PE 2 are the provider carrier's PE routers. They provide VPN services for the customer carrier.

· CE 1 and CE 2 are the customer carrier's routers. They are connected to the provider carrier's backbone as CE routers.

· PE 3 and PE 4 are the customer carrier's PE routers. They provide MPLS L3VPN services for the end customers.

· CE 3 and CE 4 are customers of the customer carrier.

· The customer carrier and the provider carrier reside in different ASs.

The key to carrier's carrier deployment is to configure exchange of two kinds of routes:

· Exchange of the customer carrier's internal routes on the provider carrier's backbone.

· Exchange of the end customers' VPN routes between PE 3 and PE 4, the PEs of the customer carrier. In this process, an MP-EBGP peer relationship must be established between PE 3 and PE 4.

Figure 260 Network diagram

‌

Table 86 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 3	XGE3/0/1	100.1.1.1/24	CE 4	XGE3/0/1	120.1.1.1/24
PE 3	Loop0	1.1.1.9/32	PE 4	Loop0	6.6.6.9/32
	XGE3/0/1	100.1.1.2/24		XGE3/0/1	120.1.1.2/24
	XGE3/0/5	10.1.1.1/24		XGE3/0/5	20.1.1.2/24
CE 1	Loop0	2.2.2.9/32	CE 2	Loop0	5.5.5.9/32
	XGE3/0/4	10.1.1.2/24		XGE3/0/4	21.1.1.2/24
	XGE3/0/5	11.1.1.1/24		XGE3/0/5	20.1.1.1/24
PE 1	Loop0	3.3.3.9/32	PE 2	Loop0	4.4.4.9/32
	XGE3/0/4	11.1.1.2/24		XGE3/0/4	30.1.1.2/24
	XGE3/0/5	30.1.1.1/24		XGE3/0/5	21.1.1.1/24

‌

Procedure

1. Configure MPLS L3VPN on the provider carrier backbone. Enable IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs:

# Configure PE 1.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 3.3.3.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 3.3.3.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] isis 1

[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] bgp 200

[PE1-bgp-default] peer 4.4.4.9 as-number 200

[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# On PE 1 or PE 2, execute the following commands:

¡ Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display isis peer command to verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. (Details not shown.)

2. Configure the customer carrier network. Enable IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:

# Configure PE 3.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 1.1.1.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 1.1.1.9

[PE3] mpls ldp

[PE3-ldp] quit

[PE3] isis 2

[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00

[PE3-isis-2] quit

[PE3] interface loopback 0

[PE3-LoopBack0] isis enable 2

[PE3-LoopBack0] quit

[PE3] interface ten-gigabitethernet 3/0/5

[PE3-Ten-GigabitEthernet3/0/5] ip address 10.1.1.1 24

[PE3-Ten-GigabitEthernet3/0/5] isis enable 2

[PE3-Ten-GigabitEthernet3/0/5] mpls enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE3-Ten-GigabitEthernet3/0/5] quit

# Configure CE 1.

<CE1> system-view

[CE1] interface loopback 0

[CE1-LoopBack0] ip address 2.2.2.9 32

[CE1-LoopBack0] quit

[CE1] mpls lsr-id 2.2.2.9

[CE1] mpls ldp

[CE1-ldp] import bgp

[CE1-ldp] quit

[CE1] isis 2

[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00

[CE1-isis-2] address-family ipv4

[CE1-isis-2-ipv4] import-route bgp

[CE1-isis-2-ipv4] quit

[CE1-isis-2] quit

[CE1] interface loopback 0

[CE1-LoopBack0] isis enable 2

[CE1-LoopBack0] quit

[CE1] interface ten-gigabitethernet 3/0/4

[CE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.2 24

[CE1-Ten-GigabitEthernet3/0/4] isis enable 2

[CE1-Ten-GigabitEthernet3/0/4] mpls enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface

[CE1-Ten-GigabitEthernet3/0/4] quit

PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship.

# Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.)

3. Allow CEs of the customer carrier to access PEs of the provider carrier:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 200:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/4] ip address 11.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] quit

[PE1] bgp 200

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 11.1.1.1 as-number 100

[PE1-bgp-default-vpn1] address-family ipv4 labeled-unicast

[PE1-bgp-default-labeled-ipv4-vpn1] peer 11.1.1.1 enable

[PE1-bgp-default-labeled-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] import-rib vpn-instance vpn1 labeled-unicast

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] address-family ipv4 labeled-unicast

[PE1-bgp-default-labeled-ipv4-vpn1] import-rib vpn-instance vpn1

[PE1-bgp-default-labeled-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure CE 1.

[CE1] interface ten-gigabitethernet 3/0/5

[CE1-Ten-GigabitEthernet3/0/5] ip address 11.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/5] mpls enable

[CE1-Ten-GigabitEthernet3/0/5] quit

[CE1] bgp 100

[CE1-bgp-default] peer 11.1.1.2 as-number 200

[CE1-bgp-default] address-family ipv4 labeled-unicast

[CE1-bgp-default-labeled-ipv4] peer 11.1.1.2 enable

[CE1-bgp-default-labeled-ipv4] import-route isis 2

[CE1-bgp-default-labeled-ipv4] quit

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] import-rib public labeled-unicast

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

PE 1 and CE 1 can establish a BGP session and exchange IPv4 labeled unicast routes through BGP.

# Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.)

4. Connect CEs of the end customers and the PEs of the customer carrier:

# Configure CE 3.

<CE3> system-view

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] bgp 65410

[CE3-bgp-default] peer 100.1.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 100.1.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

# Configure PE 3.

[PE3] ip vpn-instance vpn1

[PE3-vpn-instance-vpn1] route-distinguisher 100:1

[PE3-vpn-instance-vpn1] vpn-target 1:1

[PE3-vpn-instance-vpn1] quit

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[PE3-Ten-GigabitEthernet3/0/1] quit

[PE3] bgp 100

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] peer 100.1.1.1 as-number 65410

[PE3-bgp-default-vpn1] address-family ipv4 unicast

[PE3-bgp-default-ipv4-vpn1] peer 100.1.1.1 enable

[PE3-bgp-default-ipv4-vpn1] quit

[PE3-bgp-default-vpn1] quit

[PE3-bgp-default] quit

# Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.)

5. Configure an MP-EBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers:

# Configure PE 3.

[PE3] bgp 100

[PE3-bgp-default] peer 6.6.6.9 as-number 300

[PE3-bgp-default] peer 6.6.6.9 connect-interface loopback 0

[PE3-bgp-default] peer 6.6.6.9 ebgp-max-hop 10

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] peer 6.6.6.9 enable

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] quit

# Configure PE 4 in the same way that PE 3 is configured. (Details not shown.)

Verifying the configuration

1. Display the public network routing table and VPN routing table on the provider carrier PEs, for example, on PE 1:

# Verify that the public network routing table contains only routes of the provider carrier network.

[PE1] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0

4.4.4.9/32 IS_L1 15 10 30.1.1.2 XGE3/0/5

30.1.1.0/24 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.0/32 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.255/32 Direct 0 0 30.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table contains the internal routes of the customer carrier, but it does not contain the VPN routes that the customer carrier maintains.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 BGP 255 10 11.1.1.1 XGE3/0/4

6.6.6.9/32 BGP 255 10 4.4.4.9 XGE3/0/5

11.1.1.0/24 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.0/32 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.2 XGE3/0/4

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

2. Display the routing table on the customer carrier CEs, for example, on CE 1.

# Verify that the routing table contains the internal routes of the customer carrier network, but it does not contain the VPN routes that the customer carrier maintains.

[CE1] display ip routing-table

Destinations : 17 Routes : 17

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 IS_L1 15 10 10.1.1.1 XGE3/0/4

2.2.2.9/32 Direct 0 0 127.0.0.1 InLoop0

6.6.6.9/32 BGP 255 0 11.1.1.2 XGE3/0/5

10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/4

10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/0/4

10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/4

11.1.1.0/24 Direct 0 0 11.1.1.1 XGE3/0/5

11.1.1.0/32 Direct 0 0 11.1.1.1 XGE3/0/5

11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

3. Display the public network routing table and VPN routing table on the customer carrier PEs, for example, on PE 3:

# Verify that the public network routing table contains the internal routes of the customer carrier network.

[PE3] display ip routing-table

Destinations : 13 Routes : 13

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 IS_L1 15 10 10.1.1.2 XGE3/0/5

6.6.6.9/32 IS_L2 15 74 10.1.1.2 XGE3/0/5

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/5

10.1.1.0/32 Direct 0 0 10.1.1.1 XGE3/0/5

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table contains the route to the remote VPN customer.

[PE3] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.0/24 Direct 0 0 100.1.1.2 XGE3/0/1

100.1.1.0/32 Direct 0 0 100.1.1.2 XGE3/0/1

100.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.255/32 Direct 0 0 100.1.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

120.1.1.0/24 BGP 255 0 6.6.6.9 XGE3/0/5

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

4. Verify that PE 3 and PE 4 can ping each other. (Details not shown.)

5. Verify that CE 3 and CE 4 can ping each other. (Details not shown.)

Example: Configuring nested VPN

Network configuration

The service provider provides nested VPN services for users, as shown in Figure 261.

· PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested VPN feature.

· CE 1 and CE 2 are provider CEs connected to the service provider backbone. Both of them support VPNv4 routes.

· PE 3 and PE 4 are PE devices of the customer VPN. Both of them support MPLS L3VPN.

· CE 3 through CE 6 are CE devices of sub-VPNs in the customer VPN.

The key of nested VPN configuration is to understand the processing of routes of sub-VPNs on the service provider PEs:

· When receiving a VPNv4 route from a provider CE (CE 1 or CE 2, in this example), a provider PE performs the following operations:

a. Replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider network.

b. Adds the export target attribute of the MPLS VPN on the service provider network to the extended community attribute list.

c. Forwards the VPNv4 route.

· To implement exchange of sub-VPN routes between customer PEs and service provider PEs, MP-EBGP peers must be established between provider PEs and provider CEs.

Figure 261 Network diagram

‌

Table 87 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	Loop0	2.2.2.9/32	CE 2	Loop0	5.5.5.9/32
	XGE3/0/4	10.1.1.2/24		XGE3/0/4	21.1.1.2/24
	XGE3/0/5	11.1.1.1/24		XGE3/0/5	20.1.1.1/24
CE 3	XGE3/0/1	100.1.1.1/24	CE 4	XGE3/0/1	120.1.1.1/24
CE 5	XGE3/0/1	110.1.1.1/24	CE 6	XGE3/0/1	130.1.1.1/24
PE 1	Loop0	3.3.3.9/32	PE 2	Loop0	4.4.4.9/32
	XGE3/0/4	11.1.1.2/24		XGE3/0/4	30.1.1.2/24
	XGE3/0/5	30.1.1.1/24		XGE3/0/5	21.1.1.1/24
PE 3	Loop0	1.1.1.9/32	PE 4	Loop0	6.6.6.9/32
	XGE3/0/1	100.1.1.2/24		XGE3/0/1	120.1.1.2/24
	XGE3/0/2	110.1.1.2/24		XGE3/0/2	130.1.1.2/24
	XGE3/0/5	10.1.1.1/24		XGE3/0/5	20.1.1.2/24

‌

Procedure

1. Configure MPLS L3VPN on the service provider backbone. Enable IS-IS, enable LDP, and establish an MP-IBGP peer relationship between PE 1 and PE 2:

# Configure PE 1.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 3.3.3.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 3.3.3.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] isis 1

[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] bgp 100

[PE1-bgp-default] peer 4.4.4.9 as-number 100

[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# On PE 1 or PE 2, execute the following commands:

¡ Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display isis peer command to verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. (Details not shown.)

2. Configure the customer VPN. Enable IS-IS, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:

# Configure PE 3.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 1.1.1.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 1.1.1.9

[PE3] mpls ldp

[PE3-ldp] quit

[PE3] isis 2

[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00

[PE3-isis-2] quit

[PE3] interface loopback 0

[PE3-LoopBack0] isis enable 2

[PE3-LoopBack0] quit

[PE3] interface ten-gigabitethernet 3/0/5

[PE3-Ten-GigabitEthernet3/0/5] ip address 10.1.1.1 24

[PE3-Ten-GigabitEthernet3/0/5] isis enable 2

[PE3-Ten-GigabitEthernet3/0/5] mpls enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/5] quit

# Configure CE 1.

<CE1> system-view

[CE1] interface loopback 0

[CE1-LoopBack0] ip address 2.2.2.9 32

[CE1-LoopBack0] quit

[CE1] mpls lsr-id 2.2.2.9

[CE1] mpls ldp

[CE1-ldp] quit

[CE1] isis 2

[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00

[CE1-isis-2] quit

[CE1] interface loopback 0

[CE1-LoopBack0] isis enable 2

[CE1-LoopBack0] quit

[CE1] interface ten-gigabitethernet 3/0/4

[CE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.2 24

[CE1-Ten-GigabitEthernet3/0/4] isis enable 2

[CE1-Ten-GigabitEthernet3/0/4] mpls enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[CE1-Ten-GigabitEthernet3/0/4] quit

An LDP session and IS-IS neighbor relationship can be established between PE 3 and CE 1.

# Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.)

3. Connect CE 1 and CE 2 to service provider PEs:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 200:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/4] ip address 11.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] quit

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 11.1.1.1 as-number 200

[PE1-bgp-default-vpn1] address-family ipv4

[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure CE 1.

[CE1] interface ten-gigabitethernet 3/0/5

[CE1-Ten-GigabitEthernet3/0/5] ip address 11.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/5] mpls enable

[CE1-Ten-GigabitEthernet3/0/5] quit

[CE1] bgp 200

[CE1-bgp-default] peer 11.1.1.2 as-number 100

[CE1-bgp-default-vpn1] address-family ipv4

[CE1-bgp-default-ipv4-vpn1] peer 11.1.1.2 enable

[CE1-bgp-default-ipv4-vpn1] quit

[CE1-bgp-default] quit

# Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.)

4. Connect sub-VPN CEs to the customer VPN PEs:

# Configure CE 3.

<CE3> system-view

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] bgp 65410

[CE3-bgp-default] peer 100.1.1.2 as-number 200

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 100.1.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

# Configure CE 5.

<CE5> system-view

[CE5] interface ten-gigabitethernet 3/0/1

[CE5-Ten-GigabitEthernet3/0/1] ip address 110.1.1.1 24

[CE5-Ten-GigabitEthernet3/0/1] quit

[CE5] bgp 65411

[CE5-bgp-default] peer 110.1.1.2 as-number 200

[CE5-bgp-default] address-family ipv4 unicast

[CE5-bgp-default-ipv4] peer 110.1.1.2 enable

[CE5-bgp-default-ipv4] import-route direct

[CE5-bgp-default-ipv4] quit

[CE5-bgp-default] quit

# Configure PE 3.

[PE3] ip vpn-instance SUB_VPN1

[PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1

[PE3-vpn-instance-SUB_VPN1] vpn-target 2:1

[PE3-vpn-instance-SUB_VPN1] quit

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance SUB_VPN1

[PE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[PE3-Ten-GigabitEthernet3/0/1] quit

[PE3] ip vpn-instance SUB_VPN2

[PE3-vpn-instance-SUB_VPN2] route-distinguisher 101:1

[PE3-vpn-instance-SUB_VPN2] vpn-target 2:2

[PE3-vpn-instance-SUB_VPN2] quit

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance SUB_VPN2

[PE3-Ten-GigabitEthernet3/0/2] ip address 110.1.1.2 24

[PE3-Ten-GigabitEthernet3/0/2] quit

[PE3] bgp 200

[PE3-bgp-default] ip vpn-instance SUB_VPN1

[PE3-bgp-default-SUB_VPN1] peer 100.1.1.1 as-number 65410

[PE3-bgp-default-SUB_VPN1] address-family ipv4 unicast

[PE3-bgp-default-ipv4-SUB_VPN1] peer 100.1.1.1 enable

[PE3-bgp-default-ipv4-SUB_VPN1] quit

[PE3-bgp-default-SUB_VPN1] quit

[PE3-bgp-default] ip vpn-instance SUB_VPN2

[PE3-bgp-default-SUB_VPN2] peer 110.1.1.1 as-number 65411

[PE3-bgp-default-SUB_VPN2] address-family ipv4 unicast

[PE3-bgp-default-ipv4-SUB_VPN2] peer 110.1.1.1 enable

[PE3-bgp-default-ipv4-SUB_VPN2] quit

[PE3-bgp-default-SUB_VPN2] quit

[PE3-bgp-default] quit

# Configure PE 4, CE 4 and CE 6 in the same way that PE 3, CE 3, and CE 5 are configured. (Details not shown.)

5. Establish MP-EBGP peer relationship between service provider PEs and their CEs to exchange user VPNv4 routes:

# On PE 1, enable nested VPN, and enable VPNv4 route exchange with CE 1.

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] nesting-vpn

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family vpnv4

[PE1-bgp-default-vpnv4-vpn1] peer 11.1.1.1 enable

[PE1-bgp-default-vpnv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# On CE 1, enable VPNv4 route exchange with PE 1.

[CE1] bgp 200

[CE1-bgp-default] address-family vpnv4

[CE1-bgp-default-vpnv4] peer 11.1.1.2 enable

# Allow the local AS number to appear in the AS-PATH attribute of the routes received.

[CE1-bgp-default-vpnv4] peer 11.1.1.2 allow-as-loop 2

# Disable route target based filtering of received VPNv4 routes.

[CE1-bgp-default-vpnv4] undo policy vpn-target

[CE1-bgp-default-vpnv4] quit

[CE1-bgp-default] quit

# Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.)

6. Establish MP-IBGP peer relationships between sub-VPN PEs and CEs of the customer VPN to exchange VPNv4 routes of sub-VPNs:

# Configure PE 3.

[PE3] bgp 200

[PE3-bgp-default] peer 2.2.2.9 as-number 200

[PE3-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] peer 2.2.2.9 enable

# Allow the local AS number to appear in the AS-PATH attribute of the routes received.

[PE3-bgp-default-vpnv4] peer 2.2.2.9 allow-as-loop 2

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] quit

# Configure CE 1.

[CE1] bgp 200

[CE1-bgp-default] peer 1.1.1.9 as-number 200

[CE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[CE1-bgp-default] address-family vpnv4

[CE1-bgp-default-vpnv4] peer 1.1.1.9 enable

[CE1-bgp-default-vpnv4] undo policy vpn-target

[CE1-bgp-default-vpnv4] quit

[CE1-bgp-default] quit

# Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.)

Verifying the configuration

1. Display the public routing table and VPN routing table on the provider PEs, for example, on PE 1:

# Verify that the public routing table contains only routes on the service provider network.

[PE1] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0

4.4.4.9/32 IS_L1 15 10 30.1.1.2 XGE3/0/5

30.1.1.0/24 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.0/32 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.255/32 Direct 0 0 30.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table contains sub-VPN routes.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 14 Routes : 14

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.0/24 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.0/32 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.2 XGE3/0/4

100.1.1.0/24 BGP 255 0 11.1.1.1 XGE3/0/4

110.1.1.0/24 BGP 255 0 11.1.1.1 XGE3/0/4

120.1.1.0/24 BGP 255 0 4.4.4.9 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

130.1.1.0/24 BGP 255 0 4.4.4.9 XGE3/0/5

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

2. Display the VPNv4 routing table on the provider CEs, for example, on CE 1.

# Verify that the VPNv4 routing table on the customer VPN contains internal sub-VPN routes.

[CE1] display bgp routing-table vpnv4

BGP local router ID is 2.2.2.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 4

Total number of routes from all PEs: 4

Route distinguisher: 100:1

Total number of routes: 1

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 100.1.1.0/24 1.1.1.9 0 100 0 200 65410?

Route distinguisher: 101:1

Total number of routes: 1

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 110.1.1.0/24 1.1.1.9 0 100 0 200 65411?

Route distinguisher: 200:1

Total number of routes: 1

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 120.1.1.0/24 11.1.1.2 0 100 200

65420?

Route Distinguisher: 201:1

Total number of routes: 1

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 130.1.1.0/24 11.1.1.2 0 100 200

65421?

3. Display the VPN routing table on the customer PEs, for example, on PE 3:

# Verify that the VPN routing table contains routes sent by the provider PE to the sub-VPN.

[PE3] display ip routing-table vpn-instance SUB_VPN1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.0/24 Direct 0 0 100.1.1.2 XGE3/0/1

100.1.1.0/32 Direct 0 0 100.1.1.2 XGE3/0/1

100.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.255/32 Direct 0 0 100.1.1.2 XGE3/0/1

120.1.1.0/24 BGP 255 0 2.2.2.9 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

4. Display the routing table on the CEs of sub-VPNs in the customer VPN, for example, on CE 3 and CE 5:

# Verify that the routing table contains the route to the remote sub-VPN on CE 3.

[CE3] display ip routing-table

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.0/24 Direct 0 0 100.1.1.1 XGE3/0/1

100.1.1.0/32 Direct 0 0 100.1.1.1 XGE3/0/1

100.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

100.1.1.255/24 Direct 0 0 100.1.1.1 XGE3/0/1

120.1.1.0/24 BGP 255 0 100.1.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the routing table contains the route to the remote sub-VPN on CE 5.

[CE5] display ip routing-table

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

110.1.1.0/24 Direct 0 0 110.1.1.1 XGE3/0/1

110.1.1.0/32 Direct 0 0 110.1.1.1 XGE3/0/1

110.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

110.1.1.255/32 Direct 0 0 110.1.1.1 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

130.1.1.0/24 BGP 255 0 110.1.1.2 XGE3/0/1

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

5. Verify that CE 3 and CE 4 can ping each other. (Details not shown.)

6. Verify that CE 5 and CE 6 can ping each other. (Details not shown.)

7. Verify that CE 3 and CE 6 cannot ping each other. (Details not shown.)

Example: Configuring multirole host

Network configuration

Configure the multirole host feature to allow Host A to access VPN 1 and VPN 2 and Host B to access only VPN 1.

Figure 262 Network diagram

‌

Procedure

1. Configure CE 1:

# Configure IP addresses for interfaces.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] interface ten-gigabitethernet 3/0/5

[CE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 24

[CE1-Ten-GigabitEthernet3/0/5] quit

# Configure a default route to PE 1.

[CE1] ip route-static 0.0.0.0 0 1.1.1.1

2. Configure PE 1:

# Create VPN instances vpn1 and vpn2 for VPN 1 and VPN 2, respectively, and configure different RDs and route targets for the VPN instances.

<PE1> system-view

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1 both

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 100:2

[PE1-vpn-instance-vpn2] vpn-target 100:2 both

[PE1-vpn-instance-vpn2] quit

# Associate VPN instance vpn1 with Ten-GigabitEthernet 3/0/4 (the interface connected to CE 1).

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/4] ip address 1.1.1.1 255.255.255.0

[PE1-Ten-GigabitEthernet3/0/4] quit

# Configure a static route for VPN 2 to reach Host A and redistribute the route to BGP. This configuration ensures that packets from VPN 2 to Host A can be forwarded through the correct route in the routing table of VPN instance vpn1.

[PE1] ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 1.1.1.2

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn2

[PE1-bgp-default-vpn2] address-family ipv4

[PE1-bgp-default-ipv4-vpn2] import-route static

[PE1-bgp-default-ipv4-vpn2] quit

[PE1-bgp-default-vpn2] quit

[PE1-bgp-default] quit

# Configure PBR to route packets from Host A according to the routing tables of both VPN instances vpn1 and vpn2.

[PE1] acl advanced 3001

[PE1-acl-ipv4-adv-3001] rule 0 permit ip vpn-instance vpn1 source 100.1.1.2 0

[PE1-acl-ipv4-adv-3001] quit

[PE1] policy-based-route policy1 permit node 10

[PE1-policy-based-route] if-match acl 3001

[PE1-policy-based-route] apply access-vpn vpn-instance vpn1 vpn2

[PE1-policy-based-route] quit

# Apply policy policy1 to Ten-GigabitEthernet 3/0/4.

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip policy-based-route policy1

3. Configure basic MPLS L3VPN. (Details not shown.)

Verifying the configuration

# Verify that Host A can ping Host C, and that Host B cannot ping Host C. (Details not shown.)

Example: Configuring HoVPN

Network configuration

As shown in Figure 263, there are two levels of networks: the backbone and the MPLS VPN networks.

· SPEs act as PEs to allow MPLS VPNs to access the backbone.

· UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs.

· Performance requirements for the UPEs are lower than those for the SPEs.

· SPEs advertise routes permitted by routing policies to UPEs, permitting CE 1 and CE 3 in VPN 1 to communicate with each other and forbidding CE 2 and CE 4 in VPN 2 from communicating with each other.

Figure 263 Network diagram

‌

Table 88 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.2.1.1/24	CE 3	XGE3/0/1	10.1.1.1/24
CE 2	XGE3/0/1	10.4.1.1/24	CE 4	XGE3/0/1	10.3.1.1/24
UPE 1	Loop0	1.1.1.9/32	UPE 2	Loop0	4.4.4.9/32
	XGE3/0/1	10.2.1.2/24		XGE3/0/1	172.2.1.1/24
	XGE3/0/2	10.4.1.2/24		XGE3/0/2	10.1.1.2/24
	XGE3/0/3	172.1.1.1/24		XGE3/0/3	10.3.1.2/24
SPE 1	Loop0	2.2.2.9/32	SPE 2	Loop0	3.3.3.9/32
	XGE3/0/1	172.1.1.2/24		XGE3/0/1	180.1.1.2/24
	XGE3/0/2	180.1.1.1/24		XGE3/0/2	172.2.1.2/24

‌

Procedure

1. Configure UPE 1:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<UPE1> system-view

[UPE1] interface loopback 0

[UPE1-LoopBack0] ip address 1.1.1.9 32

[UPE1-LoopBack0] quit

[UPE1] mpls lsr-id 1.1.1.9

[UPE1] mpls ldp

[UPE1-ldp] quit

[UPE1] interface ten-gigabitethernet 3/0/3

[UPE1-Ten-GigabitEthernet3/0/3] ip address 172.1.1.1 24

[UPE1-Ten-GigabitEthernet3/0/3] mpls enable

[UPE1-Ten-GigabitEthernet3/0/3] mpls ldp enable

[UPE1-Ten-GigabitEthernet3/0/3] quit

# Configure the IGP protocol (OSPF, in this example).

[UPE1] ospf

[UPE1-ospf-1] area 0

[UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[UPE1-ospf-1-area-0.0.0.0] quit

[UPE1-ospf-1] quit

# Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1.

[UPE1] ip vpn-instance vpn1

[UPE1-vpn-instance-vpn1] route-distinguisher 100:1

[UPE1-vpn-instance-vpn1] vpn-target 100:1 both

[UPE1-vpn-instance-vpn1] quit

[UPE1] ip vpn-instance vpn2

[UPE1-vpn-instance-vpn2] route-distinguisher 100:2

[UPE1-vpn-instance-vpn2] vpn-target 100:2 both

[UPE1-vpn-instance-vpn2] quit

[UPE1] interface ten-gigabitethernet 3/0/1

[UPE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[UPE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24

[UPE1-Ten-GigabitEthernet3/0/1] quit

[UPE1] interface ten-gigabitethernet 3/0/2

[UPE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[UPE1-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24

[UPE1-Ten-GigabitEthernet3/0/2] quit

# Establish an MP-IBGP peer relationship with SPE 1.

[UPE1] bgp 100

[UPE1-bgp-default] peer 2.2.2.9 as-number 100

[UPE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[UPE1-bgp-default] address-family vpnv4

[UPE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[UPE1-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 1.

[UPE1-bgp-default] ip vpn-instance vpn1

[UPE1-bgp-default-vpn1] peer 10.2.1.1 as-number 65410

[UPE1-bgp-default-vpn1] address-family ipv4 unicast

[UPE1-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable

[UPE1-bgp-default-ipv4-vpn1] quit

[UPE1-bgp-default-vpn1] quit

# Establish an EBGP peer relationship with CE 2.

[UPE1-bgp-default] ip vpn-instance vpn2

[UPE1-bgp-default-vpn2] peer 10.4.1.1 as-number 65420

[UPE1-bgp-default-vpn2] address-family ipv4 unicast

[UPE1-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable

[UPE1-bgp-default-ipv4-vpn2] quit

[UPE1-bgp-default-vpn2] quit

[UPE1-bgp-default] quit

2. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 255.255.255.0

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] bgp 65410

[CE1-bgp-default] peer 10.2.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.2.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 10.4.1.1 255.255.255.0

[CE2-Ten-GigabitEthernet3/0/1] quit

[CE2] bgp 65420

[CE2-bgp-default] peer 10.4.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.4.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

4. Configure UPE 2:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<UPE2> system-view

[UPE2] interface loopback 0

[UPE2-LoopBack0] ip address 4.4.4.9 32

[UPE2-LoopBack0] quit

[UPE2] mpls lsr-id 4.4.4.9

[UPE2] mpls ldp

[UPE2-ldp] quit

[UPE2] interface ten-gigabitethernet 3/0/1

[UPE2-Ten-GigabitEthernet3/0/1] ip address 172.2.1.1 24

[UPE2-Ten-GigabitEthernet3/0/1] mpls enable

[UPE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[UPE2-Ten-GigabitEthernet3/0/1] quit

# Configure the IGP protocol (OSPF, in this example).

[UPE2] ospf

[UPE2-ospf-1] area 0

[UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[UPE2-ospf-1-area-0.0.0.0] quit

[UPE2-ospf-1] quit

# Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.

[UPE2] ip vpn-instance vpn1

[UPE2-vpn-instance-vpn1] route-distinguisher 300:1

[UPE2-vpn-instance-vpn1] vpn-target 100:1 both

[UPE2-vpn-instance-vpn1] quit

[UPE2] ip vpn-instance vpn2

[UPE2-vpn-instance-vpn2] route-distinguisher 400:2

[UPE2-vpn-instance-vpn2] vpn-target 100:2 both

[UPE2-vpn-instance-vpn2] quit

[UPE2] interface ten-gigabitethernet 3/0/2

[UPE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1

[UPE2-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 24

[UPE2-Ten-GigabitEthernet3/0/2] quit

[UPE2] interface ten-gigabitethernet 3/0/3

[UPE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance vpn2

[UPE2-Ten-GigabitEthernet3/0/3] ip address 10.3.1.2 24

[UPE2-Ten-GigabitEthernet3/0/3] quit

# Establish an MP-IBGP peer relationship with SPE 2.

[UPE2] bgp 100

[UPE2-bgp-default] peer 3.3.3.9 as-number 100

[UPE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[UPE2-bgp-default] address-family vpnv4

[UPE2-bgp-default-vpnv4] peer 3.3.3.9 enable

[UPE2-bgp-default-vpnv4] quit

# Establish an EBGP peer relationship with CE 3.

[UPE2-bgp-default] ip vpn-instance vpn1

[UPE2-bgp-default-vpn1] peer 10.1.1.1 as-number 65430

[UPE2-bgp-default-vpn1] address-family ipv4 unicast

[UPE2-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[UPE2-bgp-default-ipv4-vpn1] quit

[UPE2-bgp-default-vpn1] quit

# Establish an EBGP peer relationship with CE 4.

[UPE2-bgp-default] ip vpn-instance vpn2

[UPE2-bgp-default-vpn2] peer 10.3.1.1 as-number 65440

[UPE2-bgp-default-vpn2] address-family ipv4 unicast

[UPE2-bgp-default-ipv4-vpn2] peer 10.3.1.1 enable

[UPE2-bgp-default-ipv4-vpn2] quit

[UPE2-bgp-default-vpn2] quit

[UPE2-bgp-default] quit

5. Configure CE 3.

<CE3> system-view

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 255.255.255.0

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] bgp 65430

[CE3-bgp-default] peer 10.1.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 10.1.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

6. Configure CE 4.

<CE4> system-view

[CE4] interface ten-gigabitethernet 3/0/1

[CE4-Ten-GigabitEthernet3/0/1] ip address 10.3.1.1 255.255.255.0

[CE4-Ten-GigabitEthernet3/0/1] quit

[CE4] bgp 65440

[CE4-bgp-default] peer 10.3.1.2 as-number 100

[CE4-bgp-default] address-family ipv4 unicast

[CE4-bgp-default-ipv4] peer 10.3.1.2 enable

[CE4-bgp-default-ipv4] import-route direct

[CE4-bgp-default-ipv4] quit

[CE4-bgp-default] quit

7. Configure SPE 1:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<SPE1> system-view

[SPE1] interface loopback 0

[SPE1-LoopBack0] ip address 2.2.2.9 32

[SPE1-LoopBack0] quit

[SPE1] mpls lsr-id 2.2.2.9

[SPE1] mpls ldp

[SPE1-ldp] quit

[SPE1] interface ten-gigabitethernet 3/0/1

[SPE1-Ten-GigabitEthernet3/0/1] ip address 172.1.1.2 24

[SPE1-Ten-GigabitEthernet3/0/1] mpls enable

[SPE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[SPE1-Ten-GigabitEthernet3/0/1] quit

[SPE1] interface ten-gigabitethernet 3/0/2

[SPE1-Ten-GigabitEthernet3/0/2] ip address 180.1.1.1 24

[SPE1-Ten-GigabitEthernet3/0/2] mpls enable

[SPE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[SPE1-Ten-GigabitEthernet3/0/2] quit

# Configure the IGP protocol, OSPF, in this example.

[SPE1] ospf

[SPE1-ospf-1] area 0

[SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] quit

[SPE1-ospf-1] quit

# Configure VPN instances vpn1 and vpn2.

[SPE1] ip vpn-instance vpn1

[SPE1-vpn-instance-vpn1] route-distinguisher 500:1

[SPE1-vpn-instance-vpn1] vpn-target 100:1 both

[SPE1-vpn-instance-vpn1] quit

[SPE1] ip vpn-instance vpn2

[SPE1-vpn-instance-vpn2] route-distinguisher 700:1

[SPE1-vpn-instance-vpn2] vpn-target 100:2 both

[SPE1-vpn-instance-vpn2] quit

# Establish MP-IBGP peer relationships with SPE 2 and UPE 1, and specify UPE 1 as a UPE.

[SPE1] bgp 100

[SPE1-bgp-default] peer 1.1.1.9 as-number 100

[SPE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[SPE1-bgp-default] peer 3.3.3.9 as-number 100

[SPE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[SPE1-bgp-default] address-family vpnv4

[SPE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 enable

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 upe

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 next-hop-local

[SPE1-bgp-default-vpnv4] quit

# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

[SPE1-bgp-default] ip vpn-instance vpn1

[SPE1-bgp-default-vpn1] quit

[SPE1-bgp-default] ip vpn-instance vpn2

[SPE1-bgp-default-vpn2] quit

[SPE1-bgp-default] quit

# Advertise to UPE 1 the routes permitted by a routing policy (the routes of CE 3).

[SPE1] ip prefix-list hope index 10 permit 10.1.1.1 24

[SPE1] route-policy hope permit node 0

[SPE1-route-policy-hope-0] if-match ip address prefix-list hope

[SPE1-route-policy-hope-0] quit

[SPE1] bgp 100

[SPE1-bgp-default] address-family vpnv4

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 upe route-policy hope export

8. Configure SPE 2:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<SPE2> system-view

[SPE2] interface loopback 0

[SPE2-LoopBack0] ip address 3.3.3.9 32

[SPE2-LoopBack0] quit

[SPE2] mpls lsr-id 3.3.3.9

[SPE2] mpls ldp

[SPE2-ldp] quit

[SPE2] interface ten-gigabitethernet 3/0/1

[SPE2-Ten-GigabitEthernet3/0/1] ip address 180.1.1.2 24

[SPE2-Ten-GigabitEthernet3/0/1] mpls enable

[SPE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[SPE2-Ten-GigabitEthernet3/0/1] quit

[SPE2] interface ten-gigabitethernet 3/0/2

[SPE2-Ten-GigabitEthernet3/0/2] ip address 172.2.1.2 24

[SPE2-Ten-GigabitEthernet3/0/2] mpls enable

[SPE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[SPE2-Ten-GigabitEthernet3/0/2] quit

# Configure the IGP protocol, OSPF, in this example.

[SPE2] ospf

[SPE2-ospf-1] area 0

[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] quit

[SPE2-ospf-1] quit

# Configure VPN instances vpn1 and vpn2.

[SPE2] ip vpn-instance vpn1

[SPE2-vpn-instance-vpn1] route-distinguisher 600:1

[SPE2-vpn-instance-vpn1] vpn-target 100:1 both

[SPE2-vpn-instance-vpn1] quit

[SPE2] ip vpn-instance vpn2

[SPE2-vpn-instance-vpn2] route-distinguisher 800:1

[SPE2-vpn-instance-vpn2] vpn-target 100:2 both

[SPE2-vpn-instance-vpn2] quit

# Establish MP-IBGP peer relationships with SPE 1 and UPE 2, and specify UPE 2 as a UPE.

[SPE2] bgp 100

[SPE2-bgp-default] peer 4.4.4.9 as-number 100

[SPE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[SPE2-bgp-default] peer 2.2.2.9 as-number 100

[SPE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[SPE2-bgp-default] address-family vpnv4

[SPE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 upe

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 next-hop-local

[SPE2-bgp-default-vpnv4] quit

# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

[SPE2-bgp-default] ip vpn-instance vpn1

[SPE2-bgp-default-vpn1] quit

[SPE2-bgp-default] ip vpn-instance vpn2

[SPE2-bgp-default-vpn2] quit

[SPE2-bgp-default] quit

# Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1).

[SPE2] ip prefix-list hope index 10 permit 10.2.1.1 24

[SPE2] route-policy hope permit node 0

[SPE2-route-policy-hope-0] if-match ip address prefix-list hope

[SPE2-route-policy-hope-0] quit

[SPE2] bgp 100

[SPE2-bgp-default] address-family vpnv4

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 upe route-policy hope export

Verifying the configuration

# Verify that CE 1 and CE3 can learn each other's interface routes and can ping each other. CE 2 and CE 4 cannot learn each other's interface routes and cannot ping each other. (Details not shown.)

Example: Configuring an OSPF sham link

Network configuration

As shown in Figure 264, CE 1 and CE 2 belong to VPN 1. Configure an OSPF sham link between PE 1 and PE 2 so traffic between the CEs is forwarded through the MPLS backbone instead of the backdoor link.

Figure 264 Network diagram

‌

Table 89 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	CE 2	XGE3/0/1	120.1.1.1/24
	XGE3/0/4	20.1.1.1/24		XGE3/0/4	30.1.1.2/24
PE 1	Loop0	1.1.1.9/32	PE 2	Loop0	2.2.2.9/32
	Loop1	3.3.3.3/32		Loop1	5.5.5.5/32
	XGE3/0/1	100.1.1.2/24		XGE3/0/1	120.1.1.2/24
	XGE3/0/4	10.1.1.1/24		XGE3/0/5	10.1.1.2/24
Router A	XGE3/0/5	30.1.1.1/24
	XGE3/0/4	20.1.1.2/24

‌

Procedure

1. Configure OSPF on the customer networks:

# Configure conventional OSPF on CE 1, Router A, and CE 2 to advertise addresses of the interfaces (see Table 89). (Details not shown.)

# Set the cost value to 2 for both the link between CE 1 and Router A, and the link between CE 2 and Router A. (Details not shown.)

# Execute the display ip routing-table command to verify that CE 1 and CE 2 have learned the route to each other. (Details not shown.)

2. Configure MPLS L3VPN on the backbone:

# Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/4] quit

# Configure PE 1 to take PE 2 as an MP-IBGP peer.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.9 as-number 100

[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure OSPF on PE 1.

[PE1]ospf 1

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure basic MPLS and MPLS LDP on PE 2 to establish LDP LSPs.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.9 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 2.2.2.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 10.1.1.2 24

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure PE 2 to take PE 1 as an MP-IBGP peer.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# Configure OSPF on PE 2.

[PE2] ospf 1

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

3. Configure PEs to allow CE access:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] ospf 100 vpn-instance vpn1

[PE1-ospf-100] domain-id 10

[PE1-ospf-100] area 1

[PE1-ospf-100-area-0.0.0.1] network 100.1.1.0 0.0.0.255

[PE1-ospf-100-area-0.0.0.1] quit

[PE1-ospf-100] quit

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] import-route ospf 100

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:2

[PE2-vpn-instance-vpn1] vpn-target 1:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 120.1.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] ospf 100 vpn-instance vpn1

[PE2-ospf-100] domain-id 10

[PE2-ospf-100] area 1

[PE2-ospf-100-area-0.0.0.1] network 120.1.1.0 0.0.0.255

[PE2-ospf-100-area-0.0.0.1] quit

[PE2-ospf-100] quit

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] import-route ospf 100

[PE2-bgp-default-ipv4-vpn1] import-route direct

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# Execute the display ip routing-table vpn-instance command on the PEs. Verify that the path to the peer CE is along the OSPF route across the customer networks, instead of the BGP route across the backbone. (Details not shown.)

4. Configure a sham link:

# Configure PE 1.

[PE1] interface loopback 1

[PE1-LoopBack1] ip binding vpn-instance vpn1

[PE1-LoopBack1] ip address 3.3.3.3 32

[PE1-LoopBack1] quit

[PE1] ospf 100

[PE1-ospf-100] area 1

[PE1-ospf-100-area-0.0.0.1] sham-link 3.3.3.3 5.5.5.5

[PE1-ospf-100-area-0.0.0.1] quit

[PE1-ospf-100] quit

# Configure PE 2.

[PE2] interface loopback 1

[PE2-LoopBack1] ip binding vpn-instance vpn1

[PE2-LoopBack1] ip address 5.5.5.5 32

[PE2-LoopBack1] quit

[PE2] ospf 100

[PE2-ospf-100] area 1

[PE2-ospf-100-area-0.0.0.1] sham-link 5.5.5.5 3.3.3.3

[PE2-ospf-100-area-0.0.0.1] quit

[PE2-ospf-100] quit

Verifying the configuration

# Execute the display ip routing-table vpn-instance command on the PEs to verify the following results (details not shown):

· The path to the peer CE is now along the BGP route across the backbone.

· A route to the sham link destination address exists.

# Execute the display ip routing-table command on the CEs. Verify that the next hop of the OSPF route to the peer CE is the interface connected to the PE (Ten-GigabitEthernet 3/0/1). This means that VPN traffic to the peer CE is forwarded over the backbone. (Details not shown.)

# Verify that a sham link has been established on PEs, for example, on PE 1.

[PE1] display ospf sham-link

OSPF Process 100 with Router ID 100.1.1.2

Sham link

Area Neighbor ID Source IP Destination IP State Cost

0.0.0.1 120.1.1.2 3.3.3.3 5.5.5.5 P-2-P 1

# Verify that the peer state is Full on PE 1.

[PE1] display ospf sham-link area 1

OSPF Process 100 with Router ID 100.1.1.2

Sham link: 3.3.3.3 --> 5.5.5.5

Neighbor ID: 120.1.1.2 State: Full

Area: 0.0.0.1

Cost: 1 State: P-2-P Type: Sham

Timers: Hello 10, Dead 40, Retransmit 5, Transmit Delay 1

Request list: 0 Retransmit list: 0

Example: Configuring BGP AS number substitution

Network configuration

As shown in Figure 265, CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2, respectively. The two CEs have the same AS number, 600.

Configure BGP AS number substitution on the PEs to enable the CEs to communicate with each other.

Figure 265 Network diagram

‌

Table 90 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.1/24	P	Loop0	2.2.2.9/32
	XGE3/0/2	100.1.1.1/24		XGE3/0/1	20.1.1.2/24
PE 1	Loop0	1.1.1.9/32		XGE3/0/2	30.1.1.1/24
	XGE3/0/1	10.1.1.2/24	PE 2	Loop0	3.3.3.9/32
	XGE3/0/2	20.1.1.1/24		XGE3/0/1	10.2.1.2/24
CE 2	XGE3/0/1	10.2.1.1/24		XGE3/0/2	30.1.1.2/24
	XGE3/0/2	200.1.1.1/24

‌

Procedure

1. Configure basic MPLS L3VPN:

¡ Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.

¡ Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.

¡ Establish MP-IBGP peer relationship between the PEs to advertise VPN IPv4 routes.

¡ Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network.

¡ Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network.

¡ Configure BGP as the PE-CE routing protocol, and redistribute routes of CEs into PEs.

For more information about basic MPLS L3VPN configurations, see "Example: Configuring basic MPLS L3VPN."

# Execute the display ip routing-table command on CE 2. The output shows that CE 2 has learned the route to network 10.1.1.0/24, where the interface used by CE 1 to access PE 1 resides. However, it has not learned the route to the VPN (100.1.1.0/24) behind CE 1.

<CE2> display ip routing-table

Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1

10.2.1.0/24 Direct 0 0 10.2.1.1 XGE3/0/1

10.2.1.0/32 Direct 0 0 10.2.1.1 XGE3/0/1

10.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.2.1.255/32 Direct 0 0 10.2.1.1 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

200.1.1.0/24 Direct 0 0 200.1.1.1 XGE3/0/2

200.1.1.0/32 Direct 0 0 200.1.1.1 XGE3/0/2

200.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

200.1.1.255/24 Direct 0 0 200.1.1.1 XGE3/0/2

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Execute the display ip routing-table command on CE 1 to verify that CE 1 has not learned the route to the VPN behind CE 2. (Details not shown.)

# Execute the display ip routing-table vpn-instance command on the PEs. The output shows the route to the VPN behind the peer CE. This example uses PE 2.

<PE2> display ip routing-table vpn-instance vpn1

Destinations : 13 Routes : 13

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 BGP 255 0 1.1.1.9 XGE3/0/2

10.2.1.0/24 Direct 0 0 10.2.1.2 XGE3/0/1

10.2.1.0/32 Direct 0 0 10.2.1.2 XGE3/0/1

10.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.2.1.255/32 Direct 0 0 10.2.1.2 XGE3/0/1

100.1.1.0/24 BGP 255 0 1.1.1.9 XGE3/0/2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

200.1.1.0/24 BGP 255 0 10.2.1.1 XGE3/0/1

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Enable BGP update packet debugging on PE 2. The output shows that PE 2 advertises the route to 100.1.1.0/24, and the AS_PATH is 100 600.

<PE2> terminal monitor

<PE2> terminal logging level 7

<PE2> debugging bgp update vpn-instance vpn1 10.2.1.1 ipv4

<PE2> refresh bgp all export ipv4 vpn-instance vpn1

*Jun 13 16:12:52:096 2012 PE2 BGP/7/DEBUG:

BGP.vpn1: Send UPDATE to peer 10.2.1.1 for following destinations:

Origin : Incomplete

AS Path : 100 600

Next Hop : 10.2.1.2

100.1.1.0/24,

# Execute the display bgp routing-table ipv4 peer received-routes command on CE 2 to verify that CE 2 has not received the route to 100.1.1.0/24.

<CE2> display bgp routing-table ipv4 peer 10.2.1.2 received-routes

Total number of routes: 2

BGP local router ID is 200.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 10.1.1.0/24 10.2.1.2 0 100?

* e 10.2.1.0/24 10.2.1.2 0 0 100?

2. Configure BGP AS number substitution on PE 2.

<PE2> system-view

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.2.1.1 substitute-as

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

Verifying the configuration

# The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100.1.1.0/24 has changed from 100 600 to 100 100.

*Jun 13 16:15:59:456 2012 PE2 BGP/7/DEBUG:

BGP.vpn1: Send UPDATE to peer 10.2.1.1 for following destinations:

Origin : Incomplete

AS Path : 100 100

Next Hop : 10.2.1.2

100.1.1.0/24,

# Display again the routing information that CE 2 has received, and the routing table.

<CE2> display bgp routing-table ipv4 peer 10.2.1.2 received-routes

Total number of routes: 3

BGP local router ID is 200.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 10.1.1.0/24 10.2.1.2 0 100?

* e 10.2.1.0/24 10.2.1.2 0 0 100?

* >e 100.1.1.0/24 10.2.1.2 0 100 100?

<CE2> display ip routing-table

Destinations : 16 Routes : 16

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1

10.2.1.0/24 Direct 0 0 10.2.1.1 XGE3/0/1

10.2.1.0/32 Direct 0 0 10.2.1.1 XGE3/0/1

10.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.2.1.255/32 Direct 0 0 10.2.1.1 XGE3/0/1

100.1.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

200.1.1.0/24 Direct 0 0 200.1.1.1 XGE3/0/2

200.1.1.0/32 Direct 0 0 200.1.1.1 XGE3/0/2

200.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

200.1.1.255/32 Direct 0 0 200.1.1.1 XGE3/0/2

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# After you also configure BGP AS substitution on PE 1, verify that the GigabitEthernet interfaces of CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring BGP AS number substitution and SoO attribute

Network configuration

CE 1, CE 2, and CE 3 belong to VPN 1, and are connected to PE1, PE 2, and PE 3, respectively.

CE 1 and CE 2 reside in the same site. CE1, CE2, and CE 3 all use AS number 600.

· To avoid route loss, configure BGP AS number substitution on PEs.

· To avoid routing loops, configure the same SoO attribute on PE 1 and PE 2 for CE 1 and CE 2.

Figure 266 Network diagram

‌

Table 91 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	Loop0	100.1.1.1/32	CE 3	Loop0	200.1.1.1 /32
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	10.3.1.1/24
CE 2	XGE3/0/1	10.2.1.1/24	PE 2	Loop0	2.2.2.9/32
PE 1	Loop0	1.1.1.9/32		XGE3/0/1	10.2.1.2/24
	XGE3/0/1	10.1.1.2/24		XGE3/0/2	40.1.1.1/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/3	20.1.1.2/24
	XGE3/0/3	30.1.1.1/24	P	Loop0	3.3.3.9/32
PE 3	Loop0	4.4.4.9/32		XGE3/0/1	30.1.1.2/24
	XGE3/0/1	10.3.1.2/24		XGE3/0/2	40.1.1.2/24
	XGE3/0/2	50.1.1.2/24		XGE3/0/3	50.1.1.1/24

‌

Procedure

1. Configure basic MPLS L3VPN:

¡ Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.

¡ Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.

¡ Establish MP-IBGP peer relationship between the PEs to advertise VPN IPv4 routes.

¡ Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network.

¡ Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network.

¡ Configure the VPN instance of VPN 1 on PE 3 to allow CE 3 to access the network.

¡ Configure BGP as the PE-CE routing protocol, and redistribute routes of CEs into PEs.

For more information about basic MPLS L3VPN configurations, see "Example: Configuring basic MPLS L3VPN."

2. Configure BGP AS number substitution:

# Configure BGP AS number substitution on PE 1, PE 2, and PE 3. For more information about the configuration, see "Example: Configuring BGP AS number substitution."

# Display routing information on CE 2. The output shows that CE 2 has learned the route for 100.1.1.1/32 from CE 1. A routing loop has occurred because CE 1 and CE 2 reside in the same site.

<CE2> display bgp routing-table ipv4 peer 10.2.1.2 received-routes

Total number of routes: 6

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e 10.1.1.0/24 10.2.1.2 0 100?

* 10.2.1.0/24 10.2.1.2 0 0 100?

* 10.2.1.1/32 10.2.1.2 0 0 100?

* >e 10.3.1.0/24 10.2.1.2 0 100?

* >e 100.1.1.1/32 10.2.1.2 0 100 100?

* >e 200.1.1.1/32 10.2.1.2 0 100 100?

3. Configure BGP SoO attribute:

# On PE 1, configure the SoO attribute as 1:100 for CE 1.

<PE1> system-view

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 soo 1:100

# On PE 2, configure the SoO attribute as 1:100 for CE 2.

<PE2> system-view

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4

[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 soo 1:100

Verifying the configuration

# PE 2 does not advertise routes received from CE 1 to CE 2 because the same SoO attribute has been configured for the CEs. Display the routing table of CE 2. The output shows that the route 100.1.1.1/32 has been removed.

<CE2> display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.2.1.0/24 Direct 0 0 10.2.1.1 XGE3/0/1

10.2.1.0/32 Direct 0 0 10.2.1.1 XGE3/0/1

10.2.1.1/32 Direct 0 0 127.0.0.1 Inloop0

10.2.1.255/32 Direct 0 0 10.2.1.1 XGE3/0/1

10.3.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

200.1.1.1/32 BGP 255 0 10.2.1.2 XGE3/0/1

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

Example: Configuring MPLS L3VPN FRR through VPNv4 route backup for a VPNv4 route

Network configuration

CE 1 and CE 2 belong to VPN 1.

Configure EBGP between CEs and PEs to exchange VPN routes.

Configure OSPF to ensure connectivity between PEs, and configure MP-IBGP to exchange VPNv4 routing information between PEs.

Configure MPLS L3VPN FRR on PE 1 to achieve the following purposes:

· When the link PE 1—PE 2 operates correctly, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2.

· When BFD detects that the LSP between PE 1 and PE 2 fails, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 3—CE 2.

Figure 267 Network diagram

‌

Table 92 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	Loop0	5.5.5.5/32	PE 1	Loop0	1.1.1.1/32
	XGE3/0/1	10.2.1.1/24		XGE3/0/1	10.2.1.2/24
PE 2	Loop0	2.2.2.2/32		XGE3/0/2	172.1.1.1/24
	XGE3/0/1	172.1.1.2/24		XGE3/0/3	172.2.1.1/24
	XGE3/0/2	10.1.1.2/24	CE 2	Loop0	4.4.4.4/32
PE 3	Loop0	3.3.3.3/32		XGE3/0/1	10.1.1.1/24
	XGE3/0/1	172.2.1.3/24		XGE3/0/2	10.3.1.1/24
	XGE3/0/2	10.3.1.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces as shown in Table 92, and configure BGP and MPLS L3VPN. (Details not shown.)

For more information about configuring basic MPLS L3VPN, see "Example: Configuring basic MPLS L3VPN."

2. Configure MPLS L3VPN FRR on PE 1:

# Configure BFD to test the connectivity of the LSP to 2.2.2.2/32.

<PE1> system-view

[PE1] mpls bfd enable

[PE1] mpls bfd 2.2.2.2 32

# Create routing policy frr, and specify the backup next hop as 3.3.3.3 for the route to 4.4.4.4/32.

[PE1] ip prefix-list abc index 10 permit 4.4.4.4 32

[PE1] route-policy frr permit node 10

[PE1-route-policy] if-match ip address prefix-list abc

[PE1-route-policy] apply fast-reroute backup-nexthop 3.3.3.3

[PE1-route-policy] quit

# Configure FRR for VPN instance vpn1 to use routing policy frr.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] fast-reroute route-policy frr

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# Specify the preferred value as 100 for routes received from PE 2. This value is greater than the preferred value (0) for routes from PE 3, so PE 1 prefers the routes from PE 2.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 2.2.2.2 preferred-value 100

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

3. Enable MPLS BFD on PE 2.

<PE2> system-view

[PE2] mpls bfd enable

Verifying the configuration

# Display detailed information about the route to 4.4.4.4/32 on PE 1. The output shows the backup next hop for the route.

[PE1] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose

Summary Count : 1

Destination: 4.4.4.4/32

Protocol: BGP

Process ID: 0

SubProtID: 0x1 Age: 00h00m03s

Cost: 0 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x102 OrigAs: 300

NibID: 0x15000002 LastAs: 300

AttrID: 0x2 Neighbor: 2.2.2.2

Flags: 0x110060 OrigNextHop: 2.2.2.2

Label: 1146 RealNextHop: 172.1.1.2

BkLabel: 1275 BkNextHop: 172.2.1.3

SRLabel: NULL BkSRLabel: NULL

SIDIndex: NULL InLabel: NULL

Tunnel ID: 0x401 Interface: XGE3/0/2

BkTunnel ID: 0x409 BkInterface: XGE3/0/3

FtnIndex: 0x0 TrafficIndex: N/A

Connector: N/A PathID: 0x0

Example: Configuring MPLS L3VPN FRR through VPNv4 route backup for an IPv4 route

Network configuration

CE 1 and CE 2 belong to VPN 1.

Configure EBGP between CEs and PEs to exchange VPN routes.

Configure OSPF to ensure connectivity between PEs, and configure MP-IBGP to exchange VPNv4 routing information between PEs.

Configure MPLS L3VPN FRR on PE 2 to achieve the following purposes:

· When the link PE 2—CE 2 operates correctly, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2.

· When BFD detects that the link between PE 2 and CE 2 fails, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—PE 3—CE 2.

Figure 268 Network diagram

‌

Table 93 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	Loop0	5.5.5.5/32	PE 2	Loop0	2.2.2.2/32
	XGE3/0/1	10.2.1.1/24		XGE3/0/1	172.1.1.2/24
PE 1	Loop0	1.1.1.1/32		XGE3/0/2	10.1.1.2/24
	XGE3/0/1	10.2.1.2/24		XGE3/0/3	172.3.1.2/24
	XGE3/0/2	172.1.1.1/24	PE 3	Loop0	3.3.3.3/32
	XGE3/0/3	172.2.1.1/24		XGE3/0/1	172.2.1.3/24
CE 2	Loop0	4.4.4.4/32		XGE3/0/2	10.3.1.2/24
	XGE3/0/1	10.1.1.1/24		XGE3/0/3	172.3.1.3/24
	XGE3/0/2	10.3.1.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces as shown in Table 93, and configure BGP and MPLS L3VPN. (Details not shown.)

For more information about configuring basic MPLS L3VPN, see "Example: Configuring basic MPLS L3VPN."

2. Configure MPLS L3VPN FRR on PE 2:

# Configure the source IP address of BFD echo packets as 12.1.1.1.

<PE2> system-view

[PE2] bfd echo-source-ip 12.1.1.1

# Create routing policy frr, and specify the backup next hop as 3.3.3.3 for the route to 4.4.4.4/32.

[PE2] ip prefix-list abc index 10 permit 4.4.4.4 32

[PE2] route-policy frr permit node 10

[PE2-route-policy] if-match ip address prefix-list abc

[PE2-route-policy] apply fast-reroute backup-nexthop 3.3.3.3

[PE2-route-policy] quit

# Use echo-mode BFD to detect the primary route connectivity.

[PE2] bgp 100

[PE2-bgp-default] primary-path-detect bfd echo

# Configure FRR for VPN instance vpn1 to use routing policy frr.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] fast-reroute route-policy frr

# Specify the preferred value as 200 for BGP routes received from CE 2. This value is greater than the preferred value (0) for routes from PE 3, so PE 2 prefers the routes from CE 2.

[PE2-bgp-default-ipv4-vpn1] peer 10.1.1.1 preferred-value 200

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

Verifying the configuration

# Display detailed information about the route to 4.4.4.4/32 on PE 2. The output shows the backup next hop for the route.

[PE2] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose

Summary Count : 1

Destination: 4.4.4.4/32

Protocol: BGP

Process ID: 0

SubProtID: 0x2 Age: 01h54m24s

Cost: 0 Preference: 10

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: vpn1

TableID: 0x102 OrigAs: 300

NibID: 0x15000002 LastAs: 300

AttrID: 0x0 Neighbor: 10.1.1.1

Flags: 0x10060 OrigNextHop: 10.1.1.1

Label: NULL RealNextHop: 10.1.1.1

BkLabel: 1275 BkNextHop: 172.3.1.3

SRLabel: NULL BkSRLabel: NULL

SIDIndex: NULL InLabel: NULL

Tunnel ID: Invalid Interface: XGE3/0/2

BkTunnel ID: 0x409 BkInterface: XGE3/0/3

FtnIndex: 0x0 TrafficIndex: N/A

Connector: N/A

Example: Configuring MPLS L3VPN FRR through IPv4 route backup for a VPNv4 route

Network configuration

CE 1 and CE 2 belong to VPN 1.

Configure EBGP between CEs and PEs to exchange VPN routes.

Configure OSPF to ensure connectivity between PEs, and configure MP-IBGP to exchange VPNv4 routing information between PEs.

Configure MPLS L3VPN FRR on PE 1 to achieve the following purposes:

· When the link PE 1—PE 2 operates correctly, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2.

· When BFD detects that the link between PE 1 and PE 2 fails, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—CE 2.

Figure 269 Network diagram

‌

Table 94 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	Loop0	5.5.5.5/32	CE 2	Loop0	4.4.4.4/32
	XGE3/0/1	10.2.1.1/24		XGE3/0/1	10.1.1.1/24
PE 1	Loop0	1.1.1.1/32		XGE3/0/2	10.3.1.1/24
	XGE3/0/1	10.2.1.2/24	PE 2	Loop0	2.2.2.2/32
	XGE3/0/2	10.1.1.2/24		XGE3/0/2	10.3.1.2/24
	XGE3/0/3	172.2.1.1/24		XGE3/0/3	172.2.1.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces as shown in Table 94, and configure BGP and MPLS L3VPN. (Details not shown.)

For more information about configuring basic MPLS L3VPN, see "Example: Configuring basic MPLS L3VPN."

2. Configure MPLS L3VPN FRR on PE 1:

# Configure BFD to test the connectivity of the LSP to 2.2.2.2/32.

<PE1> system-view

[PE1] mpls bfd enable

[PE1] mpls bfd 2.2.2.2 32

# Create routing policy frr, and specify the backup next hop as 10.1.1.1 for the route to 4.4.4.4/32.

[PE1] ip prefix-list abc index 10 permit 4.4.4.4 32

[PE1] route-policy frr permit node 10

[PE1-route-policy] if-match ip address prefix-list abc

[PE1-route-policy] apply fast-reroute backup-nexthop 10.1.1.1

[PE1-route-policy] quit

# Configure FRR for VPN instance vpn1 to use routing policy frr.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] fast-reroute route-policy frr

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# Specify the preferred value as 200 for BGP VPNv4 routes received from PE 2. This value is greater than the preferred value (0) for IPv4 unicast routes from CE 2, so PE 1 prefers the routes from PE 2.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 2.2.2.2 preferred-value 200

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

3. Enable MPLS BFD on PE 2.

<PE2> system-view

[PE2] mpls bfd enable

Verifying the configuration

# Display detailed information about the route to 4.4.4.4/32 on PE 1. The output shows the backup next hop for the route.

[PE1] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose

Summary Count : 1

Destination: 4.4.4.4/32

Protocol: BGP

Process ID: 0

SubProtID: 0x1 Age: 00h00m04s

Cost: 0 Preference: 255

IpPre: N/A QosLocalID: N/A

Tag: 0 State: Active Adv

OrigTblID: 0x0 OrigVrf: default-vrf

TableID: 0x102 OrigAs: 300

NibID: 0x15000004 LastAs: 300

AttrID: 0x1 Neighbor: 2.2.2.2

Flags: 0x110060 OrigNextHop: 2.2.2.2

Label: 1275 RealNextHop: 172.2.1.2

BkLabel: NULL BkNextHop: 10.1.1.1

SRLabel: NULL BkSRLabel: NULL

SIDIndex: NULL InLabel: NULL

Tunnel ID: 0x409 Interface: XGE3/0/3

BkTunnel ID: Invalid BkInterface: XGE3/0/2

FtnIndex: 0x0 TrafficIndex: N/A

Connector: N/A PathID: 0x0

IPv6 MPLS L3VPN configuration examples

Example: Configuring IPv6 MPLS L3VPNs

Network configuration

CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2.

VPN 1 uses route target attributes 111:1. VPN 2 uses route target attributes 222:2. Users of different VPNs cannot access each other.

Run EBGP between CEs and PEs to exchange VPN routing information.

PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.

Figure 270 Network diagram

‌

Table 95 Interface and IP address assignment

Device	Interface			IP address	Device		Interface	IP address
CE 1		XGE3/0/1	2001:1::1/96			P	Loop0	2.2.2.9/32
PE 1		Loop0	1.1.1.9/32				XGE3/0/4	172.1.1.2/24
		XGE3/0/1	2001:1::2/96				XGE3/0/5	172.2.1.1/24
		XGE3/0/2	2001:2::2/96			PE 2	Loop0	3.3.3.9/32
		XGE3/0/4	172.1.1.1/24				XGE3/0/1	2001:3::2/96
CE 2		XGE3/0/1	2001:2::1/96				XGE3/0/2	2001:4::2/96
CE 3		XGE3/0/1	2001:3::1/96				XGE3/0/4	172.2.1.2/24
CE 4		XGE3/0/1	2001:4::1/96

‌

Procedure

1. Configure OSPF on the MPLS backbone to ensure IP connectivity among the PEs and the P router:

# Configure PE 1.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip address 172.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/4] quit

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure the P router.

system-view

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] quit

[P] interface ten-gigabitethernet 3/0/4

[P-Ten-GigabitEthernet3/0/4] ip address 172.1.1.2 24

[P-Ten-GigabitEthernet3/0/4] quit

[P] interface ten-gigabitethernet 3/0/5

[P-Ten-GigabitEthernet3/0/5] ip address 172.2.1.1 24

[P-Ten-GigabitEthernet3/0/5] quit

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

# Configure PE 2.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] quit

[PE2] interface ten-gigabitethernet 3/0/4

[PE2-Ten-GigabitEthernet3/0/4] ip address 172.2.1.2 24

[PE2-Ten-GigabitEthernet3/0/4] quit

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

2. Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs:

# Configure PE 1.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/4] quit

# Configure the P router.

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

[P] interface ten-gigabitethernet 3/0/4

[P-Ten-GigabitEthernet3/0/4] mpls enable

[P-Ten-GigabitEthernet3/0/4] mpls ldp enable

[P-Ten-GigabitEthernet3/0/4] quit

[P] interface ten-gigabitethernet 3/0/5

[P-Ten-GigabitEthernet3/0/5] mpls enable

[P-Ten-GigabitEthernet3/0/5] mpls ldp enable

[P-Ten-GigabitEthernet3/0/5] quit

# Configure PE 2.

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface ten-gigabitethernet 3/0/4

[PE2-Ten-GigabitEthernet3/0/4] mpls enable

[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/4] quit

3. Configure IPv6 VPN instances on the PEs to allow CE access:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 100:2

[PE1-vpn-instance-vpn2] vpn-target 222:2

[PE1-vpn-instance-vpn2] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::2 96

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 2001:2::2 96

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] ip vpn-instance vpn2

[PE2-vpn-instance-vpn2] route-distinguisher 200:2

[PE2-vpn-instance-vpn2] vpn-target 222:2

[PE2-vpn-instance-vpn2] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 2001:3::2 96

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 2001:4::2 96

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure IP addresses for the CEs according to Figure 270. (Details not shown.)

# Execute the display ip vpn-instance command on the PEs to display information about the VPN instances, for example, on PE 1.

[PE1] display ip vpn-instance

Total VPN-Instances configured : 2

Total IPv4 VPN-Instances configured : 0

Total IPv6 VPN-Instances configured : 2

VPN-Instance Name RD Address family Create time

vpn1 100:1 IPv6 2012/02/13 12:49:08

vpn2 100:2 IPv6 2012/02/13 12:49:20

# Use the ping command on the PEs to verify that the PEs can ping their attached CEs, for example, on PE 1.

[PE1] ping ipv6 -vpn-instance vpn1 2001:1::1

Ping6(56 bytes) 2001:1::2 --> 2001:1::1, press CTRL_C to break

56 bytes from 2001:1::1, icmp_seq=0 hlim=64 time=9.000 ms

56 bytes from 2001:1::1, icmp_seq=1 hlim=64 time=1.000 ms

56 bytes from 2001:1::1, icmp_seq=2 hlim=64 time=0.000 ms

56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=0.000 ms

56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms

--- Ping6 statistics for 2001:1::1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/2.000/9.000/3.521 ms

4. Establish EBGP peer relationships between the PEs and CEs to allow them to exchange VPN routes:

# Configure CE 1.

<CE1> system-view

[CE1] bgp 65410

[CE1-bgp-default] peer 2001:1::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 2001:1::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

# Configure the other CEs (CE 2 through CE 4) in the same way that CE 1 is configured. (Details not shown.)

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 2001:1::1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 2001:1::1 enable

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] ip vpn-instance vpn2

[PE1-bgp-default-vpn2] peer 2001:2::1 as-number 65420

[PE1-bgp-default-vpn2] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn2] peer 2001:2::1 enable

[PE1-bgp-default-ipv6-vpn2] quit

[PE1-bgp-default-vpn2] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# Execute the display bgp peer ipv6 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)

5. Configure an MP-IBGP peer relationship between the PEs:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-vpnv6] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv6] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv6

[PE2-bgp-default-vpnv6] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv6] quit

[PE2-bgp-default] quit

# Execute the display bgp peer vpnv6 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)

Verifying the configuration

# Execute the display ipv6 routing-table vpn-instance command on the PEs.

[PE1] display ipv6 routing-table vpn-instance vpn1

Destinations : 5 Routes : 5

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2001:1::/96 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 2001:1::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2001:3::/96 Protocol : BGP4+

NextHop : ::FFFF:3.3.3.9 Preference: 255

Interface : XGE3/0/4 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

[PE1] display ipv6 routing-table vpn-instance vpn2

Destinations : 5 Routes : 5

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2001:2::/96 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 2001:2::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2001:4::/96 Protocol : BGP4+

NextHop : ::FFFF:3.3.3.9 Preference: 255

Interface : XGE3/0/4 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

The output shows that PE 1 has routes to the remote CEs. Output on PE 2 is similar.

# Verify that CEs of the same VPN can ping each other, whereas those of different VPNs cannot. For example, CE 1 can ping CE 3 (2001:3::1), but cannot ping CE 4 (2001:4::1). (Details not shown.)

Example: Configuring an IPv6 MPLS L3VPN over a GRE tunnel

Network configuration

CE 1 and CE 2 belong to VPN 1. The PEs support MPLS, while the P router does not support MPLS and provides only IP features.

On the backbone, use a GRE tunnel to encapsulate and forward packets for IPv6 MPLS L3VPN.

Configure tunnel policies on the PEs, and specify the tunnel type for VPN traffic as GRE.

Figure 271 Network diagram

‌

Table 96 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	2001:1::1/96	P	XGE3/0/4	172.1.1.2/24
PE 1	Loop0	1.1.1.9/32		XGE3/0/5	172.2.1.1/24
	XGE3/0/1	2001:1::2/96	PE 2	Loop0	2.2.2.9/32
	XGE3/0/5	172.1.1.1/24		XGE3/0/1	2001:2::2/96
	Tunnel0	20.1.1.1/24		XGE3/0/4	172.2.1.2/24
CE 2	XGE3/0/1	2001:2::1/96		Tunnel0	20.1.1.2/24

‌

Procedure

1. Configure an IGP on the MPLS backbone to ensure IP connectivity among the PEs and the P router.

This example uses OSPF. (Details not shown.)

2. Configure basic MPLS on the PEs:

# Configure PE 1.

<PE1> system-view

[PE1] mpls lsr-id 1.1.1.9

# Configure PE 2.

<PE2> system-view

[PE2] mpls lsr-id 2.2.2.9

3. Configure VPN instances on the PEs to allow CE access, and apply tunnel policies to the VPN instances to use a GRE tunnel for VPN packet forwarding:

# Configure PE 1.

[PE1] tunnel-policy gre1

[PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1

[PE1-tunnel-policy-gre1] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1 both

[PE1-vpn-instance-vpn1] tnl-policy gre1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::2 96

[PE1-Ten-GigabitEthernet3/0/1] quit

# Configure PE 2.

[PE2] tunnel-policy gre1

[PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1

[PE2-tunnel-policy-gre1] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:2

[PE2-vpn-instance-vpn1] vpn-target 100:1 both

[PE2-vpn-instance-vpn1] tnl-policy gre1

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 2001:2::2 96

[PE2-Ten-GigabitEthernet3/0/1] quit

# Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::1 96

[CE1-Ten-GigabitEthernet3/0/1] quit

# Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 2001:2::1 96

[CE2-Ten-GigabitEthernet3/0/1] quit

# Execute the display ip vpn-instance command on the PEs to display information about the VPN instance, for example, on PE 1.

[PE1] display ip vpn-instance

Total VPN-Instances configured : 1

Total IPv4 VPN-Instances configured : 0

Total IPv6 VPN-Instances configured : 1

VPN-Instance Name RD Address family Create time

vpn1 100:1 IPv6 2012/02/13 15:59:50

# Use the ping command on the PEs to verify that the PEs can ping their attached CEs, for example, on PE 1.

[PE1] ping ipv6 -vpn-instance vpn1 2001:1::1

Ping6(56 bytes) 2001:1::2 --> 2001:1::1, press CTRL_C to break

56 bytes from 2001:1::1, icmp_seq=0 hlim=64 time=0.000 ms

56 bytes from 2001:1::1, icmp_seq=1 hlim=64 time=1.000 ms

56 bytes from 2001:1::1, icmp_seq=2 hlim=64 time=0.000 ms

56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=1.000 ms

56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms

--- Ping6 statistics for 2001:1::1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.400/1.000/0.490 ms

4. Establish EBGP peer relationships between PEs and CEs to allow them to exchange VPN routes:

# Configure CE 1.

[CE1] bgp 65410

[CE1-bgp-default] peer 2001:1::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 2001:1::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 2001:1::1 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 2001:1::1 enable

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure CE 2 and PE 2 in the same way that CE 1 and PE 1 are configured. (Details not shown.)

# Execute the display bgp peer ipv6 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)

5. Configure an MP-IBGP peer relationship between the PEs:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.9 as-number 100

[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-vpnv6] peer 2.2.2.9 enable

[PE1-bgp-default-vpnv6] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# Execute the display bgp peer vpnv6 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)

6. Configure a GRE tunnel:

# Configure PE 1.

[PE1] interface tunnel 0 mode gre

[PE1-Tunnel0] source loopback 0

[PE1-Tunnel0] destination 2.2.2.9

[PE1-Tunnel0] ip address 20.1.1.1 24

[PE1-Tunnel0] mpls enable

[PE1-Tunnel0] quit

# Configure PE 2.

[PE2] interface tunnel 0 mode gre

[PE2-Tunnel0] source loopback 0

[PE2-Tunnel0] destination 1.1.1.9

[PE2-Tunnel0] ip address 20.1.1.2 24

[PE2-Tunnel0] mpls enable

[PE2-Tunnel0] quit

Verifying the configuration

# Verify that the CEs have learned the route to each other and can ping each other. (Details not shown.)

Example: Configuring a hub-spoke network

Network configuration

The Spoke-CEs cannot communicate directly. They can communicate only through the Hub-CE.

Configure EBGP between the Spoke-CEs and Spoke-PEs and between the Hub-CE and Hub-PE to exchange VPN routing information.

Configure OSPF between the Spoke-PEs and Hub-PE to implement communication between the PEs. Configure MP-IBGP between the Spoke-PEs and Hub-PE to exchange VPN routing information.

Figure 272 Network diagram

‌

Table 97 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Spoke-CE 1	XGE3/0/1	11::1/64	Hub-CE	XGE3/0/1	13::1/64
Spoke-PE 1	Loop0	1.1.1.9/32		XGE3/0/2	14::1/64
	XGE3/0/1	11::2/64	Hub-PE	Loop0	2.2.2.9/32
	XGE3/0/4	172.1.1.1/24		XGE3/0/4	172.1.1.2/24
Spoke-CE 2	XGE3/0/1	12::1/64		XGE3/0/5	172.2.1.2/24
Spoke-PE 2	Loop0	3.3.3.9/32		XGE3/0/1	13::2/64
	XGE3/0/1	12::2/64		XGE3/0/2	14::2/64
	XGE3/0/4	172.2.1.1/24

‌

Procedure

1. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone:

# Configure Spoke-PE 1.

<Spoke-PE1> system-view

[Spoke-PE1] interface loopback 0

[Spoke-PE1-LoopBack0] ip address 1.1.1.9 32

[Spoke-PE1-LoopBack0] quit

[Spoke-PE1] interface ten-gigabitethernet 3/0/4

[Spoke-PE1-Ten-GigabitEthernet3/0/4] ip address 172.1.1.1 24

[Spoke-PE1-Ten-GigabitEthernet3/0/4] quit

[Spoke-PE1] ospf

[Spoke-PE1-ospf-1] area 0

[Spoke-PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[Spoke-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[Spoke-PE1-ospf-1-area-0.0.0.0] quit

[Spoke-PE1-ospf-1] quit

# Configure Spoke-PE 2.

<Spoke-PE2> system-view

[Spoke-PE2] interface loopback 0

[Spoke-PE2-LoopBack0] ip address 3.3.3.9 32

[Spoke-PE2-LoopBack0] quit

[Spoke-PE2] interface ten-gigabitethernet 3/0/4

[Spoke-PE2-Ten-GigabitEthernet3/0/4] ip address 172.1.1.1 24

[Spoke-PE2-Ten-GigabitEthernet3/0/4] quit

[Spoke-PE2] ospf

[Spoke-PE2-ospf-1] area 0

[Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[Spoke-PE2-ospf-1-area-0.0.0.0] quit

[Spoke-PE2-ospf-1] quit

# Configure Hub-PE.

<Hub-PE> system-view

[Hub-PE] interface loopback 0

[Hub-PE-LoopBack0] ip address 2.2.2.9 32

[Hub-PE-LoopBack0] quit

[Hub-PE] interface ten-gigabitethernet 3/0/4

[Hub-PE-Ten-GigabitEthernet3/0/4] ip address 172.1.1.2 24

[Hub-PE-Ten-GigabitEthernet3/0/4] quit

[Hub-PE] interface ten-gigabitethernet 3/0/5

[Hub-PE-Ten-GigabitEthernet3/0/5] ip address 172.2.1.2 24

[Hub-PE-Ten-GigabitEthernet3/0/5] quit

[Hub-PE] ospf

[Hub-PE-ospf-1] area 0

[Hub-PE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[Hub-PE-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[Hub-PE-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[Hub-PE-ospf-1-area-0.0.0.0] quit

[Hub-PE-ospf-1] quit

# Execute the display ospf peer command on the PEs to verify that OSPF adjacencies in Full state have been established between the PEs. Execute the display ip routing-table command on the PEs to verify that the PEs have learned the routes to the loopback interfaces of each other. (Details not shown.)

2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:

# Configure Spoke-PE 1.

[Spoke-PE1] mpls lsr-id 1.1.1.9

[Spoke-PE1] mpls ldp

[Spoke-PE1-ldp] quit

[Spoke-PE1] interface ten-gigabitethernet 3/0/4

[Spoke-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[Spoke-PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[Spoke-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure Spoke-PE 2.

[Spoke-PE2] mpls lsr-id 3.3.3.9

[Spoke-PE2] mpls ldp

[Spoke-PE2-ldp] quit

[Spoke-PE2] interface ten-gigabitethernet 3/0/4

[Spoke-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[Spoke-PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable

[Spoke-PE2-Ten-GigabitEthernet3/0/4] quit

# Configure Hub-PE.

[Hub-PE] mpls lsr-id 2.2.2.9

[Hub-PE] mpls ldp

[Hub-PE-ldp] quit

[Hub-PE] interface ten-gigabitethernet 3/0/4

[Hub-PE-Ten-GigabitEthernet3/0/4] mpls enable

[Hub-PE-Ten-GigabitEthernet3/0/4] mpls ldp enable

[Hub-PE-Ten-GigabitEthernet3/0/4] quit

[Hub-PE] interface ten-gigabitethernet 3/0/5

[Hub-PE-Ten-GigabitEthernet3/0/5] mpls enable

[Hub-PE-Ten-GigabitEthernet3/0/5] mpls ldp enable

[Hub-PE-Ten-GigabitEthernet3/0/5] quit

# Execute the display mpls ldp peer command on the PEs to verify that LDP sessions in Operational state have been established between the PEs. Execute the display mpls ldp lsp command on the PEs to verify that the LSPs have been established by LDP. (Details not shown.)

3. Configure VPN instances on the Spoke-PEs and Hub-PE:

# Configure Spoke-PE 1.

[Spoke-PE1] ip vpn-instance vpn1

[Spoke-PE1-vpn-instance-vpn1] route-distinguisher 100:1

[Spoke-PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity

[Spoke-PE1-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity

[Spoke-PE1-vpn-instance-vpn1] quit

[Spoke-PE1] interface ten-gigabitethernet 3/0/1

[Spoke-PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[Spoke-PE1-Ten-GigabitEthernet3/0/1] ip address 11::2 24

[Spoke-PE1-Ten-GigabitEthernet3/0/1] quit

# Configure Spoke-PE 2.

[Spoke-PE2] ip vpn-instance vpn1

[Spoke-PE2-vpn-instance-vpn1] route-distinguisher 100:2

[Spoke-PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity

[Spoke-PE2-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity

[Spoke-PE2-vpn-instance-vpn1] quit

[Spoke-PE2] interface ten-gigabitethernet 3/0/1

[Spoke-PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[Spoke-PE2-Ten-GigabitEthernet3/0/1] ip address 12::2 24

[Spoke-PE2-Ten-GigabitEthernet3/0/1] quit

# Configure Hub-PE.

[Hub-PE] ip vpn-instance vpn1-in

[Hub-PE-vpn-instance-vpn1-in] route-distinguisher 100:3

[Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity

[Hub-PE-vpn-instance-vpn1-in] quit

[Hub-PE] ip vpn-instance vpn1-out

[Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4

[Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity

[Hub-PE-vpn-instance-vpn1-out] quit

[Hub-PE] interface ten-gigabitethernet 3/0/1

[Hub-PE-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1-in

[Hub-PE-Ten-GigabitEthernet3/0/1] ip address 13::2 24

[Hub-PE-Ten-GigabitEthernet3/0/1] quit

[Hub-PE] interface ten-gigabitethernet 3/0/2

[Hub-PE-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1-out

[Hub-PE-Ten-GigabitEthernet3/0/2] ip address 14::2 24

[Hub-PE-Ten-GigabitEthernet3/0/2] quit

# Configure IP addresses for the CEs according to Table 97. (Details not shown.)

# Execute the display ip vpn-instance command on the PEs to display the VPN instance configuration. This example uses Spoke-PE 1.

[Spoke-PE1] display ip vpn-instance

Total VPN-Instances configured : 1

Total IPv4 VPN-Instances configured : 0

Total IPv6 VPN-Instances configured : 1

VPN-Instance Name RD Address family Create time

vpn1 100:1 IPv6 2009/04/08 10:55:07

# Use the ping command on the PEs to verify that the PEs can ping their attached CEs. This example uses Spoke-PE 1.

[Spoke-PE1] ping ipv6 -vpn-instance vpn1 11::1

Ping6(56 bytes) 11::2 --> 11::1, press CTRL_C to break

56 bytes from 11::1, icmp_seq=0 hlim=64 time=0.000 ms

56 bytes from 11::1, icmp_seq=1 hlim=64 time=1.000 ms

56 bytes from 11::1, icmp_seq=2 hlim=64 time=0.000 ms

56 bytes from 11::1, icmp_seq=3 hlim=64 time=1.000 ms

56 bytes from 11::1, icmp_seq=4 hlim=64 time=0.000 ms

--- Ping6 statistics for 11::1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.400/1.000/0.490 ms

4. Establish EBGP peer relationships between the PEs and CEs, and redistribute VPN routes into BGP:

# Configure Spoke-CE 1.

<Spoke-CE1> system-view

[Spoke-CE1] bgp 65410

[Spoke-CE1-bgp-default] peer 11::2 as-number 100

[Spoke-CE1-bgp-default] address-family ipv6

[Spoke-CE1-bgp-default-ipv6] peer 11::2 enable

[Spoke-CE1-bgp-default-ipv6] import-route direct

[Spoke-CE1-bgp-default-ipv6] quit

[Spoke-CE1-bgp-default] quit

# Configure Spoke-CE 2.

<Spoke-CE2> system-view

[Spoke-CE2] bgp 65420

[Spoke-CE2-bgp-default] peer 12::2 as-number 100

[Spoke-CE2-bgp-default] address-family ipv6

[Spoke-CE2-bgp-default-ipv6] peer 12::2 enable

[Spoke-CE2-bgp-default-ipv6] import-route direct

[Spoke-CE2-bgp-default-ipv6] quit

[Spoke-CE2-bgp-default] quit

# Configure Hub-CE.

<Hub-CE> system-view

[Hub-CE] bgp 65430

[Hub-CE-bgp-default] peer 13::2 as-number 100

[Hub-CE-bgp-default] peer 14::2 as-number 100

[Hub-CE-bgp-default] address-family ipv6

[Hub-CE-bgp-default-ipv6] peer 13::2 enable

[Hub-CE-bgp-default-ipv6] peer 14::2 enable

[Hub-CE-bgp-default-ipv6] import-route direct

[Hub-CE-bgp-default-ipv6] quit

[Hub-CE-bgp-default] quit

# Configure Spoke-PE 1.

[Spoke-PE1] bgp 100

[Spoke-PE1-bgp-default] ip vpn-instance vpn1

[Spoke-PE1-bgp-default-vpn1] peer 11::1 as-number 65410

[Spoke-PE1-bgp-default-vpn1] address-family ipv6

[Spoke-PE1-bgp-default-ipv6-vpn1] peer 11::1 enable

[Spoke-PE1-bgp-default-ipv6-vpn1] quit

[Spoke-PE1-bgp-default-vpn1] quit

[Spoke-PE1-bgp-default] quit

# Configure Spoke-PE 2.

[Spoke-PE2] bgp 100

[Spoke-PE2-bgp-default] ip vpn-instance vpn1

[Spoke-PE2-bgp-default-vpn1] peer 12::1 as-number 65420

[Spoke-PE2-bgp-default-vpn1] address-family ipv6

[Spoke-PE2-bgp-default-ipv6-vpn1] peer 12::1 enable

[Spoke-PE2-bgp-default-ipv6-vpn1] quit

[Spoke-PE2-bgp-default-vpn1] quit

[Spoke-PE2-bgp-default] quit

# Configure Hub-PE.

[Hub-PE] bgp 100

[Hub-PE-bgp-default] ip vpn-instance vpn1-in

[Hub-PE-bgp-default-vpn1-in] peer 13::1 as-number 65430

[Hub-PE-bgp-default-vpn1-in] address-family ipv6

[Hub-PE-bgp-default-ipv6-vpn1-in] peer 13::1 enable

[Hub-PE-bgp-default-ipv6-vpn1-in] quit

[Hub-PE-bgp-default-vpn1-in] quit

[Hub-PE-bgp-default] ip vpn-instance vpn1-out

[Hub-PE-bgp-default-vpn1-out] peer 14::1 as-number 65430

[Hub-PE-bgp-default-vpn1-out] address-family ipv6

[Hub-PE-bgp-default-ipv6-vpn1-out] peer 14::1 enable

[Hub-PE-bgp-default-ipv6-vpn1-out] peer 14::1 allow-as-loop 2

[Hub-PE-bgp-default-ipv6-vpn1-out] quit

[Hub-PE-bgp-default-vpn1-out] quit

[Hub-PE-bgp-default] quit

# Execute the display bgp peer ipv6 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)

5. Establish an MP-IBGP peer relationship between the Spoke-PEs and Hub-PE:

# Configure Spoke-PE 1.

[Spoke-PE1] bgp 100

[Spoke-PE1-bgp-default] peer 2.2.2.9 as-number 100

[Spoke-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[Spoke-PE1-bgp-default] address-family vpnv6

[Spoke-PE1-bgp-default-vpnv6] peer 2.2.2.9 enable

[Spoke-PE1-bgp-default-vpnv6] quit

[Spoke-PE1-bgp-default] quit

# Configure Spoke-PE 2.

[Spoke-PE2] bgp 100

[Spoke-PE2-bgp-default] peer 2.2.2.9 as-number 100

[Spoke-PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[Spoke-PE2-bgp-default] address-family vpnv6

[Spoke-PE2-bgp-default-vpnv6] peer 2.2.2.9 enable

[Spoke-PE2-bgp-default-vpnv6] quit

[Spoke-PE2-bgp-default] quit

# Configure Hub-PE.

[Hub-PE] bgp 100

[Hub-PE-bgp-default] peer 1.1.1.9 as-number 100

[Hub-PE-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[Hub-PE-bgp-default] peer 3.3.3.9 as-number 100

[Hub-PE-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[Hub-PE-bgp-default] address-family vpnv6

[Hub-PE-bgp-default-vpnv6] peer 1.1.1.9 enable

[Hub-PE-bgp-default-vpnv6] peer 3.3.3.9 enable

[Hub-PE-bgp-default-vpnv6] quit

[Hub-PE-bgp-default] quit

# Execute the display bgp peer vpnv6 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)

Verifying the configuration

# Verify that Spoke-CE 1 and Spoke-CE 2 can ping each other. The TTL value indicates that traffic from Spoke-CE 1 to Spoke-CE 2 passes six hops (64-59+1) and is forwarded through Hub-CE. This example uses Spoke-CE 1.

[Spoke-CE1] ping ipv6 12::1

Ping6(56 bytes) 11::1 --> 12::1, press CTRL_C to break

56 bytes from 12::1, icmp_seq=0 hlim=59 time=0.000 ms

56 bytes from 12::1, icmp_seq=1 hlim=59 time=1.000 ms

56 bytes from 12::1, icmp_seq=2 hlim=59 time=0.000 ms

56 bytes from 12::1, icmp_seq=3 hlim=59 time=1.000 ms

56 bytes from 12::1, icmp_seq=4 hlim=59 time=0.000 ms

--- Ping6 statistics for 12::1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.400/1.000/0.490 ms

Example: Configuring IPv6 MPLS L3VPN inter-AS option A

Network configuration

CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200.

Configure IPv6 MPLS L3VPN inter-AS option A, and use VRF-to-VRF method to manage VPN routes.

Run OSPF on the MPLS backbone of each AS.

Figure 273 Network diagram

‌

Table 98 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	2001:1::1/96	CE 2	XGE3/0/1	2001:2::1/96
PE 1	Loop0	1.1.1.9/32	PE 2	Loop0	4.4.4.9/32
	XGE3/0/1	2001:1::2/96		XGE3/0/1	2001:2::2/96
	XGE3/0/4	172.1.1.2/24		XGE3/0/4	162.1.1.2/24
ASBR-PE1	Loop0	2.2.2.9/32	ASBR-PE2	Loop0	3.3.3.9/32
	XGE3/0/4	172.1.1.1/24		XGE3/0/4	162.1.1.1/24
	XGE3/0/5	2002:1::1/96		XGE3/0/5	2002:1::2/96

‌

Restrictions and guidelines

For the same VPN, the route targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. This is not required for PEs in different ASs.

Procedure

1. Configure an IGP on each MPLS backbone to ensure IP connectivity within the backbone.

This example uses OSPF. Be sure to advertise the route to the 32-bit loopback interface address of each router through OSPF. Use the loopback interface address of a router as the router's LSR ID. (Details not shown.)

# Execute the display ospf peer command to verify that each ASBR-PE has established an OSPF adjacency in Full state with the PE in the same AS, and that the PEs and ASBR-PEs in the same AS have learned the routes to the loopback interfaces of each other. Execute the ping command to verify that the PEs and ASBR-PEs in the same AS can ping each other. (Details not shown.)

2. Configure basic MPLS and enable MPLS LDP on each MPLS backbone to establish LDP LSPs:

# Configure basic MPLS on PE 1, and enable MPLS LDP for both PE 1 and the interface connected to ASBR-PE 1.

<PE1> system-view

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/4] quit

# Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP for both ASBR-PE 1 and the interface connected to PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] mpls lsr-id 2.2.2.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure basic MPLS on ASBR-PE 2, and enable MPLS LDP for both ASBR-PE 2 and the interface connected to PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] mpls lsr-id 3.3.3.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Configure basic MPLS on PE 2, and enable MPLS LDP for both PE 2 and the interface connected to ASBR-PE 2.

<PE2> system-view

[PE2] mpls lsr-id 4.4.4.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface ten-gigabitethernet 3/0/4

[PE2-Ten-GigabitEthernet3/0/4] mpls enable

[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/4] quit

# Execute the display mpls ldp session command on the routers to verify that the session status is Operational, and that each PE and the ASBR-PE in the same AS have established an LDP neighbor relationship. (Details not shown.)

3. Configure a VPN instance on the PEs:

# Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::1 96

[CE1-Ten-GigabitEthernet3/0/1] quit

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:2

[PE1-vpn-instance-vpn1] vpn-target 100:1 both

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::2 96

[PE1-Ten-GigabitEthernet3/0/1] quit

# Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 2001:2::1 96

[CE2-Ten-GigabitEthernet3/0/1] quit

# Configure PE 2.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 200:1

[PE2-vpn-instance-vpn1] vpn-target 200:1 both

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 2001:2::2 96

[PE2-Ten-GigabitEthernet3/0/1] quit

# On ASBR-PE 1, create a VPN instance, and bind the VPN instance to the interface connected to ASBR-PE 2. ASBR-PE 1 considers ASBR-PE 2 to be its attached CE.

[ASBR-PE1] ip vpn-instance vpn1

[ASBR-PE1-vpn-instance-vpn1] route-distinguisher 100:1

[ASBR-PE1-vpn-instance-vpn1] vpn-target 100:1 both

[ASBR-PE1-vpn-instance-vpn1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ipv6 address 2002:1::1 96

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# On ASBR-PE 2, create a VPN instance, and bind the VPN instance to the interface connected to ASBR-PE 1. ASBR-PE 2 considers ASBR-PE 1 to be its attached CE.

[ASBR-PE2] ip vpn-instance vpn1

[ASBR-PE2-vpn-instance-vpn1] route-distinguisher 200:1

[ASBR-PE2-vpn-instance-vpn1] vpn-target 200:1 both

[ASBR-PE2-vpn-instance-vpn1] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ipv6 address 2002:1::2 96

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Execute the display ip vpn-instance command to display VPN instance information. Verify that each PE can ping its attached CE, and that ASBR-PE 1 and ASBR-PE 2 can ping each other. (Details not shown.)

4. Establish EBGP peer relationships between PEs and CEs to allow them to exchange VPN routes:

# Configure CE 1.

[CE1] bgp 65001

[CE1-bgp-default] peer 2001:1::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 2001:1::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 2001:1::1 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 2001:1::1 enable

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure CE 2.

[CE2] bgp 65002

[CE2-bgp-default] peer 2001:2::2 as-number 200

[CE2-bgp-default] address-family ipv6

[CE2-bgp-default-ipv6] peer 2001:2::2 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

# Configure PE 2.

[PE2] bgp 200

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 2001:2::1 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] peer 2001:2::1 enable

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

5. Establish an IBGP peer relationship between each PE and the ASBR-PE in the same AS and an EBGP peer relationship between the ASBR-PEs:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.9 as-number 100

[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-vpnv6] peer 2.2.2.9 enable

[PE1-bgp-default-vpnv6] quit

[PE1-bgp-default] quit

# Configure ASBR-PE 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] ip vpn-instance vpn1

[ASBR-PE1-bgp-default-vpn1] peer 2002:1::2 as-number 200

[ASBR-PE1-bgp-default-vpn1] address-family ipv6 unicast

[ASBR-PE1-bgp-default-ipv6-vpn1] peer 2002:1::2 enable

[ASBR-PE1-bgp-default-ipv6-vpn1] quit

[ASBR-PE1-bgp-default-vpn1] quit

[ASBR-PE1-bgp-default] peer 1.1.1.9 as-number 100

[ASBR-PE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] address-family vpnv6

[ASBR-PE1-bgp-default-vpnv6] peer 1.1.1.9 enable

[ASBR-PE1-bgp-default-vpnv6] quit

[ASBR-PE1-bgp-default] quit

# Configure ASBR-PE 2.

[ASBR-PE2] bgp 200

[ASBR-PE2-bgp-default] ip vpn-instance vpn1

[ASBR-PE2-bgp-default-vpn1] peer 2002:1::1 as-number 100

[ASBR-PE2-bgp-default-vpn1] address-family ipv6 unicast

[ASBR-PE2-bgp-default-ipv6-vpn1] peer 2002:1::1 enable

[ASBR-PE2-bgp-default-ipv6-vpn1] quit

[ASBR-PE2-bgp-default-vpn1] quit

[ASBR-PE2-bgp-default] peer 4.4.4.9 as-number 200

[ASBR-PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[ASBR-PE2-bgp-default] address-family vpnv6

[ASBR-PE2-bgp-default-vpnv6] peer 4.4.4.9 enable

[ASBR-PE2-bgp-default-vpnv6] quit

[ASBR-PE2-bgp-default] quit

# Configure PE 2.

[PE2] bgp 200

[PE2-bgp-default] peer 3.3.3.9 as-number 200

[PE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv6

[PE2-bgp-default-vpnv6] peer 3.3.3.9 enable

[PE2-bgp-default-vpnv6] quit

[PE2-bgp-default] quit

Verifying the configuration

# Verify that the CEs can learn the route to each other and can ping each other. (Details not shown.)

Example: Configuring IPv6 MPLS L3VPN inter-AS option B

Network configuration

Site 1 and Site 2 belong to the same VPN. CE 1 of Site 1 accesses the network through PE 1 in AS 100, and CE 2 of Site 2 accesses the network through PE 2 in AS 600.

PEs in the same AS run IS-IS.

PE 1 and ASBR-PE 1 exchange VPNv6 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv6 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv6 routes through MP-EBGP.

ASBRs do not perform route target filtering of received VPNv6 routes.

Figure 274 Network diagram

‌

Table 99 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	30::1/64		XGE3/0/1	20::1/64
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8

‌

Procedure

1. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 1:1 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Bind the interface connected to CE 1 to the created VPN instance.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30::1 64

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Configure IBGP peer 3.3.3.9 as a VPNv6 peer.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-vpnv6] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv6] quit

# Redistribute direct routes to the VPN routing table of vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] import-route direct

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

2. Configure ASBR-PE 1:

# Enable IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure interface Ten-GigabitEthernet 3/0/4, and enable MPLS.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Enable BGP on ASBR-PE 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface ten-gigabitethernet 3/0/4

# Disable route target based filtering of received VPNv6 routes.

[ASBR-PE1-bgp-default] address-family vpnv6

[ASBR-PE1-bgp-default-vpnv6] undo policy vpn-target

# Configure IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv6 peers.

[ASBR-PE1-bgp-default-vpnv6] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-vpnv6] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-vpnv6] quit

3. Configure ASBR-PE 2:

# Enable IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

# Configure LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure interface Ten-GigabitEthernet 3/0/4, and enable MPLS.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Enable BGP on ASBR-PE 2.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface ten-gigabitethernet 3/0/4

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

# Disable route target based filtering of received VPNv6 routes.

[ASBR-PE2-bgp-default] address-family vpnv6

[ASBR-PE2-bgp-default-vpnv6] undo policy vpn-target

# Configure IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv6 peers.

[ASBR-PE2-bgp-default-vpnv6] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-vpnv6] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-vpnv6] quit

[ASBR-PE2-bgp-default] quit

4. Configure PE 2:

# Enable IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# Configure the LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 12:12

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 2:2 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Bind the interface connected to CE 1 to the created VPN instance.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20::1 64

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Configure IBGP peer 4.4.4.9 as a VPNv6 peer.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv6

[PE2-bgp-default-vpnv6] peer 4.4.4.9 enable

[PE2-bgp-default-vpnv6] quit

# Redistribute direct routes to the VPN routing table of vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

Verifying the configuration

# Use the following command on PE 1 to verify its connectivity to PE 2.

[PE1] ping ipv6 -a 30::1 -vpn-instance vpn1 20::1

Ping6(56 data bytes) 30::1-->20::1, press CTRL_C to break

56 bytes from 20::1: icmp_seq=0 hlim=64 time=1.208 ms

56 bytes from 20::1: icmp_seq=1 hlim=64 time=0.867 ms

56 bytes from 20::1: icmp_seq=2 hlim=64 time=0.551 ms

56 bytes from 20::1: icmp_seq=3 hlim=64 time=0.566 ms

56 bytes from 20::1: icmp_seq=4 hlim=64 time=0.570 ms

--- Ping6 statistics for 20::1 in VPN instance vpn1---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.551/0.752/1.208/0.257 ms

Example: Configuring IPv6 MPLS L3VPN inter-AS option C (method 1)

Network configuration

Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100. Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.

PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by IBGP. PE 1 and PE 2 are MP-EBGP peers to exchange VPNv6 routes.

ASBR-PE 1 and ASBR-PE 2 use their respective routing policies and label the routes received from each other.

ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes.

Figure 275 Network diagram

‌

Table 100 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	2001::1/64		XGE3/0/1	2002::1/64
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	2001::2/64	CE 1	XGE3/0/1	2002::2/64

‌

Procedure

1. Configure CE 1:

# Configure an IPv6 address for Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001::2 64

[CE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 2001::1 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 2001::1 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0 and enable IS-IS on it.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes for it.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IPv6 address for the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001::1 64

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Enable the capability to advertise labeled routes to and receive labeled routes from IBGP peer 3.3.3.9.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] peer 3.3.3.9 enable

[PE1-bgp-default-ipv4] peer 3.3.3.9 label-route-capability

[PE1-bgp-default-ipv4] quit

# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv6 peer.

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-af-vpnv6] peer 5.5.5.9 enable

[PE1-bgp-default-af-vpnv6] quit

# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 2001::2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 2001::2 enable

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

3. Configure ASBR-PE 1:

# Enable IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Create routing policies.

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] apply mpls-label

[ASBR-PE1-route-policy-policy1-1] quit

[ASBR-PE1] route-policy policy2 permit node 1

[ASBR-PE1-route-policy-policy2-1] if-match mpls-label

[ASBR-PE1-route-policy-policy2-1] apply mpls-label

[ASBR-PE1-route-policy-policy2-1] quit

# Enable BGP on ASBR-PE 1, and apply routing policy policy2 to routes advertised to IBGP peer 2.2.2.9.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 route-policy policy2 export

# Enable the capability to advertise labeled routes to and receive labeled routes from IBGP peer 2.2.2.9.

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 label-route-capability

# Redistribute routes from IS-IS process 1

[ASBR-PE1-bgp-default-ipv4] import-route isis 1

[ASBR-PE1-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export

# Enable the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability

[ASBR-PE1-bgp-default-ipv4] quit

[ASBR-PE1-bgp-default] quit

4. Configure ASBR-PE 2:

# Enable IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.333.333.333.333.00

[ASBR-PE2-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Create routing policies.

[ASBR-PE2] route-policy policy1 permit node 1

[ASBR-PE2-route-policy-policy1-1] apply mpls-label

[ASBR-PE2-route-policy-policy1-1] quit

[ASBR-PE2] route-policy policy2 permit node 1

[ASBR-PE2-route-policy-policy2-1] if-match mpls-label

[ASBR-PE2-route-policy-policy2-1] apply mpls-label

[ASBR-PE2-route-policy-policy2-1] quit

# Enable BGP on ASBR-PE 2, and enable the capability to advertise labeled routes to and receive labeled routes from IBGP peer 5.5.5.9.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 label-route-capability

# Apply routing policy policy2 to routes advertised to IBGP peer 5.5.5.9.

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 route-policy policy2 export

# Redistribute routes from IS-IS process 1.

[ASBR-PE2-bgp-default-ipv4] import-route isis 1

[ASBR-PE2-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export

# Enable the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability

[ASBR-PE2-bgp-default-ipv4] quit

[ASBR-PE2-bgp-default] quit

5. Configure PE 2:

# Enable IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.444.444.444.444.00

[PE2-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes for it.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IPv6 address for the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 2002::1 64

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP.

[PE2] bgp 600

# Enable the capability to advertise labeled routes to and receive labeled routes from IBGP peer 4.4.4.9.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] peer 4.4.4.9 enable

[PE2-bgp-default-ipv4] peer 4.4.4.9 label-route-capability

[PE2-bgp-default-ipv4] quit

# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv6 peer.

[PE2-bgp-default] address-family vpnv6

[PE2-bgp-default-af-vpnv6] peer 2.2.2.9 enable

[PE2-bgp-default-af-vpnv6] quit

# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 2002::2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] peer 2002::2 enable

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

6. Configure CE 2:

# Configure an IPv6 address for Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 2002::2 64

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 2002::1 as-number 600

[CE2-bgp-default] address-family ipv6 unicast

[CE2-bgp-default-ipv6] peer 2002::1 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ipv6 routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring IPv6 MPLS L3VPN inter-AS option C (method 2)

Network configuration

Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.

PE 1 and PE 2 are MP-EBGP peers and exchange VPNv6 routes.

ASBR-PE 1 and ASBR-PE 2 label the routes received from each other, use EBGP to exchange labeled IPv4 routes, and redistribute IGP and BGP routes from each other.

Figure 276 Network diagram

‌

Table 101 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	XGE3/0/1	2001::1/64		XGE3/0/1	2002::1/64
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	2001::2/64	CE 1	XGE3/0/1	2002::2/64

‌

Procedure

1. Configure CE 1:

# Configure an IPv6 address for Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001::2 64

[CE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 2001::1 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 2001::1 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Configure IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0 and enable IS-IS on it.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IPv6 address for the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001::1 64

[PE1-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 1.

[PE1] bgp 100

# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv6 peer.

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-vpnv6] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv6] quit

# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 2001::2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 2001::2 enable

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

3. Configure ASBR-PE 1:

# Enable IS-IS on ASBR-PE 1.

<ASBR-PE1> system-view

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

# Redistribute BGP routes.

[ASBR-PE1-isis-1] address-family ipv4 unicast

[ASBR-PE1-isis-1-ipv4] import-route bgp

[ASBR-PE1-isis-1-ipv4] quit

[ASBR-PE1-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# Create routing policy policy1.

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] apply mpls-label

[ASBR-PE1-route-policy-policy1-1] quit

# Enable BGP on ASBR-PE 1, and redistribute routes from IS-IS process 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] import-route isis 1

[ASBR-PE1-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export

# Enable the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability

[ASBR-PE1-bgp-default-ipv4] quit

[ASBR-PE1-bgp-default] quit

4. Configure ASBR-PE 2:

# Enable IS-IS on ASBR-PE 2.

<ASBR-PE2> system-view

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.333.333.333.333.00

# Redistribute BGP routes.

[ASBR-PE2-isis-1] address-family ipv4 unicast

[ASBR-PE2-isis-1-ipv4] import-route bgp

[ASBR-PE2-isis-1-ipv4] quit

[ASBR-PE2-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

# Create routing policy policy1.

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] apply mpls-label

[ASBR-PE1-route-policy-policy1-1] quit

# Enable BGP on ASBR-PE 2, and redistribute routes from IS-IS process 1.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] import-route isis 1

[ASBR-PE2-bgp-default-ipv4] quit

# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export

# Enable the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability

[ASBR-PE2-bgp-default-ipv4] quit

[ASBR-PE2-bgp-default] quit

5. Configure PE 2:

# Enable IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] network-entity 10.444.444.444.444.00

[PE2-isis-1] quit

# Configure an LSR ID, and enable MPLS and LDP.

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] isis enable 1

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure interface Loopback 0, and enable IS-IS on it.

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IPv6 address for the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 2002::1 64

[PE2-Ten-GigabitEthernet3/0/1] quit

# Enable BGP on PE 2.

[PE2] bgp 600

# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv6 peer.

[PE2-bgp-default] address-family vpnv6

[PE2-bgp-default-vpnv6] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv6] quit

# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 2002::2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] peer 2002::2 enable

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

6. Configure CE 2:

# Configure an IPv6 address for Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 2002::2 64

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 2002::1 as-number 600

[CE2-bgp-default] address-family ipv6 unicast

[CE2-bgp-default-ipv6] peer 2002::1 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ipv6 routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring IPv6 MPLS L3VPN carrier's carrier in the same AS

Network configuration

Configure carrier's carrier for the scenario shown in Figure 277. In this scenario:

· PE 1 and PE 2 are the provider carrier's PE routers. They provide VPN services to the customer carrier.

· CE 1 and CE 2 are the customer carrier's routers. They are connected to the provider carrier's backbone as CE routers.

· PE 3 and PE 4 are the customer carrier's PE routers. They provide IPv6 MPLS L3VPN services to end customers.

· CE 3 and CE 4 are customers of the customer carrier.

· The customer carrier and the provider carrier reside in the same AS.

The key to the carrier's carrier deployment is to configure exchange of two kinds of routes:

· Exchange of the customer carrier's internal routes on the provider carrier's backbone.

· Exchange of the end customers' internal routes between PE 3 and PE 4, the PEs of the customer carrier. In this process, an MP-IBGP peer relationship must be established between PE 3 and PE 4.

Figure 277 Network diagram

‌

Table 102 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 3	XGE3/0/1	2001:1::1/96	CE 4	XGE3/0/1	2001:2::1/96
PE 3	Loop0	1.1.1.9/32	PE 4	Loop0	6.6.6.9/32
	XGE3/0/1	2001:1::2/96		XGE3/0/1	2001:2::2/96
	XGE3/0/5	10.1.1.1/24		XGE3/0/5	20.1.1.2/24
CE 1	Loop0	2.2.2.9/32	CE 2	Loop0	5.5.5.9/32
	XGE3/0/4	10.1.1.2/24		XGE3/0/4	21.1.1.2/24
	XGE3/0/5	11.1.1.1/24		XGE3/0/5	20.1.1.1/24
PE 1	Loop0	3.3.3.9/32	PE 2	Loop0	4.4.4.9/32
	XGE3/0/4	11.1.1.2/24		XGE3/0/4	30.1.1.2/24
	XGE3/0/5	30.1.1.1/24		XGE3/0/5	21.1.1.1/24

‌

Procedure

1. Configure MPLS L3VPN on the provider carrier backbone. Configure IS-IS as the IGP, enable LDP on PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs:

# Configure PE 1.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 3.3.3.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 3.3.3.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] isis 1

[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/5] isis enable 1

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] bgp 100

[PE1-bgp-default] peer 4.4.4.9 as-number 100

[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)

# On PE 1 or PE 2, execute the following commands:

¡ Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. (Details not shown.)

¡ Execute the display isis peer command to verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. (Details not shown.)

2. Configure the customer carrier network. Configure IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:

# Configure PE 3.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 1.1.1.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 1.1.1.9

[PE3] mpls ldp

[PE3-ldp] quit

[PE3] isis 2

[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00

[PE3-isis-2] quit

[PE3] interface loopback 0

[PE3-LoopBack0] isis enable 2

[PE3-LoopBack0] quit

[PE3] interface ten-gigabitethernet 3/0/5

[PE3-Ten-GigabitEthernet3/0/5] ip address 10.1.1.1 24

[PE3-Ten-GigabitEthernet3/0/5] isis enable 2

[PE3-Ten-GigabitEthernet3/0/5] mpls enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[PE3-Ten-GigabitEthernet3/0/5] quit

# Configure CE 1.

<CE1> system-view

[CE1] interface loopback 0

[CE1-LoopBack0] ip address 2.2.2.9 32

[CE1-LoopBack0] quit

[CE1] mpls lsr-id 2.2.2.9

[CE1] mpls ldp

[CE1-ldp] quit

[CE1] isis 2

[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00

[CE1-isis-2] quit

[CE1] interface loopback 0

[CE1-LoopBack0] isis enable 2

[CE1-LoopBack0] quit

[CE1] interface ten-gigabitethernet 3/0/4

[CE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.2 24

[CE1-Ten-GigabitEthernet3/0/4] isis enable 2

[CE1-Ten-GigabitEthernet3/0/4] mpls enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[CE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface

[CE1-Ten-GigabitEthernet3/0/4] quit

PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.

# Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.)

3. Connect the customer carrier and the provider carrier:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 200:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] mpls ldp

[PE1-ldp] vpn-instance vpn1

[PE1-ldp-vpn-instance-vpn1] quit

[PE1-ldp] quit

[PE1] isis 2 vpn-instance vpn1

[PE1-isis-2] network-entity 10.0000.0000.0000.0003.00

[PE1-isis-2] address-family ipv4

[PE1-isis-2-ipv4] import-route bgp allow-ibgp

[PE1-isis-2-ipv4] quit

[PE1-isis-2] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/4] ip address 11.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/4] isis enable 2

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface

[PE1-Ten-GigabitEthernet3/0/4] quit

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] import isis 2

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure CE 1.

[CE1] interface ten-gigabitethernet 3/0/5

[CE1-Ten-GigabitEthernet3/0/5] ip address 11.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/5] isis enable 2

[CE1-Ten-GigabitEthernet3/0/5] mpls enable

[CE1-Ten-GigabitEthernet3/0/5] mpls ldp enable

[CE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface

[CE1-Ten-GigabitEthernet3/0/5] quit

PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.

# Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.)

4. Connect end customers and the customer carrier:

# Configure CE 3.

<CE3> system-view

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::1 96

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] bgp 65410

[CE3-bgp-default] peer 2001:1::2 as-number 100

[CE3-bgp-default] address-family ipv6

[CE3-bgp-default-ipv6] peer 2001:1::2 enable

[CE3-bgp-default-ipv6] import-route direct

[CE3-bgp-default-ipv6] quit

[CE3-bgp-default] quit

# Configure PE 3.

[PE3] ip vpn-instance vpn1

[PE3-vpn-instance-vpn1] route-distinguisher 100:1

[PE3-vpn-instance-vpn1] vpn-target 1:1

[PE3-vpn-instance-vpn1] quit

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE3-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::2 96

[PE3-Ten-GigabitEthernet3/0/1] quit

[PE3] bgp 100

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] peer 2001:1::1 as-number 65410

[PE3-bgp-default-vpn1] address-family ipv6 unicast

[PE3-bgp-default-ipv6-vpn1] peer 2001:1::1 enable

[PE3-bgp-default-ipv6-vpn1] quit

[PE3-bgp-default-vpn1] quit

[PE3-bgp-default] quit

# Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.)

5. Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers:

# Configure PE 3.

[PE3] bgp 100

[PE3-bgp-default] peer 6.6.6.9 as-number 100

[PE3-bgp-default] peer 6.6.6.9 connect-interface loopback 0

[PE3-bgp-default] address-family vpnv6

[PE3-bgp-default-af-vpnv6] peer 6.6.6.9 enable

[PE3-bgp-default-af-vpnv6] quit

[PE3-bgp-default] quit

# Configure PE 4 in the same way that PE 3 is configured. (Details not shown.)

Verifying the configuration

1. Display the public network routing table and VPN routing table on the provider carrier PEs, for example, on PE 1:

# Verify that the public network routing table contains only routes of the provider carrier network.

[PE1] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0

4.4.4.9/32 IS_L1 15 10 30.1.1.2 XGE3/0/5

30.1.1.0/24 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.0/32 Direct 0 0 30.1.1.1 XGE3/0/5

30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.255/32 Direct 0 0 30.1.1.1 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table contains the internal routes of the customer carrier network.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 16 Routes : 16

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 IS_L1 15 20 11.1.1.1 XGE3/0/4

2.2.2.9/32 IS_L1 15 10 11.1.1.1 XGE3/0/4

5.5.5.9/32 BGP 255 10 4.4.4.9 XGE3/0/5

6.6.6.9/32 BGP 255 20 4.4.4.9 XGE3/0/5

10.1.1.0/24 IS_L1 15 20 11.1.1.1 XGE3/0/4

11.1.1.0/24 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.0/32 Direct 0 0 11.1.1.2 XGE3/0/4

11.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.2 XGE3/0/4

20.1.1.0/24 BGP 255 20 4.4.4.9 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

2. Display the routing table on the customer carrier CEs, for example, on CE 1:

# Verify that the routing table contains the internal routes of the customer carrier network.

[CE1] display ip routing-table

Destinations : 19 Routes : 19

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 IS_L1 15 10 10.1.1.1 XGE3/0/4

2.2.2.9/32 Direct 0 0 127.0.0.1 InLoop0

5.5.5.9/32 IS_L2 15 74 11.1.1.2 XGE3/0/5

6.6.6.9/32 IS_L2 15 74 11.1.1.2 XGE3/0/5

10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/4

10.1.1.0/32 Direct 0 0 10.1.1.2 XGE3/0/4

10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/4

11.1.1.0/24 Direct 0 0 11.1.1.1 XGE3/0/5

11.1.1.0/32 Direct 0 0 11.1.1.1 XGE3/0/5

11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

11.1.1.255/32 Direct 0 0 11.1.1.1 XGE3/0/5

20.1.1.0/24 IS_L2 15 74 11.1.1.2 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

3. Display the public network routing table and VPN routing table on the customer carrier PEs, for example, on PE 3:

# Verify that the public network routing table contains the internal routes of the customer carrier network.

[PE3] display ip routing-table

Destinations : 16 Routes : 16

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.9/32 IS_L1 15 10 10.1.1.2 XGE3/0/5

5.5.5.9/32 IS_L2 15 84 10.1.1.2 XGE3/0/5

6.6.6.9/32 IS_L2 15 84 10.1.1.2 XGE3/0/5

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/5

10.1.1.0/32 Direct 0 0 10.1.1.1 XGE3/0/5

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/5

11.1.1.0/24 IS_L1 15 20 10.1.1.2 XGE3/0/5

20.1.1.0/24 IS_L2 15 84 10.1.1.2 XGE3/0/5

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the VPN routing table has the remote VPN route.

[PE3] display ipv6 routing-table vpn-instance vpn1

Destinations : 5 Routes : 5

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2001:1::/96 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 2001:1::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2001:2::/96 Protocol : BGP4+

NextHop : ::FFFF:6.6.6.9 Preference: 255

Interface : XGE3/0/5 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : InLoop0 Cost : 0

4. Verify that PE 3 and PE 4 can ping each other. (Details not shown.)

5. Verify that CE 3 and CE 4 can ping each other. (Details not shown.)

Example: Configuring HoVPN

Network configuration

There are two levels of networks, the backbone and the MPLS VPN networks, as shown in Figure 278.

· SPEs act as PEs to allow MPLS VPNs to access the backbone.

· UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs.

· Performance requirements for the UPEs are lower than those for the SPEs.

· SPEs advertise routes permitted by the routing policies to UPEs, permitting CE 1 and CE 3 in VPN 1 to communicate with each other, and forbidding CE 2 and CE 4 in VPN 2 from communicating with each other.

Figure 278 Network diagram

‌

Table 103 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	2001:1::1/96	CE 3	XGE3/0/1	2001:3::1/96
CE 2	XGE3/0/1	2001:2::1/96	CE 4	XGE3/0/1	2001:4::1/96
UPE 1	Loop0	1.1.1.9/32	UPE 2	Loop0	4.4.4.9/32
	XGE3/0/1	2001:1::2/96		XGE3/0/1	172.2.1.1/24
	XGE3/0/2	2001:2::2/96		XGE3/0/2	2001:3::2/96
	XGE3/0/3	172.1.1.1/24		XGE3/0/3	2001:4::2/96
SPE 1	Loop0	2.2.2.9/32	SPE 2	Loop0	3.3.3.9/32
	XGE3/0/1	172.1.1.2/24		XGE3/0/1	180.1.1.2/24
	XGE3/0/2	180.1.1.1/24		XGE3/0/2	172.2.1.2/24

‌

Procedure

1. Configure UPE 1:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<UPE1> system-view

[UPE1] interface loopback 0

[UPE1-LoopBack0] ip address 1.1.1.9 32

[UPE1-LoopBack0] quit

[UPE1] mpls lsr-id 1.1.1.9

[UPE1] mpls ldp

[UPE1-ldp] quit

[UPE1] interface ten-gigabitethernet 3/0/3

[UPE1-Ten-GigabitEthernet3/0/3] ip address 172.1.1.1 24

[UPE1-Ten-GigabitEthernet3/0/3] mpls enable

[UPE1-Ten-GigabitEthernet3/0/3] mpls ldp enable

[UPE1-Ten-GigabitEthernet3/0/3] quit

# Configure the IGP protocol (OSPF, in this example).

[UPE1] ospf

[UPE1-ospf-1] area 0

[UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[UPE1-ospf-1-area-0.0.0.0] quit

[UPE1-ospf-1] quit

# Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1.

[UPE1] ip vpn-instance vpn1

[UPE1-vpn-instance-vpn1] route-distinguisher 100:1

[UPE1-vpn-instance-vpn1] vpn-target 100:1 both

[UPE1-vpn-instance-vpn1] quit

[UPE1] ip vpn-instance vpn2

[UPE1-vpn-instance-vpn2] route-distinguisher 100:2

[UPE1-vpn-instance-vpn2] vpn-target 100:2 both

[UPE1-vpn-instance-vpn2] quit

[UPE1] interface ten-gigabitethernet 3/0/1

[UPE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[UPE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::2 96

[UPE1-Ten-GigabitEthernet3/0/1] quit

[UPE1] interface ten-gigabitethernet 3/0/2

[UPE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[UPE1-Ten-GigabitEthernet3/0/2] ipv6 address 2001:2::2 96

[UPE1-Ten-GigabitEthernet3/0/2] quit

# Establish an MP-IBGP peer relationship with SPE 1.

[UPE1] bgp 100

[UPE1-bgp-default] peer 2.2.2.9 as-number 100

[UPE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[UPE1-bgp-default] address-family vpnv6

[UPE1-bgp-default-vpnv6] peer 2.2.2.9 enable

[UPE1-bgp-default-vpnv6] quit

# Establish an EBGP peer relationship with CE 1.

[UPE1-bgp-default] ip vpn-instance vpn1

[UPE1-bgp-default-vpn1] peer 2001:1::1 as-number 65410

[UPE1-bgp-default-vpn1] address-family ipv6 unicast

[UPE1-bgp-default-ipv6-vpn1] peer 2001:1::1 enable

[UPE1-bgp-default-ipv6-vpn1] quit

[UPE1-bgp-default-vpn1] quit

# Establish an EBGP peer relationship with CE 2.

[UPE1-bgp-default] ip vpn-instance vpn2

[UPE1-bgp-default-vpn2] peer 2001:2::1 as-number 65420

[UPE1-bgp-default-vpn2] address-family ipv6 unicast

[UPE1-bgp-default-ipv6-vpn2] peer 2001:2::1 enable

[UPE1-bgp-default-ipv6-vpn2] quit

[UPE1-bgp-default-vpn2] quit

[UPE1-bgp-default] quit

2. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::1 96

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] bgp 65410

[CE1-bgp-default] peer 2001:1::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 2001:1::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

3. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 2001:2::1 96

[CE2-Ten-GigabitEthernet3/0/1] quit

[CE2] bgp 65420

[CE2-bgp-default] peer 2001:2::2 as-number 100

[CE2-bgp-default] address-family ipv6 unicast

[CE2-bgp-default-ipv6] peer 2001:2::2 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

4. Configure UPE 2:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<UPE2> system-view

[UPE2] interface loopback 0

[UPE2-LoopBack0] ip address 4.4.4.9 32

[UPE2-LoopBack0] quit

[UPE2] mpls lsr-id 4.4.4.9

[UPE2] mpls ldp

[UPE2-ldp] quit

[UPE2] interface ten-gigabitethernet 3/0/1

[UPE2-Ten-GigabitEthernet3/0/1] ip address 172.2.1.1 24

[UPE2-Ten-GigabitEthernet3/0/1] mpls enable

[UPE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[UPE2-Ten-GigabitEthernet3/0/1] quit

# Configure the IGP protocol (OSPF, in this example).

[UPE2] ospf

[UPE2-ospf-1] area 0

[UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[UPE2-ospf-1-area-0.0.0.0] quit

[UPE2-ospf-1] quit

# Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.

[UPE2] ip vpn-instance vpn1

[UPE2-vpn-instance-vpn1] route-distinguisher 300:1

[UPE2-vpn-instance-vpn1] vpn-target 100:1 both

[UPE2-vpn-instance-vpn1] quit

[UPE2] ip vpn-instance vpn2

[UPE2-vpn-instance-vpn2] route-distinguisher 400:2

[UPE2-vpn-instance-vpn2] vpn-target 100:2 both

[UPE2-vpn-instance-vpn2] quit

[UPE2] interface ten-gigabitethernet 3/0/2

[UPE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1

[UPE2-Ten-GigabitEthernet3/0/2] ipv6 address 2001:3::2 96

[UPE2-Ten-GigabitEthernet3/0/2] quit

[UPE2] interface ten-gigabitethernet 3/0/3

[UPE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance vpn2

[UPE2-Ten-GigabitEthernet3/0/3] ipv6 address 2001:4::2 96

[UPE2-Ten-GigabitEthernet3/0/3] quit

# Establish an MP-IBGP peer relationship with SPE 2.

[UPE2] bgp 100

[UPE2-bgp-default] peer 3.3.3.9 as-number 100

[UPE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[UPE2-bgp-default] address-family vpnv6

[UPE2-bgp-default-vpnv6] peer 3.3.3.9 enable

[UPE2-bgp-default-vpnv6] quit

# Establish an EBGP peer relationship with CE 3.

[UPE2-bgp-default] ip vpn-instance vpn1

[UPE2-bgp-default-vpn1] peer 2001:3::1 as-number 65430

[UPE2-bgp-default-vpn1] address-family ipv6 unicast

[UPE2-bgp-default-ipv6-vpn1] peer 2001:3::1 enable

[UPE2-bgp-default-ipv6-vpn1] quit

[UPE2-bgp-default-vpn1] quit

# Establish an EBGP peer relationship with CE 4.

[UPE2-bgp-default] ip vpn-instance vpn2

[UPE2-bgp-default-vpn2] peer 2001:4::1 as-number 65440

[UPE2-bgp-default-vpn2] address-family ipv6 unicast

[UPE2-bgp-default-ipv6-vpn2] peer 2001:4::1 enable

[UPE2-bgp-default-ipv6-vpn2] quit

[UPE2-bgp-default-vpn2] quit

[UPE2-bgp-default] quit

5. Configure CE 3.

<CE3> system-view

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] ipv6 address 2001:3::1 96

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] bgp 65430

[CE3-bgp-default] peer 2001:3::2 as-number 100

[CE3-bgp-default] address-family ipv6 unicast

[CE3-bgp-default-ipv6] peer 2001:3::2 enable

[CE3-bgp-default-ipv6] import-route direct

[CE3-bgp-default-ipv6] quit

[CE3-bgp-default] quit

6. Configure CE 4.

<CE4> system-view

[CE4] interface ten-gigabitethernet 3/0/1

[CE4-Ten-GigabitEthernet3/0/1] ipv6 address 2001:4::1 96

[CE4-Ten-GigabitEthernet3/0/1] quit

[CE4] bgp 65440

[CE4-bgp-default] peer 2001:4::2 as-number 100

[CE4-bgp-default] address-family ipv6 unicast

[CE4-bgp-default-ipv6] peer 2001:4::2 enable

[CE4-bgp-default-ipv6] import-route direct

[CE4-bgp-default-ipv6] quit

[CE4-bgp-default] quit

7. Configure SPE 1:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<SPE1> system-view

[SPE1] interface loopback 0

[SPE1-LoopBack0] ip address 2.2.2.9 32

[SPE1-LoopBack0] quit

[SPE1] mpls lsr-id 2.2.2.9

[SPE1] mpls ldp

[SPE1-ldp] quit

[SPE1] interface ten-gigabitethernet 3/0/1

[SPE1-Ten-GigabitEthernet3/0/1] ip address 172.1.1.2 24

[SPE1-Ten-GigabitEthernet3/0/1] mpls enable

[SPE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[SPE1-Ten-GigabitEthernet3/0/1] quit

[SPE1] interface ten-gigabitethernet 3/0/2

[SPE1-Ten-GigabitEthernet3/0/2] ip address 180.1.1.1 24

[SPE1-Ten-GigabitEthernet3/0/2] mpls enable

[SPE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[SPE1-Ten-GigabitEthernet3/0/2] quit

# Configure the IGP protocol (OSPF, in this example).

[SPE1] ospf

[SPE1-ospf-1] area 0

[SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] quit

[SPE1-ospf-1] quit

# Configure VPN instances vpn1 and vpn2.

[SPE1] ip vpn-instance vpn1

[SPE1-vpn-instance-vpn1] route-distinguisher 500:1

[SPE1-vpn-instance-vpn1] vpn-target 100:1 both

[SPE1-vpn-instance-vpn1] quit

[SPE1] ip vpn-instance vpn2

[SPE1-vpn-instance-vpn2] route-distinguisher 700:1

[SPE1-vpn-instance-vpn2] vpn-target 100:2 both

[SPE1-vpn-instance-vpn2] quit

# Establish MP-IBGP peer relationships with SPE 2 and UPE 1, and specify UPE 1 as a UPE.

[SPE1] bgp 100

[SPE1-bgp-default] peer 1.1.1.9 as-number 100

[SPE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[SPE1-bgp-default] peer 3.3.3.9 as-number 100

[SPE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[SPE1-bgp-default] address-family vpnv6

[SPE1-bgp-default-vpnv6] peer 3.3.3.9 enable

[SPE1-bgp-default-vpnv6] peer 1.1.1.9 enable

[SPE1-bgp-default-vpnv6] peer 1.1.1.9 upe

[SPE1-bgp-default-vpnv6] peer 1.1.1.9 next-hop-local

[SPE1-bgp-default-vpnv6] quit

# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv6 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

[SPE1-bgp-default] ip vpn-instance vpn1

[SPE1-bgp-default-vpn1] quit

[SPE1-bgp-default] ip vpn-instance vpn2

[SPE1-bgp-default-vpn2] quit

[SPE1-bgp-default] quit

# Advertise to UPE 1 the routes permitted by a routing policy (the routes of CE 3).

[SPE1] ip prefix-list hope index 10 permit 2001:3::1 96

[SPE1] route-policy hope permit node 0

[SPE1-route-policy-hope-0] if-match ip address prefix-list hope

[SPE1-route-policy-hope-0] quit

[SPE1] bgp 100

[SPE1-bgp-default] address-family vpnv6

[SPE1-bgp-default-vpnv6] peer 1.1.1.9 upe route-policy hope export

8. Configure SPE 2:

# Configure basic MPLS and MPLS LDP to establish LDP LSPs.

<SPE2> system-view

[SPE2] interface loopback 0

[SPE2-LoopBack0] ip address 3.3.3.9 32

[SPE2-LoopBack0] quit

[SPE2] mpls lsr-id 3.3.3.9

[SPE2] mpls ldp

[SPE2-ldp] quit

[SPE2] interface ten-gigabitethernet 3/0/1

[SPE2-Ten-GigabitEthernet3/0/1] ip address 180.1.1.2 24

[SPE2-Ten-GigabitEthernet3/0/1] mpls enable

[SPE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[SPE2-Ten-GigabitEthernet3/0/1] quit

[SPE2] interface ten-gigabitethernet 3/0/2

[SPE2-Ten-GigabitEthernet3/0/2] ip address 172.2.1.2 24

[SPE2-Ten-GigabitEthernet3/0/2] mpls enable

[SPE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[SPE2-Ten-GigabitEthernet3/0/2] quit

# Configure the IGP protocol (OSPF, in this example).

[SPE2] ospf

[SPE2-ospf-1] area 0

[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] quit

[SPE2-ospf-1] quit

# Configure VPN instances vpn1 and vpn2.

[SPE2] ip vpn-instance vpn1

[SPE2-vpn-instance-vpn1] route-distinguisher 600:1

[SPE2-vpn-instance-vpn1] vpn-target 100:1 both

[SPE2-vpn-instance-vpn1] quit

[SPE2] ip vpn-instance vpn2

[SPE2-vpn-instance-vpn2] route-distinguisher 800:1

[SPE2-vpn-instance-vpn2] vpn-target 100:2 both

[SPE2-vpn-instance-vpn2] quit

# Establish MP-IBGP peer relationships with SPE 1 and UPE 2, and specify UPE 2 as a UPE.

[SPE2] bgp 100

[SPE2-bgp-default] peer 4.4.4.9 as-number 100

[SPE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[SPE2-bgp-default] peer 2.2.2.9 as-number 100

[SPE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[SPE2-bgp-default] address-family vpnv6

[SPE2-bgp-default-vpnv6] peer 2.2.2.9 enable

[SPE2-bgp-default-vpnv6] peer 4.4.4.9 enable

[SPE2-bgp-default-vpnv6] peer 4.4.4.9 upe

[SPE2-bgp-default-vpnv6] peer 4.4.4.9 next-hop-local

[SPE2-bgp-default-vpnv6] quit

# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv6 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

[SPE2-bgp-default] ip vpn-instance vpn1

[SPE2-bgp-default-vpn1] quit

[SPE2-bgp-default] ip vpn-instance vpn2

[SPE2-bgp-default-vpn2] quit

[SPE2-bgp-default] quit

# Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1).

[SPE2] ip prefix-list hope index 10 permit 2001:1::1 96

[SPE2] route-policy hope permit node 0

[SPE2-route-policy-hope-0] if-match ip address prefix-list hope

[SPE2-route-policy-hope-0] quit

[SPE2] bgp 100

[SPE2-bgp-default] address-family vpnv6

[SPE2-bgp-default-vpnv6] peer 4.4.4.9 upe route-policy hope export

Verifying the configuration

# Verify that CE 1 and CE3 can learn each other's interface routes and can ping each other. CE 2 and CE 4 cannot learn each other's interface routes and cannot ping each other. (Details not shown.)

Example: Configuring an OSPFv3 sham link

Network configuration

As shown in Figure 279, CE 1 and CE 2 belong to VPN 1. Configure an OSPFv3 sham link between PE 1 and PE 2 so traffic between the CEs is forwarded through the MPLS backbone instead of the backdoor link.

Figure 279 Network diagram

‌

Table 104 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100::1/64	CE 2	XGE3/0/1	120::1/64
	XGE3/0/4	20::1/64		XGE3/0/4	30::2/64
PE 1	Loop0	1.1.1.9/32	PE 2	Loop0	2.2.2.9/32
	Loop1	3::3/128		Loop1	5::5/128
	XGE3/0/1	100::2/64		XGE3/0/1	120::2/64
	XGE3/0/4	10.1.1.1/24		XGE3/0/5	10.1.1.2/24
Router A	XGE3/0/5	30::1/64
	XGE3/0/4	20::2/64

‌

Procedure

1. Configure OSPFv3 on the customer networks:

# Configure conventional OSPFv3 on CE 1, Router A, and CE 2 to advertise addresses of the interfaces (see Table 104). (Details not shown.)

# Set the cost value to 2 for both the link between CE 1 and Router A, and the link between CE 2 and Router A. (Details not shown.)

# Execute the display ipv6 routing-table command to verify that CE 1 and CE 2 have learned the route to each other. (Details not shown.)

2. Configure IPv6 MPLS L3VPN on the backbone:

# Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/4] mpls enable

[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/4] quit

# Configure PE 1 to take PE 2 as an MP-IBGP peer.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.9 as-number 100

[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-vpnv6] peer 2.2.2.9 enable

[PE1-bgp-default-vpnv6] quit

[PE1-bgp-default] quit

# Configure OSPF on PE 1.

[PE1] ospf 1

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure basic MPLS and MPLS LDP on PE 2 to establish LDP LSPs.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.9 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 2.2.2.9

[PE2] mpls ldp

[PE2-ldp] quit

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 10.1.1.2 24

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure PE 2 to take PE 1 as an MP-IBGP peer.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv6

[PE2-bgp-default-vpnv6] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv6] quit

[PE2-bgp-default] quit

# Configure OSPF on PE 2.

[PE2] ospf 1

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

3. Configure PEs to allow CE access:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 1:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ipv6 address 100::2 64

[PE1-Ten-GigabitEthernet3/0/1] ospfv3 100 area 1

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] ospfv3 100

[PE1-ospfv3-100] router-id 100.1.1.1

[PE1-ospfv3-100] domain-id 10

[PE1-ospfv3-100] quit

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] import-route ospfv3 100

[PE1-bgp-default-ipv6-vpn1] import-route direct

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:2

[PE2-vpn-instance-vpn1] vpn-target 1:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 120::2 64

[PE2-Ten-GigabitEthernet3/0/1] ospfv3 100 area 1

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] ospfv3 100

[PE2-ospfv3-100] router-id 120.1.1.1

[PE2-ospfv3-100] domain-id 10

[PE2-ospfv3-100] quit

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] import-route ospfv3 100

[PE2-bgp-default-ipv6-vpn1] import-route direct

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# Execute the display ipv6 routing-table vpn-instance command on the PEs. Verify that the path to the peer CE is along the OSPFv3 route across the customer networks, instead of the IPv6 BGP route across the backbone. (Details not shown.)

4. Configure a sham link:

# Configure PE 1.

[PE1] interface loopback 1

[PE1-LoopBack1] ip binding vpn-instance vpn1

[PE1-LoopBack1] ipv6 address 3::3 128

[PE1-LoopBack1] quit

[PE1] ospfv3 100

[PE1-ospfv3-100] area 1

[PE1-ospfv3-100-area-0.0.0.1] sham-link 3::3 5::5

[PE1-ospfv3-100-area-0.0.0.1] quit

[PE1-ospfv3-100] quit

# Configure PE 2.

[PE2] interface loopback 1

[PE2-LoopBack1] ip binding vpn-instance vpn1

[PE2-LoopBack1] ipv6 address 5::5 128

[PE2-LoopBack1] quit

[PE2] ospfv3 100

[PE2-ospfv3-100] area 1

[PE2-ospfv3-100-area-0.0.0.1] sham-link 5::5 3::3

[PE2-ospfv3-100-area-0.0.0.1] quit

[PE2-ospfv3-100] quit

Verifying the configuration

# Execute the display ipv6 routing-table vpn-instance command on the PEs to verify the following results (details not shown):

· The path to the peer CE is now along the IPv6 BGP route across the backbone.

· A route to the sham link destination address exists.

# Execute the display ipv6 routing-table command on the CEs. Verify that the next hop of the OSPFv3 route to the peer CE is the interface connected to the PE (Ten-GigabitEthernet 3/0/1). This means that the VPN traffic to the peer CE is forwarded over the backbone. (Details not shown.)

# Verify that a sham link has been established on PEs, for example, on PE 1.

[PE1] display ospfv3 sham-link

OSPFv3 Process 100 with Router ID 100.1.1.1

Sham-link (Area: 0.0.0.1)

Neighbor ID State Instance ID Destination address

120.1.1.1 P-2-P 0 5::5

# Verify that the peer state is Full on PE 1.

[PE1] display ospfv3 sham-link verbose

OSPFv3 Process 100 with Router ID 100.1.1.1

Sham-link (Area: 0.0.0.1)

Source : 3::3

Destination : 5::5

Interface ID: 2147483649

Neighbor ID : 120.1.1.1, Neighbor state: Full

Cost: 1 State: P-2-P Type: Sham Instance ID: 0

Timers: Hello 10, Dead 40, Retransmit 5, Transmit delay 1

Request list: 0 Retransmit list: 0

Example: Configuring BGP AS number substitution

Network configuration

As shown in Figure 280, CE 1 and CE 2 belong to VPN 1, and are connected to PE 1 and PE 2. The two CEs have the same AS number, 600. Configure BGP AS number substitution on the PEs to avoid route loss.

Figure 280 Network diagram

‌

Table 105 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10:1::2/96	P	Loop0	2.2.2.9/32
	XGE3/0/2	100::1/96		XGE3/0/1	20.1.1.2/24
PE 1	Loop0	10.1.1.1/32		XGE3/0/2	30.1.1.1/24
	XGE3/0/1	10:1::1/96	PE 2	Loop0	10.1.1.2/32
	XGE3/0/2	20.1.1.1/24		XGE3/0/1	10:2::1/96
CE 2	XGE3/0/1	10:2::2/96		XGE3/0/2	30.1.1.2/24
	XGE3/0/2	200::1/96

‌

Procedure

1. Configure basic IPv6 MPLS L3VPN:

¡ Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.

¡ Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.

¡ Establish an MP-IBGP peer relationship between the PEs to advertise VPN IPv6 routes.

¡ Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network.

¡ Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network.

¡ Configure BGP as the PE-CE routing protocol, and redistribute routes of the CEs into the PEs.

For more information about basic IPv6 MPLS L3VPN configurations, see "Example: Configuring IPv6 MPLS L3VPNs."

# Execute the display ipv6 routing-table command on CE 2 to verify that CE 2 has not learned the route to the VPN (100::/96) behind CE 1.

<CE2> display ipv6 routing-table

Destinations : 5 Routes : 5

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 10:2::/96 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 10:2::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 200::/96 Protocol : Static

NextHop : :: Preference: 60

Interface : NULL0 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

# Execute the display ipv6 routing-table command on CE 1 to verify that CE 1 has not learned the route to the VPN behind CE 2. (Details not shown.)

# Execute the display ipv6 routing-table vpn-instance command on the PEs. The output shows the route to the VPN behind the peer CE. This example uses PE 2.

<PE2> display ipv6 routing-table vpn-instance vpn1

Destinations : 6 Routes : 6

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 10:2::/96 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 10:2::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 100::/96 Protocol : BGP4+

NextHop : ::FFFF:10.1.1.1 Preference: 255

Interface : XGE3/0/2 Cost : 0

Destination: 200::/96 Protocol : BGP4+

NextHop : 10:2::2 Preference: 255

Interface : XGE3/0/1 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

# Enable BGP update packet debugging on PE 2. The output shows that PE 2 has advertised the route for 100::/96, and the AS_PATH is 100 600.

<PE2> terminal monitor

<PE2> terminal logging level 7

<PE2> debugging bgp update vpn-instance vpn1 10:2::2 ipv6

<PE2> refresh bgp all export ipv6 vpn-instance vpn1

*Jun 13 16:12:52:096 2012 PE2 BGP/7/DEBUG:

BGP_IPV6.vpn1: Send UPDATE to update-group 0 for following destinations:

Origin : Incomplete

AS path : 100 600

Next hop : ::FFFF:10.1.1.1

100::/96,

*Jun 13 16:12:53:024 2012 PE2 BGP/7/DEBUG:

BGP.vpn1: Send UPDATE MSG to peer 10:2::2(IPv6-UNC) NextHop: 10:2::1.

# Execute the display bgp routing-table ipv6 peer received-routes command on CE 2 to verify that CE 2 has not received the route to 100::/96.

<CE2> display bgp routing-table ipv6 peer 10:2::1 received-routes

Total number of routes: 0

2. Configure BGP AS number substitution:

# Configure BGP AS number substitution on PE 1.

<PE1> system-view

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10:1::2 substitute-as

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure BGP AS number substitution on PE 2.

<PE2> system-view

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10:2::2 substitute-as

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

Verifying the configuration

# The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100::/96 has changed from 100 600 to 100 100.

*Jun 27 18:07:34:420 2013 PE2 BGP/7/DEBUG:

BGP_IPV6.vpn1: Send UPDATE to peer 10:2::2 for following destinations:

Origin : Incomplete

AS path : 100 100

Next hop : 10:2::1

100::/96,

# Display again the routing information that CE 2 has received, and the routing table. The output shows that CE 2 has learned the route 100::/96.

<CE2> display bgp routing-table ipv6 peer 10:2::1 received-routes

Total number of routes: 1

BGP local router ID is 12.1.1.3

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

* >e Network : 100:: PrefixLen : 96

NextHop : 10:2::1 LocPrf :

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: 100 100?

<CE2> display ipv6 routing-table

Destinations : 6 Routes : 6

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 10:2::/96 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 10:2::2/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 100::/96 Protocol : BGP4+

NextHop : 10:2::1 Preference: 255

Interface : XGE3/0/1 Cost : 0

Destination: 200::/96 Protocol : Static

NextHop : :: Preference: 60

Interface : NULL0 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

# Verify that Ten-GigabitEthernet 3/0/2 of CE 1 and Ten-GigabitEthernet 3/0/2 of CE 2 can ping each other. (Details not shown.)

Example: Configuring BGP AS number substitution and SoO attribute

Network configuration

CE 1, CE 2, and CE 3 belong to VPN 1, and are connected to PE1, PE 2, and PE 3. CE 1 and CE 2 reside in the same site. CE1, CE2, and CE 3 all use AS number 600.

To avoid route loss, configure BGP AS number substitution on PEs.

To avoid routing loops, configure the same SoO attribute on PE 1 and PE 2 for CE 1 and CE 2.

Figure 281 Network diagram

‌

Table 106 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	Loop0	100::1/96	CE 3	Loop0	200::1/96
	XGE3/0/1	10:1::1/96		XGE3/0/1	10:3::1/96
CE 2	XGE3/0/1	10:2::1/96	PE 2	Loop0	2.2.2.9/32
PE 1	Loop0	1.1.1.9/32		XGE3/0/1	10:2::2/96
	XGE3/0/1	10:1::2/96		XGE3/0/2	40.1.1.1/24
	XGE3/0/2	20.1.1.1/24		XGE3/0/3	20.1.1.2/24
	XGE3/0/3	30.1.1.1/24	P	Loop0	3.3.3.9/32
PE 3	Loop0	4.4.4.9/32		XGE3/0/1	30.1.1.2/24
	XGE3/0/1	10:3::2/96		XGE3/0/2	40.1.1.2/24
	XGE3/0/2	50.1.1.2/24		XGE3/0/3	50.1.1.1/24

‌

Procedure

1. Configure basic IPv6 MPLS L3VPN:

¡ Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.

¡ Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.

¡ Establish an MP-IBGP peer relationship between the PEs to advertise VPN IPv6 routes.

¡ Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network.

¡ Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network.

¡ Configure the VPN instance of VPN 1 on PE 3 to allow CE 3 to access the network.

¡ Configure BGP as the PE-CE routing protocol, and redistribute routes of the CEs into the PEs.

For more information about basic MPLS L3VPN configurations, see "Example: Configuring IPv6 MPLS L3VPNs."

2. Configure BGP AS number substitution:

# Configure BGP AS number substitution on PE 1, PE 2, and PE 3. For more information about the configuration, see "Example: Configuring BGP AS number substitution."

# Display routing information on CE 2. The output shows that CE 2 has learned the route 100::/96 from CE 1. A routing loop has occurred because CE 1 and CE 2 reside in the same site.

<CE2> display bgp routing-table ipv6 peer 10:2::2 received-routes

Total number of routes: 2

BGP local router ID is 12.1.1.3

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

* >e Network : 100:: PrefixLen : 96

NextHop : 10:2::2 LocPrf :

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: 100 100?

* >e Network : 200:: PrefixLen : 96

NextHop : 10:2::2 LocPrf :

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: 100 100?

3. Configure BGP SoO attribute:

# On PE 1, configure the SoO attribute as 1:100 for CE 1.

<PE1> system-view

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv6

[PE1-bgp-default-ipv6-vpn1] peer 10:1::1 soo 1:100

# On PE 2, configure the SoO attribute as 1:100 for CE 2.

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv6

[PE2-bgp-default-ipv6-vpn1] peer 10:2::1 soo 1:100

Verifying the configuration

# PE 2 does not advertise routes received from CE 1 to CE 2 because the same SoO attribute has been configured. Display the routing table of CE 2. The output shows that the route 100::/96 has been removed.

<CE2> display ipv6 routing-table

Destinations : 4 Routes : 4

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 10:2::/96 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 10:2::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 200::/96 Protocol : Static

NextHop : :: Preference: 60

Interface : NULL0 Cost : 0

MPLS L2VPN configuration examples

Example: Configuring local MPLS L2VPN connections

Network configuration

Configure local MPLS L2VPN connections between the PE and CEs to allow Layer 2 communication between CE 1 and CE 2.

Figure 282 Network diagram

‌

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

3. Configure PE:

# Enable L2VPN.

<PE> system-view

[PE] l2vpn enable

# Create a cross-connect group named vpn1, create a cross-connect named vpn1 in the group, and bind Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to the cross-connect.

[PE] xconnect-group vpn1

[PE-xcg-vpn1] connection vpn1

[PE-xcg-vpn1-vpn1] ac interface ten-gigabitethernet 3/0/1

[PE-xcg-vpn1-vpn1-Ten-GigabitEthernet3/0/1] quit

[PE-xcg-vpn1-vpn1] ac interface ten-gigabitethernet 3/0/2

[PE-xcg-vpn1-vpn1-Ten-GigabitEthernet3/0/2] quit

[PE-xcg-vpn1-vpn1] quit

[PE-xcg-vpn1] quit

Verifying the configuration

# Verify that two AC forwarding entries exist on the PE.

[PE] display l2vpn forwarding ac

Total number of cross-connections: 1

Total number of ACs: 2

AC Xconnect-group Name Link ID

XGE3/0/1 vpn1 0

XGE3/0/2 vpn1 1

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring a static PW

Network configuration

Create a static PW between PE 1 and PE 2 over the backbone to allow communication between CE 1 and CE 2.

Figure 283 Network diagram

‌

Table 107 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	P	Loop0	192.4.4.4/32
PE 1	Loop0	192.2.2.2/32		XGE3/0/1	10.1.1.2/24
	XGE3/0/1	-		XGE3/0/2	10.2.2.2/24
	XGE3/0/2	10.1.1.1/24	PE 2	Loop0	192.3.3.3/32
CE 2	XGE3/0/1	100.1.1.2/24		XGE3/0/1	-
				XGE3/0/2	10.2.2.1/24

‌

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 1:

# Configure an LSR ID.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 192.2.2.2 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 192.2.2.2

# Enable L2VPN.

[PE1] l2vpn enable

# Enable global LDP.

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to the P device), and enable LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Create a cross-connect group named vpna, create a cross-connect named svc in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE1] xconnect-group vpna

[PE1-xcg-vpna] connection svc

[PE1-xcg-vpna-svc] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpna-svc-Ten-GigabitEthernet3/0/1] quit

# Create a static PW for the cross-connect to bind the AC to the PW.

[PE1-xcg-vpna-svc] peer 192.3.3.3 pw-id 3 in-label 100 out-label 200

[PE1-xcg-vpna-svc-192.3.3.3-3] quit

[PE1-xcg-vpna-svc] quit

[PE1-xcg-vpna] quit

3. Configure the P device:

# Configure an LSR ID.

system-view

[P] interface loopback 0

[P-LoopBack0] ip address 192.4.4.4 32

[P-LoopBack0] quit

[P] mpls lsr-id 192.4.4.4

# Enable global LDP.

[P] mpls ldp

[P-ldp] quit

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to PE 1), and enable LDP on the interface.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 2), and enable LDP on the interface.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ip address 10.2.2.2 24

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

4. Configure PE 2:

# Configure an LSR ID.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 192.3.3.3 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 192.3.3.3

# Enable L2VPN.

[PE2] l2vpn enable

# Enable globally LDP.

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to the P device), and enable LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.2.2.1 24

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Create a cross-connect group named vpna, create a cross-connect named svc in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE2] xconnect-group vpna

[PE2-xcg-vpna] connection svc

[PE2-xcg-vpna-svc] ac interface ten-gigabitethernet 3/0/1

[PE2-xcg-vpna-svc-Ten-GigabitEthernet3/0/1] quit

# Create a static PW for the cross-connect to bind the AC to the PW.

[PE2-xcg-vpna-svc] peer 192.2.2.2 pw-id 3 in-label 200 out-label 100

[PE2-xcg-vpna-svc-192.2.2.2-3] quit

[PE2-xcg-vpna-svc] quit

[PE2-xcg-vpna] quit

5. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that a static PW has been established on PE 1.

[PE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpna

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.3.3.3 3 100/200 Static M 0 Up

# Verify that a static PW has been established on PE 2.

[PE2] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpna

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.2.2.2 3 200/100 Static M Up

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring an LDP PW

Network configuration

Create an LDP PW between PE 1 and PE 2 over the backbone to allow communication between CE 1 and CE 2.

Figure 284 Network diagram

‌

Table 108 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	P	Loop0	192.4.4.4/32
PE 1	Loop0	192.2.2.2/32		XGE3/0/1	10.1.1.2/24
	XGE3/0/1	-		XGE3/0/2	10.2.2.2/24
	XGE3/0/2	10.1.1.1/24	PE 2	Loop0	192.3.3.3/32
CE 2	XGE3/0/1	100.1.1.2/24		XGE3/0/1	-
				XGE3/0/2	10.2.2.1/24

‌

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 1:

# Configure an LSR ID.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 192.2.2.2 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 192.2.2.2

# Enable L2VPN.

[PE1] l2vpn enable

# Enable global LDP.

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to the P device), and enable LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE1] xconnect-group vpna

[PE1-xcg-vpna] connection ldp

[PE1-xcg-vpna-ldp] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpna-ldp-Ten-GigabitEthernet3/0/1] quit

# Create an LDP PW for the cross-connect to bind the AC to the PW.

[PE1-xcg-vpna-ldp] peer 192.3.3.3 pw-id 3

[PE1-xcg-vpna-ldp-192.3.3.3-3] quit

[PE1-xcg-vpna-ldp] quit

[PE1-xcg-vpna] quit

3. Configure the P device:

# Configure an LSR ID.

system-view

[P] interface loopback 0

[P-LoopBack0] ip address 192.4.4.4 32

[P-LoopBack0] quit

[P] mpls lsr-id 192.4.4.4

# Enable global LDP.

[P] mpls ldp

[P-ldp] quit

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to PE 1), and enable LDP on the interface.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 2), and enable LDP on the interface.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ip address 10.2.2.2 24

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

4. Configure PE 2:

# Configure an LSR ID.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 192.3.3.3 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 192.3.3.3

# Enable L2VPN.

[PE2] l2vpn enable

# Enable global LDP.

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to the P device), and enable LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.2.2.1 24

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE2] xconnect-group vpna

[PE2-xcg-vpna] connection ldp

[PE2-xcg-vpna-ldp] ac interface ten-gigabitethernet 3/0/1

[PE2-xcg-vpna-ldp-Ten-GigabitEthernet3/0/1] quit

# Create an LDP PW for the cross-connect to bind the AC to the PW.

[PE2-xcg-vpna-ldp] peer 192.2.2.2 pw-id 3

[PE2-xcg-vpna-ldp-192.2.2.2-3] quit

[PE2-xcg-vpna-ldp] quit

[PE2-xcg-vpna] quit

5. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that an LDP PW has been established on PE 1.

[PE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpna

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.3.3.3 3 1279/1279 LDP M 1 Up

# Verify that an LDP PW has been established on PE 2.

[PE2] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpna

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.2.2.2 3 1279/1279 LDP M 1 Up

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring a BGP PW

Network configuration

Create a BGP PW between PE 1 and PE 2 to allow communication between CE 1 and CE 2.

Figure 285 Network diagram

‌

Table 109 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	P	Loop0	192.4.4.4/32
PE 1	Loop0	192.2.2.2/32		XGE3/0/1	10.1.1.2/24
	XGE3/0/1	-		XGE3/0/2	10.2.2.2/24
	XGE3/0/2	10.1.1.1/24	PE 2	Loop0	192.3.3.3/32
CE 2	XGE3/0/1	100.1.1.2/24		XGE3/0/1	-
				XGE3/0/2	10.2.2.1/24

‌

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 1:

# Configure an LSR ID.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 192.2.2.2 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 192.2.2.2

# Enable L2VPN.

[PE1] l2vpn enable

# Enable global LDP.

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to the P device), and enable LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Create an IBGP connection to PE 2, and enable BGP to advertise L2VPN information to PE 2.

[PE1] bgp 100

[PE1-bgp-default] peer 192.3.3.3 as-number 100

[PE1-bgp-default] peer 192.3.3.3 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn

[PE1-bgp-default-l2vpn] peer 192.3.3.3 enable

[PE1-bgp-default-l2vpn] quit

[PE1-bgp-default] quit

# Create a cross-connect group named vpnb, create a local site named site 1, and create a BGP PW from site 1 to remote site site 2.

[PE1] xconnect-group vpnb

[PE1-xcg-vpnb] auto-discovery bgp

[PE1-xcg-vpnb-auto] route-distinguisher 2:2

[PE1-xcg-vpnb-auto] vpn-target 2:2 export-extcommunity

[PE1-xcg-vpnb-auto] vpn-target 2:2 import-extcommunity

[PE1-xcg-vpnb-auto] site 1 range 10 default-offset 0

[PE1-xcg-vpnb-auto-1] connection remote-site-id 2

# Bind Ten-GigabitEthernet 3/0/1 to the PW.

[PE1-xcg-vpnb-auto-1-2] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpnb-auto-1-2] return

3. Configure the P device:

# Configure an LSR ID.

system-view

[P] interface loopback 0

[P-LoopBack0] ip address 192.4.4.4 32

[P-LoopBack0] quit

[P] mpls lsr-id 192.4.4.4

# Enable global LDP.

[P] mpls ldp

[P-ldp] quit

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to PE 1), and enable LDP on the interface.

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 2), and enable LDP on the interface.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ip address 10.2.2.2 24

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

4. Configure PE 2:

# Configure an LSR ID.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 192.3.3.3 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 192.3.3.3

# Enable L2VPN.

[PE2] l2vpn enable

# Enable global LDP.

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to the P device), and enable LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 10.2.2.1 24

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Create an IBGP connection to PE 1, and enable BGP to advertise L2VPN information to PE 1.

[PE2] bgp 100

[PE2-bgp-default] peer 192.2.2.2 as-number 100

[PE2-bgp-default] peer 192.2.2.2 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn

[PE2-bgp-default-l2vpn] peer 192.2.2.2 enable

[PE2-bgp-default-l2vpn] quit

[PE2-bgp-default] quit

# Create a cross-connect group named vpnb, create a local site named site 2, and create a BGP PW from site 2 to remote site site 1.

[PE2] xconnect-group vpnb

[PE2-xcg-vpnb] auto-discovery bgp

[PE2-xcg-vpnb-auto] route-distinguisher 2:2

[PE2-xcg-vpnb-auto] vpn-target 2:2 export-extcommunity

[PE2-xcg-vpnb-auto] vpn-target 2:2 import-extcommunity

[PE2-xcg-vpnb-auto] site 2 range 10 default-offset 0

[PE2-xcg-vpnb-auto-2] connection remote-site-id 1

# Bind Ten-GigabitEthernet 3/0/1 to the PW.

[PE2-xcg-vpnb-auto-2-1] ac interface ten-gigabitethernet 3/0/1

[PE2-xcg-vpnb-auto-2-1] return

5. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that a BGP PW has been established on PE 1.

<PE1> display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpnb

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.3.3.3 2 1036/1025 BGP M 1 Up

# Verify that a BGP PW has been established on PE 2.

<PE2> display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpnb

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.2.2.2 1 1025/1036 BGP M 1 Up

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring a bypass PW

Network configuration

Create two LDP PWs to implement PW redundancy between CE 1 and CE 2. The primary PW goes through PE 1—PE 2. The backup PW goes through PE 1—PE 3. When the primary PW fails, CE 1 and CE 2 communicate through the backup PW.

Create a bypass PW between PE 2 and PE 3 to forward traffic when a primary/backup PW switchover occurs.

Figure 286 Network diagram

‌

Table 110 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	192.1.1.1/24	PE 2	Loop0	2.2.2.2/32
PE 1	Loop0	1.1.1.1/32		XGE3/0/1	10.1.1.2/24
	XGE3/0/2	10.1.1.1/24		XGE3/0/3	10.1.3.1/24
	XGE3/0/3	10.1.2.1/24	PE 3	Loop0	3.3.3.3/32
CE 2	RAGG1	192.1.1.2/24		XGE3/0/1	10.1.2.2/24

‌

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 192.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 1:

# Configure an LSR ID.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.1 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.1

# Enable L2VPN.

[PE1] l2vpn enable

# Enable global LDP.

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 2), and enable MPLS and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3 (the interface connected to PE 3), and enable MPLS and LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.1.2.1 24

[PE1-Ten-GigabitEthernet3/0/3] mpls enable

[PE1-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/3] quit

# Configure OSPF for LDP to create LSPs.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 10.1.2.1 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE1] xconnect-group vpna

[PE1-xcg-vpna] connection ldp

[PE1-xcg-vpna-ldp] ac interface Ten-GigabitEthernet 3/0/1

[PE1-xcg-vpna-ldp-Ten-GigabitEthernet3/0/1] quit

# Create an LDP PW for the cross-connect to bind the AC to the PW, create a backup PW for the LDP PW, and enable the dual receive feature for PW redundancy.

[PE1-xcg-vpna-ldp] protection dual-receive

[PE1-xcg-vpna-ldp] peer 2.2.2.2 pw-id 11

[PE1-xcg-vpna-ldp-2.2.2.2-11] backup-peer 3.3.3.3 pw-id 22

[PE1-xcg-vpna-ldp-2.2.2.2-11-backup] quit

[PE1-xcg-vpna-ldp-2.2.2.2-11] quit

[PE1-xcg-vpna-ldp] quit

[PE1-xcg-vpna] quit

3. Configure CE 2:

# Create Layer 3 aggregate interface Route-Aggregation 1, use the static aggregation mode (the default), and configure the IP address and subnet mask for the aggregate interface.

<CE2> system-view

[CE2] interface route-aggregation 1

[CE2-Route-Aggregation1] ip address 192.1.1.2 24

[CE2-Route-Aggregation1] quit

# Add interfaces Ten-GigabitEthernet 3/0/2 and Ten-GigabitEthernet 3/0/3 to Layer 3 aggregation group 1.

[CE2] interface ten-gigabitethernet 3/0/2

[CE2-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[CE2-Ten-GigabitEthernet3/0/2] quit

[CE2] interface ten-gigabitethernet 3/0/3

[CE2-Ten-GigabitEthernet3/0/3] port link-aggregation group 1

[CE2-Ten-GigabitEthernet3/0/3] quit

4. Configure PE 2:

# Configure an LSR ID.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.2 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 2.2.2.2

# Enable L2VPN.

[PE2] l2vpn enable

# Enable global LDP.

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to PE 1), and enable MPLS and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/3 (the interface connected to PE 3), and enable MPLS and LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip address 10.1.3.1 24

[PE2-Ten-GigabitEthernet3/0/3] mpls enable

[PE2-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/3] quit

# Configure OSPF for LDP to create LSPs.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 10.1.3.1 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/2 to the cross-connect.

[PE2] xconnect-group vpna

[PE2-xcg-vpna] connection ldp

[PE2-xcg-vpna-ldp] ac interface ten-gigabitethernet 3/0/2

[PE2-xcg-vpna-ldp-Ten-GigabitEthernet3/0/2] quit

# Create an LDP PW for the cross-connect to bind the AC to the PW, and create a bypass PW for the LDP PW.

[PE2-xcg-vpna-ldp] peer 1.1.1.1 pw-id 11

[PE2-xcg-vpna-ldp-1.1.1.1-11] bypass-peer 3.3.3.3 pw-id 33

[PE2-xcg-vpna-ldp-1.1.1.1-11-bypass] quit

[PE2-xcg-vpna-ldp-1.1.1.1-11] quit

[PE2-xcg-vpna-ldp] quit

[PE2-xcg-vpna] quit

5. Configure PE 3:

# Configure an LSR ID.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 3.3.3.3 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 3.3.3.3

# Enable L2VPN.

[PE3] l2vpn enable

# Enable global LDP.

[PE3] mpls ldp

[PE3-ldp] quit

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to PE 1), and enable MPLS and LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip address 10.1.2.2 24

[PE3-Ten-GigabitEthernet3/0/1] mpls enable

[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 2), and enable MPLS and LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip address 10.1.3.2 24

[PE3-Ten-GigabitEthernet3/0/2] mpls enable

[PE3-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE3] ospf

[PE3-ospf-1] area 0

[PE3-ospf-1-area-0.0.0.0] network 10.1.2.2 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 10.1.3.2 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

# Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/3 to the cross-connect.

[PE3] xconnect-group vpna

[PE3-xcg-vpna] connection ldp

[PE3-xcg-vpna-ldp] ac interface ten-gigabitethernet 3/0/3

[PE3-xcg-vpna-ldp-Ten-GigabitEthernet3/0/3] quit

# Create an LDP PW for the cross-connect to bind the AC to the PW, and create a bypass PW for the LDP PW.

[PE3-xcg-vpna-ldp] peer 1.1.1.1 pw-id 22

[PE3-xcg-vpna-ldp-1.1.1.1-22] bypass-peer 2.2.2.2 pw-id 33

[PE3-xcg-vpna-ldp-1.1.1.1-22-bypass] quit

[PE3-xcg-vpna-ldp-1.1.1.1-22] quit

[PE3-xcg-vpna-ldp] quit

[PE3-xcg-vpna] quit

Example: Configuring an intra-domain multi-segment PW

Network configuration

As shown in Figure 287, there is no public tunnel between PE 1 and PE 2. There is an MPLS TE tunnel between PE 1 and P, and an MPLS TE tunnel between P and PE 2.

Configure a multi-segment PW within the backbone to allow communication between CE 1 and CE 2. The multi-segment PW includes an LDP PW between PE 1 and P, and a static PW between P and PE 2. The two PWs are concatenated on P.

Figure 287 Network diagram

‌

Table 111 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	P	Loop0	192.4.4.4/32
PE 1	Loop0	192.2.2.2/32		XGE3/0/1	23.1.1.2/24
	XGE3/0/2	23.1.1.1/24		XGE3/0/2	26.2.2.2/24
CE 2	XGE3/0/1	100.1.1.2/24	PE 2	Loop0	192.3.3.3/32
				XGE3/0/2	26.2.2.1/24

‌

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 1:

# Configure an LSR ID.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 192.2.2.2 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 192.2.2.2

# Enable L2VPN.

[PE1] l2vpn enable

# Enable LDP globally.

[PE1] mpls ldp

[PE1-ldp] quit

# Configure MPLS TE to establish an MPLS TE tunnel between PE 1 and P. For more information, see "Configuring MPLS TE."

# Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE1] xconnect-group vpn1

[PE1-xcg-vpn1] connection ldp

[PE1-xcg-vpn1-ldp] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpn1-ldp-Ten-GigabitEthernet3/0/1] quit

# Create an LDP PW for the cross-connect to bind the AC to the PW.

[PE1-xcg-vpn1-ldp] peer 192.4.4.4 pw-id 1000

[PE1-xcg-vpn1-ldp-192.4.4.4-1000] quit

[PE1-xcg-vpn1-ldp] quit

[PE1-xcg-vpn1] quit

3. Configure the P device:

# Configure an LSR ID.

system-view

[P] interface loopback 0

[P-LoopBack0] ip address 192.4.4.4 32

[P-LoopBack0] quit

[P] mpls lsr-id 192.4.4.4

# Enable L2VPN.

[P] l2vpn enable

# Enable LDP globally.

[P] mpls ldp

[P-ldp] quit

# Create a PW class named pwa, and configure the PW data encapsulation type as ethernet.

[P] pw-class pwa

[P-pw-class-pwa] pw-type ethernet

[P-pw-class-pwa] quit

# Configure MPLS TE to establish an MPLS TE tunnel between PE 1 and P, and between P and PE 2. For more information, see "Configuring MPLS TE."

# Create a cross-connect group named vpn1, create a cross-connect named ldpsvc in the group, and create an LDP PW and a static PW for the cross-connect to form a multi-segment PW.

[P] xconnect-group vpn1

[P-xcg-vpn1] connection ldpsvc

[P-xcg-vpn1-ldpsvc] peer 192.2.2.2 pw-id 1000 pw-class pwa

[P-xcg-vpn1-ldpsvc-192.2.2.2-1000] quit

[P-xcg-vpn1-ldpsvc] peer 192.3.3.3 pw-id 1000 in-label 100 out-label 200 pw-class pwa

[P-xcg-vpn1-ldpsvc-192.3.3.3-1000] quit

[P-xcg-vpn1-ldpsvc] quit

[P-xcg-vpn1] quit

4. Configure PE 2:

# Configure an LSR ID.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 192.3.3.3 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 192.3.3.3

# Enable L2VPN.

[PE2] l2vpn enable

# Configure MPLS TE to establish an MPLS TE tunnel between P and PE 2. For more information, see "Configuring MPLS TE."

# Create a cross-connect group named vpn1, create a cross-connect named svc in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE2] xconnect-group vpn1

[PE2-xcg-vpn1] connection svc

[PE2-xcg-vpn1-svc] ac interface ten-gigabitethernet 3/0/1

[PE2-xcg-vpn1-svc-Ten-GigabitEthernet3/0/1] quit

# Create a static PW for the cross-connect to bind the AC to the PW.

[PE2-xcg-vpn1-svc] peer 192.4.4.4 pw-id 1000 in-label 200 out-label 100

[PE2-xcg-vpn1-svc-192.4.4.4-1000] quit

[PE2-xcg-vpn1-svc] quit

[PE2-xcg-vpn1] quit

5. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that two PWs have been created to form a multi-segment PW on the P device.

[P] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 2

2 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpn1

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.2.2.2 1000 1279/1150 LDP M 0 Up

192.3.3.3 1000 100/200 Static M 1 Up

# Verify that a PW has been created on PE 1.

[PE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpn1

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.4.4.4 1000 1150/1279 LDP M 1 Up

# Verify that a PW has been created on PE 2.

[PE2] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpn1

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.4.4.4 1000 200/100 Static M 1 Up

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring an inter-domain multi-segment PW

Network configuration

PE 1 and ASBR 1 belong to AS 100. PE 2 and ASBR 2 belong to AS 200.

Set up an inter-domain multi-segment PW (a method for inter-AS Option B networking) within the backbone to allow communication between CE 1 and CE 2.

Configure the inter-domain multi-segment PW as follows:

· Configure LDP PWs between PE 1 and ASBR 1, and between PE 2 and ASBR 2, and configure public tunnels through LDP to carry the PWs.

· Configure an LDP PW between ASBR 1 and ASBR 2. Advertise labeled IPv4 routes between ASBR 1 and ASBR 2 through BGP to set up the public tunnel to carry the LDP PW.

· Concatenate the two PWs on ASBR 1.

· Concatenate the two PWs on ASBR 2.

Figure 288 Network diagram

‌

Table 112 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	ASBR 1	Loop0	192.2.2.2/32
PE 1	Loop0	192.1.1.1/32		XGE3/0/2	23.1.1.2/24
	XGE3/0/2	23.1.1.1/24		XGE3/0/1	26.2.2.2/24
PE 2	Loop0	192.4.4.4/32	ASBR 2	Loop0	192.3.3.3/32
	XGE3/0/2	22.2.2.1/24		XGE3/0/1	26.2.2.3/24
CE 2	XGE3/0/1	100.1.1.2/24		XGE3/0/2	22.2.2.3/24

‌

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 1:

# Configure an LSR ID.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 192.1.1.1 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 192.1.1.1

# Enable L2VPN.

[PE1] l2vpn enable

# Enable global LDP.

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to ASBR 1), and enable LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 23.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 192.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE1] xconnect-group vpn1

[PE1-xcg-vpn1] connection ldp

[PE1-xcg-vpn1-ldp] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpn1-ldp-Ten-GigabitEthernet3/0/1] quit

# Create an LDP PW for the cross-connect to bind the AC to the PW.

[PE1-xcg-vpn1-ldp] peer 192.2.2.2 pw-id 1000

[PE1-xcg-vpn1-ldp-192.2.2.2-1000] quit

[PE1-xcg-vpn1-ldp] quit

[PE1-xcg-vpn1] quit

3. Configure ASBR 1:

# Configure an LSR ID.

<ASBR1> system-view

[ASBR1] interface loopback 0

[ASBR1-LoopBack0] ip address 192.2.2.2 32

[ASBR1-LoopBack0] quit

[ASBR1] mpls lsr-id 192.2.2.2

# Enable L2VPN.

[ASBR1] l2vpn enable

# Enable global LDP.

[ASBR1] mpls ldp

[ASBR1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 1), and enable LDP on the interface.

[ASBR1] interface ten-gigabitethernet 3/0/2

[ASBR1-Ten-GigabitEthernet3/0/2] ip address 23.1.1.2 24

[ASBR1-Ten-GigabitEthernet3/0/2] mpls enable

[ASBR1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[ASBR1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to ASBR 2), and enable MPLS on the interface.

[ASBR1] interface ten-gigabitethernet 3/0/1

[ASBR1-Ten-GigabitEthernet3/0/1] ip address 26.2.2.2 24

[ASBR1-Ten-GigabitEthernet3/0/1] mpls enable

[ASBR1-Ten-GigabitEthernet3/0/1] quit

# Configure OSPF for LDP to create LSPs.

[ASBR1] ospf

[ASBR1-ospf-1] area 0

[ASBR1-ospf-1-area-0.0.0.0] network 23.1.1.2 0.0.0.255

[ASBR1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0

[ASBR1-ospf-1-area-0.0.0.0] quit

[ASBR1-ospf-1] quit

# Configure BGP to advertise labeled routes on ASBR 1.

[ASBR1] bgp 100

[ASBR1-bgp-default] peer 26.2.2.3 as-number 200

[ASBR1-bgp-default] address-family ipv4 unicast

[ASBR1-bgp-default-ipv4] import-route direct

[ASBR1-bgp-default-ipv4] peer 26.2.2.3 enable

[ASBR1-bgp-default-ipv4] peer 26.2.2.3 route-policy policy1 export

[ASBR1-bgp-default-ipv4] peer 26.2.2.3 label-route-capability

[ASBR1-bgp-default-ipv4] quit

[ASBR1-bgp-default] quit

[ASBR1] route-policy policy1 permit node 1

[ASBR1-route-policy-policy1-1] apply mpls-label

[ASBR1-route-policy-policy1-1] quit

# Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segment PW.

[ASBR1] xconnect-group vpn1

[ASBR1-xcg-vpn1] connection ldp

[ASBR1-xcg-vpn1-ldp] peer 192.1.1.1 pw-id 1000

[ASBR1-xcg-vpn1-ldp-192.1.1.1-1000] quit

[ASBR1-xcg-vpn1-ldp] peer 192.3.3.3 pw-id 1000

[ASBR1-xcg-vpn1-ldp-192.3.3.3-1000] quit

[ASBR1-xcg-vpn1-ldp] quit

[ASBR1-xcg-vpn1] quit

4. Configure ASBR 2:

# Configure an LSR ID.

<ASBR2> system-view

[ASBR2] interface loopback 0

[ASBR2-LoopBack0] ip address 192.3.3.3 32

[ASBR2-LoopBack0] quit

[ASBR2] mpls lsr-id 192.3.3.3

# Enable L2VPN.

[ASBR2] l2vpn enable

# Enable global LDP.

[ASBR2] mpls ldp

[ASBR2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 2), and enable LDP on the interface.

[ASBR2] interface ten-gigabitethernet 3/0/2

[ASBR2-Ten-GigabitEthernet3/0/2] ip address 22.2.2.3 24

[ASBR2-Ten-GigabitEthernet3/0/2] mpls enable

[ASBR2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[ASBR2-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to ASBR 1), and enable MPLS on the interface.

[ASBR2] interface ten-gigabitethernet 3/0/1

[ASBR2-Ten-GigabitEthernet3/0/1] ip address 26.2.2.3 24

[ASBR2-Ten-GigabitEthernet3/0/1] mpls enable

[ASBR2-Ten-GigabitEthernet3/0/1] quit

# Configure OSPF for LDP to create LSPs.

[ASBR2] ospf

[ASBR2-ospf-1] area 0

[ASBR2-ospf-1-area-0.0.0.0] network 22.2.2.3 0.0.0.255

[ASBR2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0

[ASBR2-ospf-1-area-0.0.0.0] quit

[ASBR2-ospf-1] quit

# Configure BGP to advertise labeled routes on ASBR 2.

[ASBR2] bgp 200

[ASBR2-bgp-default] peer 26.2.2.2 as-number 100

[ASBR2-bgp-default] address-family ipv4 unicast

[ASBR2-bgp-default-ipv4] import-route direct

[ASBR2-bgp-default-ipv4] peer 26.2.2.2 enable

[ASBR2-bgp-default-ipv4] peer 26.2.2.2 route-policy policy1 export

[ASBR2-bgp-default-ipv4] peer 26.2.2.2 label-route-capability

[ASBR2-bgp-default-ipv4] quit

[ASBR2-bgp-default] quit

[ASBR2] route-policy policy1 permit node 1

[ASBR2-route-policy-policy1-1] apply mpls-label

[ASBR2-route-policy-policy1-1] quit

# Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segment PW.

[ASBR2] xconnect-group vpn1

[ASBR2-xcg-vpn1] connection ldp

[ASBR2-xcg-vpn1-ldp] peer 192.2.2.2 pw-id 1000

[ASBR2-xcg-vpn1-ldp-192.2.2.2-1000] quit

[ASBR2-xcg-vpn1-ldp] peer 192.4.4.4 pw-id 1000

[ASBR2-xcg-vpn1-ldp-192.4.4.4-1000] quit

[ASBR2-xcg-vpn1-ldp] quit

[ASBR2-xcg-vpn1] quit

5. Configure PE 2:

# Configure an LSR ID.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 192.4.4.4 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 192.4.4.4

# Enable L2VPN.

[PE2] l2vpn enable

# Enable global LDP.

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to ASBR 2), and enable LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 22.2.2.1 24

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF for LDP to create LSPs.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 22.2.2.1 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE2] xconnect-group vpn1

[PE2-xcg-vpn1] connection ldp

[PE2-xcg-vpn1-ldp] ac interface ten-gigabitethernet 3/0/1

[PE2-xcg-vpn1-ldp-Ten-GigabitEthernet3/0/1] quit

# Create an LDP PW for the cross-connect to bind the AC to the PW.

[PE2-xcg-vpn1-ldp] peer 192.3.3.3 pw-id 1000

[PE2-xcg-vpn1-ldp-192.3.3.3-1000] quit

[PE2-xcg-vpn1-ldp] quit

[PE2-xcg-vpn1] quit

6. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that an LDP PW has been created on PE 1.

[PE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpn1

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.2.2.2 1000 1151/1279 LDP M Up

# Verify that two LDP PWs have been created to form a multi-segment PW on ASBR 1.

[ASBR1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 2

2 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpn1

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.1.1.1 1000 1279/1151 LDP M 0 Up

192.3.3.3 1000 1278/1151 LDP M 1 Up

# Verify that two LDP PWs have been created to form a multi-segment PW on ASBR 2.

[ASBR2] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 2

2 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpn1

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.2.2.2 1000 1151/1278 LDP M 0 Up

192.4.4.4 1000 1150/1279 LDP M 1 Up

# Verify that an LDP PW has been created on PE 2.

[PE2] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

N - no split horizon, A - administration, ABY – ac-bypass

PBY – pw-bypass

Total number of PWs: 1

1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpn1

Peer PWID/RmtSite/SrvID In/Out Label Proto Flag Link ID State

192.3.3.3 1000 1279/1150 LDP M 1 Up

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

VPLS configuration examples

Example: Configuring static PWs

Network configuration

Configure a VSI on each PE, and establish static PWs between the PEs to interconnect the CEs.

Figure 289 Network diagram

‌

Procedure

1. Configure PE 1:

# Configure an LSR ID.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.9

# Enable L2VPN.

[PE1] l2vpn enable

# Enable global LDP.

[PE1] mpls ldp

[PE1-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 2), and enable LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 20.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3 (the interface connected to PE 3), and enable LDP on the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip address 30.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/3] mpls enable

[PE1-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/3] quit

# Configure OSPF for LDP to create LSPs.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Create a VSI, specify the peer PEs, and establish static PWs to the peer PEs.

[PE1] vsi svc

[PE1-vsi-svc] pwsignaling static

[PE1-vsi-svc-static] peer 2.2.2.9 pw-id 3 in-label 100 out-label 100

[PE1-vsi-svc-static-2.2.2.9-3] quit

[PE1-vsi-svc-static] peer 3.3.3.9 pw-id 3 in-label 200 out-label 200

[PE1-vsi-svc-static-3.3.3.9-3] quit

[PE1-vsi-svc-static] quit

[PE1-vsi-svc] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI svc.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] xconnect vsi svc

[PE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 2:

# Configure an LSR ID.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.9 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 2.2.2.9

# Enable L2VPN.

[PE2] l2vpn enable

# Enable global LDP.

[PE2] mpls ldp

[PE2-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 1), and enable LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ip address 20.1.1.2 24

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3 (the interface connected to PE 3), and enable LDP on the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip address 40.1.1.2 24

[PE2-Ten-GigabitEthernet3/0/3] mpls enable

[PE2-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/3] quit

# Configure OSPF for LDP to create LSPs.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Create a VSI, specify the peer PEs, and establish static PWs to the peer PEs.

[PE2] vsi svc

[PE2-vsi-svc] pwsignaling static

[PE2-vsi-svc-static] peer 1.1.1.9 pw-id 3 in-label 100 out-label 100

[PE2-vsi-svc-static-1.1.1.9-3] quit

[PE2-vsi-svc-static] peer 3.3.3.9 pw-id 3 in-label 300 out-label 300

[PE2-vsi-svc-static-3.3.3.9-3] quit

[PE2-vsi-svc-static] quit

[PE2-vsi-svc] quit

# Bind interface Ten-GigabitEthernet 3/0/1 toVSI svc.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] xconnect vsi svc

[PE2-Ten-GigabitEthernet3/0/1] quit

3. Configure PE 3:

# Configure an LSR ID.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 3.3.3.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 3.3.3.9

# Enable L2VPN.

[PE3] l2vpn enable

# Enable global LDP.

[PE3] mpls ldp

[PE3-ldp] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 1), and enable LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ip address 30.1.1.3 24

[PE3-Ten-GigabitEthernet3/0/2] mpls enable

[PE3-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3 (the interface connected to PE 2), and enable LDP on the interface.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ip address 40.1.1.3 24

[PE3-Ten-GigabitEthernet3/0/3] mpls enable

[PE3-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE3-Ten-GigabitEthernet3/0/3] quit

# Configure OSPF for LDP to create LSPs.

[PE3] ospf

[PE3-ospf-1] area 0

[PE3-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

# Create a VSI, specify the peer PEs, and establish static PWs to the peer PEs.

[PE3] vsi svc

[PE3-vsi-svc] pwsignaling static

[PE3-vsi-svc-static] peer 1.1.1.9 pw-id 3 in-label 200 out-label 200

[PE3-vsi-svc-static-1.1.1.9-3] quit

[PE3-vsi-svc-static] peer 2.2.2.9 pw-id 3 in-label 300 out-label 300

[PE3-vsi-svc-static-2.2.2.9-3] quit

[PE3-vsi-svc-static] quit

[PE3-vsi-svc] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI svc.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] xconnect vsi svc

[PE3-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that two static PWs in up state have been established on PE 1.

[PE1] display l2vpn pw verbose

VSI Name: svc

Peer: 2.2.2.9 PW ID: 3

Signaling Protocol : Static

Link ID : 8 PW State : Up

In Label : 100 Out Label: 100

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x160000001

Tunnel NHLFE IDs : 1027

Admin PW : -

Peer: 3.3.3.9 PW ID: 3

Signaling Protocol : Static

Link ID : 9 PW State : Up

In Label : 200 Out Label: 200

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x260000002

Tunnel NHLFE IDs : 1028

Admin PW : -

Example: Configuring LDP PWs

Network configuration

Configure a VSI on each PE, and establish LDP PWs between the PEs to interconnect the CEs.

Figure 290 Network diagram

‌

Procedure

1. Configure an IGP and public tunnels. (Details not shown.)

2. Configure PE 1:

# Configure basic MPLS.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish PWs to PE 2 and PE 3.

[PE1] vsi aaa

[PE1-vsi-aaa] pwsignaling ldp

[PE1-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500

[PE1-vsi-aaa-ldp-2.2.2.9-500] quit

[PE1-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500

[PE1-vsi-aaa-ldp-3.3.3.9-500] quit

[PE1-vsi-aaa-ldp] quit

[PE1-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[PE1-Ten-GigabitEthernet3/0/1] quit

3. Configure PE 2:

# Configure basic MPLS.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.9 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 2.2.2.9

[PE2] mpls ldp

[PE2-ldp] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish PWs to PE 1 and PE 3.

[PE2] vsi aaa

[PE2-vsi-aaa] pwsignaling ldp

[PE2-vsi-aaa-ldp] peer 1.1.1.9 pw-id 500

[PE2-vsi-aaa-ldp-1.1.1.9-500] quit

[PE2-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500

[PE2-vsi-aaa-ldp-3.3.3.9-500] quit

[PE2-vsi-aaa-ldp] quit

[PE2-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

4. Configure PE 3:

# Configure basic MPLS.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 3.3.3.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 3.3.3.9

[PE3] mpls ldp

[PE3-ldp] quit

# Enable L2VPN.

[PE3] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish PWs to PE 1 and PE 2.

[PE3] vsi aaa

[PE3-vsi-aaa] pwsignaling ldp

[PE3-vsi-aaa-ldp] peer 1.1.1.9 pw-id 500

[PE3-vsi-aaa-ldp-1.1.1.9-500] quit

[PE3-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500

[PE3-vsi-aaa-ldp-2.2.2.9-500] quit

[PE3-vsi-aaa-ldp] quit

[PE3-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

Verifying the configuration

# Verify that two LDP PWs in up state have been established on PE 1.

[PE1] display l2vpn pw verbose

VSI Name: aaa

Peer: 2.2.2.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1279 Out Label: 1279

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x260000000

Tunnel NHLFE IDs : 1028

Admin PW : -

Peer: 3.3.3.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1278 Out Label: 1277

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x360000001

Tunnel NHLFE IDs : 1029

Admin PW : -

Example: Configuring BGP PWs

Network configuration

Configure a VSI on each PE, and establish BGP PWs between the PEs to interconnect CEs.

Figure 291 Network diagram

‌

Procedure

1. Configure an IGP and public tunnels. (Details not shown.)

2. Configure PE 1:

# Configure basic MPLS.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

# Establish IBGP connections to PE 2 and PE 3, and use BGP to advertise VPLS label block information.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.9 as-number 100

[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn

[PE1-bgp-default-l2vpn] peer 2.2.2.9 enable

[PE1-bgp-default-l2vpn] peer 3.3.3.9 enable

[PE1-bgp-default-l2vpn] quit

[PE1-bgp-default] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure VSI aaa to use BGP to establish BGP PWs to PE 2 and PE 3.

[PE1] vsi aaa

[PE1-vsi-aaa] auto-discovery bgp

[PE1-vsi-aaa-auto] route-distinguisher 1:1

[PE1-vsi-aaa-auto] vpn-target 1:1

[PE1-vsi-aaa-auto] signaling-protocol bgp

[PE1-vsi-aaa-auto-bgp] site 1 range 10 default-offset 0

[PE1-vsi-aaa-auto-bgp] quit

[PE1-vsi-aaa-auto] quit

[PE1-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[PE1-Ten-GigabitEthernet3/0/1] quit

3. Configure PE 2:

# Configure basic MPLS.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.9 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 2.2.2.9

[PE2] mpls ldp

[PE2-ldp] quit

# Establish IBGP connections to PE 1 and PE 3, and use BGP to advertise VPLS label block information.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] peer 3.3.3.9 as-number 100

[PE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn

[PE2-bgp-default-l2vpn] peer 1.1.1.9 enable

[PE2-bgp-default-l2vpn] peer 3.3.3.9 enable

[PE2-bgp-default-l2vpn] quit

[PE2-bgp-default] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure VSI aaa to use BGP to establish BGP PWs to PE 1 and PE 3.

[PE2] vsi aaa

[PE2-vsi-aaa] auto-discovery bgp

[PE2-vsi-aaa-auto] route-distinguisher 1:1

[PE2-vsi-aaa-auto] vpn-target 1:1

[PE2-vsi-aaa-auto] signaling-protocol bgp

[PE2-vsi-aaa-auto-bgp] site 2 range 10 default-offset 0

[PE2-vsi-aaa-auto-bgp] quit

[PE2-vsi-aaa-auto] quit

[PE2-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[PE2-Ten-GigabitEthernet3/0/1] quit

4. Configure PE 3:

# Configure basic MPLS.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 3.3.3.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 3.3.3.9

[PE3] mpls ldp

[PE3-ldp] quit

# Establish IBGP connections to PE 1 and PE 2, and use BGP to advertise VPLS label block information.

[PE3] bgp 100

[PE3-bgp-default] peer 1.1.1.9 as-number 100

[PE3-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE3-bgp-default] peer 2.2.2.9 as-number 100

[PE3-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE3-bgp-default] address-family l2vpn

[PE3-bgp-default-l2vpn] peer 1.1.1.9 enable

[PE3-bgp-default-l2vpn] peer 2.2.2.9 enable

[PE3-bgp-default-l2vpn] quit

[PE3-bgp-default] quit

# Enable L2VPN.

[PE3] l2vpn enable

# Configure VSI aaa to use BGP to establish BGP PWs to PE 1 and PE 2.

[PE3] vsi aaa

[PE3-vsi-aaa] auto-discovery bgp

[PE3-vsi-aaa-auto] route-distinguisher 1:1

[PE3-vsi-aaa-auto] vpn-target 1:1

[PE3-vsi-aaa-auto] signaling-protocol bgp

[PE3-vsi-aaa-auto-bgp] site 3 range 10 default-offset 0

[PE3-vsi-aaa-auto-bgp] quit

[PE3-vsi-aaa-auto] quit

[PE3-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[PE3-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that two BGP PWs in up state have been established on PE 1.

[PE1] display l2vpn pw verbose

VSI Name: aaa

Peer: 2.2.2.9 Remote Site: 2

Signaling Protocol : BGP

Link ID : 9 PW State : Up

In Label : 1295 Out Label: 1025

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x800000160000001

Tunnel NHLFE IDs : 1027

Admin PW : -

Peer: 3.3.3.9 Remote Site: 3

Signaling Protocol : BGP

Link ID : 10 PW State : Up

In Label : 1296 Out Label: 1025

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x800000060000000

Tunnel NHLFE IDs : 1026

Admin PW : -

# Display VPLS label block information received from PE 2 and PE 3 on PE 1.

[PE1] display l2vpn bgp verbose

VSI Name: aaa

Remote Site ID : 2

Offset : 0

RD : 1:1

PW State : Up

Encapsulation : BGP-VPLS

MTU : 1500

Nexthop : 2.2.2.9

Local VC Label : 1295

Remote VC Label : 1025

Local Control Word : Disabled

Remote Control Word: Disabled

Link ID : 9

Local Label Block : 1293/10/0

Remote Label Block : 1024/10/0

Local Flow Label : -

Reomote Flow Label : -

Export Route Target: 1:1

Remote Site ID : 3

Offset : 0

RD : 1:1

PW State : Up

Encapsulation : BGP-VPLS

MTU : 1500

Nexthop : 3.3.3.9

Local VC Label : 1296

Remote VC Label : 1025

Local Control Word : Disabled

Remote Control Word: Disabled

Link ID : 10

Local Label Block : 1293/10/0

Remote Label Block : 1024/10/0

Local Flow Label : -

Reomote Flow Label : -

Export Route Target: 1:1

Example: Configuring BGP auto-discovery LDP PWs

Network configuration

Configure a VSI on each PE. Use BGP to discover remote PEs and use LDP to create PWs among PEs so CEs in different sites of VPN 1 can communicate with each other.

Figure 292 Network diagram

‌

Procedure

1. Configure an IGP and public tunnels. (Details not shown.)

2. Configure PE 1:

# Configure basic MPLS.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

# Establish IBGP connections to PE 1 and PE 2, and use BGP to advertise VPLS PE information.

[PE1] bgp 100

[PE1-bgp-default] peer 2.2.2.9 as-number 100

[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn

[PE1-bgp-default-l2vpn] peer 2.2.2.9 enable

[PE1-bgp-default-l2vpn] peer 3.3.3.9 enable

[PE1-bgp-default-l2vpn] quit

[PE1-bgp-default] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure VSI aaa to use BGP to discover remote PEs and use LDP to establish LDP PWs to PE 2 and PE 3.

[PE1] vsi aaa

[PE1-vsi-aaa] auto-discovery bgp

[PE1-vsi-aaa-auto] route-distinguisher 1:1

[PE1-vsi-aaa-auto] vpn-target 1:1

[PE1-vsi-aaa-auto] signaling-protocol ldp

[PE1-vsi-aaa-auto-ldp] vpls-id 100:100

[PE1-vsi-aaa-auto-ldp] quit

[PE1-vsi-aaa-auto] quit

[PE1-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[PE1-Ten-GigabitEthernet3/0/1] quit

3. Configure PE 2:

# Configure basic MPLS.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.9 32

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 2.2.2.9

[PE2] mpls ldp

[PE2-ldp] quit

# Establish IBGP connections to PE 1 and PE 3, and use BGP to advertise VPLS PE information.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] peer 3.3.3.9 as-number 100

[PE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn

[PE2-bgp-default-l2vpn] peer 1.1.1.9 enable

[PE2-bgp-default-l2vpn] peer 3.3.3.9 enable

[PE2-bgp-default-l2vpn] quit

[PE2-bgp-default] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure VSI aaa to use BGP to discover remote PEs and use LDP to establish LDP PWs to PE 1 and PE 3.

[PE2] vsi aaa

[PE2-vsi-aaa] auto-discovery bgp

[PE2-vsi-aaa-auto] route-distinguisher 1:1

[PE2-vsi-aaa-auto] vpn-target 1:1

[PE2-vsi-aaa-auto] signaling-protocol ldp

[PE2-vsi-aaa-auto-ldp] vpls-id 100:100

[PE2-vsi-aaa-auto-ldp] quit

[PE2-vsi-aaa-auto] quit

[PE2-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[PE2-Ten-GigabitEthernet3/0/1] quit

4. Configure PE 3:

# Configure basic MPLS.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 3.3.3.9 32

[PE3-LoopBack0] quit

[PE3] mpls lsr-id 3.3.3.9

[PE3] mpls ldp

[PE3-ldp] quit

# Establish IBGP connections to PE 1 and PE 2, and use BGP to advertise VPLS PE information.

[PE3] bgp 100

[PE3-bgp-default] peer 1.1.1.9 as-number 100

[PE3-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE3-bgp-default] peer 2.2.2.9 as-number 100

[PE3-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[PE3-bgp-default] address-family l2vpn

[PE3-bgp-default-l2vpn] peer 1.1.1.9 enable

[PE3-bgp-default-l2vpn] peer 2.2.2.9 enable

[PE3-bgp-default-l2vpn] quit

[PE3-bgp-default] quit

# Enable L2VPN.

[PE3] l2vpn enable

# Configure VSI aaa to use BGP to discover remote PEs and use LDP to establish LDP PWs to PE 1 and PE 2.

[PE3] vsi aaa

[PE3-vsi-aaa] auto-discovery bgp

[PE3-vsi-aaa-auto] route-distinguisher 1:1

[PE3-vsi-aaa-auto] vpn-target 1:1

[PE3-vsi-aaa-auto] signaling-protocol ldp

[PE3-vsi-aaa-auto-ldp] vpls-id 100:100

[PE3-vsi-aaa-auto-ldp] quit

[PE3-vsi-aaa-auto] quit

[PE3-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[PE3-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that two PWs in up state have been established on PE 1.

[PE1] display l2vpn pw verbose

VSI Name: aaa

Peer: 2.2.2.9 VPLS ID: 100:100

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1555 Out Label: 1555

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x800000060000000

Tunnel NHLFE IDs : 1029

Admin PW : -

Peer: 3.3.3.9 VPLS ID: 100:100

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1554 Out Label: 1416

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x800000160000001

Tunnel NHLFE IDs : 1030

Admin PW : -

# Display LDP PW label information on PE 1.

[PE1] display l2vpn ldp verbose

Peer: 2.2.2.9 VPLS ID: 100:100

VSI Name: aaa

PW State: Up

PW Status Communication: Notification method

PW ID FEC (Local/Remote):

Local AII : (1.1.1.9, 2.2.2.9)

Remote AII : (2.2.2.9, 1.1.1.9)

PW Type : VLAN/VLAN

Group ID : 0/0

Label : 1555/1555

Control Word: Disabled/Disabled

VCCV CV Type: -/-

VCCV CC Type: -/-

Flow Label : -/-

MTU : 1500/1500

PW Status : PW forwarding/PW forwarding

Peer: 3.3.3.9 VPLS ID: 100:100

VSI Name: aaa

PW State: Up

PW Status Communication: Notification method

PW ID FEC (Local/Remote):

Local AII : (1.1.1.9, 3.3.3.9)

Remote AII : (3.3.3.9, 1.1.1.9)

PW Type : VLAN/VLAN

Group ID : 0/0

Label : 1554/1416

Control Word: Disabled/Disabled

VCCV CV Type: -/-

VCCV CC Type: -/-

Flow Label : -/-

MTU : 1500/1500

PW Status : PW forwarding/PW forwarding

Example: Configuring H-VPLS using MPLS access

Network configuration

Configure an H-VPLS network using MPLS access to avoid full-mesh PW configuration. The H-VPLS uses LDP as the PW signaling protocol.

Figure 293 Network diagram

‌

Procedure

1. Configure an IGP and public tunnels. (Details not shown.)

2. Configure UPE:

# Configure basic MPLS.

<UPE> system-view

[UPE] interface loopback 0

[UPE-LoopBack0] ip address 1.1.1.9 32

[UPE-LoopBack0] quit

[UPE] mpls lsr-id 1.1.1.9

[UPE] mpls ldp

[UPE-ldp] quit

# Enable L2VPN.

[UPE] l2vpn enable

# Configure VSI aaa to use LDP to establish a U-PW to NPE 1.

[UPE] vsi aaa

[UPE-vsi-aaa] pwsignaling ldp

[UPE-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500

[UPE-vsi-aaa-ldp-2.2.2.9-500] quit

[UPE-vsi-aaa-ldp] quit

[UPE-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[UPE] interface ten-gigabitethernet 3/0/1

[UPE-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[UPE-Ten-GigabitEthernet3/0/1] quit

3. Configure NPE 1:

# Configure basic MPLS.

<NPE1> system-view

[NPE1] interface loopback 0

[NPE1-LoopBack0] ip address 2.2.2.9 32

[NPE1-LoopBack0] quit

[NPE1] mpls lsr-id 2.2.2.9

[NPE1] mpls ldp

[NPE1–ldp] quit

# Enable L2VPN.

[NPE1] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, establish a U-PW to the UPE, and establish N-PWs to NPE 2 and NPE 3.

[NPE1] vsi aaa

[NPE1-vsi-aaa] pwsignaling ldp

[NPE1-vsi-aaa-ldp] peer 1.1.1.9 pw-id 500 no-split-horizon

[NPE1-vsi-aaa-ldp-1.1.1.9-500] quit

[NPE1-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500

[NPE1-vsi-aaa-ldp-3.3.3.9-500] quit

[NPE1-vsi-aaa-ldp] peer 4.4.4.9 pw-id 500

[NPE1-vsi-aaa-ldp-4.4.4.9-500] quit

[NPE1-vsi-aaa-ldp] quit

[NPE1-vsi-aaa] quit

4. Configure NPE 2:

# Configure basic MPLS.

<NPE2> system-view

[NPE2] interface loopback 0

[NPE2-LoopBack0] ip address 3.3.3.9 32

[NPE2-LoopBack0] quit

[NPE2] mpls lsr-id 3.3.3.9

[NPE2] mpls ldp

[NPE2–ldp] quit

# Enable L2VPN.

[NPE2] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish N-PWs to NPE 1 and NPE 3.

[NPE2] vsi aaa

[NPE2-vsi-aaa] pwsignal ldp

[NPE2-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500

[NPE2-vsi-aaa-ldp-2.2.2.9-500] quit

[NPE2-vsi-aaa-ldp] peer 4.4.4.9 pw-id 500

[NPE2-vsi-aaa-ldp-4.4.4.9-500] quit

[NPE2-vsi-aaa-ldp] quit

[NPE2-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[NPE2] interface ten-gigabitethernet 3/0/1

[NPE2-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[NPE2-Ten-GigabitEthernet3/0/1] quit

5. Configure NPE 3:

# Configure basic MPLS.

<NPE3> system-view

[NPE3] interface loopback 0

[NPE3-LoopBack0] ip address 4.4.4.9 32

[NPE3-LoopBack0] quit

[NPE3] mpls lsr-id 4.4.4.9

[NPE3] mpls ldp

[NPE3–ldp] quit

# Enable L2VPN.

[NPE3] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish N-PWs to NPE 1 and NPE 2.

[NPE3] vsi aaa

[NPE3-vsi-aaa] pwsignal ldp

[NPE3-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500

[NPE3-vsi-aaa-ldp-2.2.2.9-500] quit

[NPE3-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500

[NPE3-vsi-aaa-ldp-3.3.3.9-500] quit

[NPE3-vsi-aaa-ldp] quit

[NPE3-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[NPE3] interface ten-gigabitethernet 3/0/1

[NPE3-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[NPE3-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that PWs in up state have been established on each PE.

[UPE] display l2vpn pw verbose

VSI Name: aaa

Peer: 2.2.2.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1277 Out Label: 1277

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x460000000

Tunnel NHLFE IDs : 1030

Admin PW : -

[NPE1] display l2vpn pw verbose

VSI Name: aaa

Peer: 1.1.1.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1277 Out Label: 1277

MTU : 1500

PW Attributes : Main, No-split-horizon

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x460000000

Tunnel NHLFE IDs : 1030

Admin PW : -

Peer: 3.3.3.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1276 Out Label: 1275

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x560000001

Tunnel NHLFE IDs : 1031

Admin PW : -

Peer: 4.4.4.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 10 PW State : Up

In Label : 1278 Out Label: 1279

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x570000001

Tunnel NHLFE IDs : 1032

Admin PW : -

[NPE2] display l2vpn pw verbose

VSI Name: aaa

Peer: 2.2.2.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1275 Out Label: 1276

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x660000000

Tunnel NHLFE IDs : 1031

Admin PW : -

Peer: 4.4.4.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1277 Out Label: 1277

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x670000000

Tunnel NHLFE IDs : 1032

Admin PW : -

[NPE3] display l2vpn pw verbose

VSI Name: aaa

Peer: 2.2.2.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1279 Out Label: 1278

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x660000000

Tunnel NHLFE IDs : 1031

Admin PW : -

Peer: 3.3.3.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1277 Out Label: 1277

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x670000000

Tunnel NHLFE IDs : 1032

Admin PW : -

Example: Configuring hub-spoke VPLS

Network configuration

Configure a hub-spoke VPLS network to centralize management of the traffic from each site. The VPLS uses LDP as the PW signaling protocol.

Figure 294 Network diagram

‌

Procedure

1. Configure an IGP and public tunnels. (Details not shown.)

2. Configure Spoke-PE 1:

# Configure basic MPLS.

<Spoke-PE1> system-view

[Spoke-PE1] interface loopback 0

[Spoke-PE1-LoopBack0] ip address 1.1.1.9 32

[Spoke-PE1-LoopBack0] quit

[Spoke-PE1] mpls lsr-id 1.1.1.9

[Spoke-PE1] mpls ldp

[Spoke-PE1-ldp] quit

# Enable L2VPN.

[Spoke-PE1] l2vpn enable

# Create VSI aaa, enable hub-spoke capability for the VSI, specify the PW signaling protocol as LDP, establish a PW to Hub-PE, and specify the PW as the hub link.

[Spoke-PE1] vsi aaa hub-spoke

[Spoke-PE1-vsi-aaa] pwsignaling ldp

[Spoke-PE1-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500 hub

[Spoke-PE1-vsi-aaa-ldp-3.3.3.9-500] quit

[Spoke-PE1-vsi-aaa-ldp] quit

[Spoke-PE1-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[Spoke-PE1] interface ten-gigabitethernet 3/0/1

[Spoke-PE1-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[Spoke-PE1-Ten-GigabitEthernet3/0/1] quit

3. Configure Spoke-PE 2:

# Configure basic MPLS.

<Spoke-PE2> system-view

[Spoke-PE2] interface loopback 0

[Spoke-PE2-LoopBack0] ip address 2.2.2.9 32

[Spoke-PE2-LoopBack0] quit

[Spoke-PE2] mpls lsr-id 2.2.2.9

[Spoke-PE2] mpls ldp

[Spoke-PE2–ldp] quit

# Enable L2VPN.

[Spoke-PE2] l2vpn enable

# Create VSI aaa, enable hub-spoke capability for the VSI, specify the PW signaling protocol as LDP, establish a PW to Hub-PE, and specify the PW as the hub link.

[Spoke-PE2] vsi aaa hub-spoke

[Spoke-PE2-vsi-aaa] pwsignaling ldp

[Spoke-PE2-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500 hub

[Spoke-PE2-vsi-aaa-ldp-3.3.3.9-500] quit

[Spoke-PE2-vsi-aaa-ldp] quit

[Spoke-PE2-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[Spoke-PE2] interface ten-gigabitethernet 3/0/1

[Spoke-PE2-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[Spoke-PE2-Ten-GigabitEthernet3/0/1] quit

4. Configure Hub-PE:

# Configure basic MPLS.

<Hub-PE> system-view

[Hub-PE] interface loopback 0

[Hub-PE-LoopBack0] ip address 3.3.3.9 32

[Hub-PE-LoopBack0] quit

[Hub-PE] mpls lsr-id 3.3.3.9

[Hub-PE] mpls ldp

[Hub-PE–ldp] quit

# Enable L2VPN.

[Hub-PE] l2vpn enable

# Create VSI aaa, enable hub-spoke capability for the VSI, specify the PW signaling protocol as LDP, and establish PWs to Spoke-PE 1 and Spoke-PE 2.

[Hub-PE] vsi aaa hub-spoke

[Hub-PE-vsi-aaa] pwsignaling ldp

[Hub-PE-vsi-aaa-ldp] peer 1.1.1.9 pw-id 500

[Hub-PE-vsi-aaa-ldp-1.1.1.9-500] quit

[Hub-PE-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500

[Hub-PE-vsi-aaa-ldp-2.2.2.9-500] quit

[Hub-PE-vsi-aaa-ldp] quit

[Hub-PE-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa, and specify the AC connected to the CE as a hub link.

[Hub-PE] interface ten-gigabitethernet 3/0/1

[Hub-PE-Ten-GigabitEthernet3/0/1] xconnect vsi aaa hub

[Hub-PE-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that PWs in up state have been established on each PE.

[Spoke-PE1] display l2vpn pw verbose

VSI Name: aaa

Peer: 3.3.3.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1276 Out Label: 1274

MTU : 1500

PW Attributes : Main, Hub link

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x560000000

Tunnel NHLFE IDs : 1031

Admin PW : -

[Spoke-PE2] display l2vpn pw verbose

VSI Name: aaa

Peer: 3.3.3.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1275 Out Label: 1273

MTU : 1500

PW Attributes : Main, Hub link

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x660000000

Tunnel NHLFE IDs : 1032

Admin PW : -

[Hub-PE] display l2vpn pw verbose

VSI Name: aaa

Peer: 1.1.1.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1274 Out Label: 1276

MTU : 1500

PW Attributes : Main, Spoke link

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x760000000

Tunnel NHLFE IDs : 1032

Admin PW : -

Peer: 2.2.2.9 PW ID: 500

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1273 Out Label: 1275

MTU : 1500

PW Attributes : Main, Spoke link

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x860000001

Tunnel NHLFE IDs : 1033

Admin PW : -

Example: Configuring H-VPLS UPE dual homing

Network configuration

To improve reliability of the H-VPLS network, the UPE establishes a U-PW with NPE 1 and NPE 2. The U-PW between UPE and NPE 1 is the primary PW and that between UPE and NPE 2 is the backup PW. The backup PW works only when the primary PW fails.

The H-VPLS uses LDP as the PW signaling protocol.

Figure 295 Network diagram

‌

Procedure

1. Configure an IGP and public tunnels. (Details not shown.)

2. Configure UPE:

# Configure basic MPLS.

<UPE> system-view

[UPE] interface loopback 0

[UPE-LoopBack0] ip address 1.1.1.1 32

[UPE-LoopBack0] quit

[UPE] mpls lsr-id 1.1.1.1

[UPE] mpls ldp

[UPE-ldp] quit

# Enable L2VPN.

[UPE] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish the primary PW to NPE 1 and the backup PW to NPE 2.

[UPE] vsi aaa

[UPE-vsi-aaa] pwsignaling ldp

[UPE-vsi-aaa-ldp] peer 2.2.2.2 pw-id 500

[UPE-vsi-aaa-ldp-2.2.2.2-500] backup-peer 3.3.3.3 pw-id 500

[UPE-vsi-aaa-ldp-2.2.2.2-500-backup] quit

[UPE-vsi-aaa-ldp-2.2.2.2-500] quit

[UPE-vsi-aaa-ldp] quit

[UPE-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[UPE] interface ten-gigabitethernet 3/0/1

[UPE-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[UPE-Ten-GigabitEthernet3/0/1] quit

# Bind interface Ten-GigabitEthernet 3/0/2 to VSI aaa.

[UPE] interface ten-gigabitethernet 3/0/2

[UPE-Ten-GigabitEthernet3/0/2] xconnect vsi aaa

[UPE-Ten-GigabitEthernet3/0/2] quit

3. Configure NPE 1:

# Configure basic MPLS.

<NPE1> system-view

[NPE1] interface loopback 0

[NPE1-LoopBack0] ip address 2.2.2.2 32

[NPE1-LoopBack0] quit

[NPE1] mpls lsr-id 2.2.2.2

[NPE1] mpls ldp

[NPE1–ldp] quit

# Enable L2VPN.

[NPE1] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish PWs to UPE, NPE 2, and NPE 3.

[NPE1] vsi aaa

[NPE1-vsi-aaa] pwsignaling ldp

[NPE1-vsi-aaa-ldp] peer 1.1.1.1 pw-id 500 no-split-horizon

[NPE1-vsi-aaa-ldp-1.1.1.1-500] quit

[NPE1-vsi-aaa-ldp] peer 3.3.3.3 pw-id 500

[NPE1-vsi-aaa-ldp-3.3.3.3-500] quit

[NPE1-vsi-aaa-ldp] peer 4.4.4.4 pw-id 500

[NPE1-vsi-aaa-ldp-4.4.4.4-500] quit

[NPE1-vsi-aaa-ldp] quit

[NPE1-vsi-aaa] quit

4. Configure NPE 2:

# Configure basic MPLS.

<NPE2> system-view

[NPE2] interface loopback 0

[NPE2-LoopBack0] ip address 3.3.3.3 32

[NPE2-LoopBack0] quit

[NPE2] mpls lsr-id 3.3.3.3

[NPE2] mpls ldp

[NPE2–ldp] quit

# Enable L2VPN.

[NPE2] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish PWs to UPE, NPE 1, and NPE 3.

[NPE2] vsi aaa

[NPE2-vsi-aaa] pwsignaling ldp

[NPE2-vsi-aaa-ldp] peer 1.1.1.1 pw-id 500 no-split-horizon

[NPE2-vsi-aaa-ldp-1.1.1.1-500] quit

[NPE2-vsi-aaa-ldp] peer 2.2.2.2 pw-id 500

[NPE2-vsi-aaa-ldp-2.2.2.2-500] quit

[NPE2-vsi-aaa-ldp] peer 4.4.4.4 pw-id 500

[NPE2-vsi-aaa-ldp-4.4.4.4-500] quit

[NPE2-vsi-aaa-ldp] quit

[NPE2-vsi-aaa] quit

5. Configure NPE 3:

# Configure basic MPLS.

<NPE3> system-view

[NPE3] interface loopback 0

[NPE3-LoopBack0] ip address 4.4.4.4 32

[NPE3-LoopBack0] quit

[NPE3] mpls lsr-id 4.4.4.4

[NPE3] mpls ldp

[NPE3–ldp] quit

# Enable L2VPN.

[NPE3] l2vpn enable

# Configure VSI aaa that uses LDP as the PW signaling protocol, and establish PWs to NPE 1 and NPE 2.

[NPE3] vsi aaa

[NPE3-vsi-aaa] pwsignaling ldp

[NPE3-vsi-aaa-ldp] peer 2.2.2.2 pw-id 500

[NPE3-vsi-aaa-ldp-2.2.2.2-500] quit

[NPE3-vsi-aaa-ldp] peer 3.3.3.3 pw-id 500

[NPE3-vsi-aaa-ldp-3.3.3.3-500] quit

[NPE3-vsi-aaa-ldp] quit

[NPE3-vsi-aaa] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VSI aaa.

[NPE3] interface ten-gigabitethernet 3/0/1

[NPE3-Ten-GigabitEthernet3/0/1] xconnect vsi aaa

[NPE3-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that PWs in up state have been established on each PE.

[UPE] display l2vpn pw verbose

VSI Name: aaa

Peer: 2.2.2.2 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1151 Out Label: 1279

Wait to Restore Time: 0 sec

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x260000002

Tunnel NHLFE IDs : 1027

Admin PW : -

Peer: 3.3.3.3 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Blocked

In Label : 1150 Out Label: 1279

MTU : 1500

PW Attributes : Backup

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x360000003

Tunnel NHLFE IDs : 1025

Admin PW : -

[NPE1] display l2vpn pw verbose

VSI Name: aaa

Peer: 1.1.1.1 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1279 Out Label: 1151

MTU : 1500

PW Attributes : Main, No-split-horizon

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x60000000

Tunnel NHLFE IDs : 1026

Admin PW : -

Peer: 3.3.3.3 PW ID: 500

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1280 Out Label: 1290

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x160000005

Tunnel NHLFE IDs : 1027

Admin PW : -

Peer: 4.4.4.4 PW ID: 500

Signaling Protocol : LDP

Link ID : 10 PW State : Up

In Label : 1278 Out Label: 1279

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x160000001

Tunnel NHLFE IDs : 1028

Admin PW : -

[NPE2] display l2vpn pw verbose

VSI Name: aaa

Peer: 1.1.1.1 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1279 Out Label: 1150

MTU : 1500

PW Attributes : Main, No-split-horizon

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x60000000

Tunnel NHLFE IDs : 1026

Admin PW : -

Peer: 2.2.2.2 PW ID: 500

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1290 Out Label: 1280

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x160000008

Tunnel NHLFE IDs : 1027

Admin PW : -

Peer: 4.4.4.4 PW ID: 500

Signaling Protocol : LDP

Link ID : 10 PW State : Up

In Label : 1278 Out Label: 1278

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x160000001

Tunnel NHLFE IDs : 1028

Admin PW : -

[NPE3] display l2vpn pw verbose

VSI Name: aaa

Peer: 2.2.2.2 PW ID: 500

Signaling Protocol : LDP

Link ID : 8 PW State : Up

In Label : 1279 Out Label: 1278

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x60000000

Tunnel NHLFE IDs : 1026

Admin PW : -

Peer: 3.3.3.3 PW ID: 500

Signaling Protocol : LDP

Link ID : 9 PW State : Up

In Label : 1278 Out Label: 1278

MTU : 1500

PW Attributes : Main

VCCV CC : -

VCCV BFD : -

Flow Label : -

Control Word : Disabled

Tunnel Group ID : 0x160000001

Tunnel NHLFE IDs : 1027

Admin PW : -

Improved L2VPN access to L3VPN or IP backbone configuration examples

Example: Configuring access to MPLS L3VPN through an LDP MPLS L2VPN

The MPLS L2VPN in this configuration example is a point-to-point MPLS L2VPN.

Network configuration

The backbone is an MPLS L3VPN, which advertises VPN routes through BGP and forwards VPN packets based on MPLS labels. CE 1 and CE 2 belong to VPN 1 whose route target is 111:1 and RD is 200:1. CE 1 accesses the MPLS L2VPN through an Ethernet interface, and CE 2 is connected to the MPLS L3VPN through an Ethernet interface.

Perform the following configurations to allow communication between CE 1 and CE 2:

· Set up an LDP PW between PE 1 and PE-agg, so that CE 1 can access the MPLS L3VPN through MPLS L2VPN.

· Run EBGP between CE 1 and PE-agg and between CE 2 and PE 2 to exchange VPN routing information.

· Run IS-IS between PE-agg and PE 2 to ensure IP connectivity between the PEs, and run MP-IBGP between PE-agg and PE 2 to exchange VPN routing information.

· Run OSPF among PE 1, P, and PE-agg to ensure IP connectivity between the PEs.

Figure 296 Network diagram

‌

Table 113 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	PE-agg	Loop0	3.3.3.9/32
PE 1	Loop0	1.1.1.9/32		XGE3/0/1	10.2.2.2/24
	XGE3/0/2	10.2.1.1/24		XGE3/0/2	10.3.3.1/24
P	Loop0	2.2.2.9/32		VE-L3VPN1	100.1.1.2/24
	XGE3/0/2	10.2.1.2/24	PE 2	Loop0	4.4.4.9/32
	XGE3/0/1	10.2.2.1/24		XGE3/0/2	10.3.3.2/24
CE 2	XGE3/0/1	100.2.1.2/24		XGE3/0/1	100.2.1.1/24

‌

Procedure

1. Configure IP addresses for interfaces as shown in Table 113. (Details not shown.)

2. Create VE-L2VPN 1 and VE-L3VPN 1 on PE-agg:

# Create interface VE-L2VPN 1.

<PEagg> system-view

[PEagg] interface ve-l2vpn 1

[PEagg-VE-L2VPN1] quit

# Create interface VE-L3VPN 1.

[PEagg] interface ve-l3vpn 1

[PEagg-VE-L3VPN1] quit

3. Configure MPLS L2VPN:

a. Configure OSPF on PE 1, P, and PE-agg, and advertise interface addresses:

# Configure PE 1.

<PE1> system-view

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure the P device.

system-view

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

# Configure PE-agg.

[PEagg] ospf

[PEagg-ospf-1] area 0

[PEagg-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PEagg-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255

[PEagg-ospf-1-area-0.0.0.0] quit

[PEagg-ospf-1] quit

b. Configure basic MPLS and MPLS LDP on PE 1, P, and PE-agg:

# Configure PE 1.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] lsp-trigger all

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure the P device.

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] lsp-trigger all

[P-ldp] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure PE-agg.

[PEagg] mpls lsr-id 3.3.3.9

[PEagg] mpls ldp

[PEagg-ldp] lsp-trigger all

[PEagg-ldp] quit

[PEagg] interface ten-gigabitethernet 3/0/1

[PEagg-Ten-GigabitEthernet3/0/1] mpls enable

[PEagg-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PEagg-Ten-GigabitEthernet3/0/1] quit

c. Enable L2VPN on PE 1 and PE-agg:

# Configure PE 1.

[PE1] l2vpn enable

# Configure PE-agg.

[PEagg] l2vpn enable

d. Bind the AC to the PW on PE 1 and PE-agg:

# Create cross-connect group 1 on PE 1, create cross-connect 1 in cross-connect group 1, bind interface Ten-GigabitEthernet3/0/1 to cross-connect 1, and create an LDP PW on cross-connect 1 to bind the AC to the PW.

[PE1] xconnect-group 1

[PE1-xcg-1] connection 1

[PE1-xcg-1-1] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-1-1-Ten-GigabitEthernet3/0/1] quit

[PE1-xcg-1-1] peer 3.3.3.9 pw-id 101

[PE1-xcg-1-1-3.3.3.9-101] quit

# Create cross-connect group 1 on PE-agg, create cross-connect 1 in cross-connect group 1, bind interface VE-L2VPN 1 to cross-connect 1, and create an LDP PW on cross-connect 1 to bind the AC to the PW.

[PEagg] xconnect-group 1

[PEagg-xcg-1] connection 1

[PEagg-xcg-1-1] ac interface ve-l2vpn 1

[PEagg-xcg-1-1-VE-L2VPN1] quit

[PEagg-xcg-1-1] peer 1.1.1.9 pw-id 101

[PEagg-xcg-1-1-1.1.1.9-101] quit

4. Configure MPLS L3VPN:

a. Configure IS-IS on PE 2 and PE-agg, and advertise interface addresses:

# Configure PE-agg.

[PEagg] isis 1

[PEagg-isis-1] network-entity 10.0000.0000.0001.00

[PEagg-isis-1] quit

[PEagg] interface ten-gigabitethernet 3/0/2

[PEagg-Ten-GigabitEthernet3/0/2] isis enable 1

[PEagg-Ten-GigabitEthernet3/0/2] quit

[PEagg] interface loopback 0

[PEagg-LoopBack0] isis enable 1

[PEagg-LoopBack0] quit

# Configure PE 2.

[PE2] isis 1

[PE2-isis-1] network-entity 10.0000.0000.0002.00

[PE2-isis-1] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] isis enable 1

[PE2-Ten-GigabitEthernet3/0/2] quit

[PE2] interface loopback 0

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

b. Configure basic MPLS and MPLS LDP on PE-agg and PE 2:

# Configure PE-agg.

[PEagg] interface ten-gigabitethernet 3/0/2

[PEagg-Ten-GigabitEthernet3/0/2] mpls enable

[PEagg-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PEagg-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2.

[PE2] mpls lsr-id 4.4.4.9

[PE2] mpls ldp

[PE2-ldp] lsp-trigger all

[PE2-ldp] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/2] quit

c. On PE-agg and PE 2, create VPN instance VPN1, and bind the VPN instance to the interface connected to the CE:

# Configure PE-agg.

[PEagg] ip vpn-instance VPN1

[PEagg-vpn-instance-VPN1] route-distinguisher 200:1

[PEagg-vpn-instance-VPN1] vpn-target 111:1 both

[PEagg-vpn-instance-VPN1] quit

[PEagg] interface ve-l3vpn 1

[PEagg-VE-L3VPN1] ip binding vpn-instance VPN1

[PEagg-VE-L3VPN1] ip address 100.1.1.2 24

# Configure PE 2.

[PE2] ip vpn-instance VPN1

[PE2-vpn-instance-VPN1] route-distinguisher 200:1

[PE2-vpn-instance-VPN1] vpn-target 111:1 both

[PE2-vpn-instance-VPN1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance VPN1

[PE2-Ten-GigabitEthernet3/0/1] ip address 100.2.1.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

d. Establish EBGP peer relationships between PEs and CEs to redistribute VPN routes:

# Configure CE 1 and specify PE-agg as the peer.

<CE1> system-view

[CE1] bgp 65010

[CE1-bgp] peer 100.1.1.2 as-number 100

[CE1-bgp] address-family ipv4

[CE1-bgp-ipv4] peer 100.1.1.2 enable

[CE1-bgp-ipv4] import-route direct

[CE1-bgp-ipv4] quit

[CE1-bgp] quit

# Configure PE-agg and specify CE 1 as the peer.

[PEagg] bgp 100

[PEagg-bgp] ip vpn-instance VPN1

[PEagg-bgp-VPN1] peer 100.1.1.1 as-number 65010

[PEagg-bgp-VPN1] address-family ipv4

[PEagg-bgp-ipv4-VPN1] peer 100.1.1.1 enable

[PEagg-bgp-ipv4-VPN1] import-route direct

[PEagg-bgp-ipv4-VPN1] quit

[PEagg-bgp-VPN1] quit

[PEagg-bgp] quit

# Configure CE 2 and specify PE 2 as the peer.

[CE2] bgp 65020

[CE2-bgp] peer 100.2.1.1 as-number 100

[CE2-bgp] address-family ipv4

[CE2-bgp-ipv4] peer 100.2.1.1 enable

[CE2-bgp-ipv4] import-route direct

[CE2-bgp-ipv4] quit

[CE2-bgp] quit

# Configure PE 2 and specify CE 2 as the peer.

[PE2] bgp 100

[PE2-bgp] ip vpn-instance VPN1

[PE2-bgp-VPN1] peer 100.2.1.2 as-number 65020

[PE2-bgp-VPN1] address-family ipv4

[PE2-bgp-ipv4-VPN1] peer 100.2.1.2 enable

[PE2-bgp-ipv4-VPN1] import-route direct

[PE2-bgp-ipv4-VPN1] quit

[PE2-bgp-VPN1] quit

[PE2-bgp] quit

e. Establish an MP-IBGP peer relationship between PE-agg and PE 2:

# Configure PE-agg.

[PEagg] bgp 100

[PEagg-bgp] peer 4.4.4.9 as-number 100

[PEagg-bgp] peer 4.4.4.9 connect-interface loopback 0

[PEagg-bgp] address-family vpnv4

[PEagg-bgp-vpnv4] peer 4.4.4.9 enable

[PEagg-bgp-vpnv4] quit

[PEagg-bgp] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp] peer 3.3.3.9 as-number 100

[PE2-bgp] peer 3.3.3.9 connect-interface loopback 0

[PE2-bgp] address-family vpnv4

[PE2-bgp-vpnv4] peer 3.3.3.9 enable

[PE2-bgp-vpnv4] quit

[PE2-bgp] quit

5. The default MTU value varies by interface type. To avoid packet fragmentation, set the MTU value for each interface on each device to 1500 bytes. The following shows the MTU configuration on PE 1.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] mtu 1500

[PE1-Ten-GigabitEthernet3/0/2] shutdown

[PE1-Ten-GigabitEthernet3/0/2] undo shutdown

Verifying the configuration

# Ping CE 2 from CE 1 to verify their connectivity.

<CE1> ping 100.2.1.2

Ping 100.2.1.2 (100.2.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 100.2.1.2: icmp_seq=0 ttl=128 time=1.073 ms

56 bytes from 100.2.1.2: icmp_seq=1 ttl=128 time=1.428 ms

56 bytes from 100.2.1.2: icmp_seq=2 ttl=128 time=19.367 ms

56 bytes from 100.2.1.2: icmp_seq=3 ttl=128 time=1.013 ms

56 bytes from 100.2.1.2: icmp_seq=4 ttl=128 time=0.684 ms

--- Ping statistics for 100.2.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.684/4.713/19.367/7.331 ms

Example: Configuring access to IP backbone through an LDP VPLS

Network configuration

Create an LDP PW between PE 1 and PE-agg on the VPLS access network, so that CE 1 can access the IP backbone through the PW.

Configure OSPF process 2 to advertise routing information on the IP backbone.

Figure 297 Network diagram

‌

Table 114 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	PE-agg	Loop0	3.3.3.9/32
PE 1	Loop0	1.1.1.9/32		XGE3/0/1	10.2.2.2/24
	XGE3/0/2	10.2.1.1/24		XGE3/0/2	10.3.3.1/24
P	Loop0	2.2.2.9/32		VE-L3VPN1	100.1.1.2/24
	XGE3/0/1	10.2.1.2/24	PE 2	XGE3/0/2	10.3.3.2/24
	XGE3/0/2	10.2.2.1/24		XGE3/0/1	100.2.1.1/24
CE 2	XGE3/0/1	100.2.1.2/24

‌

Procedure

1. Configure IP addresses for interfaces as shown in Table 114. (Details not shown.)

2. Create VE-L2VPN 1 and VE-L3VPN 1 on PE-agg:

# Create VE-L2VPN 1.

<PEagg> system-view

[PEagg] interface ve-l2vpn 1

[PEagg-VE-L2VPN1] quit

# Create VE-L3VPN 1, and configure an IP address for the interface.

[PEagg] interface ve-l3vpn 1

[PEagg-VE-L3VPN1] ip address 100.1.1.2 24

[PEagg-VE-L3VPN1] quit

3. Configure MPLS L2VPN:

a. Configure OSPF on PE 1, P, and PE-agg, and advertise interface addresses:

# Configure PE 1.

<PE1> system-view

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure the P device.

system-view

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

# Configure PE-agg.

[PEagg] ospf

[PEagg-ospf-1] area 0

[PEagg-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PEagg-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255

[PEagg-ospf-1-area-0.0.0.0] quit

[PEagg-ospf-1] quit

b. Configure basic MPLS and MPLS LDP on PE 1, P, and PE-agg:

# Configure PE 1.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] lsp-trigger all

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure the P device.

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] lsp-trigger all

[P-ldp] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface Ten-GigabitEthernet3/0/2

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure PE-agg.

[PEagg] mpls lsr-id 3.3.3.9

[PEagg] mpls ldp

[PEagg-ldp] lsp-trigger all

[PEagg-ldp] quit

[PEagg] interface ten-gigabitethernet 3/0/1

[PEagg-Ten-GigabitEthernet3/0/1] mpls enable

[PEagg-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PEagg-Ten-GigabitEthernet3/0/1] quit

c. Enable L2VPN on PE 1 and PE-agg:

# Configure PE 1.

[PE1] l2vpn enable

# Configure PE-agg.

[PEagg] l2vpn enable

d. Create VSIs on PE 1 and PE-agg:

# On PE 1, create VSI vpna, and specify the PW signaling protocol for the VSI as LDP.

[PE1] vsi vpna

[PE1-vsi-vpna] pwsignaling ldp

# On PE 1, create LDP PW 500 to the peer PE 3.3.3.9.

[PE1-vsi-vpna-ldp] peer 3.3.3.9 pw-id 500

[PE1-vsi-vpna-ldp-3.3.3.9-500] quit

[PE1-vsi-vpna-ldp] quit

[PE1-vsi-vpna] quit

# On PE-agg, create VSI vpna, and specify the PW signaling protocol for the VSI as LDP.

[PEagg] vsi vpna

[PEagg-vsi-vpna] pwsignaling ldp

# On PE-agg, create an LDP PW: specify the peer PE address as 1.1.1.9, and set the PW ID to 500.

[PEagg-vsi-vpna-ldp] peer 1.1.1.9 pw-id 500

[PEagg-vsi-vpna-ldp-1.1.1.9-500] quit

[PEagg-vsi-vpna-ldp] quit

[PEagg-vsi-vpna] quit

e. Bind the AC interface to the VSI on PE 1 and PE-agg:

# On PE 1, bind Ten-GigabitEthernet 3/0/1 to VSI vpna.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] xconnect vsi vpna

[PE1-Ten-GigabitEthernet3/0/1] quit

# On PE-agg, bind VE-L2VPN 1 to VSI vpna.

[PEagg] interface ve-l2vpn 1

[PEagg-VE-L2VPN1] xconnect vsi vpna

[PEagg-VE-L2VPN1] quit

4. Configure OSPF process 2 to advertise routing information on the IP backbone:

# Configure CE 1.

[CE1] ospf 2

[CE1-ospf-2] area 0

[CE1-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[CE1-ospf-2-area-0.0.0.0] quit

[CE1-ospf-2] quit

# Configure PE-agg.

[PEagg] ospf 2

[PEagg-ospf-2] area 0

[PEagg-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[PEagg-ospf-2-area-0.0.0.0] network 10.3.3.0 0.0.0.255

[PEagg-ospf-2-area-0.0.0.0] quit

[PEagg-ospf-2] quit

# Configure PE 2.

<PE2> system-view

[PE2] ospf 2

[PE2-ospf-2] area 0

[PE2-ospf-2-area-0.0.0.0] network 100.2.1.0 0.0.0.255

[PE2-ospf-2-area-0.0.0.0] network 10.3.3.0 0.0.0.255

[PE2-ospf-2-area-0.0.0.0] quit

[PE2-ospf-2] quit

# Configure CE 2.

<CE2> system-view

[CE2] ospf 2

[CE2-ospf-2] area 0

[CE2-ospf-2-area-0.0.0.0] network 100.2.1.0 0.0.0.255

[CE2-ospf-2-area-0.0.0.0] quit

[CE2-ospf-2] quit

5. The default MTU value varies by interface type. To avoid packet fragmentation, set the MTU value for each interface on each device to 1500 bytes. The following shows the MTU configuration on PE 1.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] mtu 1500

[PE1-Ten-GigabitEthernet3/0/2] shutdown

[PE1-Ten-GigabitEthernet3/0/2] undo shutdown

Verifying the configuration

# Ping CE 2 from CE 1 to verify their connectivity.

<CE1> ping 100.2.1.2

Ping 100.2.1.2 (100.2.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 100.2.1.2: icmp_seq=0 ttl=128 time=1.073 ms

56 bytes from 100.2.1.2: icmp_seq=1 ttl=128 time=1.428 ms

56 bytes from 100.2.1.2: icmp_seq=2 ttl=128 time=19.367 ms

56 bytes from 100.2.1.2: icmp_seq=3 ttl=128 time=1.013 ms

56 bytes from 100.2.1.2: icmp_seq=4 ttl=128 time=0.684 ms

--- Ping statistics for 100.2.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.684/4.713/19.367/7.331 ms

Example: Configuring LDP PW access to IP backbone through L2VE subinterfaces

Network configuration

Create LDP PWs between PE 1 and PE-agg on the L2VPN access network, so that CE 1 and CE 2 can access the IP backbone through the PWs.

Configure L2VPN access to the IP backbone through L2VE subinterfaces.

Configure OSPF process 2 to advertise routing information on the IP backbone.

Figure 298 Network diagram

‌

Table 115 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	CE 2	XGE3/0/1	100.1.1.2/24
PE 1	Loop0	1.1.1.9/32	PE-agg	Loop0	3.3.3.9/32
	XGE3/0/3	10.2.1.1/24		XGE3/0/1	10.2.2.2/24
P	Loop0	2.2.2.9/32		XGE3/0/2	10.3.3.1/24
	XGE3/0/1	10.2.1.2/24		VE-L3VPN1	100.1.1.3/24
	XGE3/0/2	10.2.2.1/24	PE 2	XGE3/0/2	10.3.3.2/24
CE 3	XGE3/0/1	100.2.1.2/24		XGE3/0/1	100.2.1.1/24

‌

Procedure

1. Configure IP addresses for interfaces as shown in Table 115. (Details not shown.)

2. Create VE-L2VPN 1 and VE-L3VPN 1 on PE-agg:

# Create VE-L2VPN 1, VE-L2VPN 1.1, and VE-L2VPN 1.2.

<PEagg> system-view

[PEagg] interface ve-l2vpn 1

[PEagg-VE-L2VPN1] quit

[PEagg] interface ve-l2vpn 1.1

[PEagg-VE-L2VPN1.1] quit

[PEagg] interface ve-l2vpn 1.2

[PEagg-VE-L2VPN1.2] quit

# Create VE-L3VPN 1, and configure an IP address for the interface.

[PEagg] interface ve-l3vpn 1

[PEagg-VE-L3VPN1] ip address 100.1.1.3 24

[PEagg-VE-L3VPN1] quit

3. Configure MPLS L2VPN:

a. Configure OSPF on PE 1, P, and PE-agg, and advertise interface addresses:

# Configure PE 1.

<PE1> system-view

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Configure the P device.

system-view

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

# Configure PE-agg.

[PEagg] ospf

[PEagg-ospf-1] area 0

[PEagg-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PEagg-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255

[PEagg-ospf-1-area-0.0.0.0] quit

[PEagg-ospf-1] quit

b. Configure basic MPLS and MPLS LDP on PE 1, P, and PE-agg:

# Configure PE 1.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] lsp-trigger all

[PE1-ldp] quit

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] mpls enable

[PE1-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/3] quit

# Configure the P device.

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] lsp-trigger all

[P-ldp] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] mpls enable

[P-Ten-GigabitEthernet3/0/1] mpls ldp enable

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] mpls enable

[P-Ten-GigabitEthernet3/0/2] mpls ldp enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure PE-agg.

[PEagg] mpls lsr-id 3.3.3.9

[PEagg] mpls ldp

[PEagg-ldp] lsp-trigger all

[PEagg-ldp] quit

[PEagg] interface ten-gigabitethernet 3/0/1

[PEagg-Ten-GigabitEthernet3/0/1] mpls enable

[PEagg-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PEagg-Ten-GigabitEthernet3/0/1] quit

c. Enable L2VPN on PE 1 and PE-agg:

# Configure PE 1.

[PE1] l2vpn enable

# Configure PE-agg.

[PEagg] l2vpn enable

d. Create cross-connect groups on PE 1 and PE-agg:

# On PE-agg, create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind VE-L2VPN 1.1 to the cross-connect.

[PEagg] xconnect-group vpna

[PEagg-xcg-vpna] connection ldp

[PEagg-xcg-vpna-ldp] ac interface ve-l2vpn 1.1

[PEagg-xcg-vpna-ldp-VE-L2VPN1.1] quit

# On PE-agg, create an LDP PW for the cross-connect to bind the AC to the PW.

[PEagg-xcg-vpna-ldp] peer 1.1.1.9 pw-id 500

[PEagg-xcg-vpna-ldp-1.1.1.9-500] quit

[PEagg-xcg-vpna-ldp] quit

[PEagg-xcg-vpna] quit

# On PE-agg, create a cross-connect group named vpnb, create a cross-connect named ldp in the group, and bind VE-L2VPN 1.2 to the cross-connect.

[PEagg] xconnect-group vpnb

[PEagg-xcg-vpnb] connection ldp

[PEagg-xcg-vpnb-ldp] ac interface ve-l2vpn 1.2

[PEagg-xcg-vpnb-ldp-VE-L2VPN1.2] quit

# On PE-agg, create an LDP PW for the cross-connect to bind the AC to the PW.

[PEagg-xcg-vpnb-ldp] peer 1.1.1.9 pw-id 501

[PEagg-xcg-vpnb-ldp-1.1.1.9-501] quit

[PEagg-xcg-vpnb-ldp] quit

[PEagg-xcg-vpnb] quit

# On PE 1, create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE1] xconnect-group vpna

[PE1-xcg-vpna] connection ldp

[PE1-xcg-vpna-ldp] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpna-ldp-Ten-GigabitEthernet3/0/1] quit

# On PE 1, create an LDP PW for the cross-connect to bind the AC to the PW.

[PE1-xcg-vpna-ldp] peer 3.3.3.9 pw-id 500

[PE1-xcg-vpna-ldp-3.3.3.9-500] quit

[PE1-xcg-vpna-ldp] quit

[PE1-xcg-vpna] quit

# On PE 1, create a cross-connect group named vpnb, create a cross-connect named ldp in the group, and bind Ten-GigabitEthernet 3/0/2 to the cross-connect.

[PE1]xconnect-group vpnb

[PE1-xcg-vpnb]connection ldp

[PE1-xcg-vpnb-ldp] ac interface ten-gigabitethernet 3/0/2

[PE1-xcg-vpnb-ldp-Ten-GigabitEthernet3/0/2] quit

# On PE 1, create an LDP PW for the cross-connect to bind the AC to the PW.

[PE1-xcg-vpnb-ldp] peer 3.3.3.9 pw-id 501

[PE1-xcg-vpnb-ldp-3.3.3.9-500] quit

[PE1-xcg-vpnb-ldp] quit

[PE1-xcg-vpnb] quit

4. Configure OSPF process 2 to advertise routing information on the IP backbone:

# Configure CE 1.

[CE1] ospf 2

[CE1-ospf-2] area 0

[CE1-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[CE1-ospf-2-area-0.0.0.0] quit

[CE1-ospf-2] quit

# Configure PE-agg.

[PEagg] ospf 2

[PEagg-ospf-2] area 0

[PEagg-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[PEagg-ospf-2-area-0.0.0.0] network 10.3.3.0 0.0.0.255

[PEagg-ospf-2-area-0.0.0.0] quit

[PEagg-ospf-2] quit

# Configure PE 2.

<PE2> system-view

[PE2] ospf 2

[PE2-ospf-2] area 0

[PE2-ospf-2-area-0.0.0.0] network 100.2.1.0 0.0.0.255

[PE2-ospf-2-area-0.0.0.0] network 10.3.3.0 0.0.0.255

[PE2-ospf-2-area-0.0.0.0] quit

[PE2-ospf-2] quit

# Configure CE 2.

<CE2> system-view

[CE2] ospf 2

[CE2-ospf-2] area 0

[CE2-ospf-2-area-0.0.0.0] network 100.2.1.0 0.0.0.255

[CE2-ospf-2-area-0.0.0.0] quit

[CE2-ospf-2] quit

5. The default MTU value varies by interface type. To avoid packet fragmentation, set the MTU value for each interface on each device to 1500 bytes. The following shows the MTU configuration on PE 1.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] mtu 1500

[PE1-Ten-GigabitEthernet3/0/3] shutdown

[PE1-Ten-GigabitEthernet3/0/3] undo shutdown

Verifying the configuration

# Ping CE 3 from CE 1 and CE 2 to verify the connectivity. This example uses CE 1.

<CE1> ping 100.2.1.2

Ping 100.2.1.2 (100.2.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 100.2.1.2: icmp_seq=0 ttl=128 time=1.073 ms

56 bytes from 100.2.1.2: icmp_seq=1 ttl=128 time=1.428 ms

56 bytes from 100.2.1.2: icmp_seq=2 ttl=128 time=19.367 ms

56 bytes from 100.2.1.2: icmp_seq=3 ttl=128 time=1.013 ms

56 bytes from 100.2.1.2: icmp_seq=4 ttl=128 time=0.684 ms

--- Ping statistics for 100.2.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.684/4.713/19.367/7.331 ms

Example: Configuring LDP PW access to shared gateway in IP backbone through L2VE interfaces

Network configuration

Create primary and backup LDP PWs between PE 1 and PE-agg on the L2VPN access network, so that CE 1 can access the IP backbone through the PWs.

Configure L2VPN access to the IP backbone through L2VE interfaces.

Configure OSPF process 2 to advertise routing information on the IP backbone.

Figure 299 Network diagram

‌

Table 116 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	100.1.1.1/24	CE 2	XGE3/0/1	100.1.2.2/24
PE 1	Loop0	1.1.1.1/32	PE 2	XGE3/0/1	100.1.2.1/24
	XGE3/0/3	10.1.1.1/24		XGE3/0/3	10.1.3.2/24
	XGE3/0/2	10.1.2.1/24		XGE3/0/2	10.1.4.2/24
PE-agg 1	Loop0	2.2.2.2/32	PE-agg 2	Loop0	3.3.3.3/32
	XGE3/0/1	10.1.1.2/24		XGE3/0/1	10.1.2.2/24
	XGE3/0/2	10.1.3.1/24		XGE3/0/2	10.1.4.1/24
	XGE3/0/3	20.1.1.1/24		XGE3/0/3	20.1.1.2/24

‌

Procedure

1. Configure IP addresses for interfaces as shown in Figure 299. (Details not shown.)

2. Configure CE 1:

# Configure OSPF process 2 to advertise routing information.

[CE1] ospf

[CE1-ospf-2] area 0

[CE1-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[CE1-ospf-2-area-0.0.0.0] quit

[CE1-ospf-2] quit

3. Configure PE 1:

# Configure an LSR ID.

<PE1> system-view

[PE1] mpls lsr-id 1.1.1.1

# Enable L2VPN.

[PE1] l2vpn enable

# Enable LDP globally.

[PE1] mpls ldp

[PE1-ldp] quit

# Enable MPLS and LDP on the interfaces.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] mpls enable

[PE1-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/3] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure OSPF.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 10.1.2.1 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind interface Ten-GigabitEthernet 3/0/1 to the cross-connect.

[PE1] xconnect-group vpna

[PE1-xcg-vpna] connection ldp

[PE1-xcg-vpna-ldp] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpna-ldp-Ten-GigabitEthernet3/0/1] quit

# Create an LDP PW, configure a backup PW for the LDP PW, and enable the dual receive feature for PW redundancy.

[PE1-xcg-vpna-ldp] protection dual-receive

[PE1-xcg-vpna-ldp] peer 2.2.2.2 pw-id 11

[PE1-xcg-vpna-ldp-2.2.2.2-11] backup-peer 3.3.3.3 pw-id 22

[PE1-xcg-vpna-ldp-2.2.2.2-11-backup] quit

[PE1-xcg-vpna-ldp-2.2.2.2-11] quit

[PE1-xcg-vpna-ldp] quit

[PE1-xcg-vpna] quit

4. Configure PE-agg 1:

# Create interface VE-L2VPN 1.

<PE-agg1> system-view

[PE-agg1] interface ve-l2vpn 1

[PE-agg1-VE-L2VPN1] quit

# Configure OSPF process 1 to advertise routing information in the L2VPN network.

[PE-agg1] ospf

[PE-agg1-ospf-1] area 0

[PE-agg1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[PE-agg1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE-agg1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[PE-agg1-ospf-1-area-0.0.0.0] quit

[PE-agg1-ospf-1] quit

# Configure basic MPLS features and MPLS LDP.

[PE-agg1] mpls lsr-id 2.2.2.2

[PE-agg1] mpls ldp

[PE-agg1-ldp] lsp-trigger all

[PE-agg1-ldp] quit

[PE-agg1] interface ten-gigabitethernet 3/0/1

[PE-agg1-Ten-GigabitEthernet3/0/1] mpls enable

[PE-agg1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE-agg1-Ten-GigabitEthernet3/0/1] quit

[PE-agg1] interface ten-gigabitethernet 3/0/3

[PE-agg1-Ten-GigabitEthernet3/0/3] mpls enable

[PE-agg1-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE-agg1-Ten-GigabitEthernet3/0/3] quit t

# Enable L2VPN.

[PE-agg1] l2vpn enable

# Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind interface VE-L2VPN 1 to the cross-connect.

[PE-agg1] xconnect-group vpna

[PE-agg1-xcg-vpna] connection ldp

[PE-agg1-xcg-1-ldp] ac interface VE-L2VPN 1

[PE-agg1-xcg-1-ldp-VE-L2VPN1] quit

# Create an LDP PW.

[PE-agg1-xcg-vpna-ldp] peer 1.1.1.1 pw-id 11

[PE-agg1-xcg-vpna-ldp-1.1.1.1-11] quit

[PE-agg1-xcg-vpna-ldp] quit

[PE-agg1-xcg-vpna] quit

# Create interface VE-L3VPN 1, and configure MAC and IP addresses for the interface.

[PE-agg1] interface ve-l3vpn 1

[PE-agg1-VE-L3VPN1] mac-address 1-1-1

[PE-agg1-VE-L3VPN1] ip address 100.1.1.2 24

[PE-agg1-VE-L3VPN1] quit

# Configure OSPF process 2 to advertise routing information on the IP backbone.

[PE-agg1] ospf

[PE-agg1-ospf-2] area 0

[PE-agg1-ospf-2-area-0.0.0.0] network 10.1.3.0 0.0.0.255

[PE-agg1-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[PE-agg1-ospf-2-area-0.0.0.0] quit

[PE-agg1-ospf-2] quit

5. Configure PE-agg 2:

# Create interface VE-L2VPN 1.

<PE-agg2> system-view

[PE-agg2] interface ve-l2vpn 1

[PE-agg2-VE-L2VPN1] quit

# Configure OSPF process 1 to advertise routing information in the L2VPN network.

[PE-agg2] ospf

[PE-agg2-ospf-1] area 0

[PE-agg2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[PE-agg2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[PE-agg2-ospf-1-area-0.0.0.0] network 20.1.2.0 0.0.0.255

[PE-agg2-ospf-1-area-0.0.0.0] quit

[PE-agg2-ospf-1] quit

# Configure basic MPLS features and MPLS LDP.

[PE-agg2] mpls lsr-id 3.3.3.3

[PE-agg2] mpls ldp

[PE-agg2-ldp] lsp-trigger all

[PE-agg2-ldp] quit

[PE-agg2] interface ten-gigabitethernet 3/0/1

[PE-agg2-Ten-GigabitEthernet3/0/1] mpls enable

[PE-agg2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE-agg2-Ten-GigabitEthernet3/0/1] quit

[PE-agg2] interface ten-gigabitethernet 3/0/3

[PE-agg2-Ten-GigabitEthernet3/0/3] mpls enable

[PE-agg2-Ten-GigabitEthernet3/0/3] mpls ldp enable

[PE-agg2-Ten-GigabitEthernet3/0/3] quit

# Enable L2VPN.

[PE-agg2] l2vpn enable

# Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind interface VE-L2VPN 1 to the cross-connect.

[PE-agg2] xconnect-group vpna

[PE-agg2-xcg-vpna] connection ldp

[PE-agg2-xcg-1-ldp] ac interface VE-L2VPN 1

[PE-agg2-xcg-1-ldp-VE-L2VPN1] quit

# Create an LDP PW.

[PE-agg2-xcg-vpna-ldp] peer 1.1.1.1 pw-id 22

[PE-agg2-xcg-vpna-ldp-1.1.1.1-11] quit

[PE-agg2-xcg-vpna-ldp] quit

[PE-agg2-xcg-vpna] quit

# Create interface VE-L3VPN 1, and configure MAC and IP addresses for the interface.

[PE-agg2] interface ve-l3vpn 1

[PE-agg2-VE-L3VPN1] mac-address 1-1-1

[PE-agg2-VE-L3VPN1] ip address 100.1.1.2 24

[PE-agg2-VE-L3VPN1] quit

# Configure OSPF process 2 to advertise routing information on the IP backbone.

[PE-agg2] ospf

[PE-agg2-ospf-1] area 0

[PE-agg2-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255

[PE-agg2-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[PE-agg2-ospf-1-area-0.0.0.0] quit

[PE-agg2-ospf-1] quit

6. Configure PE 2:

# Configure OSPF process 2 to advertise routing information.

<PE2> system-view

[PE2] ospf 2

[PE2-ospf-2] area 0

[PE2-ospf-2-area-0.0.0.0] network 100.1.2.0 0.0.0.255

[PE2-ospf-2-area-0.0.0.0] network 10.1.3.0 0.0.0.255

[PE2-ospf-2-area-0.0.0.0] network 10.1.4.0 0.0.0.255

[PE2-ospf-2-area-0.0.0.0] quit

[PE2-ospf-2] quit

7. Configure CE 2:

# Configure OSPF process 2 to advertise routing information.

<CE2> system-view

[CE2] ospf 2

[CE2-ospf-2] area 0

[CE2-ospf-2-area-0.0.0.0] network 100.1.2.0 0.0.0.255

[CE2-ospf-2-area-0.0.0.0] quit

[CE2-ospf-2] quit

Verifying the configuration

# Ping CE 3 from CE 1 and CE 2 to verify the connectivity. This example uses CE 1.

[CE1] ping 100.1.2.2

Ping 100.1.2.2 (100.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 100.1.2.2: icmp_seq=0 ttl=128 time=1.073 ms

56 bytes from 100.1.2.2: icmp_seq=1 ttl=128 time=1.428 ms

56 bytes from 100.1.2.2: icmp_seq=2 ttl=128 time=19.367 ms

56 bytes from 100.1.2.2: icmp_seq=3 ttl=128 time=1.013 ms

56 bytes from 100.1.2.2: icmp_seq=4 ttl=128 time=0.684 ms

--- Ping statistics for 100.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.684/4.713/19.367/7.331 ms

MPLS OAM configuration examples

Example: Configuring BFD for LSP

Network configuration

Use LDP to establish an LSP from 1.1.1.9/32 to 3.3.3.9/32 and an LSP from 3.3.3.9/32 to 1.1.1.9/32. Use BFD to verify LSP connectivity.

Figure 300 Network diagram

‌

Procedure

1. Configure IP addresses for interfaces. (Details not shown.)

2. Configure OSPF to ensure IP connectivity between the routers:

# Configure Router A.

<RouterA> system-view

[RouterA] ospf

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ospf

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ospf

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

3. Enable MPLS and LDP:

# Configure Router A.

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls ldp

[RouterA-ldp] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure Router B.

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure Router C.

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

4. Enable BFD for MPLS, and configure BFD to verify LSP connectivity:

# Configure Router A.

[RouterA] mpls bfd enable

[RouterA] mpls bfd 3.3.3.9 32

# Configure Router C.

[RouterC] mpls bfd enable

[RouterC] mpls bfd 1.1.1.9 32

Verifying the configuration

# Display BFD information for LSPs on Router A and Router C, for example, on Router A.

[RouterA] display mpls bfd

Total number of sessions: 2, 2 up, 0 down, 0 init

FEC Type: LSP

FEC Info:

Destination: 1.1.1.9

Mask Length: 32

NHLFE ID: -

Local Discr: 513 Remote Discr: 513

Source IP: 1.1.1.9 Destination IP: 3.3.3.9

Session State: Up Session Role: Active

Template Name: -

FEC Type: LSP

FEC Info:

Destination: 3.3.3.9

Mask Length: 32

NHLFE ID: 1042

Local Discr: 514 Remote Discr: 514

Source IP: 1.1.1.9 Destination IP: 127.0.0.1

Session State: Up Session Role: Passive

Template Name: -

The output shows that two BFD sessions have been established between Router A and Router C. One session verifies the connectivity of the LSP from 3.3.3.9/32 to 1.1.1.9/32, and the other session verifies the connectivity of the LSP from 1.1.1.9/32 to 3.3.3.9/32.

MCE configuration examples

Example: Configuring MCE

Network configuration

As shown in Figure 301, VPN 2 runs RIP. The edge routers of VPN 1 and VPN 2 are VR 1 and VR 2, respectively. Configure the MCE device to separate routes from different VPNs and to advertise the VPN routes to PE 1 through OSPF.

Figure 301 Network diagram

‌

Procedure

1. Configure VPN instances on the MCE and PE 1:

# On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

<MCE> system-view

[MCE] ip vpn-instance vpn1

[MCE-vpn-instance-vpn1] route-distinguisher 10:1

[MCE-vpn-instance-vpn1] vpn-target 10:1

[MCE-vpn-instance-vpn1] quit

[MCE] ip vpn-instance vpn2

[MCE-vpn-instance-vpn2] route-distinguisher 20:1

[MCE-vpn-instance-vpn2] vpn-target 20:1

[MCE-vpn-instance-vpn2] quit

# Bind Ten-GigabitEthernet 3/0/1 to VPN instance vpn1, and configure an IP address for the interface.

[MCE] interface ten-gigabitethernet 3/0/1

[MCE-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[MCE-Ten-GigabitEthernet3/0/1] ip address 10.214.10.3 24

[MCE-Ten-GigabitEthernet3/0/1] quit

# Bind Ten-GigabitEthernet 3/0/2 to VPN instance vpn2, and configure an IP address for the interface.

[MCE] interface ten-gigabitethernet 3/0/2

[MCE-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[MCE-Ten-GigabitEthernet3/0/2] ip address 10.214.20.3 24

[MCE-Ten-GigabitEthernet3/0/2] quit

# On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

<PE1> system-view

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 10:1

[PE1-vpn-instance-vpn1] vpn-target 10:1

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 20:1

[PE1-vpn-instance-vpn2] vpn-target 20:1

[PE1-vpn-instance-vpn2] quit

2. Configure routing between the MCE and VPN sites:

The MCE is connected to VPN 1 directly, and no routing protocol is enabled in VPN 1. Therefore, you can configure static routes.

# On VR 1, assign IP address 10.214.10.2/24 to the interface connected to MCE and 192.168.0.1/24 to the interface connected to VPN 1. (Details not shown.)

# On VR 1, configure a default route with the next hop as 10.214.10.3.

<VR1> system-view

[VR1] ip route-static 0.0.0.0 0.0.0.0 10.214.10.3

# On the MCE, configure a static route to 192.168.0.0/24, specify the next hop as 10.214.10.2, and bind the static route to VPN instance vpn1.

[MCE] ip route-static vpn-instance vpn1 192.168.0.0 24 10.214.10.2

# Run RIP in VPN 2. Configure RIP process 20 for VPN instance vpn2 on MCE, so that MCE can learn the routes of VPN 2 and add them to the routing table of VPN instance vpn2.

[MCE] rip 20 vpn-instance vpn2

# Advertise subnet 10.214.10.0.

[MCE-rip-20] network 10.214.20.0

[MCE-rip-20] quit

# On VR 2, assign IP address 10.214.20.2/24 to the interface connected to the MCE and 192.168.10.1/24 to the interface connected to VPN 2. (Details not shown.)

# Configure RIP, and advertise subnets 192.168.10.0 and 10.214.20.0.

<VR2> system-view

[VR2] rip 20

[VR2-rip-20] network 192.168.10.0

[VR2-rip-20] network 10.214.20.0

# On MCE, display the routing tables of VPN instances vpn1 and vpn2.

[MCE] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.214.10.0/24 Direct 0 0 10.214.10.3 XGE3/0/1

10.214.10.0/32 Direct 0 0 10.214.10.3 XGE3/0/1

10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0

10.214.10.255/32 Direct 0 0 10.214.10.3 XGE3/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

192.168.0.0/24 Static 60 0 10.214.10.2 XGE3/0/1

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

[MCE] display ip routing-table vpn-instance vpn2

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.214.20.0/24 Direct 0 0 10.214.20.3 XGE3/0/2

10.214.20.0/32 Direct 0 0 10.214.20.3 XGE3/0/2

10.214.20.3/32 Direct 0 0 127.0.0.1 InLoop0

10.214.20.255/32 Direct 0 0 10.214.20.3 XGE3/0/2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

192.168.10.0/24 RIP 100 1 10.214.20.2 XGE3/0/2

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

The output shows that the MCE has learned the private route of VPN 2 through RIP. MCE maintains the routes of VPN 1 and those of VPN 2 in two different routing tables. In this way, routes from different VPNs are separated.

3. Configure routing between the MCE and PE 1:

# The MCE is connected to PE 1 through subinterfaces. On MCE, bind Ten-GigabitEthernet 3/0/3.1 to VPN instance vpn1.

[MCE] interface ten-gigabitethernet 3/0/3.1

[MCE-Ten-GigabitEthernet3/0/3.1] ip binding vpn-instance vpn1

# Configure the subinterface to terminate VLAN 10.

[MCE-Ten-GigabitEthernet3/0/3.1] vlan-type dot1q vid 10

# Configure an IP address for the subinterface.

[MCE-Ten-GigabitEthernet3/0/3.1] ip address 20.1.1.1 24

[MCE-Ten-GigabitEthernet3/0/3.1] quit

# On the MCE, bind Ten-GigabitEthernet 3/0/3.2 to VPN instance vpn2.

[MCE] interface ten-gigabitethernet 3/0/3.2

[MCE-Ten-GigabitEthernet3/0/3.2] ip binding vpn-instance vpn2

# Configure the subinterface to terminate VLAN 20.

[MCE-Ten-GigabitEthernet3/0/3.2] vlan-type dot1q vid 20

# Configure an IP address for the subinterface.

[MCE-Ten-GigabitEthernet3/0/3.2] ip address 30.1.1.1 24

[MCE-Ten-GigabitEthernet3/0/3.2] quit

# On PE 1, bind Ten-GigabitEthernet 3/0/1.1 to VPN instance vpn1.

[PE1] interface ten-gigabitethernet 3/0/1.1

[PE1-Ten-GigabitEthernet3/0/1.1] ip binding vpn-instance vpn1

# Configure the subinterface to terminate VLAN 10.

[PE1-Ten-GigabitEthernet3/0/1.1] vlan-type dot1q vid 10

# Configure an IP address for the subinterface.

[PE1-Ten-GigabitEthernet3/0/1.1] ip address 20.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/1.1] quit

# On PE 1, bind Ten-GigabitEthernet 3/0/1.2 to VPN instance vpn2.

[PE1] interface ten-gigabitethernet 3/0/1.2

[PE1-Ten-GigabitEthernet3/0/1.2] ip binding vpn-instance vpn2

# Configure the subinterface to terminate VLAN 20.

[PE1-Ten-GigabitEthernet3/0/1.2] vlan-type dot1q vid 20

# Configure an IP address for the subinterface.

[PE1-Ten-GigabitEthernet3/0/1.2] ip address 30.1.1.2 24

[PE1-Ten-GigabitEthernet3/0/1.2] quit

# Configure the IP address of the interface Loopback 0 as 101.101.10.1 for the MCE and as 100.100.10.1 for PE 1. Specify the loopback interface address as the router ID for the MCE and PE 1. (Details not shown.)

# Enable OSPF process 10 on the MCE, and bind the process to VPN instance vpn1.

[MCE] ospf 10 router-id 101.101.10.1 vpn-instance vpn1

# Disable OSPF routing loop detection for the VPN instance.

[MCE-ospf-10] vpn-instance-capability simple

# Set the domain ID to 10.

[MCE-ospf-10] domain-id 10

# Advertise subnet 20.1.1.0/24 in area 0, and redistribute the static route of VPN 1.

[MCE-ospf-10] area 0

[MCE-ospf-10-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[MCE-ospf-10-area-0.0.0.0] quit

[MCE-ospf-10] import-route static

# On PE 1, enable OSPF process 10, and bind the process to VPN instance vpn1.

[PE1] ospf 10 router-id 100.100.10.1 vpn-instance vpn1

# Set the domain ID to 10.

[PE1-ospf-10] domain-id 10

# Advertise subnet 20.1.1.0/24 in area 0.

[PE1-ospf-10] area 0

[PE1-ospf-10-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[PE1-ospf-10-area-0.0.0.0] quit

[PE1-ospf-10] quit

# Configure OSPF process 20 between MCE and PE 1, and redistribute routes from RIP process 20 into OSPF. (Details not shown.)

Verifying the configuration

# Verify that PE 1 has learned the static route of VPN 1 through OSPF.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

20.1.1.0/24 Direct 0 0 20.1.1.2 XGE3/0/1.1

20.1.1.0/32 Direct 0 0 20.1.1.2 XGE3/0/1.1

20.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

20.1.1.255/32 Direct 0 0 20.1.1.2 XGE3/0/1.1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

192.168.0.0/24 O_ASE2 150 1 20.1.1.1 XGE3/0/1.1

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that PE 1 has learned the RIP route of VPN 2 through OSPF.

[PE1] display ip routing-table vpn-instance vpn2

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.0/24 Direct 0 0 30.1.1.2 XGE3/0/1.2

30.1.1.0/32 Direct 0 0 30.1.1.2 XGE3/0/1.2

30.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.255/32 Direct 0 0 30.1.1.2 XGE3/0/1.2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

192.168.10.0/24 O_ASE2 150 1 30.1.1.1 XGE3/0/1.2

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

The routing information for the two VPNs has been redistributed into the routing tables on PE 1.

IPv6 MCE configuration examples

Example: Configuring IPv6 MCE

Network configuration

As shown in Figure 302, VPN 2 runs RIPng. The edge routers of VPN 1 and VPN 2 are VR1 and VR2, respectively. Configure the MCE device to separate routes from different VPNs and advertise the VPN routes to PE 1 through OSPFv3.

Figure 302 Network diagram

‌

Procedure

1. Configure VPN instances on the MCE and PE 1:

# On MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

<MCE> system-view

[MCE] ip vpn-instance vpn1

[MCE-vpn-instance-vpn1] route-distinguisher 10:1

[MCE-vpn-instance-vpn1] vpn-target 10:1

[MCE-vpn-instance-vpn1] quit

[MCE] ip vpn-instance vpn2

[MCE-vpn-instance-vpn2] route-distinguisher 20:1

[MCE-vpn-instance-vpn2] vpn-target 20:1

[MCE-vpn-instance-vpn2] quit

# Bind interface Ten-GigabitEthernet 3/0/1 to VPN instance vpn1, and configure an IPv6 address for the interface.

[MCE] interface ten-gigabitethernet 3/0/1

[MCE-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[MCE-Ten-GigabitEthernet3/0/1] ipv6 address 2001:1::1 64

[MCE-Ten-GigabitEthernet3/0/1] quit

# Bind interface Ten-GigabitEthernet 3/0/2 to VPN instance vpn2, and configure an IPv6 address for the interface.

[MCE] interface ten-gigabitethernet 3/0/2

[MCE-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2

[MCE-Ten-GigabitEthernet3/0/2] ipv6 address 2002:1::1 64

[MCE-Ten-GigabitEthernet3/0/2] quit

# On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

<PE1> system-view

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 10:1

[PE1-vpn-instance-vpn1] vpn-target 10:1

[PE1-vpn-instance-vpn1] quit

[PE1] ip vpn-instance vpn2

[PE1-vpn-instance-vpn2] route-distinguisher 20:1

[PE1-vpn-instance-vpn2] vpn-target 20:1

[PE1-vpn-instance-vpn2] quit

2. Configure routing between the MCE and VPN sites:

The MCE is connected to VPN 1 directly, and no routing protocol is enabled in VPN 1. Therefore, you can configure IPv6 static routes.

# On VR 1, assign IPv6 address 2001:1::2/64 to the interface connected to the MCE and 2012:1::2/64 to the interface connected to VPN 1. (Details not shown.)

# On VR 1, configure a default route with the next hop as 2001:1::1.

<VR1> system-view

[VR1] ipv6 route-static :: 0 2001:1::1

# On the MCE, configure an IPv6 static route to 2012:1::/64 with the next hop 2001:1::2. Bind the static route to VPN instance vpn1.

[MCE] ipv6 route-static vpn-instance vpn1 2012:1:: 64 2001:1::2

# Run RIPng in VPN 2. Configure RIPng process 20 for the VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of the VPN instance vpn2.

[MCE] ripng 20 vpn-instance vpn2

# Advertise subnet 2002:1::/64.

[MCE] interface ten-gigabitethernet 3/0/2

[MCE-Ten-GigabitEthernet3/0/2] ripng 20 enable

[MCE-Ten-GigabitEthernet3/0/2] quit

# On VR 2, assign IPv6 address 2002:1::2/64 to the interface connected to the MCE. (Details not shown.)

# On VR 2, configure RIPng and advertise subnets 2012::/64 and 2002:1::/64.

<VR2> system-view

[VR2] ripng 20

[VR2-ripng-20] quit

[VR2] interface ten-gigabitethernet 3/0/1

[VR2-Ten-GigabitEthernet3/0/1] ripng 20 enable

[VR2-Ten-GigabitEthernet3/0/1] quit

[VR2] interface ten-gigabitethernet 3/0/2

[VR2-Ten-GigabitEthernet3/0/2] ripng 20 enable

[VR2-Ten-GigabitEthernet3/0/2] quit

# On the MCE, display the routing tables of the VPN instances vpn1 and vpn2.

[MCE] display ipv6 routing-table vpn-instance vpn1

Destinations : 5 Routes : 5

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2001:1::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1 Cost : 0

Destination: 2001:1::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2012:1::/64 Protocol : Static

NextHop : 2001:1::2 Preference: 60

Interface : XGE3/0/1 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

[MCE] display ipv6 routing-table vpn-instance vpn2

Destinations : 5 Routes : 5

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2002:1::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/2 Cost : 0

Destination: 2002:1::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2012::/64 Protocol : RIPng

NextHop : FE80::20C:29FF:FE40:701 Preference: 100

Interface : XGE3/0/2 Cost : 1

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

The output shows that the MCE has learned the private route of VPN 2 through RIPng. The MCE maintains the routes of VPN 1 and VPN 2 in two different routing tables. In this way, routes from different VPNs are separated.

3. Configure routing between the MCE and PE 1:

# The MCE is connected to PE 1 through subinterfaces. On the MCE, bind subinterface Ten-GigabitEthernet 3/0/3.1 to the VPN instance vpn1.

[MCE] interface ten-gigabitethernet 3/0/3.1

[MCE-Ten-GigabitEthernet3/0/3.1] ip binding vpn-instance vpn1

# Configure the subinterface to terminate VLAN 10.

[MCE-Ten-GigabitEthernet3/0/3.1] vlan-type dot1q vid 10

# Configure an IPv6 address for the subinterface.

[MCE-Ten-GigabitEthernet3/0/3.1] ipv6 address 2001:2::3 64

[MCE-Ten-GigabitEthernet3/0/3.1] quit

# On the MCE, bind subinterface Ten-GigabitEthernet 3/0/3.2 to the VPN instance vpn2.

[MCE] interface ten-gigabitethernet 3/0/3.2

[MCE-Ten-GigabitEthernet3/0/3.2] ip binding vpn-instance vpn2

# Configure the subinterface to terminate VLAN 20.

[MCE-Ten-GigabitEthernet3/0/3.2] vlan-type dot1q vid 20

# Configure an IPv6 address for the subinterface.

[MCE-Ten-GigabitEthernet3/0/3.2] ipv6 address 2002:2::3 64

[MCE-Ten-GigabitEthernet3/0/3.2] quit

# On PE 1, bind subinterface Ten-GigabitEthernet 3/0/1.1 to the VPN instance vpn1.

[PE1] interface ten-gigabitethernet 3/0/1.1

[PE1-Ten-GigabitEthernet3/0/1.1] ip binding vpn-instance vpn1

# Configure the subinterface to terminate VLAN 10.

[PE1-Ten-GigabitEthernet3/0/1.1] vlan-type dot1q vid 10

# Configure an IPv6 address for the subinterface.

[PE1-Ten-GigabitEthernet3/0/1.1] ipv6 address 2001:2::4 64

[PE1-Ten-GigabitEthernet3/0/1.1] quit

# On PE 1, bind subinterface Ten-GigabitEthernet 3/0/1.2 to the VPN instance vpn2.

[PE1] interface ten-gigabitethernet 3/0/1.2

[PE1-Ten-GigabitEthernet3/0/1.2] ip binding vpn-instance vpn2

# Configure the subinterface to terminate VLAN 20.

[PE1-Ten-GigabitEthernet3/0/1.2] vlan-type dot1q vid 20

# Configure an IPv6 address for the subinterface.

[PE1-Ten-GigabitEthernet3/0/1.2] ipv6 address 2002:2::4 64

[PE1-Ten-GigabitEthernet3/0/1.2] quit

# Enable OSPFv3 process 10 on the MCE, and bind the process to VPN instance vpn1.

[MCE] ospfv3 10 vpn-instance vpn1

# Redistribute the IPv6 static route of VPN 1.

[MCE-ospf-10] router-id 101.101.10.1

[MCE-ospf-10] import-route static

[MCE-ospf-10] quit

# Enable OSPFv3 on interface Ten-GigabitEthernet 3/0/3.1.

[MCE] interface ten-gigabitethernet 3/0/3.1

[MCE-Ten-GigabitEthernet3/0/3.1] ospfv3 10 area 0.0.0.0

[MCE-Ten-GigabitEthernet3/0/3.1] quit

# On PE 1, enable OSPFv3 process 10 and bind it to VPN instance vpn1.

[PE1] ospfv3 10 vpn-instance vpn1

[PE1-ospf-10] router-id 100.100.10.1

[PE1-ospf-10] quit

# Enable OSPFv3 on subinterface Ten-GigabitEthernet 3/0/1.1.

[PE1] interface ten-gigabitethernet 3/0/1.1

[PE1-Ten-GigabitEthernet3/0/1.1] ospfv3 10 area 0.0.0.0

[PE1-Ten-GigabitEthernet3/0/1.1] quit

Verifying the configuration

# Verify that PE 1 has learned the private route of VPN 1 through OSPFv3.

[PE1] display ipv6 routing-table vpn-instance vpn1

Destinations : 5 Routes : 5

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2001:2::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1.1 Cost : 0

Destination: 2001:2::4/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2012:1::/64 Protocol : O_ASE2

NextHop : FE80::200:5EFF:FE01:1C05 Preference: 15

Interface : XGE3/0/1.1 Cost : 10

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

# Verify that PE 1 has learned the private route of VPN 2 through OSPFv3.

[PE1] display ipv6 routing-table vpn-instance vpn2

Destinations : 5 Routes : 5

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2002:2::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : XGE3/0/1.2 Cost : 0

Destination: 2002:2::4/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: 2012::/64 Protocol : O_ASE2

NextHop : FE80::200:5EFF:FE01:1C06 Preference: 15

Interface : XGE3/0/1.2 Cost : 10

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

The routing information for the two VPNs has been redistributed into the routing table on PE 1.

SR-MPLS configuration examples

Example: Configuring SR-MPLS based on static segments

Network configuration

As shown in Figure 303, Router A, Router B, Router C, Router D, and Router E are running IS-IS.

Establish an MPLS TE tunnel over a static SRLSP from Router A to Router D to transmit data between the IP networks. The static SRLSP traverses three adjacency segments: Router A—Router B, Router B—Router C, and Router C—Router D.

Establish an MPLS TE tunnel over a static SRLSP from Router A to Router E to transmit data between the IP networks. The static SRLSP traverses three segments: Router A—Router B (adjacency segment), Router B—Router C (prefix segment), and Router C—Router E (adjacency segment).

Figure 303 Network diagram

‌

Table 117 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop0	1.1.1.9/32	Router B	Loop0	2.2.2.9/32
	XGE3/0/1	100.1.1.1/24		XGE3/0/1	10.1.1.2/24
	XGE3/0/2	10.1.1.1/24		XGE3/0/2	20.1.1.1/24
				XGE3/0/3	60.1.1.1/24
Router C	Loop0	3.3.3.9/32	Router D	Loop0	4.4.4.9/32
	XGE3/0/1	30.1.1.1/24		XGE3/0/1	100.1.2.1/24
	XGE3/0/2	20.1.1.2/24		XGE3/0/2	30.1.1.2/24
	XGE3/0/3	50.1.1.1/24
	XGE3/0/4	60.1.1.2/24
Router E	Loop0	5.5.5.9/32
	XGE3/0/1	200.1.2.1/24
	XGE3/0/2	50.1.1.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure IS-IS to advertise interface addresses, including the loopback interface addresses. (Details not shown.)

3. Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.)

4. Configure Router A:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.9

[RouterA] mpls te

[RouterA-te] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] mpls enable

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Create adjacency segment adjacency-1, and bind incoming label 16 to next hop address 10.1.1.2.

[RouterA] static-sr-mpls adjacency adjacency-1 in-label 16 nexthop 10.1.1.2

# Configure a static SRLSP (static-sr-lsp-1) to Router D, setting the label stack to [16, 21, 30].

[RouterA] static-sr-mpls lsp static-sr-lsp-1 out-label 16 21 30

# Configure a static SRLSP (static-sr-lsp-2) to Router E, setting the label stack to [16, 16000, 31].

[RouterA] static-sr-mpls lsp static-sr-lsp-2 out-label 16 16000 31

# Establish static MPLS TE tunnel 1 to Router D. Specify the LSR ID of Router D as the tunnel destination address and bind static SRLSP static-sr-lsp-1 to MPLS TE tunnel interface 1.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 6.1.1.1 255.255.255.0

[RouterA-Tunnel1] destination 4.4.4.9

[RouterA-Tunnel1] mpls te signaling static

[RouterA-Tunnel1] mpls te static-sr-mpls static-sr-lsp-1

[RouterA-Tunnel1] quit

# Establish static MPLS TE tunnel 2 to Router E. Specify the LSR ID of Router E as the tunnel destination address and bind static SRLSP static-sr-lsp-2 to MPLS TE tunnel interface 2.

[RouterA] interface tunnel 2 mode mpls-te

[RouterA-Tunnel2] ip address 7.1.1.1 255.255.255.0

[RouterA-Tunnel2] destination 5.5.5.9

[RouterA-Tunnel2] mpls te signaling static

[RouterA-Tunnel2] mpls te static-sr-mpls static-sr-lsp-2

[RouterA-Tunnel2] quit

# Configure two static routes to direct traffic destined for 100.1.2.0/24 and 200.1.2.0/24 to MPLS TE tunnel 1 and tunnel 2, respectively.

[RouterA] ip route-static 100.1.2.0 24 tunnel 1 preference 1

[RouterA] ip route-static 200.1.2.0 24 tunnel 2 preference 1

5. Configure Router B:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.9

[RouterB] mpls te

[RouterB-te] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface ten-gigabitethernet 3/0/3

[RouterB-Ten-GigabitEthernet3/0/3] mpls enable

[RouterB-Ten-GigabitEthernet3/0/3] quit

# Create adjacency segment adjacency-2, and bind incoming label 21 to next hop address 20.1.1.2.

[RouterB] static-sr-mpls adjacency adjacency-2 in-label 21 nexthop 20.1.1.2

# Create prefix segments prefix-1 to destination IP address 5.5.5.9. Bind incoming label 16000 to next hop addresses 20.1.1.2 and 60.1.1.2, and specify outgoing label 16001. Load balancing will occur between Router B and Router C.

[RouterB] static-sr-mpls prefix prefix-1 destination 5.5.5.9 32 in-label 16000 nexthop 20.1.1.2 out-label 16001

[RouterB] static-sr-mpls prefix prefix-1 destination 5.5.5.9 32 in-label 16000 nexthop 60.1.1.2 out-label 16001

6. Configure Router C:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.9

[RouterC] mpls te

[RouterC-te] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface ten-gigabitethernet 3/0/3

[RouterC-Ten-GigabitEthernet3/0/3] mpls enable

[RouterC-Ten-GigabitEthernet3/0/3] quit

[RouterC] interface ten-gigabitethernet 3/0/4

[RouterC-Ten-GigabitEthernet3/0/4] mpls enable

[RouterC-Ten-GigabitEthernet3/0/4] quit

# Create adjacency segment adjacency-1, and bind incoming label 30 to next hop address 30.1.1.2. Create adjacency segment adjacency-2, and bind incoming label 31 to next hop address 50.1.1.2.

[RouterC] static-sr-mpls adjacency adjacency-1 in-label 30 nexthop 30.1.1.2

[RouterC] static-sr-mpls adjacency adjacency-2 in-label 31 nexthop 50.1.1.2

# Create prefix segment prefix-1 to destination IP address 5.5.5.9, and specify incoming label 16001.

[RouterC] static-sr-mpls prefix prefix-1 destination 5.5.5.9 32 in-label 16001

7. Configure Router D:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.9

[RouterD] mpls te

[RouterD-te] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] mpls enable

[RouterD-Ten-GigabitEthernet3/0/2] quit

8. Configure Router E:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterE> system-view

[RouterE] mpls lsr-id 5.5.5.9

[RouterE] mpls te

[RouterE-te] quit

[RouterE] interface ten-gigabitethernet 3/0/2

[RouterE-Ten-GigabitEthernet3/0/2] mpls enable

[RouterE-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Display the MPLS TE tunnel information on Router A.

[RouterA] display mpls te tunnel-interface

Tunnel Name : Tunnel 1

Tunnel State : Up (Main CRLSP up)

Tunnel Attributes :

LSP ID : 1 Tunnel ID : 0

Admin State : Normal

Ingress LSR ID : 1.1.1.9 Egress LSR ID : 4.4.4.9

Signaling : Static Static CRLSP Name : -

Static SRLSP Name : static-sr-lsp-1/-

Resv Style : -

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : - Tunnel Bandwidth : -

Reserved Bandwidth : -

Setup Priority : 0 Holding Priority : 0

Affinity Attr/Mask : -/-

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : - Record Label : -

FRR Flag : - Backup Bandwidth Flag: -

Backup Bandwidth Flag: - Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : - Auto Created : -

Route Pinning : -

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : - Reoptimization Freq : -

Backup Type : - Backup LSP ID : -

Auto Bandwidth : - Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

Tunnel Name : Tunnel 2

Tunnel State : Up (Main CRLSP up)

Tunnel Attributes :

LSP ID : 1 Tunnel ID : 1

Admin State : Normal

Ingress LSR ID : 1.1.1.9 Egress LSR ID : 5.5.5.9

Signaling : Static Static CRLSP Name : -

Static SRLSP Name : static-sr-lsp-2/-

Resv Style : -

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : - Tunnel Bandwidth : -

Reserved Bandwidth : -

Setup Priority : 0 Holding Priority : 0

Affinity Attr/Mask : -/-

Explicit Path : -

Backup Explicit Path : -

Metric Type : TE

Record Route : - Record Label : -

FRR Flag : - Bandwidth Protection : -

Backup Bandwidth Flag: - Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : - Auto Created : -

Route Pinning : -

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : - Reoptimization Freq : -

Backup Type : - Backup LSP ID : -

Auto Bandwidth : - Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : -

Traffic Policy : Disable Reserved for binding : No

Path SetupType : -/-

Binding SID : - Binding SID State : -

Last Down Reason : Admin Down

Down Time : 2017-12-05 11:23:35:535

# Display static SRLSP establishment on each router by using the display mpls lsp or display mpls static-sr-mpls command.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.9/0/46565 StaticCR -/21 XGE3/0/2

1.1.1.9/1/46565 StaticCR -/16000 XGE3/0/2

- StaticCR 16/- XGE3/0/2

10.1.1.2 Local -/- XGE3/0/2

Tunnel0 Local -/- NHLFE1

Tunnel1 Local -/- NHLFE2

[RouterB] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

5.5.5.9/32 StaticCR 16000/16001 XGE3/0/2

5.5.5.9/32 StaticCR 16000/16001 XGE3/0/3

- StaticCR 21/- XGE3/0/2

20.1.1.2 Local -/- XGE3/0/2

60.1.1.2 Local -/- XGE3/0/3

[RouterC] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

5.5.5.9/32 StaticCR 16001/- -

- StaticCR 30/- XGE3/0/1

- StaticCR 31/- XGE3/0/3

30.1.1.2 Local -/- XGE3/0/3

50.1.1.2 Local -/- XGE3/0/3

Example: Configuring SR-MPLS based on ISIS-advertised SIDs

Network configuration

As shown in Figure 304, Router A, Router B, Router C, and Router D are running IS-IS.

Configure dynamic SID allocation on loopback interfaces of the routers. Then, establish an SRLSP from Router A to Router D based on the allocated SIDs and configure an MPLS TE tunnel over the SRLSP to transmit data.

Figure 304 Network diagram

‌

Table 118 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
				XGE3/0/2	11.0.0.1/24
Router C	Loop1	3.3.3.3/32	Router D	Loop1	4.4.4.4/32
	XGE3/0/1	11.0.0.2/24		XGE3/0/1	12.0.0.2/24
	XGE3/0/2	12.0.0.1/24		XGE3/0/2	100.1.2.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Configure IS-IS and set the IS-IS cost style to wide.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0000.0000.0001.00

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis enable 1

[RouterA-LoopBack1] quit

# Configure the LSR ID, and enable MPLS and MPLS TE.

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls te

[RouterA-te] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable SR-MPLS.

[RouterA] isis 1

[RouterA-isis-1] address-family ipv4

[RouterA-isis-1-ipv4] segment-routing mpls

[RouterA-isis-1-ipv4] quit

[RouterA-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis prefix-sid index 10

[RouterA-LoopBack1] quit

# Configure a static SRLSP (static-sr-lsp-1) to Router D, setting the outgoing label to the prefix label that Router A allocated to Router D (16040).

[RouterA] static-sr-mpls lsp static-sr-lsp-1 out-label 16040

# Establish static MPLS TE tunnel 1 to Router D. Specify the LSR ID of Router D as the tunnel destination address and bind static SRLSP static-sr-lsp-1 to MPLS TE tunnel interface 1.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 6.1.1.1 255.255.255.0

[RouterA-Tunnel1] destination 4.4.4.4

[RouterA-Tunnel1] mpls te signaling static

[RouterA-Tunnel1] mpls te static-sr-mpls static-sr-lsp-1

[RouterA-Tunnel1] quit

# Configure a static route to direct traffic destined for 100.1.2.0/24 to MPLS TE tunnel 1.

[RouterA] ip route-static 100.1.2.0 24 tunnel 1 preference 1

3. Configure Router B:

# Configure IS-IS and set the IS-IS cost style to wide.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0000.0000.0002.00

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis enable 1

[RouterB-LoopBack1] quit

# Configure the LSR ID, and enable MPLS and MPLS TE.

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls te

[RouterB-te] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS.

[RouterB] isis 1

[RouterB-isis-1] address-family ipv4

[RouterB-isis-1-ipv4] segment-routing mpls

[RouterB-isis-1-ipv4] quit

[RouterB-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis prefix-sid index 20

4. Configure Router C:

# Configure IS-IS and set the IS-IS cost style to wide.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0000.0000.0003.00

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] isis enable 1

[RouterC-LoopBack1] quit

# Configure the LSR ID, and enable MPLS and MPLS TE.

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] mpls te

[RouterC-te] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS.

[RouterC] isis 1

[RouterC-isis-1] address-family ipv4

[RouterC-isis-1-ipv4] segment-routing mpls

[RouterC-isis-1-ipv4] quit

[RouterC-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterC] interface loopback 1

[RouterC-LoopBack1] isis prefix-sid index 30

5. Configure Router D:

# Configure IS-IS and set the IS-IS cost style to wide.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] network-entity 00.0000.0000.0004.00

[RouterD-isis-1] cost-style wide

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface loopback 1

[RouterD-LoopBack1] isis enable 1

[RouterD-LoopBack1] quit

# Configure the LSR ID, and enable MPLS and MPLS TE.

[RouterD] mpls lsr-id 4.4.4.4

[RouterD] mpls te

[RouterD-te] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Enable SR-MPLS.

[RouterD] isis 1

[RouterD-isis-1] address-family ipv4

[RouterD-isis-1-ipv4] segment-routing mpls

[RouterD-isis-1-ipv4] quit

[RouterD-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterD] interface loopback 1

[RouterD-LoopBack1] isis prefix-sid index 40

Verifying the configuration

# Display detailed IS-IS interface information on Router A to view SID information for the loopback interface.

[RouterA] display isis interface verbose

Interface information for IS-IS(1)

----------------------------------

Interface: LoopBack1

Index IPv4 state IPv6 state Circuit ID MTU Type DIS

00002 Up Down 1 1536 L1/L2 --

SNPA address : 0000-0000-0000

IP address : 1.1.1.1

Secondary IP address(es) :

IPv6 link-local address :

Extended circuit ID : 2

CSNP timer value : L1 10 L2 10

Hello timer value : 10

Hello multiplier value : 3

LSP timer value : L12 33

LSP transmit-throttle count : L12 5

Cost : L1 0 L2 0

IPv6 cost : L1 0 L2 0

Priority : L1 64 L2 64

Retransmit timer value : L12 5

MPLS TE status : L1 Disabled L2 Disabled

IPv4 BFD : Disabled

IPv6 BFD : Disabled

IPv4 FRR LFA backup : Enabled

IPv6 FRR LFA backup : Enabled

IPv4 prefix suppression : Disabled

IPv6 prefix suppression : Disabled

IPv4 tag : 0

IPv6 tag : 0

Prefix-SID type : Index

Value : 10

Prefix-SID validity : Valid

# Display detailed IS-IS routing information on Router A to view information about routes bound with labels.

[RouterA] display isis route verbose

Route information for IS-IS(1)

------------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Dest : 10.0.0.0/24 Int. Cost : 10 Ext. Cost : NULL

Admin Tag : - Src Count : 2 Flag : D/L/-

InLabel : 4294967295 InLabel Flag: -/-/-/-/-/-

NextHop : Interface : ExitIndex :

Direct XGE3/0/1 0x00000102

Nib ID : 0x0 OutLabel : 4294967295 OutLabelFlag: -

IPv4 Dest : 11.0.0.0/24 Int. Cost : 20 Ext. Cost : NULL

Admin Tag : - Src Count : 2 Flag : R/-/-

InLabel : 4294967295 InLabel Flag: -/-/-/-/-/-

NextHop : Interface : ExitIndex :

10.0.0.2 XGE3/0/1 0x00000102

Nib ID : 0x14000004 OutLabel : 4294967295 OutLabelFlag: -

IPv4 Dest : 12.0.0.0/24 Int. Cost : 30 Ext. Cost : NULL

Admin Tag : - Src Count : 2 Flag : R/-/-

InLabel : 4294967295 InLabel Flag: -/-/-/-/-/-

NextHop : Interface : ExitIndex :

10.0.0.2 XGE3/0/1 0x00000102

Nib ID : 0x14000004 OutLabel : 4294967295 OutLabelFlag: -

IPv4 Dest : 1.1.1.1/32 Int. Cost : 0 Ext. Cost : NULL

Admin Tag : - Src Count : 1 Flag : D/L/-

InLabel : 16010 InLabel Flag: -/N/-/-/-/-

NextHop : Interface : ExitIndex :

Direct Loop1 0x00000584

Nib ID : 0x0 OutLabel : 4294967295 OutLabelFlag: -

IPv4 Dest : 2.2.2.2/32 Int. Cost : 10 Ext. Cost : NULL

Admin Tag : - Src Count : 1 Flag : R/-/-

InLabel : 16020 InLabel Flag: -/N/-/-/-/-

NextHop : Interface : ExitIndex :

10.0.0.2 XGE3/0/1 0x00000102

Nib ID : 0x14000003 OutLabel : 16020 OutLabelFlag: I

IPv4 Dest : 3.3.3.3/32 Int. Cost : 20 Ext. Cost : NULL

Admin Tag : - Src Count : 1 Flag : R/-/-

InLabel : 16030 InLabel Flag: -/N/-/-/-/-

NextHop : Interface : ExitIndex :

10.0.0.2 XGE3/0/1 0x00000102

Nib ID : 0x14000002 OutLabel : 16030 OutLabelFlag: -

IPv4 Dest : 4.4.4.4/32 Int. Cost : 20 Ext. Cost : NULL

Admin Tag : - Src Count : 1 Flag : R/-/-

InLabel : 16040 InLabel Flag: -/N/-/-/-/-

NextHop : Interface : ExitIndex :

10.0.0.2 XGE3/0/1 0x00000102

Nib ID : 0x14000002 OutLabel : 16040 OutLabelFlag: -

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

InLabel flags: R-Readvertisement, N-Node SID, P-no PHP

E-Explicit null, V-Value, L-Local

OutLabelFlags: E-Explicit null, I-Implicit null, N-Normal

# Display MPLS LSP information on Router A.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

10.0.0.2 Local -/- XGE3/0/1

1.1.1.1/32 ISIS 16010/- -

2.2.2.2/32 ISIS 16020/3 XGE3/0/1

2.2.2.2/32 ISIS -/3 XGE3/0/1

3.3.3.3/32 ISIS 16030/16030 XGE3/0/1

3.3.3.3/32 ISIS -/16030 XGE3/0/1

4.4.4.4/32 ISIS 16040/16040 XGE3/0/1

4.4.4.4/32 ISIS -/16040 XGE3/0/1

Example: Configuring SR-MPLS based on OSPF-advertised SIDs

Network configuration

As shown in Figure 305, Router A, Router B, Router C, and Router D are running OSPF.

Figure 305 Network diagram

‌

Table 119 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
				XGE3/0/2	11.0.0.1/24
Router C	Loop1	3.3.3.3/32	Router D	Loop1	4.4.4.4/32
	XGE3/0/1	11.0.0.2/24		XGE3/0/1	12.0.0.2/24
	XGE3/0/2	12.0.0.1/24		XGE3/0/2	100.1.2.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Configure OSPF to achieve network level connectivity.

<RouterA> system-view

[RouterA] ospf 1 router-id 1.1.1.1

[RouterA-ospf-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 1

[RouterA-LoopBack1] ospf 1 area 0

[RouterA-LoopBack1] quit

# Configure the LSR ID, and enable MPLS and MPLS TE.

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls te

[RouterA-te] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable SR-MPLS.

[RouterA] ospf 1

[RouterA-ospf-1] segment-routing mpls

[RouterA-ospf-1] quit

# Configure the OSPF prefix SID by specifying a relative value.

[RouterA] interface loopback 1

[RouterA-LoopBack1] ospf 1 prefix-sid index 10

[RouterA-LoopBack1] quit

# Configure a static SRLSP (static-sr-lsp-1) to Router D, setting the outgoing label to the prefix label that Router A allocated to Router D (16040).

[RouterA] static-sr-mpls lsp static-sr-lsp-1 out-label 16040

# Establish static MPLS TE tunnel 1 to Router D. Specify the LSR ID of Router D as the tunnel destination address and bind static SRLSP static-sr-lsp-1 to MPLS TE tunnel interface 1.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address 6.1.1.1 255.255.255.0

[RouterA-Tunnel1] destination 4.4.4.4

[RouterA-Tunnel1] mpls te signaling static

[RouterA-Tunnel1] mpls te static-sr-mpls static-sr-lsp-1

[RouterA-Tunnel1] quit

# Configure a static route to direct traffic destined for 100.1.2.0/24 to MPLS TE tunnel 1.

[RouterA] ip route-static 100.1.2.0 24 tunnel 1 preference 1

3. Configure Router B:

# Configure OSPF to achieve network level connectivity.

<RouterB> system-view

[RouterB] ospf 1 router-id 2.2.2.2

[RouterB-ospf-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospf 1 area 0

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] ospf 1 area 0

[RouterB-LoopBack1] quit

# Configure the LSR ID, and enable MPLS and MPLS TE.

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls te

[RouterB-te] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS.

[RouterB] ospf 1

[RouterB-ospf-1] segment-routing mpls

[RouterB-ospf-1] quit

# Configure the OSPF prefix SID by specifying a relative value.

[RouterB] interface loopback 1

[RouterB-LoopBack1] ospf 1 prefix-sid index 20

4. Configure Router C:

# Configure OSPF to achieve network level connectivity.

<RouterC> system-view

[RouterC] ospf 1 router-id 3.3.3.3

[RouterC-ospf-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] ospf 1 area 0

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] ospf 1 area 0

[RouterC-LoopBack1] quit

# Configure the LSR ID, and enable MPLS and MPLS TE.

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] mpls te

[RouterC-te] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS.

[RouterC] ospf 1

[RouterC-ospf-1] segment-routing mpls

[RouterC-ospf-1] quit

# Configure the OSPF prefix SID by specifying a relative value.

[RouterC] interface loopback 1

[RouterC-LoopBack1] ospf 1 prefix-sid index 30

5. Configure Router D:

# Configure OSPF to achieve network level connectivity.

<RouterD> system-view

[RouterD] ospf 1 router-id 4.4.4.4

[RouterD-ospf-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] ospf 1 area 0

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface loopback 1

[RouterD-LoopBack1] ospf 1 area 0

[RouterD-LoopBack1] quit

# Configure the LSR ID, and enable MPLS and MPLS TE.

[RouterD] mpls lsr-id 4.4.4.4

[RouterD] mpls te

[RouterD-te] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Enable SR-MPLS.

[RouterD] ospf 1

[RouterD-ospf-1] segment-routing mpls

[RouterD-ospf-1] quit

# Configure the OSPF prefix SID by specifying a relative value.

[RouterD] interface loopback 1

[RouterD-LoopBack1] ospf 1 prefix-sid index 40

Verifying the configuration

# Display detailed OSPF routing information on Router A to view information about routes bound with labels.

[RouterA] display ospf routing verbose

OSPF Process 1 with Router ID 1.1.1.1

Routing Table

Topology base (MTID 0)

Routing for network

Destination: 11.0.0.0/24

Priority: Low Type: Transit

AdvRouter: 3.3.3.3 Area: 0.0.0.0

SubProtoID: 0x1 Preference: 10

NextHop: 10.0.0.2 BkNextHop: N/A

IfType: Broadcast BkIfType: N/A

Interface: XGE3/0/1 BkInterface: N/A

NibID: 0x13000005 Status: Normal

Cost: 2

InLabel: 4294967295

OutLabel: 4294967295 OutLabel flag: N

Destination: 10.0.0.0/24

Priority: Low Type: Transit

AdvRouter: 1.1.1.1 Area: 0.0.0.0

SubProtoID: 0x1 Preference: 10

NextHop: 0.0.0.0 BkNextHop: N/A

IfType: Broadcast BkIfType: N/A

Interface: XGE3/0/1 BkInterface: N/A

NibID: 0x13000001 Status: Direct

Cost: 1

InLabel: 4294967295

OutLabel: 4294967295 OutLabel flag: N

Destination: 4.4.4.4/32

Priority: Medium Type: Stub

AdvRouter: 4.4.4.4 Area: 0.0.0.0

SubProtoID: 0x1 Preference: 10

NextHop: 10.0.0.2 BkNextHop: N/A

IfType: Broadcast BkIfType: N/A

Interface: XGE3/0/1 BkInterface: N/A

NibID: 0x13000005 Status: Normal

Cost: 2

InLabel: 16040

OutLabel: 16040 OutLabel flag: N

Destination: 3.3.3.3/32

Priority: Medium Type: Stub

AdvRouter: 3.3.3.3 Area: 0.0.0.0

SubProtoID: 0x1 Preference: 10

NextHop: 10.0.0.2 BkNextHop: N/A

IfType: Broadcast BkIfType: N/A

Interface: XGE3/0/1 BkInterface: N/A

NibID: 0x13000005 Status: Normal

Cost: 2

InLabel: 16030

OutLabel: 16030 OutLabel flag: N

Destination: 2.2.2.2/32

Priority: Medium Type: Stub

AdvRouter: 2.2.2.2 Area: 0.0.0.0

SubProtoID: 0x1 Preference: 10

NextHop: 10.0.0.2 BkNextHop: N/A

IfType: Broadcast BkIfType: N/A

Interface: XGE3/0/1 BkInterface: N/A

NibID: 0x13000005 Status: Normal

Cost: 1

InLabel: 16020

OutLabel: 16020 OutLabel flag: N

Destination: 1.1.1.1/32

Priority: Medium Type: Stub

AdvRouter: 1.1.1.1 Area: 0.0.0.0

SubProtoID: 0x1 Preference: 10

NextHop: 0.0.0.0 BkNextHop: N/A

IfType: PTP BkIfType: N/A

Interface: Loop1 BkInterface: N/A

NibID: 0x13000002 Status: Direct

Cost: 0

InLabel: 16010

OutLabel: 4294967295 OutLabel flag: N

Total nets: 6

Intra area: 6 Inter area: 0 ASE: 0 NSSA: 0

# Display MPLS LSP information on Router A.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

10.0.0.2 Local -/- XGE3/0/1

1.1.1.1/32 OSPF 16010/- -

2.2.2.2/32 OSPF 16020/3 XGE3/0/1

2.2.2.2/32 OSPF -/3 XGE3/0/1

3.3.3.3/32 OSPF 16030/16030 XGE3/0/1

3.3.3.3/32 OSPF -/16030 XGE3/0/1

4.4.4.4/32 OSPF 16040/16040 XGE3/0/1

4.4.4.4/32 OSPF -/16040 XGE3/0/1

Example: Configuring an SR-based MPLS TE tunnel over an explicit path

Network configuration

As shown in Figure 306, Router A, Router B, Router C, and Router D are running IS-IS.

Configure dynamic SID allocation on loopback interfaces of the routers. Then, create an explicit path from Router A to Router D and configure the MPLS TE tunnel interface to use SR to establish an MPLS TE tunnel over the explicit path.

Figure 306 Network diagram

‌

Table 120 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
				XGE3/0/2	11.0.0.1/24
Router C	Loop1	3.3.3.3/32	Router D	Loop1	4.4.4.4/32
	XGE3/0/1	11.0.0.2/24		XGE3/0/1	12.0.0.2/24
	XGE3/0/2	12.0.0.1/24		XGE3/0/2	100.1.2.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Configure the MPLS LSR ID, and enable MPLS and MPLS TE.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls te

[RouterA-te] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0000.0000.0001.00

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] is-level level-1

[RouterA-isis-1] mpls te enable

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis enable 1

[RouterA-LoopBack1] quit

# Enable SR-MPLS.

[RouterA] isis 1

[RouterA-isis-1] address-family ipv4

[RouterA-isis-1-ipv4] segment-routing mpls

[RouterA-isis-1-ipv4] quit

[RouterA-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis prefix-sid index 10

[RouterA-LoopBack1] quit

# Create an explicit path to Router D and specify the nodes by their prefix labels.

[RouterA] explicit-path 1

[RouterA-explicit-path-1] nextsid label 16020 type prefix

[RouterA-explicit-path-1] nextsid label 16030 type prefix

[RouterA-explicit-path-1] nextsid label 16040 type prefix

[RouterA-explicit-path-1] quit

# Configure MPLS TE tunnel interface Tunnel 1.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address unnumbered interface loopBack 1

# Set the tunnel destination address to the IP address of the loopback interface on Router D.

[RouterA-Tunnel1] destination 4.4.4.4

# Configure the MPLS TE tunnel interface to use SR to establish a tunnel over the explicit path.

[RouterA-Tunnel1] mpls te signaling segment-routing

[RouterA-Tunnel1] mpls te path preference 1 explicit-path 1

[RouterA-Tunnel1] quit

3. Configure Router B:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls te

[RouterB-te] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0000.0000.0002.00

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] is-level level-1

[RouterB-isis-1] mpls te enable

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis enable 1

[RouterB-LoopBack1] quit

# Enable SR-MPLS on the routers.

[RouterB] isis 1

[RouterB-isis-1] address-family ipv4

[RouterB-isis-1-ipv4] segment-routing mpls

[RouterB-isis-1-ipv4] quit

[RouterB-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis prefix-sid index 20

[RouterB-LoopBack1] quit

4. Configure Router C:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] mpls te

[RouterC-te] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0000.0000.0003.00

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] is-level level-1

[RouterC-isis-1] mpls te enable

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] isis enable 1

[RouterC-LoopBack1] quit

# Enable SR-MPLS on the routers.

[RouterC] isis 1

[RouterC-isis-1] address-family ipv4

[RouterC-isis-1-ipv4] segment-routing mpls

[RouterC-isis-1-ipv4] quit

[RouterC-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterC] interface loopback 1

[RouterC-LoopBack1] isis prefix-sid index 30

[RouterC-LoopBack1] quit

5. Configure Router D:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.4

[RouterD] mpls te

[RouterD-te] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

[RouterD] isis 1

[RouterD-isis-1] network-entity 00.0000.0000.0004.00

[RouterD-isis-1] cost-style wide

[RouterD-isis-1] is-level level-1

[RouterD-isis-1] mpls te enable

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface loopback 1

[RouterD-LoopBack1] isis enable 1

[RouterD-LoopBack1] quit

# Enable SR-MPLS on the routers.

[RouterD] isis 1

[RouterD-isis-1] address-family ipv4

[RouterD-isis-1-ipv4] segment-routing mpls

[RouterD-isis-1-ipv4] quit

[RouterD-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterD] interface loopback 1

[RouterD-LoopBack1] isis prefix-sid index 40

[RouterD-LoopBack1] quit

Verifying the configuration

# Display MPLS LSP information on Router A.

[RouterA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

10.0.0.2 Local -/- XGE3/0/1

Tunnel1 Local -/- NHLFE6

1.1.1.1/32 ISIS 16010/- -

2.2.2.2/32 ISIS 16020/3 XGE3/0/1

2.2.2.2/32 ISIS -/3 XGE3/0/1

3.3.3.3/32 ISIS 16030/16030 XGE3/0/1

3.3.3.3/32 ISIS -/16030 XGE3/0/1

4.4.4.4/32 ISIS 16040/16040 XGE3/0/1

4.4.4.4/32 ISIS -/16040 XGE3/0/1

1.1.1.1/1/17700 SR-TE -/16030 XGE3/0/1

16040

# Display information about MPLS TE tunnel interface Tunnel 1 on Router A.

[RouterA] display mpls te tunnel-interface tunnel 1

Tunnel Name : Tunnel 1

Tunnel State : Up (Main CRLSP up.

Main Shared-resource CRLSP down.

Backup CRLSP down.)

Tunnel Attributes :

LSP ID : 17700 Tunnel ID : 1

Admin State : Normal

Ingress LSR ID : 1.1.1.1 Egress LSR ID : 4.4.4.4

Signaling : Segment-Routing Static CRLSP Name : -

Resv Style : SE

Tunnel mode : -

Reverse-LSP name : -

Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: -

Class Type : CT0 Tunnel Bandwidth : 0 kbps

Reserved Bandwidth : 0 kbps

Setup Priority : - Holding Priority : -

Affinity Attr/Mask : 0/0

Explicit Path : 1

Backup Explicit Path : -

Metric Type : TE

Record Route : Disabled Record Label : Disabled

FRR Flag : Disabled Bandwidth Protection : Disabled

Backup Bandwidth Flag: Disabled Backup Bandwidth Type: -

Backup Bandwidth : -

Bypass Tunnel : No Auto Created : No

Route Pinning : Disabled

Retry Limit : 3 Retry Interval : 2 sec

Reoptimization : Disabled Reoptimization Freq : -

Backup Type : None Backup LSP ID : -

Backup Restore Time : -

Auto Bandwidth : Disabled Auto Bandwidth Freq : -

Min Bandwidth : - Max Bandwidth : -

Collected Bandwidth : - Service-Class : -

Traffic Policy : Disable

Path Setup Type : EXPLICIT/-

Binding SID : - Binding SID State : -

Last Down Reason : Signal Error

Down Time : 2018-11-13 14:34:06:232

# Display the NHLFE entry information.

[RouterA] display mpls forwarding nhlfe

Total NHLFE entries: 3

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

NID Tnl-Type Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

5 LOCAL NA - XGE3/0/1 10.0.0.2

6 SRLSP NA 16030 XGE3/0/1 10.0.0.2

16040

268435457 TE TA - 6

The output shows that there are two tiers of outgoing labels to the destination. The traffic is forwarded through the explicit path.

Example: Configuring an MPLS TE tunnel over a PCE-calculated SRLSP

Network configuration

As shown in Figure 307, Router A, Router B, Router C, and Router D are running IS-IS.

Configure Router B, Router C, and Router D as PCEs. Configure Router A as a PCC and specify the PCEs for the PCC. Configure Router A to request the PCEs to calculate the path to Router D.

Figure 307 Network diagram

‌

Table 121 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
				XGE3/0/2	11.0.0.1/24
Router C	Loop1	3.3.3.3/32	Router D	Loop1	4.4.4.4/32
	XGE3/0/1	11.0.0.2/24		XGE3/0/1	12.0.0.2/24
	XGE3/0/2	12.0.0.1/24		XGE3/0/2	100.1.2.1/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] mpls te

[RouterA-te] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0000.0000.0001.00

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] mpls te enable

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis enable 1

[RouterA-LoopBack1] quit

# Enable SR-MPLS.

[RouterA] isis 1

[RouterA-isis-1] address-family ipv4

[RouterA-isis-1-ipv4] segment-routing mpls

[RouterA-isis-1-ipv4] quit

[RouterA-isis-1] quit

# Configure Router A as a PCC and specify the PCEs.

[RouterA] mpls te

[RouterA-te] pcep type active-stateful

[RouterA-te] pce static 2.2.2.2

[RouterA-te] pce static 3.3.3.3

[RouterA-te] pce static 4.4.4.4

[RouterA-te] quit

# Configure MPLS TE tunnel interface Tunnel 1.

[RouterA] interface tunnel 1 mode mpls-te

[RouterA-Tunnel1] ip address unnumbered interface LoopBack1

# Configure the MPLS TE tunnel interface to use SR and stateful PCE to establish the tunnel over the SRLSP calculated in PCE delegation mode.

[RouterA-Tunnel1] mpls te signaling segment-routing

[RouterA-Tunnel1] mpls te delegation

[RouterA-Tunnel1] destination 4.4.4.4

[RouterA-Tunnel1] quit

3. Configure Router B:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterB> system-view

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] mpls te

[RouterB-te] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0000.0000.0002.00

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] mpls te enable

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis enable 1

[RouterB-LoopBack1] quit

# Enable SR-MPLS.

[RouterB] isis 1

[RouterB-isis-1] address-family ipv4

[RouterB-isis-1-ipv4] segment-routing mpls

[RouterB-isis-1-ipv4] quit

[RouterB-isis-1] quit

# Configure Router B as a PCE.

[RouterB] mpls te

[RouterB-te] pce address 2.2.2.2

4. Configure Router C:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterC> system-view

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] mpls te

[RouterC-te] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls te enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0000.0000.0003.00

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] mpls te enable

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] isis enable 1

[RouterC-LoopBack1] quit

# Enable SR-MPLS.

[RouterC] isis 1

[RouterC-isis-1] address-family ipv4

[RouterC-isis-1-ipv4] segment-routing mpls

[RouterC-isis-1-ipv4] quit

[RouterC-isis-1] quit

# Configure Router C as a PCE.

[RouterC] mpls te

[RouterC-te] pce address 3.3.3.3

5. Configure Router D:

# Configure the LSR ID, and enable MPLS and MPLS TE.

<RouterD> system-view

[RouterD] mpls lsr-id 4.4.4.4

[RouterD] mpls te

[RouterD-te] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls te enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

[RouterD] isis 1

[RouterD-isis-1] network-entity 00.0000.0000.0004.00

[RouterD-isis-1] cost-style wide

[RouterD-isis-1] mpls te enable

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface loopback 1

[RouterD-LoopBack1] isis enable 1

[RouterD-LoopBack1] quit

# Enable SR-MPLS.

[RouterD] isis 1

[RouterD-isis-1] address-family ipv4

[RouterD-isis-1-ipv4] segment-routing mpls

[RouterD-isis-1-ipv4] quit

[RouterD-isis-1] quit

# Configure Router D as a PCE.

[RouterD] mpls te

[RouterD-te] pce address 4.4.4.4

Verifying the configuration

# Display discovered PCEs on each router. This example uses Router A.

[RouterA] display mpls te pce discovery verbose

PCE address: 2.2.2.2

Discovery methods: Static

Path scopes:

Path scope Preference

Compute intra-area paths 7

Act as PCE for inter-area TE LSP computation 6

Capabilities:

Bidirectional path computation

Support for request prioritization

Support for multiple requests per message

PCE address: 3.3.3.3

Discovery methods: Static

Path scopes:

Path scope Preference

Compute intra-area paths 7

Act as PCE for inter-area TE LSP computation 6

Capabilities:

Bidirectional path computation

Support for request prioritization

Support for multiple requests per message

PCE address: 4.4.4.4

Discovery methods: Static

Path scopes:

Path scope Preference

Compute intra-area paths 7

Act as PCE for inter-area TE LSP computation 6

Capabilities:

Bidirectional path computation

Support for request prioritization

Support for multiple requests per message

# Verify that PCEP sessions have been established on each router. This example uses Router A.

[RouterA] display mpls te pce peer verbose

Peer address: 2.2.2.2

TCP connection : 1.1.1.1:36818 -> 2.2.2.2:4189

Peer type : PCE

Session type : Stateless

Session state : UP

Mastership : Normal

Role : Active

Session up time : 0000 days 00 hours 15 minutes

Session ID : Local 0, Peer 0

Keepalive interval : Local 30 sec, Peer 30 sec

Recommended DeadTimer : Local 120 sec, Peer 120 sec

Tolerance:

Min keepalive interval : 10 sec

Max unknown messages : 5

Request timeout : 10 sec

Capability for Initiate : No

Capability for Segment-Routing: No

Peer address: 3.3.3.3

TCP connection : 1.1.1.1:36821 -> 3.3.3.3:4189

Peer type : PCE

Session type : Stateless

Session state : UP

Mastership : Normal

Role : Active

Session up time : 0000 days 00 hours 13 minutes

Session ID : Local 1, Peer 0

Keepalive interval : Local 30 sec, Peer 30 sec

Recommended DeadTimer : Local 120 sec, Peer 120 sec

Tolerance:

Min keepalive interval : 10 sec

Max unknown messages : 5

Request timeout : 10 sec

Capability for Initiate : No

Capability for Segment-Routing: No

Peer address: 4.4.4.4

TCP connection : 1.1.1.1:36822 -> 4.4.4.4:4189

Peer type : PCE

Session type : Stateless

Session state : UP

Mastership : Normal

Role : Active

Session up time : 0000 days 00 hours 13 minutes

Session ID : Local 2, Peer 0

Keepalive interval : Local 30 sec, Peer 30 sec

Recommended DeadTimer : Local 120 sec, Peer 120 sec

Tolerance:

Min keepalive interval : 10 sec

Max unknown messages : 5

Request timeout : 10 sec

Capability for Initiate : No

Capability for Segment-Routing: No

Example: Configuring SR-MPLS inter-AS option B

Network configuration

As shown in Figure 308, complete the following tasks:

· Start OSPF and enable OSPF-based SR-MPLS on the PEs in the same AS.

· Establish an MPLS TE tunnel between ASBR-PEs in different ASs and enable BGP EPE.

· Configure PE 1 and ASBR-PE 1 to exchange VPNv4 routes through MP IBGP.

· Configure PE 2 and ASBR-PE 2 to exchange VPNv4 routes through MP IBGP.

· Establish an MP-EBGP peer relationship between ASBR-PE 1 and ASBR-PE 2 to exchange VPNv4 routes.

· Disable route target-based filtering of received VPNv4 routes on ASBR-PE 1 and ASBR-PE 2.

· Configure dynamic SID allocation on loopback interfaces of the devices. Then, establish an SRLSP based on the allocated SIDs and configure an MPLS TE tunnel over the SRLSP to transmit data.

Figure 308 Network diagram

‌

Table 122 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop1	2.2.2.9/32	PE 2	Loop1	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop1	3.3.3.9/32	ASBR-PE 2	Loop1	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure PE 1:

# Start OSPF on PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<PE1> system-view

[PE1] ospf 1 router-id 2.2.2.9

[PE1-ospf-1] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 2.2.2.9 32

[PE1-LoopBack1] ospf 1 area 0

[PE1-LoopBack1] quit

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls te

[PE1-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE1] ospf 1

[PE1-ospf-1] segment-routing mpls

[PE1-ospf-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ospf 1 prefix-sid index 20

[PE1-LoopBack1] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and assign an IP address to the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Start BGP on PE 1.

[PE1] bgp 100

# Configure peer 3.3.3.9 as a VPNv4 peer.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 1

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

# Redistribute direct routes to the VPN routing table of vpn1.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] import-route direct

3. Configure ASBR-PE 1:

# Start OSPF on ASBR-PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE1> system-view

[ASBR-PE1] ospf 1 router-id 3.3.3.9

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack1] ospf 1 area 0

[ASBR-PE1-LoopBack1] quit

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE1] ospf 1

[ASBR-PE1-ospf-1] segment-routing mpls

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ospf 1 prefix-sid index 30

[ASBR-PE1-LoopBack1] quit

# Create a routing policy to assign a label.

[ASBR-PE1] route-policy epe permit node 1

[ASBR-PE1-route-policy-epe-1] apply label-value 245555

[ASBR-PE1-route-policy-epe-1] quit

# Start BGP on ASBR-PE 1.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface ten-gigabitethernet 3/0/4

# Disable route target-based filtering of received VPNv4 routes.

[ASBR-PE1-bgp-default] address-family vpnv4

[ASBR-PE1-bgp-default-vpnv4] undo policy vpn-target

# Configure IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as a VPNv4 peer.

[ASBR-PE1-bgp-default-vpnv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-vpnv4] quit

# Enable BGP EPE for EBGP neighbor 11.0.0.1 and specify a routing policy to assign a label to the neighbor.

[ASBR-PE1-bgp-default] peer 11.0.0.1 egress-engineering route-policy epe

[ASBR-PE1-bgp-default] quit

[ASBR-PE1-bgp] quit

4. Configure ASBR-PE 2:

# Start OSPF on ASBR-PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE2> system-view

[ASBR-PE2] ospf 1 router-id 4.4.4.9

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack1] ospf 1 area 0

[ASBR-PE2-LoopBack1] quit

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE1] ospf 1

[ASBR-PE1-ospf-1] segment-routing mpls

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ospf 1 prefix-sid index 40

[ASBR-PE1-LoopBack1] quit

# Create a routing policy to assign a label.

[ASBR-PE2] route-policy epe permit node 1

[ASBR-PE2-route-policy-epe-1] apply label-value 246666

[ASBR-PE2-route-policy-epe-1] quit

# Start BGP on ASBR-PE 2.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface ten-gigabitethernet 3/0/4

# Disable route target-based filtering of received VPNv4 routes.

[ASBR-PE2-bgp-default] address-family vpnv4

[ASBR-PE2-bgp-default-vpnv4] undo policy vpn-target

# Configure IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as a VPNv4 peer.

[ASBR-PE2-bgp-default-vpnv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-vpnv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-vpnv4] quit

# Enable BGP EPE for EBGP neighbor 11.0.0.2 and specify a routing policy to assign a label to the neighbor.

[ASBR-PE2-bgp-default] peer 11.0.0.2 egress-engineering route-policy epe

5. Configure PE 2:

# Start OSPF on PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<PE2> system-view

[PE2] ospf 1 router-id 5.5.5.9

[PE2-ospf-1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 5.5.5.9 32

[PE2-LoopBack1] ospf 1 area 0

[PE2-LoopBack1] quit

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls te

[PE2-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE2] ospf 1

[PE2-ospf-1] segment-routing mpls

[PE2] interface loopback 1

[PE2-LoopBack1] ospf 1 prefix-sid index 50

[PE2-LoopBack1] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and assign an IP address to the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Start BGP on PE 2.

[PE2] bgp 600

# Configure IBGP peer 4.4.4.9 as a VPNv4 peer.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 1

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE2-bgp-default-vpnv4] quit

# Redistribute direct routes to the VPN routing table of vpn1.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] import-route direct

6. Configuring an MPLS TE tunnel:

# Configure ASBR-PE 1 as the ingress node of static SRLSP static-sr-lsp-1 and specify the label that ASBR-PE 1 allocated to ASBR-PE 2 (245555) as the outgoing label.

<ASBR-PE1> system-view

[ASBR-PE1] static-sr-mpls lsp static-sr-lsp-1 out-label 245555

# On ASBR-PE 1, establish static MPLS TE tunnel 1 to ASBR-PE 2. Specify the IP address (11.0.0.1) of the directly connected interface on ASBR-PE 2 as the tunnel destination address. Bind static SRLSP static-sr-lsp-1 to MPLS TE tunnel interface 1.

[ASBR-PE1] interface tunnel 1 mode mpls-te

[ASBR-PE1-Tunnel1] ip address 6.1.1.1 255.255.255.0

[ASBR-PE1-Tunnel1] destination 11.0.0.1

[ASBR-PE1-Tunnel1] mpls te signaling static

[ASBR-PE1-Tunnel1] mpls te static-sr-mpls static-sr-lsp-1

[ASBR-PE1-Tunnel1] quit

# Configure ASBR-PE 2 as the ingress node of static SRLSP static-sr-lsp-2 and specify the label that ASBR-PE 2 allocated to ASBR-PE 1 (246666) as the outgoing label.

<ASBR-PE2> system-view

[ASBR-PE2] static-sr-mpls lsp static-sr-lsp-2 out-label 246666

# On ASBR-PE 2, establish static MPLS TE tunnel 1 to ASBR-PE 1. Specify the IP address (11.0.0.2) of the directly connected interface on ASBR-PE 1 as the tunnel destination address. Bind static SRLSP static-sr-lsp-2 to MPLS TE tunnel interface 1.

[ASBR-PE2] interface tunnel 1 mode mpls-te

[ASBR-PE2-Tunnel1] ip address 7.1.1.1 255.255.255.0

[ASBR-PE2-Tunnel1] destination 11.0.0.2

[ASBR-PE2-Tunnel1] mpls te signaling static

[ASBR-PE2-Tunnel1] mpls te static-sr-mpls static-sr-lsp-2

[ASBR-PE2-Tunnel1] quit

Verifying the configuration

# Execute the display ip routing-table command on CE 1 and CE 2 to verify that they have a route to each other. (Details not shown.)

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

# Display MPLS LSP information on ASBR-PE1.

[ASBR-PE1] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

3.3.3.9/1/53168 StaticCR -/- NHLFE1

11.0.0.1 BGP -/- XGE3/0/4

2.2.2.9/1151 BGP 1151/1151 -

11.0.0.1/1149 BGP 1150/1149 -

11.0.0.1 BGP 245555/- NHLFE1

1.1.1.2 Local -/- XGE3/0/5

11.0.0.1 Local -/- XGE3/0/4

Tunnel1 Local -/- NHLFE4

2.2.2.9/32 OSPF 16020/3 XGE3/0/5

2.2.2.9/32 OSPF -/3 XGE3/0/5

3.3.3.9/32 OSPF 16030/- -

Example: Configuring SR-MPLS inter-AS option C (I) (labeled route exchange in BGP IPv4 unicast address family)

Network configuration

As shown in Figure 309, complete the following tasks:

· Start OSPF and enable OSPF-based SR-MPLS on the PEs in the same AS.

· Configure PE 1 and ASBR-PE 1 to exchange labeled IPv4 routes through IBGP.

· Configure PE 2 and ASBR-PE 2 to exchange labeled IPv4 routes through IBGP.

· Establish an MP-EBGP peer relationship between PE 1 and PE 2 to exchange VPNv4 routes.

· Configure ASBR-PE 1 and ASBR-PE 2 to exchange labeled IPv4 routes through EBGP. Enable BGP-based SR-MPLS.

· Configure dynamic SID allocation on loopback interfaces of the devices. Then, establish an SRLSP based on the allocated SIDs and configure an MPLS TE tunnel over the SRLSP to transmit data.

Figure 309 Network diagram

‌

Table 123 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop1	2.2.2.9/32	PE 2	Loop1	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop1	3.3.3.9/32	ASBR-PE 2	Loop1	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure CE 1:

# Assign an IP address to interface Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Configure PE 1 as an EBGP peer and redistribute the VPN route.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3. Configure PE 1:

# Start OSPF on PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<PE1> system-view

[PE1] ospf 1 router-id 2.2.2.9

[PE1-ospf-1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 2.2.2.9 32

[PE1-LoopBack1] ospf 1 area 0

[PE1-LoopBack1] quit

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls te

[PE1-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE1] ospf 1

[PE1-ospf-1] segment-routing mpls

[PE1-ospf-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ospf 1 prefix-sid index 20

[PE1-LoopBack1] quit

# Create VPN instance vpn1. Configure an RD and both import and export route targets for the VPN instance.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Bind VPN instance vpn1 to interface Ten-GigabitEthernet 3/0/1 and assign an IP address to the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Start BGP on PE 1.

[PE1] bgp 100

# Enable the capability to exchange labeled routes with IBGP peer 3.3.3.9.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] peer 3.3.3.9 enable

[PE1-bgp-default-ipv4] peer 3.3.3.9 label-route-capability

# Enable SR-MPLS.

[PE1-bgp-default-ipv4] segment-routing mpls

[PE1-bgp-default-ipv4] quit

# Configure the maximum number of hops from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Configure CE 1 as an EBGP peer of PE 1 and install the learned BGP routes in the routing table of the VPN instance.

[PE1-bgp-default] address-family vpnv4

4. Configure ASBR-PE 1:

# Start OSPF on ASBR-PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE1> system-view

[ASBR-PE1] ospf 1 router-id 3.3.3.9

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack1] ospf 1 area 0

[ASBR-PE1-LoopBack1] quit

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE1] ospf 1

[ASBR-PE1-ospf-1] segment-routing mpls

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ospf 1 prefix-sid index 30

[ASBR-PE1-LoopBack1] quit

# Create a routing policy and specify a label index value.

[ASBR-PE1]ip prefix-list 1 permit 2.2.2.9 32

[ASBR-PE1]route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] if-match ip address prefix-list 1

[ASBR-PE1-route-policy-policy1-1] apply label-index 20

[ASBR-PE1-route-policy-policy1-1] quit

# Start BGP on ASBR-PE 1. Enable the capability to exchange labeled routes with IBGP peer 2.2.2.9.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 label-route-capability

# Redistribute routes from OSPF process 1 to BGP and apply the routing policy.

[ASBR-PE1-bgp-default-ipv4] import-route ospf 1 route-policy policy1

# Enable SR-MPLS.

[ASBR-PE1-bgp-default-ipv4] segment-routing mpls

[ASBR-PE1-bgp-default-ipv4] quit

# Enable the capability to exchange labeled routes with EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability

5. Configure ASBR-PE 2:

# Start OSPF on ASBR-PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE2> system-view

[ASBR-PE2] ospf 1 router-id 4.4.4.9

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack1] ospf 1 area 0

[ASBR-PE2-LoopBack1] quit

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE2] ospf 1

[ASBR-PE2-ospf-1] segment-routing mpls

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ospf 1 prefix-sid index 40

[ASBR-PE2-LoopBack1] quit

# Create a routing policy and specify a label index value.

[ASBR-PE2]ip prefix-list 1 permit 5.5.5.9 32

[ASBR-PE2] route-policy policy1 permit node 1

[ASBR-PE2-route-policy-policy1-1] if-match ip address prefix-list 1

[ASBR-PE2-route-policy-policy1-1] apply label-index 50

[ASBR-PE2-route-policy-policy1-1] quit

# Start BGP on ASBR-PE 2. Enable the capability to exchange labeled routes with IBGP peer 5.5.5.9.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 label-route-capability

# Redistribute routes from OSPF process 1 to BGP and apply the routing policy.

[ASBR-PE2-bgp-default-ipv4] import-route ospf 1 route-policy policy1

# Enable SR-MPLS.

[ASBR-PE2-bgp-default-ipv4] segment-routing mpls

[ASBR-PE2-bgp-default-ipv4] quit

# Enable the capability to exchange labeled routes with EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability

6. Configure PE 2:

# Start OSPF on PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<PE2> system-view

[PE2] ospf 1 router-id 5.5.5.9

[PE2-ospf-1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 5.5.5.9 32

[PE2-LoopBack1] ospf 1 area 0

[PE2-LoopBack1] quit

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls te

[PE2-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE2] ospf 1

[PE2-ospf-1] segment-routing mpls

[PE2-ospf-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ospf 1 prefix-sid index 50

[PE2-LoopBack1] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and assign an IP address to the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Start BGP on PE 2.

[PE2] bgp 600

# Enable the capability to exchange labeled routes with IBGP peer 4.4.4.9.

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] peer 4.4.4.9 enable

[PE2-bgp-default-ipv4] peer 4.4.4.9 label-route-capability

# Enable SR-MPLS.

[PE2-bgp-default-ipv4] segment-routing mpls

[PE2-bgp-default-ipv4] quit

# Configure the maximum number of hops from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Configure CE 2 as an EBGP peer and install the learned BGP route in the routing table of the VPN instance.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

7. Configure CE 2:

# Assign an IP address to interface Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

Verifying the configuration

# Execute the display ip routing-table command on CE 1 and CE 2 to verify that they have a route to each other. (Details not shown.)

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

# Display MPLS LSP information on PE 1.

[PE1] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

2.2.2.9/32 BGP -/16020 NHLFE1

5.5.5.9/32 BGP -/16050 NHLFE1

5.5.5.9 BGP -/- XGE3/0/5

1.1.1.1 Local -/- XGE3/0/5

2.2.2.9/32 OSPF 16020/- -

3.3.3.9/32 OSPF 16030/3 XGE3/0/5

3.3.3.9/32 OSPF -/3 XGE3/0/5

Example: Configuring SR-MPLS inter-AS option C (I) (labeled route exchange in BGP IPv4 labeled unicast address family)

Network configuration

As shown in Figure 310, complete the following tasks:

· Start OSPF and enable OSPF-based SR-MPLS on the PEs in the same AS.

· Configure PE 1 and ASBR-PE 1 to exchange labeled IPv4 routes through IBGP in the BGP IPv4 labeled unicast address family.

· Configure PE 2 and ASBR-PE 2 to exchange labeled IPv4 routes through IBGP in the BGP IPv4 labeled unicast address family.

· Establish an MP-EBGP peer relationship between PE 1 and PE 2 to exchange VPNv4 routes.

· Configure ASBR-PE 1 and ASBR-PE 2 to exchange labeled IPv4 routes through EBGP in the BGP IPv4 labeled unicast address family and enable BGP-based SR-MPLS on the two devices.

· Configure dynamic SID allocation on loopback interfaces of the devices. Then, establish an SRLSP based on the allocated SIDs and configure an MPLS TE tunnel over the SRLSP to transmit data.

Figure 310 Network diagram

‌

Table 124 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop1	2.2.2.9/32	PE 2	Loop1	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop1	3.3.3.9/32	ASBR-PE 2	Loop1	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure CE 1:

# Assign an IP address to interface Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Configure PE 1 as an EBGP peer and redistribute the VPN route.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3. Configure PE 1:

# Start OSPF on PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<PE1> system-view

[PE1] ospf 1 router-id 2.2.2.9

[PE1-ospf-1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 2.2.2.9 32

[PE1-LoopBack1] ospf 1 area 0

[PE1-LoopBack1] quit

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls te

[PE1-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE1] ospf 1

[PE1-ospf-1] segment-routing mpls

[PE1-ospf-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ospf 1 prefix-sid index 20

[PE1-LoopBack1] quit

# Create VPN instance vpn1. Configure an RD and both import and export route targets for the VPN instance.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Bind VPN instance vpn1 to interface Ten-GigabitEthernet 3/0/1 and assign an IP address to the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Start BGP on PE 1.

[PE1] bgp 100

# Enable the capability to exchange labeled routes with IBGP peer 3.3.3.9.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 labeled-unicast

[PE1-bgp-default-labeled-ipv4] peer 3.3.3.9 enable

# Enable SR-MPLS.

[PE1-bgp-default-labeled-ipv4] segment-routing mpls

[PE1-bgp-default-labeled-ipv4] quit

# Redistribute the BGP routes in the BGP IPv4 labeled unicast address family to the BGP routing table in the BGP IPv4 unicast address family, and add the redistributed BGP routes to the public routing table.

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] import-rib public labeled-unicast

[PE1-bgp-default-ipv4] quit

# Configure the maximum number of hops from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Configure CE 1 as an EBGP peer of PE 1 and install the learned BGP routes in the routing table of the VPN instance.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

4. Configure ASBR-PE 1:

# Start OSPF on ASBR-PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE1> system-view

[ASBR-PE1] ospf 1 router-id 3.3.3.9

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack1] ospf 1 area 0

[ASBR-PE1-LoopBack1] quit

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE1] ospf 1

[ASBR-PE1-ospf-1] segment-routing mpls

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ospf 1 prefix-sid index 30

[ASBR-PE1-LoopBack1] quit

# Create a routing policy and specify a label index value.

[ASBR-PE1]ip prefix-list 1 permit 2.2.2.9 32

[ASBR-PE1]route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] if-match ip address prefix-list 1

[ASBR-PE1-route-policy-policy1-1] apply label-index 20

[ASBR-PE1-route-policy-policy1-1] quit

# Start BGP on ASBR-PE 1. Configure peer 2.2.2.9 and peer 11.0.0.1 as BGP IPv4 labeled unicast peers.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE1-bgp-default-labeled-ipv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-labeled-ipv4] peer 11.0.0.1 enable

# Redistribute routes from OSPF process 1 to BGP and apply the routing policy.

[ASBR-PE1-bgp-default-labeled-ipv4] import-route ospf 1 route-policy policy1

# Enable SR-MPLS.

[ASBR-PE1-bgp-default-labeled-ipv4] segment-routing mpls

[ASBR-PE1-bgp-default-labeled-ipv4] quit

[ASBR-PE1-bgp-default] quit

5. Configure ASBR-PE 2:

# Start OSPF on ASBR-PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE2> system-view

[ASBR-PE2] ospf 1 router-id 4.4.4.9

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack1] ospf 1 area 0

[ASBR-PE2-LoopBack1] quit

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE2] ospf 1

[ASBR-PE2-ospf-1] segment-routing mpls

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ospf 1 prefix-sid index 40

[ASBR-PE2-LoopBack1] quit

# Create a routing policy and specify a label index value.

[ASBR-PE2]ip prefix-list 1 permit 5.5.5.9 32

[ASBR-PE2] route-policy policy1 permit node 1

[ASBR-PE2-route-policy-policy1-1] if-match ip address prefix-list 1

[ASBR-PE2-route-policy-policy1-1] apply label-index 50

[ASBR-PE2-route-policy-policy1-1] quit

# Start BGP on ASBR-PE 2. Configure peer 5.5.5.9 and peer 11.0.0.2 as BGP IPv4 labeled unicast peers.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE2-bgp-default-labeled-ipv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-labeled-ipv4] peer 11.0.0.2 enable

# Redistribute routes from OSPF process 1 to BGP and apply the routing policy.

[ASBR-PE2-bgp-default-labeled-ipv4] import-route ospf 1 route-policy policy1

# Enable SR-MPLS.

[ASBR-PE2-bgp-default-labeled-ipv4] segment-routing mpls

[ASBR-PE2-bgp-default-labeled-ipv4] quit

[ASBR-PE2-bgp-default] quit

6. Configure PE 2:

# Start OSPF on PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<PE2> system-view

[PE2] ospf 1 router-id 5.5.5.9

[PE2-ospf-1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 5.5.5.9 32

[PE2-LoopBack1] ospf 1 area 0

[PE2-LoopBack1] quit

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls te

[PE2-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE2] ospf 1

[PE2-ospf-1] segment-routing mpls

[PE2-ospf-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ospf 1 prefix-sid index 50

[PE2-LoopBack1] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and assign an IP address to the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Start BGP on PE 2. Configure IBGP peer 4.4.4.9 as a BGP IPv4 labeled unicast peer.

[PE2] bgp 600

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 labeled-unicast

[PE2-bgp-default] peer 4.4.4.9 enable

[PE2-bgp-default-labeled-ipv4] peer 4.4.4.9

# Enable SR-MPLS.

[PE2-bgp-default-labeled-ipv4] segment-routing mpls

[PE2-bgp-default-labeled-ipv4] quit

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] import-rib public labeled-unicast

[PE2-bgp-default-ipv4] quit

# Configure the maximum number of hops from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Configure CE 2 as an EBGP peer and install the learned BGP route in the routing table of the VPN instance.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

7. Configure CE 2:

# Assign an IP address to interface Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing-table command on CE 1 and CE 2 to verify that they have a route to each other. (Details not shown.)

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

# Display MPLS LSP information on PE 1.

[PE1] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

2.2.2.9/32 BGP -/16020 NHLFE1

5.5.5.9/32 BGP -/16050 NHLFE1

5.5.5.9 BGP -/- XGE3/0/5

1.1.1.1 Local -/- XGE3/0/5

2.2.2.9/32 OSPF 16020/- -

3.3.3.9/32 OSPF 16030/3 XGE3/0/5

3.3.3.9/32 OSPF -/3 XGE3/0/5

Example: Configuring SR-MPLS inter-AS option C (II) (labeled route exchange in BGP IPv4 unicast address family)

Network configuration

As shown in Figure 311, complete the following tasks:

· Start OSPF and enable OSPF-based SR-MPLS on the PEs in the same AS.

· Configure PE 1 and ASBR-PE 1 to exchange labeled IPv4 routes through IBGP. Enable BGP-based SR-MPLS.

· Configure PE 2 and ASBR-PE 2 to exchange labeled IPv4 routes through IBGP. Enable BGP-based SR-MPLS.

· Establish an MP-EBGP peer relationship between PE 1 and PE 2 to exchange VPNv4 routes.

· Configure ASBR-PE 1 and ASBR-PE 2 to exchange labeled IPv4 routes through EBGP. Enable BGP-based SR-MPLS.

· Configure dynamic SID allocation on loopback interfaces of the devices. Then, establish an SRLSP based on the allocated SIDs and configure an MPLS TE tunnel over the SRLSP to transmit data.

Figure 311 Network diagram

‌

Table 125 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop1	2.2.2.9/32	PE 2	Loop1	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop1	3.3.3.9/32	ASBR-PE 2	Loop1	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure CE 1:

# Assign an IP address to interface Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3. Configure PE 1:

# Start OSPF on PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<PE1> system-view

[PE1] ospf 1 router-id 2.2.2.9

[PE1-ospf-1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 2.2.2.9 32

[PE1-LoopBack1] ospf 1 area 0

[PE1-LoopBack1] quit

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls te

[PE1-te] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/5. Start OSPF and enable MPLS on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE1] ospf 1

[PE1-ospf-1] segment-routing mpls

[PE1-ospf-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ospf 1 prefix-sid index 20

[PE1-LoopBack1] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and assign an IP address to the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Create a routing policy and specify a label index value.

[PE1] route-policy policy1 permit node 1

[PE1-route-policy-policy1-1] apply label-index 20

[PE1-route-policy-policy1-1] quit

# Start BGP on PE 1.

[PE1] bgp 100

# Enable the capability to exchange labeled routes with IBGP peer 3.3.3.9.

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] peer 3.3.3.9 enable

[PE1-bgp-default-ipv4] peer 3.3.3.9 label-route-capability

# Enable SR-MPLS.

[PE1-bgp-default-ipv4] segment-routing mpls

# Redistribute the route of loopback interface 1 to BGP and apply the routing policy.

[PE1-bgp-default-ipv4] network 2.2.2.9 32 route-policy policy1

[PE1-bgp-default-ipv4] quit

# Configure the maximum number of hops from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Configure CE 1 as an EBGP peer of PE 1 and install the learned BGP routes in the routing table of the VPN instance.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

4. Configure ASBR-PE 1:

# Start OSPF on ASBR-PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE1> system-view

[ASBR-PE1] ospf 1 router-id 3.3.3.9

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack1] ospf 1 area 0

[ASBR-PE1-LoopBack1] quit

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE1] ospf 1

[ASBR-PE1-ospf-1] segment-routing mpls

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ospf 1 prefix-sid index 30

[ASBR-PE1-LoopBack1] quit

# Start BGP on ASBR-PE 1. Enable the capability to exchange labeled routes with IBGP peer 2.2.2.9.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 label-route-capability

# Enable SR-MPLS.

[ASBR-PE1-bgp-default-ipv4] segment-routing mpls

[ASBR-PE1-bgp-default-ipv4] quit

# Enable the capability to exchange labeled routes with EBGP peer 11.0.0.1.

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability

5. Configure ASBR-PE 2:

# Start OSPF on ASBR-PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE2> system-view

[ASBR-PE2] ospf 1 router-id 4.4.4.9

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack1] ospf 1 area 0

[ASBR-PE2-LoopBack1] quit

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE2] ospf 1

[ASBR-PE2-ospf-1] segment-routing mpls

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ospf 1 prefix-sid index 40

[ASBR-PE2-LoopBack1] quit

# Start BGP on ASBR-PE 2. Enable the capability to exchange labeled routes with IBGP peer 5.5.5.9.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 label-route-capability

# Enable SR-MPLS.

[ASBR-PE2-bgp-default-ipv4] segment-routing mpls

[ASBR-PE2-bgp-default-ipv4] quit

# Enable the capability to exchange labeled routes with EBGP peer 11.0.0.2.

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 unicast

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability

6. Configure PE 2:

# Start OSPF on PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<PE2> system-view

[PE2] ospf 1 router-id 5.5.5.9

[PE2-ospf-1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 5.5.5.9 32

[PE2-LoopBack1] ospf 1 area 0

[PE2-LoopBack1] quit

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls te

[PE2-te] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/5. Start OSPF and enable MPLS on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE2] ospf 1

[PE2-ospf-1] segment-routing mpls

[PE2-ospf-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ospf 1 prefix-sid index 50

[PE2-LoopBack1] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and assign an IP address to the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Create a routing policy and specify a label index value.

[PE2] route-policy policy1 permit node 1

[PE2-route-policy-policy1-1] apply label-index 50

[PE2-route-policy-policy1-1] quit

# Start BGP on PE 2. Enable the capability to exchange labeled routes with IBGP peer 4.4.4.9.

[PE2] bgp 600

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] peer 4.4.4.9 enable

[PE2-bgp-default-ipv4] peer 4.4.4.9 label-route-capability

# Enable SR-MPLS.

[PE2-bgp-default-ipv4] segment-routing mpls

# Redistribute the route of loopback interface 1 to BGP and apply the routing policy.

[PE2-bgp-default-ipv4] network 5.5.5.9 32 route-policy policy1

[PE2-bgp-default-ipv4] quit

# Configure the maximum number of hops from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Configure CE 2 as an EBGP peer of PE 2 and install the learned BGP routes in the routing table of the VPN instance.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65001

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

7. Configure CE 2:

# Assign an IP address to interface Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing-table command on CE 1 and CE 2 to verify that they have a route to each other. (Details not shown.)

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

# Display MPLS LSP information on PE1.

[PE1] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

2.2.2.9/32 BGP 3/- -

5.5.5.9/32 BGP -/16050 NHLFE1

5.5.5.9 BGP -/- XGE3/0/5

1.1.1.1 Local -/- XGE3/0/5

2.2.2.9/32 OSPF 16020/- -

3.3.3.9/32 OSPF 16030/3 XGE3/0/5

3.3.3.9/32 OSPF -/3 XGE3/0/5

Example: Configuring SR-MPLS inter-AS option C (II) (labeled route exchange in BGP IPv4 labeled unicast address family)

Network configuration

As shown in Figure 312, complete the following tasks:

· Start OSPF and enable OSPF-based SR-MPLS on the PEs in the same AS.

· Configure PE 1 and ASBR-PE 1 to exchange labeled IPv4 routes through IBGP in the BGP IPv4 labeled unicast address family and enable BGP-based SR-MPLS on the two devices.

· Configure PE 2 and ASBR-PE 2 to exchange labeled IPv4 routes through IBGP in the BGP IPv4 labeled unicast address family and enable BGP-based SR-MPLS on the two devices.

· Establish an MP-EBGP peer relationship between PE 1 and PE 2 to exchange VPNv4 routes.

· Configure ASBR-PE 1 and ASBR-PE 2 to exchange labeled IPv4 routes through EBGP in the BGP IPv4 labeled unicast address family and enable BGP-based SR-MPLS on the two devices.

· Configure dynamic SID allocation on loopback interfaces of the devices. Then, establish an SRLSP based on the allocated SIDs and configure an MPLS TE tunnel over the SRLSP to transmit data.

Figure 312 Network diagram

‌

Table 126 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop1	2.2.2.9/32	PE 2	Loop1	5.5.5.9/32
	XGE3/0/1	30.0.0.1/24		XGE3/0/1	20.0.0.1/24
	XGE3/0/5	1.1.1.2/8		XGE3/0/5	9.1.1.2/8
ASBR-PE 1	Loop1	3.3.3.9/32	ASBR-PE 2	Loop1	4.4.4.9/32
	XGE3/0/5	1.1.1.1/8		XGE3/0/5	9.1.1.1/8
	XGE3/0/4	11.0.0.2/8		XGE3/0/4	11.0.0.1/8
CE 1	XGE3/0/1	30.0.0.2/24	CE 2	XGE3/0/1	20.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure CE 1:

# Assign an IP address to interface Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24

[CE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3. Configure PE 1:

# Start OSPF on PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<PE1> system-view

[PE1] ospf 1 router-id 2.2.2.9

[PE1-ospf-1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 2.2.2.9 32

[PE1-LoopBack1] ospf 1 area 0

[PE1-LoopBack1] quit

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls te

[PE1-te] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/5. Start OSPF and enable MPLS on the interface.

[PE1] interface ten-gigabitethernet 3/0/5

[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE1-Ten-GigabitEthernet3/0/5] mpls enable

[PE1-Ten-GigabitEthernet3/0/5] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE1] ospf 1

[PE1-ospf-1] segment-routing mpls

[PE1-ospf-1] quit

[PE1] interface loopback 1

[PE1-LoopBack1] ospf 1 prefix-sid index 20

[PE1-LoopBack1] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and assign an IP address to the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Create a routing policy and specify a label index value.

[PE1] route-policy policy1 permit node 1

[PE1-route-policy-policy1-1] apply label-index 20

[PE1-route-policy-policy1-1] quit

# Start BGP on PE 1. Configure peer 3.3.3.9 as a BGP IPv4 labeled unicast peer.

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 1

[PE1-bgp-default] address-family ipv4 labeled-unicast

[PE1-bgp-default-labeled-ipv4] peer 3.3.3.9 enable

# Enable SR-MPLS.

[PE1-bgp-default-labeled-ipv4] segment-routing mpls

# Redistribute the route of loopback interface 1 to BGP and apply the routing policy.

[PE1-bgp-default-labeled-ipv4] network 2.2.2.9 32 route-policy policy1

[PE1-bgp-default-labeled-ipv4] quit

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] import-rib public labeled-unicast

[PE1-bgp-default-ipv4] quit

# Configure the maximum number of hops from PE 1 to EBGP peer 5.5.5.9 as 10.

[PE1-bgp-default] peer 5.5.5.9 as-number 600

[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable

[PE1-bgp-default-vpnv4] quit

# Configure CE 1 as an EBGP peer of PE 1 and install the learned BGP routes in the routing table of the VPN instance.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

4. Configure ASBR-PE 1:

# Start OSPF on ASBR-PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE1> system-view

[ASBR-PE1] ospf 1 router-id 3.3.3.9

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/5

[ASBR-PE1-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack1] ospf 1 area 0

[ASBR-PE1-LoopBack1] quit

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE1] ospf 1

[ASBR-PE1-ospf-1] segment-routing mpls

[ASBR-PE1-ospf-1] quit

[ASBR-PE1] interface loopback 1

[ASBR-PE1-LoopBack1] ospf 1 prefix-sid index 30

[ASBR-PE1-LoopBack1] quit

# Start BGP on ASBR-PE 1. Configure peer 2.2.2.9 as a BGP IPv4 labeled unicast peer.

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE1-bgp-default-labeled-ipv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-labeled-ipv4] peer 11.0.0.1 enable

# Enable SR-MPLS.

[ASBR-PE1-bgp-default-labeled-ipv4] segment-routing mpls

[ASBR-PE1-bgp-default-labeled-ipv4] quit

[ASBR-PE1-bgp-default] quit

5. Configure ASBR-PE 2:

# Start OSPF on ASBR-PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE2> system-view

[ASBR-PE2] ospf 1 router-id 4.4.4.9

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/4

[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit

[ASBR-PE2] interface ten-gigabitethernet 3/0/5

[ASBR-PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable

[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack1] ospf 1 area 0

[ASBR-PE2-LoopBack1] quit

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[ASBR-PE2] ospf 1

[ASBR-PE2-ospf-1] segment-routing mpls

[ASBR-PE2-ospf-1] quit

[ASBR-PE2] interface loopback 1

[ASBR-PE2-LoopBack1] ospf 1 prefix-sid index 40

[ASBR-PE2-LoopBack1] quit

# Start BGP on ASBR-PE 2. Configure peer 5.5.5.9 and peer 11.0.0.2 as BGP IPv4 labeled unicast peers.

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 1

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE2-bgp-default-labeled-ipv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-labeled-ipv4] peer 11.0.0.2 enable

# Enable SR-MPLS.

[ASBR-PE2-bgp-default-labeled-ipv4] segment-routing mpls

[ASBR-PE2-bgp-default-labeled-ipv4] quit

[ASBR-PE2-bgp-default] quit

6. Configure PE 2:

# Start OSPF on PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<PE2> system-view

[PE2] ospf 1 router-id 5.5.5.9

[PE2-ospf-1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 5.5.5.9 32

[PE2-LoopBack1] ospf 1 area 0

[PE2-LoopBack1] quit

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls te

[PE2-te] quit

# Assign an IP address to Ten-GigabitEthernet 3/0/5. Start OSPF and enable MPLS on the interface.

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0

[PE2-Ten-GigabitEthernet3/0/5] ospf 1 area 0

[PE2-Ten-GigabitEthernet3/0/5] mpls enable

[PE2-Ten-GigabitEthernet3/0/5] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE2] ospf 1

[PE2-ospf-1] segment-routing mpls

[PE2-ospf-1] quit

[PE2] interface loopback 1

[PE2-LoopBack1] ospf 1 prefix-sid index 50

[PE2-LoopBack1] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and assign an IP address to the interface.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Create a routing policy and specify a label index value.

[PE2] route-policy policy1 permit node 1

[PE2-route-policy-policy1-1] apply label-index 50

[PE2-route-policy-policy1-1] quit

# Start BGP on PE 2. Configure peer 4.4.4.9 as a BGP IPv4 labeled unicast peer.

[PE2] bgp 600

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 1

[PE2-bgp-default] address-family ipv4 labeled-unicast

[PE2-bgp-default-ipv4] peer 4.4.4.9 enable

[PE2-bgp-default-labeled-ipv4] peer 4.4.4.9 enable

# Enable SR-MPLS.

[PE2-bgp-default-labeled-ipv4] segment-routing mpls

# Redistribute the route of loopback interface 1 to BGP and apply the routing policy.

[PE2-bgp-default-labeled-ipv4] network 5.5.5.9 32 route-policy policy1

[PE2-bgp-default-labeled-ipv4] quit

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] import-rib public labeled-unicast

[PE2-bgp-default-ipv4] quit

# Configure the maximum number of hops from PE 2 to EBGP peer 2.2.2.9 as 10.

[PE2-bgp-default] peer 2.2.2.9 as-number 100

[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 1

[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[PE2-bgp-default-vpnv4] quit

# Configure CE 2 as an EBGP peer of PE 2 and install the learned BGP routes in the routing table of the VPN instance.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65001

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

7. Configure CE 2:

# Assign an IP address to interface Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24

[CE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing-table command on CE 1 and CE 2 to verify that they have a route to each other. (Details not shown.)

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

# Display MPLS LSP information on PE1.

[PE1] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

2.2.2.9/32 BGP 3/- -

5.5.5.9/32 BGP -/16050 NHLFE1

5.5.5.9 BGP -/- XGE3/0/5

1.1.1.1 Local -/- XGE3/0/5

2.2.2.9/32 OSPF 16020/- -

3.3.3.9/32 OSPF 16030/3 XGE3/0/5

3.3.3.9/32 OSPF -/3 XGE3/0/5

Example: Configuring SR-MPLS inter-AS option C (III) (labeled route exchange in BGP IPv4 unicast address family)

Network configuration

As shown in Figure 313, complete the following tasks:

· Start OSPF and enable OSPF-based SR-MPLS on the PEs in the same AS.

· Configure PE 1, ASBR-PE 1, and ASBR-PE 2 to exchange labeled IPv4 routes through IBGP.

· Configure PE 2, ASBR-PE 3, and ASBR-PE 4 to exchange labeled IPv4 routes through IBGP.

· Configure ASBR-PE 1 and ASBR-PE 3 to use their loopback interfaces to establish an EBGP relationship to exchange labeled IPv4 routes. Enable BGP-based SR-MPLS.

· Configure ASBR-PE 2 and ASBR-PE 4 to use their loopback interfaces to establish an EBGP relationship to exchange labeled IPv4 routes. Enable BGP-based SR-MPLS.

· Configure dynamic SID allocation on loopback interfaces of the devices. Then, establish SRLSPs based on the allocated SIDs and configure a multisegmented MPLS TE tunnel over the SRLSPs to transmit data.

Figure 313 Network diagram

‌

Table 127 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE1	XGE3/0/1	10.0.0.1/24	CE2	XGE3/0/1	20.0.0.1/24
PE1	Loop0	1.1.1.1/32	PE2	Loop0	6.6.6.1/32
	XGE3/0/1	11.0.0.1/24		XGE3/0/1	21.0.0.1/24
	XGE3/0/2	12.0.0.1/24		XGE3/0/2	22.0.0.1/24
	XGE3/0/3	10.0.0.2/24		XGE3/0/3	20.0.0.2/24
ASBR-PE1	Loop0	2.2.2.1/32	ASBR-PE3	Loop0	4.4.4.1/32
	XGE3/0/1	11.0.0.2/24		XGE3/0/1	21.0.0.2/24
	XGE3/0/3	13.0.0.1/24		XGE3/0/3	23.0.0.1/24
	XGE3/0/4	14.0.0.1/24		XGE3/0/4	14.0.0.2/24
ASBR-PE2	Loop0	3.3.3.1/32	ASBR-PE4	Loop0	5.5.5.1/32
	XGE3/0/2	12.0.0.2/24		XGE3/0/2	22.0.0.2/24
	XGE3/0/3	13.0.0.2/24		XGE3/0/3	23.0.0.2/24
	XGE3/0/4	24.0.0.1/24		XGE3/0/4	24.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure CE 1:

# Configure PE 1 as an EBGP peer of CE 1 and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 10.0.0.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.0.0.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3. Configure PE 1:

# Start OSPF on PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.1 32

[PE1-LoopBack0] ospf 1 area 100

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls te

[PE1-te] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ospf 1 area 100

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls te enable

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ospf 1 area 100

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls te enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE1] ospf 1

[PE1-ospf-1] segment-routing mpls

[PE1-ospf-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ospf 1 prefix-sid index 10

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 11::11

[PE1-vpn-instance-vpn1] quit

# Bind Ten-GigabitEthernet3/0/3 to VPN instance vpn1, and assign an IP address to the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.0.0.2 24

[PE1-Ten-GigabitEthernet3/0/3] quit

# Start BGP on PE 1.

[PE1] bgp 100

# Configure IBGP peer group 1, add peers 2.2.2.1 and 3.3.3.1 to the group, and enable the capability to exchange labeled routes for the group.

[PE1-bgp-default] group 1

[PE1-bgp-default] peer 1 connect-interface loopback 0

[PE1-bgp-default] peer 2.2.2.1 group 1

[PE1-bgp-default] peer 3.3.3.1 group 1

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] peer 1 enable

[PE1-bgp-default-ipv4] peer 1 label-route-capability

[PE1-bgp-default-ipv4] quit

# Configure CE 1 as an EBGP peer of PE 1 and install the learned BGP routes in the routing table of the VPN instance.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.0.0.1 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.0.0.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

4. Configure ASBR-PE 1:

# Start OSPF on ASBR-PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE1> system-view

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 2.2.2.1 32

[ASBR-PE1-LoopBack0] ospf 1 area 100

[ASBR-PE1-LoopBack0] quit

[ASBR-PE1] mpls lsr-id 2.2.2.1

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/1

[ASBR-PE1-Ten-GigabitEthernet3/0/1] ospf 1 area 100

[ASBR-PE1-Ten-GigabitEthernet3/0/1] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/1] mpls te enable

[ASBR-PE1-Ten-GigabitEthernet3/0/1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/3

[ASBR-PE1-Ten-GigabitEthernet3/0/3] ospf 1 area 100

[ASBR-PE1-Ten-GigabitEthernet3/0/3] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/3] mpls te enable

[ASBR-PE1-Ten-GigabitEthernet3/0/3] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls te enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Create a routing policy and specify a label index value.

[ASBR-PE1]ip prefix-list 1 permit 1.1.1.1 32

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] if-match ip address prefix-list 1

[ASBR-PE1-route-policy-policy1-1] apply label-index 10

[ASBR-PE1-route-policy-policy1-1] quit

# Start BGP on ASBR-PE 1.

[ASBR-PE1] bgp 100

# Configure IBGP peer group 1, add peers 1.1.1.1 and 3.3.3.1 to the group, and enable the capability to exchange labeled routes for the group.

[ASBR-PE1-bgp-default] group 1

[ASBR-PE1-bgp-default] peer 1 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 1.1.1.1 group 1

[ASBR-PE1-bgp-default] peer 3.3.3.1 group 1

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 1 enable

[ASBR-PE1-bgp-default-ipv4] peer 1 label-route-capability

# Redistribute routes from OSPF process 1 to BGP and apply the routing policy.

[ASBR-PE1-bgp-default-ipv4] import-route ospf 1 route-policy policy1

# Enable SR-MPLS.

[ASBR-PE1-bgp-default-ipv4] segment-routing mpls

[ASBR-PE1-bgp-default-ipv4] quit

# Configure directly connected peer 14.0.0.2 as an EBGP peer. Advertise only the route of local loopback interface 0 to the peer.

[ASBR-PE1-bgp-default] peer 14.0.0.2 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] network 2.2.2.1 32 route-policy policy2

[ASBR-PE1-bgp-default-ipv4] peer 14.0.0.2 enable

[ASBR-PE1-bgp-default-ipv4] peer 14.0.0.2 route-policy policy2 export

[ASBR-PE1-bgp-default-ipv4] quit

# Create a multihop EBGP neighbor relationship with ASBR-PE 3 by using the loopback interfaces. Enable the capability to exchange labeled routes with peer 4.4.4.1. Set the preferred value to 100 for routes received from peer 4.4.4.1.

[ASBR-PE1-bgp-default] peer 4.4.4.1 as-number 600

[ASBR-PE1-bgp-default] peer 4.4.4.1 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 4.4.4.1 ebgp-max-hop 10

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] peer 4.4.4.1 enable

[ASBR-PE1-bgp-default-ipv4] peer 4.4.4.1 label-route-capability

[ASBR-PE1-bgp-default-ipv4] peer 4.4.4.1 preferred-value 100

[ASBR-PE1-bgp-default-ipv4] quit

# Create routing policy policy2 to assign label index 20.

[ASBR-PE1]ip prefix-list 2 permit 2.2.2.1 32

[ASBR-PE1] route-policy policy2 permit node 1

[ASBR-PE1-route-policy-policy2-1] if-match ip address prefix-list 2

[ASBR-PE1-route-policy-policy2-1] apply label-index 20

5. Configure ASBR-PE 2:

# Configure ASBR-PE 2 in the same way you configure ASBR-PE 1. (Details not shown.)

6. Configure ASBR-PE 3:

# Start OSPF on ASBR-PE 3, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE3> system-view

[ASBR-PE3] interface loopback 0

[ASBR-PE3-LoopBack0] ip address 4.4.4.1 32

[ASBR-PE3-LoopBack0] ospf 1 area 200

[ASBR-PE3-LoopBack0] quit

[ASBR-PE3] mpls lsr-id 4.4.4.1

[ASBR-PE3] mpls te

[ASBR-PE3-te] quit

[ASBR-PE3] interface ten-gigabitethernet 3/0/1

[ASBR-PE3-Ten-GigabitEthernet3/0/1] ospf 1 area 200

[ASBR-PE3-Ten-GigabitEthernet3/0/1] mpls enable

[ASBR-PE3-Ten-GigabitEthernet3/0/1] mpls te enable

[ASBR-PE3-Ten-GigabitEthernet3/0/1] quit

[ASBR-PE3] interface ten-gigabitethernet 3/0/3

[ASBR-PE3-Ten-GigabitEthernet3/0/3] ospf 1 area 200

[ASBR-PE3-Ten-GigabitEthernet3/0/3] mpls enable

[ASBR-PE3-Ten-GigabitEthernet3/0/3] mpls te enable

[ASBR-PE3-Ten-GigabitEthernet3/0/3] quit

[ASBR-PE3] interface ten-gigabitethernet 3/0/4

[ASBR-PE3-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE3-Ten-GigabitEthernet3/0/4] mpls te enable

[ASBR-PE3-Ten-GigabitEthernet3/0/4] quit

# Create a routing policy and specify a label index value.

[ASBR-PE3]ip prefix-list 1 permit 6.6.6.1 32

[ASBR-PE3] route-policy policy1 permit node 1

[ASBR-PE3-route-policy-policy1-1] if-match ip address prefix-list 1

[ASBR-PE3-route-policy-policy1-1] apply label-index 60

[ASBR-PE3-route-policy-policy1-1] quit

# Start BGP on ASBR-PE 3.

[ASBR-PE3] bgp 600

# Configure IBGP peer group 1, add peers 5.5.5.1 and 6.6.6.1 to the group, and enable the capability to exchange labeled routes for the group.

[ASBR-PE3-bgp-default] group 1

[ASBR-PE3-bgp-default] peer 1 connect-interface loopback 0

[ASBR-PE3-bgp-default] peer 5.5.5.1 group 1

[ASBR-PE3-bgp-default] peer 6.6.6.1 group 1

[ASBR-PE3-bgp-default] address-family ipv4 unicast

[ASBR-PE3-bgp-default-ipv4] peer 1 enable

[ASBR-PE3-bgp-default-ipv4] peer 1 label-route-capability

# Redistribute routes from OSPF process 1 to BGP and apply the routing policy.

[ASBR-PE3-bgp-default-ipv4] import-route ospf 1 route-policy policy1

# Enable SR-MPLS.

[ASBR-PE3-bgp-default-ipv4] segment-routing mpls

[ASBR-PE3-bgp-default-ipv4] quit

# Configure directly connected peer 14.0.0.1 as an EBGP peer. Advertise only the route of local loopback interface 0 to the peer.

[ASBR-PE3-bgp-default] peer 14.0.0.1 as-number 100

[ASBR-PE3-bgp-default] address-family ipv4 unicast

[ASBR-PE3-bgp-default-ipv4] network 4.4.4.1 32 route-policy policy2

[ASBR-PE3-bgp-default-ipv4] peer 14.0.0.1 enable

[ASBR-PE3-bgp-default-ipv4] peer 14.0.0.1 route-policy policy2 export

[ASBR-PE3-bgp-default-ipv4] quit

# Create a multihop EBGP neighbor relationship with ASBR-PE 1 by using the loopback interfaces. Enable the capability to exchange labeled routes with peer 2.2.2.1. Set the preferred value to 100 for routes received from peer 2.2.2.1.

[ASBR-PE3-bgp-default] peer 2.2.2.1 as-number 100

[ASBR-PE3-bgp-default] peer 2.2.2.1 connect-interface loopback 0

[ASBR-PE3-bgp-default] peer 2.2.2.1 ebgp-max-hop 10

[ASBR-PE3-bgp-default] address-family ipv4 unicast

[ASBR-PE3-bgp-default-ipv4] peer 2.2.2.1 enable

[ASBR-PE3-bgp-default-ipv4] peer 2.2.2.1 label-route-capability

[ASBR-PE3-bgp-default-ipv4] peer 2.2.2.1 preferred-value 100

[ASBR-PE3-bgp-default-ipv4] quit

# Create routing policies policy2 to assign label index 40.

[ASBR-PE3]ip prefix-list 2 permit 4.4.4.1 32

[ASBR-PE3] route-policy policy2 permit node 1

[ASBR-PE3-route-policy-policy2-1] if-match ip address prefix-list 2

[ASBR-PE3-route-policy-policy2-1] apply label-index 40

[ASBR-PE3-route-policy-policy2-1] quit

7. Configure ASBR-PE 4:

# Configure ASBR-PE 4 in the same way you configure ASBR-PE 3. (Details not shown.)

8. Configure PE 2:

# Start OSPF on PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 6.6.6.1 32

[PE2-LoopBack0] ospf 1 area 200

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 6.6.6.1

[PE2] mpls te

[PE2-te] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ospf 1 area 200

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls te enable

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ospf 1 area 200

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls te enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE2] ospf 1

[PE2-ospf-1] segment-routing mpls

[PE2-ospf-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ospf 1 prefix-sid index 60

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 11::11

[PE2-vpn-instance-vpn1] quit

# Bind Ten-GigabitEthernet 3/0/3 to VPN instance vpn1, and assign an IP address to the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/3] ip address 20.0.0.2 24

[PE2-Ten-GigabitEthernet3/0/3] quit

# Start BGP on PE 2.

[PE2] bgp 600

# Configure IBGP peer group 1, add peers 4.4.4.1 and 5.5.5.1 to the group, and enable the capability to exchange labeled routes for the group.

[PE2-bgp-default] group 1

[PE2-bgp-default] peer 1 connect-interface loopback 0

[PE2-bgp-default] peer 4.4.4.1 group 1

[PE2-bgp-default] peer 5.5.5.1 group 1

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] peer 1 enable

[PE2-bgp-default-ipv4] peer 1 label-route-capability

[PE2-bgp-default-ipv4] quit

# Configure CE 2 as an EBGP peer of PE 1 and install the learned BGP routes in the routing table of the VPN instance.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.1 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

9. Configure CE 2:

# Configure PE 2 as an EBGP peer of CE 2 and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.2 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing-table command on PE 1 and PE 2 to verify that they have a route to each other. (Details not shown.)

# Verify that PE 1 and PE 2 can ping each other. (Details not shown.)

# Display MPLS LSP information on PE1.

[PE1] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.1/0/35940 StaticCR -/3 XGE3/0/1

1.1.1.1/1/35940 StaticCR -/3 XGE3/0/1

1.1.1.1/32 BGP -/16010 NHLFE4

4.4.4.1/32 BGP -/16040 NHLFE4

5.5.5.1/32 BGP -/16050 NHLFE4

6.6.6.1/32 BGP -/16060 NHLFE4

11.0.0.2 Local -/- XGE3/0/1

12.0.0.3 Local -/- XGE3/0/2

Tunnel0 Local -/- NHLFE4

Tunnel1 Local -/- NHLFE8

1.1.1.1/32 OSPF 16010/- -

2.2.2.1/32 OSPF 16020/3 XGE3/0/1

2.2.2.1/32 OSPF -/3 XGE3/0/1

3.3.3.1/32 OSPF 16030/3 XGE3/0/2

3.3.3.1/32 OSPF -/3 XGE3/0/2

Example: Configuring SR-MPLS inter-AS option C (III) (labeled route exchange in BGP IPv4 labeled unicast address family)

Network configuration

As shown in Figure 314, complete the following tasks:

· Start OSPF and enable OSPF-based SR-MPLS on the PEs in the same AS.

· Configure PE 1, ASBR-PE 1, and ASBR-PE 2 to exchange labeled IPv4 routes through IBGP in the BGP IPv4 labeled unciast address family.

· Configure PE 2, ASBR-PE 3, and ASBR-PE 4 to exchange labeled IPv4 routes through IBGP in the BGP IPv4 labeled unciast address family.

· Configure ASBR-PE 1 and ASBR-PE 3 to use their loopback interfaces to establish an EBGP relationship in the BGP IPv4 labeled unciast address family, and enable BGP-based SR-MPLS on the two devices.

· Configure ASBR-PE 2 and ASBR-PE 4 to use their loopback interfaces to establish an EBGP relationship in the BGP IPv4 labeled unciast address family, and enable BGP-based SR-MPLS on the two devices.

Figure 314 Network diagram

‌

Table 128 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE1	XGE3/0/1	10.0.0.1/24	CE2	XGE3/0/1	20.0.0.1/24
PE1	Loop0	1.1.1.1/32	PE2	Loop0	6.6.6.1/32
	XGE3/0/1	11.0.0.1/24		XGE3/0/1	21.0.0.1/24
	XGE3/0/2	12.0.0.1/24		XGE3/0/2	22.0.0.1/24
	XGE3/0/3	10.0.0.2/24		XGE3/0/3	20.0.0.2/24
ASBR-PE1	Loop0	2.2.2.1/32	ASBR-PE3	Loop0	4.4.4.1/32
	XGE3/0/1	11.0.0.2/24		XGE3/0/1	21.0.0.2/24
	XGE3/0/3	13.0.0.1/24		XGE3/0/3	23.0.0.1/24
	XGE3/0/4	14.0.0.1/24		XGE3/0/4	14.0.0.2/24
ASBR-PE2	Loop0	3.3.3.1/32	ASBR-PE4	Loop0	5.5.5.1/32
	XGE3/0/2	12.0.0.2/24		XGE3/0/2	22.0.0.2/24
	XGE3/0/3	13.0.0.2/24		XGE3/0/3	23.0.0.2/24
	XGE3/0/4	24.0.0.1/24		XGE3/0/4	24.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure CE 1:

# Configure PE 1 as an EBGP peer of CE 1 and redistribute VPN routes.

[CE1] bgp 65001

[CE1-bgp-default] peer 10.0.0.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.0.0.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

3. Configure PE 1:

# Start OSPF on PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.1 32

[PE1-LoopBack0] ospf 1 area 100

[PE1-LoopBack0] quit

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls te

[PE1-te] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ospf 1 area 100

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls te enable

[PE1-Ten-GigabitEthernet3/0/1] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ospf 1 area 100

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls te enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE1] ospf 1

[PE1-ospf-1] segment-routing mpls

[PE1-ospf-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ospf 1 prefix-sid index 10

[PE1-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 11::11

[PE1-vpn-instance-vpn1] quit

# Bind Ten-GigabitEthernet 3/0/3 to VPN instance vpn1, and assign an IP address to the interface.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/3] ip address 10.0.0.2 24

[PE1-Ten-GigabitEthernet3/0/3] quit

# Start BGP on PE 1.

[PE1] bgp 100

# Configure IBGP peer group 1, add peers 2.2.2.1 and 3.3.3.1 to the group and configure them as BGP IPv4 labeled unicast peers.

[PE1-bgp-default] group 1

[PE1-bgp-default] peer 1 connect-interface loopback 0

[PE1-bgp-default] peer 2.2.2.1 group 1

[PE1-bgp-default] peer 3.3.3.1 group 1

[PE1-bgp-default] address-family ipv4 labeled-unicast

[PE1-bgp-default-labeled-ipv4] peer 1 enable

[PE1-bgp-default-labeled-ipv4] quit

# Configure CE 1 as an EBGP peer of PE 1 and install the learned BGP routes in the routing table of the VPN instance.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.0.0.1 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.0.0.1 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default] address-family ipv4 unicast

[PE1-bgp-default-ipv4] import-rib public labeled-unicast

[PE1-bgp-default-ipv4] quit

[PE1-bgp-default] quit

4. Configure ASBR-PE 1:

# Start OSPF on ASBR-PE 1, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE1> system-view

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 2.2.2.1 32

[ASBR-PE1-LoopBack0] ospf 1 area 100

[ASBR-PE1-LoopBack0] quit

[ASBR-PE1] mpls lsr-id 2.2.2.1

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/1

[ASBR-PE1-Ten-GigabitEthernet3/0/1] ospf 1 area 100

[ASBR-PE1-Ten-GigabitEthernet3/0/1] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/1] mpls te enable

[ASBR-PE1-Ten-GigabitEthernet3/0/1] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/3

[ASBR-PE1-Ten-GigabitEthernet3/0/3] ospf 1 area 100

[ASBR-PE1-Ten-GigabitEthernet3/0/3] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/3] mpls te enable

[ASBR-PE1-Ten-GigabitEthernet3/0/3] quit

[ASBR-PE1] interface ten-gigabitethernet 3/0/4

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls te enable

[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit

# Create a routing policy and specify a label index value.

[ASBR-PE1]ip prefix-list 1 permit 1.1.1.1 32

[ASBR-PE1] route-policy policy1 permit node 1

[ASBR-PE1-route-policy-policy1-1] if-match ip address prefix-list 1

[ASBR-PE1-route-policy-policy1-1] apply label-index 10

[ASBR-PE1-route-policy-policy1-1] quit

# Start BGP on ASBR-PE 1.

[ASBR-PE1] bgp 100

# Configure IBGP peer group 1, add peers 1.1.1.1 and 3.3.3.1 to the group, and configure them as BGP IPv4 labeled unicast peers.

[ASBR-PE1-bgp-default] group 1

[ASBR-PE1-bgp-default] peer 1 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 1.1.1.1 group 1

[ASBR-PE1-bgp-default] peer 3.3.3.1 group 1

[ASBR-PE1-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE1-bgp-default-labeled-ipv4] peer 1 enable

# Redistribute routes from OSPF process 1 to BGP and apply the routing policy.

[ASBR-PE1-bgp-default-labeled-ipv4] import-route ospf 1 route-policy policy1

# Enable SR-MPLS.

[ASBR-PE1-bgp-default-labeled-ipv4] segment-routing mpls

[ASBR-PE1-bgp-default-labeled-ipv4] quit

# Configure directly connected peer 14.0.0.2 as an EBGP peer. Advertise only the route of local loopback interface 0 to the peer.

[ASBR-PE1-bgp-default] peer 14.0.0.2 as-number 600

[ASBR-PE1-bgp-default] address-family ipv4 unicast

[ASBR-PE1-bgp-default-ipv4] network 2.2.2.1 32 route-policy policy2

[ASBR-PE1-bgp-default-ipv4] peer 14.0.0.2 enable

[ASBR-PE1-bgp-default-ipv4] peer 14.0.0.2 route-policy policy2 export

[ASBR-PE1-bgp-default-ipv4] quit

# Create a multihop EBGP neighbor relationship with ASBR-PE 3 by using the loopback interfaces. Enable the capability to exchange labeled routes with peer 4.4.4.1.

[ASBR-PE1-bgp-default] peer 4.4.4.1 as-number 600

[ASBR-PE1-bgp-default] peer 4.4.4.1 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 4.4.4.1 ebgp-max-hop 10

[ASBR-PE1-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE1-bgp-default-labeled-ipv4] peer 4.4.4.1 enable

[ASBR-PE1-bgp-default-labeled-ipv4] peer 4.4.4.1 label-route-capability

[ASBR-PE1-bgp-default-labeled-ipv4] quit

# Create routing policy policy2 to assign label index 20.

[ASBR-PE1]ip prefix-list 2 permit 2.2.2.1 32

[ASBR-PE1] route-policy policy2 permit node 1

[ASBR-PE1-route-policy-policy2-1] if-match ip address prefix-list 2

[ASBR-PE1-route-policy-policy2-1] apply label-index 20

[ASBR-PE1-route-policy-policy2-1] quit

5. Configure ASBR-PE 2:

# Configure ASBR-PE 2 in the same way you configure ASBR-PE 1. (Details not shown.)

6. Configure ASBR-PE 3:

# Start OSPF on ASBR-PE 3, set the LSR ID, and enable MPLS and MPLS TE.

<ASBR-PE3> system-view

[ASBR-PE3] interface loopback 0

[ASBR-PE3-LoopBack0] ip address 4.4.4.1 32

[ASBR-PE3-LoopBack0] ospf 1 area 200

[ASBR-PE3-LoopBack0] quit

[ASBR-PE3] mpls lsr-id 4.4.4.1

[ASBR-PE3] mpls te

[ASBR-PE3-te] quit

[ASBR-PE3] interface ten-gigabitethernet 3/0/1

[ASBR-PE3-Ten-GigabitEthernet3/0/1] ospf 1 area 200

[ASBR-PE3-Ten-GigabitEthernet3/0/1] mpls enable

[ASBR-PE3-Ten-GigabitEthernet3/0/1] mpls te enable

[ASBR-PE3-Ten-GigabitEthernet3/0/1] quit

[ASBR-PE3] interface ten-gigabitethernet 3/0/3

[ASBR-PE3-Ten-GigabitEthernet3/0/3] ospf 1 area 200

[ASBR-PE3-Ten-GigabitEthernet3/0/3] mpls enable

[ASBR-PE3-Ten-GigabitEthernet3/0/3] mpls te enable

[ASBR-PE3-Ten-GigabitEthernet3/0/3] quit

[ASBR-PE3] interface ten-gigabitethernet 3/0/4

[ASBR-PE3-Ten-GigabitEthernet3/0/4] mpls enable

[ASBR-PE3-Ten-GigabitEthernet3/0/4] mpls te enable

[ASBR-PE3-Ten-GigabitEthernet3/0/4] quit

# Create a routing policy and specify a label index value.

[ASBR-PE3]ip prefix-list 1 permit 6.6.6.1 32

[ASBR-PE3] route-policy policy1 permit node 1

[ASBR-PE3-route-policy-policy1-1] if-match ip address prefix-list 1

[ASBR-PE3-route-policy-policy1-1] apply label-index 60

[ASBR-PE3-route-policy-policy1-1] quit

# Start BGP on ASBR-PE 3.

[ASBR-PE3] bgp 600

# Configure IBGP peer group 1, add peers 5.5.5.1 and 6.6.6.1 to the group, and enable the capability to exchange labeled routes for the group.

[ASBR-PE3-bgp-default] group 1

[ASBR-PE3-bgp-default] peer 1 connect-interface loopback 0

[ASBR-PE3-bgp-default] peer 5.5.5.1 group 1

[ASBR-PE3-bgp-default] peer 6.6.6.1 group 1

[ASBR-PE3-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE3-bgp-default-labeled-ipv4] peer 1 enable

# Redistribute routes from OSPF process 1 to BGP and apply the routing policy.

[ASBR-PE3-bgp-default-labeled-ipv4] import-route ospf 1 route-policy policy1

# Enable SR-MPLS.

[ASBR-PE3-bgp-default-labeled-ipv4] segment-routing mpls

[ASBR-PE3-bgp-default-labeled-ipv4] quit

# Configure directly connected peer 14.0.0.1 as an EBGP peer. Advertise only the route of local loopback interface 0 to the peer.

[ASBR-PE3-bgp-default] peer 14.0.0.1 as-number 100

[ASBR-PE3-bgp-default] address-family ipv4 unicast

[ASBR-PE3-bgp-default-ipv4] network 4.4.4.1 32 route-policy policy2

[ASBR-PE3-bgp-default-ipv4] peer 14.0.0.1 enable

[ASBR-PE3-bgp-default-ipv4] peer 14.0.0.1 route-policy policy2 export

[ASBR-PE3-bgp-default-ipv4] quit

# Create a multihop EBGP neighbor relationship with ASBR-PE 1 by using the loopback interfaces. Enable the capability to exchange labeled routes with peer 2.2.2.1.

[ASBR-PE3-bgp-default] peer 2.2.2.1 as-number 100

[ASBR-PE3-bgp-default] peer 2.2.2.1 connect-interface loopback 0

[ASBR-PE3-bgp-default] peer 2.2.2.1 ebgp-max-hop 10

[ASBR-PE3-bgp-default] address-family ipv4 labeled-unicast

[ASBR-PE3-bgp-default-labeled-ipv4] peer 2.2.2.1 enable

[ASBR-PE3-bgp-default-labeled-ipv4] quit

# Create routing policies policy2 to assign label index 40.

[ASBR-PE3]ip prefix-list 2 permit 4.4.4.1 32

[ASBR-PE3] route-policy policy2 permit node 1

[ASBR-PE3-route-policy-policy2-1] if-match ip address prefix-list 2

[ASBR-PE3-route-policy-policy2-1] apply label-index 40

[ASBR-PE3-route-policy-policy2-1] quit

7. Configure ASBR-PE 4:

# Configure ASBR-PE 4 in the same way you configure ASBR-PE 3. (Details not shown.)

8. Configure PE 2:

# Start OSPF on PE 2, set the LSR ID, and enable MPLS and MPLS TE.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 6.6.6.1 32

[PE2-LoopBack0] ospf 1 area 200

[PE2-LoopBack0] quit

[PE2] mpls lsr-id 6.6.6.1

[PE2] mpls te

[PE2-te] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ospf 1 area 200

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls te enable

[PE2-Ten-GigabitEthernet3/0/1] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ospf 1 area 200

[PE2-Ten-GigabitEthernet3/0/2] mpls enable

[PE2-Ten-GigabitEthernet3/0/2] mpls te enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS in OSPF view and configure an OSPF prefix SID.

[PE2] ospf 1

[PE2-ospf-1] segment-routing mpls

[PE2-ospf-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ospf 1 prefix-sid index 60

[PE2-LoopBack0] quit

# Create VPN instance vpn1, and configure the RD and route target attributes.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 11:11

[PE2-vpn-instance-vpn1] vpn-target 11::11

[PE2-vpn-instance-vpn1] quit

# Bind Ten-GigabitEthernet 3/0/3 to VPN instance vpn1, and assign an IP address to the interface.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/3] ip address 20.0.0.2 24

[PE2-Ten-GigabitEthernet3/0/3] quit

# Start BGP on PE 2.

[PE2] bgp 600

# Configure IBGP peer group 1, add peers 4.4.4.1 and 5.5.5.1 to the group, and enable the capability to exchange labeled routes for the group.

[PE2-bgp-default] group 1

[PE2-bgp-default] peer 1 connect-interface loopback 0

[PE2-bgp-default] peer 4.4.4.1 group 1

[PE2-bgp-default] peer 5.5.5.1 group 1

[PE2-bgp-default] address-family ipv4 labeled-unicast

[PE2-bgp-default-labeled-ipv4] peer 1 enable

[PE2-bgp-default-labeled-ipv4] quit

# Configure CE 2 as an EBGP peer of PE 1 and install the learned BGP routes in the routing table of the VPN instance.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.1 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.1 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

[PE2-bgp-default] address-family ipv4 unicast

[PE2-bgp-default-ipv4] import-rib public labeled-unicast

[PE2-bgp-default-ipv4] quit

[PE2-bgp-default] quit

9. Configure CE 2:

# Configure PE 2 as an EBGP peer of CE 2 and redistribute VPN routes.

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.2 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Execute the display ip routing-table command on PE 1 and PE 2 to verify that they have a route to each other. (Details not shown.)

# Verify that PE 1 and PE 2 can ping each other. (Details not shown.)

# Display MPLS LSP information on PE1.

[PE1] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.1/0/35940 StaticCR -/3 XGE3/0/1

1.1.1.1/1/35940 StaticCR -/3 XGE3/0/1

1.1.1.1/32 BGP -/16010 NHLFE4

4.4.4.1/32 BGP -/16040 NHLFE4

5.5.5.1/32 BGP -/16050 NHLFE4

6.6.6.1/32 BGP -/16060 NHLFE4

11.0.0.2 Local -/- XGE3/0/1

12.0.0.3 Local -/- XGE3/0/2

Tunnel0 Local -/- NHLFE4

Tunnel1 Local -/- NHLFE8

1.1.1.1/32 OSPF 16010/- -

2.2.2.1/32 OSPF 16020/3 XGE3/0/1

2.2.2.1/32 OSPF -/3 XGE3/0/1

3.3.3.1/32 OSPF 16030/3 XGE3/0/2

3.3.3.1/32 OSPF -/3 XGE3/0/2

Example: Configuring SR-MPLS to LDP (IS-IS)

Network configuration

As shown in Figure 315, complete the following tasks so Router A and Router C can communicate with each other:

· Configure Router A, Router B, and Router C to run IS-IS.

· Configure Router A and Router B to run SR-MPLS and establish an SRLSP between Router A and Router B.

· Configure Router B and Router C to run LDP to establish a dynamic LDP LSP between them.

· Configure Router B as the SRMS, map the prefix address of the LDP network to an SID, and advertise the mapping to Router A.

Figure 315 Network diagram

‌

Table 129 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
Router C	Loop1	3.3.3.3/32		XGE3/0/2	11.0.0.1/24
	XGE3/0/1	11.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0000.0000.0001.00

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis enable 1

[RouterA-LoopBack1] quit

# Configure the LSR ID.

[RouterA] mpls lsr-id 1.1.1.1

# Enable SR-MPLS.

[RouterA] isis 1

[RouterA-isis-1] address-family ipv4

[RouterA-isis-1-ipv4] segment-routing mpls

[RouterA-isis-1-ipv4] quit

[RouterA-isis-1] quit

3. Configure Router B:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0000.0000.0002.00

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis enable 1

[RouterB-LoopBack1] quit

# Configure the LSR ID.

[RouterB] mpls lsr-id 2.2.2.2

# Configure LDP.

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS.

[RouterB] isis 1

[RouterB-isis-1] address-family ipv4

[RouterB-isis-1-ipv4] segment-routing mpls

[RouterB-isis-1-ipv4] quit

# Configure the IGP to advertise locally configured prefix-SID mappings.

[RouterB-isis-1] address-family ipv4

[RouterB-isis-1-ipv4] segment-routing mapping-server advertise-local

[RouterB-isis-1-ipv4] quit

[RouterB-isis-1] quit

# Configure a prefix-SID mapping.

[RouterB] segment-routing

[RouterB-segment-routing] mapping-server prefix-sid-map 3.3.3.3 32 100

[RouterB-segment-routing] quit

4. Configure Router C:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0000.0000.0003.00

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] isis enable 1

[RouterC-LoopBack1] quit

# Configure the LSR ID.

[RouterC] mpls lsr-id 3.3.3.3

# Configure LDP.

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display IS-IS SRLSP information on Router A.

[RouterA] display mpls lsp protocol isis

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

3.3.3.3/32 ISIS 16100/16100 XGE3/0/1

3.3.3.3/32 ISIS -/16100 XGE3/0/1

The output shows that the outgoing label of the IS-IS SRLSP entry for Router C is using the SID assigned to Router C.

Example: Configuring SR-MPLS to LDP (OSPF)

Network configuration

As shown in Figure 316, complete the following tasks so Router A and Router C can communicate with each other:

· Configure Router A, Router B, and Router C to run OSPF.

· Configure Router A and Router B to run SR-MPLS and establish an SRLSP between Router A and Router B.

· Configure Router B and Router C to run LDP to establish a dynamic LDP LSP between them.

· Configure Router B as the SRMS, map the prefix address of the LDP network to an SID, and advertise the mapping to Router A.

Figure 316 Network diagram

‌

Table 130 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
Router C	Loop1	3.3.3.3/32		XGE3/0/2	11.0.0.1/24
	XGE3/0/1	11.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Configure OSPF to achieve network level connectivity.

<RouterA> system-view

[RouterA] ospf 1 router-id 1.1.1.1

[RouterA-ospf-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 1

[RouterA-LoopBack1] ospf 1 area 0

[RouterA-LoopBack1] quit

# Configure the LSR ID.

[RouterA] mpls lsr-id 1.1.1.1

# Enable SR-MPLS.

[RouterA] ospf 1

[RouterA-ospf-1] segment-routing mpls

[RouterA-ospf-1] quit

3. Configure Router B:

# Configure OSPF to achieve network level connectivity.

<RouterB> system-view

[RouterB] ospf 1 router-id 2.2.2.2

[RouterB-ospf-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospf 1 area 0

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] ospf 1 area 0

[RouterB-LoopBack1] quit

# Configure the LSR ID.

[RouterB] mpls lsr-id 2.2.2.2

# Configure LDP.

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS.

[RouterB] ospf 1

[RouterB-ospf-1] segment-routing mpls

# Configure the IGP to advertise locally configured prefix-SID mappings.

[RouterB-ospf-1] segment-routing mapping-server advertise-local

[RouterB-ospf-1] quit

# Configure a prefix-SID mapping.

[RouterB] segment-routing

[RouterB-segment-routing] mapping-server prefix-sid-map 3.3.3.3 32 100

[RouterB-segment-routing] quit

4. Configure Router C:

# Configure OSPF to achieve network level connectivity.

<RouterC> system-view

[RouterC] ospf 1 router-id 3.3.3.3

[RouterC-ospf-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] ospf 1 area 0

[RouterC-LoopBack1] quit

# Configure the LSR ID.

[RouterC] mpls lsr-id 3.3.3.3

# Configure LDP.

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display OSPF SRLSP information on Router A.

[RouterA] display mpls lsp protocol ospf

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

3.3.3.3/32 OSPF 16100/16100 XGE3/0/1

3.3.3.3/32 OSPF -/16100 XGE3/0/1

The output shows that the outgoing label of the OSPF SRLSP entry for Router C is using the SID assigned to Router C.

Example: Configuring SR-MPLS to LDP (labeled route exchange in BGP IPv4 unicast address family)

Network configuration

As shown in Figure 317, complete the following tasks so Router A and Router C can communicate with each other:

· Configure Router A and Router B to use EBGP to exchange labeled IPv4 routes.

· Configure Router B and Router C to use IBGP to exchange labeled IPv4 routes.

· Configure Router A and Router B to run SR-MPLS and establish an SRLSP between Router A and Router B.

· Configure Router B and Router C to run LDP to establish a dynamic LDP LSP between them.

· Configure Router A and Router B as both SRMSs and SRMCs so they assign SIDs to LDP network prefixes.

Figure 317 Network diagram

‌

Table 131 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
Router C	Loop1	3.3.3.3/32		XGE3/0/2	11.0.0.1/24
	XGE3/0/1	11.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Set the LSR ID, and enable MPLS.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure a routing policy and assign an SID.

[RouterA] route-policy sr permit node 1

[RouterA-route-policy-sr-1] apply label-index 100

[RouterA-route-policy-sr-1] quit

# Configure BGP to exchange labeled routes with EBGP peer 10.0.0.2.

[RouterA] bgp 200

[RouterA-bgp-default] peer 10.0.0.2 as-number 100

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] peer 10.0.0.2 enable

[RouterA-bgp-default-ipv4] peer 10.0.0.2 label-route-capability

# Advertise local network 1.1.1.1/32, and assign SID index 100 to 1.1.1.1/32 by using the routing policy.

[RouterA-bgp-default-ipv4] network 1.1.1.1 32 route-policy sr

# Enable SR-MPLS.

[RouterA-bgp-default-ipv4] segment-routing mpls

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

3. Configure Router B:

# Configure OSPF to achieve network level connectivity, set the LSR ID, and enable MPLS.

<RouterB> system-view

[RouterB] ospf 1 router-id 2.2.2.2

[RouterB-ospf-1] quit

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospf 1 area 0

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] ospf 1 area 0

[RouterB-LoopBack1] quit

# Configure LDP.

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure a prefix-SID mapping.

[RouterB] segment-routing

[RouterB-segment-routing] mapping-server prefix-sid-map 3.3.3.3 32 200

[RouterB-segment-routing] quit

# Configure a routing policy and assign MPLS labels to routes.

[RouterB] route-policy srldp permit node 0

[RouterB-route-policy-srldp-0] apply mpls-label

[RouterB-route-policy-srldp-0] quit

# Configure BGP to exchange labeled routes with EBGP peer 10.0.0.1.

[RouterB] bgp 100

[RouterB-bgp-default] peer 10.0.0.1 as-number 200

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 10.0.0.1 enable

[RouterB-bgp-default-ipv4] peer 10.0.0.1 label-route-capability

[RouterB-bgp-default-ipv4] quit

# Configure BGP to exchange labeled routes with IBGP peer 3.3.3.3.

[RouterB-bgp-default] peer 3.3.3.3 as-number 100

[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopBack1

[RouterB-bgp-default] address-family ipv4 unicast

[RouterB-bgp-default-ipv4] peer 3.3.3.3 enable

[RouterB-bgp-default-ipv4] peer 3.3.3.3 route-policy srldp export

[RouterB-bgp-default-ipv4] peer 3.3.3.3 label-route-capability

# Enable SR-MPLS.

[RouterB-bgp-default-ipv4] segment-routing mpls

# Enable prefix-SID mappings.

[RouterB-bgp-default-ipv4] segment-routing prefix-sid-map

[RouterB-bgp-default-ipv4] quit

[RouterB-bgp-default] quit

4. Configure Router C:

# Configure OSPF to achieve network level connectivity, set the LSR ID, and enable MPLS.

<RouterC> system-view

[RouterC] ospf 1 router-id 3.3.3.3

[RouterC-ospf-1] quit

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] ospf 1 area 0

[RouterC-LoopBack1] quit

# Configure LDP.

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Configure a routing policy and assign MPLS labels to routes.

[RouterC] route-policy ldpsr permit node 0

[RouterC-route-policy-ldpsr-0] apply mpls-label

[RouterC-route-policy-ldpsr-0] quit

# Configure BGP to exchange labeled routes with IBGP peer 2.2.2.2.

[RouterC] bgp 100

[RouterC-bgp-default] peer 2.2.2.2 as-number 100

[RouterC-bgp-default] peer 2.2.2.2 connect-interface LoopBack1

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] peer 2.2.2.2 enable

[RouterC-bgp-default-ipv4] peer 2.2.2.2 route-policy ldpsr export

[RouterC-bgp-default-ipv4] peer 2.2.2.2 label-route-capability

# Advertise local network 3.3.3.3.

[RouterC-bgp-default-ipv4] network 3.3.3.3 32

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

Verifying the configuration

# Verity that Router A and Router C can communicate. (Details not shown.)

# Display LSP information on Router B.

[RouterB] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

2.2.2.2/32 LDP 3/- -

3.3.3.3/32 LDP 1151/3 XGE3/0/2

3.3.3.3/32 LDP -/3 XGE3/0/2

1.1.1.1/32 BGP 16100/3 NHLFE6

1.1.1.1/32 BGP -/3 NHLFE6

3.3.3.3/32 BGP 16200/1274 NHLFE7

10.0.0.1 BGP -/- XGE3/0/1

10.0.0.1 Local -/- XGE3/0/1

11.0.0.2 Local -/- XGE3/0/2

The output shows that the outgoing label of the LSP entry for Router C is using the SID assigned to Router C.

Example: Configuring SR-MPLS to LDP (labeled route exchange in BGP IPv4 labeled unicast address family)

Network configuration

As shown in Figure 318, complete the following tasks so Router A and Router C can communicate with each other:

· Configure Router A and Router B to use EBGP to exchange labeled IPv4 routes in the BGP IPv4 labeled unicast address family.

· Configure Router B and Router C to use IBGP to exchange labeled IPv4 routes in the BGP IPv4 labeled unicast address family.

· Configure Router A and Router B to run BGP-based SR-MPLS and establish an SRLSP between Router A and Router B.

· Configure Router B and Router C to run LDP to establish a dynamic LDP LSP between them.

· Configure Router A and Router B as both SRMSs and SRMCs so they assign SIDs to LDP network prefixes.

Figure 318 Network diagram

‌

Table 132 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
Router C	Loop1	3.3.3.3/32		XGE3/0/2	11.0.0.1/24
	XGE3/0/1	11.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Set the LSR ID, and enable MPLS.

<RouterA> system-view

[RouterA] mpls lsr-id 1.1.1.1

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] mpls enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Configure a routing policy and assign an SID.

[RouterA] route-policy sr permit node 1

[RouterA-route-policy-sr-1] apply label-index 100

[RouterA-route-policy-sr-1] quit

# Configure EBGP peer 10.0.0.2 as a BGP IPv4 labeled unicast peer.

[RouterA] bgp 200

[RouterA-bgp-default] peer 10.0.0.2 as-number 100

[RouterA-bgp-default] address-family ipv4 labeled-unicast

[RouterA-bgp-default-labeled-ipv4] peer 10.0.0.2 enable

# Advertise local network 1.1.1.1/32, and assign SID index 100 to 1.1.1.1/32 by using the routing policy.

[RouterA-bgp-default-labeled-ipv4] network 1.1.1.1 32 route-policy sr

# Enable SR-MPLS.

[RouterA-bgp-default-labeled-ipv4] segment-routing mpls

[RouterA-bgp-default-labeled-ipv4] quit

[RouterA-bgp-default] address-family ipv4 unicast

[RouterA-bgp-default-ipv4] import-rib public labeled-unicast

[RouterA-bgp-default-ipv4] quit

[RouterA-bgp-default] quit

3. Configure Router B:

# Configure OSPF to achieve network level connectivity, set the LSR ID, and enable MPLS.

<RouterB> system-view

[RouterB] ospf 1 router-id 2.2.2.2

[RouterB-ospf-1] quit

[RouterB] mpls lsr-id 2.2.2.2

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] mpls enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ospf 1 area 0

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] ospf 1 area 0

[RouterB-LoopBack1] quit

# Configure LDP.

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Configure a prefix-SID mapping.

[RouterB] segment-routing

[RouterB-segment-routing] mapping-server prefix-sid-map 3.3.3.3 32 200

[RouterB-segment-routing] quit

# Configure a routing policy and assign MPLS labels to routes.

[RouterB] route-policy srldp permit node 0

[RouterB-route-policy-srldp-0] apply mpls-label

[RouterB-route-policy-srldp-0] quit

# Configure EBGP peer 10.0.0.1 as a BGP IPv4 labeled unicast peer.

[RouterB] bgp 100

[RouterB-bgp-default] peer 10.0.0.1 as-number 200

[RouterB-bgp-default] address-family ipv4 labeled-unicast

[RouterB-bgp-default-labeled-ipv4] peer 10.0.0.1 enable

[RouterB-bgp-default-labeled-ipv4] quit

# Configure BGP to exchange labeled routes with IBGP peer 3.3.3.3.

[RouterB-bgp-default] peer 3.3.3.3 as-number 100

[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopBack1

[RouterB-bgp-default] address-family ipv4 labeled-unicast

[RouterB-bgp-default-labeled-ipv4] peer 3.3.3.3 enable

[RouterB-bgp-default-labeled-ipv4] peer 3.3.3.3 route-policy srldp export

# Enable SR-MPLS.

[RouterB-bgp-default-labeled-ipv4] segment-routing mpls

# Enable prefix-SID mappings.

[RouterB-bgp-default-labeled-ipv4] segment-routing prefix-sid-map

[RouterB-bgp-default-labeled-ipv4] quit

[RouterB-bgp-default] quit

4. Configure Router C:

# Configure OSPF to achieve network level connectivity, set the LSR ID, and enable MPLS.

<RouterC> system-view

[RouterC] ospf 1 router-id 3.3.3.3

[RouterC-ospf-1] quit

[RouterC] mpls lsr-id 3.3.3.3

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] ospf 1 area 0

[RouterC-LoopBack1] quit

# Configure LDP.

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Configure a routing policy and assign MPLS labels to routes.

[RouterC] route-policy ldpsr permit node 0

[RouterC-route-policy-ldpsr-0] apply mpls-label

[RouterC-route-policy-ldpsr-0] quit

# Configure IBGP peer 2.2.2.2 as a BGP IPv4 labeled unicast peer.

[RouterC] bgp 100

[RouterC-bgp-default] peer 2.2.2.2 as-number 100

[RouterC-bgp-default] peer 2.2.2.2 connect-interface LoopBack1

[RouterC-bgp-default] address-family ipv4 labeled-unicast

[RouterC-bgp-default-labeled-ipv4] peer 2.2.2.2 enable

[RouterC-bgp-default-labeled-ipv4] peer 2.2.2.2 route-policy ldpsr export

# Advertise local network 3.3.3.3.

[RouterC-bgp-default-labeled-ipv4] network 3.3.3.3 32

[RouterC-bgp-default-labeled-ipv4] quit

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] import-rib public labeled-unicast

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] quit

Verifying the configuration

# Verity that Router A and Router C can communicate. (Details not shown.)

# Display LSP information on Router B.

[RouterB] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

2.2.2.2/32 LDP 3/- -

3.3.3.3/32 LDP 1151/3 XGE3/0/2

3.3.3.3/32 LDP -/3 XGE3/0/2

1.1.1.1/32 BGP 16100/3 NHLFE6

1.1.1.1/32 BGP -/3 NHLFE6

3.3.3.3/32 BGP 16200/1274 NHLFE7

10.0.0.1 BGP -/- XGE3/0/1

10.0.0.1 Local -/- XGE3/0/1

11.0.0.2 Local -/- XGE3/0/2

The output shows that the outgoing label of the LSP entry for Router C is using the SID assigned to Router C.

Example: Configuring SR-MPLS over LDP

Network configuration

As shown in Figure 319, complete the following tasks so the two SR networks can communicate across the LDP network:

· Configure Router A, Router B, Router C, Router D, and Router E to run IS-IS.

· Configure Router B, Router C, and Router D to run LDP.

· Configure Router A, Router B, Router D, and Router E to run SR-MPLS.

Figure 319 Network diagram

‌

Table 133 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Router A	Loop1	1.1.1.1/32	Router B	Loop1	2.2.2.2/32
	XGE3/0/1	10.0.0.1/24		XGE3/0/1	10.0.0.2/24
Router C	Loop1	3.3.3.3/32		XGE3/0/2	11.0.0.1/24
	XGE3/0/1	11.0.0.2/24	Router D	Loop1	4.4.4.4/32
	XGE3/0/2	12.0.0.1/24		XGE3/0/1	12.0.0.2/24
Router E	Loop1	5.5.5.5/32		XGE3/0/2	13.0.0.1/24
	XGE3/0/1	13.0.0.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Router A:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<RouterA> system-view

[RouterA] isis 1

[RouterA-isis-1] network-entity 00.0000.0000.0001.00

[RouterA-isis-1] cost-style wide

[RouterA-isis-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis enable 1

[RouterA-LoopBack1] quit

# Configure the LSR ID.

[RouterA] mpls lsr-id 1.1.1.1

# Enable SR-MPLS.

[RouterA] isis 1

[RouterA-isis-1] address-family ipv4

[RouterA-isis-1-ipv4] segment-routing mpls

[RouterA-isis-1-ipv4] quit

[RouterA-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterA] interface loopback 1

[RouterA-LoopBack1] isis prefix-sid index 10

[RouterA-LoopBack1] quit

3. Configure Router B:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<RouterB> system-view

[RouterB] isis 1

[RouterB-isis-1] network-entity 00.0000.0000.0002.00

[RouterB-isis-1] cost-style wide

[RouterB-isis-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterB-Ten-GigabitEthernet3/0/2] quit

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis enable 1

[RouterB-LoopBack1] quit

# Configure the LSR ID.

[RouterB] mpls lsr-id 2.2.2.2

# Configure LDP.

[RouterB] mpls ldp

[RouterB-ldp] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] mpls enable

[RouterB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS.

[RouterB] isis 1

[RouterB-isis-1] address-family ipv4

[RouterB-isis-1-ipv4] segment-routing mpls

[RouterB-isis-1-ipv4] quit

[RouterB-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterB] interface loopback 1

[RouterB-LoopBack1] isis prefix-sid index 20

[RouterB-LoopBack1] quit

4. Configure Router C:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<RouterC> system-view

[RouterC] isis 1

[RouterC-isis-1] network-entity 00.0000.0000.0003.00

[RouterC-isis-1] cost-style wide

[RouterC-isis-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterC-Ten-GigabitEthernet3/0/2] quit

[RouterC] interface loopback 1

[RouterC-LoopBack1] isis enable 1

[RouterC-LoopBack1] quit

# Configure the LSR ID.

[RouterC] mpls lsr-id 3.3.3.3

# Configure LDP.

[RouterC] mpls ldp

[RouterC-ldp] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] mpls enable

[RouterC-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

[RouterC] interface ten-gigabitethernet 3/0/2

[RouterC-Ten-GigabitEthernet3/0/2] mpls enable

[RouterC-Ten-GigabitEthernet3/0/2] mpls ldp enable

[RouterC-Ten-GigabitEthernet3/0/2] quit

5. Configure Router D:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<RouterD> system-view

[RouterD] isis 1

[RouterD-isis-1] network-entity 00.0000.0000.0004.00

[RouterD-isis-1] cost-style wide

[RouterD-isis-1] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/1] quit

[RouterD] interface ten-gigabitethernet 3/0/2

[RouterD-Ten-GigabitEthernet3/0/2] isis enable 1

[RouterD-Ten-GigabitEthernet3/0/2] quit

[RouterD] interface loopback 1

[RouterD-LoopBack1] isis enable 1

[RouterD-LoopBack1] quit

# Configure the LSR ID.

[RouterD] mpls lsr-id 4.4.4.4

# Configure LDP.

[RouterD] mpls ldp

[RouterD-ldp] quit

[RouterD] interface ten-gigabitethernet 3/0/1

[RouterD-Ten-GigabitEthernet3/0/1] mpls enable

[RouterD-Ten-GigabitEthernet3/0/1] mpls ldp enable

[RouterD-Ten-GigabitEthernet3/0/1] quit

# Enable SR-MPLS.

[RouterD] isis 1

[RouterD-isis-1] address-family ipv4

[RouterD-isis-1-ipv4] segment-routing mpls

[RouterD-isis-1-ipv4] quit

[RouterD-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterD] interface loopback 1

[RouterD-LoopBack1] isis prefix-sid index 40

[RouterD-LoopBack1] quit

6. Configure Router E:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<RouterE> system-view

[RouterE] isis 1

[RouterE-isis-1] network-entity 00.0000.0000.0005.00

[RouterE-isis-1] cost-style wide

[RouterE-isis-1] quit

[RouterE] interface ten-gigabitethernet 3/0/1

[RouterE-Ten-GigabitEthernet3/0/1] isis enable 1

[RouterE-Ten-GigabitEthernet3/0/1] quit

[RouterE] interface loopback 1

[RouterE-LoopBack1] isis enable 1

[RouterE-LoopBack1] quit

# Configure the LSR ID.

[RouterE] mpls lsr-id 5.5.5.5

# Enable SR-MPLS.

[RouterE] isis 1

[RouterE-isis-1] address-family ipv4

[RouterE-isis-1-ipv4] segment-routing mpls

[RouterE-isis-1-ipv4] quit

[RouterE-isis-1] quit

# Configure the IS-IS prefix SID.

[RouterE] interface loopback 1

[RouterE-LoopBack1] isis prefix-sid index 50

[RouterE-LoopBack1] quit

Verifying the configuration

# Display LDP LSP information on Router B.

[RouterB] display mpls ldp lsp

Status Flags: * - stale, L - liberal, B - backup, N/A - unavailable

FECs: 5 Ingress: 3 Transit: 3 Egress: 2

FEC In/Out Label Nexthop OutInterface

1.1.1.1/32 2173/-

-/2173(L)

2.2.2.2/32 3/-

-/2175(L)

3.3.3.3/32 -/3 11.0.0.2 XGE3/0/2

2175/3 11.0.0.2 XGE3/0/2

4.4.4.4/32 -/2174 11.0.0.2 XGE3/0/2

2174/2174 11.0.0.2 XGE3/0/2

5.5.5.5/32 -/2172 11.0.0.2 XGE3/0/2

2172/2172 11.0.0.2 XGE3/0/2

# Display IS-IS SRLSP information on Router B.

[RouterB] display mpls lsp protocol isis

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

1.1.1.1/32 ISIS 16010/3 XGE3/0/1

1.1.1.1/32 ISIS -/3 XGE3/0/1

2.2.2.2/32 ISIS 16020/- -

4.4.4.4/32 ISIS 16040/2174 XGE3/0/2

4.4.4.4/32 ISIS -/2174 XGE3/0/2

5.5.5.5/32 ISIS 16050/2172 XGE3/0/2

5.5.5.5/32 ISIS -/2172 XGE3/0/2

The output shows that the IS-IS SRLSP entries for Router D and Router E are using LDP outgoing labels.

Example: Configuring IS-IS TI-LFA FRR

Network configuration

As shown in Figure 320, complete the following tasks to implement TI-LFA FRR:

· Configure IS-IS on Device A, Device B, and Device C to achieve network level connectivity.

· Configure SR-MPLS on Device A, Device B, and Device C.

· Configure TI-LFA FRR to remove the loop that exists on Link B and to implement fast traffic switchover to Link B when Link A fails.

Figure 320 Network diagram

‌

Table 134 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	Loop1	1.1.1.1/32	Device B	Loop1	2.2.2.2/32
	XGE3/0/1	12.12.12.1/24		XGE3/0/1	24.24.24.1/24
	XGE3/0/2	13.13.13.1/24		XGE3/0/2	13.13.13.2/24
Device C	Loop1	3.3.3.3/32
	XGE3/0/1	12.12.12.2/24
	XGE3/0/2	24.24.24.2/24

‌

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Device A:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceA> system-view

[DeviceA] isis 1

[DeviceA-isis-1] network-entity 00.0000.0000.0001.00

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis enable 1

[DeviceA-Ten-GigabitEthernet3/0/1] isis cost 10

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] isis enable 1

[DeviceA-Ten-GigabitEthernet3/0/2] isis cost 10

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface loopback 1

[DeviceA-LoopBack1] isis enable 1

[DeviceA-LoopBack1] quit

# Configure MPLS TE.

[DeviceA] mpls lsr-id 1.1.1.1

[DeviceA] mpls te

[DeviceA-te] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] mpls enable

[DeviceA-Ten-GigabitEthernet3/0/1] mpls te enable

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceA-Ten-GigabitEthernet3/0/2] mpls te enable

[DeviceA-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS and SR-MPLS adjacency SID allocation.

[DeviceA] isis 1

[DeviceA-isis-1] address-family ipv4

[DeviceA-isis-1-ipv4] segment-routing mpls

[DeviceA-isis-1-ipv4] segment-routing adjacency enable

[DeviceA-isis-1-ipv4] quit

[DeviceA-isis-1] quit

# Configure the IS-IS prefix SID.

[DeviceA] interface loopback 1

[DeviceA-LoopBack1] isis prefix-sid index 10

[DeviceA-LoopBack1] quit

# Configure TI-LFA FRR.

[DeviceA] isis 1

[DeviceA-isis-1] address-family ipv4

[DeviceA-isis-1-ipv4] fast-reroute lfa

[DeviceA-isis-1-ipv4] fast-reroute ti-lfa

[DeviceA-isis-1-ipv4] fast-reroute microloop-avoidance enable

[DeviceA-isis-1-ipv4] segment-routing microloop-avoidance enable

[DeviceA-isis-1-ipv4] quit

[DeviceA-isis-1] quit

3. Configure Device B:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceB> system-view

[DeviceB] isis 1

[DeviceB-isis-1] network-entity 00.0000.0000.0002.00

[DeviceB-isis-1] cost-style wide

[DeviceB-isis-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis enable 1

[DeviceB-Ten-GigabitEthernet3/0/1] isis cost 20

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis enable 1

[DeviceB-Ten-GigabitEthernet3/0/2] isis cost 10

[DeviceB-Ten-GigabitEthernet3/0/2] quit

[DeviceB] interface loopback 1

[DeviceB-LoopBack1] isis enable 1

[DeviceB-LoopBack1] quit

# Configure MPLS TE.

[DeviceB] mpls lsr-id 2.2.2.2

[DeviceB] mpls te

[DeviceB-te] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] mpls enable

[DeviceB-Ten-GigabitEthernet3/0/1] mpls te enable

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceB-Ten-GigabitEthernet3/0/2] mpls te enable

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS and SR-MPLS adjacency SID allocation.

[DeviceB] isis 1

[DeviceB-isis-1] address-family ipv4

[DeviceB-isis-1-ipv4] segment-routing mpls

[DeviceB-isis-1-ipv4] segment-routing adjacency enable

[DeviceB-isis-1-ipv4] quit

[DeviceB-isis-1] quit

# Configure the IS-IS prefix SID.

[DeviceB] interface loopback 1

[DeviceB-LoopBack1] isis prefix-sid index 20

[DeviceB-LoopBack1] quit

# Configure TI-LFA FRR.

[DeviceB] isis 1

[DeviceB-isis-1] address-family ipv4

[DeviceB-isis-1-ipv4] fast-reroute lfa

[DeviceB-isis-1-ipv4] fast-reroute ti-lfa

[DeviceB-isis-1-ipv4] fast-reroute microloop-avoidance enable

[DeviceB-isis-1-ipv4] segment-routing microloop-avoidance enable

[DeviceB-isis-1-ipv4] quit

[DeviceB-isis-1] quit

4. Configure Device C:

# Configure IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceC> system-view

[DeviceC] isis 1

[DeviceC-isis-1] network-entity 00.0000.0000.0003.00

[DeviceC-isis-1] cost-style wide

[DeviceC-isis-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis enable 1

[DeviceC-Ten-GigabitEthernet3/0/1] isis cost 10

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis enable 1

[DeviceC-Ten-GigabitEthernet3/0/2] isis cost 20

[DeviceC-Ten-GigabitEthernet3/0/2] quit

[DeviceC] interface loopback 1

[DeviceC-LoopBack1] isis enable 1

[DeviceC-LoopBack1] quit

# Configure MPLS TE.

[DeviceC] mpls lsr-id 3.3.3.3

[DeviceC] mpls te

[DeviceC-te] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] mpls enable

[DeviceC-Ten-GigabitEthernet3/0/1] mpls te enable

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceC-Ten-GigabitEthernet3/0/2] mpls te enable

[DeviceC-Ten-GigabitEthernet3/0/2] quit

# Enable SR-MPLS and SR-MPLS adjacency SID allocation.

[DeviceC] isis 1

[DeviceC-isis-1] address-family ipv4

[DeviceC-isis-1-ipv4] segment-routing mpls

[DeviceC-isis-1-ipv4] segment-routing adjacency enable

[DeviceC-isis-1-ipv4] quit

[DeviceC-isis-1] quit

# Configure the IS-IS prefix SID.

[DeviceC] interface loopback 1

[DeviceC-LoopBack1] isis prefix-sid index 30

[DeviceC-LoopBack1] quit

# Configure TI-LFA FRR.

[DeviceC] isis 1

[DeviceC-isis-1] address-family ipv4

[DeviceC-isis-1-ipv4] fast-reroute lfa

[DeviceC-isis-1-ipv4] fast-reroute ti-lfa

[DeviceC-isis-1-ipv4] fast-reroute microloop-avoidance enable

[DeviceC-isis-1-ipv4] segment-routing microloop-avoidance enable

[DeviceC-isis-1-ipv4] quit

[DeviceC-isis-1] quit

Verifying the configuration

# Display IPv4 IS-IS routing information for 2.2.2.2/32.

[DeviceA] display isis route ipv4 2.2.2.2 32 verbose level-1 1

Route information for IS-IS(1)

-----------------------------

Level-1 IPv4 Forwarding Table

-----------------------------

IPv4 Dest : 2.2.2.2/32 Int. Cost : 10 Ext. Cost : NULL

Admin Tag : - Src Count : 1 Flag : R/L/-

InLabel : 16020 InLabel Flag: -/N/-/-/-/-

NextHop : Interface : ExitIndex :

13.13.13.2 XGE3/0/2 0x00000103

Nib ID : 0x14000005 OutLabel : 16020 OutLabelFlag: I

LabelSrc : SR

TI-LFA:

Interface : XGE3/0/1

BkNextHop : 12.12.12.2 LsIndex : 0x00000002

Backup label stack(top->bottom): {16030, 2175}

Route label: 16020

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

InLabel flags: R-Readvertisement, N-Node SID, P-no PHP

E-Explicit null, V-Value, L-Local

OutLabelFlags: E-Explicit null, I-Implicit null, N-Normal, P-SR label prefer

The output shows TI-LFA backup next hop information.

SR-MPLS TE policy configuration examples

Example: Configuring SR-MPLS TE policy-based forwarding

Network configuration

As shown in Figure 321, perform the following tasks on the devices to implement SR-MPLS TE policy-based forwarding:

· Configure Device A through Device D to run IS-IS to implement Layer 3 connectivity.

· Configure SR-MPLS on Device A through Device D to establish an SRLSP.

· Configure an SR-MPLS TE policy on Device A to forward user packets along path Device A > Device B > Device C > Device D.

Figure 321 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
Device A	Loop1	1.1.1.1/32	Device B	Loop1	2.2.2.2/32
	XGE3/0/1	12.0.0.1/24		XGE3/0/1	12.0.0.2/24
	XGE3/0/2	14.0.0.1/24		XGE3/0/2	23.0.0.2/24
Device C	Loop1	3.3.3.3/32	Device D	Loop1	4.4.4.4/32
	XGE3/0/1	34.0.0.3/24		XGE3/0/1	34.0.0.4/24
	XGE3/0/2	23.0.0.3/24		XGE3/0/2	14.0.0.4/24

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Device A:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceA> system-view

[DeviceA] isis 1

[DeviceA-isis-1] network-entity 00.0000.0000.0001.00

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis enable 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] isis enable 1

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface loopback 1

[DeviceA-LoopBack1] isis enable 1

[DeviceA-LoopBack1] quit

# Configure the MPLS LSR ID, and enable MPLS and MPLS TE.

[DeviceA] mpls lsr-id 1.1.1.1

[DeviceA] mpls te

[DeviceA-te] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] mpls enable

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceA-Ten-GigabitEthernet3/0/2] quit

# Configure the SRGB and enable SR-MPLS in IPv4 unicast address family view.

[DeviceA] isis 1

[DeviceA-isis-1] segment-routing global-block 16000 16999

[DeviceA-isis-1] address-family ipv4

[DeviceA-isis-1-ipv4] segment-routing mpls

[DeviceA-isis-1-ipv4] quit

[DeviceA-isis-1] quit

# Configure the IS-IS prefix SID.

[DeviceA] interface loopback 1

[DeviceA-LoopBack1] isis prefix-sid index 10

[DeviceA-LoopBack1] quit

# Configure an SID list.

[DeviceA] segment-routing

[DeviceA-segment-routing] traffic-engineering

[DeviceA-sr-te] segment-list s1

[DeviceA-sr-te-sl-s1] index 10 mpls label 16020

[DeviceA-sr-te-sl-s1] index 20 mpls label 17030

[DeviceA-sr-te-sl-s1] index 30 mpls label 18040

[DeviceA-sr-te-sl-s1] quit

# Create an SR-MPLS TE policy and set the attributes.

[DeviceA-sr-te] policy p1

[DeviceA-sr-te-policy-p1] binding-sid mpls 15000

[DeviceA-sr-te-policy-p1] color 10 end-point ipv4 4.4.4.4

# Configure a candidate path for the SR-MPLS TE policy and specify an explicit path for the candidate path.

[DeviceA-sr-te-policy-p1] candidate-paths

[DeviceA-sr-te-policy-p1-path] preference 10

[DeviceA-sr-te-policy-p1-path-pref-10] explicit segment-list s1

[DeviceA-sr-te-policy-p1-path-pref-10] quit

[DeviceA-sr-te-policy-p1-path] quit

[DeviceA-sr-te-policy-p1] quit

[DeviceA-sr-te] quit

[DeviceA-segment-routing] quit

3. Configure Device B:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceB> system-view

[DeviceB] isis 1

[DeviceB-isis-1] network-entity 00.0000.0000.0002.00

[DeviceB-isis-1] cost-style wide

[DeviceB-isis-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis enable 1

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis enable 1

[DeviceB-Ten-GigabitEthernet3/0/2] quit

[DeviceB] interface loopback 1

[DeviceB-LoopBack1] isis enable 1

[DeviceB-LoopBack1] quit

# Configure the MPLS LSR ID, and enable MPLS and MPLS TE.

[DeviceB] mpls lsr-id 2.2.2.2

[DeviceB] mpls te

[DeviceB-te] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] mpls enable

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Configure the SRGB and enable SR-MPLS in IPv4 unicast address family view.

[DeviceB] isis 1

[DeviceB-isis-1] segment-routing global-block 17000 17999

[DeviceB-isis-1] address-family ipv4

[DeviceB-isis-1-ipv4] segment-routing mpls

[DeviceB-isis-1-ipv4] quit

[DeviceB-isis-1] quit

# Configure the IS-IS prefix SID.

[DeviceB] interface loopback 1

[DeviceB-LoopBack1] isis prefix-sid index 20

[DeviceB-LoopBack1] quit

4. Configure Device C:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceC> system-view

[DeviceC] isis 1

[DeviceC-isis-1] network-entity 00.0000.0000.0003.00

[DeviceC-isis-1] cost-style wide

[DeviceC-isis-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis enable 1

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis enable 1

[DeviceC-Ten-GigabitEthernet3/0/2] quit

[DeviceC] interface loopback 1

[DeviceC-LoopBack1] isis enable 1

[DeviceC-LoopBack1] quit

# Configure the MPLS LSR ID, and enable MPLS and MPLS TE.

[DeviceC] mpls lsr-id 3.3.3.3

[DeviceC] mpls te

[DeviceC-te] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] mpls enable

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceC-Ten-GigabitEthernet3/0/2] quit

# Configure the SRGB and enable SR-MPLS in IPv4 unicast address family view.

[DeviceC] isis 1

[DeviceC-isis-1] segment-routing global-block 18000 18999

[DeviceC-isis-1] address-family ipv4

[DeviceC-isis-1-ipv4] segment-routing mpls

[DeviceC-isis-1-ipv4] quit

[DeviceC-isis-1] quit

# Configure the IS-IS prefix SID.

[DeviceC] interface loopback 1

[DeviceC-LoopBack1] isis prefix-sid index 30

[DeviceC-LoopBack1] quit

5. Configure Device D:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceD> system-view

[DeviceD] isis 1

[DeviceD-isis-1] network-entity 00.0000.0000.0004.00

[DeviceD-isis-1] cost-style wide

[DeviceD-isis-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] isis enable 1

[DeviceD-Ten-GigabitEthernet3/0/1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] isis enable 1

[DeviceD-Ten-GigabitEthernet3/0/2] quit

[DeviceD] interface loopback 1

[DeviceD-LoopBack1] isis enable 1

[DeviceD-LoopBack1] quit

# Configure the MPLS LSR ID, and enable MPLS and MPLS TE.

[DeviceD] mpls lsr-id 4.4.4.4

[DeviceD] mpls te

[DeviceD-te] quit

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] mpls enable

[DeviceD-Ten-GigabitEthernet3/0/1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceD-Ten-GigabitEthernet3/0/2] quit

# Configure the SRGB and enable SR-MPLS in IPv4 unicast address family view.

[DeviceD] isis 1

[DeviceD-isis-1] segment-routing global-block 19000 19999

[DeviceD-isis-1] address-family ipv4

[DeviceD-isis-1-ipv4] segment-routing mpls

[DeviceD-isis-1-ipv4] quit

[DeviceD-isis-1] quit

# Configure the IS-IS prefix SID.

[DeviceD] interface loopback 1

[DeviceD-LoopBack1] isis prefix-sid index 40

[DeviceD-LoopBack1] quit

Verifying the configuration

# Display SR TE policy information on Device A.

[DeviceA] display segment-routing te policy

Name/ID: p1/0

Color: 10

Endpoint: 4.4.4.4

Name from Bgp:

BSID:

Mode: Explicit Type: Type_1 Request state: Succeeded

Current BSID: 15000 Explicit BSID: 15000 Dynamic BSID: -

Reference counts: 4

Flags: A/BS/NC

Status: Up

AdminStatus: Up

Up time: 2019-10-25 11:16:15

Down time: 2019-10-25 11:16:00

Hot-standby: Not configured

Statistics: Not configured

Statistics by service class: Not configured

SBFD: Not configured

BFD trigger path-down: Disabled

PolicyNid: 6201

Service-class: -

Candidate paths state: Configured

Candidate paths statistics:

CLI paths: 1 BGP paths: 0 PCEP paths: 0

Candidate paths:

Preference : 10

CPathName:

ProtoOrigin: CLI Discriminator: 10

Instance ID: 0 Node Address: 0.0.0.0

Originator: 0, 0.0.0.0

Optimal: Y Flags: V/A

Explicit SID list:

ID: 1 Name: s1

Weight: 1 Nid: 24117249

State: Up SBFD state: -

The output shows that the SR-MPLS TE policy is in up state. The device can use the SR-MPLS TE policy to forward packets.

# Display SR TE forwarding information on Device A.

[DeviceA] display segment-routing te forwarding verbose

Total Forwarding entries: 1

Policy name/ID: p1/0

Binding SID: 15000

Policy NID: 0x01400001

Main path:

SegList ID: 1

SegList NID: 0x01700001

Weight: 1

Outgoing NID: 0x01600001

OutLabels: 3

Interface: XGE3/0/1

NextHop: 12.0.0.2

Path ID: 0

Label stack: {17030, 18040}

The output shows that the label stack for packets forwarded by using the SR-MPLS TE policy is {17030, 18040}.

# Display MPLS LSP information on Device A.

[DeviceA] display mpls lsp

FEC Proto In/Out Label Out Inter/NHLFE/LSINDEX

12.0.0.2 Local -/- XGE3/0/1

14.0.0.4 Local -/- XGE3/0/2

1.1.1.1/32 ISIS 16010/- -

2.2.2.2/32 ISIS 16020/3 XGE3/0/1

2.2.2.2/32 ISIS -/3 XGE3/0/1

3.3.3.3/32 ISIS 16030/17030 XGE3/0/1

3.3.3.3/32 ISIS -/17030 XGE3/0/1

3.3.3.3/32 ISIS 16030/19030 XGE3/0/2

3.3.3.3/32 ISIS -/19030 XGE3/0/2

4.4.4.4/32 ISIS 16040/3 XGE3/0/2

4.4.4.4/32 ISIS -/3 XGE3/0/2

4.4.4.4/32/23068673 SRPolicy -/17030 XGE3/0/1

18040

24117249 SRPolicy -/- LSINDEX23068673

4.4.4.4/10 SRPolicy 15000/- LSINDEX24117249

The output shows that the forwarding paths used by the SR-MPLS TE policy.

SRv6 configuration examples

Example: Configuring IPv6 IS-IS TI-LFA FRR

Network configuration

As shown in Figure 322, complete the following tasks to implement TI-LFA FRR:

· Configure IPv6 IS-IS on Device A, Device B, Device C, and Device D to achieve network level connectivity.

· Configure IS-IS SRv6 on Device A, Device B, Device C, and Device D.

· Configure TI-LFA FRR to remove the loop on Link B and to implement fast traffic switchover to Link B when Link A fails.

Figure 322 Network diagram

‌

Table 135 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	Loop1	1::1/128	Device B	Loop1	2::2/128
	XGE3/0/1	2000:1::1/64		XGE3/0/1	2000:1::2/64
	XGE3/0/2	2000:4::1/64		XGE3/0/2	2000:2::2/64
Device C	Loop1	3::3/128	Device D	Loop1	4::4/128
	XGE3/0/1	2000:3::3/64		XGE3/0/1	2000:3::4/64
	XGE3/0/2	2000:2::3/64		XGE3/0/2	2000:4::4/64

Procedure

1. Configure IPv6 addresses and prefixes for interfaces. (Details not shown.)

2. Configure Device A:

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceA> system-view

[DeviceA] isis 1

[DeviceA-isis-1] network-entity 00.0000.0000.0001.00

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] address-family ipv6

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/1] isis cost 10

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/2] isis cost 10

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface loopback 1

[DeviceA-LoopBack1] isis ipv6 enable 1

[DeviceA-LoopBack1] quit

# Enable SRv6 and configure a locator.

[DeviceA] segment-routing ipv6

[DeviceA-segment-routing-ipv6] locator aaa ipv6-prefix 11:: 64 static 32

[DeviceA-segment-routing-ipv6-locator-aaa] quit

[DeviceA-segment-routing-ipv6] quit

# Configure IPv6 IS-IS TI-LFA FRR and enable SR microloop avoidance.

[DeviceA] isis 1

[DeviceA-isis-1] address-family ipv6

[DeviceA-isis-1-ipv6] fast-reroute lfa

[DeviceA-isis-1-ipv6] fast-reroute ti-lfa

[DeviceA-isis-1-ipv6] fast-reroute microloop-avoidance enable

[DeviceA-isis-1-ipv6] segment-routing microloop-avoidance enable

# Apply the locator to the IPv6 IS-IS process.

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator aaa

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

3. Configure Device B:

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceB> system-view

[DeviceB] isis 1

[DeviceB-isis-1] network-entity 00.0000.0000.0002.00

[DeviceB-isis-1] cost-style wide

[DeviceB-isis-1] address-family ipv6

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/1] isis cost 10

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/2] isis cost 10

[DeviceB-Ten-GigabitEthernet3/0/2] quit

[DeviceB] interface loopback 1

[DeviceB-LoopBack1] isis ipv6 enable 1

[DeviceB-LoopBack1] quit

# Enable SRv6 and configure a locator.

[DeviceB] segment-routing ipv6

[DeviceB-segment-routing-ipv6] locator bbb ipv6-prefix 22:: 64 static 32

[DeviceB-segment-routing-ipv6-locator-bbb] quit

[DeviceB-segment-routing-ipv6] quit

# Configure IPv6 IS-IS TI-LFA FRR.

[DeviceB] isis 1

[DeviceB-isis-1] address-family ipv6

[DeviceB-isis-1-ipv6] fast-reroute lfa

[DeviceB-isis-1-ipv6] fast-reroute ti-lfa

# Apply the locator to the IPv6 IS-IS process.

[DeviceB-isis-1-ipv6] segment-routing ipv6 locator bbb

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

4. Configure Device C:

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceC> system-view

[DeviceC] isis 1

[DeviceC-isis-1] network-entity 00.0000.0000.0003.00

[DeviceC-isis-1] cost-style wide

[DeviceC-isis-1] address-family ipv6

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/1] isis cost 100

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/2] isis cost 10

[DeviceC-Ten-GigabitEthernet3/0/2] quit

[DeviceC] interface loopback 1

[DeviceC-LoopBack1] isis ipv6 enable 1

[DeviceC-LoopBack1] quit

# Enable SRv6 and configure a locator.

[DeviceC] segment-routing ipv6

[DeviceC-segment-routing-ipv6] locator ccc ipv6-prefix 33:: 64 static 32

[DeviceC-segment-routing-ipv6-locator-ccc] quit

[DeviceC-segment-routing-ipv6] quit

# Configure IPv6 IS-IS TI-LFA FRR.

[DeviceC] isis 1

[DeviceC-isis-1] address-family ipv6

[DeviceC-isis-1-ipv6] fast-reroute lfa

[DeviceC-isis-1-ipv6] fast-reroute ti-lfa

# Apply the locator to the IPv6 IS-IS process.

[DeviceC-isis-1-ipv6] segment-routing ipv6 locator ccc

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

5. Configure Device D:

# Configure IPv6 IS-IS to achieve network level connectivity and set the IS-IS cost style to wide.

<DeviceD> system-view

[DeviceD] isis 1

[DeviceD-isis-1] network-entity 00.0000.0000.0004.00

[DeviceD-isis-1] cost-style wide

[DeviceD-isis-1] address-family ipv6

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/1] isis cost 100

[DeviceD-Ten-GigabitEthernet3/0/1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/2] isis cost 10

[DeviceD-Ten-GigabitEthernet3/0/2] quit

[DeviceD] interface loopback 1

[DeviceD-LoopBack1] isis ipv6 enable 1

[DeviceD-LoopBack1] quit

# Enable SRv6 and configure a locator.

[DeviceD] segment-routing ipv6

[DeviceD-segment-routing-ipv6] locator ddd ipv6-prefix 44:: 64 static 32

[DeviceD-segment-routing-ipv6-locator-ddd] quit

[DeviceD-segment-routing-ipv6] quit

# Configure IPv6 IS-IS TI-LFA FRR.

[DeviceD] isis 1

[DeviceD-isis-1] address-family ipv6

[DeviceD-isis-1-ipv6] fast-reroute lfa

[DeviceD-isis-1-ipv6] fast-reroute ti-lfa

# Apply the locator to the IPv6 IS-IS process.

[DeviceD-isis-1-ipv6] segment-routing ipv6 locator ddd

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

Verifying the configuration

# Display IPv6 IS-IS routing information for 3::3/128.

[DeviceA] display isis route ipv6 3::3 128 verbose

Route information for IS-IS(1)

------------------------------

Level-1 IPv6 forwarding table

-----------------------------

IPv6 dest : 3::3/128

Flag : R/L/- Cost : 20

Admin tag : - Src count : 2

Nexthop : FE80::4449:7CFF:FEE0:206

NexthopFlag : -

Interface : XGE3/0/1

TI-LFA:

Interface : XGE3/0/2

BkNextHop : FE80::4449:91FF:FE42:407

LsIndex : 0x80000001

Backup label stack(top->bottom): {44::1:0:1}

Nib ID : 0x24000006

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

The output shows TI-LFA backup next hop information.

SRv6 TE policy configuration examples

Example: Configuring SRv6 TE policy-based forwarding

Network configuration

As shown in Figure 323, perform the following tasks on the devices to implement SRv6 TE policy-based forwarding over a specific path:

· Configure Device A through Device D to run IS-IS to implement Layer 3 connectivity.

· Configure basic SRv6 on Device A through Device D.

· Configure an SRv6 TE policy on Device A to forward user packets along path Device A > Device B > Device C > Device D.

Figure 323 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
Device A	Loop1	1::1/128	Device B	Loop1	2::2/128
	XGE3/0/1	1000::1/64		XGE3/0/1	1000::2/64
	XGE3/0/2	4000::1/64		XGE3/0/2	2000::2/64
Device C	Loop1	3::3/128	Device D	Loop1	4::4/128
	XGE3/0/1	3000::3/64		XGE3/0/1	3000::4/64
	XGE3/0/2	2000::3/64		XGE3/0/2	4000::4/64

Procedure

1. Configure IP addresses and masks for interfaces. (Details not shown.)

2. Configure Device A:

# Configure an SRv6 SID list.

[DeviceA] segment-routing ipv6

[DeviceA-segment-routing-ipv6] encapsulation source-address 1::1

[DeviceA-segment-routing-ipv6] locator a ipv6-prefix 5000:: 64 static 32

[DeviceA-segment-routing-ipv6-locator-a] opcode 1 end no-flavor

[DeviceA-segment-routing-ipv6-locator-a] quit

[DeviceA-segment-routing-ipv6] traffic-engineering

[DeviceA-srv6-te] srv6-policy locator a

[DeviceA-srv6-te] segment-list s1

[DeviceA-srv6-te-sl-s1] index 10 ipv6 6000::1

[DeviceA-srv6-te-sl-s1] index 20 ipv6 7000::1

[DeviceA-srv6-te-sl-s1] index 30 ipv6 8000::1

[DeviceA-srv6-te-sl-s1] quit

# Create an SRv6 TE policy and set the attributes.

[DeviceA-srv6-te] policy p1

[DeviceA-srv6-te-policy-p1] binding-sid ipv6 5000::2

[DeviceA-srv6-te-policy-p1] color 10 end-point ipv6 4::4

[DeviceA-srv6-te-policy-p1] candidate-paths

[DeviceA-srv6-te-policy-p1-path] preference 10

[DeviceA-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[DeviceA-srv6-te-policy-p1-path-pref-10] quit

[DeviceA-srv6-te-policy-p1-path] quit

[DeviceA-srv6-te-policy-p1] quit

[DeviceA-srv6-te] quit

[DeviceA-segment-routing-ipv6] quit

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceA> system-view

[DeviceA] isis 1

[DeviceA-isis-1] network-entity 00.0000.0000.0001.00

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] address-family ipv6 unicast

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface loopback 1

[DeviceA-LoopBack1] isis ipv6 enable 1

[DeviceA-LoopBack1] quit

3. Configure Device B:

# Configure the SRv6 End.SID.

[DeviceB] segment-routing ipv6

[DeviceB-segment-routing-ipv6] locator b ipv6-prefix 6000:: 64 static 32

[DeviceB-segment-routing-ipv6-locator-b] opcode 1 end no-flavor

[DeviceB-segment-routing-ipv6-locator-b] quit

[DeviceB-segment-routing-ipv6] quit

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceB> system-view

[DeviceB] isis 1

[DeviceB-isis-1] network-entity 00.0000.0000.0002.00

[DeviceB-isis-1] cost-style wide

[DeviceB-isis-1] address-family ipv6 unicast

[DeviceB-isis-1-ipv6] segment-routing ipv6 locator b

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/2] quit

[DeviceB] interface loopback 1

[DeviceB-LoopBack1] isis ipv6 enable 1

[DeviceB-LoopBack1] quit

4. Configure Device C:

# Configure the SRv6 End.SID.

[DeviceC] segment-routing ipv6

[DeviceC-segment-routing-ipv6] locator c ipv6-prefix 7000:: 64 static 32

[DeviceC-segment-routing-ipv6-locator-c] opcode 1 end no-flavor

[DeviceC-segment-routing-ipv6-locator-c] quit

[DeviceC-segment-routing-ipv6] quit

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceC> system-view

[DeviceC] isis 1

[DeviceC-isis-1] network-entity 00.0000.0000.0003.00

[DeviceC-isis-1] cost-style wide

[DeviceC-isis-1] address-family ipv6 unicast

[DeviceC-isis-1-ipv6] segment-routing ipv6 locator c

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/2] quit

[DeviceC] interface loopback 1

[DeviceC-LoopBack1] isis ipv6 enable 1

[DeviceC-LoopBack1] quit

5. Configure Device D:

# Configure the SRv6 End.SID.

[DeviceD] segment-routing ipv6

[DeviceD-segment-routing-ipv6] locator d ipv6-prefix 8000:: 64 static 32

[DeviceD-segment-routing-ipv6-locator-d] opcode 1 end no-flavor

[DeviceD-segment-routing-ipv6-locator-d] quit

[DeviceD-segment-routing-ipv6] quit

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceD> system-view

[DeviceD] isis 1

[DeviceD-isis-1] network-entity 00.0000.0000.0004.00

[DeviceD-isis-1] cost-style wide

[DeviceD-isis-1] address-family ipv6 unicast

[DeviceD-isis-1-ipv6] segment-routing ipv6 locator d

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/2] quit

[DeviceD] interface loopback 1

[DeviceD-LoopBack1] isis ipv6 enable 1

[DeviceD-LoopBack1] quit

Verifying the configuration

# Display SRv6 TE policy information on Device A.

[DeviceA] display segment-routing ipv6 te policy

Name/ID: p1/0

Color: 10

Endpoint: 4::4

Name from BGP:

BSID:

Mode: Explicit Type: Type_2 Request state: Succeeded

Current BSID: 5000::2 Explicit BSID: 5000::1 Dynamic BSID: -

Reference counts: 4

Flags: A/BS/NC

Status: Up

AdminStatus: Up

Up time: 2020-04-02 16:08:03

Down time: 2020-04-02 16:03:48

Hot backup: Disabled

Statistics: Disabled

Statistics by service class: Disabled

Path verification: Disabled

Drop-upon-invalid: Disabled

BFD trigger path-down: Disabled

SBFD: Disabled

BFD Echo: Disabled

Forwarding index: 2150629377

Association ID: 1

Service-class: -

Rate-limit: -

PCE delegation: Disabled

PCE delegate report-only: Disabled

Reoptimization: Disabled

Encapsulation mode: -

Candidate paths state: Configured

Candidate paths statistics:

CLI paths: 1 BGP paths: 0 PCEP paths: 0 ODN paths: 0

Candidate paths:

Preference : 10

CPathName:

ProtoOrigin: CLI Discriminator: 10

Instance ID: 0 Node address: 0.0.0.0

Originator: 0, ::

Optimal: Y Flags: V/A

Dynamic: Not configured

PCEP: Not configured

Explicit SID list:

ID: 1 Name: s1

Weight: 1 Forwarding index: 2149580801

State: Up State(-): -

Verification State: -

Path MTU: 1500 Path MTU Reserved: 0

Local BSID: -

Reverse BSID: -

The output shows that the SRv6 TE policy is in up state. The device can use the SRv6 TE policy to forward packets.

# Display SRv6 TE forwarding information on Device A.

[DeviceA] display segment-routing ipv6 te forwarding verbose

Total forwarding entries: 1

Policy name/ID: p1/0

Binding SID: 5000::2

Policy forwarding index: 2150629377

Main path:

Seglist ID: 1

Seglist forwarding index: 2149580801

Weight: 1

Outgoing forwarding index: 2148532225

Interface: XGE3/0/1

Nexthop: FE80::54CB:70FF:FE86:316

Discriminator: 10

Path ID: 0

SID list: {6000::1, 7000::1, 8000::1}

# Display SRv6 forwarding information on Device A.

[DeviceA] display segment-routing ipv6 forwarding

Total SRv6 forwarding entries: 3

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

A - Active forwarding information

B - Backup forwarding information

ID FWD-Type Flags Forwarding info

Attri-Val Attri-Val

--------------------------------------------------------------------------------

2148532225 SRv6PSIDList NA XGE3/0/1

FE80::54CB:70FF:FE86:316

{6000::1, 7000::1, 8000::1}

2149580801 SRv6PCPath TA 2148532225

2150629377 SRv6Policy TA 2149580801

Example: Configuring SRv6 TE policy egress protection

Network configuration

As shown in Figure 324, deploy an SRv6 TE policy in both directions between PE 1 and PE 2 to carry the L3VPN service. PE 2 is the egress node of the SRv6 TE policy. To improve the forwarding reliability, configure PE 3 to protect PE 2.

Figure 324 Network diagram

‌

Table 136 Interface and IP address

Device	Interface	IP Address	Device	Interface	IP Address
CE 1	XGE3/0/1	10.1.1.2/24	PE 2	Loop0	3::3/128
PE 1	Loop0	1::1/128		XGE3/0/1	10.2.1.1/24
	XGE3/0/1	10.1.1.1/24		XGE3/0/2	2002::1/64
	XGE3/0/2	2001::1/96		XGE3/0/3	2004::2/96
P	Loop0	2::2/128	PE 3	Loop0	4::4/128
	XGE3/0/1	2001::2/96		XGE3/0/1	10.3.1.1/24
	XGE3/0/2	2002::2/64		XGE3/0/2	2003::1/96
	XGE3/0/3	2003::2/96		XGE3/0/3	2004::1/96
			CE 2	XGE3/0/1	10.2.1.2/24
				XGE3/0/2	10.3.1.2/24

Prerequisites

Configure interface addresses as shown in Table 136.

Procedure

1. Configure CE 1:

# Establish an EBGP peer relationship with PE 1 and redistribute the VPN routes.

<CE1> system-view

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Configure IPv6 IS-IS for backbone network connectivity.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 10.1111.1111.1111.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] isis ipv6 enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 2001::1 96

[PE1-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure a VPN instance and bind it to the CE-facing interface.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# Establish MP-IBGP peer relationships with the peer PEs.

[PE1] bgp 100

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 4::4 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] peer 4::4 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3::3 enable

[PE1-bgp-default-vpnv4] peer 4::4 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure L3VPN over SRv6 TE policy.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2::1:0 96 static 8

[PE1-segment-routing-ipv6-locator-aaa] opcode 1 end-dt4 vpn-instance vpn1

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3::3 prefix-sid

[PE1-bgp-default-vpnv4] peer 4::4 prefix-sid

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# Configure an SRv6 TE policy.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] traffic-engineering

[PE1-srv6-te] srv6-policy locator aaa

[PE1-srv6-te] segment-list s1

[PE1-srv6-te-s1-s1] index 10 ipv6 100:abc:1::1

[PE1-srv6-te-s1-s1] index 20 ipv6 6:5::1:2

[PE1-srv6-te-s1-s1] quit

[PE1-srv6-te] policy p1

[PE1-srv6-te-policy-p1] binding-sid ipv6 1:2::1:2

[PE1-srv6-te-policy-p1] color 10 end-point ipv6 3::3

[PE1-srv6-te-policy-p1] candidate-paths

[PE1-srv6-te-policy-p1-path] preference 10

[PE1-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[PE1-srv6-te-policy-p1-path-pref-10] quit

[PE1-srv6-te-policy-p1-path] quit

[PE1-srv6-te-policy-p1] quit

[PE1-srv6-te] quit

[PE1-segment-routing-ipv6] quit

3. Configure the P device:

# Configure IPv6 IS-IS for backbone network connectivity.

system-view

[P] isis 1

[P-isis-1] is-level level-1

[P-isis-1] cost-style wide

[P-isis-1] network-entity 10.2222.2222.2222.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ipv6 address 2::2 128

[P-LoopBack0] isis ipv6 enable 1

[P-LoopBack0] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ipv6 address 2001::2 96

[P-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ipv6 address 2002::2 96

[P-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/2] quit

[P] interface ten-gigabitethernet 3/0/3

[P-Ten-GigabitEthernet3/0/3] ipv6 address 2003::2 96

[P-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[P-Ten-GigabitEthernet3/0/3] quit

# Configure SRv6.

[P] segment-routing ipv6

[P-segment-routing-ipv6] locator p ipv6-prefix 100:abc:1::0 96 static 8

[P-segment-routing-ipv6-locator-p] opcode 1 end no-flavor

[P-segment-routing-ipv6-locator-p] quit

[P-segment-routing-ipv6] quit

[P] isis 1

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] segment-routing ipv6 locator p

# Configure the FRR backup nexthop information and enable egress protection.

[P-isis-1-ipv6] fast-reroute lfa level-1

[P-isis-1-ipv6] fast-reroute ti-lfa

[P-isis-1-ipv6] fast-reroute mirror enable

[P-isis-1-ipv6] quit

[P-isis-1] quit

4. Configure PE 2:

# Configure IPv6 IS-IS for backbone network connectivity.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 10.3333.3333.3333.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 3::3 128

[PE2-LoopBack0] isis ipv6 enable 1

[PE2-LoopBack0] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 2002::1 96

[PE2-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/2] quit

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ipv6 address 2004::2 96

[PE2-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/3] quit

# Configure a VPN instance and bind it to the CE-facing interface.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 10.2.1.2 as-number 65420

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

# Establish MP-IBGP peer relationships with the peer PEs.

[PE2] bgp 100

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 4::4 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] peer 4::4 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 enable

[PE2-bgp-default-vpnv4] peer 4::4 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# Configure L3VPN over SRv6 TE policy.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 3::3

[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 6:5::1:0 96 static 8

[PE2-segment-routing-ipv6-locator-bbb] opcode 1 end-dt4 vpn-instance vpn1

[PE2-segment-routing-ipv6-locator-bbb] opcode 2 end no-flavor

[PE2-segment-routing-ipv6-locator-bbb] quit

[PE2-segment-routing-ipv6] quit

[PE2] bgp 100

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE2-bgp-default-vpnv4] peer 4::4 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 traffic-engineering best-effort

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator bbb

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

5. Configure PE 3:

# Configure IPv6 IS-IS for backbone network connectivity.

<PE3> system-view

[PE3] isis 1

[PE3-isis-1] is-level level-1

[PE3-isis-1] cost-style wide

[PE3-isis-1] network-entity 10.4444.4444.4444.00

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] quit

[PE3-isis-1] quit

[PE3] interface loopback 0

[PE3-LoopBack0] ipv6 address 4::4 128

[PE3-LoopBack0] isis ipv6 enable 1

[PE3-LoopBack0] quit

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ipv6 address 2003::1 96

[PE3-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[PE3-Ten-GigabitEthernet3/0/2] quit

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ipv6 address 2004::1 96

[PE3-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[PE3-Ten-GigabitEthernet3/0/3] quit

# Configure a VPN instance and bind it to the CE-facing interface.

[PE3] ip vpn-instance vpn1

[PE3-vpn-instance-vpn1] route-distinguisher 100:1

[PE3-vpn-instance-vpn1] vpn-target 111:1

[PE3-vpn-instance-vpn1] quit

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE3-Ten-GigabitEthernet3/0/1] ip address 10.3.1.1 24

[PE3-Ten-GigabitEthernet3/0/1] quit

# Establish an EBGP peer relationship with the connected CE to redistribute the VPN routes.

[PE3] bgp 100

[PE3-bgp-default] router-id 3.3.3.3

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] peer 10.3.1.2 as-number 65420

[PE3-bgp-default-vpn1] address-family ipv4 unicast

[PE3-bgp-default-ipv4-vpn1] peer 10.3.1.2 enable

[PE3-bgp-default-ipv4-vpn1] quit

[PE3-bgp-default-vpn1] quit

# Establish MP-IBGP peer relationships with the peer PEs.

[PE3] bgp 100

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 3::3 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 0

[PE3-bgp-default] peer 3::3 connect-interface loopback 0

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] peer 1::1 enable

[PE3-bgp-default-vpnv4] peer 3::3 enable

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] quit

# Configure the source address in the outer IPv6 header of SRv6 VPN packets.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 4::4

# Configure an End.M SID to protect PE 2.

[PE3-segment-routing-ipv6] locator ccc ipv6-prefix 9:7::1:0 96 static 8

[PE3-segment-routing-ipv6-locator-ccc] opcode 1 end-m mirror-locator 6:5::1:0 96

[PE3-segment-routing-ipv6-locator-ccc] quit

[PE3-segment-routing-ipv6] quit

# Recurse the VPN routes to the End.M SID route.

[PE3] bgp 100

[PE3-bgp-default] address-family vpnv4

[PE3-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE3-bgp-default-vpnv4] peer 3::3 prefix-sid

[PE3-bgp-default-vpnv4] quit

[PE3-bgp-default] ip vpn-instance vpn1

[PE3-bgp-default-vpn1] address-family ipv4 unicast

[PE3-bgp-default-ipv4-vpn1] segment-routing ipv6 locator ccc

[PE3-bgp-default-ipv4-vpn1] quit

[PE3-bgp-default-vpn1] quit

[PE3-bgp-default] quit

[PE3] isis 1

[PE3-isis-1] address-family ipv6 unicast

[PE3-isis-1-ipv6] segment-routing ipv6 locator ccc

[PE3-isis-1-ipv6] quit

[PE3-isis-1] quit

6. Configure CE 2:

# Establish an EBGP peer relationship with PEs and redistribute the VPN routes.

<CE2> system-view

[CE2] bgp 65420

[CE2-bgp-default] peer 10.2.1.1 as-number 100

[CE2-bgp-default] peer 10.3.1.1 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.2.1.1 enable

[CE2-bgp-default-ipv4] peer 10.3.1.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# Display the SRv6 TE policy configuration. The output shows that the SRv6 TE policy is up for traffic forwarding.

[PE1] display segment-routing ipv6 te policy

Name/ID: p1/0

Color: 10

End-point: 3::3

Name from BGP:

BSID:

Mode: Explicit Type: Type_2 Request state: Succeeded

Current BSID: 1:2::1:2 Explicit BSID: 1:2::1:2 Dynamic BSID: -

Reference counts: 4

Flags: A/BS/NC

Status: Up

AdminStatus: Up

Up time: 2020-10-28 09:10:33

Down time: 2020-10-28 09:09:32

Hot backup: Disabled

Statistics: Disabled

Statistics by service class: Disabled

Path verification: Disabled

Drop-upon-invalid: Disabled

BFD trigger path-down: Disabled

SBFD: Disabled

BFD Echo: Disabled

Forwarding index: 2150629377

Association ID: 1

Service-class: -

Rate-limit: -

PCE delegation: Disabled

PCE delegate report-only: Disabled

Reoptimization: Disabled

Encapsulation mode: -

Candidate paths state: Configured

Candidate paths statistics:

CLI paths: 1 BGP paths: 0 PCEP paths: 0 ODN paths: 0

Candidate paths:

Preference : 10

CPathName:

ProtoOrigin: CLI Discriminator: 10

Instance ID: 0 Node address: 0.0.0.0

Originator: 0, ::

Optimal: Y Flags: V/A

Dynamic: Not configured

PCEP: Not configured

Explicit SID list:

ID: 1 Name: s1

Weight: 1 Forwarding index: 2149580801

State: Up State(-): -

Verification State: -

Path MTU: 1500 Path MTU Reserved: 0

Local BSID: -

Reverse BSID: -

# Display SRv6 TE policy forwarding information on PE 1.

[PE1] display segment-routing ipv6 te forwarding verbose

Total forwarding entries: 1

Policy name/ID: p1/0

Binding SID: 1:2::1:2

Forwarding index: 2150629377

Main path:

Seglist ID: 1

Seglist forwarding index: 2149580801

Weight: 1

Outgoing forwarding index: 2148532225

Interface: XGE3/0/2

Nexthop: FE80::988A:B5FF:FED9:316

Discriminator: 10

Path ID: 0

SID list: {100:ABC:1::1, 6:5::1:2}

# Display SRv6 TE policy forwarding path information on PE 1.

[PE1] display segment-routing ipv6 forwarding

Total SRv6 forwarding entries: 3

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

A - Active forwarding information

B - Backup forwarding information

ID FWD-Type Flags Forwarding info

Attri-Val Attri-Val

--------------------------------------------------------------------------------

2148532225 SRv6PSIDList NA XGE3/0/2

FE80::988A:B5FF:FED9:316

{100:ABC:1::1, 6:5::1:2}

2149580801 SRv6PCPath TA 2148532225

2150629377 SRv6Policy TA 2149580801

# Display remote SRv6 SIDs protected by End.M SIDs on PE 3.

[PE3] display bgp mirror remote-sid

Remote SID: 6:5::1:1

Remote SID type: End.DT4

Mirror locator: 6:5::1:0/96

Vpn instance name: vpn1

# Display the End.M SID carried in the IS-IS IPv6 route on the P device.

[P] display isis route ipv6 6:5::1:0 96 verbose

Route information for IS-IS(1)

------------------------------

Level-1 IPv6 forwarding table

-----------------------------

IPv6 dest : 6:5::1:0/96

Flag : R/-/- Cost : 10

Admin tag : - Src count : 3

Nexthop : FE80::988A:BDFF:FEB6:417

NexthopFlag: -

Interface : XGE3/0/2

Mirror FRR:

Interface : XGE3/0/3

BkNextHop : FE80::988A:C6FF:FE0D:517

LsIndex : 0x80000001

Backup label stack(top->bottom): {9:7::1:1}

Nib ID : 0x24000006

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

Typically, VPN traffic from CE 1 to CE 2 is forwarded over the CE 1-PE 1-P-PE 2-CE 2 path. When PE 2 fails, the P device switches traffic to the mirror FRR path for the SRv6 TE policy when it detects that the next hop (PE 2) is unreachable.

# Shut down the interface that connects P to PE 2.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] shut

[P-Ten-GigabitEthernet3/0/2] quit

# Display the IS-IS IPv6 route information. The output shows that the nexthop interface becomes the backup interface.

[P] display isis route ipv6 6:5::1:0 96 verbose

Route information for IS-IS(1)

------------------------------

Level-1 IPv6 forwarding table

-----------------------------

IPv6 dest : 6:5::1:0/96

Flag : R/-/- Cost : 20

Admin tag : - Src count : 3

Nexthop : FE80::988A:BDFF:FEB6:417

NexthopFlag: -

Interface : XGE3/0/2

Mirror FRR:

Interface : XGE3/0/3

BkNextHop : FE80::988A:C6FF:FE0D:517

LsIndex : 0x80000001

Backup label stack(top->bottom): {9:7::1:1}

Nib ID : 0x24000006

Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set

# Display SRv6 TE policy information on PE 1. The output shows that the SRv6 TE policy is still up.

[PE1] display segment-routing ipv6 te policy

Name/ID: p1/0

Color: 10

End-point: 3::3

Name from BGP:

BSID:

Mode: Explicit Type: Type_2 Request state: Succeeded

Current BSID: 1:2::1:2 Explicit BSID: 1:2::1:2 Dynamic BSID: -

Reference counts: 4

Flags: A/BS/NC

Status: Up

AdminStatus: Up

Up time: 2020-10-28 09:10:33

Down time: 2020-10-28 09:09:32

Hot backup: Disabled

Statistics: Disabled

Statistics by service class: Disabled

Path verification: Disabled

Drop-upon-invalid: Disabled

BFD trigger path-down: Disabled

SBFD: Disabled

BFD Echo: Disabled

Forwarding index: 2150629377

Association ID: 1

Service-class: -

Rate-limit: -

PCE delegation: Disabled

PCE delegate report-only: Disabled

Reoptimization: Disabled

Encapsulation mode: -

Candidate paths state: Configured

Candidate paths statistics:

CLI paths: 1 BGP paths: 0 PCEP paths: 0 ODN paths: 0

Candidate paths:

Preference : 10

CPathName:

ProtoOrigin: CLI Discriminator: 10

Instance ID: 0 Node address: 0.0.0.0

Originator: 0, ::

Optimal: Y Flags: V/A

Dynamic: Not configured

PCEP: Not configured

Explicit SID list:

ID: 1 Name: s1

Weight: 1 Forwarding index: 2149580801

State: Up State(-): -

Verification State: -

Path MTU: 1500 Path MTU Reserved: 0

Local BSID: -

Reverse BSID: -

Example: Configuring SRv6 TE policy through ODN

Network configuration

As shown in Figure 325, configuring automatic creation of SRv6 TE policies between Device B and Device E by using ODN to forward the traffic between Device A and Device F.

Figure 325 Network diagram

‌

Table 137 Interface and IP address assignment

Device	Interface	IP Address	Device	Interface	IP Address
Device A	XGE3/0/1	1000::2/64	Device F	XGE3/0/1	6000::2/64
Device B	Loop0	1::1/128	Device E	Loop0	3::3/128
	XGE3/0/1	1000::2/64		XGE3/0/1	6000::1/64
	XGE3/0/2	2000::1/64		XGE3/0/2	4000::/64
	XGE3/0/3	3000::1/64		XGE3/0/3	5000::1/64
Device C	XGE3/0/1	4000::2/64	Device D	XGE3/0/1	5000::2/64
	XGE3/0/2	2002::2/64		XGE3/0/2	3000::2/64

Prerequisites

Configure interface addresses as shown in Table 137.

Proedure

1. Configure Device A:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceA> system-view

[DeviceA] isis 1

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] network-entity 00.0000.0000.0001.00

[DeviceA-isis-1] address-family ipv6 unicast

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

2. Configure Device B:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceB> system-view

[DeviceB] isis 1

[DeviceB-isis-1] cost-style wide

[DeviceB-isis-1] network-entity 00.0000.0000.0002.00

[DeviceB-isis-1] address-family ipv6 unicast

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/2] quit

[DeviceB] interface ten-gigabitethernet 3/0/3

[DeviceB-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/3] quit

[DeviceB] interface loopback 0

[DeviceB-LoopBack0] isis ipv6 enable 1

[DeviceB-LoopBack0] quit

# Establish a BGP peer relationship with Device E.

[DeviceB] bgp 100

[DeviceB-bgp-default] router-id 1.1.1.1

[DeviceB-bgp-default] peer 3::3 as-number 100

[DeviceB-bgp-default] peer 3::3 connect-interface loopback 0

[DeviceB-bgp-default] address-family ipv6

[DeviceB-bgp-default-ipv6] peer 3::3 enable

[DeviceB-bgp-default-ipv6] quit

[DeviceB-bgp-default] address-family ipv6 sr-policy

[DeviceB-bgp-default-srpolicy-ipv6] peer 3::3 enable

[DeviceB-bgp-default-srpolicy-ipv6] quit

[DeviceB-bgp-default] quit

# Configure an SRv6 locator.

[DeviceB] segment-routing ipv6

[DeviceB-segment-routing-ipv6] encapsulation source-address 1::1

[DeviceB-segment-routing-ipv6] locator b ipv6-prefix 20:1:: 96 static 24

[DeviceB-segment-routing-ipv6-locator-b] opcode 1 end no-flavor

[DeviceB-segment-routing-ipv6-locator-b] quit

[DeviceB-segment-routing-ipv6] quit

# Configure ODN to create an SRv6 TE policy automatically.

[DeviceB] segment-routing ipv6

[DeviceB-segment-routing-ipv6] traffic-engineering

[DeviceB-srv6-te] srv6-policy locator b

[DeviceB-srv6-te] on-demand color 1

# Enable path computation using PCE.

[DeviceB-srv6-te-odn-1] dynamic

[DeviceB-srv6-te-odn-1-dynamic] pcep

[DeviceB-srv6-te-odn-1] quit

[DeviceB-srv6-te] quit

[DeviceB-segment-routing-ipv6] quit

[DeviceB] isis 1

[DeviceB-isis-1] address-family ipv6 unicast

[DeviceB-isis-1-ipv6] segment-routing ipv6 locator b

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

3. Configure Device C:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceC> system-view

[DeviceC] isis 1

[DeviceC-isis-1] cost-style wide

[DeviceC-isis-1] network-entity 00.0000.0000.0003.00

[DeviceC-isis-1] address-family ipv6 unicast

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/2] quit

[DeviceC] interface loopback 0

[DeviceC-LoopBack1] isis ipv6 enable 1

[DeviceC-LoopBack1] quit

4. Configure Device D:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceD> system-view

[DeviceD] isis 1

[DeviceD-isis-1] cost-style wide

[DeviceD-isis-1] network-entity 00.0000.0000.0004.00

[DeviceD-isis-1] address-family ipv6 unicast

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/2] quit

[DeviceD] interface loopback 0

[DeviceD-LoopBack0] isis ipv6 enable 1

[DeviceD-LoopBack0] quit

5. Configure Device E:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceE> system-view

[DeviceE] isis 1

[DeviceE-isis-1] cost-style wide

[DeviceE-isis-1] network-entity 00.0000.0000.0005.00

[DeviceE-isis-1] address-family ipv6 unicast

[DeviceE-isis-1-ipv6] quit

[DeviceE-isis-1] quit

[DeviceE] interface ten-gigabitethernet 3/0/1

[DeviceE-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceE-Ten-GigabitEthernet3/0/1] quit

[DeviceE] interface ten-gigabitethernet 3/0/2

[DeviceE-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceE-Ten-GigabitEthernet3/0/2] quit

[DeviceE] interface ten-gigabitethernet 3/0/3

[DeviceE-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[DeviceE-Ten-GigabitEthernet3/0/3] quit

[DeviceE] interface loopback 0

[DeviceE-LoopBack0] isis ipv6 enable 1

[DeviceE-LoopBack0] quit

[DeviceE] interface loopback 1

[DeviceE-LoopBack1] ipv6 address 2::2 128

[DeviceE-LoopBack1] quit

# Establish a BGP peer relationship with Device B.

[DeviceE] bgp 100

[DeviceE-bgp-default] router-id 3.3.3.3

[DeviceE-bgp-default] peer 1::1 as-number 100

[DeviceE-bgp-default] peer 1::1 connect-interface loopback 0

[DeviceE-bgp-default] address-family ipv6

[DeviceE-bgp-default-ipv6] peer 1::1 enable

[DeviceE-bgp-default-ipv6] network 2::2 128

[DeviceE-bgp-default-ipv6] quit

[DeviceE-bgp-default] address-family ipv6 sr-policy

[DeviceE-bgp-default-srpolicy-ipv6] peer 1::1 enable

[DeviceE-bgp-default-srpolicy-ipv6] quit

[DeviceE-bgp-default] quit

# Configure a route policy to add a color attribute to the export routes.

[DeviceE] route-policy 1 permit node 10

[DeviceE-route-policy-1-10] apply extcommunity color 01:1

[DeviceE-route-policy-1-10] quit

[DeviceE] bgp 100

[DeviceE-bgp-default] address-family ipv6 unicast

[DeviceE-bgp-default-ipv6] peer 1::1 route-policy 1 export

[DeviceE-bgp-default-ipv6] peer 1::1 advertise-community

[DeviceE-bgp-default-ipv6] peer 1::1 advertise-ext-community

[DeviceE-bgp-default-ipv6] quit

[DeviceE-bgp-default] quit

6. Configure Device F:

# Configure IS-IS and set the IS-IS cost style to wide.

<DeviceF> system-view

[DeviceF] isis 1

[DeviceF-isis-1] network-entity 00.0000.0000.0006.00

[DeviceF-isis-1] cost-style wide

[DeviceF-isis-1] address-family ipv6 unicast

[DeviceF-isis-1-ipv6] quit

[DeviceF-isis-1] quit

[DeviceF] interface ten-gigabitethernet 3/0/1

[DeviceF-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceF-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display information about the ODN-created SRv6 TE policy on Device B.

[DeviceB] display segment-routing ipv6 te policy

Name/ID: sr-1-3::3/0

Color: 1

End-point: 3::3

Name from BGP: sr-1-3::3

Name from PCE:

BSID:

Mode: Dynamic Type: Type_2 Request state: Succeeded

Current BSID: 20:1::100:0 Explicit BSID: - Dynamic BSID: 20:1::100:0

Reference counts: 4

Flags: A/BS/NC

Status: Up

AdminStatus: Up

Up time: 2020-12-01 15:58:12

Down time: 2020-12-01 15:58:12

Hot backup: Disabled

Statistics: Disabled

Statistics by service class: Disabled

Path verification: Disabled

Drop-upon-invalid: Disabled

BFD trigger path-down: Disabled

SBFD: Disabled

BFD Echo: Disabled

Forwarding index: 2150629377

Association ID: 1

Service-class: -

Rate-limit: -

PCE delegation: Disabled

PCE delegate report-only: Disabled

Reoptimization: Disabled

Encapsulation mode: -

Candidate paths state: Not configured

Candidate paths statistics:

CLI paths: 0 BGP paths: 0 PCEP paths: 0 ODN paths: 2

Candidate paths:

Preference : 100

CPathName: sr-1-3::3

ProtoOrigin: BGP Discriminator: 100

Instance ID: 0 Node address: 0.0.0.0

Originator: 0, ::

Optimal: N Flags: None

Dynamic: Configured

PCEP: Configured

Candidate paths:

Preference : 200

CPathName: sr-1-3::3

ProtoOrigin: BGP Discriminator: 200

Instance ID: 0 Node address: 0.0.0.0

Originator: 0, ::

Optimal: N Flags: BN

Dynamic: Not configured

PCEP: Not configured

# Display the forwarding path information of the SRv6 TE policy.

[DeviceB] display segment-routing ipv6 forwarding

Total SRv6 forwarding entries: 1

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

A - Active forwarding information

B - Backup forwarding information

ID FWD-Type Flags Forwarding info

--------------------------------------------------------------------------------

2150630377 SRv6Policy TA 2149581800

# Display the forwarding information of the SRv6 TE policy.

[DeviceB] display segment-routing ipv6 te forwarding verbose

Total forwarding entries: 1

Policy name/ID: sr-1-3::3/1001

Binding SID: 20:1::100:0

Forwarding index: 2150630377

Main path:

Seglist ID: 4369

Seglist forwarding index: 2149581800

Weight: 1

Outgoing forwarding index: 2148533223

Interface: GE1/0/3

Nexthop: FE80::7AAA:12FF:FED8:309

Discriminator: 100

Path ID: 0

SID list: {6:5::1:5}

# Display BGP route information for the SRv6 TE policy.

[DeviceB] display bgp routing-table ipv6 3::3 128

BGP local router ID: 1.1.1.1

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of 3::3/128:

From : 3::3 (2.2.2.2)

Rely nexthop : FE80::7AAA:12FF:FED8:309

Original nexthop: 3::3

Out interface : GigabitEthernet1/0/3

Route age : 00h17m00s

OutLabel : NULL

Ext-Community : <CO-Flag:Color(01:1)>

RxPathID : 0x0

TxPathID : 0xffffffff

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, not preferred for igp-cost, not ECMP for igp-cost

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : gw

Rely tunnel IDs : 2150630377

IP L3VPN over SRv6 configuration examples

Example: Configuring IP L3VPN over SRv6 BE

Network configuration

As shown in Figure 326, the backbone network is an IPv6 network, and VPN 1 is an IPv4 network. Deploy IP L3VPN over SRv6 between PE 1 and PE 2 and use an SRv6 tunnel to transmit VPNv4 traffic between the PEs.

· Configure EBGP to exchange VPN routing information between the CEs and PEs.

· Configure IPv6 IS-IS on the PEs in the same AS to realize IPv6 network connectivity.

· Configure MP-IBGP to exchange VPNv4 routing information between the PEs.

Figure 326 Network diagram

‌

Table 138 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.2/24	PE 2	Loop0	3::3/128
PE 1	Loop0	1::1/128		XGE3/0/1	10.2.1.1/24
	XGE3/0/1	10.1.1.1/24		XGE3/0/2	2002::1/96
	XGE3/0/2	2001::1/96	CE 2	XGE3/0/1	10.2.1.2/24
P	Loop0	2::2/128
	XGE3/0/1	2001::2/96
	XGE3/0/2	2002::2/96

‌

Procedure

1. Configure IPv6 IS-IS on the PEs and device P for network connectivity between the devices:

# Configure PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 10.1111.1111.1111.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] isis ipv6 enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 2001::1 96

[PE1-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure P.

system-view

[P] isis

[P-isis-1] is-level level-1

[P-isis-1] cost-style wide

[P-isis-1] network-entity 10.2222.2222.2222.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ipv6 address 2::2 128

[P-LoopBack0] isis ipv6 enable

[P-LoopBack0] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ipv6 address 2001::2 96

[P-Ten-GigabitEthernet3/0/1] isis ipv6 enable

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ipv6 address 2002::2 96

[P-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2.

<PE2> system-view

[PE2] isis

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 10.3333.3333.3333.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 3::3 128

[PE2-LoopBack0] isis ipv6 enable

[PE2-LoopBack0] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 2002::1 96

[PE2-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Verify that PE 1, P, and PE 2 have established IPv6 IS-IS neighbor relationships and the neighbor state is up.

[PE1] display isis peer

[P] display isis peer

[PE2] display isis peer

# Verify that PE 1 and PE 2 each learn a route destined for the loopback interface of each other.

[PE1] display isis route ipv6

[PE2] display isis route ipv6

2. Configure VPN instance settings on PE 1 and PE 2 and verify that each CE can access its local PE:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Configure PE 2.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Configure IP addresses for the interfaces on the CEs, as shown in Figure 326. (Details not shown.)

# Display VPN instance settings on each PE. This step uses PE 1 as an example.

[PE1] display ip vpn-instance

Total VPN-Instances configured : 1

Total IPv4 VPN-Instances configured : 1

Total IPv6 VPN-Instances configured : 1

VPN-Instance Name RD Address family Create time

vpn1 100:1 IPv4/IPv6 2019/08/12 13:59:39

# Verify that each PE can ping its local CE. This step uses PE 1 and CE 1 as an example.

[PE1] ping -vpn-instance vpn1 10.1.1.2

Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL+C to break

56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=2.000 ms

56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=0.000 ms

56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.000 ms

56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=0.000 ms

56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=0.000 ms

--- Ping statistics for 10.1.1.2 in VPN instance vpn1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.600/2.000/0.800 ms

3. Set up an EBGP peer relationship between each PE and its local CE and distribute VPN routes to EBGP:

# Configure CE 1.

<CE1> system-view

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# Configure CE 2 in the same way as CE 1 is configured. (Details not shown.)

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# Configure PE 2 in the same way PE 1 is configured. (Details not shown.)

# Verify that the PEs have established BGP peer relationships with their local CEs and the peers are in established state.

[PE1] display bgp peer ipv4 vpn-instance

[PE2] display bgp peer ipv4 vpn-instance

4. Set up an MP-IBGP peer relationship between PE 1 and PE 2:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3::3 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# Verify that the PEs have established a BGP peer relationship and the peers are in established state.

[PE1] display bgp peer vpnv4

[PE2] display bgp peer vpnv4

5. Specify a source address for the outer IPv6 header of SRv6-encapsulated IP L3VPN packets on PE 1 and PE 2:

# Configure PE 1.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# Configure PE 2.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 3::3

6. Configure the destination address (End.DT4 SID) of the outer IPv6 header for SRv6-encapsulated IP L3VPN packets:

# Configure PE 1.

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2::1:0 96 static 8

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# Configure PE 2.

[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 6:5::1:0 96 static 8

[PE2-segment-routing-ipv6-locator-bbb] quit

[PE2-segment-routing-ipv6] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# Verify that the PEs have distributed the End.DT4 SIDs to the routing table and generated SRv6 routes. This step uses PE 1 as an example.

[PE1] display ipv6 routing-table protocol srv6

Summary count : 1

SRv6 Routing table status : <Active>

Summary count : 1

Destination: 1:2::101/128 Protocol : SRv6

NextHop : ::1 Preference: 4

Interface : InLoop0 Cost : 0

SRv6 Routing table status : <Inactive>

Summary count : 0

7. Add End.DT4 SIDs to private network routes on PE 1 and PE 2:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator bbb

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

8. Enable IPv6 peers on the PEs to exchange End.DT4 SIDs and enable the SID-route-recursion feature:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3::3 prefix-sid

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1::1 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# Display BGP VPNv4 routing information on each PE and verify that the routes advertised by the PEs have the SID attribute. This step uses PE 1 as an example.

[PE1] display bgp routing-table vpnv4 10.2.1.0

BGP local router ID: 1.1.1.1

Local AS number: 100

Route distinguisher: 100:1(vpn1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.2.1.0/24:

From : 3::3 (3.3.3.3)

Rely nexthop : FE80::2A96:34FF:FE9D:216

Original nexthop: 3::3

Out interface : Ten-GigabitEthernet3/0/2

Route age : 00h14m23s

OutLabel : 3

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

PrefixSID : End.DT4 SID <6:5::101>

AS-path : 65420

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

Verifying the configuration

# Display IPv4 routing table information on the PEs and verify that each PE has a route destined for the remote CE and the next hop of the route is the End.DT4 SID of the route. This step uses PE 1 as an example.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.0/32 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/1

10.2.1.0/24 BGP 255 0 6:5::1:0 XGE3/0/2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring IPv4 L3VPN HoVPN over MPLS-to-SRv6

Network configuration

As shown in Figure 327, the network between the UPE and MPE is an MPLS network and the network between the MPE and SPE is an SRv6 network. Configure HoVPN to permit users in the same VPN instance to communicate with each other across the MPLS and SRv6 networks.

Figure 327 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.2/24	MPE	Loop0	2.2.2.2/32 2::2/128
CE 2	XGE3/0/1	10.2.1.2/24		XGE3/0/1	11.1.1.2/24
UPE	Loop0	1.1.1.1/32		XGE3/0/2	100::1/96
	XGE3/0/1	10.1.1.1/24	SPE	Loop0	3::3/128
	XGE3/0/2	11.1.1.1/24		XGE3/0/1	10.2.1.1/24
				XGE3/0/2	100::2/96

Procedure

1. Configure CE 1:

# Establish EBGP peer relationship with the UPE and import VPN routes.

<CE1> system-view

[CE1] bgp 101

[CE1-bgp-default] peer 10.1.1.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure the UPE:

# Configure MPLS basic capability and MPLS LDP capability.

<UPE> system-view

[UPE] mpls lsr-id 1.1.1.1

[UPE] mpls ldp

[UPE-ldp] quit

# Configure IS-IS for backbone network communication.

[UPE] isis 1

[UPE-isis-1] is-level level-1

[UPE-isis-1] cost-style wide

[UPE-isis-1] network-entity 10.1111.1111.1111.00

[UPE-isis-1] quit

[UPE] interface loopback 0

[UPE-LoopBack0] ip address 1.1.1.1 32

[UPE-LoopBack0] isis enable 1

[UPE-LoopBack0] quit

[UPE] interface ten-gigabitethernet 3/0/2

[UPE-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 24

[UPE-Ten-GigabitEthernet3/0/2] isis enable 1

[UPE-Ten-GigabitEthernet3/0/2] mpls enable

[UPE-Ten-GigabitEthernet3/0/2] mpls ldp enable

[UPE-Ten-GigabitEthernet3/0/2] quit

# Configure a VPN instance for CE 1 to access the UPE.

[UPE] ip vpn-instance vpn1

[UPE-vpn-instance-vpn1] route-distinguisher 100:1

[UPE-vpn-instance-vpn1] vpn-target 111:1

[UPE-vpn-instance-vpn1] quit

[UPE] interface ten-gigabitethernet 3/0/1

[UPE-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[UPE-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[UPE-Ten-GigabitEthernet3/0/1] quit

# Establish EBGP peer relationship with CE 1 and import VPN routes.

[UPE] bgp 100

[UPE-bgp-default] router-id 1.1.1.1

[UPE-bgp-default] ip vpn-instance vpn1

[UPE-bgp-default-vpn1] peer 10.1.1.2 as-number 101

[UPE-bgp-default-vpn1] address-family ipv4 unicast

[UPE-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable

[UPE-bgp-default-ipv4-vpn1] import-route direct

[UPE-bgp-default-ipv4-vpn1] quit

[UPE-bgp-default-vpn1] quit

# Establish MP-IBGP peer relationship with the MPE.

[UPE-bgp-default] peer 2.2.2.2 as-number 100

[UPE-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[UPE-bgp-default] address-family vpnv4

[UPE-bgp-default-vpnv4] peer 2.2.2.2 enable

[UPE-bgp-default-vpnv4] quit

[UPE-bgp-default] quit

3. Configure the MPE:

# Configure MPLS basic capability and MPLS LDP capability.

<MPE> system-view

[MPE] mpls lsr-id 2.2.2.2

[MPE] mpls ldp

[MPE-ldp] quit

# Configure IS-IS for backbone network communication.

[MPE] isis 1

[MPE-isis-1] is-level level-1

[MPE-isis-1] cost-style wide

[MPE-isis-1] network-entity 10.2222.2222.2222.00

[MPE-isis-1] address-family ipv6 unicast

[MPE-isis-1-ipv6] quit

[MPE-isis-1] quit

[MPE] interface loopback 0

[MPE-LoopBack0] ip address 2.2.2.2 32

[MPE-LoopBack0] ipv6 address 2::2 128

[MPE-LoopBack0] isis enable 1

[MPE-LoopBack0] isis ipv6 enable 1

[MPE-LoopBack0] quit

[MPE] interface ten-gigabitethernet 3/0/1

[MPE-Ten-GigabitEthernet3/0/1] ip address 11.1.1.2 24

[MPE-Ten-GigabitEthernet3/0/1] isis enable 1

[MPE-Ten-GigabitEthernet3/0/1] mpls enable

[MPE-Ten-GigabitEthernet3/0/1] mpls ldp enable

[MPE-Ten-GigabitEthernet3/0/1] quit

[MPE] interface ten-gigabitethernet 3/0/2

[MPE-Ten-GigabitEthernet3/0/2] ipv6 address 100::1 96

[MPE-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[MPE-Ten-GigabitEthernet3/0/2] quit

# Configure a VPN instance.

[MPE] ip vpn-instance vpn2

[MPE-vpn-instance-vpn1] route-distinguisher 200:1

[MPE-vpn-instance-vpn1] vpn-target 111:1

[MPE-vpn-instance-vpn1] quit

# Establish MP-IBGP peer relationship with the UPE and SPE.

[MPE] bgp 100

[MPE-bgp-default] router-id 2.2.2.2

[MPE-bgp-default] peer 1.1.1.1 as-number 100

[MPE-bgp-default] peer 1.1.1.1 connect-interface LoopBack0

[MPE-bgp-default] peer 3::3 as-number 100

[MPE-bgp-default] peer 3::3 connect-interface LoopBack0

[MPE-bgp-default] address-family vpnv4

[MPE-bgp-default-vpnv4] peer 1.1.1.1 enable

[MPE-bgp-default-vpnv4] peer 3::3 enable

[MPE-bgp-default-vpnv4] quit

# Specify a UPE.

[MPE-bgp-default-vpnv4] peer 1.1.1.1 upe

[MPE-bgp-default-vpnv4] peer 1.1.1.1 next-hop-local

# Configure optimal route reorigination and advertisement for intercommunication between the MPLS L3VPN network and IP L3VPN over SRv6 network.

[MPE-bgp-default] ip vpn-instance vpn2

[MPE-bgp-default-vpn2] address-family ipv4 unicast

[MPE-bgp-default-ipv4-vpn2] advertise route-reoriginate

[MPE-bgp-default-ipv4-vpn2] quit

[MPE-bgp-default-vpn2] quit

[MPE-bgp-default] quit

# Enable the MPE to send routing information matching a routing policy to the UPE. The route of CE 2 can be sent to the UPE.

[MPE] ip prefix-list hovpn index 10 permit 10.2.1.0 24

[MPE] route-policy hovpn permit node 0

[MPE-route-policy-hovpn-0] if-match ip address prefix-list hovpn

[MPE-route-policy-hovpn-0] quit

[MPE] bgp 100

[MPE-bgp-default] address-family vpnv4

[MPE-bgp-default-vpnv4] peer 1.1.1.1 upe route-policy hovpn export

[MPE-bgp-default-vpnv4] quit

[MPE-bgp-default] quit

# Configure L3VPN over SRv6 BE.

[MPE] segment-routing ipv6

[MPE-segment-routing-ipv6] encapsulation source-address 2::2

[MPE-segment-routing-ipv6] locator hovpn ipv6-prefix 42:1:: 64 static 32

[MPE-segment-routing-ipv6-locator-hovpn] quit

[MPE-segment-routing-ipv6] quit

[MPE] bgp 100

[MPE-bgp-default] address-family vpnv4

[MPE-bgp-default-vpnv4] peer 3::3 prefix-sid

[MPE-bgp-default-vpnv4] quit

[MPE-bgp-default] ip vpn-instance vpn2

[MPE-bgp-default-vpn2] address-family ipv4 unicast

[MPE-bgp-default-ipv4-vpn2] segment-routing ipv6 best-effort

[MPE-bgp-default-ipv4-vpn2] segment-routing ipv6 locator hovpn

[MPE-bgp-default-ipv4-vpn2] quit

[MPE-bgp-default-vpn2] quit

[MPE-bgp-default] quit

[MPE] isis 1

[MPE-isis-1] address-family ipv6 unicast

[MPE-isis-1-ipv6] segment-routing ipv6 locator hovpn

[MPE-isis-1-ipv6] quit

[MPE-isis-1] quit

4. Configure the SPE:

# Configure IPv6 IS-IS for backbone network communication.

<SPE> system-view

[SPE] isis 1

[SPE-isis-1] is-level level-1

[SPE-isis-1] cost-style wide

[SPE-isis-1] network-entity 10.3333.3333.3333.00

[SPE-isis-1] address-family ipv6 unicast

[SPE-isis-1-ipv6] quit

[SPE-isis-1] quit

[SPE] interface loopback 0

[SPE-LoopBack0] ipv6 address 3::3 128

[SPE-LoopBack0] isis ipv6 enable 1

[SPE-LoopBack0] quit

[SPE] interface ten-gigabitethernet 3/0/2

[SPE-Ten-GigabitEthernet3/0/2] ipv6 address 100::2 96

[SPE-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[SPE-Ten-GigabitEthernet3/0/2] quit

# Configure a VPN instance for CE 2 to access the SPE.

[SPE] ip vpn-instance vpn1

[SPE-vpn-instance-vpn1] route-distinguisher 100:1

[SPE-vpn-instance-vpn1] vpn-target 111:1

[SPE-vpn-instance-vpn1] quit

[SPE] interface ten-gigabitethernet 3/0/1

[SPE-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[SPE-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24

[SPE-Ten-GigabitEthernet3/0/1] quit

# Establish EGFP peer relationship with CE 2 and import VPN routes.

[SPE] bgp 100

[SPE-bgp-default] router-id 3.3.3.3

[SPE-bgp-default] ip vpn-instance vpn1

[SPE-bgp-default-vpn1] peer 10.2.1.2 as-number 102

[SPE-bgp-default-vpn1] address-family ipv4 unicast

[SPE-bgp-default-ipv4-vpn1] peer 10.2.1.2 enable

[SPE-bgp-default-ipv4-vpn1] import-route direct

[SPE-bgp-default-ipv4-vpn1] quit

[SPE-bgp-default-vpn1] quit

# Establish MP-IBGP peer relationship with the MPE.

[SPE] bgp 100

[SPE-bgp-default] peer 2::2 as-number 100

[SPE-bgp-default] peer 2::2 connect-interface loopback 0

[SPE-bgp-default] address-family vpnv4

[SPE-bgp-default-vpnv4] peer 2::2 enable

[SPE-bgp-default-vpnv4] quit

[SPE-bgp-default] quit

# Configure L3VPN over SRv6 BE.

[SPE] segment-routing ipv6

[SPE-segment-routing-ipv6] encapsulation source-address 3::3

[SPE-segment-routing-ipv6] locator hovpn ipv6-prefix 43:1:: 64 static 32

[SPE-segment-routing-ipv6-locator-hovpn] quit

[SPE-segment-routing-ipv6] quit

[SPE] bgp 100

[SPE-bgp-default] address-family vpnv4

[SPE-bgp-default-vpnv4] peer 2::2 prefix-sid

[SPE-bgp-default-vpnv4] quit

[SPE-bgp-default] ip vpn-instance vpn1

[SPE-bgp-default-vpn1] address-family ipv4 unicast

[SPE-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[SPE-bgp-default-ipv4-vpn1] segment-routing ipv6 locator hovpn

[SPE-bgp-default-ipv4-vpn1] quit

[SPE-bgp-default-vpn1] quit

[SPE-bgp-default] quit

[SPE] isis 1

[SPE-isis-1] address-family ipv6 unicast

[SPE-isis-1-ipv6] segment-routing ipv6 locator hovpn

[SPE-isis-1-ipv6] quit

[SPE-isis-1] quit

5. Configure CE 2:

# Establish EBGP peer relationship with the SPE and import VPN routes.

<CE2> system-view

[CE2] bgp 102

[CE2-bgp-default] peer 10.2.1.1 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.2.1.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# On MPE, verify that the routes destined for CE 2 and CE 1 have established SRv6 SID and MPLS label mappings.

[MPE] display bgp routing-table vpnv4 10.2.1.0 24

BGP local router ID: 2.2.2.2

Local AS number: 100

Route distinguisher: 100:1

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.2.1.0/24:

From : 3::3 (3.3.3.3)

Rely nexthop : FE80::9885:31FF:FE87:317

Original nexthop: 3::3

Out interface : Ten-GigabitEthernet3/0/2

Route age : 03h16m43s

OutLabel : 3

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

PrefixSID : End.DT4 SID <43:1::1:0:2>

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

Route distinguisher: 200:1(vpn2)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.2.1.0/24:

From : 3::3 (3.3.3.3)

Rely nexthop : FE80::9885:31FF:FE87:317

Original nexthop: 3::3

Out interface : Ten-GigabitEthernet3/0/2

Route age : 03h16m43s

OutLabel : 3

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

PrefixSID : End.DT4 SID <43:1::1:0:2>

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best, remoteredist, reoriginated

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

[MPE] display bgp routing-table vpnv4 10.1.1.0 24

BGP local router ID: 2.2.2.2

Local AS number: 100

Route distinguisher: 100:1

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.1.1.0/24:

From : 1.1.1.1 (1.1.1.1)

Rely nexthop : 11.1.1.1

Original nexthop: 1.1.1.1

Out interface : Ten-GigabitEthernet3/0/1

Route age : 00h44m22s

OutLabel : 600126

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : 3

Route distinguisher: 200:1(vpn2)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.1.1.0/24:

From : 1.1.1.1 (1.1.1.1)

Rely nexthop : 11.1.1.1

Original nexthop: 1.1.1.1

Out interface : Ten-GigabitEthernet3/0/1

Route age : 00h44m22s

OutLabel : 600126

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

PrefixSID : End.DT4 SID <42:1::1:0:2>

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best, remoteredist, reoriginated

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : 3

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring inter-AS option B VPN

Network configuration

As shown in Figure 328, an MPLS network is deployed in AS 100 and an SRv6 network is deployed in AS 200. Configure inter-AS option B VPN to permit users in the same VPN instance to communicate with each other across the MPLS and SRv6 networks.

Figure 328 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.2/24	CE 2	XGE3/0/1	20.1.1.2/24
PE 1	Loop0	1.1.1.1/32	PE 2	Loop0	1::1/128
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	20.1.1.1/24
	XGE3/0/2	11.1.1.1/24		XGE3/0/2	100::1/96
ASBR 1	Loop0	2.2.2.2/32	ASBR 2	Loop0	2::2/128
	XGE3/0/1	11.1.1.2/24		XGE3/0/1	100::2/96
	XGE3/0/2	12.1.1.1/24		XGE3/0/2	12.1.1.2/24

Procedure

1. Configure CE 1:

# Establish EBGP peer relationship with PE 1 and import VPN routes.

<CE1> system-view

[CE1] bgp 101

[CE1-bgp-default] peer 10.1.1.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Run IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 10.1111.1111.1111.00

[PE1-isis-1] quit

# Specify an LSR ID and enable MPLS and LDP.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] quit

# On interface Ten-GigabitEthernet 3/0/2, specify an IP address, run IS-IS, and enable MPLS and LDP.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/2] isis enable 1

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Create interface Loopback 0, specify an IP address for the interface, and run IS-IS on the interface.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.2 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create a VPN instance named vpn1 and configure a RD and route target for the VPN instance.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

# Associate the interface connected to CE 1 with VPN instance vpn1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Run BGP on PE 1.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

# Configure IBGP peer 2.2.2.2 as a VPNv4 peer.

[PE1-bgp-default] peer 2.2.2.2 as-number 100

[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable

[PE1-bgp-default-vpnv4] quit

# Establish EBGP peer relationship with CE 1 and import VPN routes.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 101

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

3. Configure ASBR 1:

# Run IS-IS on ASBR 1.

<ASBR1> system-view

[ASBR1] isis 1

[ASBR1-isis-1] cost-style wide

[ASBR1-isis-1] network-entity 10.2222.2222.2222.00

[ASBR1-isis-1] quit

# Specify an LSR ID and enable MPLS and LDP.

[ASBR1] mpls lsr-id 2.2.2.2

[ASBR1] mpls ldp

[ASBR1-ldp] quit

# On interface Ten-GigabitEthernet 3/0/1, specify an IP address, run IS-IS, and enable MPLS and LDP.

[ASBR1] interface ten-gigabitethernet 3/0/1

[ASBR1-Ten-GigabitEthernet3/0/1] ip address 11.1.1.2 255.0.0.0

[ASBR1-Ten-GigabitEthernet3/0/1] isis enable 1

[ASBR1-Ten-GigabitEthernet3/0/1] mpls enable

[ASBR1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[ASBR1-Ten-GigabitEthernet3/0/1] quit

# On interface Ten-GigabitEthernet 3/0/2, specify an IP address and enable MPLS.

[ASBR1] interface ten-gigabitethernet 3/0/2

[ASBR1-Ten-GigabitEthernet3/0/2] ip address 12.1.1.1 255.0.0.0

[ASBR1-Ten-GigabitEthernet3/0/2] mpls enable

[ASBR1-Ten-GigabitEthernet3/0/2] quit

# Create interface Loopback 0, specify an IP address and run IS-IS on the interface.

[ASBR1] interface loopback 0

[ASBR1-LoopBack0] ip address 2.2.2.2 32

[ASBR1-LoopBack0] isis enable 1

[ASBR1-LoopBack0] quit

# Run BGP on ASBR 1.

[ASBR1] bgp 100

[ASBR1-bgp-default] router-id 2.2.2.2

[ASBR1-bgp-default] peer 1.1.1.1 as-number 100

[ASBR1-bgp-default] peer 1.1.1.1 connect-interface loopback 0

[ASBR1-bgp-default] peer 12.1.1.2 as-number 200

[ASBR1-bgp-default] peer 12.1.1.2 connect-interface ten-gigabitethernet 3/0/2

# Configure BGP to not filter received VPNv4 routes based on route targets.

[ASBR1-bgp-default] address-family vpnv4

[ASBR1-bgp-default-vpnv4] undo policy vpn-target

# Configure IBGP peer 1.1.1.1 and EBGP peer 12.1.1.2 as VPNv4 peers.

[ASBR1-bgp-default-vpnv4] peer 12.1.1.2 enable

[ASBR1-bgp-default-vpnv4] peer 1.1.1.1 enable

[ASBR1-bgp-default-vpnv4] quit

[ASBR1-bgp-default] quit

4. Configure ASBR 2:

# Run IPv6 IS-IS on ASBR 2.

<ASBR2> system-view

[ASBR2] isis 1

[ASBR2-isis-1] cost-style wide

[ASBR2-isis-1] network-entity 10.3333.3333.3333.00

[ASBR2-isis-1] address-family ipv6 unicast

[ASBR2-isis-1-ipv6] quit

[ASBR2-isis-1] quit

# On interface Ten-GigabitEthernet 3/0/1, specify an IPv6 address and run IPv6 IS-IS.

[ASBR2] interface ten-gigabitethernet 3/0/1

[ASBR2-Ten-GigabitEthernet3/0/1] ipv6 address 100::2 96

[ASBR2-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[ASBR2-Ten-GigabitEthernet3/0/1] quit

# On interface Ten-GigabitEthernet 3/0/2, specify an IP address and enable MPLS.

[ASBR2] interface ten-gigabitethernet 3/0/2

[ASBR2-Ten-GigabitEthernet3/0/2] ip address 12.1.1.2 255.0.0.0

[ASBR2-Ten-GigabitEthernet3/0/2] mpls enable

[ASBR2-Ten-GigabitEthernet3/0/2] quit

# Create interface Loopback 0, specify an IPv6 address for the interface, and run IPv6 IS-IS on the interface.

[ASBR2] interface loopback 0

[ASBR2-LoopBack0] ipv6 address 2::2 128

[ASBR2-LoopBack0] isis ipv6 enable 1

[ASBR2-LoopBack0] quit

# Run BGP on ASBR 2.

[ASBR2] bgp 200

[ASBR2-bgp-default] router-id 3.3.3.3

[ASBR2-bgp-default] peer 12.1.1.1 as-number 100

[ASBR2-bgp-default] peer 12.1.1.1 connect-interface ten-gigabitethernet 3/0/2

[ASBR2-bgp-default] peer 1::1 as-number 200

[ASBR2-bgp-default] peer 1::1 connect-interface loopback 0

# Configure BGP to not filter received VPNv4 routes based on route targets.

[ASBR2-bgp-default] address-family vpnv4

[ASBR2-bgp-default-vpnv4] undo policy vpn-target

# Configure IBGP peer 1::1 and EBGP peer 12.1.1.1 as VPNv4 peers.

[ASBR2-bgp-default-vpnv4] peer 12.1.1.1 enable

[ASBR2-bgp-default-vpnv4] peer 1::1 enable

[ASBR2-bgp-default-vpnv4] quit

[ASBR2-bgp-default] quit

# Configure L3VPN over SRv6 BE.

[ASBR2] segment-routing ipv6

[ASBR2-segment-routing-ipv6] encapsulation source-address 2::2

[ASBR2-segment-routing-ipv6] locator abc ipv6-prefix 43:1:: 64 static 32

[ASBR2-segment-routing-ipv6-locator-abc] quit

[ASBR2-segment-routing-ipv6] quit

[ASBR2] bgp 200

[ASBR2-bgp-default] address-family vpnv4

[ASBR2-bgp-default-vpnv4] segment-routing ipv6 best-effort

[ASBR2-bgp-default-vpnv4] segment-routing ipv6 locator abc

[ASBR2-bgp-default-vpnv4] peer 1::1 prefix-sid

# Enable SRv6 and MPLS interworking.

[ASBR2-bgp-default-vpnv4] srv6-mpls-interworking enable

[ASBR2-bgp-default-vpnv4] quit

[ASBR2-bgp-default] quit

# Apply a locator to IPv6 IS-IS.

[ASBR2] isis 1

[ASBR2-isis-1] address-family ipv6 unicast

[ASBR2-isis-1-ipv6] segment-routing ipv6 locator abc

[ASBR2-isis-1-ipv6] quit

[ASBR2-isis-1] quit

5. Configure PE 2:

# Run IPv6 IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 10.4444.4444.4444.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# On interface Ten-GigabitEthernet 3/0/2, specify an IPv6 address and run IPv6 IS-IS.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 100::1 96

[PE2-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/2] quit

# Create interface Loopback 0, specify an IPv6 address and run IPv6 IS-IS on the interface.

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 1::1 128

[PE2-LoopBack0] isis ipv6 enable 1

[PE2-LoopBack0] quit

# Create a VPN instance named vpn1 and configure a RD and route target for the VPN instance.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

# Associate the interface connected to CE 2 with VPN instance vpn1.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.1.1.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Run BGP on PE 2.

[PE2] bgp 200

[PE2-bgp-default] router-id 4.4.4.4

# Configure IBGP peer 2::2 as a VPNv4 peer.

[PE2-bgp-default] peer 2::2 as-number 200

[PE2-bgp-default] peer 2::2 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2::2 enable

[PE2-bgp-default-vpnv4] quit

# Establish EBGP peer relationship with CE 2 and import VPN routes.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.1.1.2 as-number 201

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.1.1.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

# Configure L3VPN over SRv6 BE.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 1::1

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 42:1:: 64 static 32

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

[PE2] bgp 200

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 2::2 prefix-sid

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

# Apply a locator to IPv6 IS-IS.

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

6. Configure CE 2:

# Establish EBGP peer relationship with PE 2 and import VPN routes.

<CE2> system-view

[CE2] bgp 201

[CE2-bgp-default] peer 20.1.1.1 as-number 200

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.1.1.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# On ASBR 2, verify that the MPLS label and SRv6 SID have established mapping relationship. The LSP out label is the SRv6 SID.

[ASBR2] display mpls lsp srv6-mpls-interworking

FEC : 3::3/43:1::1:0:2

Protocol : BGP

In Label : 600127

Out SRv6 SID : 43:1::1:0:2

Path ID : 0x16000000.1

# On ASBR 2, verify that an End.T SID has been allocated to FEC 10.1.1.0/24.

[ASBR2] display bgp routing-table vpnv4 10.1.1.0

BGP local router ID: 3.3.3.3

Local AS number: 200

Route distinguisher: 100:1

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.1.1.0/24:

From : 12.1.1.1 (2.2.2.2)

Rely nexthop : 12.1.1.1

Original nexthop: 12.1.1.1

Out interface : Ten-GigabitEthernet3/0/2

Route age : 00h03m18s

OutLabel : 600126

Ext-Community : <RT: 100:1>

RxPathID : 0x0

TxPathID : 0x0

PrefixSID : End.T SID <42:1::1:0:4>

AS-path : 100 101

Origin : incomplete

Attribute value : pref-val 0

State : valid, external, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : 1

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

EVPN L3VPN over SRv6 configuration examples

Example: Configuring IPv4 EVPN L3VPN over SRv6 in SRv6 BE mode

Network configuration

As shown in Figure 329, the backbone network is an IPv6 network, and VPN 1 is an IPv4 network. Deploy EVPN L3VPN over SRv6 in SRv6 BE mode between PE 1 and PE 2 and use an SRv6 tunnel to transmit EVPN traffic between the PEs.

· Configure EBGP to exchange VPN routing information between the CEs and PEs.

· Configure IPv6 IS-IS on the PEs in the same AS to realize IPv6 network connectivity.

· Configure MP-IBGP to exchange EVPN routing information between the PEs.

Figure 329 Network diagram

‌

Table 139 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.2/24	PE 2	Loop0	3::3/128
PE 1	Loop0	1::1/128		XGE3/0/1	10.2.1.1/24
	XGE3/0/1	10.1.1.1/24		XGE3/0/2	2002::1/96
	XGE3/0/2	2001::1/96	CE 2	XGE3/0/1	10.2.1.2/24
P	Loop0	2::2/128
	XGE3/0/1	2001::2/96
	XGE3/0/2	2002::2/96

‌

Procedure

1. Configure IPv6 IS-IS on the PEs and device P for network connectivity between the devices:

# Configure PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 10.1111.1111.1111.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] isis ipv6 enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 2001::1 96

[PE1-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure P.

system-view

[P] isis

[P-isis-1] is-level level-1

[P-isis-1] cost-style wide

[P-isis-1] network-entity 10.2222.2222.2222.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] ipv6 address 2::2 128

[P-LoopBack0] isis ipv6 enable

[P-LoopBack0] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ipv6 address 2001::2 96

[P-Ten-GigabitEthernet3/0/1] isis ipv6 enable

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ipv6 address 2002::2 96

[P-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2.

<PE2> system-view

[PE2] isis

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 10.3333.3333.3333.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 3::3 128

[PE2-LoopBack0] isis ipv6 enable

[PE2-LoopBack0] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 2002::1 96

[PE2-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[PE2-Ten-GigabitEthernet3/0/2] quit

# Verify that PE 1, P, and PE 2 have established IPv6 IS-IS neighbor relationships and the neighbor state is up.

[PE1] display isis peer

[P] display isis peer

[PE2] display isis peer

# Verify that PE 1 and PE 2 each learn a route destined for the loopback interface of each other.

[PE1] display isis route ipv6

[PE2] display isis route ipv6

2. Configure VPN instance settings on PE 1 and PE 2 and verify that each CE can access its local PE:

# Configure PE 1.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 111:1

[PE1-vpn-instance-vpn1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Configure PE 2.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 111:1

[PE2-vpn-instance-vpn1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Configure IP addresses for the interfaces on the CEs, as shown in Figure 329. (Details not shown.)

# Display VPN instance settings on each PE. This step uses PE 1 as an example.

[PE1] display ip vpn-instance

Total VPN-Instances configured : 1

Total IPv4 VPN-Instances configured : 1

Total IPv6 VPN-Instances configured : 1

VPN-Instance Name RD Address family Create time

vpn1 100:1 IPv4/IPv6 2019/08/12 13:59:39

# Verify that each PE can ping its local CE. This step uses PE 1 and CE 1 as an example.

[PE1] ping -vpn-instance vpn1 10.1.1.2

Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL+C to break

56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=2.000 ms

56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=0.000 ms

56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.000 ms

56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=0.000 ms

56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=0.000 ms

--- Ping statistics for 10.1.1.2 in VPN instance vpn1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.600/2.000/0.800 ms

3. Set up an EBGP peer relationship between each PE and its local CE and distribute VPN routes to EBGP:

# Configure CE 1.

<CE1> system-view

[CE1] bgp 65410

[CE1-bgp-default] peer 10.1.1.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

# Configure CE 2 in the same way as CE 1 is configured. (Details not shown.)

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 65410

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

# Configure PE 2 in the same way PE 1 is configured. (Details not shown.)

# Verify that the PEs have established BGP peer relationships with their local CEs and the peers are in established state.

[PE1] display bgp peer ipv4 vpn-instance

[PE2] display bgp peer ipv4 vpn-instance

4. Set up an MP-IBGP peer relationship between PE 1 and PE 2:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# Verify that the PEs have established a BGP peer relationship and the peers are in established state.

[PE1] display bgp peer l2vpn evpn

[PE2] display bgp peer l2vpn evpn

5. Specify a source address for the outer IPv6 header of SRv6-encapsulated IPv4 EVPN L3VPN packets on PE 1 and PE 2:

# Configure PE 1.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# Configure PE 2.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 3::3

6. Configure the destination address (End.DT4 SID) of the outer IPv6 header for SRv6-encapsulated IPv4 EVPN L3VPN packets:

# Configure PE 1.

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2::1:0 96 static 8

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# Configure PE 2.

[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 6:5::1:0 96 static 8

[PE2-segment-routing-ipv6-locator-bbb] quit

[PE2-segment-routing-ipv6] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# Verify that the PEs have distributed the End.DT4 SIDs to the routing table and generated SRv6 routes. This step uses PE 1 as an example.

[PE1] display ipv6 routing-table protocol srv6

Summary count : 1

SRv6 Routing table status : <Active>

Summary count : 1

Destination: 1:2::101/128 Protocol : SRv6

NextHop : ::1 Preference: 4

Interface : InLoop0 Cost : 0

SRv6 Routing table status : <Inactive>

Summary count : 0

7. Add End.DT4 SIDs to private network routes on PE 1 and PE 2:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 locator aaa evpn

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator bbb evpn

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

8. Enable IPv6 peers on the PEs to exchange End.DT4 SIDs and enable SRv6 BE mode:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort evpn

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort evpn

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# Display BGP EVPN routing information on each PE and verify that the routes advertised by the PEs have the SID attribute. This step uses PE 1 as an example.

[PE1] display bgp l2vpn evpn [5][0][24][10.2.1.0]/80

BGP local router ID: 1.1.1.1

Local AS number: 100

Route distinguisher: 100:1(vpn1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [5][0][24][10.2.1.0]/80:

From : 3::3 (3.3.3.3)

Rely nexthop : FE80::2A96:34FF:FE9D:216

Original nexthop: 3::3

Out interface : Ten-GigabitEthernet3/0/2

Route age : 00h14m23s

OutLabel : NULL

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

PrefixSID : End.DT4 SID <6:5::101>

AS-path : 65420

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

EVPN route type : IP prefix advertisement route

ESI : 0000.0000.0000.0000.0000

Ethernet tag ID : 0

IP prefix : 10.2.1.0/24

Gateway address : 0.0.0.0

MPLS label : 16777215

Tunnel policy : NULL

Rely tunnel IDs : N/A

Verifying the configuration

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.0/32 Direct 0 0 10.1.1.1 XGE3/0/1

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/1

10.2.1.0/24 BGP 255 0 6:5::1:0 XGE3/0/2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring inter-AS option B VPN

Network configuration

As shown in Figure 330, an EVPN L3VPN network is deployed in AS 100 and an EVPN L3VPN over SRv6 network is deployed in AS 200. Configure inter-AS option B VPN to permit users in the same VPN instance to communicate with each other across the EVPN L3VPN and EVPN L3VPN over SRv6 networks.

Figure 330 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.2/24	CE 2	XGE3/0/1	20.1.1.2/24
PE 1	Loop0	1.1.1.1/32	PE 2	Loop0	1::1/128
	XGE3/0/1	10.1.1.1/24		XGE3/0/1	20.1.1.1/24
	XGE3/0/2	11.1.1.1/24		XGE3/0/2	100::1/96
ASBR 1	Loop0	2.2.2.2/32	ASBR 2	Loop0	2::2/128
	XGE3/0/1	11.1.1.2/24		XGE3/0/1	100::2/96
	XGE3/0/2	12.1.1.1/24		XGE3/0/2	12.1.1.2/24

Procedure

1. Configure CE 1:

# Establish EBGP peer relationship with PE 1 and import VPN routes.

<CE1> system-view

[CE1] bgp 101

[CE1-bgp-default] peer 10.1.1.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.1.1.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

2. Configure PE 1:

# Run IS-IS on PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 10.1111.1111.1111.00

[PE1-isis-1] quit

# Specify an LSR ID and enable MPLS and LDP.

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls ldp

[PE1-ldp] quit

# On interface Ten-GigabitEthernet 3/0/2, specify an IP address, run IS-IS, and enable MPLS and LDP.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ip address 11.1.1.1 255.0.0.0

[PE1-Ten-GigabitEthernet3/0/2] isis enable 1

[PE1-Ten-GigabitEthernet3/0/2] mpls enable

[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Create interface Loopback 0, specify an IP address for the interface, and run IS-IS on the interface.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.1 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# Create a VPN instance named vpn1 and configure a RD and route target for the VPN instance.

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

[PE1-vpn-instance-vpn1] vpn-target 100:1

[PE1-vpn-instance-vpn1] quit

# Associate the interface connected to CE 1 with VPN instance vpn1.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] quit

# Run BGP on PE 1.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

# Configure PE 1 to exchange BGP EVPN routes with peer 2.2.2.2.

[PE1-bgp-default] peer 2.2.2.2 as-number 100

[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2.2.2.2 enable

[PE1-bgp-default-evpn] quit

# Establish EBGP peer relationship with CE 1 and import VPN routes.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 10.1.1.2 as-number 101

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

3. Configure ASBR 1:

# Run IS-IS on ASBR 1.

<ASBR1> system-view

[ASBR1] isis 1

[ASBR1-isis-1] cost-style wide

[ASBR1-isis-1] network-entity 10.2222.2222.2222.00

[ASBR1-isis-1] quit

# Specify an LSR ID and enable MPLS and LDP.

[ASBR1] mpls lsr-id 2.2.2.2

[ASBR1] mpls ldp

[ASBR1-ldp] quit

# On interface Ten-GigabitEthernet 3/0/1, specify an IP address, run IS-IS, and enable MPLS and LDP.

[ASBR1] interface ten-gigabitethernet 3/0/1

[ASBR1-Ten-GigabitEthernet3/0/1] ip address 11.1.1.2 255.0.0.0

[ASBR1-Ten-GigabitEthernet3/0/1] isis enable 1

[ASBR1-Ten-GigabitEthernet3/0/1] mpls enable

[ASBR1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[ASBR1-Ten-GigabitEthernet3/0/1] quit

# On interface Ten-GigabitEthernet 3/0/2, specify an IP address and enable MPLS.

[ASBR1] interface ten-gigabitethernet 3/0/2

[ASBR1-Ten-GigabitEthernet3/0/2] ip address 12.1.1.1 255.0.0.0

[ASBR1-Ten-GigabitEthernet3/0/2] mpls enable

[ASBR1-Ten-GigabitEthernet3/0/2] quit

# Create interface Loopback 0, specify an IP address and run IS-IS on the interface.

[ASBR1] interface loopback 0

[ASBR1-LoopBack0] ip address 2.2.2.2 32

[ASBR1-LoopBack0] isis enable 1

[ASBR1-LoopBack0] quit

# Run BGP on ASBR 1.

[ASBR1] bgp 100

[ASBR1-bgp-default] router-id 2.2.2.2

[ASBR1-bgp-default] peer 1.1.1.1 as-number 100

[ASBR1-bgp-default] peer 1.1.1.1 connect-interface loopback 0

[ASBR1-bgp-default] peer 12.1.1.2 as-number 200

[ASBR1-bgp-default] peer 12.1.1.2 connect-interface ten-gigabitethernet 3/0/2

# Configure BGP to not filter received BGP EVPN routes based on route targets.

[ASBR1-bgp-default] address-family l2vpn evpn

[ASBR1-bgp-default-evpn] undo policy vpn-target

# Configure ASBR 1 to exchange BGP EVPN routes with IBGP peer 1.1.1.1 and EBGP peer 12.1.1.2.

[ASBR1-bgp-default-evpn] peer 12.1.1.2 enable

[ASBR1-bgp-default-evpn] peer 1.1.1.1 enable

[ASBR1-bgp-default-evpn] quit

[ASBR1-bgp-default] quit

4. Configure ASBR 2:

# Run IPv6 IS-IS on ASBR 2.

<ASBR2> system-view

[ASBR2] isis 1

[ASBR2-isis-1] cost-style wide

[ASBR2-isis-1] network-entity 10.3333.3333.3333.00

[ASBR2-isis-1] address-family ipv6 unicast

[ASBR2-isis-1-ipv6] quit

[ASBR2-isis-1] quit

# On interface Ten-GigabitEthernet 3/0/1, specify an IPv6 address and run IPv6 IS-IS.

[ASBR2] interface ten-gigabitethernet 3/0/1

[ASBR2-Ten-GigabitEthernet3/0/1] ipv6 address 100::2 96

[ASBR2-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[ASBR2-Ten-GigabitEthernet3/0/1] quit

# On interface Ten-GigabitEthernet 3/0/2, specify an IP address and enable MPLS.

[ASBR2] interface ten-gigabitethernet 3/0/2

[ASBR2-Ten-GigabitEthernet3/0/2] ip address 12.1.1.2 255.0.0.0

[ASBR2-Ten-GigabitEthernet3/0/2] mpls enable

[ASBR2-Ten-GigabitEthernet3/0/2] quit

# Create interface Loopback 0, specify an IPv6 address for the interface, and run IPv6 IS-IS on the interface.

[ASBR2] interface loopback 0

[ASBR2-LoopBack0] ipv6 address 2::2 128

[ASBR2-LoopBack0] isis ipv6 enable 1

[ASBR2-LoopBack0] quit

# Run BGP on ASBR 2.

[ASBR2] bgp 200

[ASBR2-bgp-default] router-id 3.3.3.3

[ASBR2-bgp-default] peer 12.1.1.1 as-number 100

[ASBR2-bgp-default] peer 12.1.1.1 connect-interface ten-gigabitethernet 3/0/2

[ASBR2-bgp-default] peer 1::1 as-number 200

[ASBR2-bgp-default] peer 1::1 connect-interface loopback 0

# Configure BGP to not filter received BGP EVPN routes based on route targets.

[ASBR2-bgp-default] address-family l2vpn evpn

[ASBR2-bgp-default-evpn] undo policy vpn-target

# Configure ASBR 2 to exchange BGP EVPN routes with IBGP peer 1::1 and EBGP peer 12.1.1.1.

[ASBR2-bgp-default-evpn] peer 12.1.1.1 enable

[ASBR2-bgp-default-evpn] peer 1::1 enable

[ASBR2-bgp-default-evpn] quit

[ASBR2-bgp-default] quit

# Configure EVPN L3VPN over SRv6 BE.

[ASBR2] segment-routing ipv6

[ASBR2-segment-routing-ipv6] encapsulation source-address 2::2

[ASBR2-segment-routing-ipv6] locator abc ipv6-prefix 43:1:: 64 static 32

[ASBR2-segment-routing-ipv6-locator-abc] quit

[ASBR2-segment-routing-ipv6] quit

[ASBR2] bgp 200

[ASBR2-bgp-default] address-family l2vpn evpn

[ASBR2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[ASBR2-bgp-default-evpn] segment-routing ipv6 best-effort evpn

[ASBR2-bgp-default-evpn] segment-routing ipv6 locator abc evpn

# Enable SRv6 and MPLS interworking.

[ASBR2-bgp-default-evpn] srv6-mpls-interworking enable

[ASBR2-bgp-default-evpn] quit

[ASBR2-bgp-default] quit

# Apply a locator to IPv6 IS-IS.

[ASBR2] isis 1

[ASBR2-isis-1] address-family ipv6 unicast

[ASBR2-isis-1-ipv6] segment-routing ipv6 locator abc

[ASBR2-isis-1-ipv6] quit

[ASBR2-isis-1] quit

5. Configure PE 2:

# Run IPv6 IS-IS on PE 2.

<PE2> system-view

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 10.4444.4444.4444.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

# On interface Ten-GigabitEthernet 3/0/2, specify an IPv6 address and run IPv6 IS-IS.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 100::1 96

[PE2-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[PE2-Ten-GigabitEthernet3/0/2] quit

# Create interface Loopback 0, specify an IPv6 address and run IPv6 IS-IS on the interface.

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 1::1 128

[PE2-LoopBack0] isis ipv6 enable 1

[PE2-LoopBack0] quit

# Create a VPN instance named vpn1 and configure a RD and route target for the VPN instance.

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

[PE2-vpn-instance-vpn1] vpn-target 100:1

[PE2-vpn-instance-vpn1] quit

# Associate the interface connected to CE 2 with VPN instance vpn1.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.1.1.1 24

[PE2-Ten-GigabitEthernet3/0/1] quit

# Run BGP on PE 2.

[PE2] bgp 200

[PE2-bgp-default] router-id 4.4.4.4

# Configure PE 2 to exchange BGP EVPN routes with IBGP peer 2::2.

[PE2-bgp-default] peer 2::2 as-number 200

[PE2-bgp-default] peer 2::2 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 2::2 enable

[PE2-bgp-default-evpn] quit

# Establish EBGP peer relationship with CE 2 and import VPN routes.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.1.1.2 as-number 201

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.1.1.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

# Configure L3VPN over SRv6 BE.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 1::1

[PE2-segment-routing-ipv6] locator abc ipv6-prefix 42:1:: 64 static 32

[PE2-segment-routing-ipv6-locator-abc] quit

[PE2-segment-routing-ipv6] quit

[PE2] bgp 200

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 best-effort evpn

[PE2-bgp-default-ipv4-vpn1] segment-routing ipv6 locator abc evpn

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# Apply a locator to IPv6 IS-IS.

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator abc

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

6. Configure CE 2:

# Establish EBGP peer relationship with PE 2 and import VPN routes.

<CE2> system-view

[CE2] bgp 201

[CE2-bgp-default] peer 20.1.1.1 as-number 200

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.1.1.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

Verifying the configuration

# On ASBR 2, verify that the MPLS label and SRv6 SID have established mapping relationship. The LSP out label is the SRv6 SID.

[ASBR2] display mpls lsp srv6-mpls-interworking

FEC : 3::3/43:1::1:0:2

Protocol : BGP

In Label : 600127

Out SRv6 SID : 43:1::1:0:2

Path ID : 0x16000000.1

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

EVPN VPWS over SRv6 configuration examples

Example: Setting up an SRv6 tunnel between single-homed EVPN VPWS sites

Network configuration

As shown in Figure 331, set up an SRv6 tunnel between PE 1 and PE 2 for users in site 1 and site 2 to communicate through EVPN VPWS over the IPv6 backbone network.

Figure 331 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10::1/64	P	Loop0	3::3/128
PE 1	Loop0	1::1/128		XGE3/0/1	20::2/64
	XGE3/0/1	-		XGE3/0/2	30::1/64
	XGE3/0/2	20::1/64	PE 2	Loop0	2::2/128
CE 2	XGE3/0/1	10::2/64		XGE3/0/1	-
				XGE3/0/2	30::2/64

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 10::1 64

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 1:

# Run OSPFv3 on PE 1 and use OSPFv3 to advertise SIDs.

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.1

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0.0.0.0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# Configure interface Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to P.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 20::1 64

[PE1-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/2] undo shutdown

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure PE 1 to establish IBGP neighbor relationship with PE 2 and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 2.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# Create a cross-connect group named vpna, create an EVPN instance for it, and enable SRv6 encapsulation. Configure an RD and route targets for the EVPN instance and enable SRv6 BE route recursion mode.

[PE1] xconnect-group vpna

[PE1-xcg-vpna] evpn encapsulation srv6

[PE1-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE1-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1 and map Ten-GigabitEthernet 3/0/1 to it. Create an SRv6 tunnel on the cross-connect.

[PE1-xcg-vpna] connection pw1

[PE1-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpna-pw1-Ten-GigabitEthernet3/0/1] quit

[PE1-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2

[PE1-xcg-vpna-pw1-1-2] quit

[PE1-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE1-xcg-vpna-pw1] quit

[PE1-xcg-vpna] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DX2 SIDs.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 100:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

3. Configure PE 2:

# Run OSPFv3 on PE 2 and use OSPFv3 to advertise SIDs.

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.2

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# Configure interface Loopback 0.

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to P.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 30::2 64

[PE2-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[PE2-Ten-GigabitEthernet3/0/2] undo shutdown

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2 to establish IBGP neighbor relationship with PE 1, and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 1.

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

[PE2] xconnect-group vpna

[PE2-xcg-vpna] evpn encapsulation srv6

[PE2-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE2-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1 and map Ten-GigabitEthernet 3/0/1 to it. Create an SRv6 tunnel on the cross-connect.

[PE2-xcg-vpna] connection pw1

[PE2-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/0/1

[PE2-xcg-vpna-pw1-Ten-GigabitEthernet3/0/1] quit

[PE2-xcg-vpna-pw1] evpn local-service-id 2 remote-service-id 1

[PE2-xcg-vpna-pw1-2-1] quit

[PE2-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE2-xcg-vpna-pw1] quit

[PE2-xcg-vpna] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DX2 SIDs.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 200:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] quit

4. Configure P:

# Run OSPFv3 on P.

system-view

[P] ospfv3

[P-ospfv3-1] router-id 3.3.3.3

[P-ospfv3-1] area 0.0.0.0

[P-ospfv3-1-area-0.0.0.0] quit

[P-ospfv3-1] quit

# Configure IPv6 addresses for interfaces and run OSPFv3 on the interfaces.

[P] interface loopback 0

[P-LoopBack0] ipv6 address 3::3 128

[P-LoopBack0] ospfv3 1 area 0

[P-LoopBack0] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ipv6 address 20::2 64

[P-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ipv6 address 30::1 64

[P-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[P-Ten-GigabitEthernet3/0/2] quit

5. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 10::2 64

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that an SRv6 tunnel has been established between PE 1 and PE 2.

[PE1] display l2vpn peer srv6

Total number of SRv6 Tunnels: 1

1 up, 0 blocked, 0 down

Xconnect-group Name: vpna

Peer : 2::2

Flag : Main

State : Up

Remote SrvID : 2

# Verify that the SRv6 forwarding information on PE 1 is correct. You can see input and output SID information about the SRv6 tunnel.

[PE1] display l2vpn forwarding srv6

Total number of cross-connections: 1

Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down

Xconnect-group Name : vpna

Connection Name : pw1

Link ID : 0x1 Type: BE State: Up

In SID : 100::1:0:2

Out SID : 200::1:0:2

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring EVPN VPWS over SRv6 multihoming (S-Trunk dual-homed)

Network configuration

As shown in Figure 332, CE 1 is dual-homed to PE 1 and PE 2 through S-Trunk. Configure EVPN VPWS over SRv6 for dual-homed site 1 and single-homed site 2 to communicate over the IPv6 backbone network through an SRv6 tunnel.

Figure 332 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	1::1/128	PE 2	Loop0	2::2/128
	XGE3/0/1	N/A		XGE3/0/1	N/A
	XGE3/0/2	10::1/64		XGE3/0/2	30::2/64
	XGE3/0/3	20::1/64		XGE3/0/3	20::2/64
	XGE3/0/3	10.1.2.1/24		XGE3/0/3	10.1.2.2/24
PE 3	Loop0	3::3/128	CE 1	RAGG1	100::1/64
	XGE3/0/1	N/A	CE 2	XGE3/0/1	100::2/64
	XGE3/0/2	10::3/64
	XGE3/0/3	30::3/64

Procedure

1. Configure CE 1:

# Create dynamic Layer 3 aggregate interface 1 and assign it an IPv6 address and prefix.

<CE1> system-view

[CE1] interface route-aggregation 1

[CE1-Route-Aggregation1] link-aggregation mode dynamic

[CE1-Route-Aggregation1] ipv6 address 100::1 64

[CE1-Route-Aggregation1] quit

# Assign Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to aggregation group 1.

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] interface ten-gigabitethernet 3/0/2

[CE1-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[CE1-Ten-GigabitEthernet3/0/2] quit

2. Configure PE 1:

# Run OSPFv3 on PE 1.

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.1

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# Configure interface Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 3.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 10::1/64

[PE1-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/2] undo shutdown

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 2.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ipv6 address 20::1/64

[PE1-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/3] undo shutdown

[PE1-Ten-GigabitEthernet3/0/3] quit

# Configure PE 1 to establish IBGP neighbor relationships with PE 2 and PE 3, and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 2 and PE 3.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# Configure S-Trunk for CE 1 to be dual-homed to PE 1 and PE 2.

[PE1] lacp system-priority 10

[PE1] lacp system-mac 1-1-1

[PE1] lacp system-number 1

[PE1] s-trunk id 1

[PE1-s-trunk1] s-trunk ip destination 10.1.2.2 source 10.1.2.1

[PE1-s-trunk1] quit

[PE1] interface route-aggregation 1

[PE1-Route-Aggregation1] link-aggregation mode dynamic

[PE1-Route-Aggregation1] s-trunk 1

[PE1-Route-Aggregation1] s-trunk port-role primary

[PE1-Route-Aggregation1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[PE1-Ten-GigabitEthernet3/0/1] quit

# Assign an ESI to site-facing interface Route-Aggregation 1 and set its redundancy mode to all-active.

[PE1] interface route-aggregation 1

[PE1-Route-Aggregation1] esi 1.1.1.1.1

[PE1-Route-Aggregation1] evpn redundancy-mode all-active

[PE1-Route-Aggregation1] quit

[PE1] xconnect-group vpna

[PE1-xcg-vpna] evpn encapsulation srv6

[PE1-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE1-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1 and map Route-Aggregation 1 to it. Create an SRv6 tunnel on the cross-connect.

[PE1-xcg-vpna] connection pw1

[PE1-xcg-vpna-pw1] ac interface route-aggregation 1

[PE1-xcg-vpna-pw1-Route-Aggregation1] quit

[PE1-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2

[PE1-xcg-vpna-pw1-1-2] quit

[PE1-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE1-xcg-vpna-pw1] quit

[PE1-xcg-vpna] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DX2 SIDs.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 111:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

3. Configure PE 2:

# Run OSPFv3 on PE 2.

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.2

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# Configure interface Loopback 0.

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 1.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ipv6 address 20::2 64

[PE2-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/3] undo shutdown

[PE2-Ten-GigabitEthernet3/0/3] quit

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 3.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 30::2 64

[PE2-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/2] undo shutdown

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2 to establish IBGP neighbor relationships with PE 1 and PE 3, and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 1 and PE 3.

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] peer 3::3 as-number 100

[PE2-bgp-default] peer 3::3 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 3::3 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# Configure S-Trunk for CE 1 to be dual-homed to PE 1 and PE 2.

[PE2] lacp system-priority 10

[PE2] lacp system-mac 1-1-1

[PE2] lacp system-number 2

[PE2] s-trunk id 1

[PE2-s-trunk1] s-trunk ip destination 10.1.2.1 source 10.1.2.2

[PE2-s-trunk1] quit

[PE2] interface route-aggregation 1

[PE2-Route-Aggregation1] link-aggregation mode dynamic

[PE2-Route-Aggregation1] s-trunk 1

[PE2-Route-Aggregation1] s-trunk port-role primary

[PE2-Route-Aggregation1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[PE2-Ten-GigabitEthernet3/0/1] quit

# Assign an ESI to site-facing interface Route-Aggregation 1 and set its redundancy mode to all-active.

[PE2] interface route-aggregation 1

[PE2-Route-Aggregation1] esi 1.1.1.1.1

[PE2-Route-Aggregation1] evpn redundancy-mode all-active

[PE2-Route-Aggregation1] quit

[PE2] xconnect-group vpna

[PE2-xcg-vpna] evpn encapsulation srv6

[PE2-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE2-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1 and map Route-Aggregation 1 to it. Create an SRv6 tunnel on the cross-connect.

[PE2-xcg-vpna] connection pw1

[PE2-xcg-vpna-pw1] ac interface route-aggregation 1

[PE2-xcg-vpna-pw1-Route-Aggregation1] quit

[PE2-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2

[PE2-xcg-vpna-pw1-1-2] quit

[PE2-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE2-xcg-vpna-pw1] quit

[PE2-xcg-vpna] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DX2 SIDs.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 222:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] quit

4. Configure PE 3:

# Run OSPFv3 on PE 3.

<PE3> system-view

[PE3] ospfv3

[PE3-ospfv3-1] router-id 3.3.3.3

[PE3-ospfv3-1] segment-routing ipv6 locator aaa

[PE3-ospfv3-1] area 0

[PE3-ospfv3-1-area-0.0.0.0] quit

[PE3-ospfv3-1] quit

# Configure interface Loopback 0.

[PE3] interface loopback 0

[PE3-LoopBack0] ipv6 address 3::3 128

[PE3-LoopBack0] ospfv3 1 area 0

[PE3-LoopBack0] quit

# Enable L2VPN.

[PE3] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 1.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ipv6 address 10::3 64

[PE3-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/2] undo shutdown

[PE3-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 2.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ipv6 address 30::3 64

[PE3-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/3] undo shutdown

[PE3-Ten-GigabitEthernet3/0/3] quit

# Configure PE 3 to establish IBGP neighbor relationships with PE 1 and PE 2, and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 1 and PE 2.

[PE3] bgp 100

[PE3-bgp-default] router-id 3.3.3.3

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 0

[PE3-bgp-default] peer 2::2 as-number 100

[PE3-bgp-default] peer 2::2 connect-interface loopback 0

[PE3-bgp-default] address-family l2vpn evpn

[PE3-bgp-default-evpn] peer 1::1 enable

[PE3-bgp-default-evpn] peer 2::2 enable

[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE3-bgp-default-evpn] quit

[PE3-bgp-default] quit

[PE3] xconnect-group vpna

[PE3-xcg-vpna] evpn encapsulation srv6

[PE3-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE3-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE3-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE3-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE3-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1 and map Ten-GigabitEthernet 3/0/1 to it. Create an SRv6 tunnel on the cross-connect.

[PE3-xcg-vpna] connection pw1

[PE3-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/0/1

[PE3-xcg-vpna-pw1-Ten-GigabitEthernet3/0/1] quit

[PE3-xcg-vpna-pw1] evpn local-service-id 2 remote-service-id 1

[PE3-xcg-vpna-pw1-2-1] quit

[PE3-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE3-xcg-vpna-pw1] quit

[PE3-xcg-vpna] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DX2 SIDs.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 3::3

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 333:: 64 static 32

[PE3-segment-routing-ipv6-locator-aaa] quit

[PE3-segment-routing-ipv6] quit

5. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 100::2 64

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that PE 1 has established an SRv6 tunnel to PE 3.

[PE1] display l2vpn peer srv6

Total number of SRv6 Tunnels: 1

1 up, 0 blocked, 0 down

Xconnect-group Name: vpna

Peer : 3::3

Flag : Main

State : Up

Remote SrvID : 2

# Verify that PE 3 has established SRv6 tunnels to PE 1 and PE 2. The SRv6 tunnels are ECMP tunnels that load share traffic.

[PE3] display l2vpn peer srv6

Total number of SRv6 Tunnels: 2

2 up, 0 blocked, 0 down

Xconnect-group Name: vpna

Peer : 2::2

Flag : ECMP

State : Up

Remote SrvID : 1

Peer : 1::1

Flag : ECMP

State : Up

Remote SrvID : 1

# Verify that the SRv6 forwarding information on PE 1 and PE 3 is correct. You can see input and output SID information about the SRv6 tunnel.

[PE1] display l2vpn forwarding srv6

Total number of cross-connections: 1

Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down

Xconnect-group Name : vpna

Connection Name : pw1

Link ID : 0x1 Type: BE State: Up

In SID : 111::1:0:3

Out SID : 333::1:0:3

[PE3] display l2vpn forwarding srv6

Total number of cross-connections: 1

Total number of SRv6 tunnels: 2, 2 up, 0 blocked, 0 down

Xconnect-group Name : vpna

Connection Name : pw1

Link ID : 0x1 Type: BE State: Up

In SID : 333::1:0:3

Out SID : 111::1:0:3

Link ID : 0x1 Type: BE State: Up

In SID : 333::1:0:3

Out SID : 222::1:0:3

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

# Verify that CE 1 and CE 2 can ping each other when the PW on PE 1 or PE 2 fails. (Details not shown.)

Example: Configuring LDP PWs as ACs for SRv6 PWs

Network configuration

As shown in Figure 333:

· PE 1 and PE 2 are edge devices on both the MPLS network and SRv6 network.

· Configure MPLS L2VPN on PE 1, PE 2, and PE 4, and configure the PEs to use LDP to establish LDP PWs.

· Configure EVPN VPWS over SRv6 on PE 1, PE 2, and PE 3.

· On PE 1 and PE 2, configure LDP PWs as UPWs (ACs) for SRv6 PWs to ensure that the MPLS L2VPN and EVPN VPWS over SRv6 networks can communicate with each other.

· PE 4 is dual-homed to PE 1 and PE 2 through two LDP PWs (UPWs).

Figure 333 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	1::1/128	PE 3	Loop0	3::3/128
	Loop0	1.1.1.9/32		XGE3/0/1	-
	XGE3/0/1	10.1.1.1/24		XGE3/0/2	10::3/64
	XGE3/0/2	10::1/64		XGE3/0/3	30::3/64
	XGE3/0/3	20::1/64	PE 4	Loop0	4.4.4.9
PE 2	Loop0	2::2/128		XGE3/0/1	10.1.1.4/24
	Loop0	2.2.2.9/32		XGE3/0/2	20.1.1.4/24
	XGE3/0/1	20.1.1.2/24		XGE3/0/3	-
	XGE3/0/2	30::2/64	CE 1	XGE3/0/1	100::1/64
	XGE3/0/3	20::2/64	CE2	XGE3/0/1	100::2/64

Procedure

1. Configure CE 1:

# Configure an IPv6 address and prefix length for Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 100::1 64

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 4:

# Configure MPLS basic capabilities.

<PE4> system-view

[PE4] interface loopback 0

[PE4-LoopBack0] ip address 4.4.4.9 32

[PE4-LoopBack0] ospf 1 area 0

[PE4-LoopBack0] quit

[PE4] mpls lsr-id 4.4.4.9

[PE4] mpls ldp

[PE4-ldp] quit

# Enable L2VPN.

[PE4] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/1, the interface connected to PE 1.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ip address 10.1.1.4 24

[PE4-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[PE4-Ten-GigabitEthernet3/0/1] mpls enable

[PE4-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/1] undo shutdown

[PE4-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 2.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip address 20.1.1.4 24

[PE4-Ten-GigabitEthernet3/0/2] ospf 1 area 0

[PE4-Ten-GigabitEthernet3/0/2] mpls enable

[PE4-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/2] undo shutdown

[PE4-Ten-GigabitEthernet3/0/2] quit

# Create cross-connect group vpna, create cross-connect pw1 in the group, and map Ten-GigabitEthernet 3/0/3 to the cross-connect. Create an LDP PW for the cross-connect to associate the AC with the PW. Configure a backup PW for the PW and enable the dual receive feature for PW redundancy.

[PE4] xconnect-group vpna

[PE4-xcg-vpna] connection pw1

[PE4-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/0/3

[PE4-xcg-vpna-pw1-Ten-GigabitEthernet3/0/3] quit

[PE4-xcg-vpna-pw1] protection dual-receive

[PE4-xcg-vpna-pw1] peer 1.1.1.9 pw-id 500

[PE4-xcg-vpna-pw1-1.1.1.9-500] backup-peer 2.2.2.9 pw-id 500

[PE4-xcg-vpna-pw1-1.1.1.9-500-backup] quit

[PE4-xcg-vpna-pw1-1.1.1.9-500] quit

[PE4-xcg-vpna-pw1] quit

[PE4-xcg-vpna] quit

3. Configure PE 1:

# Run OSPF on PE 1.

<PE1> system-view

[PE1] ospf

[PE1-ospf-1] router-id 1.1.1.9

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Run OSPFv3 on PE 1.

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.9

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# Configure interface Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# Configure MPLS basic capabilities.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/1, the interface connected to PE 4.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] undo shutdown

[PE1-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 3.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 10::1 64

[PE1-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 2.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ipv6 address 20::1 64

[PE1-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/3] quit

# Establish IBGP connections to PE 2 and PE 3, and enable BGP EVPN to advertise route information to PE 2 and PE 3.

[PE1] bgp 100

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# Create cross-connect group vpna, create an EVPN instance for it, and enable SRv6 encapsulation. Configure an RD and route targets for the EVPN instance and enable SRv6 BE route recursion mode.

[PE1] xconnect-group vpna

[PE1-xcg-vpna] evpn encapsulation srv6

[PE1-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE1-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1. Configure PE 1 to set up an UPW with PE 4, assign an ESI to the UPW, and set the redundancy mode of the UPW to all-active. Create an SRv6 PW for the cross-connect to associate the UPW with the SRv6 PW.

[PE1-xcg-vpna] connection pw1

[PE1-xcg-vpna-pw1] peer 4.4.4.9 pw-id 500

[PE1-xcg-vpna-pw1-4.4.4.9-500] esi 1.1.1.1.1

[PE1-xcg-vpna-pw1-4.4.4.9-500] evpn redundancy-mode all-active

[PE1-xcg-vpna-pw1-4.4.4.9-500] quit

[PE1-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2

[PE1-xcg-vpna-pw1-1-2] quit

[PE1-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE1-xcg-vpna-pw1] quit

[PE1-xcg-vpna] quit

# Configure a locator to apply for End.DX2 SIDs.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 111:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

4. Configure PE 2:

# Run OSPF on PE 2.

<PE2> system-view

[PE2] ospf

[PE2-ospf-1] router-id 2.2.2.9

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Run OSPFv3 on PE 2.

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.9

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# Configure interface Loopback 0.

[PE2] interface loopback 0

[PE2-LoopBack1] ip address 2.2.2.9 32

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# Configure MPLS basic capabilities.

[PE2] mpls lsr-id 2.2.2.9

[PE2] mpls ldp

[PE2-ldp] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 1.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ipv6 address 20::2 64

[PE2-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/3] undo shutdown

[PE2-Ten-GigabitEthernet3/0/3] quit

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 3.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 30::2 64

[PE2-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/2] undo shutdown

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/1, the interface connected to PE 4.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.1.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] undo shutdown

[PE2-Ten-GigabitEthernet3/0/1] quit

# Establish IBGP connections to PE 1 and PE 3 and enable BGP EVPN to advertise route information to PE 1 and PE 3.

[PE2] bgp 100

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] peer 3::3 as-number 100

[PE2-bgp-default] peer 3::3 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 3::3 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# Create cross-connect group vpna, create an EVPN instance for it, and enable SRv6 encapsulation. Configure an RD and route targets for the EVPN instance and enable SRv6 BE route recursion mode.

[PE2] xconnect-group vpna

[PE2-xcg-vpna] evpn encapsulation srv6

[PE2-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE2-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1. Configure PE 2 to set up an UPW with PE 4, assign an ESI to the UPW, and set the redundancy mode of the UPW to all-active. Create an SRv6 PW for the cross-connect to associate the UPW with the SRv6 PW.

[PE2-xcg-vpna] connection pw1

[PE2-xcg-vpna-pw1] peer 4.4.4.9 pw-id 500

[PE2-xcg-vpna-pw1-4.4.4.9-500] esi 1.1.1.1.1

[PE2-xcg-vpna-pw1-4.4.4.9-500] evpn redundancy-mode all-active

[PE2-xcg-vpna-pw1-4.4.4.9-500] quit

[PE2-xcg-vpna-pw1] evpn local-service-id 1 remote-service-id 2

[PE2-xcg-vpna-pw1-1-2] quit

[PE2-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE2-xcg-vpna-pw1] quit

[PE2-xcg-vpna] quit

# Configure a locator to apply for End.DX2 SIDs.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 222:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] quit

5. Configure PE 3:

# Run OSPFv3 on PE 3.

<PE3> system-view

[PE3] ospfv3

[PE3-ospfv3-1] router-id 3.3.3.9

[PE3-ospfv3-1] segment-routing ipv6 locator aaa

[PE3-ospfv3-1] area 0

[PE3-ospfv3-1-area-0.0.0.0] quit

[PE3-ospfv3-1] quit

# Configure interface Loopback 0.

[PE3] interface loopback 0

[PE3-LoopBack0] ipv6 address 3::3 128

[PE3-LoopBack0] ospfv3 1 area 0

[PE3-LoopBack0] quit

# Enable L2VPN.

[PE3] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 1.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ipv6 address 10::3 64

[PE3-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/2] undo shutdown

[PE3-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 2.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ipv6 address 30::3 64

[PE3-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/3] undo shutdown

[PE3-Ten-GigabitEthernet3/0/3] quit

# Establish IBGP connections to PE 1 and PE 2, and enable BGP EVPN to advertise route information to PE 1 and PE 2.

[PE3] bgp 100

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 0

[PE3-bgp-default] peer 2::2 as-number 100

[PE3-bgp-default] peer 2::2 connect-interface loopback 0

[PE3-bgp-default] address-family l2vpn evpn

[PE3-bgp-default-evpn] peer 1::1 enable

[PE3-bgp-default-evpn] peer 2::2 enable

[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE3-bgp-default-evpn] quit

[PE3-bgp-default] quit

# Create cross-connect group vpna, create an EVPN instance for it, and enable SRv6 encapsulation. Configure an RD and route targets for the EVPN instance and enable SRv6 BE route recursion mode.

[PE3] xconnect-group vpna

[PE3-xcg-vpna] evpn encapsulation srv6

[PE3-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE3-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE3-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE3-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE3-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1, map Ten-GigabitEthernet 3/0/1 to the cross-connect, and create an SRv6 PW on the cross-connect to associate the AC with the SRv6 PW.

[PE3-xcg-vpna] connection pw1

[PE3-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/0/1

[PE3-xcg-vpna-pw1-Ten-GigabitEthernet3/0/1] quit

[PE3-xcg-vpna-pw1] evpn local-service-id 2 remote-service-id 1

[PE3-xcg-vpna-pw1-2-1] quit

[PE3-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE3-xcg-vpna-pw1] quit

[PE3-xcg-vpna] quit

# Configure a locator to apply for End.DX2 SIDs.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 3::3

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 333:: 64 static 32

[PE3-segment-routing-ipv6-locator-aaa] quit

[PE3-segment-routing-ipv6] quit

6. On CE 2, configure an IPv6 address for Ten-GigabitEthernet 3/0/1.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 100::2 64

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# On PE 1, view detailed cross-connect group information. Verify that PE 1 has established an LDP PW with PE 4 and an SRv6 PW with PE 3.

[PE1] display l2vpn xconnect-group verbose

Xconnect-group Name: vpna

Connection Name : pw1

Connection ID : 0

State : Up

MTU : 1500

PW Redundancy Mode : Slave

Diffserv Mode : -

LDP PWs:

Peer PW ID Link ID State Flag

4.4.4.9 500 0 Up Main

Create time: 2020-11-02 10:04:59

Last time status changed: 2020-11-02 10:04:59

Last time PW went down: 2020-11-02 10:04:59

SRv6 tunnels:

Peer : 3::3

Link ID : 0x1

State : Up

# On PE 1, display detailed local ES information. Verify that the LDP PW (UPW) has multihoming settings.

[PE1] display evpn es local verbose

Xconnect-group name : vpna

Connection name : pw1

ESI : 0001.0001.0001.0001.0001

Redundancy mode : All-active

State : Up

UPW Link ID : 0

Tag ID : 0

DF address : -

# On PE 2, display detailed cross-connect group information. Verify that PE 2 has established an LDP PW with PE 4 and an SRv6 PW with PE 3.

[PE2] display l2vpn xconnect-group verbose

Xconnect-group Name: vpna

Connection Name : pw1

Connection ID : 0

State : Up

MTU : 1500

PW Redundancy Mode : Slave

Diffserv Mode : -

LDP PWs:

Peer PW ID Link ID State Flag

4.4.4.9 500 0 Up Main

Create time: 2020-11-02 10:08:01

Last time status changed: 2020-11-02 10:08:01

Last time PW went down: 2020-11-02 10:08:01

SRv6 tunnels:

Peer : 3::3

Link ID : 0x1

State : Up

# On PE 2, display detailed local ES information. Verify that the LDP PW (UPW) has multihoming settings.

[PE2] display evpn es local verbose

Xconnect-group name : vpna

Connection name : pw1

ESI : 0001.0001.0001.0001.0001

Redundancy mode : All-active

State : Up

UPW Link ID : 0

Tag ID : 0

DF address : -

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

EVPN VPLS over SRv6 configuration examples

Example: Setting up an SRv6 tunnel between single-homed EVPN VPLS sites

Network configuration

As shown in Figure 334, set up an SRv6 tunnel between PE 1 and PE 2 for users in site 1 and site 2 to communicate through EVPN VPLS over the IPv6 backbone network.

Figure 334 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10::1/64	P	Loop0	3::3/128
PE 1	Loop0	1::1/128		XGE3/0/1	20::2/64
	XGE3/0/1	-		XGE3/0/2	30::1/64
	XGE3/0/2	20::1/64	PE 2	Loop0	2::2/128
CE 2	XGE3/0/1	10::2/64		XGE3/0/1	-
				XGE3/0/2	30::2/64

Procedure

1. Configure CE 1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 10::1 64

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 1:

# Run OSPFv3 on PE 1 and use OSPFv3 to advertise SIDs.

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.1

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0.0.0.0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# Configure interface Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to P.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 20::1 64

[PE1-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/2] undo shutdown

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure PE 1 to establish IBGP neighbor relationship with PE 2 and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 2.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# Create VSI vpna, create an EVPN instance for it, and enable SRv6 encapsulation. Configure an RD and route targets for the EVPN instance, enable the SID-route-recursion feature, and apply a locator to the EVPN instance.

[PE1] vsi vpna

[PE1-vsi-vpna] evpn encapsulation srv6

[PE1-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE1-vsi-vpna-evpn-srv6] quit

# Map Ten-GigabitEthernet 3/0/1 to the VSI.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] xconnect vsi vpna

[PE1-Ten-GigabitEthernet3/0/1] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DT2U SIDs and End.DT2M SIDs.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 100:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

3. Configure PE 2:

# Run OSPFv3 on PE 2 and use OSPFv3 to advertise SIDs.

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.2

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# Configure interface Loopback 0.

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to P.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 30::2 64

[PE2-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[PE2-Ten-GigabitEthernet3/0/2] undo shutdown

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2 to establish IBGP neighbor relationship with PE 1, and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 1.

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

[PE2] vsi vpna

[PE2-vsi-vpna] evpn encapsulation srv6

[PE2-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE2-vsi-vpna-evpn-srv6] quit

# Map Ten-GigabitEthernet 3/0/1 to the VSI.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] xconnect vsi vpna

[PE2-Ten-GigabitEthernet3/0/1] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DT2U SIDs and End.DT2M SIDs.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 200:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] quit

4. Configure P:

# Run OSPFv3 on P.

system-view

[P] ospfv3

[P-ospfv3-1] router-id 3.3.3.3

[P-ospfv3-1] area 0.0.0.0

[P-ospfv3-1-area-0.0.0.0] quit

[P-ospfv3-1] quit

# Configure IPv6 addresses for interfaces and run OSPFv3 on the interfaces.

[P] interface loopback 0

[P-LoopBack0] ipv6 address 3::3 128

[P-LoopBack0] ospfv3 1 area 0

[P-LoopBack0] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] ipv6 address 20::2 64

[P-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] ipv6 address 30::1 64

[P-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[P-Ten-GigabitEthernet3/0/2] quit

5. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 10::2 64

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that an SRv6 tunnel has been established between PE 1 and PE 2.

[PE1] display l2vpn peer srv6

Total number of SRv6 Tunnels: 1

1 up, 0 blocked, 0 down

VSI Name: vpna

Peer : 2::2

Flag : Main

State : Up

# Verify that the SRv6 forwarding information on PE 1 is correct.

[PE1] display l2vpn forwarding srv6

Total number of VSIs: 1

Total number of SRv6 tunnels: 1, 1 up, 0 blocked, 0 down

VSI Name : vpna

Link ID : 0x9000000 Type: BE State: Up

In SID : 100::1:0:1

Out SID : 200::1:0:0

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring EVPN VPLS over SRv6 multihoming (S-Trunk dual-homed)

Network configuration

As shown in Figure 335, CE 1 is dual-homed to PE 1 and PE 2 through S-Trunk. Configure EVPN VPLS over SRv6 for dual-homed site 1 and single-homed site 2 to communicate over the IPv6 backbone network through an SRv6 tunnel.

Figure 335 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	1::1/128	PE 2	Loop0	2::2/128
	XGE3/0/1	N/A		XGE3/0/1	N/A
	XGE3/0/2	10::1/64		XGE3/0/2	30::2/64
	XGE3/0/3	20::1/64		XGE3/0/3	20::2/64
	XGE3/0/3	10.1.2.1/24		XGE3/0/3	10.1.2.2/24
PE 3	Loop0	3::3/128	CE 1	RAGG1	100::1/64
	XGE3/0/1	N/A	CE 2	XGE3/0/1	100::2/64
	XGE3/0/2	10::3/64
	XGE3/0/3	30::3/64

Procedure

1. Configure CE 1:

# Create dynamic Layer 3 aggregate interface 1 and assign it an IPv6 address and prefix.

<CE1> system-view

[CE1] interface route-aggregation 1

[CE1-Route-Aggregation1] link-aggregation mode dynamic

[CE1-Route-Aggregation1] ipv6 address 100::1 64

[CE1-Route-Aggregation1] quit

# Assign Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to aggregation group 1.

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] interface ten-gigabitethernet 3/0/2

[CE1-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[CE1-Ten-GigabitEthernet3/0/2] quit

2. Configure PE 1:

# Run OSPFv3 on PE 1.

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.1

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# Configure interface Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 3.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 10::1/64

[PE1-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/2] undo shutdown

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 2.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ipv6 address 20::1/64

[PE1-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/3] undo shutdown

[PE1-Ten-GigabitEthernet3/0/3] quit

# Configure PE 1 to establish IBGP neighbor relationships with PE 2 and PE 3, and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 2 and PE 3.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

[PE1] vsi vpna

[PE1-vsi-vpna] ignore-ac-state enable

[PE1-vsi-vpna] evpn encapsulation srv6

[PE1-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE1-vsi-vpna-evpn-srv6] quit

# Configure S-Trunk for CE 1 to be dual-homed to PE 1 and PE 2.

[PE1] lacp system-priority 10

[PE1] lacp system-mac 1-1-1

[PE1] lacp system-number 1

[PE1] s-trunk id 1

[PE1-s-trunk1] s-trunk ip destination 10.1.2.2 source 10.1.2.1

[PE1-s-trunk1] quit

[PE1] interface route-aggregation 1

[PE1-Route-Aggregation1] link-aggregation mode dynamic

[PE1-Route-Aggregation1] s-trunk 1

[PE1-Route-Aggregation1] s-trunk port-role primary

[PE1-Route-Aggregation1] quit

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[PE1-Ten-GigabitEthernet3/0/1] quit

# Assign an ESI to site-facing interface Route-Aggregation 1, set the redundancy mode of the interface to all-active, and map the interface to VSI vpna.

[PE1] interface route-aggregation 1

[PE1-Route-Aggregation1] esi 1.1.1.1.1

[PE1-Route-Aggregation1] evpn redundancy-mode all-active

[PE1-Route-Aggregation1] xconnect vsi vpna

[PE1-Route-Aggregation1] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DT2U SIDs and End.DT2M SIDs.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 111:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

3. Configure PE 2:

# Run OSPFv3 on PE 2.

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.2

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# Configure interface Loopback 0.

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 1.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ipv6 address 20::2 64

[PE2-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/3] undo shutdown

[PE2-Ten-GigabitEthernet3/0/3] quit

# ConfigureTen-GigabitEthernet 3/0/2, the interface connected to PE 3.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 30::2 64

[PE2-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/2] undo shutdown

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2 to establish IBGP neighbor relationships with PE 1 and PE 3, and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 1 and PE 3.

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] peer 3::3 as-number 100

[PE2-bgp-default] peer 3::3 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 3::3 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

[PE2] vsi vpna

[PE2-vsi-vpna] ignore-ac-state enable

[PE2-vsi-vpna] evpn encapsulation srv6

[PE2-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE2-vsi-vpna-evpn-srv6] quit

# Configure S-Trunk for CE 1 to be dual-homed to PE 1 and PE 2.

[PE2] lacp system-priority 10

[PE2] lacp system-mac 1-1-1

[PE2] lacp system-number 2

[PE2] s-trunk id 1

[PE2-s-trunk1] s-trunk ip destination 10.1.2.1 source 10.1.2.2

[PE2-s-trunk1] quit

[PE2] interface route-aggregation 1

[PE2-Route-Aggregation1] link-aggregation mode dynamic

[PE2-Route-Aggregation1] s-trunk 1

[PE2-Route-Aggregation1] s-trunk port-role primary

[PE2-Route-Aggregation1] quit

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[PE2-Ten-GigabitEthernet3/0/1] quit

# Assign an ESI to site-facing interface Route-Aggregation 1, set the redundancy mode of the interface to all-active, and map the interface to VSI vpna.

[PE2] interface route-aggregation 1

[PE2-Route-Aggregation1] esi 1.1.1.1.1

[PE2-Route-Aggregation1] evpn redundancy-mode all-active

[PE2-Route-Aggregation1] xconnect vsi vpna

[PE2-Route-Aggregation1] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DT2U SIDs and End.DT2M SIDs.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 222:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] quit

4. Configure PE 3:

# Run OSPFv3 on PE 3.

<PE3> system-view

[PE3] ospfv3

[PE3-ospfv3-1] router-id 3.3.3.3

[PE3-ospfv3-1] segment-routing ipv6 locator aaa

[PE3-ospfv3-1] area 0

[PE3-ospfv3-1-area-0.0.0.0] quit

[PE3-ospfv3-1] quit

# Configure interface Loopback 0.

[PE3] interface loopback 0

[PE3-LoopBack0] ipv6 address 3::3 128

[PE3-LoopBack0] ospfv3 1 area 0

[PE3-LoopBack0] quit

# Enable L2VPN.

[PE3] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 1.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ipv6 address 10::3 64

[PE3-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/2] undo shutdown

[PE3-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 2.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ipv6 address 30::3 64

[PE3-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/3] undo shutdown

[PE3-Ten-GigabitEthernet3/0/3] quit

# Configure PE 3 to establish IBGP neighbor relationships with PE 1 and PE 2, and enable BGP EVPN to advertise routes in SRv6 encapsulation to PE 1 and PE 2.

[PE3] bgp 100

[PE3-bgp-default] router-id 3.3.3.3

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 0

[PE3-bgp-default] peer 2::2 as-number 100

[PE3-bgp-default] peer 2::2 connect-interface loopback 0

[PE3-bgp-default] address-family l2vpn evpn

[PE3-bgp-default-evpn] peer 1::1 enable

[PE3-bgp-default-evpn] peer 2::2 enable

[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE3-bgp-default-evpn] quit

[PE3-bgp-default] quit

[PE3] vsi vpna

[PE3-vsi-vpna] evpn encapsulation srv6

[PE3-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE3-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE3-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE3-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE3-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE3-vsi-vpna-evpn-srv6] quit

# Map Ten-GigabitEthernet 3/0/1 to the VSI.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] xconnect vsi vpna

[PE3-Ten-GigabitEthernet3/0/1] quit

# Specify a source IP address for the outer IPv6 header of SRv6-encapsulated packets, and configure a locator to apply for End.DT2U SIDs and End.DT2M SIDs.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 3::3

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 333:: 64 static 32

[PE3-segment-routing-ipv6-locator-aaa] quit

[PE3-segment-routing-ipv6] quit

5. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 100::2 64

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that PE 3 has established SRv6 tunnels to PE 1 and PE 2. The SRv6 tunnels are ECMP tunnels that can load share traffi.

[PE3] display l2vpn peer srv6

Total number of SRv6 Tunnels: 2

2 up, 0 blocked, 0 down

VSI Name: vpna

Peer : 1::1

Flag : Main

State : Up

Peer : 2::2

Flag : Main

State : Up

# Verify that the SRv6 forwarding information on PE 3 is correct.

[PE3] display l2vpn forwarding srv6

Total number of VSIs: 1

Total number of SRv6 tunnels: 2, 2 up, 0 blocked, 0 down

VSI Name : vpna

Link ID : 0x9000000 Type: BE State: Up

In SID : 333::1:0:4

Out SID : 111::1:0:4

Link ID : 0x9000001 Type: BE State: Up

In SID : 333::1:0:4

Out SID : 222::1:0:3

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

# Verify that CE 1 and CE 2 can ping each other when the PW on PE 1 or PE 2 fails. (Details not shown.)

Example: Configuring LDP PWs as ACs for SRv6 PWs

Network configuration

As shown in Figure 336:

· PE 1 and PE 2 are edge devices on both the MPLS network and SRv6 network.

· Configure VPLS on PE 1, PE 2, and PE 4, and configure the PEs to use LDP to establish LDP PWs.

· Configure EVPN VPLS over SRv6 on PE 1, PE 2, and PE 3.

· On PE 1 and PE 2, configure LDP PWs as UPWs (ACs) for SRv6 PWs to ensure that the VPLS and EVPN VPLS over SRv6 networks can communicate with each other.

· PE 4 is dual-homed to PE 1 and PE 2 through two LDP PWs (UPWs).

Figure 336 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	1::1/128	PE 3	Loop0	3::3/128
	Loop0	1.1.1.9/32		XGE3/0/1	-
	XGE3/0/1	10.1.1.1/24		XGE3/0/2	10::3/64
	XGE3/0/2	10::1/64		XGE3/0/3	30::3/64
	XGE3/0/3	20::1/64	PE 4	Loop0	4.4.4.9
PE 2	Loop0	2::2/128		XGE3/0/1	10.1.1.4/24
	Loop0	2.2.2.9/32		XGE3/0/2	20.1.1.4/24
	XGE3/0/1	20.1.1.2/24		XGE3/0/3	-
	XGE3/0/2	30::2/64	CE 1	XGE3/0/1	100::1/64
	XGE3/0/3	20::2/64	CE2	XGE3/0/1	100::2/64

Procedure

1. Configure CE 1:

# Configure an IP address and mask for Ten-GigabitEthernet 3/0/1.

<CE1> system-view

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] ipv6 address 100::1 64

[CE1-Ten-GigabitEthernet3/0/1] quit

2. Configure PE 4:

# Configure MPLS basic capabilities.

<PE4> system-view

[PE4] interface loopback 0

[PE4-LoopBack0] ip address 4.4.4.9 32

[PE4-LoopBack0] ospf 1 area 0

[PE4-LoopBack0] quit

[PE4] mpls lsr-id 4.4.4.9

[PE4] mpls ldp

[PE4-ldp] quit

# Enable L2VPN.

[PE4] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/1, the interface connected to PE 1.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] ip address 10.1.1.4 24

[PE4-Ten-GigabitEthernet3/0/1] ospf 1 area 0

[PE4-Ten-GigabitEthernet3/0/1] mpls enable

[PE4-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/1] undo shutdown

[PE4-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 2.

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ip address 20.1.1.4 24

[PE4-Ten-GigabitEthernet3/0/2] ospf 1 area 0

[PE4-Ten-GigabitEthernet3/0/2] mpls enable

[PE4-Ten-GigabitEthernet3/0/2] mpls ldp enable

[PE4-Ten-GigabitEthernet3/0/2] undo shutdown

[PE4-Ten-GigabitEthernet3/0/2] quit

# Configure VSI vpna to use LDP to establish LDP PWs. The LDP PW between PE 1 and PE 4 is the primary PW and the LDP PW between PE 2 and PE 4 is the backup PW. Enable the dual receive feature for PW redundancy.

[PE4] vsi vpna

[PE4-vsi-vpna] protection dual-receive

[PE4-vsi-vpna] pwsignaling ldp

[PE4-vsi-vpna-ldp] peer 1.1.1.9 pw-id 500

[PE4-vsi-vpna-ldp-1.1.1.9-500] backup-peer 2.2.2.9 pw-id 500

[PE4-vsi-vpna-ldp-1.1.1.9-500-backup] quit

[PE4-vsi-vpna-ldp-1.1.1.9-500] quit

[PE4-vsi-vpna-ldp] quit

[PE4-vsi-vpna] quit

# Map Ten-GigabitEthernet 3/0/3 to VSI vpna.

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] xconnect vsi vpna

[PE4-Ten-GigabitEthernet3/0/3] quit

3. Configure PE 1:

# Run OSPF on PE 1.

<PE1> system-view

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# Run OSPFv3 on PE 1.

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.9

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# Configure interface Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# Configure MPLS basic capabilities.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/1, the interface connected to PE 4.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/0/1] mpls enable

[PE1-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE1-Ten-GigabitEthernet3/0/1] undo shutdown

[PE1-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 3.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 10::1 64

[PE1-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/2] quit

# ConfigureTen-GigabitEthernet 3/0/3, the interface connected to PE 2.

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ipv6 address 20::1 64

[PE1-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/3] quit

# Establish IBGP connections to PE 2 and PE 3, and enable BGP EVPN to advertise route information to PE 2 and PE 3.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.9

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# Create VSI vpna, create an EVPN instance for it, enable SRv6 encapsulation, and configure an RD and route targets for the EVPN instance. Enable SRv6 BE route recursion mode and apply a locator to the EVPN instance.

[PE1] vsi vpna

[PE1-vsi-vpna] evpn encapsulation srv6

[PE1-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE1-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE1-vsi-vpna-evpn-srv6] quit

# Configure VSI vpna to use LDP to establish LDP PWs. Configure PE 1 to establish an UPW with PE 4, assign an ESI to the UPW, and set the redundancy mode of the UPW to all-active.

[PE1-vsi-vpna] pwsignaling ldp

[PE1-vsi-vpna-ldp] peer 4.4.4.9 pw-id 500 no-split-horizon

[PE1-vsi-vpna-ldp-4.4.4.9-500] esi 1.1.1.1.1

[PE1-vsi-vpna-ldp-4.4.4.9-500] evpn redundancy-mode all-active

[PE1-vsi-vpna-ldp-4.4.4.9-500] quit

[PE1-vsi-vpna-ldp] quit

# Configure a locator to apply for End.DT2U SIDs and End.DT2M SIDs.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 111:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

4. Configure PE 2:

# Run OSPF on PE 2.

<PE2> system-view

[PE2] ospf

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# Run OSPFv3 on PE 2.

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.9

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# Configure interface Loopback 0.

[PE2] interface loopback 0

[PE2-LoopBack1] ip address 2.2.2.9 32

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# Configure MPLS basic capabilities.

[PE2] mpls lsr-id 2.2.2.9

[PE2] mpls ldp

[PE2-ldp] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 1.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] ipv6 address 20::2 64

[PE2-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/3] undo shutdown

[PE2-Ten-GigabitEthernet3/0/3] quit

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 3.

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 30::2 64

[PE2-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/2] undo shutdown

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/1, the interface connected to PE 4.

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ip address 20.1.1.2 24

[PE2-Ten-GigabitEthernet3/0/1] mpls enable

[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/0/1] undo shutdown

[PE2-Ten-GigabitEthernet3/0/1] quit

# Establish IBGP connections to PE 1 and PE 3 and enable BGP EVPN to advertise route information to PE 1 and PE 3.

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.9

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] peer 3::3 as-number 100

[PE2-bgp-default] peer 3::3 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 3::3 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

[PE2] vsi vpna

[PE2-vsi-vpna] evpn encapsulation srv6

[PE2-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE2-vsi-vpna-evpn-srv6] quit

# Configure VSI vpna to use LDP to establish LDP PWs. Configure PE 2 to establish an UPW with PE 4, assign an ESI to the UPW, and set the redundancy mode of the UPW to all-active.

[PE2-vsi-vpna] pwsignaling ldp

[PE2-vsi-vpna-ldp] peer 4.4.4.9 pw-id 500 no-split-horizon

[PE2-vsi-vpna-ldp-4.4.4.9-500] esi 1.1.1.1.1

[PE2-vsi-vpna-ldp-4.4.4.9-500] evpn redundancy-mode all-active

[PE2-vsi-vpna-ldp-4.4.4.9-500] quit

# Configure a locator to apply for End.DT2U SIDs and End.DT2M SIDs.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 222:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] quit

5. Configure PE 3:

# Run OSPFv3 on PE 3.

<PE3> system-view

[PE3] ospfv3

[PE3-ospfv3-1] router-id 3.3.3.9

[PE3-ospfv3-1] segment-routing ipv6 locator aaa

[PE3-ospfv3-1] area 0

[PE3-ospfv3-1-area-0.0.0.0] quit

[PE3-ospfv3-1] quit

# Configure interface Loopback 0.

[PE3] interface loopback 0

[PE3-LoopBack0] ipv6 address 3::3 128

[PE3-LoopBack0] ospfv3 1 area 0

[PE3-LoopBack0] quit

# Enable L2VPN.

[PE3] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2, the interface connected to PE 1.

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ipv6 address 10::3 64

[PE3-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/2] undo shutdown

[PE3-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3, the interface connected to PE 2.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] ipv6 address 30::3 64

[PE3-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/3] undo shutdown

[PE3-Ten-GigabitEthernet3/0/3] quit

# Establish IBGP connections to PE 1 and PE 2, and enable BGP EVPN to advertise route information to PE 1 and PE 2.

[PE3] bgp 100

[PE3-bgp-default] router-id 3.3.3.9

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 0

[PE3-bgp-default] peer 2::2 as-number 100

[PE3-bgp-default] peer 2::2 connect-interface loopback 0

[PE3-bgp-default] address-family l2vpn evpn

[PE3-bgp-default-evpn] peer 1::1 enable

[PE3-bgp-default-evpn] peer 2::2 enable

[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE3-bgp-default-evpn] quit

[PE3-bgp-default] quit

[PE3] vsi vpna

[PE3-vsi-vpna] evpn encapsulation srv6

[PE3-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE3-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE3-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE3-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE3-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

[PE3-vsi-vpna-evpn-srv6] quit

# Map Ten-GigabitEthernet 3/0/1 to VSI vpna.

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] xconnect vsi vpna

[PE3-Ten-GigabitEthernet3/0/1] quit

# Configure a locator to apply for End.DT2U SIDs and End.DT2M SIDs.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 3::3

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 333:: 64 static 32

[PE3-segment-routing-ipv6-locator-aaa] quit

[PE3-segment-routing-ipv6] quit

6. Configure CE 2.

<CE2> system-view

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] ipv6 address 100::2 64

[CE2-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# On PE 1, display detailed VSI information. Verify that PE 1 has established an LDP PW with PE 4 and SRv6 PWs with PE 2 and PE 3.

[PE1] display l2vpn vsi verbose

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Diffserv Mode : -

Bandwidth : -

Broadcast Restrain : 5120 kbps

Multicast Restrain : 5120 kbps

Unknown Unicast Restrain: 5120 kbps

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : Unlimited

Local MAC aging time : 300 sec

Remote MAC aging time : 300 sec

Drop Unknown : Disabled

PW Redundancy Mode : Slave

Flooding : Enabled

ESI : 0000.0000.0000.0000.0000

Redundancy Mode : All-active

Straight-fwd PW-to-AC : Disabled

Statistics : Disabled

VXLAN ID : -

LDP PWs:

Peer PW ID Link ID State Flag

4.4.4.9 500 8 Up Main

Create time: 2020-10-30 17:17:21

Last time status changed: 2020-10-30 17:17:21

Last time PW went down: 2020-10-30 17:17:21

SRv6 tunnels:

Peer : 2::2

Link ID : 0x9000001

State : Up

Peer : 3::3

Link ID : 0x9000002

State : Up

# On PE 1, display detailed local ES information. Verify that the LDP PW (UPW) has multihoming settings.

[PE1] display evpn es local verbose

VSI name : vpna

ESI : 0001.0001.0001.0001.0001

Interface : -

Redundancy mode : All-active

State : Up

UPWs :

Link ID : 0x8

Service instance ID : -

Tag ID : 0

DF address : 1.1.1.9

Argument : ::2

# On PE 2, display detailed VSI information. Verify that PE 2 has established an LDP PW with PE 4 and SRv6 PWs with PE 1 and PE 3.

[PE2] display l2vpn vsi ver

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Diffserv Mode : -

Bandwidth : -

Broadcast Restrain : 5120 kbps

Multicast Restrain : 5120 kbps

Unknown Unicast Restrain: 5120 kbps

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : Unlimited

Local MAC aging time : 300 sec

Remote MAC aging time : 300 sec

Drop Unknown : Disabled

PW Redundancy Mode : Slave

Flooding : Enabled

ESI : 0000.0000.0000.0000.0000

Redundancy Mode : All-active

Straight-fwd PW-to-AC : Disabled

Statistics : Disabled

VXLAN ID : -

LDP PWs:

Peer PW ID Link ID State Flag

4.4.4.9 500 8 Up Main

Create time: 2020-10-30 17:22:30

Last time status changed: 2020-10-30 17:33:55

Last time PW went down: 2020-10-30 17:33:55

SRv6 tunnels:

Peer : 1::1

Link ID : 0x9000001

State : Up

Peer : 3::3

Link ID : 0x9000002

State : Up

# On PE 2, display detailed local ES information. Verify that the LDP PW (UPW) has multihoming settings.

[PE2] display evpn es local verbose

VSI name : vpna

ESI : 0001.0001.0001.0001.0001

Interface : -

Redundancy mode : All-active

State : Up

UPWs :

Link ID : 0x8

Service instance ID : -

Tag ID : 0

DF address : 1.1.1.9

Argument : ::2

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

Example: Configuring intercommunication between EVPN VPLS over SRv6 and EVPN VPWS over SRv6 networks

Network configuration

As shown in Figure 337:

· In the EVPN VPWS over SRv6 network, CE 1 is dualhomed to PE 1 and PE 4.

· PE 2 and PE 3 are boundary PEs deployed at the edge of the EVPN VPLS over SRv6 and EVPN VPWS over SRv6 networks.

· PE 1 and PE 4 are dualhomed to PE 2 and PE 3.

· In the EVPN VPLS over SRv6 network, CE 2 and CE 3 are dualhomed to PE 2 and PE 3.

For intercommunication between the EVPN VPLS over SRv6 and EVPN VPWS over SRv6 networks, configure intercommunication between EVPN VPLS over SRv6 and EVPN VPWS over SRv6 networks on PE 2 and PE 3.

Figure 337 Network diagram

‌

Table 140 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
PE 1	Loop0	1::1/128	PE 4	Loop0	4::4/128
	XGE3/0/1	-		XGE3/0/1	-
	XGE3/0/2	10::1/64		XGE3/0/2	50::4/64
	XGE3/0/3	20::1/64		XGE3/0/3	60::4/64
	XGE3/0/4	40::1/64		XGE3/0/4	40::4/64
PE 2	Loop0	2::2/128	PE 3	Loop0	3::3/128
	XGE3/0/1	20::2/64		XGE3/0/1	10::3/64
	XGE3/0/2	30::2/64		XGE3/0/2	30::3/64
	XGE3/0/3	-		XGE3/0/3	-
	XGE3/0/4	-		XGE3/0/4	-
	XGE3/0/5	60::2/64		XGE3/0/5	50::3/64
CE 1	RAGG1	100::1/64	CE 2	RAGG1	100::2/64
CE 3	RAGG1	100::3/64

Procedure

1. Configure CE 1:

# Create Layer 3 aggregate interface 1 and configure the aggregation group to operate in dynamic aggregation mode. Assign an IPv6 address and prefix length to the aggregate interface.

<CE1> system-view

[CE1] interface route-aggregation 1

[CE1-Route-Aggregation1] link-aggregation mode dynamic

[CE1-Route-Aggregation1] ipv6 address 100::1 64

[CE1-Route-Aggregation1] quit

# Assign interfaces Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to aggregation group 1.

[CE1] interface ten-gigabitethernet 3/0/1

[CE1-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[CE1-Ten-GigabitEthernet3/0/1] quit

[CE1] interface ten-gigabitethernet 3/0/2

[CE1-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[CE1-Ten-GigabitEthernet3/0/2] quit

2. Configure PE 1:

# Run OSPFv3.

<PE1> system-view

[PE1] ospfv3

[PE1-ospfv3-1] router-id 1.1.1.1

[PE1-ospfv3-1] segment-routing ipv6 locator aaa

[PE1-ospfv3-1] area 0

[PE1-ospfv3-1-area-0.0.0.0] quit

[PE1-ospfv3-1] quit

# Configure Loopback 0.

[PE1] interface loopback 0

[PE1-LoopBack0] ipv6 address 1::1 128

[PE1-LoopBack0] ospfv3 1 area 0

[PE1-LoopBack0] quit

# Enable L2VPN.

[PE1] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 3).

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] ipv6 address 10::1 64

[PE1-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/2] undo shutdown

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3 (the interface connected to PE 2).

[PE1] interface ten-gigabitethernet 3/0/3

[PE1-Ten-GigabitEthernet3/0/3] ipv6 address 20::1 64

[PE1-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/3] undo shutdown

[PE1-Ten-GigabitEthernet3/0/3] quit

# Configure Ten-GigabitEthernet 3/0/4 (the interface connected to PE 4).

[PE1] interface ten-gigabitethernet 3/0/4

[PE1-Ten-GigabitEthernet3/0/4] ipv6 address 40::1 64

[PE1-Ten-GigabitEthernet3/0/4] ospfv3 1 area 0

[PE1-Ten-GigabitEthernet3/0/4] undo shutdown

[PE1-Ten-GigabitEthernet3/0/4] quit

# Configure PE 1 to establish IBGP connections with PE 2, PE 3, and PE 4, and use BGP EVPN to advertise route information.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] peer 2::2 as-number 100

[PE1-bgp-default] peer 2::2 connect-interface loopback 0

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] peer 4::4 as-number 100

[PE1-bgp-default] peer 4::4 connect-interface loopback 0

[PE1-bgp-default] address-family l2vpn evpn

[PE1-bgp-default-evpn] peer 2::2 enable

[PE1-bgp-default-evpn] peer 3::3 enable

[PE1-bgp-default-evpn] peer 4::4 enable

[PE1-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE1-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE1-bgp-default-evpn] peer 4::4 advertise encap-type srv6

[PE1-bgp-default-evpn] quit

[PE1-bgp-default] quit

# Assign an ESI to site-facing interface Ten-GigabitEthernet 3/0/1 and set the redundancy mode to all-active on the interface.

[PE1] interface ten-gigabitethernet 3/0/1

[PE1-Ten-GigabitEthernet3/0/1] esi 1.1.1.1.1

[PE1-Ten-GigabitEthernet3/0/1] evpn redundancy-mode all-active

[PE1-Ten-GigabitEthernet3/0/1] quit

# Create cross-connect group vpna and create an EVPN instance that uses SRv6 encapsulation for the cross-connect group. Configure an RD and route targets for the EVPN instance, enable SRv6 BE route recursion mode, and enable local FRR for the EVPN instance.

[PE1] xconnect-group vpna

[PE1-xcg-vpna] evpn encapsulation srv6

[PE1-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE1-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE1-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE1-xcg-vpna-evpn-srv6] evpn frr local enable

[PE1-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1, associate interface Ten-GigabitEthernet 3/0/1 with the cross-connect. Create an SRv6 tunnel on the cross-connect for association between the AC and SRv6 tunnel.

[PE1-xcg-vpna] connection pw1

[PE1-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/0/1

[PE1-xcg-vpna-pw1-Ten-GigabitEthernet3/0/1] quit

[PE1-xcg-vpna-pw1] evpn local-service-id 5001 remote-service-id 5000

[PE1-xcg-vpna-pw1-2-1] quit

# Apply locator aaa to cross-connect pw1.

[PE1-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE1-xcg-vpna-pw1] quit

[PE1-xcg-vpna] quit

# Configure locator aaa for SRv6 SID allocation.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 111:: 64 static 32

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

3. Configure PE 2:

# Run OSPFv3.

<PE2> system-view

[PE2] ospfv3

[PE2-ospfv3-1] router-id 2.2.2.2

[PE2-ospfv3-1] segment-routing ipv6 locator aaa

[PE2-ospfv3-1] area 0.0.0.0

[PE2-ospfv3-1-area-0.0.0.0] quit

[PE2-ospfv3-1] quit

# Configure Loopback 0.

[PE2] interface loopback 0

[PE2-LoopBack0] ipv6 address 2::2 128

[PE2-LoopBack0] ospfv3 1 area 0

[PE2-LoopBack0] quit

# Enable L2VPN.

[PE2] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to PE 1).

[PE2] interface ten-gigabitethernet 3/0/1

[PE2-Ten-GigabitEthernet3/0/1] ipv6 address 20::2 64

[PE2-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/1] undo shutdown

[PE2-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 3).

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] ipv6 address 30::2 64

[PE2-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/2] undo shutdown

[PE2-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/5 (the interface connected to PE 4).

[PE2] interface ten-gigabitethernet 3/0/5

[PE2-Ten-GigabitEthernet3/0/5] ipv6 address 60::2 64

[PE2-Ten-GigabitEthernet3/0/5] ospfv3 1 area 0

[PE2-Ten-GigabitEthernet3/0/5] undo shutdown

[PE2-Ten-GigabitEthernet3/0/5] quit

# Configure PE 2 to establish IBGP connections with PE 1, PE 3, and PE 4, and use BGP EVPN to advertise route information.

[PE2] bgp 100

[PE2-bgp-default] router-id 2.2.2.2

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] peer 3::3 as-number 100

[PE2-bgp-default] peer 3::3 connect-interface loopback 0

[PE2-bgp-default] peer 4::4 as-number 100

[PE2-bgp-default] peer 4::4 connect-interface loopback 0

[PE2-bgp-default] address-family l2vpn evpn

[PE2-bgp-default-evpn] peer 1::1 enable

[PE2-bgp-default-evpn] peer 3::3 enable

[PE2-bgp-default-evpn] peer 4::4 enable

[PE2-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE2-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE2-bgp-default-evpn] peer 4::4 advertise encap-type srv6

[PE2-bgp-default-evpn] quit

[PE2-bgp-default] quit

# Create VSI vpna and create an EVPN instance that uses SRv6 encapsulation for the VSI. Configure an RD and route targets for the EVPN instance, enable SRv6 BE route recursion mode, and apply a locator to the EVPN instance.

[PE2] vsi vpna

[PE2-vsi-vpna] esi 4.4.4.4.4

[PE2-vsi-vpna] evpn encapsulation srv6

[PE2-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE2-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE2-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

# Create an SRv6 PW for intercommunication with the EVPN VPWS over SRv6 network for VSI vpna.

[PE2-vsi-vpna-evpn-srv6] evpn vpws local-service-id 5000 remote-service0id 5001 forwarding-preferred

[PE2-vsi-vpna-evpn-srv6] quit

[PE2-vsi-vpna] quit

# Assign an ESI to site-facing interface Ten-GigabitEthernet 3/0/3, set the redundancy mode to all-active on the interface, and map the interface to VSI vpna.

[PE2] interface ten-gigabitethernet 3/0/3

[PE2-Ten-GigabitEthernet3/0/3] esi 2.2.2.2.2

[PE2-Ten-GigabitEthernet3/0/3] evpn redundancy-mode all-active

[PE2-Ten-GigabitEthernet3/0/3] xconnect vsi vpna

[PE2-Ten-GigabitEthernet3/0/3] quit

# Assign an ESI to site-facing interface Ten-GigabitEthernet 3/0/4, set the redundancy mode to all-active on the interface, and map the interface to VSI vpna.

[PE2] interface ten-gigabitethernet 3/0/4

[PE2-Ten-GigabitEthernet3/0/4] esi 3.3.3.3.3

[PE2-Ten-GigabitEthernet3/0/4] evpn redundancy-mode all-active

[PE2-Ten-GigabitEthernet3/0/4] xconnect vsi vpna

[PE2-Ten-GigabitEthernet3/0/4] quit

# Configure locator aaa for SRv6 SID allocation.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 2::2

[PE2-segment-routing-ipv6] locator aaa ipv6-prefix 222:: 64 static 32

[PE2-segment-routing-ipv6-locator-aaa] quit

[PE2-segment-routing-ipv6] quit

4. Configure PE 3:

# Run OSPFv3.

<PE3> system-view

[PE3] ospfv3

[PE3-ospfv3-1] router-id 3.3.3.3

[PE3-ospfv3-1] segment-routing ipv6 locator aaa

[PE3-ospfv3-1] area 0.0.0.0

[PE3-ospfv3-1-area-0.0.0.0] quit

[PE3-ospfv3-1] quit

# Configure Loopback 0.

[PE3] interface loopback 0

[PE3-LoopBack0] ipv6 address 3::3 128

[PE3-LoopBack0] ospfv3 1 area 0

[PE3-LoopBack0] quit

# Enable L2VPN.

[PE3] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/1 (the interface connected to PE 1).

[PE3] interface ten-gigabitethernet 3/0/1

[PE3-Ten-GigabitEthernet3/0/1] ipv6 address 10::3 64

[PE3-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/1] undo shutdown

[PE3-Ten-GigabitEthernet3/0/1] quit

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 2).

[PE3] interface ten-gigabitethernet 3/0/2

[PE3-Ten-GigabitEthernet3/0/2] ipv6 address 30::3 64

[PE3-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/2] undo shutdown

[PE3-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/5 (the interface connected to PE 4).

[PE3] interface ten-gigabitethernet 3/0/5

[PE3-Ten-GigabitEthernet3/0/5] ipv6 address 50::3 64

[PE3-Ten-GigabitEthernet3/0/5] ospfv3 1 area 0

[PE3-Ten-GigabitEthernet3/0/5] undo shutdown

[PE3-Ten-GigabitEthernet3/0/5] quit

# Configure PE 3 to establish IBGP connections with PE 1, PE 2, and PE 4, and use BGP EVPN to advertise route information.

[PE3] bgp 100

[PE3-bgp-default] router-id 3.3.3.3

[PE3-bgp-default] peer 1::1 as-number 100

[PE3-bgp-default] peer 1::1 connect-interface loopback 0

[PE3-bgp-default] peer 2::2 as-number 100

[PE3-bgp-default] peer 2::2 connect-interface loopback 0

[PE3-bgp-default] peer 4::4 as-number 100

[PE3-bgp-default] peer 4::4 connect-interface loopback 0

[PE3-bgp-default] address-family l2vpn evpn

[PE3-bgp-default-evpn] peer 1::1 enable

[PE3-bgp-default-evpn] peer 2::2 enable

[PE3-bgp-default-evpn] peer 4::4 enable

[PE3-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE3-bgp-default-evpn] peer 2::2 advertise encap-type srv6

[PE3-bgp-default-evpn] peer 4::4 advertise encap-type srv6

[PE3-bgp-default-evpn] quit

[PE3-bgp-default] quit

[PE3] vsi vpna

[PE3-vsi-vpna] esi 4.4.4.4.4

[PE3-vsi-vpna] evpn encapsulation srv6

[PE3-vsi-vpna-evpn-srv6] route-distinguisher 1:1

[PE3-vsi-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE3-vsi-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE3-vsi-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE3-vsi-vpna-evpn-srv6] segment-routing ipv6 locator aaa

# Create an SRv6 PW for intercommunication with the EVPN VPWS over SRv6 network for VSI vpna.

[PE3-vsi-vpna-evpn-srv6] evpn vpws local-service-id 5000 remote-service0id 5001 forwarding-preferred

[PE3-vsi-vpna-evpn-srv6] quit

[PE3-vsi-vpna] quit

# Assign an ESI to site-facing interface Ten-GigabitEthernet 3/0/3, set the redundancy mode to all-active on the interface, and map the interface to VSI vpna.

[PE3] interface ten-gigabitethernet 3/0/3

[PE3-Ten-GigabitEthernet3/0/3] esi 2.2.2.2.2

[PE3-Ten-GigabitEthernet3/0/3] evpn redundancy-mode all-active

[PE3-Ten-GigabitEthernet3/0/3] xconnect vsi vpna

[PE3-Ten-GigabitEthernet3/0/3] quit

# Assign an ESI to site-facing interface Ten-GigabitEthernet 3/0/4, set the redundancy mode to all-active on the interface, and map the interface to VSI vpna.

[PE3] interface ten-gigabitethernet 3/0/4

[PE3-Ten-GigabitEthernet3/0/4] esi 3.3.3.3.3

[PE3-Ten-GigabitEthernet3/0/4] evpn redundancy-mode all-active

[PE3-Ten-GigabitEthernet3/0/4] xconnect vsi vpna

[PE3-Ten-GigabitEthernet3/0/4] quit

# Configure locator aaa for SRv6 SID allocation.

[PE3] segment-routing ipv6

[PE3-segment-routing-ipv6] encapsulation source-address 3::3

[PE3-segment-routing-ipv6] locator aaa ipv6-prefix 333:: 64 static 32

[PE3-segment-routing-ipv6-locator-aaa] quit

[PE3-segment-routing-ipv6] quit

5. Configure PE 4:

# Run OSPFv3.

<PE4> system-view

[PE4] ospfv3

[PE4-ospfv3-1] router-id 4.4.4.4

[PE4-ospfv3-1] segment-routing ipv6 locator aaa

[PE4-ospfv3-1] area 0

[PE4-ospfv3-1-area-0.0.0.0] quit

[PE4-ospfv3-1] quit

# Configure Loopback 0.

[PE4] interface loopback 0

[PE4-LoopBack0] ipv6 address 4::4 128

[PE4-LoopBack0] ospfv3 1 area 0

[PE4-LoopBack0] quit

# Enable L2VPN.

[PE4] l2vpn enable

# Configure Ten-GigabitEthernet 3/0/2 (the interface connected to PE 3).

[PE4] interface ten-gigabitethernet 3/0/2

[PE4-Ten-GigabitEthernet3/0/2] ipv6 address 50::4 64

[PE4-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0

[PE4-Ten-GigabitEthernet3/0/2] undo shutdown

[PE4-Ten-GigabitEthernet3/0/2] quit

# Configure Ten-GigabitEthernet 3/0/3 (the interface connected to PE 2).

[PE4] interface ten-gigabitethernet 3/0/3

[PE4-Ten-GigabitEthernet3/0/3] ipv6 address 60::4 64

[PE4-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0

[PE4-Ten-GigabitEthernet3/0/3] undo shutdown

[PE4-Ten-GigabitEthernet3/0/3] quit

# Configure Ten-GigabitEthernet 3/0/4 (the interface connected to PE 1).

[PE4] interface ten-gigabitethernet 3/0/4

[PE4-Ten-GigabitEthernet3/0/4] ipv6 address 40::4 64

[PE4-Ten-GigabitEthernet3/0/4] ospfv3 1 area 0

[PE4-Ten-GigabitEthernet3/0/4] undo shutdown

[PE4-Ten-GigabitEthernet3/0/4] quit

# Configure PE 4 to establish IBGP connections with PE 1, PE 2, and PE 3, and use BGP EVPN to advertise route information.

[PE4] bgp 100

[PE4-bgp-default] router-id 4.4.4.4

[PE4-bgp-default] peer 1::1 as-number 100

[PE4-bgp-default] peer 1::1 connect-interface loopback 0

[PE4-bgp-default] peer 2::2 as-number 100

[PE4-bgp-default] peer 2::2 connect-interface loopback 0

[PE4-bgp-default] peer 3::3 as-number 100

[PE4-bgp-default] peer 3::3 connect-interface loopback 0

[PE4-bgp-default] address-family l2vpn evpn

[PE4-bgp-default-evpn] peer 1::1 enable

[PE4-bgp-default-evpn] peer 2::2 enable

[PE4-bgp-default-evpn] peer 3::3 enable

[PE4-bgp-default-evpn] peer 4::4 advertise encap-type srv6

[PE4-bgp-default-evpn] peer 1::1 advertise encap-type srv6

[PE4-bgp-default-evpn] peer 3::3 advertise encap-type srv6

[PE4-bgp-default-evpn] quit

[PE4-bgp-default] quit

# Assign an ESI to site-facing interface Ten-GigabitEthernet 3/0/1 and set the redundancy mode to all-active on the interface.

[PE4] interface ten-gigabitethernet 3/0/1

[PE4-Ten-GigabitEthernet3/0/1] esi 1.1.1.1.1

[PE4-Ten-GigabitEthernet3/0/1] evpn redundancy-mode all-active

[PE4-Ten-GigabitEthernet3/0/1] quit

# Create cross-connect group vpna and create an EVPN instance that uses SRv6 encapsulation for the EVPN instance. Configure an RD and route targets for the EVPN instance, enable SRv6 BE route recursion mode, and enable local FRR for the EVPN instance.

[PE4] xconnect-group vpna

[PE4-xcg-vpna] evpn encapsulation srv6

[PE4-xcg-vpna-evpn-srv6] route-distinguisher 1:1

[PE4-xcg-vpna-evpn-srv6] vpn-target 1:1 export-extcommunity

[PE4-xcg-vpna-evpn-srv6] vpn-target 1:1 import-extcommunity

[PE4-xcg-vpna-evpn-srv6] segment-routing ipv6 best-effort

[PE4-xcg-vpna-evpn-srv6] evpn frr local enable

[PE4-xcg-vpna-evpn-srv6] quit

# Create cross-connect pw1, associate interface Ten-GigabitEthernet 3/0/1 with the cross-connect. Create an SRv6 tunnel on the cross-connect for association between the AC and SRv6 tunnel.

[PE4-xcg-vpna] connection pw1

[PE4-xcg-vpna-pw1] ac interface ten-gigabitethernet 3/0/1

[PE4-xcg-vpna-pw1-Ten-GigabitEthernet3/0/1] quit

[PE4-xcg-vpna-pw1] evpn local-service-id 5001 remote-service-id 5000

[PE4-xcg-vpna-pw1-2-1] quit

# Apply locator aaa to cross-connect pw1.

[PE4-xcg-vpna-pw1] segment-routing ipv6 locator aaa

[PE4-xcg-vpna-pw1] quit

[PE4-xcg-vpna] quit

# Configure locator aaa for SRv6 SID allocation.

[PE4] segment-routing ipv6

[PE4-segment-routing-ipv6] encapsulation source-address 4::4

[PE4-segment-routing-ipv6] locator aaa ipv6-prefix 444:: 64 static 32

[PE4-segment-routing-ipv6-locator-aaa] quit

[PE4-segment-routing-ipv6] quit

6. Configure CE 2:

# Create Layer 3 aggregate interface 1 and configure the aggregation group to operate in dynamic aggregation mode. Assign an IPv6 address and prefix length to the aggregate interface.

<CE2> system-view

[CE2] interface route-aggregation 1

[CE2-Route-Aggregation1] link-aggregation mode dynamic

[CE2-Route-Aggregation1] ipv6 address 100::2 64

[CE2-Route-Aggregation1] quit

# Assign interfaces Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to aggregation group 1.

[CE2] interface ten-gigabitethernet 3/0/1

[CE2-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[CE2-Ten-GigabitEthernet3/0/1] quit

[CE2] interface ten-gigabitethernet 3/0/2

[CE2-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[CE2-Ten-GigabitEthernet3/0/2] quit

7. Configure CE 3:

# Create Layer 3 aggregate interface 1 and configure the aggregation group to operate in dynamic aggregation mode. Assign an IPv6 address and prefix length to the aggregate interface.

<CE3> system-view

[CE3] interface route-aggregation 1

[CE3-Route-Aggregation1] link-aggregation mode dynamic

[CE3-Route-Aggregation1] ipv6 address 100::3 64

[CE3-Route-Aggregation1] quit

# Assign interfaces Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to aggregation group 1.

[CE3] interface ten-gigabitethernet 3/0/1

[CE3-Ten-GigabitEthernet3/0/1] port link-aggregation group 1

[CE3-Ten-GigabitEthernet3/0/1] quit

[CE3] interface ten-gigabitethernet 3/0/2

[CE3-Ten-GigabitEthernet3/0/2] port link-aggregation group 1

[CE3-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# On PE 1, display L2VPN SRv6 information. Verify that PE 1 has established SRv6 tunnels with PE 2 and PE 3 and the two SRv6 tunnels are ECMP tunnels for load sharing.

[PE1] display l2vpn peer srv6

Total number of SRv6 Tunnels: 2

2 up, 0 blocked, 0 down, 0 defect

Xconnect-group Name: vpna

Peer : 2::2

Flag : ECMP

State : Up

Remote SrvID : 5000

Peer : 3::3

Flag : ECMP

State : Up

Remote SrvID : 5000

# On PE 1, display SRv6 forwarding information.

[PE1] display l2vpn forwarding srv6

Total number of cross-connections: 1

Total number of SRv6 tunnels: 2, 2 up, 0 blocked, 0 down

Xconnect-group Name : vpna

Connection Name : pw1

Link ID : 0x1 Type: BE State: Up

In SID : 111::1:0:2

Out SID : 222::1:0:3

Link ID : 0x1 Type: BE State: Up

In SID : 111::1:0:2

Out SID : 333::1:0:3

# Verify that CE 1 and CE 2 can ping each other and CE 1 and CE 3 can ping each other. (Details not shown.)

Public network IP over SRv6 configuration examples

Example: Configuring public network IPv6 over SRv6 in SRv6 BE mode

Network configuration

As shown in Figure 338, the backbone network is an IPv6 network. Deploy public network IPv6 over SRv6 between PE 1 and PE 2 and use an SRv6 tunnel to transmit IPv4 traffic between the PEs.

· Configure EBGP to exchange customer site routing information between the CEs and PEs.

· Configure IPv6 IS-IS on the PEs in the same AS to realize IPv6 network connectivity.

· Configure IBGP to exchange IPv4 routing information between the PEs.

Figure 338 Network diagram

‌

Table 141 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	111::1/96	PE 2	Loop0	3::3/128
PE 1	Loop0	1::1/128		XGE3/0/1	222::2/96
	XGE3/0/1	111::2/96		XGE3/0/2	2002::1/96
	XGE3/0/2	2001::1/96	CE 2	XGE3/0/1	222::1/96
P	Loop0	2::2/128
	XGE3/0/1	2001::2/96
	XGE3/0/2	2002::2/96

‌

Prerequisites

Configure IP addresses for the interfaces (including the Loopback interfaces), as shown in Figure 338.

Procedure

1. Configure IPv6 IS-IS on the PEs and device P for network connectivity between the devices:

# Configure PE 1.

<PE1> system-view

[PE1] isis 1

[PE1-isis-1] is-level level-1

[PE1-isis-1] cost-style wide

[PE1-isis-1] network-entity 10.1111.1111.1111.00

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

[PE1] interface loopback 0

[PE1-LoopBack0] isis ipv6 enable 1

[PE1-LoopBack0] quit

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[PE1-Ten-GigabitEthernet3/0/2] quit

# Configure P.

system-view

[P] isis

[P-isis-1] is-level level-1

[P-isis-1] cost-style wide

[P-isis-1] network-entity 10.2222.2222.2222.00

[P-isis-1] address-family ipv6 unicast

[P-isis-1-ipv6] quit

[P-isis-1] quit

[P] interface loopback 0

[P-LoopBack0] isis ipv6 enable

[P-LoopBack0] quit

[P] interface ten-gigabitethernet 3/0/1

[P-Ten-GigabitEthernet3/0/1] isis ipv6 enable

[P-Ten-GigabitEthernet3/0/1] quit

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[P-Ten-GigabitEthernet3/0/2] quit

# Configure PE 2.

<PE2> system-view

[PE2] isis

[PE2-isis-1] is-level level-1

[PE2-isis-1] cost-style wide

[PE2-isis-1] network-entity 10.3333.3333.3333.00

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

[PE2] interface loopback 0

[PE2-LoopBack0] isis ipv6 enable

[PE2-LoopBack0] quit

[PE2] interface ten-gigabitethernet 3/0/2

[PE2-Ten-GigabitEthernet3/0/2] isis ipv6 enable

[PE2-Ten-GigabitEthernet3/0/2] quit

2. Set up an EBGP peer relationship between each PE and its local CE and distribute CE routes to EBGP:

# Configure CE 1.

<CE1> system-view

[CE1] bgp 65410

[CE1-bgp-default] peer 111::2 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 111::2 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

# Configure CE 2 in the same way as CE 1 is configured. (Details not shown.)

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] router-id 1.1.1.1

[PE1-bgp-default] peer 111::1 as-number 65410

[PE1-bgp-default] address-family ipv6 unicast

[PE1-bgp-default-ipv6] peer 111::1 enable

[PE1-bgp-default-ipv6] import-route direct

[PE1-bgp-default-ipv6] quit

[PE1-bgp-default] quit

# Configure PE 2 in the same way PE 1 is configured. (Details not shown.)

3. Set up an IBGP peer relationship between PE 1 and PE 2:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] peer 3::3 as-number 100

[PE1-bgp-default] peer 3::3 connect-interface loopback 0

[PE1-bgp-default] address-family ipv6 unicast

[PE1-bgp-default-ipv6] peer 3::3 enable

[PE1-bgp-default-ipv6] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] peer 1::1 as-number 100

[PE2-bgp-default] peer 1::1 connect-interface loopback 0

[PE2-bgp-default] address-family ipv6 unicast

[PE2-bgp-default-ipv6] peer 1::1 enable

[PE2-bgp-default-ipv6] quit

[PE2-bgp-default] quit

4. Specify a source address for the outer IPv6 header of SRv6-encapsulated public network IP packets on PE 1 and PE 2:

# Configure PE 1.

[PE1] segment-routing ipv6

[PE1-segment-routing-ipv6] encapsulation source-address 1::1

# Configure PE 2.

[PE2] segment-routing ipv6

[PE2-segment-routing-ipv6] encapsulation source-address 3::3

5. Configure the destination address (End.DT4 SID) of the outer IPv6 header for SRv6-encapsulated public network IP packets:

# Configure PE 1.

[PE1-segment-routing-ipv6] locator aaa ipv6-prefix 1:2::1:0 96 static 8

[PE1-segment-routing-ipv6-locator-aaa] quit

[PE1-segment-routing-ipv6] quit

[PE1] isis 1

[PE1-isis-1] address-family ipv6 unicast

[PE1-isis-1-ipv6] segment-routing ipv6 locator aaa

[PE1-isis-1-ipv6] quit

[PE1-isis-1] quit

# Configure PE 2.

[PE2-segment-routing-ipv6] locator bbb ipv6-prefix 6:5::1:0 96 static 8

[PE2-segment-routing-ipv6-locator-bbb] quit

[PE2-segment-routing-ipv6] quit

[PE2] isis 1

[PE2-isis-1] address-family ipv6 unicast

[PE2-isis-1-ipv6] segment-routing ipv6 locator bbb

[PE2-isis-1-ipv6] quit

[PE2-isis-1] quit

6. Add End.DT4 SIDs to public network routes of the customer sites on PE 1 and PE 2:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] address-family ipv6 unicast

[PE1-bgp-default-ipv6] segment-routing ipv6 locator aaa

[PE1-bgp-default-ipv6] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] address-family ipv6 unicast

[PE2-bgp-default-ipv6] segment-routing ipv6 locator bbb

[PE2-bgp-default-ipv6] quit

[PE2-bgp-default] quit

7. Enable IPv6 peers on the PEs to exchange End.DT4 SIDs and enable SRv6 BE route recursion mode:

# Configure PE 1.

[PE1] bgp 100

[PE1-bgp-default] address-family ipv6 unicast

[PE1-bgp-default-ipv6] peer 3::3 prefix-sid

[PE1-bgp-default-ipv6] segment-routing ipv6 best-effort

[PE1-bgp-default-ipv6] quit

[PE1-bgp-default] quit

# Configure PE 2.

[PE2] bgp 100

[PE2-bgp-default] address-family ipv6 unicast

[PE2-bgp-default-ipv6] peer 1::1 prefix-sid

[PE2-bgp-default-ipv6] segment-routing ipv6 best-effort

[PE2-bgp-default-ipv6] quit

[PE2-bgp-default] quit

Verifying the configuration

# Display IPv6 routing table information on the PEs and verify that each PE has a route destined for the remote CE and the next hop of the route is the End.DT4 SID of the route. This step uses PE 1 as an example.

[PE1] display ipv6 routing-table 222::1 96

Summary count : 1

Destination: 222::/96 Protocol : BGP4+

NextHop : 6:5:: Preference: 255

Interface : XGE3/0/2 Cost : 0

# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)

SRv6 network slicing configuration examples

Example: Configuring SRv6 network slicing

Network configuration

As shown in Figure 339, perform the following tasks on the devices to forward user packets through the network slice on Device A, Device B, Device C, and Device D:

· Configure Device A through Device D to run IS-IS to implement Layer 3 connectivity.

· Deploy an NSI on Device A through Device D. Configure a network slice channel on the output interfaces of Device A through Device D.

· Configure an SRv6 TE policy associated with the NSI to forward user packets along path Device A > Device B > Device C > Device D

Figure 339 Network diagram

‌

Device	Interface	IP address	Device	Interface	IP address
Device A	Loop1	1::1/128	Device B	Loop1	2::2/128
	XGE3/0/1	1000::1/64		XGE3/0/1	1000::2/64
	XGE3/0/2	4000::1/64		XGE3/0/2	2000::2/64
Device C	Loop1	3::3/128	Device D	Loop1	4::4/128
	XGE3/0/1	3000::3/64		XGE3/0/1	3000::4/64
	XGE3/0/2	2000::3/64		XGE3/0/2	4000::4/64

Procedure

1. Configure IPv6 addresses and prefix lengths for the interfaces. (Details not shown.)

2. Configure Device A:

# Create NSI 1, specify the protocol number for the IPv6 hop-by-hop extension header, and enable network slice packet statistics.

<DeviceA> system-view

[DeviceA] network-slice

[DeviceA-network-slice] protocol-number 160

[DeviceA-network-slice] statistics enable

[DeviceA-network-slice] instance 1

[DeviceA-network-slice-instance-1] quit

# Configure a network slice channel on the interface.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] network-slice enable

[DeviceA-Ten-GigabitEthernet3/0/1-network-slice] slice-id 1 flex-channel 100

[DeviceA-Ten-GigabitEthernet3/0/1-network-slice] quit

[DeviceA-Ten-GigabitEthernet3/0/1] quit

# Specify the source address in the IPv6 header that the SRv6 VPN encapsulates into the IPv6 packets.

[DeviceA] segment-routing ipv6

[DeviceA-segment-routing-ipv6] encapsulation source-address 11::11

# Configure a locator and configure SRv6 End SIDs.

[DeviceA-segment-routing-ipv6] locator a ipv6-prefix 5000:: 64 static 32

[DeviceA-segment-routing-ipv6-locator-a] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a] quit

# Specify a locator for the BSID of the SRv6 TE policy.

[DeviceA-segment-routing-ipv6] traffic-engineering

[DeviceA-srv6-te] srv6-policy locator a

# Configure an SID list.

[DeviceA-srv6-te] segment-list s1

[DeviceA-srv6-te-sl-s1] index 10 ipv6 6000::1

[DeviceA-srv6-te-sl-s1] index 20 ipv6 7000::1

[DeviceA-srv6-te-sl-s1] index 30 ipv6 8000::1

[DeviceA-srv6-te-sl-s1] quit

# Create SRv6 TE policy p1 and configure its attributes. Associate NSI 1 with SRv6 TE policy p1.

[DeviceA-srv6-te] policy p1

[DeviceA-srv6-te-policy-p1] binding-sid ipv6 5000::2

[DeviceA-srv6-te-policy-p1] color 10 end-point ipv6 4::4

[DeviceA-srv6-te-policy-p1] candidate-paths

[DeviceA-srv6-te-policy-p1-path] preference 10

[DeviceA-srv6-te-policy-p1-path-pref-10] network-slice 1

[DeviceA-srv6-te-policy-p1-path-pref-10] explicit segment-list s1

[DeviceA-srv6-te-policy-p1-path-pref-10] quit

[DeviceA-srv6-te-policy-p1-path] quit

[DeviceA-srv6-te-policy-p1] quit

[DeviceA-srv6-te] quit

[DeviceA-segment-routing-ipv6] quit

# Configure IS-IS and set the IS-IS cost style to wide.

[DeviceA] isis 1

[DeviceA-isis-1] network-entity 00.0000.0000.0001.00

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] address-family ipv6 unicast

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface loopback 1

[DeviceA-LoopBack1] isis ipv6 enable 1

[DeviceA-LoopBack1] quit

3. Configure Device B.

# Create NSI 1, specify the protocol number for the IPv6 hop-by-hop extension header, and enable network slice packet statistics.

<DeviceB> system-view

[DeviceB] network-slice

[DeviceB-network-slice] protocol-number 160

[DeviceB-network-slice] statistics enable

[DeviceB-network-slice] instance 1

[DeviceB-network-slice-instance-1] quit

# Configure a network slice channel on the interfaces.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] network-slice enable

[DeviceB-Ten-GigabitEthernet3/0/1-network-slice] slice-id 1 flex-channel 100

[DeviceB-Ten-GigabitEthernet3/0/1-network-slice] quit

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] network-slice enable

[DeviceB-Ten-GigabitEthernet3/0/2-network-slice] slice-id 1 flex-channel 100

[DeviceB-Ten-GigabitEthernet3/0/2-network-slice] quit

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Specify the SRv6 End SID.

[DeviceB] segment-routing ipv6

[DeviceB-segment-routing-ipv6] locator b ipv6-prefix 6000:: 64 static 32

[DeviceB-segment-routing-ipv6-locator-b] opcode 1 end

[DeviceB-segment-routing-ipv6-locator-b] quit

[DeviceB-segment-routing-ipv6] quit

# Configure IS-IS and set the IS-IS cost style to wide.

[DeviceB] isis 1

[DeviceB-isis-1] network-entity 00.0000.0000.0002.00

[DeviceB-isis-1] cost-style wide

[DeviceB-isis-1] address-family ipv6 unicast

[DeviceB-isis-1-ipv6] segment-routing ipv6 locator b

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/2] quit

[DeviceB] interface loopback 1

[DeviceB-LoopBack1] isis ipv6 enable 1

[DeviceB-LoopBack1] quit

4. Configure Device C.

# Create NSI 1, specify the protocol number for the IPv6 hop-by-hop extension header, and enable network slice packet statistics.

<DeviceC> system-view

[DeviceC] network-slice

[DeviceC-network-slice] protocol-number 160

[DeviceC-network-slice] statistics enable

[DeviceC-network-slice] instance 1

[DeviceC-network-slice-instance-1] quit

# Configure a network slice channel on the interfaces.

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] network-slice enable

[DeviceC-Ten-GigabitEthernet3/0/1-network-slice] slice-id 1 flex-channel 100

[DeviceC-Ten-GigabitEthernet3/0/1-network-slice] quit

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] network-slice enable

[DeviceC-Ten-GigabitEthernet3/0/2-network-slice] slice-id 1 flex-channel 100

[DeviceC-Ten-GigabitEthernet3/0/2-network-slice] quit

[DeviceC-Ten-GigabitEthernet3/0/2] quit

# Specify the SRv6 End SID.

[DeviceC] segment-routing ipv6

[DeviceC-segment-routing-ipv6] locator c ipv6-prefix 7000:: 64 static 32

[DeviceC-segment-routing-ipv6-locator-c] opcode 1 end

[DeviceC-segment-routing-ipv6-locator-c] quit

[DeviceC-segment-routing-ipv6] quit

# Configure IS-IS and set the IS-IS cost style to wide.

[DeviceC] isis 1

[DeviceC-isis-1] network-entity 00.0000.0000.0003.00

[DeviceC-isis-1] cost-style wide

[DeviceC-isis-1] address-family ipv6 unicast

[DeviceC-isis-1-ipv6] segment-routing ipv6 locator c

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/2] quit

[DeviceC] interface loopback 1

[DeviceC-LoopBack1] isis ipv6 enable 1

[DeviceC-LoopBack1] quit

5. Configure Device D.

# Create NSI 1, specify the protocol number for the IPv6 hop-by-hop extension header, and enable network slice packet statistics.

<DeviceD> system-view

[DeviceD] network-slice

[DeviceD-network-slice] protocol-number 160

[DeviceD-network-slice] statistics enable

[DeviceD-network-slice] instance 1

[DeviceD-network-slice-instance-1] quit

# Configure a network slice channel on the interface.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] network-slice enable

[DeviceD-Ten-GigabitEthernet3/0/1-network-slice] slice-id 1 flex-channel 100

[DeviceD-Ten-GigabitEthernet3/0/1-network-slice] quit

[DeviceD-Ten-GigabitEthernet3/0/1] quit

# Specify the SRv6 End SID.

[DeviceD] segment-routing ipv6

[DeviceD-segment-routing-ipv6] locator d ipv6-prefix 8000:: 64 static 32

[DeviceD-segment-routing-ipv6-locator-d] opcode 1 end

[DeviceD-segment-routing-ipv6-locator-d] quit

[DeviceD-segment-routing-ipv6] quit

# Configure IS-IS and set the IS-IS cost style to wide.

[DeviceD] isis 1

[DeviceD-isis-1] network-entity 00.0000.0000.0004.00

[DeviceD-isis-1] cost-style wide

[DeviceD-isis-1] address-family ipv6 unicast

[DeviceD-isis-1-ipv6] segment-routing ipv6 locator d

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/2] quit

[DeviceD] interface loopback 1

[DeviceD-LoopBack1] isis ipv6 enable 1

[DeviceD-LoopBack1] quit

Verifying the configuration

# Display SRv6 TE policy information on Device A.

[DeviceA] display segment-routing ipv6 te policy

Name/ID: p1/0

Color: 10

Endpoint: 4::4

Name from BGP:

BSID:

Mode: Explicit Type: Type_2 Request state: Succeeded

Current BSID: 5000::2 Explicit BSID: 5000::1 Dynamic BSID: -

Reference counts: 4

Flags: A/BS/NC

Status: Up

AdminStatus: Up

Up time: 2020-04-02 16:08:03

Down time: 2020-04-02 16:03:48

Hot backup: Disabled

Statistics: Disabled

Statistics by service class: Disabled

Path verification: Disabled

Drop-upon-invalid: Disabled

BFD trigger path-down: Disabled

SBFD: Disabled

BFD Echo: Disabled

Forwarding index: 2150629377

Association ID: 1

Service-class: -

Rate-limit: -

PCE delegation: Disabled

PCE delegate report-only: Disabled

Encapsulation mode: -

Candidate paths state: Configured

Candidate paths statistics:

CLI paths: 1 BGP paths: 0 PCEP paths: 0 ODN paths: 0

Candidate paths:

Preference : 10

Network slice ID: 1

CPathName:

ProtoOrigin: CLI Discriminator: 10

Instance ID: 0 Node address: 0.0.0.0

Originator: 0, ::

Optimal: Y Flags: V/A

Dynamic: Not configured

PCEP: Not configured

Explicit SID list:

ID: 1 Name: s1

Weight: 1 Forwarding index: 2149580801

State: Up State(-): -

Verification State: -

Path MTU: 1500 Path MTU Reserved: 0

Local BSID: -

Reverse BSID: -

The output shows that the SRv6 TE policy is up. The device can forward packets through the NSI associated with the SRv6 TE policy.

# Display brief packet statistics for NSI 1.

<Sysname> display network-slice statistics slice-id 1 interface ten-gigabitethernet 3/0/1

Network slice statistics

Interface : XGE3/0/1

Slice ID : 1

[total]

Pass: 42,430,945 packets, 7,298,122,540 bytes

Discard: 2,368,695,114 packets, 407,415,559,608 bytes

Last 50 seconds pass rate:

72,498 pps, 99,757,056 bps

Last 50 seconds discard rate:

4,048,135 pps, 5,570,233,752 bps

Last 5 seconds pass rate:

7298 pps, 99,757,056 bps

Last 5 seconds discard rate:

4148,135 pps, 5,570,233,752 bps

ACL configuration examples

Example: configuring interface-based packet filter

Network configuration

A company interconnects its departments through the device. Configure a packet filter to:

· Permit access from the President's office at any time to the financial database server.

· Permit access from the Finance department to the database server only during working hours (from 8:00 to 18:00) on working days.

· Deny access from any other department to the database server.

Figure 340 Network diagram

‌

Procedure

# Create a periodic time range from 8:00 to 18:00 on working days.

<Device> system-view

[Device] time-range work 08:0 to 18:00 working-day

# Create an IPv4 advanced ACL numbered 3000.

[Device] acl advanced 3000

# Configure a rule to permit access from the President's office to the financial database server.

[Device-acl-ipv4-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.100 0

# Configure a rule to permit access from the Finance department to the database server during working hours.

[Device-acl-ipv4-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work

# Configure a rule to deny access to the financial database server.

[Device-acl-ipv4-adv-3000] rule deny ip source any destination 192.168.0.100 0

[Device-acl-ipv4-adv-3000] quit

# Apply IPv4 advanced ACL 3000 to filter outgoing packets on interface Ten-GigabitEthernet 3/0/1.

[Device] interface ten-gigabitethernet 3/0/1

[Device-Ten-GigabitEthernet3/0/1] packet-filter 3000 outbound

[Device-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that a PC in the Finance department can ping the database server during working hours. (All PCs in this example use Windows XP).

C:\> ping 192.168.0.100

Pinging 192.168.0.100 with 32 bytes of data:

Reply from 192.168.0.100: bytes=32 time=1ms TTL=255

Reply from 192.168.0.100: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.0.100:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

# Verify that a PC in the Marketing department cannot ping the database server during working hours.

C:\> ping 192.168.0.100

Pinging 192.168.0.100 with 32 bytes of data:

Request timed out.

Ping statistics for 192.168.0.100:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

# Display configuration and match statistics for IPv4 advanced ACL 3000 on the device during working hours.

[Device] display acl 3000

Advanced IPv4 ACL 3000, 3 rules,

ACL's step is 5

rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.100 0

rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work (Active)

rule 10 deny ip destination 192.168.0.100 0

The output shows that rule 5 is active. Rule 5 and rule 10 have been matched four times as the result of the ping operations.

Traffic policing, GTS, and rate limit configuration examples

Example: Configuring traffic policing

Network configuration

As shown in Figure 341:

· The server, Host A, and Host B can access the Internet through Device A and Device B.

· The server, Host A, and Ten-GigabitEthernet 3/0/1 of Device A are in the same network segment.

· Host B and Ten-GigabitEthernet 3/0/2 of Device A are in the same network segment.

Perform traffic control for the packets that Ten-GigabitEthernet 3/0/1 of Device A receives from the server and Host A using the following guidelines:

· Limit the rate of packets from the server to 54 kbps. When the traffic rate is below 54 kbps, the traffic is forwarded. When the traffic rate exceeds 54 kbps, the excess packets are marked with IP precedence 0 and then forwarded.

· Limit the rate of packets from Host A to 8 kbps. When the traffic rate is below 8 kbps, the traffic is forwarded. When the traffic rate exceeds 8 kbps, the excess packets are dropped.

Perform traffic control on Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 of Device B using the following guidelines:

· Limit the incoming traffic rate on Ten-GigabitEthernet 3/0/1 to 500 kbps, and the excess packets are dropped.

· Limit the outgoing traffic rate on Ten-GigabitEthernet 3/0/2 to 1000 kbps, and the excess packets are dropped.

Figure 341 Network diagram

‌

Procedure

1. Configure Router A:

# Configure ACLs to permit the packets from the server and Host A.

[RouterA] acl basic 2001

[RouterA-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0

[RouterA-acl-ipv4-basic-2001] quit

[RouterA] acl basic 2002

[RouterA-acl-ipv4-basic-2002] rule permit source 1.1.1.2 0

[RouterA-acl-ipv4-basic-2002] quit

# Create a traffic class named server, and use ACL 2001 as the match criterion.

[RouterA] traffic classifier server

[RouterA-classifier-server] if-match acl 2001

[RouterA-classifier-server] quit

# Create a traffic class named host, and use ACL 2002 as the match criterion.

[RouterA] traffic classifier host

[RouterA-classifier-host] if-match acl 2002

[RouterA-classifier-host] quit

# Create a traffic behavior named server, and configure a traffic policing action (CIR 102400 kbps).

[RouterA] traffic behavior server

[RouterA-behavior-server] car cir 102400

[RouterA-behavior-server] quit

# Create a traffic behavior named host, and configure a traffic policing action (CIR 25600 kbps).

[RouterA] traffic behavior host

[RouterA-behavior-host] car cir 25600

[RouterA-behavior-host] quit

# Create a QoS policy named car, and associate traffic classes server and host with traffic behaviors server and host in the QoS policy, respectively.

[RouterA] qos policy car

[RouterA-qospolicy-car] classifier server behavior server

[RouterA-qospolicy-car] classifier host behavior host

[RouterA-qospolicy-car] quit

# Apply QoS policy car to the inbound direction of GigabitEthernet 1/0/1.

[RouterA] interface gigabitethernet 1/0/1

[RouterA-GigabitEthernet1/0/1] qos apply policy car inbound

2. Configure Router B:

# Create ACL 3001, and configure a rule to match HTTP packets.

<RouterB> system-view

[RouterB] acl advanced 3001

[RouterB-acl-ipv4-adv-3001] rule permit tcp destination-port eq 80

[RouterB-acl-ipv4-adv-3001] quit

# Create a traffic class named http, and use ACL 3001 as a match criterion.

[RouterB] traffic classifier http

[RouterB-classifier-http] if-match acl 3001

[RouterB-classifier-http] quit

# Create a traffic class named class, and configure the traffic class to match all packets.

[RouterB] traffic classifier class

[RouterB-classifier-class] if-match any

[RouterB-classifier-class] quit

# Create a traffic behavior named car_inbound, and configure a traffic policing action (CIR 204800 kbps).

[RouterB] traffic behavior car_inbound

[RouterB-behavior-car_inbound] car cir 204800

[RouterB-behavior-car_inbound] quit

# Create a traffic behavior named car_outbound, and configure a traffic policing action (CIR 102400 kbps).

[RouterB] traffic behavior car_outbound

[RouterB-behavior-car_outbound] car cir 102400

[RouterB-behavior-car_outbound] quit

# Create a QoS policy named car_inbound, and associate traffic class class with traffic behavior car_inbound in the QoS policy.

[RouterB] qos policy car_inbound

[RouterB-qospolicy-car_inbound] classifier class behavior car_inbound

[RouterB-qospolicy-car_inbound] quit

# Create a QoS policy named car_outbound, and associate traffic class http with traffic behavior car_outbound in the QoS policy.

[RouterB] qos policy car_outbound

[RouterB-qospolicy-car_outbound] classifier http behavior car_outbound

[RouterB-qospolicy-car_outbound] quit

# Apply QoS policy car_inbound to the inbound direction of Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] qos apply policy car_inbound inbound

# Apply QoS policy car_outbound to the outbound direction of Ten-GigabitEthernet 3/0/2.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] qos apply policy car_outbound outbound

Traffic filtering configuration examples

Example: Configuring traffic filtering

Network configuration

As shown in Figure 342, configure traffic filtering on Ten-GigabitEthernet 3/0/1 to deny the incoming packets with destination port number 21.

Figure 342 Network diagram

‌

Procedure

# Create advanced ACL 3000, and configure a rule to match packets with destination port number 21.

<Device> system-view

[Device] acl advanced 3000

[Device-acl-ipv4-adv-3000] rule 0 permit tcp destination-port eq 21

[Device-acl-ipv4-adv-3000] quit

# Create a traffic class named classifier_1, and use ACL 3000 as the match criterion in the traffic class.

[Device] traffic classifier classifier_1

[Device-classifier-classifier_1] if-match acl 3000

[Device-classifier-classifier_1] quit

# Create a traffic behavior named behavior_1, and configure the traffic filtering action to drop packets.

[Device] traffic behavior behavior_1

[Device-behavior-behavior_1] filter deny

[Device-behavior-behavior_1] quit

# Create a QoS policy named policy, and associate traffic class classifier_1 with traffic behavior behavior_1 in the QoS policy.

[Device] qos policy policy

[Device-qospolicy-policy] classifier classifier_1 behavior behavior_1

[Device-qospolicy-policy] quit

# Apply QoS policy policy to the incoming traffic of Ten-GigabitEthernet 3/0/1.

[Device] interface ten-gigabitethernet 3/0/1

[Device-Ten-GigabitEthernet3/0/1] qos apply policy policy inbound

Priority marking configuration examples

Example: Configuring priority marking

Network configuration

As shown in Figure 343, configure priority marking on the device to meet the following requirements:

Traffic source	Destination	Processing priority
Host A, B	Data server	High
Host A, B	Mail server	Medium
Host A, B	File server	Low

‌

Figure 343 Network diagram

‌

Procedure

# Create advanced ACL 3000, and configure a rule to match packets with destination IP address 192.168.0.1.

<Device> system-view

[Device] acl advanced 3000

[Device-acl-ipv4-adv-3000] rule permit ip destination 192.168.0.1 0

[Device-acl-ipv4-adv-3000] quit

# Create advanced ACL 3001, and configure a rule to match packets with destination IP address 192.168.0.2.

[Device] acl advanced 3001

[Device-acl-ipv4-adv-3001] rule permit ip destination 192.168.0.2 0

[Device-acl-ipv4-adv-3001] quit

# Create advanced ACL 3002, and configure a rule to match packets with destination IP address 192.168.0.3.

[Device] acl advanced 3002

[Device-acl-ipv4-adv-3002] rule permit ip destination 192.168.0.3 0

[Device-acl-ipv4-adv-3002] quit

# Create a traffic class named classifier_dbserver, and use ACL 3000 as the match criterion in the traffic class.

[Device] traffic classifier classifier_dbserver

[Device-classifier-classifier_dbserver] if-match acl 3000

[Device-classifier-classifier_dbserver] quit

# Create a traffic class named classifier_mserver, and use ACL 3001 as the match criterion in the traffic class.

[Device] traffic classifier classifier_mserver

[Device-classifier-classifier_mserver] if-match acl 3001

[Device-classifier-classifier_mserver] quit

# Create a traffic class named classifier_fserver, and use ACL 3002 as the match criterion in the traffic class.

[Device] traffic classifier classifier_fserver

[Device-classifier-classifier_fserver] if-match acl 3002

[Device-classifier-classifier_fserver] quit

# Create a traffic behavior named behavior_dbserver, and configure the action of setting the local precedence value to 4.

[Device] traffic behavior behavior_dbserver

[Device-behavior-behavior_dbserver] remark local-precedence 4

[Device-behavior-behavior_dbserver] quit

# Create a traffic behavior named behavior_mserver, and configure the action of setting the local precedence value to 3.

[Device] traffic behavior behavior_mserver

[Device-behavior-behavior_mserver] remark local-precedence 3

[Device-behavior-behavior_mserver] quit

# Create a traffic behavior named behavior_fserver, and configure the action of setting the local precedence value to 2.

[Device] traffic behavior behavior_fserver

[Device-behavior-behavior_fserver] remark local-precedence 2

[Device-behavior-behavior_fserver] quit

# Create a QoS policy named policy_server, and associate traffic classes with traffic behaviors in the QoS policy.

[Device] qos policy policy_server

[Device-qospolicy-policy_server] classifier classifier_dbserver behavior behavior_dbserver

[Device-qospolicy-policy_server] classifier classifier_mserver behavior behavior_mserver

[Device-qospolicy-policy_server] classifier classifier_fserver behavior behavior_fserver

[Device-qospolicy-policy_server] quit

# Apply QoS policy policy_server to the incoming traffic of Ten-GigabitEthernet 3/0/1.

[Device] interface ten-gigabitethernet 3/0/1

[Device-Ten-GigabitEthernet3/0/1] qos apply policy policy_server inbound

[Device-Ten-GigabitEthernet3/0/1] quit

Example: Configuring priority marking and class-based accounting for priority marking verification

Network configuration

As shown in Figure 344, the source IP address of incoming packets on Ten-GigabitEthernet 3/0/1 of Device B is 192.168.0.1, and the DSCP value of the packets is 11.

Configure priority marking and class-based accounting on Device B to verify that priority marking works correctly.

Figure 344 Network diagram

‌

Procedure

# Create basic ACL 2000, and configure a rule to match packets with source IP address 192.168.0.1.

<DeviceB> system-view

[DeviceB] acl basic 2000

[DeviceB-acl-ipv4-basic-2000] rule permit source 192.168.0.1 0

[DeviceB-acl-ipv4-basic-2000] quit

# Create a traffic class named sip, and use ACL 2000 as the match criterion in the traffic class.

[DeviceB] traffic classifier sip

[DeviceB-classifier-sip] if-match acl 2000

[DeviceB-classifier-sip] quit

# Create a traffic class named dscp50, and use DSCP 50 as the match criterion in the traffic class.

[DeviceB] traffic classifier dscp50

[DeviceB-classifier-dscp50] if-match dscp 50

[DeviceB-classifier-dscp50] quit

# Create a traffic behavior named r, and configure the action of setting the DSCP value to 50.

[DeviceB] traffic behavior r

[DeviceB-behavior-r] remark dscp 50

[DeviceB-behavior-r] quit

# Create a traffic behavior named a, and configure a class-based accounting action.

[DeviceB] traffic behavior a

[DeviceB-behavior-a] accounting packet

[DeviceB-behavior-a] quit

# Create a marking-type QoS policy named policy_r, and associate traffic class sip with traffic behavior r in the QoS policy.

[DeviceB] qos remarking policy policy_r

[DeviceB-qospolicy-policy_r] classifier sip behavior r

[DeviceB-qospolicy-policy_r] quit

# Create an accounting-type QoS policy named policy_a, and associate traffic class dscp50 with traffic behavior a in the QoS policy.

[DeviceB] qos accounting policy policy_a

[DeviceB-qospolicy-policy_a] classifier dscp50 behavior a

[DeviceB-qospolicy-policy_a] quit

# Apply QoS policy policy_r to the incoming traffic of Ten-GigabitEthernet 3/0/1.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] qos apply remarking policy policy_r inbound

[DeviceB-Ten-GigabitEthernet3/0/1] quit

# Apply QoS policy policy_a to the outgoing traffic of Ten-GigabitEthernet 3/0/1.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] qos apply accounting policy policy_a outbound

[DeviceB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display information about the marking-type QoS policy.

[DeviceB] display qos policy user-defined remarking

User-defined QoS policy information:

Marking policy: policy_r (ID 100)

Classifier: sip (ID 0)

Behavior: r

Marking:

Remark dscp 50

# Display information about the accounting-type QoS policy.

[DeviceB] display qos policy user-defined accounting

User-defined QoS policy information:

Accounting policy: policy_a (ID 101)

Classifier: dscp50 (ID 0)

Behavior: a

Accounting enable: Packet

20 (Packets)

The output shows that the accounting action works correctly.

Traffic redirecting configuration examples

Example: Configuring traffic redirecting

Network configuration

As shown in Figure 345:

· Device A is connected to Device B through two links. Device A and Device B are each connected to other devices.

· Ten-GigabitEthernet 3/0/2 of Device A is a trunk port and belongs to VLAN 200 and VLAN 201.

· Ten-GigabitEthernet 3/0/2 of Device A and Ten-GigabitEthernet 3/0/2 of Device B belong to VLAN 200.

· Ten-GigabitEthernet 3/0/3 of Device A and Ten-GigabitEthernet 3/0/3 of Device B belong to VLAN 201.

· On Device A, the IP address of VLAN-interface 200 is 200.1.1.1/24, and that of VLAN-interface 201 is 201.1.1.1/24.

· On Device B, the IP address of VLAN-interface 200 is 200.1.1.2/24, and that of VLAN-interface 201 is 201.1.1.2/24.

Configure the actions of redirecting traffic to an interface to meet the following requirements:

· Packets with source IP address 2.1.1.1 received on Ten-GigabitEthernet 3/0/1 of Device A are forwarded to Ten-GigabitEthernet 3/0/2.

· Packets with source IP address 2.1.1.2 received on Ten-GigabitEthernet 3/0/1 of Device A are forwarded to Ten-GigabitEthernet 3/0/3.

· Other packets received on Ten-GigabitEthernet 3/0/1 of Device A are forwarded according to the routing table.

Figure 345 Network diagram

‌

Procedure

# Create basic ACL 2000, and configure a rule to match packets with source IP address 2.1.1.1.

<DeviceA> system-view

[DeviceA] acl basic 2000

[DeviceA-acl-ipv4-basic-2000] rule permit source 2.1.1.1 0

[DeviceA-acl-ipv4-basic-2000] quit

# Create basic ACL 2001, and configure a rule to match packets with source IP address 2.1.1.2.

[DeviceA] acl basic 2001

[DeviceA-acl-ipv4-basic-2001] rule permit source 2.1.1.2 0

[DeviceA-acl-ipv4-basic-2001] quit

# Create a traffic class named classifier_1, and use ACL 2000 as the match criterion in the traffic class.

[DeviceA] traffic classifier classifier_1

[DeviceA-classifier-classifier_1] if-match acl 2000

[DeviceA-classifier-classifier_1] quit

# Create a traffic class named classifier_2, and use ACL 2001 as the match criterion in the traffic class.

[DeviceA] traffic classifier classifier_2

[DeviceA-classifier-classifier_2] if-match acl 2001

[DeviceA-classifier-classifier_2] quit

# Create a traffic behavior named behavior_1, and configure the action of redirecting traffic to Ten-GigabitEthernet 3/0/2.

[DeviceA] traffic behavior behavior_1

[DeviceA-behavior-behavior_1] redirect interface ten-gigabitethernet 3/0/2

[DeviceA-behavior-behavior_1] quit

# Create a traffic behavior named behavior_2, and configure the action of redirecting traffic to Ten-GigabitEthernet 3/0/3.

[DeviceA] traffic behavior behavior_2

[DeviceA-behavior-behavior_2] redirect interface ten-gigabitethernet 3/0/3

[DeviceA-behavior-behavior_2] quit

# Create a QoS policy named policy.

[DeviceA] qos policy policy

# Associate traffic class classifier_1 with traffic behavior behavior_1 in the QoS policy.

[DeviceA-qospolicy-policy] classifier classifier_1 behavior behavior_1

# Associate traffic class classifier_2 with traffic behavior behavior_2 in the QoS policy.

[DeviceA-qospolicy-policy] classifier classifier_2 behavior behavior_2

[DeviceA-qospolicy-policy] quit

# Apply QoS policy policy to the incoming traffic of Ten-GigabitEthernet 3/0/1.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] qos apply policy policy inbound

Global CAR configuration examples

Example: Configuring aggregate CAR

Network configuration

As shown in Figure 346, configure aggregate CAR to rate-limit the traffic of VLAN 10 and VLAN 100 received on Ten-GigabitEthernet 3/0/1 by using these parameters: CIR 2560 kbps and CBS 20000 bytes.

Figure 346 Network diagram

Procedure

# Configure an aggregate CAR action named aggcar-1 according to the rate limit requirements.

<Device> system-view

[Device] qos car aggcar-1 aggregative cir 2560 cbs 20000

# Create class 1 to match traffic of VLAN 10. Create behavior 1 and use aggregate CAR action aggcar-1 in the behavior.

[Device] traffic classifier 1

[Device-classifier-1] if-match service-vlan-id 10

[Device-classifier-1] quit

[Device] traffic behavior 1

[Device-behavior-1] car name aggcar-1

[Device-behavior-1] quit

# Create class 2 to match traffic of VLAN 100. Create behavior 2 and use aggregate CAR action aggcar-1 in the behavior.

[Device] traffic classifier 2

[Device-classifier-2] if-match service-vlan-id 100

[Device-classifier-2] quit

[Device] traffic behavior 2

[Device-behavior-2] car name aggcar-1

[Device-behavior-2] quit

# Create a QoS policy named car, associate class 1 with behavior 1, and associate class 2 with behavior 2.

[Device] qos policy car

[Device-qospolicy-car] classifier 1 behavior 1

[Device-qospolicy-car] classifier 2 behavior 2

[Device-qospolicy-car] quit

# Apply QoS policy car to the incoming traffic of Ten-GigabitEthernet 3/0/1.

[Device] interface ten-gigabitethernet 3/0/1

[Device-Ten-GigabitEthernet3/0/1] qos apply policy car inbound

Class-based accounting configuration examples

Example: Configuring class-based accounting

Network configuration

As shown in Figure 347, configure class-based accounting on Ten-GigabitEthernet 3/0/1 to collect statistics for incoming traffic from 1.1.1.1/24.

Figure 347 Network diagram

‌

Procedure

# Create basic ACL 2000, and configure a rule to match packets with source IP address 1.1.1.1.

<Device> system-view

[Device] acl basic 2000

[Device-acl-ipv4-basic-2000] rule permit source 1.1.1.1 0

[Device-acl-ipv4-basic-2000] quit

# Create a traffic class named classifier_1, and use ACL 2000 as the match criterion in the traffic class.

[Device] traffic classifier classifier_1

[Device-classifier-classifier_1] if-match acl 2000

[Device-classifier-classifier_1] quit

# Create a traffic behavior named behavior_1, and configure the class-based accounting action.

[Device] traffic behavior behavior_1

[Device-behavior-behavior_1] accounting

[Device-behavior-behavior_1] quit

# Create a QoS policy named policy, and associate traffic class classifier_1 with traffic behavior behavior_1 in the QoS policy.

[Device] qos policy policy

[Device-qospolicy-policy] classifier classifier_1 behavior behavior_1

[Device-qospolicy-policy] quit

# Apply QoS policy policy to the incoming traffic of Ten-GigabitEthernet 3/0/1.

[Device] interface ten-gigabitethernet 3/0/1

[Device-Ten-GigabitEthernet3/0/1] qos apply policy policy inbound

[Device-Ten-GigabitEthernet3/0/1] quit

# Display traffic statistics to verify the configuration.

[Device] display qos policy interface ten-gigabitethernet 3/0/1

Interface: Ten-GigabitEthernet3/0/1

Direction: Inbound

Policy: policy

Classifier: classifier_1

Operator: AND

Rule(s) :

If-match acl 2000

Behavior: behavior_1

Accounting enable:

28529 (Packets)

QPPB configuration examples

Example: Configuring QPPB in an IPv4 network

Network configuration

As shown in Figure 348, all devices run BGP.

Configure QPPB so that Device B can perform the following operations:

· Receive routes.

· Set IP precedence values and local QoS IDs according to the routing policy.

· Use the QoS policy to limit the traffic rate to 512000 kbps.

Figure 348 Network diagram

‌

Procedure

1. Configure IP addresses for each interface. (Details not shown.)

2. Configure a BGP connection to Device B, and add the network 1.1.1.0/8 to the BGP routing table on Device A.

<DeviceA> system-view

[DeviceA] bgp 1000

[DeviceA-bgp] peer 168.1.1.2 as-number 2000

[DeviceA-bgp] peer 168.1.1.2 connect-interface ten-gigabitethernet 3/0/2

[DeviceA-bgp] address-family ipv4

[DeviceA-bgp-ipv4] import-route direct

[DeviceA-bgp-ipv4] peer 168.1.1.2 enable

[DeviceA-bgp-ipv4] quit

[DeviceA-bgp] quit

3. Configure Device B:

# Configure a BGP connection to Device A.

<DeviceB> system-view

[DeviceB] bgp 2000

[DeviceB-bgp] peer 168.1.1.1 as-number 1000

[DeviceB-bgp] peer 168.1.1.1 connect-interface ten-gigabitethernet 3/0/2

[DeviceB-bgp] address-family ipv4

[DeviceB-bgp-ipv4] peer 168.1.1.1 enable

[DeviceB-bgp-ipv4] peer 168.1.1.1 route-policy qppb import

[DeviceB-bgp-ipv4] quit

[DeviceB-bgp] quit

# Configure the routing policy qppb.

[DeviceB] route-policy qppb permit node 0

[DeviceB-route-policy-qppb-0] apply ip-precedence 1

[DeviceB-route-policy-qppb-0] apply qos-local-id 3

[DeviceB-route-policy-qppb-0] quit

# Enable QPPB on Ten-GigabitEthernet 3/0/2.

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] bgp-policy source ip-prec-map ip-qos-map

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Configure a QoS policy.

[DeviceB] traffic classifier qppb

[DeviceB-classifier-qppb] if-match ip-precedence 1

[DeviceB-classifier-qppb] if-match qos-local-id 3

[DeviceB-classifier-qppb] quit

[DeviceB] traffic behavior qppb

[DeviceB-behavior-qppb] car cir 512000 green pass red discard

[DeviceB-behavior-qppb] quit

[DeviceB] qos policy qppb

[DeviceB-qospolicy-qppb] classifier qppb behavior qppb mode qppb-manipulation

[DeviceB-qospolicy-qppb] quit

# Apply the QoS policy to incoming traffic on Ten-GigabitEthernet 3/0/2.

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] qos apply policy qppb inbound

[DeviceB-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify that the related route on Device B takes effect.

[DeviceB] display bgp routing-table ipv4 1.1.1.0

BGP local router ID: 168.1.1.2

Local AS number: 2000

Paths: 1 available, 1 best

BGP routing table information of 168.1.1.0/24:

From : 168.1.1.1 (168.1.1.1)

Rely nexthop : 168.1.1.1

Original nexthop: 168.1.1.1

Out interface : Ten-GigabitEthernet3/0/2

Route age : 00h30m12s

OutLabel : NULL

RxPathID : 0x0

TxPathID : 0x0

AS-path : 1000

Origin : incomplete

Attribute value : MED 0, pref-val 0

State : valid, external, best

IP precedence : 1

QoS local ID : 3

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

# Display the QoS policy configuration on Ten-GigabitEthernet 3/0/2 of Device B.

[DeviceB] display qos policy interface ten-gigabitethernet 3/0/2

Interface: Ten-GigabitEthernet3/0/2

Direction: Inbound

Policy: qppb

Classifier: default-class

Mode: qppb-manipulation

Matched : 51 (Packets) 4022 (Bytes)

5-minute statistics:

Forwarded: 0/28 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: qppb

Mode: qppb-manipulation

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match ip-precedence 1

If-match qos-local-id 3

Behavior: qppb

Committed Access Rate:

CIR 512000 (kbps), CBS 32000000 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets) 0 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 0 (Packets) 0 (Bytes)

Example: Configuring QPPB in an MPLS L3VPN

Network configuration

As shown in Figure 349, all devices run BGP.

Configure QPPB so that Device C can perform the following operations:

· Receive routes.

· Set the QPPB local QoS IDs.

· Use the QoS policy to limit the traffic rate to 200000 kbps in each direction.

Figure 349 Network diagram

‌

Table 142 Interfaces and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	XGE3/0/1	192.168.1.2/24	Device B	XGE3/0/1	167.1.1.2/24
Device A	XGE3/0/2	167.1.1.1/24	Device B	XGE3/0/2	168.1.1.2/24
Device C	XGE3/0/1	169.1.1.2/24	Device D	XGE3/0/2	169.1.1.1/24
Device C	XGE3/0/2	168.1.1.1/24	Device D	XGE3/0/1	192.168.3.2/24

‌

Procedure

1. Configure IP addresses for each interface. (Details not shown.)

2. Configure a BGP connection on Device A.

<DeviceA> system-view

[DeviceA] bgp 100

[DeviceA-bgp] peer 167.1.1.2 as-number 200

[DeviceA-bgp] peer 167.1.1.2 connect-interface ten-gigabitethernet 3/0/2

[DeviceA-bgp] address-family ipv4

[DeviceA-bgp-ipv4] import-route direct

[DeviceA-bgp-ipv4] peer 167.1.1.2 enable

[DeviceA-bgp-ipv4] quit

[DeviceA-bgp] quit

3. Configure Device B:

# Configure a VPN instance.

<DeviceB> system-view

[DeviceB] ip vpn-instance vpn1

[DeviceB-vpn-instance-vpn1] route-distinguisher 200:1

[DeviceB-vpn-instance-vpn1] vpn-target 200:1 export-extcommunity

[DeviceB-vpn-instance-vpn1] vpn-target 200:1 import-extcommunity

[DeviceB-vpn-instance-vpn1] quit

# Configure a BGP connection.

[DeviceB] router id 1.1.1.1

[DeviceB] bgp 200

[DeviceB-bgp] peer 2.2.2.2 as-number 200

[DeviceB-bgp] peer 2.2.2.2 connect-interface loopback 0

[DeviceB-bgp] ip vpn-instance vpn1

[DeviceB-bgp-vpn1] peer 167.1.1.1 as-number 100

[DeviceB-bgp-vpn1] address-family ipv4

[DeviceB-bgp-ipv4-vpn1] peer 167.1.1.1 enable

[DeviceB-bgp-ipv4-vpn1] quit

[DeviceB-bgp] address-family vpnv4

[DeviceB-bgp-vpnv4] peer 2.2.2.2 enable

[DeviceB-bgp-vpnv4] quit

[DeviceB-bgp] quit

# Configure MPLS.

[DeviceB] mpls lsr-id 1.1.1.1

[DeviceB] mpls ldp

[DeviceB-mpls-ldp] quit

# Configure OSPF.

[DeviceB] ospf

[DeviceB-ospf-1] area 0

[DeviceB-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[DeviceB-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255

[DeviceB-ospf-1-area-0.0.0.0] quit

[DeviceB-ospf-1] quit

# Bind Ten-GigabitEthernet 3/0/1 to VPN instance vpn1.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[DeviceB-Ten-GigabitEthernet3/0/1] ip address 167.1.1.2 24

[DeviceB-Ten-GigabitEthernet3/0/1] quit

# Enable MPLS on Ten-GigabitEthernet 3/0/2.

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceB-Ten-GigabitEthernet3/0/2] mpls ldp enable

[DeviceB-Ten-GigabitEthernet3/0/2] quit

4. Configure Device C:

# Configure a VPN instance.

<DeviceC> system-view

[DeviceC] ip vpn-instance vpn1

[DeviceC-vpn-instance-vpn1] route-distinguisher 200:1

[DeviceC-vpn-instance-vpn1] vpn-target 200:1 export-extcommunity

[DeviceC-vpn-instance-vpn1] vpn-target 200:1 import-extcommunity

[DeviceC-vpn-instance-vpn1] quit

# Configure a BGP connection.

[DeviceC] router id 2.2.2.2

[DeviceC] bgp 200

[DeviceC-bgp] peer 1.1.1.1 as-number 200

[DeviceC-bgp] peer 1.1.1.1 connect-interface loopback 0

[DeviceC-bgp] ip vpn-instance vpn1

[DeviceC-bgp-vpn1] peer 169.1.1.1 as-number 300

[DeviceC-bgp-vpn1] address-family ipv4

[DeviceC-bgp-ipv4-vpn1] peer 169.1.1.1 enable

[DeviceC-bgp-ipv4-vpn1] peer 169.1.1.1 route-policy qppb import

[DeviceC-bgp-ipv4-vpn1] quit

[DeviceC-bgp-vpn1] quit

[DeviceC-bgp] address-family vpnv4

[DeviceC-bgp-vpnv4] peer 1.1.1.1 enable

[DeviceC-bgp-vpnv4] peer 1.1.1.1 route-policy qppb import

[DeviceC-bgp-vpnv4] quit

[DeviceC-bgp] quit

# Configure a routing policy.

[DeviceC] route-policy qppb permit node 0

[DeviceC-route-policy-qppb-0] apply qos-local-id 3

[DeviceC-route-policy-qppb-0] quit

# Configure MPLS.

[DeviceC] mpls lsr-id 2.2.2.2

[DeviceC] mpls ldp

[DeviceC-mpls-ldp] quit

# Configure OSPF.

[DeviceC] ospf

[DeviceC-ospf-1] area 0

[DeviceC-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[DeviceC-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255

[DeviceC-ospf-1-area-0.0.0.0] quit

[DeviceC-ospf-1] quit

# Configure a QoS policy.

[DeviceC] traffic classifier qppb

[DeviceC-classifier-qppb] if-match qos-local-id 3

[DeviceC-classifier-qppb] quit

[DeviceC] traffic behavior qppb

[DeviceC-behavior-qppb] car cir 200000 green pass red discard

[DeviceC-behavior-qppb] quit

[DeviceC] qos policy qppb

[DeviceC-qospolicy-qppb] classifier qppb behavior qppb mode qppb-manipulation

[DeviceC-qospolicy-qppb] quit

# Enable MPLS on Ten-GigabitEthernet 3/0/2.

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] mpls enable

[DeviceC-Ten-GigabitEthernet3/0/2] mpls ldp enable

# Enable QPPB on Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2.

[DeviceC-Ten-GigabitEthernet3/0/2] bgp-policy source ip-qos-map

[DeviceC-Ten-GigabitEthernet3/0/2] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] bgp-policy source ip-qos-map

[DeviceC-Ten-GigabitEthernet3/0/1] quit

# Bind Ten-GigabitEthernet 3/0/1 to VPN instance vpn1.

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

[DeviceC-Ten-GigabitEthernet3/0/1] ip address 169.1.1.2 24

# Apply QoS policy qppb to the incoming traffic of Ten-GigabitEthernet 3/0/1.

[DeviceC-Ten-GigabitEthernet3/0/1] qos apply policy qppb inbound

[DeviceC-Ten-GigabitEthernet3/0/1] quit

# Apply QoS policy qppb to the incoming traffic of Ten-GigabitEthernet 3/0/2.

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] qos apply policy qppb inbound

5. Configure a BGP connection on Device D.

<DeviceD> system-view

[DeviceD] bgp 300

[DeviceD-bgp] peer 169.1.1.2 as-number 200

[DeviceD-bgp] peer 169.1.1.2 connect-interface ten-gigabitethernet 3/0/2

[DeviceD-bgp] address-family ipv4

[DeviceD-bgp-ipv4] peer 169.1.1.2 enable

[DeviceD-bgp-ipv4] import-route direct

[DeviceD-bgp-ipv4] quit

Verifying the configuration

# Verify that the related routes on Device A take effect.

[DeviceA] display ip routing-table

Destinations : 16 Routes : 16

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

167.1.1.0/24 Direct 0 0 167.1.1.1 XGE3/0/2

167.1.1.0/32 Direct 0 0 167.1.1.1 XGE3/0/2

167.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

167.1.1.255/32 Direct 0 0 167.1.1.1 XGE3/0/2

169.1.1.0/24 BGP 255 0 167.1.1.2 XGE3/0/2

192.168.1.0/24 Direct 0 0 192.168.1.2 XGE3/0/1

192.168.1.0/32 Direct 0 0 192.168.1.2 XGE3/0/1

192.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0

192.168.1.255/32 Direct 0 0 192.168.1.2 XGE3/0/1

192.168.3.0/24 BGP 255 0 167.1.1.2 XGE3/0/2

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the related routes on Device B take effect.

[DeviceB] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.2/32 OSPF 10 1 168.1.1.1 XGE3/0/2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

168.1.1.0/24 Direct 0 0 168.1.1.2 XGE3/0/2

168.1.1.0/32 Direct 0 0 168.1.1.2 XGE3/0/2

168.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

168.1.1.255/32 Direct 0 0 168.1.1.2 XGE3/0/2

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

[DeviceB] display ip routing-table vpn-instance vpn1

Destinations : 14 Routes : 14

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

167.1.1.0/24 Direct 0 0 167.1.1.2 XGE3/0/1

167.1.1.0/32 Direct 0 0 167.1.1.2 XGE3/0/1

167.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

167.1.1.255/32 Direct 0 0 167.1.1.2 XGE3/0/1

169.1.1.0/24 BGP 255 0 2.2.2.2 XGE3/0/2

192.168.1.0/24 BGP 255 0 167.1.1.1 XGE3/0/1

192.168.2.0/24 BGP 255 0 167.1.1.1 XGE3/0/1

192.168.3.0/24 BGP 255 0 2.2.2.2 XGE3/0/2

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the related routes on Device C take effect.

[DeviceC] display ip routing-table

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

1.1.1.1/32 OSPF 10 1 168.1.1.2 XGE3/0/2

2.2.2.2/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

168.1.1.0/24 Direct 0 0 168.1.1.1 XGE3/0/2

168.1.1.0/32 Direct 0 0 168.1.1.1 XGE3/0/2

168.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

168.1.1.255/32 Direct 0 0 168.1.1.1 XGE3/0/2

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

[DeviceC] display ip routing-table vpn-instance vpn1

Destinations : 14 Routes : 14

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

167.1.1.0/24 BGP 255 0 1.1.1.1 XGE3/0/2

169.1.1.0/24 Direct 0 0 169.1.1.2 XGE3/0/1

169.1.1.0/32 Direct 0 0 169.1.1.2 XGE3/0/1

169.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

169.1.1.255/32 Direct 0 0 169.1.1.2 XGE3/0/1

192.168.1.0/24 BGP 255 0 1.1.1.1 XGE3/0/2

192.168.2.0/24 BGP 255 0 169.1.1.1 XGE3/0/1

192.168.3.0/24 BGP 255 0 169.1.1.1 XGE3/0/1

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Verify that the related routes on Device D take effect.

[DeviceD] display ip routing-table

Destinations : 16 Routes : 16

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

167.1.1.0/24 BGP 255 0 169.1.1.2 XGE3/0/2

169.1.1.0/24 Direct 0 0 169.1.1.1 XGE3/0/2

169.1.1.0/32 Direct 0 0 169.1.1.1 XGE3/0/2

169.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

169.1.1.255/32 Direct 0 0 169.1.1.1 XGE3/0/2

192.168.1.0/24 BGP 255 0 169.1.1.2 XGE3/0/2

192.168.3.0/24 Direct 0 0 192.168.3.2 XGE3/0/1

192.168.3.0/32 Direct 0 0 192.168.3.2 XGE3/0/1

192.168.3.2/32 Direct 0 0 127.0.0.1 InLoop0

192.168.3.255/32 Direct 0 0 192.168.3.2 XGE3/0/1

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Display the QoS policy configuration in the inbound direction on Device C.

[DeviceC] display qos policy interface inbound

Interface: Ten-GigabitEthernet3/0/1

Direction: Inbound

Policy: qppb

Classifier: default-class

Mode: qppb-manipulation

Matched : 312 (Packets) 18916 (Bytes)

5-minute statistics:

Forwarded: 0/24 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: qppb

Mode: qppb-manipulation

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match qos-local-id 3

Behavior: qppb

Committed Access Rate:

CIR 200000 (kbps), CBS 1250000 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets) 0 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 0 (Packets) 0 (Bytes)

Interface: Ten-GigabitEthernet3/0/2

Direction: Inbound

Policy: qppb

Classifier: default-class

Mode: qppb-manipulation

Matched : 311 (Packets) 23243 (Bytes)

5-minute statistics:

Forwarded: 0/24 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: qppb

Mode: qppb-manipulation

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match qos-local-id 3

Behavior: qppb

Committed Access Rate:

CIR 200000 (kbps), CBS 12500480 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets) 0 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 0 (Packets) 0 (Bytes)

Example: Configuring QPPB in an IPv6 network

Network configuration

As shown in Figure 350, all devices run BGP.

Configure QPPB so that Device B can perform the following operations:

· Receive routes.

· Set the QPPB IP precedence value.

· Use the QoS policy to limit the rate of traffic with the IP precedence value to 512000 kbps.

Figure 350 Network diagram

‌

Procedure

1. Configure IPv6 addresses for each interface. (Details not shown.)

2. Configure BGP on Device A.

<DeviceA> system-view

[DeviceA] bgp 1000

[DeviceA] peer 168::2 as-number 2000

[DeviceA] peer 168::2 connect-interface ten-gigabitethernet 3/0/2

[DeviceA-bgp] address-family ipv6

[DeviceA-bgp-ipv6] peer 168::2 enable

[DeviceA-bgp-ipv6] import-route direct

[DeviceA-bgp-ipv6] quit

[DeviceA-bgp] quit

3. Configure Device B:

# Configure BGP.

<DeviceB> system-view

[DeviceB] bgp 2000

[DeviceB] peer 168::1 as-number 1000

[DeviceB] peer 168::1 connect-interface ten-gigabitethernet 3/0/2

[DeviceB-bgp] address-family ipv6

[DeviceB-bgp-ipv6] peer 168::1 enable

[DeviceB-bgp-ipv6] peer 168::1 route-policy qppb import

[DeviceB-bgp-ipv6] quit

[DeviceB-bgp] quit

# Configure a routing policy.

[DeviceB] route-policy qppb permit node 0

[DeviceB-route-policy-qppb-0] apply ip-precedence 4

[DeviceB-route-policy-qppb-0] apply qos-local-id 3

[DeviceB-route-policy-qppb-0] quit

# Enable QPPB on Ten-GigabitEthernet 3/0/2.

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] bgp-policy source ip-prec-map ip-qos-map

# Configure a QoS policy.

[DeviceB] traffic classifier qppb

[DeviceB-classifier-qppb] if-match ip-precedence 4

[DeviceB-classifier-qppb] if-match qos-local-id 3

[DeviceB-classifier-qppb] quit

[DeviceB] traffic behavior qppb

[DeviceB-behavior-qppb] car cir 512000 red discard

[DeviceB-behavior-qppb] quit

[DeviceB] qos policy qppb

[DeviceB-qospolicy-qppb] classifier qppb behavior qppb mode qppb-manipulation

[DeviceB-qospolicy-qppb] quit

# Apply the QoS policy to the incoming traffic of Ten-GigabitEthernet 3/0/2.

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] qos apply policy qppb inbound

[DeviceB-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify that the related routes on Device A take effect.

[DeviceA] display bgp routing-table ipv6 2:: 64

BGP local router ID: 0.0.0.0

Local AS number: 1000

Paths: 1 available, 1 best

BGP routing table information of 168::/64:

Imported route.

Original nexthop: ::

Out interface : Ten-GigabitEthernet3/0/2

Route age : 00h17m18s

OutLabel : NULL

RxPathID : 0x0

TxPathID : 0x0

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, pref-val 32768

State : valid, local, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

# Verify that the related routes on Device B take effect.

[DeviceB] display bgp routing-table ipv6 1:: 64

BGP local router ID: 0.0.0.0

Local AS number: 2000

Paths: 1 available, 1 best

BGP routing table information of 168::/64:

Imported route.

Original nexthop: ::

Out interface : Ten-GigabitEthernet3/0/2

Route age : 00h05m17s

OutLabel : NULL

RxPathID : 0x0

TxPathID : 0x0

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, pref-val 32768

State : valid, local, best

IP precedence : 4

QoS local ID : 3

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

# Display the configuration and statistics for the QoS policy applied to Ten-GigabitEthernet 3/0/2 on Device B.

[DeviceB] display qos policy interface ten-gigabitethernet 3/0/2

Interface: Ten-GigabitEthernet3/0/2

Direction: Inbound

Policy: qppb

Classifier: default-class

Mode: qppb-manipulation

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: qppb

Mode: qppb-manipulation

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match ip-precedence 4

Behavior: qppb

Committed Access Rate:

CIR 512000 (kbps), CBS 32000000 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets) 0 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 0 (Packets) 0 (Bytes)

MPLS QoS configuration examples

Example: Configuring MPLS QoS for traffic in the same VPN

Network configuration

As shown in Figure 351, perform the following tasks to provide differentiated QoS services for flows with different precedence values in VPN 1:

1. Configure MPLS VPN on CE 1, PE 1, P, PE 2, and CE 2 as follows:

¡ Run OSPF between PE 1 and P, and between PE 2 and P.

¡ Establish an MP-EBGP neighborship between PEs and CEs.

¡ Establish an MP-IBGP neighborship between PEs and PEs.

2. Configure MPLS QoS on PE 1 and P as follows:

Method 1:

¡ On PE 1, configure and apply a QoS policy to the outbound direction of Ten-GigabitEthernet 3/0/2 to set the EXP values in the first label of MPLS packets according to their DSCP values.

¡ On the P device, configure and apply a QoS policy to the outbound direction of Ten-GigabitEthernet 3/0/2: classify traffic on the basis of the EXP field in the first MPLS label, and configure CBQ as follows:

- Guarantee 10% of the bandwidth for traffic with an EXP value of 1.

- Guarantee 20% of the bandwidth for traffic with an EXP value of 2.

- Guarantee 30% of the bandwidth for traffic with an EXP value of 3.

- Guarantee a low delay and 40% of the bandwidth for traffic with an EXP value of 4.

Method 2:

¡ On PE 1, configure and apply a QoS policy to the inbound direction of Ten-GigabitEthernet 3/0/2 to set the EXP values in all labels of MPLS packets according to their DSCP values.

¡ On the P device, configure and apply a QoS policy to the outbound direction of Ten-GigabitEthernet 3/0/2: classify traffic on the basis of the EXP field in the second MPLS label, and configure CBQ as follows:

- Guarantee 10% of the bandwidth for traffic with an EXP value of 1.

- Guarantee 20% of the bandwidth for traffic with an EXP value of 2.

- Guarantee 30% of the bandwidth for traffic with an EXP value of 3.

- Guarantee a low delay and 40% of the bandwidth for traffic with an EXP value of 4.

For information about the MPLS configuration, see MPLS L3VPN in MPLS Configuration Guide. This section introduces only the MPLS QoS configuration.

Figure 351 Network diagram

‌

Table 143 Interfaces and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
CE 1	XGE3/0/1	10.1.1.2/24	CE 2	XGE3/0/1	10.2.1.2/24
PE 1	XGE3/0/2	10.1.1.1/24	PE 2	XGE3/0/2	10.2.1.1/24
	XGE3/0/1	12.1.1.1/24		XGE3/0/1	12.2.1.1/24
	Loop0	1.1.1.1/32		Loop0	1.1.1.2/32
P	XGE3/0/1	12.1.1.2/24
P	XGE3/0/2	12.2.1.2/24

Procedure

Configuration for method 1

1. Configure PE 1:

# Configure four classes to match MPLS packets with DSCP values AF11, AF21, AF31, and EF in the same VPN.

<PE1> system-view

[PE1] traffic classifier af11

[PE1-classifier-af11] if-match dscp af11

[PE1-classifier-af11] quit

[PE1] traffic classifier af21

[PE1-classifier-af21] if-match dscp af21

[PE1-classifier-af21] quit

[PE1] traffic classifier af31

[PE1-classifier-af31] if-match dscp af31

[PE1-classifier-af31] quit

[PE1] traffic classifier efclass

[PE1-classifier-efclass] if-match dscp ef

[PE1-classifier-efclass] quit

# Configure four traffic behaviors to set the EXP value in the first label to 1, 2, 3, and 4 for MPLS packets.

[PE1] traffic behavior exp1

[PE1-behavior-exp1] remark mpls-exp 1

[PE1-behavior-exp1] quit

[PE1] traffic behavior exp2

[PE1-behavior-exp2] remark mpls-exp 2

[PE1-behavior-exp2] quit

[PE1] traffic behavior exp3

[PE1-behavior-exp3] remark mpls-exp 3

[PE1-behavior-exp3] quit

[PE1] traffic behavior exp4

[PE1-behavior-exp4] remark mpls-exp 4

[PE1-behavior-exp4] quit

# Create QoS policy REMARK, and associate the behaviors with the classes in the QoS policy to mark different classes of packets with different EXP values.

[PE1] qos policy REMARK

[PE1-qospolicy-REMARK] classifier af11 behavior exp1

[PE1-qospolicy-REMARK] classifier af21 behavior exp2

[PE1-qospolicy-REMARK] classifier af31 behavior exp3

[PE1-qospolicy-REMARK] classifier efclass behavior exp4

# Apply QoS policy REMARK to the outgoing traffic of interface Ten-GigabitEthernet 3/0/2 of PE 1 in the MPLS network.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] qos apply policy REMARK outbound

[PE1-Ten-GigabitEthernet3/0/2] quit

2. Configure device P:

# Configure four classes to match MPLS packets with first-label EXP values as 1, 2, 3, and 4.

system-view

[P] traffic classifier EXP1

[P-classifier-EXP1] if-match mpls-exp 1

[P-classifier-EXP1] quit

[P] traffic classifier EXP2

[P-classifier-EXP2] if-match mpls-exp 2

[P-classifier-EXP2] quit

[P] traffic classifier EXP3

[P-classifier-EXP3] if-match mpls-exp 3

[P-classifier-EXP3] quit

[P] traffic classifier EXP4

[P-classifier-EXP4] if-match mpls-exp 4

[P-classifier-EXP4] quit

# Create four traffic behaviors, and configure AF or EF actions for them.

[P] traffic behavior AF11

[P-behavior-AF11] queue af bandwidth pct 10

[P-behavior-AF11] quit

[P] traffic behavior AF21

[P-behavior-AF21] queue af bandwidth pct 20

[P-behavior-AF21] quit

[P] traffic behavior AF31

[P-behavior-AF31] queue af bandwidth pct 30

[P-behavior-AF31] quit

[P] traffic behavior EF

[P-behavior-EF] queue ef bandwidth pct 40

[P-behavior-EF] quit

# Create QoS policy QUEUE, and associate the behaviors with the classes.

[P] qos policy QUEUE

[P-qospolicy-QUEUE] classifier EXP1 behavior AF11

[P-qospolicy-QUEUE] classifier EXP2 behavior AF21

[P-qospolicy-QUEUE] classifier EXP3 behavior AF31

[P-qospolicy-QUEUE] classifier EXP4 behavior EF

[P-qospolicy-QUEUE] quit

# Apply QoS policy QUEUE to the outgoing traffic of Ten-GigabitEthernet 3/0/2.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] qos apply policy QUEUE outbound

Configuration for method 2

3. Configure PE 1:

# Configure four classes to match MPLS packets with DSCP values AF11, AF21, AF31, and EF in the same VPN.

<PE1> system-view

[PE1] traffic classifier af11

[PE1-classifier-af11] if-match dscp af11

[PE1-classifier-af11] quit

[PE1] traffic classifier af21

[PE1-classifier-af21] if-match dscp af21

[PE1-classifier-af21] quit

[PE1] traffic classifier af31

[PE1-classifier-af31] if-match dscp af31

[PE1-classifier-af31] quit

[PE1] traffic classifier efclass

[PE1-classifier-efclass] if-match dscp ef

[PE1-classifier-efclass] quit

# Configure four traffic behaviors to set the EXP values in all labels to 1, 2, 3, and 4 for MPLS packets.

[PE1] traffic behavior exp1

[PE1-behavior-exp1] remark imposition-mpls-exp 1

[PE1-behavior-exp1] quit

[PE1] traffic behavior exp2

[PE1-behavior-exp2] remark imposition-mpls-exp 2

[PE1-behavior-exp2] quit

[PE1] traffic behavior exp3

[PE1-behavior-exp3] remark imposition-mpls-exp 3

[PE1-behavior-exp3] quit

[PE1] traffic behavior exp4

[PE1-behavior-exp4] remark imposition-mpls-exp 4

[PE1-behavior-exp4] quit

# Create QoS policy REMARK, and associate the behaviors with the classes in the QoS policy to mark different classes of packets with different EXP values.

[PE1] qos policy REMARK

[PE1-qospolicy-REMARK] classifier af11 behavior exp1

[PE1-qospolicy-REMARK] classifier af21 behavior exp2

[PE1-qospolicy-REMARK] classifier af31 behavior exp3

[PE1-qospolicy-REMARK] classifier efclass behavior exp4

[PE1-qospolicy-REMARK] quit

# Apply QoS policy REMARK to the incoming traffic of interface Ten-GigabitEthernet 3/0/2 in the MPLS network.

[PE1] interface ten-gigabitethernet 3/0/2

[PE1-Ten-GigabitEthernet3/0/2] qos apply policy REMARK inbound

[PE1-Ten-GigabitEthernet3/0/2] quit

4. Configure device P:

# Configure four classes to match MPLS packets with second-label EXP values as 1, 2, 3, and 4.

system-view

[P] traffic classifier EXP1

[P-classifier-EXP1] if-match second-mpls-exp 1

[P-classifier-EXP1] quit

[P] traffic classifier EXP2

[P-classifier-EXP2] if-match second-mpls-exp 2

[P-classifier-EXP2] quit

[P] traffic classifier EXP3

[P-classifier-EXP3] if-match second-mpls-exp 3

[P-classifier-EXP3] quit

[P] traffic classifier EXP4

[P-classifier-EXP4] if-match second-mpls-exp 4

[P-classifier-EXP4] quit

# Create four traffic behaviors, and configure AF or EF actions for them.

[P] traffic behavior AF11

[P-behavior-AF11] queue af bandwidth pct 10

[P-behavior-AF11] quit

[P] traffic behavior AF21

[P-behavior-AF21] queue af bandwidth pct 20

[P-behavior-AF21] quit

[P] traffic behavior AF31

[P-behavior-AF31] queue af bandwidth pct 30

[P-behavior-AF31] quit

[P] traffic behavior EF

[P-behavior-EF] queue ef bandwidth pct 40

[P-behavior-EF] quit

# Create QoS policy QUEUE, and associate the behaviors with the classes.

[P] qos policy QUEUE

[P-qospolicy-QUEUE] classifier EXP1 behavior AF11

[P-qospolicy-QUEUE] classifier EXP2 behavior AF21

[P-qospolicy-QUEUE] classifier EXP3 behavior AF31

[P-qospolicy-QUEUE] classifier EXP4 behavior EF

[P-qospolicy-QUEUE] quit

# Apply QoS policy QUEUE to the outgoing traffic of Ten-GigabitEthernet 3/0/2.

[P] interface ten-gigabitethernet 3/0/2

[P-Ten-GigabitEthernet3/0/2] qos apply policy QUEUE outbound

Verifying the configuration

# When congestion occurs in VPN 1, verify that:

· The bandwidth proportion between flows with the DSCP values af11, af21, af31, and ef is 1:2:3:4.

· The delay for the flow with DSCP value ef is smaller than the other traffic flows.

(Details not shown.)

HQoS configuration examples

Example: Configuring local QoS ID mode

The local QoS ID mode is a WAN networking method that identifies services by local QoS ID. Traffic accessing a backbone router includes VoIP, VoD, VPN, and Internet. Because each service is carried by a different IP address segment, you can perform per-IP-address-segment rate limiting and bandwidth management.

Network configuration

As shown in Figure 352, configure the router to meet the following requirements:

· Rate limit for the outgoing interface is 1000 Mbps.

· VoIP service—Uses IP precedence values 6 and 7, SP scheduling, and rate limit of 100 Mbps. Two user groups share the bandwidth.

· VoD service—Uses IP precedence values 4 and 5, high scheduling priority, and rate limit of 450 Mbps. Three user groups share the bandwidth at the ratio of 2:2:1.

· VPN service—Uses IP precedence values 2 and 3, medium scheduling priority, and rate limit of 300 Mbps. User groups each have an equal share of the bandwidth. When the number of user groups is less than 3, the rate limit for each user group is 100 Mbps.

· Internet service—Uses IP precedence values 0 and 1, low scheduling priority, and the surplus bandwidth in the network. Five user groups each have an equal share of the bandwidth. Because all the other services are rate limited, the guaranteed bandwidth for Internet traffic is 150 Mbps, providing 30 Mbps bandwidth for each user group. The total bandwidth for Internet traffic is not restricted but the maximum bandwidth for each user group is set to 36 Mbps.

· Source IP address assignment:

¡ VoIP—10.1.1.X and 10.1.2.X carry two user groups.

¡ VoD—20.1.1.X, 20.1.2.X, and 20.1.3.X carry three user groups.

¡ VPN—30.1.1.X, 30.1.2.X, 30.1.3.X, 30.1.4.X, and 30.1.5.X carry five user groups.

¡ Internet—40.1.1.X, 40.1.2.X, 40.1.3.X, 40.1.4.X, and 40.1.5.X carry five user groups.

Figure 352 Network diagram

‌

Configuration considerations

To meet the network requirements, you must perform the following tasks:

· Map traffic to predefined forwarding classes as follows:

¡ Map VoIP traffic with IP precedence values 6 and 7 to the predefined forwarding class NC.

¡ Map VoD traffic with IP precedence values 4 and 5 to the predefined forwarding class EF.

¡ Map VPN traffic with IP precedence values 2 and 3 to the predefined forwarding class AF.

¡ Map Internet traffic with IP precedence values 0 and 1 to the predefined forwarding class BE.

· Mark each type of traffic with a local QoS ID by source IP address. Then, map each type of traffic to a forwarding group by local QoS ID.

· Assign the user groups of each type of traffic to different forwarding groups by different match criteria.

Restrictions and guidelines

Because all traffic is differentiated by IP precedence, you can map different classes of traffic to the predefined forwarding classes through up-fc mapping. For this purpose, configure the incoming ports to select the trusted priority type automatically.

Procedure

# Create forwarding profiles for Layer 1 forwarding groups.

[Router] qos forwarding-profile vpn-fg2

[Router-fp-vpn-fg2] gts cir 100000

[Router-fp-vpn-fg2] quit

[Router] qos forwarding-profile internet-fg2

[Router-fp-internet-fg2] gts cir 36000

[Router-fp-internet-fg2] quit

[Router] qos forwarding-profile vod-fg2-1

[Router-hqos-fp-vod-fg2-1] wfq weight 2

[Router-hqos-fp-vod-fg2-1] quit

[Router] qos forwarding-profile vod-fg2-2

[Router-hqos-fp-vod-fg2-1] wfq weight 2

[Router-hqos-fp-vod-fg2-1] quit

[Router] qos forwarding-profile vod-fg2-3

[Router-hqos-fp-vod-fg2-1] wfq weight 1

[Router-hqos-fp-vod-fg2-1] quit

[Router] qos forwarding-profile empty

[Router-hqos-fp-empty] quit

# Create forwarding profiles for forwarding classes.

[Router] qos forwarding-profile fc

[Router-hqos-fp-fc] sp

[Router-hqos-fp-fc] quit

# Nest forwarding classes in Layer 2 forwarding groups.

[Router] qos forwarding-group internet-fg2

[Router-internet-fg2] forwarding-class NC profile fc

[Router-internet-fg2] forwarding-class H1 profile fc

[Router-internet-fg2] forwarding-class EF profile fc

[Router-internet-fg2] forwarding-class H2 profile fc

[Router-internet-fg2] forwarding-class L1 profile fc

[Router-internet-fg2] forwarding-class AF profile fc

[Router-internet-fg2] forwarding-class L2 profile fc

[Router-internet-fg2] forwarding-class BE profile fc

[Router-internet-fg2] quit

[Router] qos forwarding-group voip-fg2

[Router-voip-fg2] forwarding-class NC profile fc

[Router-voip-fg2] forwarding-class H1 profile fc

[Router-voip-fg2] forwarding-class EF profile fc

[Router-voip-fg2] forwarding-class H2 profile fc

[Router-voip-fg2] forwarding-class L1 profile fc

[Router-voip-fg2] forwarding-class AF profile fc

[Router-voip-fg2] forwarding-class L2 profile fc

[Router-voip-fg2] forwarding-class BE profile fc

[Router-voip-fg2] quit

[Router] qos forwarding-group vod-fg2-1

[Router-fg-vod-fg2-1] forwarding-class NC profile fc

[Router-fg-vod-fg2-1] forwarding-class H1 profile fc

[Router-fg-vod-fg2-1] forwarding-class EF profile fc

[Router-fg-vod-fg2-1] forwarding-class H2 profile fc

[Router-fg-vod-fg2-1] forwarding-class L1 profile fc

[Router-fg-vod-fg2-1] forwarding-class AF profile fc

[Router-fg-vod-fg2-1] forwarding-class L2 profile fc

[Router-fg-vod-fg2-1] forwarding-class BE profile fc

[Router-fg-vod-fg2-1] quit

[Router] qos forwarding-group vod-fg2-2

[Router-fg-vod-fg2-2] forwarding-class NC profile fc

[Router-fg-vod-fg2-2] forwarding-class H1 profile fc

[Router-fg-vod-fg2-2] forwarding-class EF profile fc

[Router-fg-vod-fg2-2] forwarding-class H2 profile fc

[Router-fg-vod-fg2-2] forwarding-class L1 profile fc

[Router-fg-vod-fg2-2] forwarding-class AF profile fc

[Router-fg-vod-fg2-2] forwarding-class L2 profile fc

[Router-fg-vod-fg2-2] forwarding-class BE profile fc

[Router-fg-vod-fg2-2] quit

[Router] qos forwarding-group vod-fg2-3

[Router-fg-vod-fg2-3] forwarding-class NC profile fc

[Router-fg-vod-fg2-3] forwarding-class H1 profile fc

[Router-fg-vod-fg2-3] forwarding-class EF profile fc

[Router-fg-vod-fg2-3] forwarding-class H2 profile fc

[Router-fg-vod-fg2-3] forwarding-class L1 profile fc

[Router-fg-vod-fg2-3] forwarding-class AF profile fc

[Router-fg-vod-fg2-3] forwarding-class L2 profile fc

[Router-fg-vod-fg2-3] forwarding-class BE profile fc

[Router-fg-vod-fg2-3] quit

[Router] qos forwarding-group vpn-fg2

[Router-vpn-fg2] forwarding-class NC profile fc

[Router-vpn-fg2] forwarding-class H1 profile fc

[Router-vpn-fg2] forwarding-class EF profile fc

[Router-vpn-fg2] forwarding-class H2 profile fc

[Router-vpn-fg2] forwarding-class L1 profile fc

[Router-vpn-fg2] forwarding-class AF profile fc

[Router-vpn-fg2] forwarding-class L2 profile fc

[Router-vpn-fg2] forwarding-class BE profile fc

[Router-vpn-fg2] quit

# Nest forwarding groups in Layer 1 forwarding groups.

[Router] qos forwarding-group voip

[Router-fg-voip] match qos-local-id 1

[Router-fg-voip-match] forwarding-group voip-fg2 profile empty

[Router-fg-voip-match] quit

[Router-fg-voip] match qos-local-id 2

[Router-fg-voip-match] forwarding-group voip-fg2 profile empty

[Router-fg-voip-match] quit

[Router-fg-voip] quit

[Router] qos forwarding-group vod

[Router-fg-vod] match qos-local-id 101

[Router-fg-vod-match] forwarding-group vod-fg2-1 profile vod-fg2-1

[Router-fg-vod-match] quit

[Router-fg-vod] match qos-local-id 102

[Router-fg-vod-match] forwarding-group vod-fg2-2 profile vod-fg2-2

[Router-fg-vod-match] quit

[Router-fg-vod] match qos-local-id 103

[Router-fg-vod-match] forwarding-group vod-fg2-3 profile vod-fg2-3

[Router-fg-vod-match] quit

[Router-fg-vod] quit

[Router] qos forwarding-group vpn

[Router-fg-vpn] match qos-local-id 201

[Router-fg-vpn-match] forwarding-group vpn-fg2 profile vpn-fg2

[Router-fg-vpn-match] quit

[Router-fg-vpn] match qos-local-id 202

[Router-fg-vpn-match] forwarding-group vpn-fg2 profile vpn-fg2

[Router-fg-vpn-match] quit

[Router-fg-vpn] match qos-local-id 203

[Router-fg-vpn-match] forwarding-group vpn-fg2 profile vpn-fg2

[Router-fg-vpn-match] quit

[Router-fg-vpn] match qos-local-id 204

[Router-fg-vpn-match] forwarding-group vpn-fg2 profile vpn-fg2

[Router-fg-vpn-match] quit

[Router-fg-vpn] match qos-local-id 205

[Router-fg-vpn-match] forwarding-group vpn-fg2 profile vpn-fg2

[Router-fg-vpn-match] quit

[Router-fg-vpn] quit

[Router] qos forwarding-group internet

[Router-fg-internet] match qos-local-id 301

[Router-fg-internet-match] forwarding-group internet-fg2 profile internet-fg2

[Router-fg-internet-match] quit

[Router-fg-internet] match qos-local-id 302

[Router-fg-internet-match] forwarding-group internet-fg2 profile internet-fg2

[Router-fg-internet-match] quit

[Router-fg-internet] match qos-local-id 303

[Router-fg-internet-match] forwarding-group internet-fg2 profile internet-fg2

[Router-fg-internet-match] quit

[Router-fg-internet] match qos-local-id 304

[Router-fg-internet-match] forwarding-group internet-fg2 profile internet-fg2

[Router-fg-internet-match] quit

[Router-fg-internet] match qos-local-id 305

[Router-fg-internet-match] forwarding-group internet-fg2 profile internet-fg2

[Router-fg-internet-match] quit

[Router-fg-internet] quit

# Mark traffic with a local QoS ID based on the source IP address.

[Router] acl basic 2001

[Router-acl-ipv4-basic-2001] rule permit source 10.1.1.0 0.0.0.255

[Router-acl-ipv4-basic-2001] quit

[Router] acl basic 2002

[Router-acl-ipv4-basic-2002] rule permit source 10.1.2.0 0.0.0.255

[Router-acl-ipv4-basic-2002] quit

[Router] acl basic 2101

[Router-acl-ipv4-basic-2101] rule permit source 20.1.1.0 0.0.0.255

[Router-acl-ipv4-basic-2101] quit

[Router] acl basic 2102

[Router-acl-ipv4-basic-2102] rule permit source 20.1.2.0 0.0.0.255

[Router-acl-ipv4-basic-2102] quit

[Router] acl basic 2103

[Router-acl-ipv4-basic-2103] rule permit source 20.1.3.0 0.0.0.255

[Router-acl-ipv4-basic-2103] quit

[Router] acl basic 2201

[Router-acl-ipv4-basic-2201] rule permit source 30.1.1.0 0.0.0.255

[Router-acl-ipv4-basic-2201] quit

[Router] acl basic 2202

[Router-acl-ipv4-basic-2202] rule permit source 30.1.2.0 0.0.0.255

[Router-acl-ipv4-basic-2202] quit

[Router] acl basic 2203

[Router-acl-ipv4-basic-2203] rule permit source 30.1.3.0 0.0.0.255

[Router-acl-ipv4-basic-2203] quit

[Router] acl basic 2204

[Router-acl-ipv4-basic-2204] rule permit source 30.1.4.0 0.0.0.255

[Router-acl-ipv4-basic-2204] quit

[Router] acl basic 2205

[Router-acl-ipv4-basic-2205] rule permit source 30.1.5.0 0.0.0.255

[Router-acl-ipv4-basic-2205] quit

[Router] acl basic 2301

[Router-acl-ipv4-basic-2301] rule permit source 40.1.1.0 0.0.0.255

[Router-acl-ipv4-basic-2301] quit

[Router] acl basic 2302

[Router-acl-ipv4-basic-2302] rule permit source 40.1.2.0 0.0.0.255

[Router-acl-ipv4-basic-2302] quit

[Router] acl basic 2303

[Router-acl-ipv4-basic-2303] rule permit source 40.1.3.0 0.0.0.255

[Router-acl-ipv4-basic-2303] quit

[Router] acl basic 2304

[Router-acl-ipv4-basic-2304] rule permit source 40.1.4.0 0.0.0.255

[Router-acl-ipv4-basic-2304] quit

[Router] acl basic 2305

[Router-acl-ipv4-basic-2305] rule permit source 40.1.5.0 0.0.0.255

[Router-acl-ipv4-basic-2305] quit

[Router] traffic classifier 1

[Router-classifier-1] if-match acl 2001

[Router-classifier-1] quit

[Router] traffic classifier 2

[Router-classifier-2] if-match acl 2002

[Router-classifier-2] quit

[Router] traffic classifier 101

[Router-classifier-101] if-match acl 2101

[Router-classifier-101] quit

[Router] traffic classifier 102

[Router-classifier-102] if-match acl 2102

[Router-classifier-102] quit

[Router] traffic classifier 103

[Router-classifier-103] if-match acl 2103

[Router-classifier-103] quit

[Router] traffic classifier 201

[Router-classifier-201] if-match acl 2201

[Router-classifier-201] quit

[Router] traffic classifier 202

[Router-classifier-202] if-match acl 2202

[Router-classifier-202] quit

[Router] traffic classifier 203

[Router-classifier-203] if-match acl 2203

[Router-classifier-203] quit

[Router] traffic classifier 204

[Router-classifier-204] if-match acl 2204

[Router-classifier-204] quit

[Router] traffic classifier 205

[Router-classifier-205] if-match acl 2205

[Router-classifier-205] quit

[Router] traffic classifier 301

[Router-classifier-301] if-match acl 2301

[Router-classifier-301] quit

[Router] traffic classifier 302

[Router-classifier-302] if-match acl 2302

[Router-classifier-302] quit

[Router] traffic classifier 303

[Router-classifier-303] if-match acl 2303

[Router-classifier-303] quit

[Router] traffic classifier 304

[Router-classifier-304] if-match acl 2304

[Router-classifier-304] quit

[Router] traffic classifier 305

[Router-classifier-305] if-match acl 2305

[Router-classifier-305] quit

[Router] traffic behavior 1

[Router-behavior-1] remark qos-local-id 1

[Router-behavior-1] remark forwarding-class name NC

[Router-behavior-1] quit

[Router] traffic behavior 2

[Router-behavior-2] remark qos-local-id 2

[Router-behavior-2] remark forwarding-class name NC

[Router-behavior-2] quit

[Router] traffic behavior 101

[Router-behavior-101] remark qos-local-id 101

[Router-behavior-101] remark forwarding-class name EF

[Router-behavior-101] quit

[Router] traffic behavior 102

[Router-behavior-102] remark qos-local-id 102

[Router-behavior-102] remark forwarding-class name EF

[Router-behavior-102] quit

[Router] traffic behavior 103

[Router-behavior-103] remark qos-local-id 103

[Router-behavior-103] remark forwarding-class name EF

[Router-behavior-103] quit

[Router] traffic behavior 201

[Router-behavior-201] remark qos-local-id 201

[Router-behavior-201] remark forwarding-class name AF

[Router-behavior-201] quit

[Router] traffic behavior 202

[Router-behavior-202] remark qos-local-id 202

[Router-behavior-202] remark forwarding-class name AF

[Router-behavior-202] quit

[Router] traffic behavior 203

[Router-behavior-203] remark qos-local-id 203

[Router-behavior-203] remark forwarding-class name AF

[Router-behavior-203] quit

[Router] traffic behavior 204

[Router-behavior-204] remark qos-local-id 204

[Router-behavior-204] remark forwarding-class name AF

[Router-behavior-204] quit

[Router] traffic behavior 205

[Router-behavior-205] remark qos-local-id 205

[Router-behavior-205] remark forwarding-class name AF

[Router-behavior-205] quit

[Router] traffic behavior 301

[Router-behavior-301] remark qos-local-id 301

[Router-behavior-301] remark forwarding-class name BE

[Router-behavior-301] quit

[Router] traffic behavior 302

[Router-behavior-302] remark qos-local-id 302

[Router-behavior-302] remark forwarding-class name BE

[Router-behavior-302] quit

[Router] traffic behavior 303

[Router-behavior-303] remark qos-local-id 303

[Router-behavior-303] remark forwarding-class name BE

[Router-behavior-303] quit

[Router] traffic behavior 304

[Router-behavior-304] remark qos-local-id 304

[Router-behavior-304] remark forwarding-class name BE

[Router-behavior-304] quit

[Router] traffic behavior 305

[Router-behavior-305] remark qos-local-id 305

[Router-behavior-305] remark forwarding-class name BE

[Router-behavior-305] quit

[Router] qos policy localid

[Router-qospolicy-localid] classifier 1 behavior 1

[Router-qospolicy-localid] classifier 2 behavior 2

[Router-qospolicy-localid] classifier 101 behavior 101

[Router-qospolicy-localid] classifier 102 behavior 102

[Router-qospolicy-localid] classifier 103 behavior 103

[Router-qospolicy-localid] classifier 201 behavior 201

[Router-qospolicy-localid] classifier 202 behavior 202

[Router-qospolicy-localid] classifier 203 behavior 203

[Router-qospolicy-localid] classifier 204 behavior 204

[Router-qospolicy-localid] classifier 205 behavior 205

[Router-qospolicy-localid] classifier 301 behavior 301

[Router-qospolicy-localid] classifier 302 behavior 302

[Router-qospolicy-localid] classifier 303 behavior 303

[Router-qospolicy-localid] classifier 304 behavior 304

[Router-qospolicy-localid] classifier 305 behavior 305

[Router-qospolicy-localid] quit

# Create a scheduler policy, and nest Layer 1 forwarding groups.

[Router] qos scheduler-policy SP

[Router-sp-SP] match group

[Router-sp-SP-match] forwarding-group voip profile voip

[Router-sp-SP-match] forwarding-group vod profile vod

[Router-sp-SP-match] forwarding-group vpn profile vpn

[Router-sp-SP-match] forwarding-group internet profile empty

[Router-sp-SP-match] quit

[Router-sp-SP] quit

# Configure GTS on Ten-GigabitEthernet 3/0/1.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] qos lr outbound cir 1000000

# Apply scheduler policy SP and QoS policy localid to the outbound direction of Ten-GigabitEthernet 3/0/1.

[Router-Ten-GigabitEthernet3/0/1] qos apply scheduler-policy SP outbound

[Router-Ten-GigabitEthernet3/0/1] qos apply policy localid outbound

Time range configuration examples

Example: Configuring a time range

Network configuration

As shown in Figure 353, configure an ACL on the device to allow Host A to access the server only during 8:00 and 18:00 on working days from June 2015 to the end of the year.

Figure 353 Network diagram

‌

Procedure

# Create a periodic time range during 8:00 and 18:00 on working days from June 2015 to the end of the year.

<Device> system-view

[Device] time-range work 8:0 to 18:0 working-day from 0:0 6/1/2015 to 24:00 12/31/2015

# Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit packets only from 192.168.1.2/32 during the time range work.

[Device] acl basic 2001

[Device-acl-ipv4-basic-2001] rule permit source 192.168.1.2 0 time-range work

[Device-acl-ipv4-basic-2001] rule deny source any time-range work

[Device-acl-ipv4-basic-2001] quit

# Apply IPv4 basic ACL 2001 to filter outgoing packets on Ten-GigabitEthernet 3/0/2.

[Device] interface ten-gigabitethernet 3/0/2

[Device-Ten-GigabitEthernet3/0/2] packet-filter 2001 outbound

[Device-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Verify that the time range work is active on the device.

[Device] display time-range all

Current time is 13:58:35 6/19/2015 Friday

Time-range : work (Active)

08:00 to 18:00 working-day

from 00:00 6/1/2015 to 00:00 1/1/2016

Flowspec configuration examples

Example: Configuring IPv4 Flowspec

Network configuration

As shown in Figure 354, all routers run BGP. Device A is a Flowspec router, and Device B is a Flowspec edge router.

Configure Flowspec to limit the rate of incoming packets with destination IP address 1.1.1.0/24 and port 10 on Device B.

Figure 354 Network diagram

‌

Procedure

1. Assign IP addresses to interfaces. (Details not shown.)

2. Configure Device A:

# Configure a BGP connection.

<DeviceA> system-view

[DeviceA] bgp 100

[DeviceA-bgp-default] peer 10.1.1.2 as-number 200

[DeviceA-bgp-default] address-family ipv4 flowspec

[DeviceA-bgp-default-flowspec-ipv4] peer 10.1.1.2 enable

[DeviceA-bgp-default-flowspec-ipv4] peer 10.1.1.2 validation-disable

[DeviceA-bgp-flowspec-ipv4] quit

[DeviceA-bgp-default] quit

# Configure a Flowspec rule.

[DeviceA] flow-route route1

[DeviceA-flow-route-route1] if-match destination-ip 1.1.1.0 24

[DeviceA-flow-route-route1] if-match destination-port 10

[DeviceA-flow-route-route1] apply traffic-rate 20

[DeviceA-flow-route-route1] check flow-route-configuration

Traffic filtering rules:

Destination ip : 1.1.1.0 255.255.255.0

Destination port : 10

Traffic filtering actions:

Traffic rate : 20(kbps)

[DeviceA-flow-route-route1] commit

[DeviceA-flow-route-route1] quit

# Apply the Flowspec rule to the public network.

[DeviceA] flowspec

[DeviceA-flowspec] address-family ipv4

[DeviceA-flowspec-ipv4] flow-route route1

[DeviceA-flowspec-ipv4] quit

3. Configure Device B:

# Configure a BGP connection.

<DeviceB> system-view

[DeviceB] bgp 200

[DeviceB-bgp-default] peer 10.1.1.1 as-number 100

[DeviceB-bgp-default] address-family ipv4 flowspec

[DeviceB-bgp-default-flowspec-ipv4] peer 10.1.1.1 enable

[DeviceB-bgp-default-flowspec-ipv4] peer 10.1.1.1 validation-disable

[DeviceB-bgp-default-flowspec-ipv4] quit

[DeviceB-bgp-default] quit

Verifying the configuration

# On Device A, display BGP IPv4 Flowspec peer information.

[DeviceA] display bgp peer ipv4 flowspec

BGP local router ID: 192.168.150.1

Local AS number: 100

Total number of peers: 1 Peers in established state: 1

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

10.1.1.2 200 10 12 0 0 00:06:40 Established

# On Device B, display BGP IPv4 Flowspec peer information.

[DeviceB] display bgp peer ipv4 flowspec

BGP local router ID: 192.168.150.2

Local AS number: 200

Total number of peers: 1 Peers in established state: 1

* - Dynamically created peer

Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

10.1.1.1 100 10 12 0 0 00:06:40 Established

# On Device B, display BGP IPv4 Flowspec routing information.

[DeviceB] display bgp routing-table ipv4 flowspec

Total number of routes: 1

BGP local router ID is 192.168.150.2

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e DEST:1.1.1.0/24/40

0.0.0.0 100 0 ?

# On Device B, display information about all Flowspec rules.

<DeviceB> display flow-route ipv4 all

Total number of flow-routes: 1

Flow-Route (ID 0x0)

BGP instance : default

Traffic filtering rules:

Destination IP : 1.1.1.0 255.255.255.0

Destination port : 10

Traffic filtering actions:

Traffic rate : 20(kbps)

DAE proxy configuration examples

Example: Configuring DAE proxy

Network configuration

As shown in Figure 355, the hosts use manually configured IP addresses or dynamically obtain IP addresses, and they access the BRASs by IPoE through Layer 3 networks.

· Configure the BRAS to support IPoE in control-/data-plane separated mode.

· Configure the free RADIUS server to provide authentication, authorization, and accounting services.

· Configure Device as the DAE proxy to manage the CPs.

Figure 355 Network diagram

‌

Prerequisites

# Assign IP addresses to interfaces and configure routes. Make sure the network connections are available.

# Configure the management and control channels and protocol tunnels between the CPs and UPs. For more information, see H3C vBRAS1000-CP CP and UP Separation Configuration Guide.

Procedure

1. Configure the RADIUS server:

# Add a RADIUS client that uses IP address 5.5.5.1 and secret radius to the clients.conf file.

client 5.5.5.1/32 {

ipaddr = 5.5.5.1

netmask=32

secret=radius

}

# Add a user that uses username 2.2.2.1 and password a123456 to the users file.

2.2.2.1 Cleartext-Password :="a123456"

2. Configure the DAE proxy:

# Enable DAE proxy and enter DAE proxy view.

<Device> system-view

[Device] radius dynamic-author proxy

# Specify the listening port for DAE requests to 2000.

[Device-radius-da-proxy] listen-port 2000

# Configure a DAE client that uses IP address 5.5.5.2 and plaintext shared key radius.

[Device-radius-da-proxy] client ip 5.5.5.2 key simple radius

# Configure the DAE server listening port.

[Device-radius-da-proxy] server port 3798

# Configure DAE servers that use IP addresses 4.4.4.1 and 6.6.6.1.

[Device-radius-da-proxy] server ip 4.4.4.1

[Device-radius-da-proxy] server ip 6.6.6.1

[Device-radius-da-proxy] quit

# Configure ACL 3000 to permit packets that are destined for the authentication port or accounting port of the RADIUS server.

[Device] acl number 3000

[Device-acl-adv-3000] rule 1 permit udp destination-port eq 1812

[Device-acl-adv-3000] rule 2 permit udp destination-port eq 1813

[Device-acl-adv-3000] quit

# Configure outbound dynamic NAT on the interface that is connected to the RADIUS server. Translate the source IP addresses of RADIUS packets permitted by ACL 3000 to the IP address of the interface.

[Device] interface ten-gigabitethernet 3/0/3

[Device-Ten-GigabitEthernet3/0/3] ip address 5.5.5.1 255.255.255.0

[Device-Ten-GigabitEthernet3/0/3] nat outbound 3000

[Device-Ten-GigabitEthernet3/0/3] quit

3. Configure UP 1:

# Configure the BRAS to operate in user plane mode.

<UP1> system-view

[UP1] work-mode user-plane

4. Configure UP 2 in the same way UP 1 is configured. (Details not shown.)

5. Configure CP 1:

a. Configure a RADIUS scheme:

# Create a RADIUS scheme named rs1 and enter its view.

<CP1> system-view

[CP1] radius scheme rs1

# Configure the primary authentication and accounting servers and the keys.

[CP1-radius-rs1] primary authentication 5.5.5.2

[CP1-radius-rs1] primary accounting 5.5.5.2

[CP1-radius-rs1] key authentication simple radius

[CP1-radius-rs1] key accounting simple radius

# Exclude the ISP name from usernames sent to the RADIUS server.

[CP1-radius-rs1] user-name-format without-domain

[CP1-radius-rs1] quit

b. Configure the DAE server:

# Enable the RADIUS DAS feature and enter RADIUS DAS view.

[CP1] radius dynamic-author server

# Set the DAE packet listening port to 3798.

[CP1-radius-da-server] port 3798

# Configure a client that uses IP address 4.4.4.2. Set the shared key to radius in plaintext form.

[CP1-radius-da-server] client ip 4.4.4.2 key simple radius

[CP1-radius-da-server] quit

c. Configure an ISP domain:

# Create an ISP domain named dm1 and enter its view.

[CP1] domain name dm1

# Configure ISP domain dm1 to use RADIUS scheme rs1.

[CP1-isp-dm1] authentication ipoe radius-scheme rs1

[CP1-isp-dm1] authorization ipoe radius-scheme rs1

[CP1-isp-dm1] accounting ipoe radius-scheme rs1

[CP1-isp-dm1] quit

d. Configure IPoE:

# Enter the view of Remote-GE1024/1/0/2.

[CP1] interface remote-ge 1024/1/0/2

# Enable IPoE and configure Layer 3 access mode on Remote-GE 1024/1/0/2.

[CP1–Remote-GE1024/1/0/2] ip subscriber routed enable

# Enable unclassified-IP packet initiation on Remote-GE1024/1/0/2.

[CP1–Remote-GE1024/1/0/2] ip subscriber initiator unclassified-ip enable

# Specify dm1 as the ISP domain for unclassified-IP users.

[CP1–Remote-GE1024/1/0/2] ip subscriber unclassified-ip domain dm1

# Configure plaintext password radius for authentication.

[CP1–Remote-GE1024/1/0/2] ip subscriber password plaintext radius

[CP1–Remote-GE1024/1/0/2] quit

e. Configure a route to the RADIUS server:

# Configure a static route to the IP address of the RADIUS server. Specify the IP address of the DAE proxy as the next hop.

[CP1] ip route-static 5.5.5.2 32 4.4.4.2

6. Configure CP 2 in the same way CP 1 is configured. (Details not shown.)

Verifying the configuration

# On CP 1, execute the display access-user command to display online IPoE user information to verify that the host has come online.

# On the DAE proxy, display DAE statistics.

[Device] display radius dynamic-author proxy

Status: Enabled

Listening port: 2000

RADIUS DAE clients:

IP address VPN instance

5.5.5.2 N/A

RADIUS DAE servers:

IP address VPN instance

4.4.4.1 N/A

6.6.6.1 N/A

RADIUS DAE packet statistics (DAE proxy<--->DAE client):

Invalid packets: 0

PacketName DM_REQ DM_ACK DM_NAK COA_REQ COA_ACK COA_NAK

Received 0 0 0 0 0 0

Duplicated 0 0 0 0 0 0

CheckError 0 0 0 0 0 0

NASNotFound 0 0 0 0 0 0

Sent 0 0 0 0 0 0

FailedToSend 0 0 0 0 0 0

RADIUS DAE packet statistics (DAE proxy<--->DAE server):

Invalid packets: 0

PacketName DM_REQ DM_ACK DM_NAK COA_REQ COA_ACK COA_NAK

Sent 0 0 0 0 0 0

FailedToSend 0 0 0 0 0 0

Received 0 0 0 0 0 0

NoContext 0 0 0 0 0 0

When CP 1 receives a Disconnect-Request packet from the DAE client, it disconnects sessions of the matching user. Use the display access-user command to verify that the user connection does not exist.

When CP 1 receives a CoA-Request packet from the DAE client, it changes the authorization information for the matching user. Use the display access-user command to view the latest authorization information of the user connection.

# Verify that the numbers of received and transmitted DM and CoA packets have changed.

[Device] display radius dynamic-author proxy

Status: Enabled

Listening port: 2000

RADIUS DAE clients:

IP address VPN instance

5.5.5.2 N/A

RADIUS DAE servers:

IP address VPN instance

4.4.4.1 N/A

6.6.6.1 N/A

RADIUS DAE packet statistics (DAE proxy<--->DAE client):

Invalid packets: 0

PacketName DM_REQ DM_ACK DM_NAK COA_REQ COA_ACK COA_NAK

Received 1 0 0 1 0 0

Duplicated 0 0 0 0 0 0

CheckError 0 0 0 0 0 0

NASNotFound 0 0 0 0 0 0

Sent 0 1 0 0 1 0

FailedToSend 0 0 0 0 0 0

RADIUS DAE packet statistics (DAE proxy<--->DAE server):

Invalid packets: 0

PacketName DM_REQ DM_ACK DM_NAK COA_REQ COA_ACK COA_NAK

Sent 2 0 0 2 0 0

FailedToSend 0 0 0 0 0 0

Received 0 1 1 0 1 1

NoContext 0 0 0 0 0 0

Password control configuration examples

Example: Configuring password control

Network configuration

Configure a global password control policy to meet the following requirements:

· A password must contain a minimum of 16 characters.

· A password must contain a minimum of four character types and a minimum of four characters for each type.

· An FTP or VTY user failing to provide the correct password in two successive login attempts is permanently prohibited from logging in with the current IP address.

· A user can log in five times within 60 days after the password expires.

· A password expires after 30 days.

· The minimum password update interval is 36 hours.

· The maximum account idle time is 30 days.

· A password cannot contain the username or the reverse of the username or part of the username or the reverse of the username.

· A minimum of three identical consecutive characters is not allowed in a password.

Configure a super password control policy for user role network-operator to meet the following requirements:

· A super password must contain a minimum of 24 characters.

· A super password must contain a minimum of four character types and a minimum of five characters for each type.

Configure a password control policy for local Telnet user test to meet the following requirements:

· The password must contain a minimum of 24 characters.

· The password must contain a minimum of four character types and a minimum of five characters for each type.

· The password for the local user expires after 20 days.

Procedure

# Enable the password control feature globally.

<Sysname> system-view

[Sysname] password-control enable

# Allow a maximum of two consecutive login failures on a user account, and lock the user account and the user's IP address permanently if the limit is reached.

[Sysname] password-control login-attempt 2 exceed lock

# Set all passwords to expire after 30 days.

[Sysname] password-control aging 30

# Globally set the minimum password length to 16 characters.

[Sysname] password-control length 16

# Set the minimum password update interval to 36 hours.

[Sysname] password-control update-interval 36

# Specify that a user can log in five times within 60 days after the password expires.

[Sysname] password-control expired-user-login delay 60 times 5

# Set the maximum account idle time to 30 days.

[Sysname] password-control login idle-time 30

# Enable username checking.

[Sysname] password-control complexity user-name check

# Enable repeated character checking.

[Sysname] password-control complexity same-character check

# Globally specify that all passwords must each contain a minimum of four character types and a minimum of four characters for each type.

[Sysname] password-control composition type-number 4 type-length 4

# Set the minimum super password length to 24 characters.

[Sysname] password-control super length 24

# Specify that a super password must contain a minimum of four character types and a minimum of five characters for each type.

[Sysname] password-control super composition type-number 4 type-length 5

# Configure a super password used for switching to user role network-operator as 123456789ABGFTweuix@#$%! in plain text.

[Sysname] super password role network-operator simple 123456789ABGFTweuix@#$%!

# Create a device management user named test.

[Sysname] local-user test class manage

# Set the service type of the user to Telnet.

[Sysname-luser-manage-test] service-type telnet

# Set the minimum password length to 24 for the local user.

[Sysname-luser-manage-test] password-control length 24

# Specify that the password of the local user must contain a minimum of four character types and a minimum of five characters for each type.

[Sysname-luser-manage-test] password-control composition type-number 4 type-length 5

# Set the password for the local user to expire after 20 days.

[Sysname-luser-manage-test] password-control aging 20

# Configure the password of the local user in interactive mode.

[Sysname-luser-manage-test] password

Password:

Confirm :

Updating user information. Please wait ... ...

[Sysname-luser-manage-test] quit

Verifying the configuration

# Display the global password control configuration.

<Sysname> display password-control

Global password control configurations:

Password control: Enabled

Password aging: Enabled (30 days)

Password length: Enabled (16 characters)

Password composition: Enabled (4 types, 4 characters per type)

Password history: Enabled (max history record:4)

Early notice on password expiration: 7 days

Maximum login attempts: 2

Action for exceeding login attempts: Lock

Password history was last reset: 0 days ago

Minimum interval between two updates: 36 hours

User account idle time: 30 days

Logins with aged password: 5 times in 60 days

Password complexity: Enabled (username checking)

Enabled (repeated characters checking)

Password change: Enabled (first login)

Disabled (mandatory weak password change)

User information in blacklist: Username and IP

# Display the password control configuration for super passwords.

<Sysname> display password-control super

Super password control configurations:

Password aging: Enabled (90 days)

Password length: Enabled (24 characters)

Password composition: Enabled (4 types, 5 characters per type)

# Display the password control configuration for local user test.

<Sysname> display local-user user-name test class manage

Total 1 local users matched.

Device management user test:

State: Active

Service type: Telnet

User group: system

Bind attributes:

Authorization attributes:

Work directory: flash:

User role list: network-operator

Password control configurations:

Password aging: 20 days

Password length: 24 characters

Password composition: 4 types, 5 characters per type

Password complexity: username checking

Keychain configuration examples

Example: Configuring keychains

Network configuration

As shown in Figure 356, establish an OSPF neighbor relationship between Router A and Router B, and use a keychain to authenticate packets between the routers. Configure key 1 and key 2 for the keychain and make sure key 2 is used immediately when key 1 expires.

Figure 356 Network diagram

‌

Procedure

1. Configure Router A:

# Configure IP addresses for interfaces. (Details not shown.)

# Configure OSPF.

<RouterA> system-view

[RouterA] ospf 1 router-id 1.1.1.1

[RouterA-ospf-1] area 0

[RouterA-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# Create a keychain named abc, and specify the absolute time mode for it.

[RouterA] keychain abc mode absolute

# Create key 1 for keychain abc, specify an authentication algorithm, and configure a key string and the sending and receiving lifetimes for the key.

[RouterA-keychain-abc] key 1

[RouterA-keychain-abc-key-1] authentication-algorithm md5

[RouterA-keychain-abc-key-1] key-string plain 123456

[RouterA-keychain-abc-key-1] send-lifetime utc 10:00:00 2015/02/06 to 11:00:00 2015/02/06

[RouterA-keychain-abc-key-1] accept-lifetime utc 10:00:00 2015/02/06 to 11:00:00 2015/02/06

[RouterA-keychain-abc-key-1] quit

# Create key 2 for keychain abc, specify an authentication algorithm, and configure a key string and the sending and receiving lifetimes for the key.

[RouterA-keychain-abc] key 2

[RouterA-keychain-abc-key-2] authentication-algorithm hmac-md5

[RouterA-keychain-abc-key-2] key-string plain pwd123

[RouterA-keychain-abc-key-2] send-lifetime utc 11:00:00 2015/02/06 to 12:00:00 2015/02/06

[RouterA-keychain-abc-key-2] accept-lifetime utc 11:00:00 2015/02/06 to 12:00:00 2015/02/06

[RouterA-keychain-abc-key-2] quit

[RouterA-keychain-abc] quit

# Configure Ten-GigabitEthernet 3/0/1 to use keychain abc for authentication.

[RouterA] interface Ten-GigabitEthernet3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ospf authentication-mode keychain abc

[RouterA-Ten-GigabitEthernet3/0/1] quit

2. Configure Router B:

# Configure IP addresses for interfaces. (Details not shown.)

# Configure OSPF.

<RouterB> system-view

[RouterB] ospf 1 router-id 2.2.2.2

[RouterB-ospf-1] area 0

[RouterB-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255

[RouterB-ospf-1-area-0.0.0.0] quit

[RouterB-ospf-1] quit

# Create a keychain named abc, and specify the absolute time mode for it.

[RouterB] keychain abc mode absolute

# Create key 1 for keychain abc, specify an authentication algorithm, and configure a key string and the sending and receiving lifetimes for the key.

[RouterB-keychain-abc] key 1

[RouterB-keychain-abc-key-1] authentication-algorithm md5

[RouterB-keychain-abc-key-1] key-string plain 123456

[RouterB-keychain-abc-key-1] send-lifetime utc 10:00:00 2015/02/06 to 11:00:00 2015/02/06

[RouterB-keychain-abc-key-1] accept-lifetime utc 10:00:00 2015/02/06 to 11:10:00 2015/02/06

[RouterB-keychain-abc-key-1] quit

# Create key 2 for keychain abc, specify an authentication algorithm, and configure a key string and the sending and receiving lifetimes for the key.

[RouterB-keychain-abc] key 2

[RouterB-keychain-abc-key-2] key-string plain pwd123

[RouterB-keychain-abc-key-2] authentication-algorithm hmac-md5

[RouterB-keychain-abc-key-2] send-lifetime utc 11:00:00 2015/02/06 to 12:00:00 2015/02/06

[RouterB-keychain-abc-key-2] accept-lifetime utc 11:00:00 2015/02/06 to 12:00:00 2015/02/06

[RouterB-keychain-abc-key-2] quit

[RouterB-keychain-abc] quit

# Configure Ten-GigabitEthernet 3/0/1 to use keychain abc for authentication.

[RouterB] interface Ten-GigabitEthernet3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ospf authentication-mode keychain abc

[RouterB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

1. When the system time is within the lifetime from 10:00:00 to 11:00:00 on the day 2015/02/06, verify the status of the keys in keychain abc.

# Display keychain information on Router A. The output shows that key 1 is the valid key.

[RouterA] display keychain

Keychain name : abc

Mode : absolute

Accept tolerance : 0

TCP kind value : 254

TCP algorithm value

HMAC-MD5 : 5

HMAC-SHA-256 : 7

MD5 : 3

HMAC-SM3 : 52

SM3 : 51

Default send key ID : None

Active send key ID : 1

Active accept key IDs: 1

Key ID : 1

Key string : $c$3$dYTC8QeOKJkwFwP2k/rWL+1p6uMTw3MqNg==

Algorithm : md5

Send lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Send status : Active

Accept lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Accept status : Active

Key ID : 2

Key string : $c$3$7TSPbUxoP1ytOqkdcJ3K3x0BnXEWl4mOEw==

Algorithm : hmac-md5

Send lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Send status : Inactive

Accept lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Accept status : Inactive

# Display keychain information on Router B. The output shows that key 1 is the valid key.

[RouterB]display keychain

Keychain name : abc

Mode : absolute

Accept tolerance : 0

TCP kind value : 254

TCP algorithm value

HMAC-MD5 : 5

HMAC-SHA-256 : 7

MD5 : 3

HMAC-SM3 : 52

SM3 : 51

Default send key ID : None

Active send key ID : 1

Active accept key IDs: 1

Key ID : 1

Key string : $c$3$/G/Shnh6heXWprlSQy/XDmftHa2JZJBSgg==

Algorithm : md5

Send lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Send status : Active

Accept lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Accept status : Active

Key ID : 2

Key string : $c$3$t4qHAw1hpZYN0JKIEpXPcMFMVT81u0hiOw==

Algorithm : hmac-md5

Send lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Send status : Inactive

Accept lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Accept status : Inactive

2. When the system time is within the lifetime from 11:00:00 to 12:00:00 on the day 2015/02/06, verify the status of the keys in keychain abc.

# Display keychain information on Router A. The output shows that key 2 becomes the valid key.

[RouterA]display keychain

Keychain name : abc

Mode : absolute

Accept tolerance : 0

TCP kind value : 254

TCP algorithm value

HMAC-MD5 : 5

HMAC-SHA-256 : 7

MD5 : 3

HMAC-SM3 : 52

SM3 : 51

Default send key ID : None

Active send key ID : 2

Active accept key IDs: 2

Key ID : 1

Key string : $c$3$dYTC8QeOKJkwFwP2k/rWL+1p6uMTw3MqNg==

Algorithm : md5

Send lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Send status : Inactive

Accept lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Accept status : Inactive

Key ID : 2

Key string : $c$3$7TSPbUxoP1ytOqkdcJ3K3x0BnXEWl4mOEw==

Algorithm : hmac-md5

Send lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Send status : Active

Accept lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Accept status : Active

# Display keychain information on Router B. The output shows that key 2 becomes the valid key.

[RouterB]display keychain

Keychain name : abc

Mode : absolute

Accept tolerance : 0

TCP kind value : 254

TCP algorithm value

HMAC-MD5 : 5

HMAC-SHA-256 : 7

MD5 : 3

HMAC-SM3 : 52

SM3 : 51

Default send key ID : None

Active send key ID : 1

Active accept key IDs: 1

Key ID : 1

Key string : $c$3$/G/Shnh6heXWprlSQy/XDmftHa2JZJBSgg==

Algorithm : md5

Send lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Send status : Inactive

Accept lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Accept status : Inactive

Key ID : 2

Key string : $c$3$t4qHAw1hpZYN0JKIEpXPcMFMVT81u0hiOw==

Algorithm : hmac-md5

Send lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Send status : Active

Accept lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Accept status : Active

Network configuration

As shown in Figure 357, establish an OSPF neighbor relationship between Switch A and Switch B, and use a keychain to authenticate packets between the switches. Configure key 1 and key 2 for the keychain and make sure key 2 is used immediately when key 1 expires.

Figure 357 Network diagram

1. Configure Switch A:

# Configure IP addresses for interfaces. (Details not shown.)

# Configure OSPF.

<SwitchA> system-view

[SwitchA] ospf 1 router-id 1.1.1.1

[SwitchA-ospf-1] area 0

[SwitchA-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255

[SwitchA-ospf-1-area-0.0.0.0] quit

[SwitchA-ospf-1] quit

# Create a keychain named abc, and specify the absolute time mode for it.

[SwitchA] keychain abc mode absolute

# Create key 1 for keychain abc, specify an authentication algorithm, and configure a key string and the sending and receiving lifetimes for the key.

[SwitchA-keychain-abc] key 1

[SwitchA-keychain-abc-key-1] authentication-algorithm md5

[SwitchA-keychain-abc-key-1] key-string plain 123456

[SwitchA-keychain-abc-key-1] send-lifetime utc 10:00:00 2015/02/06 to 11:00:00 2015/02/06

[SwitchA-keychain-abc-key-1] accept-lifetime utc 10:00:00 2015/02/06 to 11:00:00 2015/02/06

[SwitchA-keychain-abc-key-1] quit

# Create key 2 for keychain abc, specify an authentication algorithm, and configure a key string and the sending and receiving lifetimes for the key.

[SwitchA-keychain-abc] key 2

[SwitchA-keychain-abc-key-2] authentication-algorithm hmac-md5

[SwitchA-keychain-abc-key-2] key-string plain pwd123

[SwitchA-keychain-abc-key-2] send-lifetime utc 11:00:00 2015/02/06 to 12:00:00 2015/02/06

[SwitchA-keychain-abc-key-2] accept-lifetime utc 11:00:00 2015/02/06 to 12:00:00 2015/02/06

[SwitchA-keychain-abc-key-2] quit

[SwitchA-keychain-abc] quit

# Configure VLAN-interface 100 to use keychain abc for authentication.

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ospf authentication-mode keychain abc

[SwitchA-Vlan-interface100] quit

2. Configure Switch B:

# Configure IP addresses for interfaces. (Details not shown.)

# Configure OSPF.

[SwitchB] ospf 1 router-id 2.2.2.2

[SwitchB-ospf-1] area 0

[SwitchB-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255

[SwitchB-ospf-1-area-0.0.0.0] quit

[SwitchB-ospf-1] quit

# Create a keychain named abc, and specify the absolute time mode for it.

[SwitchB] keychain abc mode absolute

# Create key 1 for keychain abc, specify an authentication algorithm, and configure a key string and the sending and receiving lifetimes for the key.

[SwitchB-keychain-abc] key 1

[SwitchB-keychain-abc-key-1] authentication-algorithm md5

[SwitchB-keychain-abc-key-1] key-string plain 123456

[SwitchB-keychain-abc-key-1] send-lifetime utc 10:00:00 2015/02/06 to 11:00:00 2015/02/06

[SwitchB-keychain-abc-key-1] accept-lifetime utc 10:00:00 2015/02/06 to 11:00:00 2015/02/06

[SwitchB-keychain-abc-key-1] quit

# Create key 2 for keychain abc, specify an authentication algorithm, and configure a key string and the sending and receiving lifetimes for the key.

[SwitchB-keychain-abc] key 2

[SwitchB-keychain-abc-key-2] authentication-algorithm hmac-md5

[SwitchB-keychain-abc-key-2] key-string plain pwd123

[SwitchB-keychain-abc-key-2] send-lifetime utc 11:00:00 2015/02/06 to 12:00:00 2015/02/06

[SwitchB-keychain-abc-key-2] accept-lifetime utc 11:00:00 2015/02/06 to 12:00:00 2015/02/06

[SwitchB-keychain-abc-key-2] quit

[SwitchB-keychain-abc] quit

# Configure VLAN-interface 100 to use keychain abc for authentication.

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ospf authentication-mode keychain abc

[SwitchB-Vlan-interface100] quit

Verifying the configuration

1. When the system time is within the lifetime from 10:00:00 to 11:00:00 on the day 2015/02/06, verify the status of the keys in keychain abc.

# Display keychain information on Switch A. The output shows that key 1 is the valid key.

[SwitchA] display keychain

Keychain name : abc

Mode : absolute

Accept tolerance : 0

TCP kind value : 254

TCP algorithm value

HMAC-MD5 : 5

HMAC-SHA-256 : 7

MD5 : 3

HMAC-SM3 : 52

SM3 : 51

Default send key ID : None

Active send key ID : 1

Active accept key IDs: 1

Key ID : 1

Key string : $c$3$dYTC8QeOKJkwFwP2k/rWL+1p6uMTw3MqNg==

Algorithm : md5

Send lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Send status : Active

Accept lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Accept status : Active

Key ID : 2

Key string : $c$3$7TSPbUxoP1ytOqkdcJ3K3x0BnXEWl4mOEw==

Algorithm : hmac-md5

Send lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Send status : Inactive

Accept lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Accept status : Inactive

# Display keychain information on Switch B. The output shows that key 1 is the valid key.

[SwitchB]display keychain

Keychain name : abc

Mode : absolute

Accept tolerance : 0

TCP kind value : 254

TCP algorithm value

HMAC-MD5 : 5

HMAC-SHA-256 : 7

MD5 : 3

HMAC-SM3 : 52

SM3 : 51

Default send key ID : None

Active send key ID : 1

Active accept key IDs: 1

Key ID : 1

Key string : $c$3$/G/Shnh6heXWprlSQy/XDmftHa2JZJBSgg==

Algorithm : md5

Send lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Send status : Active

Accept lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Accept status : Active

Key ID : 2

Key string : $c$3$t4qHAw1hpZYN0JKIEpXPcMFMVT81u0hiOw==

Algorithm : hmac-md5

Send lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Send status : Inactive

Accept lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Accept status : Inactive

2. When the system time is within the lifetime from 11:00:00 to 12:00:00 on the day 2015/02/06, verify the status of the keys in keychain abc.

# Display keychain information on Switch A. The output shows that key 2 becomes the valid key.

[SwitchA]display keychain

Keychain name : abc

Mode : absolute

Accept tolerance : 0

TCP kind value : 254

TCP algorithm value

HMAC-MD5 : 5

HMAC-SHA-256 : 7

MD5 : 3

HMAC-SM3 : 52

SM3 : 51

Default send key ID : None

Active send key ID : 2

Active accept key IDs: 2

Key ID : 1

Key string : $c$3$dYTC8QeOKJkwFwP2k/rWL+1p6uMTw3MqNg==

Algorithm : md5

Send lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Send status : Inactive

Accept lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Accept status : Inactive

Key ID : 2

Key string : $c$3$7TSPbUxoP1ytOqkdcJ3K3x0BnXEWl4mOEw==

Algorithm : hmac-md5

Send lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Send status : Active

Accept lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Accept status : Active

# Display keychain information on Switch B. The output shows that key 2 becomes the valid key.

[SwitchB]display keychain

Keychain name : abc

Mode : absolute

Accept tolerance : 0

TCP kind value : 254

TCP algorithm value

HMAC-MD5 : 5

HMAC-SHA-256 : 7

MD5 : 3

HMAC-SM3 : 52

SM3 : 51

Default send key ID : None

Active send key ID : 1

Active accept key IDs: 1

Key ID : 1

Key string : $c$3$/G/Shnh6heXWprlSQy/XDmftHa2JZJBSgg==

Algorithm : md5

Send lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Send status : Inactive

Accept lifetime : 10:00:00 2015/02/06 to 11:00:00 2015/02/06

Accept status : Inactive

Key ID : 2

Key string : $c$3$t4qHAw1hpZYN0JKIEpXPcMFMVT81u0hiOw==

Algorithm : hmac-md5

Send lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Send status : Active

Accept lifetime : 11:00:00 2015/02/06 to 12:00:00 2015/02/06

Accept status : Active

PKI configuration examples

If you use Windows server or OpenCA as the CA server, you must install the SCEP add-on for Windows server or enable SCEP for OpenCA. In either case, when configuring a PKI domain, you need to use the certificate request from ca command to specify that the entity requests a certificate from an RA.

If you use RSA Keon as the CA server, the SCEP add-on is not required. In this case, when configuring a PKI domain, you need to use the certificate request from ca command to specify that the entity requests a certificate from a CA.

Example: Requesting a certificate from an RSA Keon CA server

Network configuration

Configure the PKI entity (the device) to request a local certificate from the CA server.

Figure 358 Network diagram

‌

Configuring the RSA Keon CA server

1. Create a CA server named myca:

In this example, you must configure these basic attributes on the CA server:

¡ Nickname—Name of the trusted CA.

¡ Subject DN—DN attributes of the CA, including the common name (CN), organization unit (OU), organization (O), and country (C).

You can use the default values for other attributes.

2. Configure extended attributes:

Configure parameters in the Jurisdiction Configuration section on the management page of the CA server:

¡ Select the correct extension profiles.

¡ Enable the SCEP autovetting function to enable the CA server to automatically approve certificate requests without manual intervention.

¡ Specify the IP address list for SCEP autovetting.

Configuring the device

1. Synchronize the system time of the device with the CA server for the device to correctly request certificates or obtain CRLs. (Details not shown.)

2. Create an entity named aaa and set the common name to Device.

<Device> system-view

[Device] pki entity aaa

[Device-pki-entity-aaa] common-name Device

[Device-pki-entity-aaa] quit

3. Configure a PKI domain:

# Create a PKI domain named torsa and enter its view.

[Device] pki domain torsa

# Specify the name of the trusted CA. The setting must be the same as CA name configured on the CA server. This example uses myca.

[Device-pki-domain-torsa] ca identifier myca

# Configure the URL of the CA server. The URL format is http://host:port/Issuing Jurisdiction ID, where Issuing Jurisdiction ID is a hexadecimal string generated on the CA server.

[Device-pki-domain-torsa] certificate request url http://1.1.2.22:446/80f6214aa8865301d07929ae481c7ceed99f95bd

# Configure the device to send certificate requests to ca.

[Device-pki-domain-torsa] certificate request from ca

# Set the PKI entity name to aaa.

[Device-pki-domain-torsa] certificate request entity aaa

# Specify the URL of the CRL repository.

[Device-pki-domain-torsa] crl url ldap://1.1.2.22:389/CN=myca

# Specify a 1024-bit general-purpose RSA key pair named abc for certificate request.

[Device-pki-domain-torsa] public-key rsa general name abc length 1024

[Device-pki-domain-torsa] quit

4. Generate the RSA key pair.

[Device] public-key local create rsa name abc

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512,it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

..........................++++++

.....................................++++++

Create the key pair successfully.

5. Request a local certificate:

# Obtain the CA certificate and save it locally.

[Device] pki retrieve-certificate domain torsa ca

The trusted CA's finger print is:

MD5 fingerprint:EDE9 0394 A273 B61A F1B3 0072 A0B1 F9AB

SHA1 fingerprint: 77F9 A077 2FB8 088C 550B A33C 2410 D354 23B2 73A8

Is the finger print correct?(Y/N):y

Retrieved the certificates successfully.

# Submit a certificate request manually and set the certificate revocation password to 1111. The certificate revocation password is required when an RSA Keon CA server is used.

[Device] pki request-certificate domain torsa password 1111

Start to request general certificate ...

……

Request certificate of domain torsa successfully

Verifying the configuration

# Display information about the local certificate in PKI domain torsa.

[Device] display pki certificate domain torsa local

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

15:79:75:ec:d2:33:af:5e:46:35:83:bc:bd:6e:e3:b8

Signature Algorithm: sha1WithRSAEncryption

Issuer: CN=myca

Validity

Not Before: Jan 6 03:10:58 2013 GMT

Not After : Jan 6 03:10:58 2014 GMT

Subject: CN=Device

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (1024 bit)

Modulus:

00:ab:45:64:a8:6c:10:70:3b:b9:46:34:8d:eb:1a:

a1:b3:64:b2:37:27:37:9d:15:bd:1a:69:1d:22:0f:

3a:5a:64:0c:8f:93:e5:f0:70:67:dc:cd:c1:6f:7a:

0c:b1:57:48:55:81:35:d7:36:d5:3c:37:1f:ce:16:

7e:f8:18:30:f6:6b:00:d6:50:48:23:5c:8c:05:30:

6f:35:04:37:1a:95:56:96:21:95:85:53:6f:f2:5a:

dc:f8:ec:42:4a:6d:5c:c8:43:08:bb:f1:f7:46:d5:

f1:9c:22:be:f3:1b:37:73:44:f5:2d:2c:5e:8f:40:

3e:36:36:0d:c8:33:90:f3:9b

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 CRL Distribution Points:

Full Name:

DirName: CN = myca

Signature Algorithm: sha1WithRSAEncryption

b0:9d:d9:ac:a0:9b:83:99:bf:9d:0a:ca:12:99:58:60:d8:aa:

73:54:61:4b:a2:4c:09:bb:9f:f9:70:c7:f8:81:82:f5:6c:af:

25:64:a5:99:d1:f6:ec:4f:22:e8:6a:96:58:6c:c9:47:46:8c:

f1:ba:89:b8:af:fa:63:c6:c9:77:10:45:0d:8f:a6:7f:b9:e8:

25:90:4a:8e:c6:cc:b8:1a:f8:e0:bc:17:e0:6a:11:ae:e7:36:

87:c4:b0:49:83:1c:79:ce:e2:a3:4b:15:40:dd:fe:e0:35:52:

ed:6d:83:31:2c:c2:de:7c:e0:a7:92:61:bc:03:ab:40:bd:69:

1b:f5

To display detailed information about the CA certificate, use the display pki certificate domain command.

Example: Requesting a certificate from a Windows Server 2003 CA server

Network configuration

Configure the PKI entity (the device) to request a local certificate from a Windows Server 2003 CA server.

Figure 359 Network diagram

‌

Configuring the Windows Server 2003 CA server

1. Install the certificate service component:

a. Select Control Panel > Add or Remove Programs from the start menu.

b. Select Add/Remove Windows Components > Certificate Services.

c. Click Next to begin the installation.

d. Set the CA name. In this example, set the CA name to myca.

2. Install the SCEP add-on:

By default, Windows Server 2003 does not support SCEP. You must install the SCEP add-on on the server for a PKI entity to register and obtain a certificate from the server. After the SCEP add-on installation is complete, you will see a URL. Specify this URL as the certificate request URL on the device.

3. Modify the certificate service attributes:

a. Select Control Panel > Administrative Tools > Certificate Authority from the start menu.

If the certificate service component and SCEP add-on have been installed successfully, there should be two certificates issued by the CA to the RA.

b. Right-click the CA server in the navigation tree and select Properties > Policy Module.

c. Click Properties, and then select Follow the settings in the certificate template, if applicable. Otherwise, automatically issue the certificate.

4. Modify the Internet information services attributes:

a. Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from the start menu.

b. Select Web Sites from the navigation tree.

c. Right-click Default Web Site and select Properties > Home Directory.

d. Specify the path for certificate service in the Local path field.

e. Specify a unique TCP port number for the default website to avoid conflict with existing services. This example uses port 8080.

Configuring the device

1. Synchronize the device's system time with the CA server for the device to correctly request certificates. (Details not shown.)

2. Create an entity named aaa and set the common name to test.

<Device> system-view

[Device] pki entity aaa

[Device-pki-entity-aaa] common-name test

[Device-pki-entity-aaa] quit

3. Configure a PKI domain:

# Create a PKI domain named winserver and enter its view.

[Device] pki domain winserver

# Set the name of the trusted CA to myca.

[Device-pki-domain-winserver] ca identifier myca

# Configure the certificate request URL. The URL format is http://host:port/certsrv/mscep/mscep.dll, where host:port is the host IP address and port number of the CA server.

[Device-pki-domain-winserver] certificate request url http://4.4.4.1:8080/certsrv/mscep/mscep.dll

# Configure the device to send certificate requests to ra.

[Device-pki-domain-winserver] certificate request from ra

# Set the PKI entity name to aaa.

[Device-pki-domain-winserver] certificate request entity aaa

# Configure a 1024-bit general-purpose RSA key pair named abc for certificate request.

[Device-pki-domain-winserver] public-key rsa general name abc length 1024

[Device-pki-domain-winserver] quit

4. Generate RSA key pair abc.

[Device] public-key local create rsa name abc

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512,it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

..........................++++++

.....................................++++++

Create the key pair successfully.

5. Request a local certificate:

# Obtain the CA certificate and save it locally.

[Device] pki retrieve-certificate domain winserver ca

The trusted CA's finger print is:

MD5 fingerprint:766C D2C8 9E46 845B 4DCE 439C 1C1F 83AB

SHA1 fingerprint:97E5 DDED AB39 3141 75FB DB5C E7F8 D7D7 7C9B 97B4

Is the finger print correct?(Y/N):y

Retrieved the certificates successfully.

# Submit a certificate request manually.

[Device] pki request-certificate domain winserver

Start to request general certificate ...

…

Request certificate of domain winserver successfully

Verifying the configuration

# Display information about the local certificate in PKI domain winserver.

[Device] display pki certificate domain winserver local

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

(Negative)01:03:99:ff:ff:ff:ff:fd:11

Signature Algorithm: sha1WithRSAEncryption

Issuer: CN=sec

Validity

Not Before: Dec 24 07:09:42 2012 GMT

Not After : Dec 24 07:19:42 2013 GMT

Subject: CN=test

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (2048 bit)

Modulus:

00:c3:b5:23:a0:2d:46:0b:68:2f:71:d2:14:e1:5a:

55:6e:c5:5e:26:86:c1:5a:d6:24:68:02:bf:29:ac:

dc:31:41:3f:5d:5b:36:9e:53:dc:3a:bc:0d:11:fb:

d6:7d:4f:94:3c:c1:90:4a:50:ce:db:54:e0:b3:27:

a9:6a:8e:97:fb:20:c7:44:70:8f:f0:b9:ca:5b:94:

f0:56:a5:2b:87:ac:80:c5:cc:04:07:65:02:39:fc:

db:61:f7:07:c6:65:4c:e4:5c:57:30:35:b4:2e:ed:

9c:ca:0b:c1:5e:8d:2e:91:89:2f:11:e3:1e:12:8a:

f8:dd:f8:a7:2a:94:58:d9:c7:f8:1a:78:bd:f5:42:

51:3b:31:5d:ac:3e:c3:af:fa:33:2c:fc:c2:ed:b9:

ee:60:83:b3:d3:e5:8e:e5:02:cf:b0:c8:f0:3a:a4:

b7:ac:a0:2c:4d:47:5f:39:4b:2c:87:f2:ee:ea:d0:

c3:d0:8e:2c:80:83:6f:39:86:92:98:1f:d2:56:3b:

d7:94:d2:22:f4:df:e3:f8:d1:b8:92:27:9c:50:57:

f3:a1:18:8b:1c:41:ba:db:69:07:52:c1:9a:3d:b1:

2d:78:ab:e3:97:47:e2:70:14:30:88:af:f8:8e:cb:

68:f9:6f:07:6e:34:b6:38:6a:a2:a8:29:47:91:0e:

25:39

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Key Usage:

Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

X509v3 Subject Key Identifier:

C9:BB:D5:8B:02:1D:20:5B:40:94:15:EC:9C:16:E8:9D:6D:FD:9F:34

X509v3 Authority Key Identifier:

keyid:32:F1:40:BA:9E:F1:09:81:BD:A8:49:66:FF:F8:AB:99:4A:30:21:9B

X509v3 CRL Distribution Points:

Full Name:

URI:file://\\g07904c\CertEnroll\sec.crl

Authority Information Access:

CA Issuers - URI:http://gc/CertEnroll/gc_sec.crt

CA Issuers - URI:file://\\gc\CertEnroll\gc_sec.crt

1.3.6.1.4.1.311.20.2:

.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e

Signature Algorithm: sha1WithRSAEncryption

76:f0:6c:2c:4d:bc:22:59:a7:39:88:0b:5c:50:2e:7a:5c:9d:

6c:28:3c:c0:32:07:5a:9c:4c:b6:31:32:62:a9:45:51:d5:f5:

36:8f:47:3d:47:ae:74:6c:54:92:f2:54:9f:1a:80:8a:3f:b2:

14:47:fa:dc:1e:4d:03:d5:d3:f5:9d:ad:9b:8d:03:7f:be:1e:

29:28:87:f7:ad:88:1c:8f:98:41:9a:db:59:ba:0a:eb:33:ec:

cf:aa:9b:fc:0f:69:3a:70:f2:fa:73:ab:c1:3e:4d:12:fb:99:

31:51:ab:c2:84:c0:2f:e5:f6:a7:c3:20:3c:9a:b0:ce:5a:bc:

0f:d9:34:56:bc:1e:6f:ee:11:3f:7c:b2:52:f9:45:77:52:fb:

46:8a:ca:b7:9d:02:0d:4e:c3:19:8f:81:46:4e:03:1f:58:03:

bf:53:c6:c4:85:95:fb:32:70:e6:1b:f3:e4:10:ed:7f:93:27:

90:6b:30:e7:81:36:bb:e2:ec:f2:dd:2b:bb:b9:03:1c:54:0a:

00:3f:14:88:de:b8:92:63:1e:f5:b3:c2:cf:0a:d5:f4:80:47:

6f:fa:7e:2d:e3:a7:38:46:f6:9e:c7:57:9d:7f:82:c7:46:06:

7d:7c:39:c4:94:41:bd:9e:5c:97:86:c8:48:de:35:1e:80:14:

02:09:ad:08

To display detailed information about the CA certificate, use the display pki certificate domain command.

Example: Requesting a certificate from an OpenCA server

Network configuration

Configure the PKI entity (the device) to request a local certificate from the CA server.

Figure 360 Network diagram

‌

Configuring the OpenCA server

Configure the OpenCA server as instructed in related manuals. (Details not shown.)

Make sure the version of the OpenCA server is later than version 0.9.2 because the earlier versions do not support SCEP.

Configuring the device

1. Synchronize the device's system time with the CA server for the device to correctly request certificates. (Details not shown.)

2. Create a PKI entity named aaa and configure the common name, country code, organization name, and OU for the entity.

<Device> system-view

[Device] pki entity aaa

[Device-pki-entity-aaa] common-name rnd

[Device-pki-entity-aaa] country CN

[Device-pki-entity-aaa] organization test

[Device-pki-entity-aaa] organization-unit software

[Device-pki-entity-aaa] quit

3. Configure a PKI domain:

# Create a PKI domain named openca and enter its view.

[Device] pki domain openca

# Set the name of the trusted CA to myca.

[Device-pki-domain-openca] ca identifier myca

# Configure the certificate request URL. The URL is in the format http://host/cgi-bin/pki/scep, where host is the host IP address of the OpenCA server.

[Device-pki-domain-openca] certificate request url http://192.168.222.218/cgi-bin/pki/scep

# Configure the device to send certificate requests to the RA.

[Device-pki-domain-openca] certificate request from ra

# Specify PKI entity aaa for certificate request.

[Device-pki-domain-openca] certificate request entity aaa

# Configure a 1024-bit general-purpose RSA key pair named abc for certificate request.

[Device-pki-domain-openca] public-key rsa general name abc length 1024

[Device-pki-domain-openca] quit

4. Generate RSA key pair abc.

[Device] public-key local create rsa name abc

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512,it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

..........................++++++

.....................................++++++

Create the key pair successfully.

5. Request a local certificate:

# Obtain the CA certificate and save it locally.

[Device] pki retrieve-certificate domain openca ca

The trusted CA's finger print is:

MD5 fingerprint:5AA3 DEFD 7B23 2A25 16A3 14F4 C81C C0FA

SHA1 fingerprint:9668 4E63 D742 4B09 90E0 4C78 E213 F15F DC8E 9122

Is the finger print correct?(Y/N):y

Retrieved the certificates successfully.

# Submit a certificate request manually.

[Device] pki request-certificate domain openca

Start to request general certificate ...

…

Request certificate of domain openca successfully

Verifying the configuration

# Display information about the local certificate in PKI domain openca.

[Device] display pki certificate domain openca local

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

21:1d:b8:d2:e4:a9:21:28:e4:de

Signature Algorithm: sha256WithRSAEncryption

Issuer: C=CN, L=shangdi, ST=pukras, O=OpenCA Labs, OU=mysubUnit, CN=sub-ca, DC=pki-subdomain, DC=mydomain-sub, DC=com

Validity

Not Before: Jun 30 09:09:09 2011 GMT

Not After : May 1 09:09:09 2012 GMT

Subject: CN=rnd, O=test, OU=software, C=CN

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (1024 bit)

Modulus:

00:b8:7a:9a:b8:59:eb:fc:70:3e:bf:19:54:0c:7e:

c3:90:a5:d3:fd:ee:ff:c6:28:c6:32:fb:04:6e:9c:

d6:5a:4f:aa:bb:50:c4:10:5c:eb:97:1d:a7:9e:7d:

53:d5:31:ff:99:ab:b6:41:f7:6d:71:61:58:97:84:

37:98:c7:7c:79:02:ac:a6:85:f3:21:4d:3c:8e:63:

8d:f8:71:7d:28:a1:15:23:99:ed:f9:a1:c3:be:74:

0d:f7:64:cf:0a:dd:39:49:d7:3f:25:35:18:f4:1c:

59:46:2b:ec:0d:21:1d:00:05:8a:bf:ee:ac:61:03:

6c:1f:35:b5:b4:cd:86:9f:45

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Cert Type:

SSL Client, S/MIME

X509v3 Key Usage:

Digital Signature, Non Repudiation, Key Encipherment

X509v3 Extended Key Usage:

TLS Web Client Authentication, E-mail Protection, Microsoft Smartcardlogin

Netscape Comment:

User Certificate of OpenCA Labs

X509v3 Subject Key Identifier:

24:71:C9:B8:AD:E1:FE:54:9A:EA:E9:14:1B:CD:D9:45:F4:B2:7A:1B

X509v3 Authority Key Identifier:

keyid:85:EB:D5:F7:C9:97:2F:4B:7A:6D:DD:1B:4D:DD:00:EE:53:CF:FD:5B

X509v3 Issuer Alternative Name:

DNS:[email protected], DNS:, IP Address:192.168.154.145, IP Address:192.168.154.138

Authority Information Access:

CA Issuers - URI:http://192.168.222.218/pki/pub/cacert/cacert.crt

OCSP - URI:http://192.168.222.218:2560/

1.3.6.1.5.5.7.48.12 - URI:http://192.168.222.218:830/

X509v3 CRL Distribution Points:

Full Name:

URI:http://192.168.222.218/pki/pub/crl/cacrl.crl

Signature Algorithm: sha256WithRSAEncryption

5c:4c:ba:d0:a1:35:79:e6:e5:98:69:91:f6:66:2a:4f:7f:8b:

0e:80:de:79:45:b9:d9:12:5e:13:28:17:36:42:d5:ae:fc:4e:

ba:b9:61:f1:0a:76:42:e7:a6:34:43:3e:2d:02:5e:c7:32:f7:

6b:64:bb:2d:f5:10:6c:68:4d:e7:69:f7:47:25:f5:dc:97:af:

ae:33:40:44:f3:ab:e4:5a:a0:06:8f:af:22:a9:05:74:43:b6:

e4:96:a5:d4:52:32:c2:a8:53:37:58:c7:2f:75:cf:3e:8e:ed:

46:c9:5a:24:b1:f5:51:1d:0f:5a:07:e6:15:7a:02:31:05:8c:

03:72:52:7c:ff:28:37:1e:7e:14:97:80:0b:4e:b9:51:2d:50:

98:f2:e4:5a:60:be:25:06:f6:ea:7c:aa:df:7b:8d:59:79:57:

8f:d4:3e:4f:51:c1:34:e6:c1:1e:71:b5:0d:85:86:a5:ed:63:

1e:08:7f:d2:50:ac:a0:a3:9e:88:48:10:0b:4a:7d:ed:c1:03:

9f:87:97:a3:5e:7d:75:1d:ac:7b:6f:bb:43:4d:12:17:9a:76:

b0:bf:2f:6a:cc:4b:cd:3d:a1:dd:e0:dc:5a:f3:7c:fb:c3:29:

b0:12:49:5c:12:4c:51:6e:62:43:8b:73:b9:26:2a:f9:3d:a4:

81:99:31:89

To display detailed information about the CA certificate, use the display pki certificate domain command.

Example: Importing and exporting certificates

Network configuration

As shown in Figure 361, Device B will replace Device A in the network. PKI domain exportdomain on Device A has two local certificates containing the private key and one CA certificate. To make sure the certificates are still valid after Device B replaces Device A, copy the certificates on Device A to Device B as follows:

1. Export the certificates in PKI domain exportdomain on Device A to .pem certificate files.

During the export, encrypt the private key in the local certificates using 3DES_CBC with the password 11111.

2. Transfer the certificate files from Device A to Device B through the FTP host.

3. Import the certificate files to PKI domain importdomain on Device B.

Figure 361 Network diagram

‌

Procedure

1. Export the certificates on Device A:

# Export the CA certificate to a .pem file.

<DeviceA> system-view

[DeviceA] pki export domain exportdomain pem ca filename pkicachain.pem

# Export the local certificate to a file named pkilocal.pem in PEM format, and use 3DES_CBC to encrypt the private key with the password 111111.

[DeviceA] pki export domain exportdomain pem local 3des-cbc 111111 filename pkilocal.pem

Now, Device A has three certificate files in PEM format:

¡ A CA certificate file named pkicachain.pem.

¡ A local certificate file named pkilocal.pem-signature, which contains the private key for signature.

¡ A local certificate file named pkilocal.pem-encryption, which contains the private key for encryption.

# Display local certificate file pkilocal.pem-signature.

[DeviceA] quit

<DeviceA> more pkilocal.pem-signature

Bag Attributes

friendlyName:

localKeyID: 90 C6 DC 1D 20 49 4F 24 70 F5 17 17 20 2B 9E AC 20 F3 99 89

subject=/C=CN/O=OpenCA Labs/OU=Users/CN=subsign 11

issuer=/C=CN/L=shangdi/ST=pukras/O=OpenCA Labs/OU=docm/CN=subca1

-----BEGIN CERTIFICATE-----

MIIEgjCCA2qgAwIBAgILAJgsebpejZc5UwAwDQYJKoZIhvcNAQELBQAwZjELMAkG

…

-----END CERTIFICATE-----

Bag Attributes

friendlyName:

localKeyID: 90 C6 DC 1D 20 49 4F 24 70 F5 17 17 20 2B 9E AC 20 F3 99 89

Key Attributes: <No Attributes>

-----BEGIN ENCRYPTED PRIVATE KEY-----

MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIZtjSjfslJCoCAggA

…

-----END ENCRYPTED PRIVATE KEY-----

# Display local certificate file pkilocal.pem-encryption.

<DeviceA> more pkilocal.pem-encryption

Bag Attributes

friendlyName:

localKeyID: D5 DF 29 28 C8 B9 D9 49 6C B5 44 4B C2 BC 66 75 FE D6 6C C8

subject=/C=CN/O=OpenCA Labs/OU=Users/CN=subencr 11

issuer=/C=CN/L=shangdi/ST=pukras/O=OpenCA Labs/OU=docm/CN=subca1

-----BEGIN CERTIFICATE-----

MIIEUDCCAzigAwIBAgIKCHxnAVyzWhIPLzANBgkqhkiG9w0BAQsFADBmMQswCQYD

…

-----END CERTIFICATE-----

Bag Attributes

friendlyName:

localKeyID: D5 DF 29 28 C8 B9 D9 49 6C B5 44 4B C2 BC 66 75 FE D6 6C C8

Key Attributes: <No Attributes>

-----BEGIN ENCRYPTED PRIVATE KEY-----

MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7H0mb4O7/GACAggA

…

-----END ENCRYPTED PRIVATE KEY-----

2. Download certificate files pkicachain.pem, pkilocal.pem-signature, and pkilocal.pem-encryption from Device A to the host through FTP. (Details not shown.)

3. Upload certificate files pkicachain.pem, pkilocal.pem-signature, and pkilocal.pem-encryption from the host to Device B through FTP. (Details not shown.)

4. Import the certificate files to Device B:

# Disable CRL checking. (You can configure CRL checking as required. This example assumes CRL checking is not required.)

<DeviceB> system-view

[DeviceB] pki domain importdomain

[DeviceB-pki-domain-importdomain] undo crl check enable

# Specify RSA key pair sign for signature and RSA key pair encr for encryption.

[DeviceB-pki-domain-importdomain] public-key rsa signature name sign encryption name encr

[DeviceB-pki-domain-importdomain] quit

# Import CA certificate file pkicachain.pem in PEM format to the PKI domain.

[DeviceB] pki import domain importdomain pem ca filename pkicachain.pem

# Import local certificate file pkilocal.pem-signature in PEM format to the PKI domain. The certificate file contains a key pair.

[DeviceB] pki import domain importdomain pem local filename pkilocal.pem-signature

Please input the password:******

# Import local certificate file pkilocal.pem-encryption in PEM format to the PKI domain. The certificate file contains a key pair.

[DeviceB] pki import domain importdomain pem local filename pkilocal.pem-encryption

Please input the password:******

# Display the imported local certificate information on Device B.

[DeviceB] display pki certificate domain importdomain local

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

98:2c:79:ba:5e:8d:97:39:53:00

Signature Algorithm: sha256WithRSAEncryption

Issuer: C=CN, L=shangdi, ST=pukras, O=OpenCA Labs, OU=docm, CN=subca1

Validity

Not Before: May 26 05:56:49 2011 GMT

Not After : Nov 22 05:56:49 2012 GMT

Subject: C=CN, O=OpenCA Labs, OU=Users, CN=subsign 11

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (1024 bit)

Modulus:

00:9f:6e:2f:f6:cb:3d:08:19:9a:4a:ac:b4:ac:63:

ce:8d:6a:4c:3a:30:19:3c:14:ff:a9:50:04:f5:00:

ee:a3:aa:03:cb:b3:49:c4:f8:ae:55:ee:43:93:69:

6c:bf:0d:8c:f4:4e:ca:69:e5:3f:37:5c:83:ea:83:

ad:16:b8:99:37:cb:86:10:6b:a0:4d:03:95:06:42:

ef:ef:0d:4e:53:08:0a:c9:29:dd:94:28:02:6e:e2:

9b:87:c1:38:2d:a4:90:a2:13:5f:a4:e3:24:d3:2c:

bf:98:db:a7:c2:36:e2:86:90:55:c7:8c:c5:ea:12:

01:31:69:bf:e3:91:71:ec:21

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Cert Type:

SSL Client, S/MIME

X509v3 Key Usage:

Digital Signature, Non Repudiation

X509v3 Extended Key Usage:

TLS Web Client Authentication, E-mail Protection, Microsoft Smartcardlogin

Netscape Comment:

User Certificate of OpenCA Labs

X509v3 Subject Key Identifier:

AA:45:54:29:5A:50:2B:89:AB:06:E5:BD:0D:07:8C:D9:79:35:B1:F5

X509v3 Authority Key Identifier:

keyid:70:54:40:61:71:31:02:06:8C:62:11:0A:CC:A5:DB:0E:7E:74:DE:DD

X509v3 Subject Alternative Name:

email:[email protected]

X509v3 Issuer Alternative Name:

DNS:[email protected], DNS:, IP Address:1.1.2.2, IP Address:2.2.1.1

Authority Information Access:

CA Issuers - URI:http://titan/pki/pub/cacert/cacert.crt

OCSP - URI:http://titan:2560/

1.3.6.1.5.5.7.48.12 - URI:http://titan:830/

X509v3 CRL Distribution Points:

Full Name:

URI:http://192.168.40.130/pki/pub/crl/cacrl.crl

Signature Algorithm: sha256WithRSAEncryption

18:e7:39:9a:ad:84:64:7b:a3:85:62:49:e5:c9:12:56:a6:d2:

46:91:53:8e:84:ba:4a:0a:6f:28:b9:43:bc:e7:b0:ca:9e:d4:

1f:d2:6f:48:c4:b9:ba:c5:69:4d:90:f3:15:c4:4e:4b:1e:ef:

2b:1b:2d:cb:47:1e:60:a9:0f:81:dc:f2:65:6b:5f:7a:e2:36:

29:5d:d4:52:32:ef:87:50:7c:9f:30:4a:83:de:98:8b:6a:c9:

3e:9d:54:ee:61:a4:26:f3:9a:40:8f:a6:6b:2b:06:53:df:b6:

5f:67:5e:34:c8:c3:b5:9b:30:ee:01:b5:a9:51:f9:b1:29:37:

02:1a:05:02:e7:cc:1c:fe:73:d3:3e:fa:7e:91:63:da:1d:f1:

db:28:6b:6c:94:84:ad:fc:63:1b:ba:53:af:b3:5d:eb:08:b3:

5b:d7:22:3a:86:c3:97:ef:ac:25:eb:4a:60:f8:2b:a3:3b:da:

5d:6f:a5:cf:cb:5a:0b:c5:2b:45:b7:3e:6e:39:e9:d9:66:6d:

ef:d3:a0:f6:2a:2d:86:a3:01:c4:94:09:c0:99:ce:22:19:84:

2b:f0:db:3e:1e:18:fb:df:56:cb:6f:a2:56:35:0d:39:94:34:

6d:19:1d:46:d7:bf:1a:86:22:78:87:3e:67:fe:4b:ed:37:3d:

d6:0a:1c:0b

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

08:7c:67:01:5c:b3:5a:12:0f:2f

Signature Algorithm: sha256WithRSAEncryption

Issuer: C=CN, L=shangdi, ST=pukras, O=OpenCA Labs, OU=docm, CN=subca1

Validity

Not Before: May 26 05:58:26 2011 GMT

Not After : Nov 22 05:58:26 2012 GMT

Subject: C=CN, O=OpenCA Labs, OU=Users, CN=subencr 11

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (1024 bit)

Modulus:

00:db:26:13:d3:d1:a4:af:11:f3:6d:37:cf:d0:d4:

48:50:4e:0f:7d:54:76:ed:50:28:c6:71:d4:48:ae:

4d:e7:3d:23:78:70:63:18:33:f6:94:98:aa:fa:f6:

62:ed:8a:50:c6:fd:2e:f4:20:0c:14:f7:54:88:36:

2f:e6:e2:88:3f:c2:88:1d:bf:8d:9f:45:6c:5a:f5:

94:71:f3:10:e9:ec:81:00:28:60:a9:02:bb:35:8b:

bf:85:75:6f:24:ab:26:de:47:6c:ba:1d:ee:0d:35:

75:58:10:e5:e8:55:d1:43:ae:85:f8:ff:75:81:03:

8c:2e:00:d1:e9:a4:5b:18:39

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Cert Type:

SSL Server

X509v3 Key Usage:

Key Encipherment, Data Encipherment

Netscape Comment:

VPN Server of OpenCA Labs

X509v3 Subject Key Identifier:

CC:96:03:2F:FC:74:74:45:61:38:1F:48:C0:E8:AA:18:24:F0:2B:AB

X509v3 Authority Key Identifier:

keyid:70:54:40:61:71:31:02:06:8C:62:11:0A:CC:A5:DB:0E:7E:74:DE:DD

X509v3 Subject Alternative Name:

email:[email protected]

X509v3 Issuer Alternative Name:

DNS:[email protected], DNS:, IP Address:1.1.2.2, IP Address:2.2.1.1

Authority Information Access:

CA Issuers - URI:http://titan/pki/pub/cacert/cacert.crt

OCSP - URI:http://titan:2560/

1.3.6.1.5.5.7.48.12 - URI:http://titan:830/

X509v3 CRL Distribution Points:

Full Name:

URI:http://192.168.40.130/pki/pub/crl/cacrl.crl

Signature Algorithm: sha256WithRSAEncryption

53:69:66:5f:93:f0:2f:8c:54:24:8f:a2:f2:f1:29:fa:15:16:

90:71:e2:98:e3:5c:c6:e3:d4:5f:7a:f6:a9:4f:a2:7f:ca:af:

c4:c8:c7:2c:c0:51:0a:45:d4:56:e2:81:30:41:be:9f:67:a1:

23:a6:09:50:99:a1:40:5f:44:6f:be:ff:00:67:9d:64:98:fb:

72:77:9e:fd:f2:4c:3a:b2:43:d8:50:5c:48:08:e7:77:df:fb:

25:9f:4a:ea:de:37:1e:fb:bc:42:12:0a:98:11:f2:d9:5b:60:

bc:59:72:04:48:59:cc:50:39:a5:40:12:ff:9d:d0:69:3a:5e:

3a:09:5a:79:e0:54:67:a0:32:df:bf:72:a0:74:63:f9:05:6f:

5e:28:d2:e8:65:49:e6:c7:b5:48:7d:95:47:46:c1:61:5a:29:

90:65:45:4a:88:96:e4:88:bd:59:25:44:3f:61:c6:b1:08:5b:

86:d2:4f:61:4c:20:38:1c:f4:a1:0b:ea:65:87:7d:1c:22:be:

b6:17:17:8a:5a:0f:35:4c:b8:b3:73:03:03:63:b1:fc:c4:f5:

e9:6e:7c:11:e8:17:5a:fb:39:e7:33:93:5b:2b:54:72:57:72:

5e:78:d6:97:ef:b8:d8:6d:0c:05:28:ea:81:3a:06:a0:2e:c3:

79:05:cd:c3

To display detailed information about the CA certificate, use the display pki certificate domain command.

IPsec configuration examples

Example: Configuring IPsec for RIPng

Network configuration

As shown in Figure 362, Router A, Router B, and Router C learn IPv6 routes through RIPng.

Establish an IPsec tunnel between the routers to protect the RIPng packets transmitted in between. Specify the security protocol as ESP, the encryption algorithm as 128-bit AES, and the authentication algorithm as HMAC-SHA1 for the IPsec tunnel.

Figure 362 Network diagram

‌

Analysis

To meet the network configuration requirements, perform the following tasks:

1. Configure basic RIPng.

For more information about RIPng configuration, see Layer 3—IP Routing Configuration Guide.

2. Configure an IPsec profile.

¡ The IPsec profiles on all the routers must have IPsec transform sets that use the same security protocol, authentication and encryption algorithms, and encapsulation mode.

¡ The SPI and key configured for the inbound SA and those for the outbound SA must be the same on each router.

¡ The SPI and key configured for the SAs on all the routers must be the same.

3. Apply the IPsec profile to a RIPng process or to an interface.

Procedure

1. Configure Router A:

# Configure IPv6 addresses for interfaces. (Details not shown.)

# Configure basic RIPng.

<RouterA> system-view

[RouterA] ripng 1

[RouterA-ripng-1] quit

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Create and configure the IPsec transform set named tran1.

[RouterA] ipsec transform-set tran1

[RouterA-ipsec-transform-set-tran1] encapsulation-mode transport

[RouterA-ipsec-transform-set-tran1] protocol esp

[RouterA-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128

[RouterA-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[RouterA-ipsec-transform-set-tran1] quit

# Create and configure the IPsec profile named profile001.

[RouterA] ipsec profile profile001 manual

[RouterA-ipsec-profile-manual-profile001] transform-set tran1

[RouterA-ipsec-profile-manual-profile001] sa spi outbound esp 123456

[RouterA-ipsec-profile-manual-profile001] sa spi inbound esp 123456

[RouterA-ipsec-profile-manual-profile001] sa string-key outbound esp simple abcdefg

[RouterA-ipsec-profile-manual-profile001] sa string-key inbound esp simple abcdefg

[RouterA-ipsec-profile-manual-profile001] quit

# Apply the IPsec profile to RIPng process 1.

[RouterA] ripng 1

[RouterA-ripng-1] enable ipsec-profile profile001

[RouterA-ripng-1] quit

2. Configure Router B:

# Configure IPv6 addresses for interfaces. (Details not shown.)

# Configure basic RIPng.

<RouterB> system-view

[RouterB] ripng 1

[RouterB-ripng-1] quit

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterB-Ten-GigabitEthernet3/0/1] quit

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ripng 1 enable

[RouterB-Ten-GigabitEthernet3/0/2] quit

# Create and configure the IPsec transform set named tran1.

[RouterB] ipsec transform-set tran1

[RouterB-ipsec-transform-set-tran1] encapsulation-mode transport

[RouterB-ipsec-transform-set-tran1] protocol esp

[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128

[RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[RouterB-ipsec-transform-set-tran1] quit

# Create and configure the IPsec profile named profile001.

[RouterB] ipsec profile profile001 manual

[RouterB-ipsec-profile-manual-profile001] transform-set tran1

[RouterB-ipsec-profile-manual-profile001] sa spi outbound esp 123456

[RouterB-ipsec-profile-manual-profile001] sa spi inbound esp 123456

[RouterB-ipsec-profile-manual-profile001] sa string-key outbound esp simple abcdefg

[RouterB-ipsec-profile-manual-profile001] sa string-key inbound esp simple abcdefg

[RouterB-ipsec-profile-manual-profile001] quit

# Apply the IPsec profile to RIPng process 1.

[RouterB] ripng 1

[RouterB-ripng-1] enable ipsec-profile profile001

[RouterB-ripng-1] quit

3. Configure Router C:

# Configure IPv6 addresses for interfaces. (Details not shown.)

# Configure basic RIPng.

<RouterC> system-view

[RouterC] ripng 1

[RouterC-ripng-1] quit

[RouterC] interface ten-gigabitethernet 3/0/1

[RouterC-Ten-GigabitEthernet3/0/1] ripng 1 enable

[RouterC-Ten-GigabitEthernet3/0/1] quit

# Create and configure the IPsec transform set named tran1.

[RouterC] ipsec transform-set tran1

[RouterC-ipsec-transform-set-tran1] encapsulation-mode transport

[RouterC-ipsec-transform-set-tran1] protocol esp

[RouterC-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128

[RouterC-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[RouterC-ipsec-transform-set-tran1] quit

# Create and configure the IPsec profile named profile001.

[RouterC] ipsec profile profile001 manual

[RouterC-ipsec-profile-manual-profile001] transform-set tran1

[RouterC-ipsec-profile-manual-profile001] sa spi outbound esp 123456

[RouterC-ipsec-profile-manual-profile001] sa spi inbound esp 123456

[RouterC-ipsec-profile-manual-profile001] sa string-key outbound esp simple abcdefg

[RouterC-ipsec-profile-manual-profile001] sa string-key inbound esp simple abcdefg

[RouterC-ipsec-profile-manual-profile001] quit

# Apply the IPsec profile to RIPng process 1.

[RouterC] ripng 1

[RouterC-ripng-1] enable ipsec-profile profile001

[RouterC-ripng-1] quit

Verifying the configuration

After the configuration is completed, Router A, Router B, and Router C learn IPv6 routing information through RIPng. IPsec SAs are set up successfully on the routers to protect RIPng packets. This example uses Router A to verify the configuration.

# Display the RIPng configuration. The output shows that IPsec profile profile001 has been applied to RIPng process 1.

[RouterA] display ripng 1

RIPng process : 1

Preference : 100

Checkzero : Enabled

Default Cost : 0

Maximum number of load balanced routes : 8

Update time : 30 secs Timeout time : 180 secs

Suppress time : 120 secs Garbage-Collect time : 120 secs

Update output delay: 20(ms) Output count: 3

Graceful-restart interval: 60 secs

Triggered Interval : 5 50 200

Number of periodic updates sent : 186

Number of triggered updates sent : 1

IPsec profile name: profile001

# Display the established IPsec SAs.

[RouterA] display ipsec sa

-------------------------------

Global IPsec SA

-------------------------------

-----------------------------

IPsec profile: profile001

Mode: Manual

-----------------------------

Encapsulation mode: transport

[Inbound ESP SA]

SPI: 123456 (0x3039)

Connection ID: 90194313219

Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1

No duration limit for this SA

[Outbound ESP SA]

SPI: 123456 (0x3039)

Connection ID: 64424509441

Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1

No duration limit for this SA

Stelnet configuration examples

Example: Configuring the device as an Stelnet server (password authentication)

Network configuration

As shown in Figure 363:

· The router acts as the Stelnet server and uses password authentication to authenticate the Stelnet client. The username and password of the client are saved on the router.

· The host acts as the Stelnet client, using Stelnet client software (SSH2). After the user on the host logs in to the router through Stelnet, the user can configure and manage the router as a network administrator.

Figure 363 Network diagram

‌

Restrictions and guidelines

There are different types of Stelnet client software, such as PuTTY and OpenSSH. This example uses an Stelnet client that runs PuTTY version 0.58.

Procedure

1. Configure the Stelnet server:

# Generate RSA key pairs.

<Router> system-view

[Router] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[Router] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+.

Create the key pair successfully.

# Generate an ECDSA key pair.

[Router] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable the Stelnet server.

[Router] ssh server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1. The Stelnet client uses this IP address as the destination for SSH connection.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.1.40 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to AAA for user lines.

[Router] line vty 0 63

[Router-line-vty0-63] authentication-mode scheme

[Router-line-vty0-63] quit

# Create a local device management user named client001.

[Router] local-user client001 class manage

# Set the password to 123456TESTplat&! in plain text for local user client001.

[Router-luser-manage-client001] password simple 123456TESTplat&!

# Authorize local user client001 to use the SSH service.

[Router-luser-manage-client001] service-type ssh

# Assign the network-admin user role to local user client001.

[Router-luser-manage-client001] authorization-attribute user-role network-admin

[Router-luser-manage-client001] quit

# Create an SSH user named client001. Specify the service type as stelnet and the authentication method as password for the user.

[Router] ssh user client001 service-type stelnet authentication-type password

2. Establish a connection to the Stelnet server:

a. Launch PuTTY.exe to enter the interface shown in Figure 364.

b. In the Host Name (or IP address) field, enter the IP address 192.168.1.40 of the Stelnet server.

c. Click Open.

Figure 364 Specifying the host name (or IP address)

‌

a. Enter username client001 and password 123456TESTplat&! to log in to the Stelnet server.

Example: Configuring the device as an Stelnet server (publickey authentication)

Network configuration

As shown in Figure 365:

· The router acts as the Stelnet server, and it uses publickey authentication and the RSA public key algorithm.

Figure 365 Network diagram

‌

Restrictions and guidelines

In the server configuration, the client's host public key is required. Use the client software to generate RSA key pairs on the client before configuring the Stelnet server.

There are different types of Stelnet client software, such as PuTTY and OpenSSH. This example uses an Stelnet client that runs PuTTY version 0.58.

Procedure

1. Generate RSA key pairs on the Stelnet client:

a. Run PuTTYGen.exe, select SSH-2 RSA and click Generate.

Figure 366 Generating a key pair on the client

‌

a. Continue moving the mouse during the key generating process, but do not place the mouse over the green progress bar shown in Figure 367. Otherwise, the progress bar stops moving and the key pair generating process stops.

Figure 367 Generating process

‌

a. After the key pair is generated, click Save public key to save the public key.

A file saving window appears.

Figure 368 Saving a key pair on the client

‌

a. Enter a file name (key.pub in this example), and click Save.

b. On the page as shown in Figure 368, click Save private key to save the private key.

A confirmation dialog box appears.

c. Click Yes.

A file saving window appears.

d. Enter a file name (private.ppk in this example), and click Save.

e. Transmit the public key file to the server through FTP or TFTP. (Details not shown.)

2. Configure the Stelnet server:

# Generate RSA key pairs.

<Router> system-view

[Router] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[Router] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+

Create the key pair successfully.

# Generate an ECDSA key pair.

[Router] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable the Stelnet server.

[Router] ssh server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1. The Stelnet client uses this address as the destination for SSH connection.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.1.40 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to AAA for user lines.

[Router] line vty 0 63

[Router-line-vty0-63] authentication-mode scheme

[Router-line-vty0-63] quit

# Import the peer public key from the public key file key.pub and name it clientkey.

[Router] public-key peer clientkey import sshkey key.pub

# Create an SSH user named client002. Specify the authentication method as publickey for the user, and assign the public key clientkey to the user.

[Router] ssh user client002 service-type stelnet authentication-type publickey assign publickey clientkey

# Create a local device management user named client002.

[Router] local-user client002 class manage

# Authorize local user client002 to use the SSH service.

[Router-luser-manage-client002] service-type ssh

# Assign the network-admin user role to local user client002.

[Router-luser-manage-client002] authorization-attribute user-role network-admin

[Router-luser-manage-client002] quit

3. Specify the private key file and establish a connection to the Stelnet server:

a. Launch PuTTY.exe on the Stelnet client to enter the interface shown in Figure 369.

b. In the Host Name (or IP address) field, enter IP address 192.168.1.40 of the Stelnet server.

Figure 369 Specifying the host name (or IP address)

‌

a. From the navigation tree, select Connection > SSH.

The window shown in Figure 370 appears.

b. Set Preferred SSH protocol version to 2.

Figure 370 Setting the preferred SSH version

‌

a. From the navigation tree, select Connection > SSH > Auth.

The window shown in Figure 371 appears.

b. Click Browse… to open the file selection window, and then select the private key file (private.ppk in this example).

c. Click Open.

Figure 371 Specifying the private key file

‌

a. Enter username client002 to log in to the Stelnet server.

Example: Configuring the device as an Stelnet client (password authentication)

Network configuration

As shown in Figure 372:

· Router B acts as the Stelnet server and uses password authentication to authenticate the Stelnet client. The username and password of the client are saved on Router B.

· Router A acts as the Stelnet client. After the user on Router A logs in to Router B through Stelnet, the user can configure and manage Router B as a network administrator.

Figure 372 Network diagram

‌

Procedure

1. Configure the Stelnet server:

# Generate RSA key pairs.

<RouterB> system-view

[RouterB] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[RouterB] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+

Create the key pair successfully.

# Generate an ECDSA key pair.

[RouterB] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable the Stelnet server.

[RouterB] ssh server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1. The Stelnet client uses this address as the destination address for SSH connection.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 192.168.1.40 255.255.255.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to AAA for user lines.

[RouterB] line vty 0 63

[RouterB-line-vty0-63] authentication-mode scheme

[RouterB-line-vty0-63] quit

# Create a local device management user named client001.

[RouterB] local-user client001 class manage

# Set the password to 123456TESTplat&! in plain text for local user client001.

[RouterB-luser-manage-client001] password simple 123456TESTplat&!

# Authorize local user client001 to use the SSH service.

[RouterB-luser-manage-client001] service-type ssh

# Assign the network-admin user role to local user client001.

[RouterB-luser-manage-client001] authorization-attribute user-role network-admin

[RouterB-luser-manage-client001] quit

# Create an SSH user named client001. Specify the service type as stelnet and the authentication method as password for the user.

[RouterB] ssh user client001 service-type stelnet authentication-type password

# Specify the DSA public key algorithm for SSH2.

[RouterB] ssh2 algorithm public-key dsa

2. Establish a connection to the Stelnet server:

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

<RouterA> system-views

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.1.56 255.255.255.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] quit

¡ If the client does not have the server's host public key, and is connected to the server for the first time:

# Establish an SSH connection to server 192.168.1.40. Enter username client001, and then enter y to continute accessing the server without authentecting the server, and enter y to download and save the server's host public key.

<RouterA> ssh2 192.168.1.40

Username: client001

Press CTRL+C to abort.

Connecting to 192.168.1.40 port 22.

The server is not authenticated. Continue? [Y/N]:y

Do you want to save the server public key? [Y/N]:y

[email protected]'s password:

Enter a character ~ and a dot to abort.

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

After you enter password 123456TESTplat&!, you can access Router B successfully. At the next connection attempt, the client authenticates the server by using the server's host public key that is locally saved on the client.

¡ If you configure the server's host public key on the client before establishing a connection to the server:

# Use the display public-key local dsa public command on the server to display the server's host public key. (Details not shown.)

# Enter public key view of the client and copy the host public key of the server to the client.

[RouterA] public-key peer key1

Enter public key view. Return to system view with "peer-public-key end" command.

[RouterA-pkey-public-key-key1] 308201B73082012C06072A8648CE3804013082011F0281810

0D757262C4584C44C211F18BD96E5F0

[RouterA-pkey-public-key-key1]61C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE

65BE6C265854889DC1EDBD13EC8B274

[RouterA-pkey-public-key-key1]DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B0

6FD60FE01941DDD77FE6B12893DA76E

[RouterA-pkey-public-key-key1]EBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B3

68950387811C7DA33021500C773218C

[RouterA-pkey-public-key-key1]737EC8EE993B4F2DED30F48EDACE915F0281810082269009E

14EC474BAF2932E69D3B1F18517AD95

[RouterA-pkey-public-key-key1]94184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD35D02

492B3959EC6499625BC4FA5082E22C5

[RouterA-pkey-public-key-key1]B374E16DD00132CE71B020217091AC717B612391C76C1FB2E

88317C1BD8171D41ECB83E210C03CC9

[RouterA-pkey-public-key-key1]B32E810561C21621C73D6DAAC028F4B1585DA7F42519718CC

9B09EEF0381840002818000AF995917

[RouterA-pkey-public-key-key1]E1E570A3F6B1C2411948B3B4FFA256699B3BF871221CC9C5D

F257523777D033BEE77FC378145F2AD

[RouterA-pkey-public-key-key1]D716D7DB9FCABB4ADBF6FB4FDB0CA25C761B308EF53009F71

01F7C62621216D5A572C379A32AC290

[RouterA-pkey-public-key-key1]E55B394A217DA38B65B77F0185C8DB8095522D1EF044B465E

8716261214A5A3B493E866991113B2D

[RouterA-pkey-public-key-key1]485348

[RouterA-pkey-public-key-key1] peer-public-key end

# Specify the DSA public key algorithm for SSH2.

[RouterA] ssh2 algorithm public-key dsa

[RouterA] quit

# Establish an SSH connection to the server, and specify the host public key of the server as key1.

<RouterA> ssh2 192.168.1.40 public-key key1

Username: client001

Press CTRL+C to abort.

Connecting to 192.168.1.40 port 22.

[email protected]'s password:

Enter a character ~ and a dot to abort.

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

After you enter username client001 and password 123456TESTplat&!, you can log in to Router B successfully.

¡ If the client has the server's host public key:

<RouterA> ssh2 192.168.1.40

Username: client001

Press CTRL+C to abort.

Connecting to 192.168.1.40 port 22.

[email protected]'s password:

Enter a character ~ and a dot to abort.

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

After you enter username client001 and password 123456TESTplat&!, you can log in to Router B successfully.

Example: Configuring the device as an Stelnet client (publickey authentication)

Network configuration

As shown in Figure 373:

· Router B acts as the Stelnet server, and it uses publickey authentication and the DSA public key algorithm.

· Router A acts as the Stelnet client. After the user on Router A logs in to Router B through Stelnet, the user can configure and manage Router B as a network administrator.

Figure 373 Network diagram

‌

Restrictions and guidelines

In the server configuration, the client's host public key is required. Generate a DSA key pair on the client before configuring the Stelnet server.

Procedure

1. Configure the Stelnet client:

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.1.56 255.255.255.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Generate a DSA key pair.

[RouterA] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+

Create the key pair successfully.

# Export the DSA host public key to a public key file named key.pub.

[RouterA] public-key local export dsa ssh2 key.pub

[RouterA] quit

# Transmit the public key file key.pub to the server through FTP or TFTP. (Details not shown.)

2. Configure the Stelnet server:

# Generate RSA key pairs.

<RouterB> system-view

[RouterB] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[RouterB] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+

Create the key pair successfully.

# Generate an ECDSA key pair.

[RouterB] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable the Stelnet server.

[RouterB] ssh server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1. The Stelnet client uses this address as the destination address for SSH connection.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 192.168.1.40 255.255.255.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to AAA for user lines.

[RouterB] line vty 0 63

[RouterB-line-vty0-63] authentication-mode scheme

[RouterB-line-vty0-63] quit

# Import the peer public key from the public key file key.pub, and name it clientkey.

[RouterB] public-key peer clientkey import sshkey key.pub

# Create an SSH user named client002. Specify the authentication method as publickey for the user, and assign the public key clientkey to the user.

[RouterB] ssh user client002 service-type stelnet authentication-type publickey assign publickey clientkey

# Create a local device management user named client002.

[RouterB] local-user client002 class manage

# Authorize local user client002 to use the SSH service.

[RouterB-luser-manage-client002] service-type ssh

# Assign the network-admin user role to local user client002.

[RouterB-luser-manage-client002] authorization-attribute user-role network-admin

[RouterB-luser-manage-client002] quit

3. Establish an SSH connection to the Stelnet server.

<RouterA> ssh2 192.168.1.40 identity-key dsa

Username: client002

Press CTRL+C to abort.

Connecting to 192.168.1.40 port 22.

The server is not authenticated. Continue? [Y/N]:y

Do you want to save the server public key? [Y/N]:n

Enter a character ~ and a dot to abort.

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

The client does not have the server's host public key, so when you connect to the server for the first time, you can log in to the server successfully after you enter y to continue accessing the server.

Example: Configuring Stelnet based on 128-bit Suite B algorithms

Network configuration

As shown in Figure 374:

· Router B acts as the Stelnet Suite B server (SSH2), and it uses publickey authentication to authenticate the client.

· Router A acts as an Stelnet Suite B client (SSH2). After the user on Router A logs in to Router B through the Stelnet Suite B client software, the user can configure and manage Router B as an administrator.

Figure 374 Network diagram

‌

Restrictions and guidelines

Before you configure Stelnet, first configure the certificates of the server and the client because they are required for identity authentication.

You can modify the pkix version of the client software OpenSSH to support Suite B. This example uses an H3C router as an Stelnet client.

Procedure

1. Configure the Stelnet client:

# Upload the server's certificate file ssh-server-ecdsa256.p12 and the client's certificate file ssh-client-ecdsa256.p12 to the Stelnet client through FTP or TFTP. (Details not shown.)

# Create a PKI domain named server256 for verifying the server's certificate and enter its view.

<RouterA> system-view

[RouterA] pki domain server256

# Disable CRL checking.

[RouterA-pki-domain-server256] undo crl check enable

[RouterA-pki-domain-server256] quit

# Import local certificate file ssh-server-ecdsa256.p12 to PKI domain server256.

[RouterA] pki import domain server256 p12 local filename ssh-server-ecdsa256.p12

The system is going to save the key pair. You must specify a key pair name, which is a case-insensitive string of 1 to 64 characters. Valid characters include a to z, A to Z, 0 to 9, and hyphens (-).

Please enter the key pair name[default name: server256]:

# Display information about local certificates in PKI domain server256.

[RouterA] display pki certificate domain server256 local

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 3 (0x3)

Signature Algorithm: ecdsa-with-SHA256

Issuer: C=CN, ST=Beijing, L=Beijing, O=H3C, OU=Software, CN=SuiteB CA

Validity

Not Before: Aug 21 08:39:51 2015 GMT

Not After : Aug 20 08:39:51 2016 GMT

Subject: C=CN, ST=Beijing, O=H3C, OU=Software, CN=SSH Server secp256

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey

Public-Key: (256 bit)

pub:

04:a2:b4:b4:66:1e:3b:d5:50:50:0e:55:19:8d:52:

6d:47:8c:3d:3d:96:75:88:2f:9a:ba:a2:a7:f9:ef:

0a:a9:20:b7:b6:6a:90:0e:f8:c6:de:15:a2:23:81:

3c:9e:a2:b7:83:87:b9:ad:28:c8:2a:5e:58:11:8e:

c7:61:4a:52:51

ASN1 OID: prime256v1

NIST CURVE: P-256

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

08:C1:F1:AA:97:45:19:6A:DA:4A:F2:87:A1:1A:E8:30:BD:31:30:D7

X509v3 Authority Key Identifier:

keyid:5A:BE:85:49:16:E5:EB:33:80:25:EB:D8:91:50:B4:E6:3E:4F:B8:22

Signature Algorithm: ecdsa-with-SHA256

30:65:02:31:00:a9:16:e9:c1:76:f0:32:fc:4b:f9:8f:b6:7f:

31:a0:9f:de:a7:cc:33:29:27:2c:71:2e:f9:0d:74:cb:25:c9:

00:d2:52:18:7f:58:3f:cc:7e:8b:d3:42:65:00:cb:63:f8:02:

30:01:a2:f6:a1:51:04:1c:61:78:f6:6b:7e:f9:f9:42:8d:7c:

a7:bb:47:7c:2a:85:67:0d:81:12:0b:02:98:bc:06:1f:c1:3c:

9b:c2:1b:4c:44:38:5a:14:b2:48:63:02:2b

# Create a PKI domain named client256 for the client's certificate and enter its view.

[RouterA] pki domain client256

# Disable CRL checking.

[RouterA-pki-domain-client256] undo crl check enable

[RouterA-pki-domain-client256] quit

# Import local certificate file ssh-client-ecdsa256.p12 to PKI domain client256.

[RouterA] pki import domain client256 p12 local filename ssh-client-ecdsa256.p12

The system is going to save the key pair. You must specify a key pair name, which is a case-insensitive string of 1 to 64 characters. Valid characters include a to z, A to Z, 0 to 9, and hyphens (-).

Please enter the key pair name[default name: client256]:

# Display information about local certificates in PKI domain client256.

[RouterA] display pki certificate domain client256 local

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 4 (0x4)

Signature Algorithm: ecdsa-with-SHA256

Issuer: C=CN, ST=Beijing, L=Beijing, O=H3C, OU=Software, CN=SuiteB CA

Validity

Not Before: Aug 21 08:41:09 2015 GMT

Not After : Aug 20 08:41:09 2016 GMT

Subject: C=CN, ST=Beijing, O=H3C, OU=Software, CN=SSH Client secp256

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey

Public-Key: (256 bit)

pub:

04:da:e2:26:45:87:7a:63:20:e7:ca:7f:82:19:f5:

96:88:3e:25:46:f8:2f:9a:4c:70:61:35:db:e4:39:

b8:38:c4:60:4a:65:28:49:14:32:3c:cc:6d:cd:34:

29:83:84:74:a7:2d:0e:75:1c:c2:52:58:1e:22:16:

12:d0:b4:8a:92

ASN1 OID: prime256v1

NIST CURVE: P-256

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

1A:61:60:4D:76:40:B8:BA:5D:A1:3C:60:BC:57:98:35:20:79:80:FC

X509v3 Authority Key Identifier:

keyid:5A:BE:85:49:16:E5:EB:33:80:25:EB:D8:91:50:B4:E6:3E:4F:B8:22

Signature Algorithm: ecdsa-with-SHA256

30:66:02:31:00:9a:6d:fd:7d:ab:ae:54:9a:81:71:e6:bb:ad:

5a:2e:dc:1d:b3:8a:bf:ce:ee:71:4e:8f:d9:93:7f:a3:48:a1:

5c:17:cb:22:fa:8f:b3:e5:76:89:06:9f:96:47:dc:34:87:02:

31:00:e3:af:2a:8f:d6:8d:1f:3a:2b:ae:2f:97:b3:52:63:b6:

18:67:70:2c:93:2a:41:c0:e7:fa:93:20:09:4d:f4:bf:d0:11:

66:0f:48:56:01:1e:c3:be:37:4e:49:19:cf:c6

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.1.56 255.255.255.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

2. Configure the Stelnet server:

# Upload the server's certificate file ssh-server-ecdsa256.p12 and the client's certificate file ssh-client-ecdsa256.p12 to the Stelnet server through FTP or TFTP. (Details not shown.)

# Create a PKI domain named client256 for verifying the client's certificate and import the file of the client's certificate to this domain. (Details not shown.)

# Create a PKI domain named server256 for the server's certificate and import the file of the server's certificate to this domain. (Details not shown.)

# Specify Suite B algorithms for algorithm negotiation.

<RouterB> system-view

[RouterB] ssh2 algorithm key-exchange ecdh-sha2-nistp256

[RouterB] ssh2 algorithm cipher aes128-gcm

[RouterB] ssh2 algorithm public-key x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384

# Specify server256 as the PKI domain of the server's certificate.

[RouterB] ssh server pki-domain server256

# Enable the Stelnet server.

[RouterB] ssh server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 192.168.1.40 255.255.255.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to AAA for user lines.

[RouterB] line vty 0 63

[RouterB-line-vty0-63] authentication-mode scheme

[RouterB-line-vty0-63] quit

# Create a local device management user named client001. Authorize the user to use the SSH service and assign the network-admin user role to the user.

[RouterB] local-user client001 class manage

[RouterB-luser-manage-client001] service-type ssh

[RouterB-luser-manage-client001] authorization-attribute user-role network-admin

[RouterB-luser-manage-client001] quit

# Create an SSH user named client001. Specify the publickey authentication method for the user and specify client256 as the PKI domain for verifying the client's certificate.

[RouterB] ssh user client001 service-type stelnet authentication-type publickey assign pki-domain client256

3. Establish an SSH connection to the Stelnet server based on the 128-bit Suite B algorithms:

# Establish an SSH connection to the server at 192.168.1.40.

<RouterA> ssh2 192.168.1.40 suite-b 128-bit pki-domain client256 server-pki-domain server256

Username: client001

Press CTRL+C to abort.

Connecting to 192.168.1.40 port 22.

Enter a character ~ and a dot to abort.

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

SFTP configuration examples

Example: Configuring the device as an SFTP server (password authentication)

Network configuration

As shown in Figure 375:

· The router acts as the SFTP server and uses password authentication to authenticate the SFTP client. The username and password of the client are saved on the router.

· The host acts as the SFTP client. After the user on the client logs in to the router through SFTP, the user can perform file management and transfer operations on the router as a network administrator.

Figure 375 Network diagram

‌

Restrictions and guidelines

The device supports different types of SFTP client software. This example uses an SFTP client that runs PSFTP of PuTTY version 0.58.

PSFTP supports only password authentication.

Procedure

1. Configure the SFTP server:

# Generate RSA key pairs.

<Router> system-view

[Router] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[Router] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+

Create the key pair successfully.

# Generate an ECDSA key pair.

[Router] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable the SFTP server.

[Router] sftp server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1. The client uses this address as the destination for SSH connection.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.1.45 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Create a local device management user named client002.

[Router] local-user client002 class manage

# Set the password to 123456TESTplat&! in plain text for local user client002.

[Router-luser-manage-client002] password simple 123456TESTplat&!

# Authorize local user client002 to use the SSH service.

[Router-luser-manage-client002] service-type ssh

# Assign the network-admin user role and working directory flash:/ to local user client002.

[Router-luser-manage-client002] authorization-attribute user-role network-admin work-directory flash:/

[Router-luser-manage-client002] quit

# Create an SSH user named client002. Specify the authentication method as password and service type as sftp for the user.

[Router] ssh user client002 service-type sftp authentication-type password

2. Establish a connection to the SFTP server:

a. Run the psftp.exe to launch the client interface shown in Figure 376, and enter the following command:

open 192.168.1.45

b. Enter username client002 and password 123456TESTplat&! to log in to the SFTP server.

Figure 376 SFTP client interface

‌

Example: Configuring the device as an SFTP client (publickey authentication)

Network configuration

As shown in Figure 377:

· Router B acts as the SFTP server, and it uses publickey authentication and the RSA public key algorithm.

· Router A acts as the SFTP client. After the user on Router A logs in to Router B through SFTP, the user can perform file management and transfer operations on Router B as a network administrator.

Figure 377 Network diagram

‌

Restrictions and guidelines

In the server configuration, the client's host public key is required. Generate RSA key pairs on the client before configuring the SFTP server.

Procedure

1. Configure the SFTP client:

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.0.2 255.255.255.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Generate RSA key pairs.

[RouterA] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Export the host public key to a public key file named pubkey.

[RouterA] public-key local export rsa ssh2 pubkey

[RouterA] quit

# Transmit the public key file pubkey to the server through FTP or TFTP. (Details not shown.)

2. Configure the SFTP server:

# Generate RSA key pairs.

<RouterB> system-view

[RouterB] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[RouterB] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+

Create the key pair successfully.

# Generate an ECDSA key pair.

[RouterB] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable the SFTP server.

[RouterB] sftp server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1. The client uses this address as the destination address for SSH connection.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 192.168.0.1 255.255.255.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Import the peer public key from the public key file pubkey, and name it routerkey.

[RouterB] public-key peer routerkey import sshkey pubkey

# Create an SSH user named client001. Specify the service type as sftp and the authentication method as publickey for the user. Assign the public key routerkey to the user.

[RouterB] ssh user client001 service-type sftp authentication-type publickey assign publickey routerkey

# Create a local device management user named client001.

[RouterB] local-user client001 class manage

# Authorize local user client001 to use the SSH service.

[RouterB-luser-manage-client001] service-type ssh

# Assign the network-admin user role and working directory flash:/ to local user client001.

[RouterB-luser-manage-client001] authorization-attribute user-role network-admin work-directory flash:/

[RouterB-luser-manage-client001] quit

3. Establish a connection between the SFTP client and the SFTP server:

# Establish a connection to the SFTP server and enter SFTP client view.

<RouterA> sftp 192.168.0.1 identity-key rsa

Username: client001

Press CTRL+C to abort.

Connecting to 192.168.0.1 port 22.

The server is not authenticated. Continue? [Y/N]:y

Do you want to save the server public key? [Y/N]:n

sftp>

# Display files under the current directory of the server, delete file z, and verify the result.

sftp> dir -l

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

-rwxrwxrwx 1 noone nogroup 0 Sep 01 08:00 z

sftp> delete z

Removing /z

sftp> dir -l

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

# Add a directory named new1 and verify the result.

sftp> mkdir new1

sftp> dir -l

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

drwxrwxrwx 1 noone nogroup 0 Sep 02 06:30 new1

# Change the name of directory new1 to new2 and verify the result.

sftp> rename new1 new2

sftp> dir

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2

# Download file pubkey2 from the server and save it as a local file named public.

sftp> get pubkey2 public

Fetching / pubkey2 to public

/pubkey2 100% 225 1.4KB/s 00:00

# Upload a local file pu to the server, save it as puk, and verify the result.

sftp> put pu puk

Uploading pu to / puk

sftp> dir

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2

-rwxrwxrwx 1 noone nogroup 283 Sep 02 06:35 pub

-rwxrwxrwx 1 noone nogroup 283 Sep 02 06:36 puk

sftp>

# Exit SFTP client view.

sftp> quit

Example: Configuring SFTP based on 192-bit Suite B algorithms

Network configuration

As shown in Figure 378:

· Router B acts as the SFTP Suite B server (SSH2), and it uses publickey authentication to authenticate the SFTP client.

· Router A acts as an SFTP Suite B client (SSH2). After the user on Router A logs in to Router B based on the SFTP Suite B client software, the user can manage and transfer files on Router B as an administrator.

Figure 378 Network diagram

‌

Restrictions and guidelines

Before you configure SFTP, first configure the certificates of the server and the client because they are required for identity authentication.

You can modify the pkix version of the client software OpenSSH to support Suite B. This example uses an H3C router as an SFTP client.

Procedure

1. Configure the SFTP client:

# Upload the server's certificate file ssh-server-ecdsa384.p12 and the client's certificate file ssh-client-ecdsa384.p12 to the SFTP client through FTP or TFTP. (Details not shown.)

# Create a PKI domain named server384 for verifying the server's certificate and enter its view.

<RouterA> system-view

[RouterA] pki domain server384

# Disable CRL checking.

[RouterA-pki-domain-server384] undo crl check enable

[RouterA-pki-domain-server384] quit

# Import local certificate file ssh-server-ecdsa384.p12 to PKI domain server384.

[RouterA] pki import domain server384 p12 local filename ssh-server-ecdsa384.p12

The system is going to save the key pair. You must specify a key pair name, which is a case-insensitive string of 1 to 64 characters. Valid characters include a to z, A to Z, 0 to 9, and hyphens (-).

Please enter the key pair name[default name: server384]:

# Display information about local certificates in PKI domain server384.

[RouterA] display pki certificate domain server384 local

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 1 (0x1)

Signature Algorithm: ecdsa-with-SHA384

Issuer: C=CN, ST=Beijing, L=Beijing, O=H3C, OU=Software, CN=SuiteB CA

Validity

Not Before: Aug 20 10:08:41 2015 GMT

Not After : Aug 19 10:08:41 2016 GMT

Subject: C=CN, ST=Beijing, O=H3C, OU=Software, CN=ssh server

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey

Public-Key: (384 bit)

pub:

04:4a:33:e5:99:8d:49:45:a7:a3:24:7b:32:6a:ed:

b6:36:e1:4d:cc:8c:05:22:f4:3a:7c:5d:b7:be:d1:

e6:9e:f0:ce:95:39:ca:fd:a0:86:cd:54:ab:49:60:

10:be:67:9f:90:3a:18:e2:7d:d9:5f:72:27:09:e7:

bf:7e:64:0a:59:bb:b3:7d:ae:88:14:94:45:b9:34:

d2:f3:93:e1:ba:b4:50:15:eb:e5:45:24:31:10:c7:

07:01:f9:dc:a5:6f:81

ASN1 OID: secp384r1

NIST CURVE: P-384

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

10:16:64:2C:DA:C1:D1:29:CD:C0:74:40:A9:70:BD:62:8A:BB:F4:D5

X509v3 Authority Key Identifier:

keyid:5A:BE:85:49:16:E5:EB:33:80:25:EB:D8:91:50:B4:E6:3E:4F:B8:22

Signature Algorithm: ecdsa-with-SHA384

30:65:02:31:00:80:50:7a:4f:c5:cd:6a:c3:57:13:7f:e9:da:

c1:72:7f:45:30:17:c2:a7:d3:ec:73:3d:5f:4d:e3:96:f6:a3:

33:fb:e4:b9:ff:47:f1:af:9d:e3:03:d2:24:53:40:09:5b:02:

30:45:d1:bf:51:fd:da:22:11:90:03:f9:d4:05:ec:d6:7c:41:

fc:9d:a1:fd:5b:8c:73:f8:b6:4c:c3:41:f7:c6:7f:2f:05:2d:

37:f8:52:52:26:99:28:97:ac:6e:f9:c7:01

# Create a PKI domain named client384 for the client's certificate and enter its view.

[RouterA] pki domain client384

# Disable CRL checking.

[RouterA-pki-domain-client384] undo crl check enable

[RouterA-pki-domain-client384] quit

# Import local certificate file ssh-client-ecdsa384.p12 to PKI domain client384.

[RouterA] pki import domain client384 p12 local filename ssh-client-ecdsa384.p12

The system is going to save the key pair. You must specify a key pair name, which is a case-insensitive string of 1 to 64 characters. Valid characters include a to z, A to Z, 0 to 9, and hyphens (-).

Please enter the key pair name[default name: client384]:

# Display information about local certificates in PKI domain client384.

[RouterA]display pki certificate domain client384 local

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 2 (0x2)

Signature Algorithm: ecdsa-with-SHA384

Issuer: C=CN, ST=Beijing, L=Beijing, O=H3C, OU=Software, CN=SuiteB CA

Validity

Not Before: Aug 20 10:10:59 2015 GMT

Not After : Aug 19 10:10:59 2016 GMT

Subject: C=CN, ST=Beijing, O=H3C, OU=Software, CN=ssh client

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey

Public-Key: (384 bit)

pub:

04:85:7c:8b:f4:7a:36:bf:74:f6:7c:72:f9:08:69:

d0:b9:ac:89:98:17:c9:fc:89:94:43:da:9a:a6:89:

41:d3:72:24:9b:9a:29:a8:d1:ba:b4:e5:77:ba:fc:

df:ae:c6:dd:46:72:ab:bc:d1:7f:18:7d:54:88:f6:

b4:06:54:7e:e7:4d:49:b4:07:dc:30:54:4b:b6:5b:

01:10:51:6b:0c:6d:a3:b1:4b:c9:d9:6c:d6:be:13:

91:70:31:2a:92:00:76

ASN1 OID: secp384r1

NIST CURVE: P-384

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

BD:5F:8E:4F:7B:FE:74:03:5A:D1:94:DB:CA:A7:82:D6:F7:78:A1:B0

X509v3 Authority Key Identifier:

keyid:5A:BE:85:49:16:E5:EB:33:80:25:EB:D8:91:50:B4:E6:3E:4F:B8:22

Signature Algorithm: ecdsa-with-SHA384

30:66:02:31:00:d2:06:fa:2c:0b:0d:f0:81:90:01:c3:3d:bf:

97:b3:79:d8:25:a0:e2:0e:ed:00:c9:48:3e:c9:71:43:c9:b4:

2a:a6:0a:27:80:9e:d4:0f:f2:db:db:5b:40:b1:a9:0a:e4:02:

31:00:ee:00:e1:07:c0:2f:12:3f:88:ea:fe:19:05:ef:56:ca:

33:71:75:5e:11:c9:a6:51:4b:3e:7c:eb:2a:4d:87:2b:71:7c:

30:64:fe:14:ce:06:d5:0a:e2:cf:9a:69:19:ff

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.0.2 255.255.255.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

2. Configure the SFTP server:

# Upload the server's certificate file ssh-server-ecdsa384.p12 and the client's certificate file ssh-client-ecdsa384.p12 to the SFTP server through FTP or TFTP. (Details not shown.)

# Create a PKI domain named client384 for verifying the client's certificate and import the file of the client's certificate to this domain. (Details not shown.)

# Create a PKI domain named server384 for the server's certificate and import the file of the server's certificate to this domain. (Details not shown.)

# Specify Suite B algorithms for algorithm negotiation.

[RouterB] ssh2 algorithm key-exchange ecdh-sha2-nistp384

[RouterB] ssh2 algorithm cipher aes256-gcm

[RouterB] ssh2 algorithm public-key x509v3-ecdsa-sha2-nistp384

# Specify server384 as the PKI domain of the server's certificate.

[RouterB] ssh server pki-domain server384

# Enable the SFTP server.

[RouterB] sftp server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 192.168.0.1 255.255.255.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to AAA for user lines.

[RouterB] line vty 0 63

[RouterB-line-vty0-63] authentication-mode scheme

[RouterB-line-vty0-63] quit

# Create a local device management user named client001. Authorize the user to use the SSH service and assign the network-admin user role to the user.

[RouterB] local-user client001 class manage

[RouterB-luser-manage-client001] service-type ssh

[RouterB-luser-manage-client001] authorization-attribute user-role network-admin

[RouterB-luser-manage-client001] quit

# Create an SSH user named client001. Specify the publickey authentication method for the user and specify client384 as the PKI domain for verifying the client's certificate.

[RouterB] ssh user client001 service-type sftp authentication-type publickey assign pki-domain client384

3. Establish an SFTP connection to the SFTP server based on the 192-bit Suite B algorithms:

# Establish an SFTP connection to the server at 192.168.0.1.

<RouterA> sftp 192.168.0.1 suite-b 192-bit pki-domain client384 server-pki-domain server384

Username: client001

Press CTRL+C to abort.

Connecting to 192.168.0.1 port 22.

sftp>

SCP configuration examples

Example: Configuring SCP with password authentication

Network configuration

As shown in Figure 379:

· Router B acts as the SCP server and uses password authentication to authenticate the SCP client. The client's username and password are saved on Router B.

· Router A acts as the SCP client. After the user on Router A logs in to Router B through SCP, the user can transfer files between routers as a network administrator.

Figure 379 Network diagram

‌

Procedure

1. Configure the SCP server:

# Generate RSA key pairs.

<RouterB> system-view

[RouterB] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[RouterB] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+.

Create the key pair successfully.

# Generate an ECDSA key pair.

[RouterB] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable the SCP server.

[RouterB] scp server enable

# Configure an IP address for Ten-GigabitEthernet 3/0/1. The client uses this address as the destination for SCP connection.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 192.168.0.1 255.255.255.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Create a local device management user named client001.

[RouterB] local-user client001 class manage

# Set the password to 123456TESTplat&! in plain text for local user client001.

[RouterB-luser-manage-client001] password simple 123456TESTplat&!

# Authorize local user client001 to use the SSH service.

[RouterB-luser-manage-client001] service-type ssh

# Assign the network-admin user role to local user client001.

[RouterB-luser-manage-client001] authorization-attribute user-role network-admin

[RouterB-luser-manage-client001] quit

# Create an SSH user named client001. Specify the service type as scp and the authentication method as password for the user.

[RouterB] ssh user client001 service-type scp authentication-type password

2. Configure an IP address for Ten-GigabitEthernet 3/0/1 on the SCP client.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.0.2 255.255.255.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] quit

3. Connect to the SCP server, download file remote.bin from the server, and save it as a local file named local.bin.

<RouterA> scp 192.168.0.1 get remote.bin local.bin

Username: client001

Press CTRL+C to abort.

Connecting to 192.168.0.1 port 22.

The server is not authenticated. Continue? [Y/N]:y

Do you want to save the server public key? [Y/N]:n

[email protected]’s password:

remote.bin 100% 2875 2.8KB/s 00:00

Example: Configuring SCP file transfer with a Linux SCP client

Network configuration

As shown in Figure 380, the router acts as the SCP server and uses password authentication to authenticate the SCP client. The client's username and password are saved on the router.

The device acts as the SCP client. After the user on the device logs in to the router through SCP, the user can transfer files with the router as a network administrator.

Figure 380 Network diagram

‌

Procedure

1. Configure the SCP server:

# Generate an RSA key pair.

<Router> system-view

[Router] public-key local create rsa

The range of public key modulus is (512 ~ 4096).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[Router] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+.

Create the key pair successfully.

# Generate an ECDSA key pair.

[Router] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable the SCP server.

[Router] scp server enable

# Configure an IP address for Ten-GigabitEthernet 3/0/1. The SCP client uses this IP address as the destination address of the SCP connection.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.0.1 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Create a local device management user named client001. Set a password for the user, authorize the user to use the SSH service, assign the network-admin user role to the user, and specify the working directory as flash:/.

[Router] local-user client001 class manage

[Router-luser-manage-client001] password simple 123456TESTplat&!

[Router-luser-manage-client001] service-type ssh

[Router-luser-manage-client001] authorization-attribute user-role network-admin work-directory flash:/

[Router-luser-manage-client001] quit

# Configure an SSH user named client001, specify the SCP service for the SSH user, and set the authentication method as password. (This step is optional.)

[Router] ssh user client001 service-type scp authentication-type password

2. Configure the SCP client:

The following uses the SCP client running on a Linux system as an example:

# Connect to the SCP server, download the remote.bin file from the server, and save it as a local file named local.bin.

admin@device:~# scp [email protected]:remote.bin local.bin

[email protected]'s password:

remote.bin 100% 15

0.0KB/s 00:00

Example: Configuring SCP based on Suite B algorithms

Network configuration

As shown in Figure 381:

· Router B acts as the SCP Suite B server (SSH2), and it uses publickey authentication to authenticate the SCP client.

· Router A acts as an SCP Suite B client (SSH2). After the user on Router A logs in to Router B through SCP based on the SCP Suite B client software, the user can transfer files between routers as a network administrator.

Figure 381 Network diagram

‌

Restrictions and guidelines

Before you configure SCP, first configure the certificates of the server and the client because they are required for identity authentication.

You can modify the pkix version of the client software OpenSSH to support Suite B. This example uses an H3C router as an SCP client.

Procedure

1. Configure the SCP client:

# Upload the server's certificate files (ssh-server-ecdsa256.p12 and ssh-server-ecdsa384.p12) and the client's certificate files (ssh-client-ecdsa256.p12 and ssh-client-ecdsa384.p12) to the SCP client through FTP or TFTP. (Details not shown.)

# Create a PKI domain named server256 for verifying the server's certificate ecdsa256 and enter its view.

<RouterA> system-view

[RouterA] pki domain server256

# Disable CRL checking.

[RouterA-pki-domain-server256] undo crl check enable

[RouterA-pki-domain-server256] quit

# Import local certificate file ssh-server-ecdsa256.p12 to PKI domain server256.

[RouterA] pki import domain server256 p12 local filename ssh-server-ecdsa256.p12

The system is going to save the key pair. You must specify a key pair name, which is a case-insensitive string of 1 to 64 characters. Valid characters include a to z, A to Z, 0 to 9, and hyphens (-).

Please enter the key pair name[default name: server256]:

# Display information about local certificates in PKI domain server256.

[RouterA] display pki certificate domain server256 local

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 3 (0x3)

Signature Algorithm: ecdsa-with-SHA256

Issuer: C=CN, ST=Beijing, L=Beijing, O=H3C, OU=Software, CN=SuiteB CA

Validity

Not Before: Aug 21 08:39:51 2015 GMT

Not After : Aug 20 08:39:51 2016 GMT

Subject: C=CN, ST=Beijing, O=H3C, OU=Software, CN=SSH Server secp256

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey

Public-Key: (256 bit)

pub:

04:a2:b4:b4:66:1e:3b:d5:50:50:0e:55:19:8d:52:

6d:47:8c:3d:3d:96:75:88:2f:9a:ba:a2:a7:f9:ef:

0a:a9:20:b7:b6:6a:90:0e:f8:c6:de:15:a2:23:81:

3c:9e:a2:b7:83:87:b9:ad:28:c8:2a:5e:58:11:8e:

c7:61:4a:52:51

ASN1 OID: prime256v1

NIST CURVE: P-256

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

08:C1:F1:AA:97:45:19:6A:DA:4A:F2:87:A1:1A:E8:30:BD:31:30:D7

X509v3 Authority Key Identifier:

keyid:5A:BE:85:49:16:E5:EB:33:80:25:EB:D8:91:50:B4:E6:3E:4F:B8:22

Signature Algorithm: ecdsa-with-SHA256

30:65:02:31:00:a9:16:e9:c1:76:f0:32:fc:4b:f9:8f:b6:7f:

31:a0:9f:de:a7:cc:33:29:27:2c:71:2e:f9:0d:74:cb:25:c9:

00:d2:52:18:7f:58:3f:cc:7e:8b:d3:42:65:00:cb:63:f8:02:

30:01:a2:f6:a1:51:04:1c:61:78:f6:6b:7e:f9:f9:42:8d:7c:

a7:bb:47:7c:2a:85:67:0d:81:12:0b:02:98:bc:06:1f:c1:3c:

9b:c2:1b:4c:44:38:5a:14:b2:48:63:02:2b

# Create a PKI domain named client256 for the client's certificate ecdsa256 and enter its view.

[RouterA] pki domain client256

# Disable CRL checking.

[RouterA-pki-domain-client256] undo crl check enable

[RouterA-pki-domain-client256] quit

# Import local certificate file ssh-client-ecdsa256.p12 to PKI domain client256.

[RouterA] pki import domain client256 p12 local filename ssh-client-ecdsa256.p12

The system is going to save the key pair. You must specify a key pair name, which is a case-insensitive string of 1 to 64 characters. Valid characters include a to z, A to Z, 0 to 9, and hyphens (-).

Please enter the key pair name[default name: client256]:

# Display information about local certificates in PKI domain client256.

[RouterA] display pki certificate domain client256 local

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 4 (0x4)

Signature Algorithm: ecdsa-with-SHA256

Issuer: C=CN, ST=Beijing, L=Beijing, O=H3C, OU=Software, CN=SuiteB CA

Validity

Not Before: Aug 21 08:41:09 2015 GMT

Not After : Aug 20 08:41:09 2016 GMT

Subject: C=CN, ST=Beijing, O=H3C, OU=Software, CN=SSH Client secp256

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey

Public-Key: (256 bit)

pub:

04:da:e2:26:45:87:7a:63:20:e7:ca:7f:82:19:f5:

96:88:3e:25:46:f8:2f:9a:4c:70:61:35:db:e4:39:

b8:38:c4:60:4a:65:28:49:14:32:3c:cc:6d:cd:34:

29:83:84:74:a7:2d:0e:75:1c:c2:52:58:1e:22:16:

12:d0:b4:8a:92

ASN1 OID: prime256v1

NIST CURVE: P-256

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

1A:61:60:4D:76:40:B8:BA:5D:A1:3C:60:BC:57:98:35:20:79:80:FC

X509v3 Authority Key Identifier:

keyid:5A:BE:85:49:16:E5:EB:33:80:25:EB:D8:91:50:B4:E6:3E:4F:B8:22

Signature Algorithm: ecdsa-with-SHA256

30:66:02:31:00:9a:6d:fd:7d:ab:ae:54:9a:81:71:e6:bb:ad:

5a:2e:dc:1d:b3:8a:bf:ce:ee:71:4e:8f:d9:93:7f:a3:48:a1:

5c:17:cb:22:fa:8f:b3:e5:76:89:06:9f:96:47:dc:34:87:02:

31:00:e3:af:2a:8f:d6:8d:1f:3a:2b:ae:2f:97:b3:52:63:b6:

18:67:70:2c:93:2a:41:c0:e7:fa:93:20:09:4d:f4:bf:d0:11:

66:0f:48:56:01:1e:c3:be:37:4e:49:19:cf:c6

# Create a PKI domain named server384 for verifying the server's certificate ecdsa384 and enter its view.

[RouterA] pki domain server384

# Disable CRL checking.

[RouterA-pki-domain-server384] undo crl check enable

[RouterA-pki-domain-server384] quit

# Import local certificate file ssh-server-ecdsa384.p12 to PKI domain server384.

[RouterA] pki import domain server384 p12 local filename ssh-server-ecdsa384.p12

The system is going to save the key pair. You must specify a key pair name, which is a case-insensitive string of 1 to 64 characters. Valid characters include a to z, A to Z, 0 to 9, and hyphens (-).

Please enter the key pair name[default name: server384]:

# Display information about local certificates in PKI domain server384.

[RouterA] display pki certificate domain server384 local

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 1 (0x1)

Signature Algorithm: ecdsa-with-SHA384

Issuer: C=CN, ST=Beijing, L=Beijing, O=H3C, OU=Software, CN=SuiteB CA

Validity

Not Before: Aug 20 10:08:41 2015 GMT

Not After : Aug 19 10:08:41 2016 GMT

Subject: C=CN, ST=Beijing, O=H3C, OU=Software, CN=ssh server

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey

Public-Key: (384 bit)

pub:

04:4a:33:e5:99:8d:49:45:a7:a3:24:7b:32:6a:ed:

b6:36:e1:4d:cc:8c:05:22:f4:3a:7c:5d:b7:be:d1:

e6:9e:f0:ce:95:39:ca:fd:a0:86:cd:54:ab:49:60:

10:be:67:9f:90:3a:18:e2:7d:d9:5f:72:27:09:e7:

bf:7e:64:0a:59:bb:b3:7d:ae:88:14:94:45:b9:34:

d2:f3:93:e1:ba:b4:50:15:eb:e5:45:24:31:10:c7:

07:01:f9:dc:a5:6f:81

ASN1 OID: secp384r1

NIST CURVE: P-384

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

10:16:64:2C:DA:C1:D1:29:CD:C0:74:40:A9:70:BD:62:8A:BB:F4:D5

X509v3 Authority Key Identifier:

keyid:5A:BE:85:49:16:E5:EB:33:80:25:EB:D8:91:50:B4:E6:3E:4F:B8:22

Signature Algorithm: ecdsa-with-SHA384

30:65:02:31:00:80:50:7a:4f:c5:cd:6a:c3:57:13:7f:e9:da:

c1:72:7f:45:30:17:c2:a7:d3:ec:73:3d:5f:4d:e3:96:f6:a3:

33:fb:e4:b9:ff:47:f1:af:9d:e3:03:d2:24:53:40:09:5b:02:

30:45:d1:bf:51:fd:da:22:11:90:03:f9:d4:05:ec:d6:7c:41:

fc:9d:a1:fd:5b:8c:73:f8:b6:4c:c3:41:f7:c6:7f:2f:05:2d:

37:f8:52:52:26:99:28:97:ac:6e:f9:c7:01

# Create a PKI domain named client384 for the client's certificate ecdsa384 and enter its view.

[RouterA] pki domain client384

# Disable CRL checking.

[RouterA-pki-domain-client384] undo crl check enable

[RouterA-pki-domain-client384] quit

# Import local certificate file ssh-client-ecdsa384.p12 to PKI domain client384.

[RouterA] pki import domain client384 p12 local filename ssh-client-ecdsa384.p12

The system is going to save the key pair. You must specify a key pair name, which is a case-insensitive string of 1 to 64 characters. Valid characters include a to z, A to Z, 0 to 9, and hyphens (-).

Please enter the key pair name[default name: client384]:

# Display information about local certificates in PKI domain client384.

[RouterA] display pki certificate domain client384 local

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 2 (0x2)

Signature Algorithm: ecdsa-with-SHA384

Issuer: C=CN, ST=Beijing, L=Beijing, O=H3C, OU=Software, CN=SuiteB CA

Validity

Not Before: Aug 20 10:10:59 2015 GMT

Not After : Aug 19 10:10:59 2016 GMT

Subject: C=CN, ST=Beijing, O=H3C, OU=Software, CN=ssh client

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey

Public-Key: (384 bit)

pub:

04:85:7c:8b:f4:7a:36:bf:74:f6:7c:72:f9:08:69:

d0:b9:ac:89:98:17:c9:fc:89:94:43:da:9a:a6:89:

41:d3:72:24:9b:9a:29:a8:d1:ba:b4:e5:77:ba:fc:

df:ae:c6:dd:46:72:ab:bc:d1:7f:18:7d:54:88:f6:

b4:06:54:7e:e7:4d:49:b4:07:dc:30:54:4b:b6:5b:

01:10:51:6b:0c:6d:a3:b1:4b:c9:d9:6c:d6:be:13:

91:70:31:2a:92:00:76

ASN1 OID: secp384r1

NIST CURVE: P-384

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

BD:5F:8E:4F:7B:FE:74:03:5A:D1:94:DB:CA:A7:82:D6:F7:78:A1:B0

X509v3 Authority Key Identifier:

keyid:5A:BE:85:49:16:E5:EB:33:80:25:EB:D8:91:50:B4:E6:3E:4F:B8:22

Signature Algorithm: ecdsa-with-SHA384

30:66:02:31:00:d2:06:fa:2c:0b:0d:f0:81:90:01:c3:3d:bf:

97:b3:79:d8:25:a0:e2:0e:ed:00:c9:48:3e:c9:71:43:c9:b4:

2a:a6:0a:27:80:9e:d4:0f:f2:db:db:5b:40:b1:a9:0a:e4:02:

31:00:ee:00:e1:07:c0:2f:12:3f:88:ea:fe:19:05:ef:56:ca:

33:71:75:5e:11:c9:a6:51:4b:3e:7c:eb:2a:4d:87:2b:71:7c:

30:64:fe:14:ce:06:d5:0a:e2:cf:9a:69:19:ff

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.0.2 255.255.255.0

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] quit

2. Configure the SCP server:

# Create a PKI domain named client256 for verifying the client's certificate ecdsa256 and import the file of this certificate to this domain. Create a PKI domain named server256 for the server's certificate ecdsa256 and import the file of this certificate to this domain. (Details not shown.)

# Create a PKI domain named client384 for verifying the client's certificate ecdsa384 and import the file of this certificate to this domain. Create a PKI domain named server384 for the server's certificate ecdsa384 and import the file of this certificate to this domain. (Details not shown.)

# Specify Suite B algorithms for algorithm negotiation.

<RouterB> system-view

[RouterB] ssh2 algorithm key-exchange ecdh-sha2-nistp256 ecdh-sha2-nistp384

[RouterB] ssh2 algorithm cipher aes128-gcm aes256-gcm

[RouterB] ssh2 algorithm public-key x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384

# Enable the SCP server.

[RouterB] scp server enable

# Assign an IP address to Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 192.168.0.1 255.255.255.0

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to AAA for user lines.

[RouterB] line vty 0 63

[RouterB-line-vty0-63] authentication-mode scheme

[RouterB-line-vty0-63] quit

# Create a local device management user named client001. Authorize the user to use the SSH service and assign the network-admin user role to the user.

[RouterB] local-user client001 class manage

[RouterB-luser-manage-client001] service-type ssh

[RouterB-luser-manage-client001] authorization-attribute user-role network-admin

[RouterB-luser-manage-client001] quit

# Create a local device management user named client002. Authorize the user to use the SSH service and assign the network-admin user role to the user.

[RouterB] local-user client002 class manage

[RouterB-luser-manage-client002] service-type ssh

[RouterB-luser-manage-client002] authorization-attribute user-role network-admin

[RouterB-luser-manage-client002] quit

3. Establish an SCP connection to the SCP server:

¡ Based on the 128-bit Suite B algorithms:

# Specify server256 as the PKI domain of the server's certificate.

[RouterB] ssh server pki-domain server256

# Create an SSH user client001. Specify the authentication method publickey for the user and specify client256 as the PKI domain for verifying the client's certificate.

[RouterB] ssh user client001 service-type scp authentication-type publickey assign pki-domain client256

# Establish an SCP connection to the SCP server at 192.168.0.1 based on the 128-bit Suite B algorithms.

<RouterA> scp 192.168.0.1 get src.cfg suite-b 128-bit pki-domain client256 server-pki-domain server256

Username: client001

Press CTRL+C to abort.

Connecting to 192.168.0.1 port 22.

src.cfg 100% 4814 4.7KB/s 00:00

¡ Based on the 192-bit Suite B algorithms:

# Specify server384 as the PKI domain of the server's certificate.

[RouterB] ssh server pki-domain server384

# Create an SSH user client002. Specify the publickey authentication method for the user and specify client384 as the PKI domain for verifying the client's certificate.

[RouterB] ssh user client002 service-type scp authentication-type publickey assign pki-domain client384

# Establish an SCP connection to the SCP server at 192.168.0.1 based on the 192-bit Suite B algorithms.

<RouterA> scp 192.168.0.1 get src.cfg suite-b 192-bit pki-domain client384 server-pki-domain server384

Username: client002

Press CTRL+C to abort.

Connecting to 192.168.0.1 port 22.

src.cfg 100% 4814 4.7KB/s 00:00

NETCONF over SSH configuration examples

Example: Configuring NETCONF over SSH with password authentication

Network configuration

As shown in Figure 382:

· The router acts as the NETCONF-over-SSH server and uses password authentication to authenticate the client. The client's username and password are saved on the router.

· The host acts as the NETCONF-over-SSH client, using SSH2 client software. After the user on the host logs in to the router through NETCONF over SSH, the user can perform NETCONF operations on the router as a network administrator.

Figure 382 Network diagram

‌

Procedure

# Generate RSA key pairs.

<Router> system-view

[Router] public-key local create rsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[Router] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+.

Create the key pair successfully.

# Generate an ECDSA key pair.

[Router] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully.

# Enable NETCONF over SSH.

[Router] netconf ssh server enable

# Configure an IP address for Ten-GigabitEthernet 3/0/1. The client uses this address as the destination for NETCONF-over-SSH connection.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip address 192.168.1.40 255.255.255.0

[Router-Ten-GigabitEthernet3/0/1] quit

# Set the authentication mode to AAA for user lines.

[Router] line vty 0 63

[Router-line-vty0-63] authentication-mode scheme

[Router-line-vty0-63] quit

# Create a local device management user named client001.

[Router] local-user client001 class manage

# Set the password to 123456TESTplat&! in plain text for local user client001.

[Router-luser-manage-client001] password simple 123456TESTplat&!

# Authorize local user client001 to use the SSH service.

[Router-luser-manage-client001] service-type ssh

# Assign the network-admin user role to local user client001.

[Router-luser-manage-client001] authorization-attribute user-role network-admin

[Router-luser-manage-client001] quit

# Create an SSH user named client001. Specify the service type as NETCONF and the authentication method as password for the user.

[Router] ssh user client001 service-type netconf authentication-type password

Verifying the configuration

# Verify that you can perform NETCONF operations after logging in to the router. (Details not shown.)

IPSG configuration examples

Example: Configuring static IPv4SG

Network configuration

As shown in Figure 383, all hosts use static IP addresses.

Configure static IPv4SG bindings on Device A to meet the following requirements:

· All interfaces of Device A allow IP packets from Host A to pass.

· Ten-GigabitEthernet 3/0/1 of Device A allows IP packets from Host B to pass.

Figure 383 Network diagram

‌

Procedure

# Configure an IP address for each interface. (Details not shown.)

# Enable IPv4SG on Ten-GigabitEthernet 3/0/2.

<DeviceA> system-view

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] ip verify source ip-address mac-address

[DeviceA-Ten-GigabitEthernet3/0/2] quit

# Configure a static IPv4SG binding for Host A.

[DeviceA] ip source binding ip-address 192.168.0.1 mac-address 0001-0203-0406

# Enable IPv4SG on Ten-GigabitEthernet 3/0/1.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] ip verify source ip-address mac-address

# On Ten-GigabitEthernet 3/0/1, configure a static IPv4SG binding for Host B.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] ip source binding mac-address 0001-0203-0407

[DeviceA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that the static IPv4SG bindings are configured successfully on Device A.

<DeviceA> display ip source binding static

Total entries found: 2

IP Address MAC Address Interface VLAN Type

192.168.0.1 0001-0203-0406 N/A N/A Static

N/A 0001-0203-0407 XGE3/0/1 N/A Static

Example: Configuring dynamic IPv4SG using DHCP relay agent

Network configuration

As shown in Figure 384, DHCP relay agent is enabled on the router. The host obtains an IP address from the DHCP server through the DHCP relay agent.

Enable dynamic IPv4SG on Ten-GigabitEthernet 3/0/1 to filter incoming packets by using the IPv4SG bindings generated based on DHCP relay entries.

Figure 384 Network diagram

‌

Procedure

1. Configure the DHCP relay agent:

# Configure IP addresses for the interfaces. (Details not shown.)

# Enable the DHCP service.

<Router> system-view

[Router] dhcp enable

# Enable recording DHCP relay client entries.

[Router] dhcp relay client-information record

# Configure interface Ten-GigabitEthernet 3/0/1 to operate in DHCP relay mode.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] dhcp select relay

# Specify the IP address of the DHCP server.

[Router-Ten-GigabitEthernet3/0/1] dhcp relay server-address 10.1.1.1

[Router-Ten-GigabitEthernet3/0/1] quit

2. Enable IPv4SG on Ten-GigabitEthernet 3/0/1 and verify the source IP address and MAC address for dynamic IPSG.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ip verify source ip-address mac-address

[Router-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display dynamic IPv4SG bindings generated based on DHCP relay entries.

[Router] display ip source binding dhcp-relay

Total entries found: 1

IP Address MAC Address Interface VLAN Type

192.168.0.1 0001-0203-0406 XGE3/0/1 N/A DHCP relay

The output shows that Ten-GigabitEthernet 3/0/1 will filter packets based on the IPv4SG binding.

Example: Configuring static IPv6SG

Network configuration

As shown in Figure 385, configure a static IPv6SG binding on Ten-GigabitEthernet 3/0/1 of the device to allow only IPv6 packets from the host to pass.

Figure 385 Network diagram

‌

Procedure

# Enable IPv6SG on Ten-GigabitEthernet 3/0/1.

<Device> system-view

[Device] interface ten-gigabitethernet 3/0/1

[Device-Ten-GigabitEthernet3/0/1] ipv6 verify source ip-address mac-address

# On Ten-GigabitEthernet 3/0/1, configure a static IPv6SG binding for the host.

[Device-Ten-GigabitEthernet3/0/1] ipv6 source binding ip-address 2001::1 mac-address 0001-0202-0202

[Device-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that the static IPv6SG binding is configured successfully on the device.

[Device] display ipv6 source binding static

Total entries found: 1

IPv6 Address MAC Address Interface VLAN Type

2001::1 0001-0202-0202 XGE3/0/1 N/A Static

Example: Configuring dynamic IPv6SG using DHCPv6 relay agent

Network configuration

As shown in Figure 386, DHCPv6 relay agent is enabled on the router. The clients obtain IPv6 addresses from the DHCPv6 server through the DHCPv6 relay agent.

Enable dynamic IPv6SG on Ten-GigabitEthernet 3/0/1 to filter incoming packets by using the IPv6SG bindings generated based on DHCPv6 relay entries.

Figure 386 Network diagram

‌

Procedure

1. Configure the DHCPv6 relay agent:

# Specify IP addresses for the interfaces. (Details not shown.)

# Enable the DHCPv6 relay agent on Ten-GigabitEthernet 3/0/1.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ipv6 dhcp select relay

# Enable recording of DHCPv6 relay entries on the interface.

[Router-Ten-GigabitEthernet3/0/1] ipv6 dhcp relay client-information record

# Specify the DHCPv6 server address 2::2 on the relay agent.

[Router-Ten-GigabitEthernet3/0/1] ipv6 dhcp relay server-address 2::2

[Router-Ten-GigabitEthernet3/0/1] quit

2. Enable IPv6SG on Ten-GigabitEthernet 3/0/1 and verify the source IP address and MAC address for dynamic IPv6SG.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ipv6 verify source ip-address mac-address

[Router-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display dynamic IPv6SG bindings generated based on DHCPv6 relay entries.

[Router] display ipv6 source binding dhcpv6-relay

Total entries found: 1

IP Address MAC Address Interface VLAN Type

1::2 0001-0203-0406 XGE3/0/1 N/A DHCPv6 relay

The output shows that Ten-GigabitEthernet 3/0/1 will filter packets based on the IPv6SG binding.

uRPF configuration examples

Example: Configuring uRPF for interfaces

Network configuration

As shown in Figure 387, perform the following tasks:

· Configure strict uRPF check on Ten-GigabitEthernet 3/0/1 of Router B and permit packets from network 10.1.1.0/24.

· Configure strict uRPF check on Ten-GigabitEthernet 3/0/1 of Router A and allow using the default route for uRPF check.

Figure 387 Network diagram

‌

Procedure

1. Configure Router B:

# Configure ACL 2010 to permit traffic from network 10.1.1.0/24.

<RouterB> system-view

[RouterB] acl basic 2010

[RouterB-acl-ipv4-basic-2010] rule permit source 10.1.1.0 0.0.0.255

[Router-acl-ipv4-basic-2010] quit

# Specify an IP address for Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ip address 1.1.1.2 255.255.255.0

# Configure strict uRPF check on Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] ip urpf strict acl 2010

2. Configure Router A:

# Specify an IP address for Ten-GigabitEthernet 3/0/1.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 1.1.1.1 255.255.255.0

# Configure strict uRPF check on Ten-GigabitEthernet 3/0/1 and allow using the default route for uRPF check.

[RouterA-Ten-GigabitEthernet3/0/1] ip urpf strict allow-default-route

IPv6 uRPF configuration examples

Example: Configuring IPv6 uRPF for interfaces

Network configuration

As shown in Figure 388, perform the following tasks:

· Configure strict IPv6 uRPF check on Ten-GigabitEthernet 3/0/1 of Router B and permit packets from network 1010::/64.

· Configure strict IPv6 uRPF check on Ten-GigabitEthernet 3/0/1 of Router A and allow using the default route for IPv6 uRPF check.

Figure 388 Network diagram

‌

Procedure

1. Configure Router B:

# Configure IPv6 ACL 2010 to permit traffic from network 1010::/64.

<RouterB> system-view

[RouterB] acl ipv6 basic 2010

[RouterB-acl-ipv6-basic-2010] rule permit source 1010:: 64

[RouterB-acl-ipv6-basic-2010] quit

# Specify an IPv6 address for Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 address 1000::2/64

# Configure strict uRPF check on Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 urpf strict acl 2010

2. Configure Router A:

# Specify an IPv6 address for Ten-GigabitEthernet 3/0/1.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 1000::1/64

# Configure strict uRPF check on Ten-GigabitEthernet 3/0/1 and allow using the default route for IPv6 uRPF check.

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 urpf strict allow-default-route

SAVA configuration examples

Example: Configuring SAVA on border devices directly connected the LAN

Network configuration

As shown in Figure 389, legal users in the LAN use prefixes 2000::/64 and 2001::/64. Configure SAVA on Ten-GigabitEthernet3/0/1 of Device B and Device C to meet the following requirements:

Device C creates a SAVA entry upon receiving an IPv6 route with prefix 2001::/64.

The LAN-side interface on Device C filters packets from users in the LAN based on SAVA entries.

Figure 389 Network diagram

‌

Table 144 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	XGE3/0/1	192:168::12:1/120	Device B	XGE3/0/1	2001::1/64
Device A	XGE3/0/2	192:168::22:1/120	Device B	XGE3/0/2	192:168::22:2/120
Device C	XGE3/0/1	2000::2/64	—	—	—
Device C	XGE3/0/2	192:168::12:2/120	—	—	—

‌

Prerequisites

1. Assign IPv6 addresses to interfaces on the devices.

2. Configure OSPFv3 on the backbone network. For more information, see OSPFv3 configuration in Layer 3—IP Routing Configuration Guide.

Procedure

1. Configure Device B:

# Enable SAVA on Ten-GigabitEthernet3/0/1 (the LAN-side interface).

<DeviceB> system-view

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] ipv6 sava enable

# Configure routing policy named ttt, configure node 10 in permit mode to permit routes with the output interface Ten-GigabitEthernet3/0/1 and to set a tag of 100 for IGP routes.

[DeviceB] route-policy ttt permit node 10

[DeviceB-route-policy-ttt-10] if-match interface ten-gigabitethernet 3/0/1

[DeviceB-route-policy-ttt-10] apply tag 100

[DeviceB-route-policy-ttt-10] quit

# Configure OSPFv3 process 1 to redistribute direct routes permitted by routing policy ttt.

[DeviceB] ospfv3 1

[DeviceB-ospfv3-1] import-route direct route-policy ttt

[DeviceB-ospfv3-1] quit

2. Configure Device C:

# Enable SAVA on Ten-GigabitEthernet3/0/1 (the LAN-side interface).

<DeviceC> system-view

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] ipv6 sava enable

# Configure Ten-GigabitEthernet3/0/1 to redistribute remote routes with route tag 100.

[DeviceC-Ten-GigabitEthernet3/0/1] ipv6 sava import remote-tag 100

[DeviceC-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Display SAVA entries on Device C.

[DeviceC] display ipv6 sava

IPv6 SAVA entry count: 2

Destination: 2000:: Prefix length: 64

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2001:: Prefix length: 64

Interface: XGE3/0/1 Flags: R

VPN instance: --

The output shows that Device C created a SAVA entry with prefix 2001::. When Device C receives an IPv6 packet with prefix 2001:: on Ten-GigabitEthernet3/0/1, it will forward the packet.

Example: Configuring SAVA on border devices indirectly connected the LAN (OSPFv3)

Network configuration

As shown in Figure 390, OSPFv3 runs on the core network. Configure the devices to meet the following requirements:

Enable SAVA on Ten-GigabitEthernet3/0/1 of Device B and Device D to filter packets based on SAVA entries.

On Device C, configure a static route to the LAN with next-hop device Device A. Enable OSPFv3 link tag inheritance to statically tag routes to the LAN.

Configure OSPFv3 on Device B and Device A to synchronize routes to the LAN. Enable OSPFv3 link tag inheritance and set the OSPFv3 link tag to dynamically tag routes to the LAN.

Figure 390 Network diagram

‌

Table 145 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	XGE3/0/1	2001::2/64	Device B	XGE3/0/1	192:168::12:2/120
Device A	XGE3/0/2	2000::2/64	Device B	XGE3/0/2	192:168::34:3/120
Device A	XGE3/0/3	192:168::12:1/120	—	—	—
Device A	XGE3/0/4	192:168::22:1/120	—	—	—
Device C	XGE3/0/1	192:168::34:4/120	Device D	XGE3/0/1	192:168::22:2/120
Device C	XGE3/0/2	192:168::46:4/120	Device D	XGE3/0/2	192:168::56:5/120
Device E	XGE3/0/1	192:168::56:6/120	—	—	—
Device E	XGE3/0/2	192:168::46:6/120	—	—	—

‌

Prerequisites

Assign IPv6 addresses to interfaces on the devices.

Procedure

1. Configure Device A:

# Configure OSPFv3.

<DeviceA> system-view

[DeviceA] ospfv3 1

[DeviceA-ospfv3-1] router-id 1.1.1.1

[DeviceA-ospfv3-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0.0.0.0

[DeviceA-Ten-GigabitEthernet3/0/3] quit

2. Configure Device B:

# Configure OSPFv3.

<DeviceB> system-view

[DeviceB] ospfv3 1

[DeviceB-ospfv3-1] router-id 2.2.2.2

[DeviceB-ospfv3-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Enable OSPFv3 link tag inheritance.

[DeviceB] ospfv3 1

[DeviceB-ospfv3-1] link-tag inherit enable

[DeviceB-ospfv3-1] quit

# Set the OSPFv3 link tag for Ten-GigabitEthernet3/0/1 to 100.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] ospfv3 link-tag 100

# Enable SAVA on Ten-GigabitEthernet3/0/1.

[DeviceB-Ten-GigabitEthernet3/0/1] ipv6 sava enable

# Configure Ten-GigabitEthernet3/0/1 to redistribute remote routes with route tag 100.

[DeviceB-Ten-GigabitEthernet3/0/1] ipv6 sava import remote-route-tag 100

[DeviceB-Ten-GigabitEthernet3/0/1] quit

3. Configure Device D:

# Configure a static route, whose destination address is 2000:: /64, next hop address is FE80::1 (a link-local IPv6 address on Device A), and tag value is 100.

<DeviceD> system-view

[DeviceD] ipv6 route-static 2000:: 64 ten-gigabitethernet 3/0/1 FE80::1 tag 100

# Configure routing policy named sava, configure node 10 in permit mode to permit routes with the output interface Ten-GigabitEthernet3/0/1.

[DeviceD] route-policy sava permit node 10

[DeviceD-route-policy-sava-10] if-match interface ten-gigabitethernet 3/0/1

[DeviceD-route-policy-sava-10] quit

# Configure OSPFv3.

[DeviceD] ospfv3 1

[DeviceD-ospfv3-1] router-id 4.4.4.4

[DeviceD-ospfv3-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[DeviceD-Ten-GigabitEthernet3/0/2] quit

# Configure OSPFv3 process 1 to redistribute direct routes permitted by routing policy sava.

[DeviceD] ospfv3 1

[DeviceD-ospfv3-1] import-route static route-policy sava

# Enable OSPFv3 link tag inheritance.

[DeviceD-ospfv3-1] link-tag inherit enable

[DeviceD-ospfv3-1] quit

# Enable SAVA on Ten-GigabitEthernet3/0/1.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] ipv6 sava enable

# Configure Ten-GigabitEthernet3/0/1 to redistribute remote routes with route tag 100.

[DeviceD-Ten-GigabitEthernet3/0/1] ipv6 sava import remote-route-tag 100

[DeviceD-Ten-GigabitEthernet3/0/1] quit

4. Configure Device C:

# Configure OSPFv3.

<DeviceC> system-view

[DeviceC] ospfv3 1

[DeviceC-ospfv3-1] router-id 3.3.3.3

[DeviceC-ospfv3-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[DeviceC-Ten-GigabitEthernet3/0/2] quit

5. Configure Device E:

# Configure OSPFv3.

<DeviceE> system-view

[DeviceE] ospfv3 1

[DeviceE-ospfv3-1] router-id 5.5.5.5

[DeviceE-ospfv3-1] quit

[DeviceE] interface ten-gigabitethernet 3/0/1

[DeviceE-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[DeviceE-Ten-GigabitEthernet3/0/1] quit

[DeviceE] interface ten-gigabitethernet 3/0/2

[DeviceE-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[DeviceE-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Display SAVA entries on Device D.

[DeviceD] display ipv6 sava

IPv6 SAVA entry count: 4

Destination:192:168::12:0 Prefix length: 120

Interface: XGE3/0/1 Flags: R

VPN instance: --

Destination:192:168::22:0 Prefix length: 120

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2000:: Prefix length: 64

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2001:: Prefix length: 64

Interface: XGE3/0/1 Flags: R

VPN instance: --

The output shows that Device D created SAVA entries with prefix 2000:: and 2001::. When Device D receives an IPv6 packet with prefix 2000:: or 2001:: on Ten-GigabitEthernet3/0/1, it will forward the packet.

# Display SAVA entries on Device B.

[DeviceB] display ipv6 sava

IPv6 SAVA entry count: 3

Destination:192:168::12:0 Prefix length: 120

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2000:: Prefix length: 64

Interface: XGE3/0/1 Flags: R

VPN instance: --

Destination: 2001:: Prefix length: 64

Interface: XGE3/0/1 Flags: L

VPN instance: --

The output shows that Device B created SAVA entries with prefix 2000:: and 2001::. When Device B receives an IPv6 packet with prefix 2000:: or 2001:: on Ten-GigabitEthernet3/0/1, it will forward the packet.

Example: Configuring SAVA on border devices indirectly connected the LAN (IPv6 IS-IS)

Network configuration

As shown in Figure 391, IPv6 IS-IS runs on the core network. Configure the devices to meet the following requirements:

Enable SAVA on Ten-GigabitEthernet3/0/1 of Device B and Device D to filter packets based on SAVA entries.

On Device C, configure a static route to the LAN with next-hop device Device A. Enable IPv6 IS-IS link tag inheritance to statically tag routes to the LAN.

Configure IPv6 IS-IS on Device B and Device A to synchronize routes to the LAN. Enable IPv6 IS-IS link tag inheritance and set the IPv6 IS-IS link tag to dynamically tag routes to the LAN.

Figure 391 Network diagram

‌

Table 146 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	XGE3/0/1	2001::2/64	Device B	XGE3/0/1	192:168::12:2/120
Device A	XGE3/0/2	2000::2/64	Device B	XGE3/0/2	192:168::34:3/120
Device A	XGE3/0/3	192:168::12:1/120	—	—	—
Device A	GE1/0/4	192:168::22:1/120	—	—	—
Device C	XGE3/0/1	192:168::34:4/120	Device D	XGE3/0/1	192:168::22:2/120
Device C	XGE3/0/2	192:168::46:4/120	Device D	XGE3/0/2	192:168::56:5/120
Device E	XGE3/0/1	192:168::56:6/120	—	—	—
Device E	XGE3/0/2	192:168::46:6/120	—	—	—

‌

Prerequisites

Assign IPv6 addresses to interfaces on the devices.

Procedure

1. Configure Device A:

# Configure IPv6 IS-IS.

<DeviceA> system-view

[DeviceA] isis 1

[DeviceA-isis-1] is-level level-2

[DeviceA-isis-1] network-entity 10.0000.0000.0001.00

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] address-family ipv6

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/3] quit

2. Configure Device B:

# Configure IPv6 IS-IS.

<DeviceB> system-view

[DeviceB] isis 1

[DeviceB-isis-1] is-level level-2

[DeviceB-isis-1] network-entity 10.0000.0000.0002.00

[DeviceB-isis-1] cost-style wide

[DeviceB-isis-1] address-family ipv6

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/1] quit

[DeviceB] interface ten-gigabitethernet 3/0/2

[DeviceB-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceB-Ten-GigabitEthernet3/0/2] quit

# Enable IPv6 IS-IS link tag inheritance.

[DeviceB] isis 1

[DeviceB-isis-1] address-family ipv6

[DeviceB-isis-1-ipv6] link-tag inherit enable

[DeviceB-isis-1-ipv6] quit

[DeviceB-isis-1] quit

# Set the IPv6 IS-IS link tag for Ten-GigabitEthernet3/0/1 to 100.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] isis ipv6 link-tag 100

# Enable SAVA on Ten-GigabitEthernet3/0/1.

[DeviceB-Ten-GigabitEthernet3/0/1] ipv6 sava enable

# Configure Ten-GigabitEthernet3/0/1 to redistribute remote routes with route tag 100.

[DeviceB-Ten-GigabitEthernet3/0/1] ipv6 sava import remote-route-tag 100

[DeviceB-Ten-GigabitEthernet3/0/1] quit

3. Configure Device D:

# Configure a static route, whose destination address is 2000:: /64, next hop address is FE80::1 (a link-local IPv6 address on Device A), and tag value is 100.

<DeviceD> system-view

[DeviceD] ipv6 route-static 2000:: 64 ten-gigabitethernet 3/0/1 FE80::1 tag 100

# Configure routing policy named sava, configure node 10 in permit mode to permit routes with the output interface Ten-GigabitEthernet3/0/1.

[DeviceD] route-policy sava permit node 10

[DeviceD-route-policy-sava-10] if-match interface ten-gigabitethernet 3/0/1

[DeviceD-route-policy-sava-10] quit

# Configure IPv6 IS-IS.

[DeviceD] isis 1

[DeviceD-isis-1] is-level level-2

[DeviceD-isis-1] network-entity 10.0000.0000.0004.00

[DeviceD-isis-1] cost-style wide

[DeviceD-isis-1] address-family ipv6

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceD-Ten-GigabitEthernet3/0/2] quit

# Configure IS-IS process 1 to redistribute direct routes permitted by routing policy sava.

[DeviceD] isis 1

[DeviceD-isis-1] address-family ipv6

[DeviceD-isis-1-ipv6] import-route static route-policy sava level-2

# Enable IPv6 IS-IS link tag inheritance.

[DeviceD-isis-1-ipv6] link-tag inherit enable

[DeviceD-isis-1-ipv6] quit

[DeviceD-isis-1] quit

# Enable SAVA on Ten-GigabitEthernet3/0/1.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] ipv6 sava enable

# Configure Ten-GigabitEthernet3/0/1 to redistribute remote routes with route tag 100.

[DeviceD-Ten-GigabitEthernet3/0/1] ipv6 sava import remote-route-tag 100

[DeviceD-Ten-GigabitEthernet3/0/1] quit

4. Configure Device C:

# Configure IPv6 IS-IS.

<DeviceC> system-view

[DeviceC] isis 1

[DeviceC-isis-1] is-level level-2

[DeviceC-isis-1] network-entity 10.0000.0000.0003.00

[DeviceC-isis-1] cost-style wide

[DeviceC-isis-1] address-family ipv6

[DeviceC-isis-1-ipv6] quit

[DeviceC-isis-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/1] quit

[DeviceC] interface ten-gigabitethernet 3/0/2

[DeviceC-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceC-Ten-GigabitEthernet3/0/2] quit

5. Configure Device E:

# Configure IPv6 IS-IS.

<DeviceE> system-view

[DeviceE] isis 1

[DeviceE-isis-1] is-level level-2

[DeviceE-isis-1] network-entity 10.0000.0000.0005.00

[DeviceE-isis-1] cost-style wide

[DeviceE-isis-1] address-family ipv6

[DeviceE-isis-1-ipv6] quit

[DeviceE-isis-1] quit

[DeviceE] interface ten-gigabitethernet 3/0/1

[DeviceE-Ten-GigabitEthernet3/0/1] isis ipv6 enable 1

[DeviceE-Ten-GigabitEthernet3/0/1] quit

[DeviceE] interface ten-gigabitethernet 3/0/2

[DeviceE-Ten-GigabitEthernet3/0/2] isis ipv6 enable 1

[DeviceE-Ten-GigabitEthernet3/0/2] quit

Verifying the configuration

# Display SAVA entries on Device D.

[DeviceD] display ipv6 sava

IPv6 SAVA entry count: 3

Destination:192:168::22:0 Prefix length: 120

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2000:: Prefix length: 64

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2001:: Prefix length: 64

Interface: XGE3/0/1 Flags: R

VPN instance: --

# Display SAVA entries on Device B.

[DeviceB] display ipv6 sava

IPv6 SAVA entry count: 3

Destination:192:168::12:0 Prefix length: 120

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2000:: Prefix length: 64

Interface: XGE3/0/1 Flags: R

VPN instance: --

Destination: 2001:: Prefix length: 64

Interface: XGE3/0/1 Flags: L

VPN instance: --

The output shows that Device B created SAVA entries with prefix 2000:: and 2001::. When Device D receives an IPv6 packet with prefix 2000:: or 2001:: on Ten-GigabitEthernet3/0/1, it will forward the packet.

Example: Configuring SAVA on inter-AS border devices indirectly connected the LAN

Network configuration

As shown in Figure 392, configure the devices to meet the following requirements:

Configure SAVA on Ten-GigabitEthernet3/0/1 of Device B and Device D to filter packets based on SAVA entries.

Configure remote route tagging. Device B and Device C in AS 100 and Device D and Device E in AS 200 exchange routes through IGP (for example, OSPFv3). Device C and Device E in different ASs exchange routes through BGP. The devices create SAVA entries based on the synchronized remote routes.

Figure 392 Network diagram

‌

Table 147 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
Device A	XGE3/0/1	2001::2/64	Device B	XGE3/0/1	192:168::12:2/120
Device A	XGE3/0/2	2000::2/64	Device B	XGE3/0/2	192:168::23:2/120
Device A	XGE3/0/3	192:168::12:1/120	—	—	—
Device A	XGE3/0/4	192:168::22:1/120	—	—	—
Device C	XGE3/0/1	192:168::23:3/120	Device D	XGE3/0/1	192:168::22:2/120
Device C	XGE3/0/2	192:168::34:3/120	Device D	XGE3/0/2	192:168::45:4/120
Device E	XGE3/0/1	192:168::45:5/120	—	—	—
Device E	XGE3/0/2	192:168::34:4/120	—	—	—

‌

Prerequisites

Assign IPv6 addresses to interfaces on the devices.

Procedure

1. Configure Device B:

# Configure a static route, whose destination address is 2001:: 64, next hop address is FE80::1 (a link-local IPv6 address on Device A), and tag value is 100.

<DeviceB> system-view

[DeviceB] ipv6 route-static 2001:: 64 ten-gigabitethernet 3/0/1 FE80::1 tag 100

# Configure routing policy sava and configure node 10 in permit mode for the routing policy to permit routes with the output interface Ten-GigabitEthernet3/0/1.

[DeviceB] route-policy sava permit node 10

[DeviceB-route-policy-sava-10] if-match interface ten-gigabitethernet 3/0/1

[DeviceB-route-policy-sava-10] quit

# Configure OSPFv3.

[DeviceB] ospfv3 1

[DeviceB-ospfv3-1] router-id 2.2.2.2

[DeviceB-ospfv3-1] quit

[DeviceB] interface ten-gigabitethernet 3/0/3

[DeviceB-Ten-GigabitEthernet3/0/3] ospfv3 1 area 0.0.0.0

[DeviceB-Ten-GigabitEthernet3/0/3] quit

# Configure Ten-GigabitEthernet3/0/1 to redistribute remote routes with route tag 100.

[DeviceB] ospfv3 1

[DeviceB-ospfv3-1] import-route static route-policy sava

[DeviceB-ospfv3-1] quit

# Enable SAVA on Ten-GigabitEthernet3/0/1.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] ipv6 sava enable

# Configure Ten-GigabitEthernet3/0/1 to redistribute remote routes with route tag 100.

[DeviceB-Ten-GigabitEthernet3/0/1] ipv6 sava import remote-route-tag 100

[DeviceB-Ten-GigabitEthernet3/0/1] quit

2. Configure Device D:

# Configure a static route, whose destination address is 2000:: 64, next hop address is FE80::1 (a link-local IPv6 address on Device A), and tag value is 100.

<DeviceD> system-view

[DeviceD] ipv6 route-static 2000:: 64 ten-gigabitethernet 3/0/1 FE80::1 tag 100

# Configure routing policy named sava, configure node 10 in permit mode to permit routes with the output interface Ten-GigabitEthernet3/0/1.

[DeviceD] route-policy sava permit node 10

[DeviceD-route-policy-sava-10] if-match interface ten-gigabitethernet 3/0/1

[DeviceD-route-policy-sava-10] quit

# Configure OSPFv3.

[DeviceD] ospfv3 1

[DeviceD-ospfv3-1] router-id 4.4.4.4

[DeviceD-ospfv3-1] quit

[DeviceD] interface ten-gigabitethernet 3/0/2

[DeviceD-Ten-GigabitEthernet3/0/2] ospfv3 1 area 0.0.0.0

[DeviceD-Ten-GigabitEthernet3/0/2] quit

# Configure OSPFv3 process 1 to redistribute remote routes permitted by routing policy sava.

[DeviceD] ospfv3 1

[DeviceD-ospfv3-1] import-route static route-policy sava

[DeviceD-ospfv3-1] quit

# Enable SAVA on Ten-GigabitEthernet3/0/1.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] ipv6 sava enable

# Configure Ten-GigabitEthernet3/0/1 to redistribute remote routes with route tag 100.

[DeviceD-Ten-GigabitEthernet3/0/1] ipv6 sava import remote-route-tag 100

[DeviceD-Ten-GigabitEthernet3/0/1] quit

3. Configure Device C:

# Configure routing policy named sava-exp, configure node 0 in permit mode to permit routes with tag 100 and to set the 10:10 community attribute for BGP.

[DeviceC] route-policy sava-exp permit node 0

[DeviceC-route-policy-sava-exp-0] if-match tag 100

[DeviceC-route-policy-sava-exp-0] apply community 10:10

[DeviceC-route-policy-sava-exp-0] quit

# Enable BGP to exchange routing information for IPv6 address family with peer 192:168::34:4 in AS 200.

[DeviceC] bgp 100

[DeviceC-bgp-default] router-id 3.3.3.3

[DeviceC-bgp-default] peer 192:168::34:4 as 200

[DeviceC-bgp-default] address-family ipv6

[DeviceC-bgp-default-ipv6] peer 192:168::34:4 enable

[DeviceC-bgp-default-ipv6] peer 192:168::34:4 advertise-community

# Configure BGP to redistribute routes from OSPFv3 process 1, and apply routing policy sava-exp to routes outgoing to peer 192:168::34:4.

[DeviceC-bgp-default-ipv6] import-route ospfv3 1

[DeviceC-bgp-default-ipv6] peer 192:168::34:4 route-policy sava-exp export

[DeviceC-bgp-default-ipv6] quit

[DeviceC-bgp-default] quit

# Configure basic community list 1 to permit routes with the 10:10 community attribute.

[DeviceC] ip community-list 1 permit 10:10

# Configure a routing policy named sava-imp, and configure node 10 in permit mode for the routing policy to use community list 1 to match BGP routes and to set the tag to 100.

[DeviceC] ip community-list 1 permit 10:10

[DeviceC] route-policy sava-imp permit node 0

[DeviceC-route-policy-sava-imp-0] if-match community 1

[DeviceC-route-policy-sava-imp-0] apply tag 100

[DeviceC-route-policy-sava-imp-0] quit

# Apply routing policy sava-imp to routes incoming from peer 192:168::34:4.

[DeviceC] bgp 100

[DeviceC-bgp-default] address-family ipv6

[DeviceC-bgp-default-ipv6] peer 192:168::34:4 route-policy sava-imp import

[DeviceC-bgp-default-ipv6] quit

[DeviceC-bgp-default] quit

# Configure OSPFv3.

[DeviceC] ospfv3 1

[DeviceC-ospfv3-1] router-id 3.3.3.3

[DeviceC-ospfv3-1] quit

[DeviceC] interface ten-gigabitethernet 3/0/1

[DeviceC-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[DeviceC-Ten-GigabitEthernet3/0/1] quit

# Configure OSPFv3 process 1 to redistribute routes from IPv6 BGP.

[DeviceC] ospfv3 1

[DeviceC-ospfv3-1] import-route bgp4+

[DeviceC-ospfv3-1] quit

4. Configure Device E:

# Configure routing policy named sava-exp, configure node 0 in permit mode to permit routes with tag 100 and to set the 10:10 community attribute for BGP.

[DeviceE] route-policy sava-exp permit node 0

[DeviceE-route-policy-sava-exp-0] if-match tag 100

[DeviceE-route-policy-sava-exp-0] apply community 10:10

[DeviceE-route-policy-sava-exp-0] quit

# Enable BGP to exchange routing information for IPv6 address family with peer 192:168::34:3 in AS 100.

[DeviceE] bgp 200

[DeviceE-bgp-default] router-id 5.5.5.5

[DeviceE-bgp-default] peer 192:168::34:3 as 100

[DeviceE-bgp-default] address-family ipv6

[DeviceE-bgp-default-ipv6] peer 192:168::34:3 enable

[DeviceE-bgp-default-ipv6] peer 192:168::34:3 advertise-community

# Configure BGP to redistribute routes from OSPFv3 process 1, and apply routing policy sava-exp to routes outgoing to peer 192:168::34:3.

[DeviceE-bgp-default-ipv6] import-route ospfv3

[DeviceE-bgp-default-ipv6] peer 192:168::34:3 route-policy sava-exp export

[DeviceE-bgp-default-ipv6] quit

[DeviceE-bgp-default] quit

# Configure basic community list 1 to permit routes with the 10:10 community attribute.

[DeviceE] ip community-list 1 permit 10:10

# Configure a routing policy named sava-imp, and configure node 10 in permit mode for the routing policy to use community list 1 to match BGP routes and to set the tag to 100.

[DeviceE] route-policy sava-imp permit node 0

[DeviceE-route-policy-sava-imp-0] if-match community 1

[DeviceE-route-policy-sava-imp-0] apply tag 100

[DeviceE-route-policy-sava-imp-0] quit

# Apply routing policy sava-imp to routes incoming from peer 192:168::34:4.

[DeviceE] bgp 200

[DeviceE-bgp-default] address-family ipv6

[DeviceE-bgp-default-ipv6] peer 192:168::34:3 route-policy sava-imp import

[DeviceE-bgp-default-ipv6] quit

[DeviceE-bgp-default] quit

# Configure OSPFv3.

[DeviceE] ospfv3 1

[DeviceE-ospfv3-1] router-id 5.5.5.5

[DeviceE-ospfv3-1] quit

[DeviceE] interface ten-gigabitethernet 3/0/1

[DeviceE-Ten-GigabitEthernet3/0/1] ospfv3 1 area 0.0.0.0

[DeviceE-Ten-GigabitEthernet3/0/1] quit

# Configure OSPFv3 process 1 to redistribute routes from IPv6 BGP.

[DeviceE] ospfv3 1

[DeviceE-ospfv3-1] import-route bgp4+

[DeviceE-ospfv3-1] quit

Verifying the configuration

# Display SAVA entries on Device D.

[DeviceD] display ipv6 sava

IPv6 SAVA entry count: 3

Destination:192:168::22:0 Prefix length: 120

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2000:: Prefix length: 64

Interface: XGE3/0/1 Flags: L

VPN instance: --

Destination: 2001:: Prefix length: 64

Interface: XGE3/0/1 Flags: R

VPN instance: --

# Display SAVA entries on Device B.

[DeviceB] display ipv6 sava

IPv6 SAVA entry count: 3

Destination:192:168::12:0 Prefix length: 120

Interface: XGE3/0/2 Flags: L

VPN instance: --

Destination: 2000:: Prefix length: 64

Interface: XGE3/0/2 Flags: R

VPN instance: --

Destination: 2001:: Prefix length: 64

Interface: XGE3/0/2 Flags: L

VPN instance: --

SAVA-P configuration examples

Example: Configuring SAVA-P basic network

Network configuration

As shown in Figure 393, valid users in the LAN use prefix 10::/64. Configure SAVA-P on Device A and Device B to meet the following requirements:

· Device A and Device B establish SAVA-P neighbor relationship and create SAVA-P entries through the SPA and DPP packets communicated between them.

· Device A and Device B perform source address validity check and filter packets from the user network based on SAVA-P entries.

Figure 393 Network diagram

‌

Prerequisites

1. Assign IPv6 addresses to interfaces on the devices.

2. Configure OSPFv3 on the backbone network. For more information, see OSPFv3 configuration in Layer 3—IP Routing Configuration Guide.

Procedure

1. Configure Device A:

# Enable SAVA-P.

<DeviceA> system-view

[DeviceA] ipv6 sava protocol enable

# Specify the router ID and IPv6 transport address.

[DeviceA] ipv6 sava protocol id 1.1.1.1 transport-address 1::9

# Specify interface Ten-GigabitEthernet3/0/1 as a UNI and specify interface Ten-GigabitEthernet3/0/2 as a NNI.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] ipv6 sava protocol port-type uni

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] ipv6 sava protocol port-type nni

[DeviceA-Ten-GigabitEthernet3/0/2] quit

2. Configure Device B:

# Enable SAVA-P.

<DeviceB> system-view

[DeviceB] ipv6 sava protocol enable

# Specify the router ID and IPv6 transport address.

[DeviceB] ipv6 sava protocol id 2.2.2.2 transport-address 2::9

# Specify the SAVA-P interface type.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] ipv6 sava protocol port-type nni

Verifying the configuration

# Display SAVA-P entries on Device B.

<DeviceB> display ipv6 sava protocol entry

IPv6 SAVA protocol entry count: 4

Destination/Prefix length Interface VPN instance

10::/64 XGE3/0/1 --

10::1/128 XGE3/0/1 --

20::/64 XGE3/0/1 --

20::1/128 XGE3/0/1 --

The output shows that Device B learned the SAVA-P entry corresponding to the source prefix of Device A. When Device B receives a user-side packet from Device A, it can perform packet source address validity check based on the SAVA-P entry.

Trust level configuration examples

Example: Configuring trust levels

Network configuration

Three terminals are deployed in a trust network: IP phone (with security level 1), host (with security level 2), and DHCP server (with security level 3).

Device A and Device E are the most trusted, with trust level 7. The trust level of Device B is the lowest, which is 1. The trust level of Device C and Device D is medium, which is 3.

According to the security level of the terminals, trusted forwarding of the packets generated by the terminals is as follows:

· The packets generated by the IP phone are forwarded in three paths: Device A > Device B > Device E, Device A > Device C > Device E, and Device A > Device D > Device E.

· The packets generated by the host are forwarded in two paths: Device A > Device C > Device E and Device A > Device D > Device E.

· The packets generated by the DHCP server are forwarded in two paths: Device A > Device C > Device E and Device A > Device D > Device E.

Figure 394 Trust level configuration network diagram

‌

Prerequisites

1. Plan the parameters needed for trusted forwarding, as shown in Table 148 and Table 149.

Table 148 Planning of IS-IS System IDs

Network transmission device	Trust level	IS-IS System ID	SRv6 locator
DeviceA	7	0000.0000.0001	AA:xx::/64 (xx is a flexible algorithm identifier)
DeviceB	1	0000.0000.0002	BB:xx::/64 (xx is a flexible algorithm identifier)
DeviceC	3	0000.0000.0003	CC:xx::/64 (xx is a flexible algorithm identifier)
DeviceD	3	0000.0000.0004	DD:xx::/64 (xx is a flexible algorithm identifier)
DeviceE	7	0000.0000.0005	EE:xx::/64 (xx is a flexible algorithm identifier)

‌

Table 149 Planning of packet security levels, service classes, and flexible algorithms

Security level	Service class value	Flexible algorithm identifier
0	0	130
1	1	131
2	2	132
3	3	133
4	4	134
5	5	135
6	6	136
7	7	137

‌

2. Configure SSL:

a. Configure Device A as the SSL server.

b. Configure Device B, Device C, Device D, and Device E as the SSL clients.

c. Establish SSL connection between the SSL server and the SSL clients.

For more information about SSL, see "Configuring SSL."

3. Configure basic IS-IS.

Configure basic IS-IS on Device A, Device B, Device C, Device D, and Device E to make sure IS-IS packets can communicate with each other. For more information about IS-IS, see Layer 3—IP Routing Configuration Guide.

4. Configure boundary points.

According to the generation rules of boundary points, generate eight boundary points: boundary point 0 to boundary point 7. The eight boundary points in this example are ::8000:0:0:0, ::2000:0:0:0, ::4000:0:0:0, ::6000:0:0:0, ::, ::A000:0:0:0, ::C000:0:0:0, ::E000:0:0:0.

Procedure

1. Configure Device A (trust level server):

a. Configure trust levels.

# Configure trust level policy a, b, c, d, and e for Device A, Device B, Device C, Device D, and Device E.

<DeviceA> system-view

[DeviceA] trust-level

[DeviceA-trust-level] server enable

[DeviceA-trust-level-server] quit

[DeviceA-trust-level] policy a

[DeviceA-trust-level-policy-a] isis-system-id 0000.0000.0001

[DeviceA-trust-level-policy-a] trust level 7

[DeviceA-trust-level-policy-a] policy b

[DeviceA-trust-level-policy-b] isis-system-id 0000.0000.0002

[DeviceA-trust-level-policy-b] trust level 1

[DeviceA-trust-level-policy-b] policy c

[DeviceA-trust-level-policy-c] isis-system-id 0000.0000.0003

[DeviceA-trust-level-policy-c] trust level 3

[DeviceA-trust-level-policy-c] policy d

[DeviceA-trust-level-policy-d] isis-system-id 0000.0000.0004

[DeviceA-trust-level-policy-d] trust level 3

[DeviceA-trust-level-policy-d] policy e

[DeviceA-trust-level-policy-e] isis-system-id 0000.0000.0005

[DeviceA-trust-level-policy-e] trust level 7

[DeviceA-trust-level-policy-e] quit

# Configure the boundary points for extracting the security levels of packets.

[DeviceA-trust-level] boundary origin-point ::8000:0:0:0 level-point ::2000:0:0:0 ::4000:0:0:0 ::6000:0:0:0 :: ::A000:0:0:0 ::C000:0:0:0 ::E000:0:0:0

# Configure the flexible algorithms and the service classes for security level 0 to 7.

[DeviceA-trust-level] security-level 0

[DeviceA-trust-level-sec-0] service-class 0

[DeviceA-trust-level-sec-0] flex-algo 130

[DeviceA-trust-level-sec-0] security-level 1

[DeviceA-trust-level-sec-1] service-class 1

[DeviceA-trust-level-sec-1] flex-algo 131

[DeviceA-trust-level-sec-1] security-level 2

[DeviceA-trust-level-sec-2] service-class 2

[DeviceA-trust-level-sec-2] flex-algo 132

[DeviceA-trust-level-sec-2] security-level 3

[DeviceA-trust-level-sec-3] service-class 3

[DeviceA-trust-level-sec-3] flex-algo 133

[DeviceA-trust-level-sec-3] security-level 4

[DeviceA-trust-level-sec-4] service-class 4

[DeviceA-trust-level-sec-4] flex-algo 134

[DeviceA-trust-level-sec-4] security-level 5

[DeviceA-trust-level-sec-5] service-class 5

[DeviceA-trust-level-sec-5] flex-algo 135

[DeviceA-trust-level-sec-5] security-level 6

[DeviceA-trust-level-sec-6] service-class 6

[DeviceA-trust-level-sec-6] flex-algo 136

[DeviceA-trust-level-sec-6] security-level 7

[DeviceA-trust-level-sec-7] service-class 7

[DeviceA-trust-level-sec-7] flex-algo 137

[DeviceA-trust-level-sec-7] quit

[DeviceA-trust-level] quit

# Enable the trust level feature on Ten-GigabitEthernet3/0/1, Ten-GigabitEthernet3/0/2, and Ten-GigabitEthernet3/0/3 of Device A.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] port trust-level enable

[DeviceA-Ten-GigabitEthernet3/0/1] quit

[DeviceA] interface ten-gigabitethernet 3/0/2

[DeviceA-Ten-GigabitEthernet3/0/2] port trust-level enable

[DeviceA-Ten-GigabitEthernet3/0/2] quit

[DeviceA] interface ten-gigabitethernet 3/0/3

[DeviceA-Ten-GigabitEthernet3/0/3] port trust-level enable

[DeviceA-Ten-GigabitEthernet3/0/3] quit

b. Configure IS-IS.

# Configure an IS-IS System ID and enable IPv6 IS-IS.

[DeviceA] isis 1

[DeviceA-isis-1] network-entity 00.0000.0000.0001.00

[DeviceA-isis-1] cost-style wide

[DeviceA-isis-1] address-family ipv6 unicast

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

[DeviceA] interface ten-gigabitethernet 3/0/5

[DeviceA-Ten-GigabitEthernet3/0/5] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/5] quit

[DeviceA] interface ten-gigabitethernet 3/0/6

[DeviceA-Ten-GigabitEthernet3/0/6] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/6] quit

[DeviceA] interface ten-gigabitethernet 3/0/7

[DeviceA-Ten-GigabitEthernet3/0/7] isis ipv6 enable 1

[DeviceA-Ten-GigabitEthernet3/0/7] quit

[DeviceA] interface loopback 0

[DeviceA-LoopBack0] isis ipv6 enable 1

[DeviceA-LoopBack0] quit

# Configure flexible algorithm 130 to 137 matching with the trust levels.

[DeviceA] isis 1

[DeviceA-isis-1] flex-algo 130

[DeviceA-isis-1-flex-algo-130] trust-level-mapping enable

[DeviceA-isis-1-flex-algo-130] advertise-definition enable

[DeviceA-isis-1-flex-algo-130] quit

[DeviceA-isis-1] flex-algo 131

[DeviceA-isis-1-flex-algo-131] trust-level-mapping enable

[DeviceA-isis-1-flex-algo-131] advertise-definition enable

[DeviceA-isis-1-flex-algo-131] quit

[DeviceA-isis-1] flex-algo 132

[DeviceA-isis-1-flex-algo-132] trust-level-mapping enable

[DeviceA-isis-1-flex-algo-132] advertise-definition enable

[DeviceA-isis-1-flex-algo-132] quit

[DeviceA-isis-1] flex-algo 133

[DeviceA-isis-1-flex-algo-133] trust-level-mapping enable

[DeviceA-isis-1-flex-algo-133] advertise-definition enable

[DeviceA-isis-1-flex-algo-133] quit

[DeviceA-isis-1] flex-algo 134

[DeviceA-isis-1-flex-algo-134] trust-level-mapping enable

[DeviceA-isis-1-flex-algo-134] advertise-definition enable

[DeviceA-isis-1-flex-algo-134] quit

[DeviceA-isis-1] flex-algo 135

[DeviceA-isis-1-flex-algo-135] trust-level-mapping enable

[DeviceA-isis-1-flex-algo-135] advertise-definition enable

[DeviceA-isis-1-flex-algo-135] quit

[DeviceA-isis-1] flex-algo 136

[DeviceA-isis-1-flex-algo-136] trust-level-mapping enable

[DeviceA-isis-1-flex-algo-136] advertise-definition enable

[DeviceA-isis-1-flex-algo-136] quit

[DeviceA-isis-1] flex-algo 137

[DeviceA-isis-1-flex-algo-137] trust-level-mapping enable

[DeviceA-isis-1-flex-algo-137] advertise-definition enable

[DeviceA-isis-1-flex-algo-137] quit

[DeviceA-isis-1] quit

c. Configure an SRv6 SID.

# Configure a locator for public topology.

[DeviceA] segment-routing ipv6

[DeviceA-segment-routing-ipv6] locator a0 ipv6-prefix AA:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a] quit

# Configure the locators associated with flexible algorithm 130 to 137.

[DeviceA-segment-routing-ipv6] locator a130 ipv6-prefix AA:130:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a130] flex-algo algorithm 130

[DeviceA-segment-routing-ipv6-locator-a130] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a130] quit

[DeviceA-segment-routing-ipv6] locator a131 ipv6-prefix AA:131:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a131] flex-algo algorithm 131

[DeviceA-segment-routing-ipv6-locator-a131] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a131] quit

[DeviceA-segment-routing-ipv6] locator a132 ipv6-prefix AA:132:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a132] flex-algo algorithm 132

[DeviceA-segment-routing-ipv6-locator-a132] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a132] quit

[DeviceA-segment-routing-ipv6] locator a133 ipv6-prefix AA:133:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a133] flex-algo algorithm 133

[DeviceA-segment-routing-ipv6-locator-a133] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a133] quit

[DeviceA-segment-routing-ipv6] locator a134 ipv6-prefix AA:134:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a134] flex-algo algorithm 134

[DeviceA-segment-routing-ipv6-locator-a134] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a134] quit

[DeviceA-segment-routing-ipv6] locator a135 ipv6-prefix AA:135:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a135] flex-algo algorithm 135

[DeviceA-segment-routing-ipv6-locator-a135] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a135] quit

[DeviceA-segment-routing-ipv6] locator a136 ipv6-prefix AA:136:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a136] flex-algo algorithm 136

[DeviceA-segment-routing-ipv6-locator-a136] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a136] quit

[DeviceA-segment-routing-ipv6] locator a137 ipv6-prefix AA:137:: 64 static 8

[DeviceA-segment-routing-ipv6-locator-a137] flex-algo algorithm 137

[DeviceA-segment-routing-ipv6-locator-a137] opcode 1 end

[DeviceA-segment-routing-ipv6-locator-a137] quit

[DeviceA-segment-routing-ipv6] quit

# Configure IS-IS to advertise locator a130 to a137.

[DeviceA] isis 1

[DeviceA-isis 1] address-family ipv6 unicast

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a130

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a131

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a132

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a133

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a134

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a135

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a136

[DeviceA-isis-1-ipv6] segment-routing ipv6 locator a137

[DeviceA-isis-1-ipv6] quit

[DeviceA-isis-1] quit

d. Configure SRv6 TE policies (only Device A).

# Configure SRv6 TE policy tunnels from Device A to Device E.

[DeviceA] segment-routing ipv6

[DeviceA-segment-routing-ipv6] traffic-engineering

[DeviceA-srv6-te] srv6-policy locator a0

[DeviceA-srv6-te] segment-list se130

[DeviceA-srv6-te-sl-se130] index 10 ipv6 EE:130::1

[DeviceA-srv6-te-sl-se130] quit

[DeviceA-srv6-te] policy pe130

[DeviceA-srv6-te-policy-pe130] color 130 end-point ipv6 5::5

[DeviceA-srv6-te-policy-pe130] service-class 0

[DeviceA-srv6-te-policy-pe130] drop-upon-invalid enable

[DeviceA-srv6-te-policy-pe130] candidate-paths

[DeviceA-srv6-te-policy-pe130-path] preference 10

[DeviceA-srv6-te-policy-pe130-path-pref-10] explicit segment-list se130

[DeviceA-srv6-te-policy-pe130-path-pref-10] quit

[DeviceA-srv6-te-policy-pe130-path] quit

[DeviceA-srv6-te-policy-pe130] quit

[DeviceA-srv6-te] srv6-policy locator a0

[DeviceA-srv6-te] segment-list se131

[DeviceA-srv6-te-sl-se131] index 10 ipv6 EE:131::1

[DeviceA-srv6-te-sl-se131] quit

[DeviceA-srv6-te] policy pe131

[DeviceA-srv6-te-policy-pe131] color 131 end-point ipv6 5::5

[DeviceA-srv6-te-policy-pe131] service-class 1

[DeviceA-srv6-te-policy-pe131] drop-upon-invalid enable

[DeviceA-srv6-te-policy-pe131] candidate-paths

[DeviceA-srv6-te-policy-pe131-path] preference 10

[DeviceA-srv6-te-policy-pe131-path-pref-10] explicit segment-list se131

[DeviceA-srv6-te-policy-pe131-path-pref-10] quit

[DeviceA-srv6-te-policy-pe131-path] quit

[DeviceA-srv6-te-policy-pe131] quit

[DeviceA-srv6-te] segment-list se132

[DeviceA-srv6-te-sl-se132] index 10 ipv6 EE:132::1

[DeviceA-srv6-te-sl-se132] quit

[DeviceA-srv6-te] policy pe132

[DeviceA-srv6-te-policy-pe132] color 132 end-point ipv6 5::5

[DeviceA-srv6-te-policy-pe132] service-class 2

[DeviceA-srv6-te-policy-pe132] drop-upon-invalid enable

[DeviceA-srv6-te-policy-pe132] candidate-paths

[DeviceA-srv6-te-policy-pe132-path] preference 10

[DeviceA-srv6-te-policy-pe132-path-pref-10] explicit segment-list se132

[DeviceA-srv6-te-policy-pe132-path-pref-10] quit

[DeviceA-srv6-te-policy-pe132-path] quit

[DeviceA-srv6-te-policy-pe132] quit

[DeviceA-srv6-te] srv6-policy locator a0

[DeviceA-srv6-te] segment-list se133

[DeviceA-srv6-te-sl-se133] index 10 ipv6 EE:133::1

[DeviceA-srv6-te-sl-se133] quit

[DeviceA-srv6-te] policy pe133

[DeviceA-srv6-te-policy-pe133] color 133 end-point ipv6 5::5

[DeviceA-srv6-te-policy-pe133] service-class 3

[DeviceA-srv6-te-policy-pe133] drop-upon-invalid enable

[DeviceA-srv6-te-policy-pe133] candidate-paths

[DeviceA-srv6-te-policy-pe133-path] preference 10

[DeviceA-srv6-te-policy-pe133-path-pref-10] explicit segment-list se133

[DeviceA-srv6-te-policy-pe133-path-pref-10] quit

[DeviceA-srv6-te-policy-pe133-path] quit

[DeviceA-srv6-te-policy-pe133] quit

[DeviceA-srv6-te] segment-list se134

[DeviceA-srv6-te-sl-se134] index 10 ipv6 EE:134::1

[DeviceA-srv6-te-sl-se134] quit

[DeviceA-srv6-te] policy pe134

[DeviceA-srv6-te-policy-pe134] color 134 end-point ipv6 5::5

[DeviceA-srv6-te-policy-pe134] service-class 4

[DeviceA-srv6-te-policy-pe134] drop-upon-invalid enable

[DeviceA-srv6-te-policy-pe134] candidate-paths

[DeviceA-srv6-te-policy-pe134-path] preference 10

[DeviceA-srv6-te-policy-pe134-path-pref-10] explicit segment-list se134

[DeviceA-srv6-te-policy-pe134-path-pref-10] quit

[DeviceA-srv6-te-policy-pe134-path] quit

[DeviceA-srv6-te-policy-pe134] quit

[DeviceA-srv6-te] segment-list se135

[DeviceA-srv6-te-sl-se135] index 10 ipv6 EE:135::1

[DeviceA-srv6-te-sl-se135] quit

[DeviceA-srv6-te] policy pe135

[DeviceA-srv6-te-policy-pe135] color 135 end-point ipv6 5::5

[DeviceA-srv6-te-policy-pe135] service-class 5

[DeviceA-srv6-te-policy-pe135] drop-upon-invalid enable

[DeviceA-srv6-te-policy-pe135] candidate-paths

[DeviceA-srv6-te-policy-pe135-path] preference 10

[DeviceA-srv6-te-policy-pe135-path-pref-10] explicit segment-list se135

[DeviceA-srv6-te-policy-pe135-path-pref-10] quit

[DeviceA-srv6-te-policy-pe135-path] quit

[DeviceA-srv6-te-policy-pe135] quit

[DeviceA-srv6-te] segment-list se136

[DeviceA-srv6-te-sl-se136] index 10 ipv6 EE:136::1

[DeviceA-srv6-te-sl-se136] quit

[DeviceA-srv6-te] policy pe136

[DeviceA-srv6-te-policy-pe136] color 136 end-point ipv6 5::5

[DeviceA-srv6-te-policy-pe136] service-class 6

[DeviceA-srv6-te-policy-pe136] drop-upon-invalid enable

[DeviceA-srv6-te-policy-pe136] candidate-paths

[DeviceA-srv6-te-policy-pe136-path] preference 10

[DeviceA-srv6-te-policy-pe136-path-pref-10] explicit segment-list se136

[DeviceA-srv6-te-policy-pe136-path-pref-10] quit

[DeviceA-srv6-te-policy-pe136-path] quit

[DeviceA-srv6-te-policy-pe136] quit

[DeviceA-srv6-te] segment-list se137

[DeviceA-srv6-te-sl-se137] index 10 ipv6 EE:137::1

[DeviceA-srv6-te-sl-se137] quit

[DeviceA-srv6-te] policy pe137

[DeviceA-srv6-te-policy-pe137] color 137 end-point ipv6 5::5

[DeviceA-srv6-te-policy-pe137] service-class 7

[DeviceA-srv6-te-policy-pe137] drop-upon-invalid enable

[DeviceA-srv6-te-policy-pe137] candidate-paths

[DeviceA-srv6-te-policy-pe137-path] preference 10

[DeviceA-srv6-te-policy-pe137-path-pref-10] explicit segment-list se137

[DeviceA-srv6-te-policy-pe137-path-pref-10] quit

[DeviceA-srv6-te-policy-pe137-path] quit

[DeviceA-srv6-te-policy-pe137] quit

[DeviceA-srv6-te] quit

[DeviceA-segment-routing-ipv6] quit

e. Configure static route-based traffic steering.

# Configure IPv6 static routes for steering matching traffic to the SRv6 TE policies.

[DeviceA] ipv6 route-static 123:456:: 64 srv6-policy name pe130

[DeviceA] ipv6 route-static 123:456:: 64 srv6-policy name pe131

[DeviceA] ipv6 route-static 123:456:: 64 srv6-policy name pe132

[DeviceA] ipv6 route-static 123:456:: 64 srv6-policy name pe133

[DeviceA] ipv6 route-static 123:456:: 64 srv6-policy name pe134

[DeviceA] ipv6 route-static 123:456:: 64 srv6-policy name pe135

[DeviceA] ipv6 route-static 123:456:: 64 srv6-policy name pe136

[DeviceA] ipv6 route-static 123:456:: 64 srv6-policy name pe137

2. Configure Device B (trust level client):

# Enter trust-level view.

<DeviceB> system-view

[DeviceB] trust-level

# Configure Device B to operate in the client mode.

[DeviceB-trust-level] client enable

# Configure the parameters of the trust level server on Device B.

[DeviceB-trust-level-client] server ipv6-address 1::1 ssl-client-policy trust

[DeviceB-trust-level-client] quit

[DeviceB-trust-level] quit

Configure Device C, Device D, and Device E in the same way. (Details not shown.)

Verifying the configuration

By using a packet capture tool to capture the packets, very that the packets are forwarded as follows:

· The packets generated by the IP phone are forwarded in three paths: Device A > Device B > Device E, Device A > Device C > Device E, and Device A > Device D > Device E.

· The packets generated by the host are forwarded in two paths: Device A > Device C > Device E, Device A > Device D > Device E.

· The packets generated by the DHCP server are forwarded in two paths: Device A > Device C > Device E, Device A > Device D > Device E.

Ethernet OAM configuration examples

Example: Configuring Ethernet OAM

Network configuration

On the network shown in Figure 395, perform the following operations:

· Enable Ethernet OAM on Device A and Device B to auto-detect link errors between the two devices

· Determine the performance of the link between Device A and Device B by collecting statistics about the error frames received by Device A

Figure 395 Network diagram

‌

Procedure

1. Configure Device A:

# Configure Ten-GigabitEthernet 3/0/1 to operate in active Ethernet OAM mode, and enable Ethernet OAM for it.

<DeviceA> system-view

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] oam mode active

[DeviceA-Ten-GigabitEthernet3/0/1] oam enable

# Set the errored frame event detection window to 20000 milliseconds, and set the errored frame event triggering threshold to 10.

[DeviceA-Ten-GigabitEthernet3/0/1] oam errored-frame window 200

[DeviceA-Ten-GigabitEthernet3/0/1] oam errored-frame threshold 10

[DeviceA-Ten-GigabitEthernet3/0/1] quit

2. Configure Device B:

# Configure Ten-GigabitEthernet 3/0/1 to operate in passive Ethernet OAM mode (the default), and enable Ethernet OAM for it.

<DeviceB> system-view

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] oam mode passive

[DeviceB-Ten-GigabitEthernet3/0/1] oam enable

[DeviceB-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

Use the display oam critical-event command to display the statistics of Ethernet OAM critical link events. For example:

# Display the statistics of Ethernet OAM critical link events on all the ports of Device A.

[DeviceA] display oam critical-event

-----------[Ten-GigabitEthernet3/0/1] -----------

Local link status : UP

Event statistics

Link fault : Not occurred

Dying gasp : Not occurred

Critical event : Not occurred

The output shows that no critical link event occurred on the link between Device A and Device B.

Use the display oam link-event command to display the statistics of Ethernet OAM link events. For example:

# Display Ethernet OAM link event statistics of the local end of Device A.

[DeviceA] display oam link-event local

------------ [Ten-GigabitEthernet3/0/1] -----------

Link status: UP

OAM local errored frame event

Event time stamp : 5789 x 100 milliseconds

Errored frame window : 200 x 100 milliseconds

Errored frame threshold : 10 error frames

Errored frame : 13 error frames

Error running total : 350 error frames

Event running total : 17 events

The output shows the following:

¡ 350 errors occurred after Ethernet OAM is enabled on Device A.

¡ 17 errors were caused by error frames.

¡ The link is unstable.

CFD configuration examples

Example: Configuring CFD in an Ethernet network

Network configuration

As shown in Figure 396:

· The network comprises five devices and is divided into two MDs: MD_A (level 5) and MD_B (level 3). All ports belong to VLAN 100, and the MAs in the two MDs all serve VLAN 100. Assume that the MAC addresses of Device A through Device E are 0010-FC01-6511, 0010-FC02-6512, 0010-FC03-6513, 0010-FC04-6514, and 0010-FC05-6515, respectively.

· MD_A has three edge ports: Ten-GigabitEthernet 3/0/1 on Device A, Ten-GigabitEthernet 3/0/3 on Device D, and Ten-GigabitEthernet 3/0/4 on Device E. They are all inward-facing MEPs. MD_B has two edge ports: Ten-GigabitEthernet 3/0/3 on Device B and Ten-GigabitEthernet 3/0/1 on Device D. They are both outward-facing MEPs.

· In MD_A, Device B is designed to have MIPs when its port is configured with low level MEPs. Port Ten-GigabitEthernet 3/0/3 is configured with MEPs of MD_B, and the MIPs of MD_A can be configured on this port. You must configure the MIP generation rule of MD_A as explicit.

· The MIPs of MD_B are designed on Device C, and are configured on all ports. You must configure the MIP generation rule as default.

· Configure CC to monitor the connectivity among all the MEPs in MD_A and MD_B. Configure LB to locate link faults, and use the AIS and EAIS functions to suppress the error alarms that are reported.

· After the status information of the entire network is obtained, use LT, LM, DM, and TST to detect link faults.

Figure 396 Network diagram

‌

Procedure

1. Configure a VLAN and assign ports to it:

On each device shown in Figure 396, create VLAN 100 and assign ports Ten-GigabitEthernet 3/0/1 through Ten-GigabitEthernet 3/0/4 to VLAN 100.

2. Enable CFD:

# Enable CFD on Device A.

<DeviceA> system-view

[DeviceA] cfd enable

# Configure Device B through Device E in the same way Device A is configured. (Details not shown.)

3. Configure service instances:

# Create MD_A (level 5) on Device A, and create service instance 1 (in which the MA is identified by a VLAN and serves VLAN 100).

[DeviceA] cfd md MD_A level 5

[DeviceA] cfd service-instance 1 ma-id vlan-based md MD_A vlan 100

# Configure Device E in the same way Device A is configured. (Details not shown.)

# Create MD_A (level 5) on Device B, and create service instance 1 (in which the MA is identified by a VLAN and serves VLAN 100).

[DeviceB] cfd md MD_A level 5

[DeviceB] cfd service-instance 1 ma-id vlan-based md MD_A vlan 100

# Create MD_B (level 3), and create service instance 2 (in which the MA is identified by a VLAN and serves VLAN 100).

[DeviceB] cfd md MD_B level 3

[DeviceB] cfd service-instance 2 ma-id vlan-based md MD_B vlan 100

# Configure Device D in the same way Device B is configured. (Details not shown.)

# Create MD_B (level 3) on Device C, and create service instance 2 (in which the MA is identified by a VLAN and serves VLAN 100).

[DeviceC] cfd md MD_B level 3

[DeviceC] cfd service-instance 2 ma-id vlan-based md MD_B vlan 100

4. Configure MEPs:

# On Device A, configure a MEP list in service instance 1, and create inward-facing MEP 1001 in service instance 1 on Ten-GigabitEthernet 3/0/1.

[DeviceA] cfd meplist 1001 4002 5001 service-instance 1

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] cfd mep 1001 service-instance 1 inbound

[DeviceA-Ten-GigabitEthernet3/0/1] quit

# On Device B, configure a MEP list in service instances 1 and 2.

[DeviceB] cfd meplist 1001 4002 5001 service-instance 1

[DeviceB] cfd meplist 2001 4001 service-instance 2

# Create outward-facing MEP 2001 in service instance 2 on Ten-GigabitEthernet 3/0/3.

[DeviceB] interface ten-gigabitethernet 3/0/3

[DeviceB-Ten-GigabitEthernet3/0/3] cfd mep 2001 service-instance 2 outbound

[DeviceB-Ten-GigabitEthernet3/0/3] quit

# On Device D, configure a MEP list in service instances 1 and 2.

[DeviceD] cfd meplist 1001 4002 5001 service-instance 1

[DeviceD] cfd meplist 2001 4001 service-instance 2

# Create outward-facing MEP 4001 in service instance 2 on Ten-GigabitEthernet 3/0/1.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] cfd mep 4001 service-instance 2 outbound

[DeviceD-Ten-GigabitEthernet3/0/1] quit

# Create inward-facing MEP 4002 in service instance 1 on Ten-GigabitEthernet 3/0/3.

[DeviceD] interface ten-gigabitethernet 3/0/3

[DeviceD-Ten-GigabitEthernet3/0/3] cfd mep 4002 service-instance 1 inbound

[DeviceD-Ten-GigabitEthernet3/0/3] quit

# On Device E, configure a MEP list in service instance 1.

[DeviceE] cfd meplist 1001 4002 5001 service-instance 1

# Create inward-facing MEP 5001 in service instance 1 on Ten-GigabitEthernet 3/0/4.

[DeviceE] interface ten-gigabitethernet 3/0/4

[DeviceE-Ten-GigabitEthernet3/0/4] cfd mep 5001 service-instance 1 inbound

[DeviceE-Ten-GigabitEthernet3/0/4] quit

5. Configure MIPs:

# Configure the MIP generation rule in service instance 1 on Device B as explicit.

[DeviceB] cfd mip-rule explicit service-instance 1

# Configure the MIP generation rule in service instance 2 on Device C as default.

[DeviceC] cfd mip-rule default service-instance 2

6. Configure CC:

# On Device A, enable the sending of CCM frames for MEP 1001 in service instance 1 on Ten-GigabitEthernet 3/0/1.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] cfd cc service-instance 1 mep 1001 enable

[DeviceA-Ten-GigabitEthernet3/0/1] quit

# On Device B, enable the sending of CCM frames for MEP 2001 in service instance 2 on Ten-GigabitEthernet 3/0/3.

[DeviceB] interface ten-gigabitethernet 3/0/3

[DeviceB-Ten-GigabitEthernet3/0/3] cfd cc service-instance 2 mep 2001 enable

[DeviceB-Ten-GigabitEthernet3/0/3] quit

# On Device D, enable the sending of CCM frames for MEP 4001 in service instance 2 on Ten-GigabitEthernet 3/0/1.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] cfd cc service-instance 2 mep 4001 enable

[DeviceD-Ten-GigabitEthernet3/0/1] quit

# Enable the sending of CCM frames for MEP 4002 in service instance 1 on Ten-GigabitEthernet 3/0/3.

[DeviceD] interface ten-gigabitethernet 3/0/3

[DeviceD-Ten-GigabitEthernet3/0/3] cfd cc service-instance 1 mep 4002 enable

[DeviceD-Ten-GigabitEthernet3/0/3] quit

# On Device E, enable the sending of CCM frames for MEP 5001 in service instance 1 on Ten-GigabitEthernet 3/0/4.

[DeviceE] interface ten-gigabitethernet 3/0/4

[DeviceE-Ten-GigabitEthernet3/0/4] cfd cc service-instance 1 mep 5001 enable

[DeviceE-Ten-GigabitEthernet3/0/4] quit

7. Configure hardware CC:

# Configure hardware CC on Ten-GigabitEthernet 3/0/1 of Device D to enable MEP 4001 to receive CCM frames from MEP 2001.

[DeviceD] interface ten-gigabitethernet 3/0/1

[DeviceD-Ten-GigabitEthernet3/0/1] cfd hardware-cc service-instance 2 remote-mep 2001

[DeviceD-Ten-GigabitEthernet3/0/1] quit

8. Configure AIS:

# Enable AIS on Device B. Configure the AIS frame transmission level as 5 and AIS frame transmission interval as 1 second in service instance 2.

[DeviceB] cfd ais enable

[DeviceB] cfd ais level 5 service-instance 2

[DeviceB] cfd ais period 1 service-instance 2

9. Configure EAIS:

# Enable port status-AIS collaboration on Device B.

[DeviceB] cfd ais-track link-status global

# On Ten-GigabitEthernet 3/0/3 of Device B, configure the EAIS frame transmission level as 5 and the EAIS frame transmission interval as 60 seconds. Specify the VLANs where the EAIS frames can be transmitted as VLAN 100.

[DeviceB] interface ten-gigabitethernet 3/0/3

[DeviceB-Ten-GigabitEthernet3/0/3] cfd ais-track link-status level 5

[DeviceB-Ten-GigabitEthernet3/0/3] cfd ais-track link-status period 60

[DeviceB-Ten-GigabitEthernet3/0/3] cfd ais-track link-status vlan 100

[DeviceB-Ten-GigabitEthernet3/0/3] quit

Verifying the configuration

1. Verify the LB function when the CC function detects a link fault:

# Enable LB on Device A to check the status of the link between MEP 1001 and MEP 5001 in service instance 1.

[DeviceA] cfd loopback service-instance 1 mep 1001 target-mep 5001

Loopback to MEP 5001 with the sequence number start from 1001-43404:

Reply from 0010-fc05-6515: sequence number=1001-43404 time=5ms

Reply from 0010-fc05-6515: sequence number=1001-43405 time=5ms

Reply from 0010-fc05-6515: sequence number=1001-43406 time=5ms

Reply from 0010-fc05-6515: sequence number=1001-43407 time=5ms

Reply from 0010-fc05-6515: sequence number=1001-43408 time=5ms

Sent: 5 Received: 5 Lost: 0

2. Verify the LT function after the CC function obtains the status information of the entire network:

# Identify the path between MEP 1001 and MEP 5001 in service instance 1 on Device A.

[DeviceA] cfd linktrace service-instance 1 mep 1001 target-mep 5001

Linktrace to MEP 5001 with the sequence number 1001-43462:

MAC address TTL Last MAC Relay action

0010-fc05-6515 63 0010-fc02-6512 Hit

3. Verify the one-way LM function after the CC function obtains the status information of the entire network:

# Use short-period LM to test the frame loss from MEP 1001 to MEP 4002 in service instance 1 on Device A.

[DeviceA] cfd slm service-instance 1 mep 1001 target-mep 4002

Reply from 0010-fc04-6514:

Far-end frame loss : 10 Far-end frame loss rate : 10.00%

Near-end frame loss: 20 Near-end frame loss rate: 20.00%

Reply from 0010-fc00-6514:

Far-end frame loss : 40 Far-end frame loss rate : 40.00%

Near-end frame loss: 40 Near-end frame loss rate: 40.00%

Reply from 0010-fc00-6514:

Far-end frame loss : 0 Far-end frame loss rate : 0.00%

Near-end frame loss: 10 Near-end frame loss rate: 10.00%

Reply from 0010-fc00-6514:

Far-end frame loss : 30 Far-end frame loss rate : 30.00%

Near-end frame loss: 30 Near-end frame loss rate: 30.00%

Average:

Far-end frame loss : 20 Far-end frame loss rate : 20.00%

Near-end frame loss: 25 Near-end frame loss rate: 25.00%

Packet statistics:

Sent LMMs: 5 Received: 5

# Use continual LM to test the frame loss from MEP 1001 to MEP 4002 in service instance 1 on Device A.

[DeviceA] cfd slm continual service-instance 1 mep 1001 target-mep 4002

# Display the one-way LM result on MEP 1001 in service instance 1 on Device A.

[DeviceA] display cfd slm history service-instance 1 mep 1001

Total continual tests: 1

Service instance: 1

MEP ID: 1001

Send status: Testing

Test state: Active

Reply from 0010-fc04-6514:

Far-end frame loss : 10 Far-end frame loss rate : 10.00%

Near-end frame loss: 20 Near-end frame loss rate: 20.00%

Reply from 0010-fc04-6514:

Far-end frame loss : 40 Far-end frame loss rate : 40.00%

Near-end frame loss: 40 Near-end frame loss rate: 40.00%

Reply from 0010-fc04-6514:

Far-end frame loss : 0 Far-end frame loss rate : 0.00%

Near-end frame loss: 10 Near-end frame loss rate: 10.00%

Reply from 0010-fc04-6514:

Far-end frame loss : 30 Far-end frame loss rate : 30.00%

Near-end frame loss: 30 Near-end frame loss rate: 30.00%

Reply from 0010-fc04-6514:

Far-end frame loss : 20 Far-end frame loss rate : 20.00%

Near-end frame loss: 25 Near-end frame loss rate: 25.00%

Average:

Far-end frame loss : 20 Far-end frame loss rate : 20.00%

Near-end frame loss: 25 Near-end frame loss rate: 25.00%

4. Verify the one-way DM function after the CC function obtains the status information of the entire network:

# Use short-period DM to test the one-way frame delay from MEP 1001 to MEP 4002 in service instance 1 on Device A.

[DeviceA] cfd dm one-way service-instance 1 mep 1001 target-mep 4002

5 1DMs have been sent. Please check the result on the remote device.

# Display the one-way DM result on MEP 4002 in service instance 1 on Device D.

[DeviceD] display cfd dm one-way history service-instance 1 mep 4002

Total continual tests: 1

Service instance: 1

MEP ID: 4002

Send status: Testing

Test state: Active

Frame delay: 10ms 9ms 11ms 5ms 5ms

Delay average: 8ms

Frame jitter: 1ms 2ms 6ms 0ms

Variation average: 2ms

# Use continual DM to test the frame loss from MEP 1001 to MEP 4002 in service instance 1 on Device A.

[DeviceA] cfd dm one-way continual service-instance 1 mep 1001 target-mep 4002

# Display the one-way DM result on MEP 4002 in service instance 1 on Device D.

[DeviceD] display cfd dm one-way history service-instance 1 mep 4002

Service instance: 1

MEP ID: 4002

Sent 1DM total number: 0

Received 1DM total number: 5

Frame delay: 10ms 9ms 11ms 5ms 5ms

Delay average: 8ms

Frame jitter: 1ms 2ms 6ms 0ms

Variation average: 2ms

5. Verify the two-way DM function after the CC function obtains the status information of the entire network:

# Use short-period DM to test the two-way frame delay from MEP 1001 to MEP 4002 in service instance 1 on Device A.

[DeviceA] cfd dm two-way service-instance 1 mep 1001 target-mep 4002

Frame delay:

Reply from 0010-fc00-6514: 10us

Reply from 0010-fc00-6514: 9us

Reply from 0010-fc00-6514: 11us

Reply from 0010-fc00-6514: 5us

Average: 8us

Frame jitter: 1us 2us 6us 0us

Average: 2us

Packet statistics:

Sent DMMs: 5 Received: 5 Lost: 0

# Use continual DM to test the two-way frame delay from MEP 1001 to MEP 4002 in service instance 1 on Device A.

[DeviceA] cfd dm two-way continual service-instance 1 mep 1001 target-mep 4002

# Display the two-way DM result on MEP 1001 in service instance 1 on Device A.

[DeviceA] display cfd dm two-way history service-instance 1 mep 1001

Total continual tests: 1

Service instance: 1

MEP ID: 1001

Send status: Testing

Test state: Active

Frame delay:

Reply from 0010-fc00-6514: 10us

Reply from 0010-fc00-6514: 9us

Reply from 0010-fc00-6514: 11us

Reply from 0010-fc00-6514: 5us

Average: 8us

Frame jitter: 1us 2us 6us 0us

Average: 2us

6. Verify the TST function after the CC function obtains the status information of the entire network:

# Use short-period TST to test the bit errors on the link from MEP 1001 to MEP 4002 in service instance 1 on Device A.

[DeviceA] cfd tst service-instance 1 mep 1001 target-mep 4002

5 TSTs have been sent. Please check the result on the remote device.

# Display the short-period TST result on MEP 4002 in service instance 1 on Device D.

[DeviceD] display cfd tst history service-instance 1 mep 4002

Service instance: 1

MEP ID: 4002

Send status: Testing

Test state: Active

Received from 0010-fc01-6511, Bit True, sequence number 0

Received from 0010-fc01-6511, Bit True, sequence number 1

Received from 0010-fc01-6511, Bit True, sequence number 2

Received from 0010-fc01-6511, Bit True, sequence number 3

Received from 0010-fc01-6511, Bit True, sequence number 4

Sent TST total number: 7

Received TST total number: 5

Received bit error TST number: 0

Percentage of error messages: 0.00%

Example: Configuring CFD in a Layer 2 VPN (L2VPN networking)

Network configuration

As shown in Figure 397:

· Configure a static PW between PE 1 and PE 2 to enable CE 1 and CE 2 to communicate with each other. Assume that the MAC addresses of Device A through Device D are 0010-FC01-6511, 0010-FC02-6512, 0010-FC03-6513, and 0010-FC04-6514, respectively.

· Configure Ten-GigabitEthernet 3/0/1.1 on Device A and Device B as AC interfaces, and associate them with cross-connect svc of cross-connect group vpna.

· Assign the network to MD_A (level 5). MD_A has two edge interfaces: Ten-GigabitEthernet 3/0/1.1 on Device A and Ten-GigabitEthernet 3/0/1.1 on Device B. They are both inward-facing MEPs.

· Configure CC to monitor the connectivity between the inward-facing MEPs. Configure LB to locate link faults.

· After the status information of the entire network is obtained, use LT, LM, and DM to detect link faults.

Figure 397 Network diagram

‌

Procedure

1. Configure a static PW. (Details not shown.)

For information about configuring a static PW, see MPLS L2VPN in MPLS Configuration Guide.

2. Enable CFD:

# Enable CFD on Device A.

<DeviceA> system-view

[DeviceA] cfd enable

# Configure Device B in the same way Device A is configured. (Details not shown.)

3. Configure service instances:

# Create MD_A (level 5) on Device A, and create service instance 1 (in which the MA is identified by vpnma and serves cross-connect svc of cross-connect group vpna).

[DeviceA] cfd md MD_A level 5

[DeviceA] cfd service-instance 1 ma-id string vpnma md MD_A xconnect-group vpna connection svc

# Configure Device B in the same way Device A is configured. (Details not shown.)

4. Configure MEPs:

# On Device A, configure a MEP list in service instance 1, and create inward-facing MEP 1001 in service instance 1 on Ten-GigabitEthernet 3/0/1.1.

[DeviceA] cfd meplist 1001 2001 service-instance 1

[DeviceA] interface ten-gigabitethernet 3/0/1.1

[DeviceA-Ten-GigabitEthernet3/0/1.1] cfd mep 1001 service-instance 1 inbound

[DeviceA-Ten-GigabitEthernet3/0/1.1] quit

# On Device B, configure a MEP list in service instance 1, and create inward-facing MEP 2001 in service instance 1 on Ten-GigabitEthernet 3/0/1.1.

[DeviceB] cfd meplist 1001 2001 service-instance 1

[DeviceB] interface ten-gigabitethernet 3/0/1.1

[DeviceB-Ten-GigabitEthernet3/0/1.1] cfd mep 2001 service-instance 1 inbound

[DeviceB-Ten-GigabitEthernet3/0/1.1] quit

5. Configure CC:

# On Device A, enable the sending of CCM frames for MEP 1001 in service instance 1 on Ten-GigabitEthernet 3/0/1.1.

[DeviceA] interface ten-gigabitethernet 3/0/1.1

[DeviceA-Ten-GigabitEthernet3/0/1.1] cfd cc service-instance 1 mep 1001 enable

[DeviceA-Ten-GigabitEthernet3/0/1.1] quit

# On Device B, enable the sending of CCM frames for MEP 2001 in service instance 1 on Ten-GigabitEthernet 3/0/1.1.

[DeviceB] interface ten-gigabitethernet 3/0/1.1

[DeviceB-Ten-GigabitEthernet3/0/1.1] cfd cc service-instance 1 mep 2001 enable

[DeviceB-Ten-GigabitEthernet3/0/1.1] quit

6. Configure the frame counting mode:

# Configure the frame counting mode as port-based for Ten-GigabitEthernet 3/0/1.1 on Device A.

[DeviceA] interface ten-gigabitethernet 3/0/1.1

[DeviceA-Ten-GigabitEthernet3/0/1.1] cfd frame-count mode port-based

[DeviceA-Ten-GigabitEthernet3/0/1.1] quit

# Configure the frame counting mode as port-based for Ten-GigabitEthernet 3/0/1.1 on Device B.

[DeviceB] interface ten-gigabitethernet 3/0/1.1

[DeviceB-Ten-GigabitEthernet3/0/1.1] cfd frame-count mode port-based

[DeviceB-Ten-GigabitEthernet3/0/1.1] quit

Verifying the configuration

1. Verify the LB function when the CC function detects a link fault:

# Enable LB on Device A to check the status of the link between MEP 1001 and MEP 2001 in service instance 1.

[DeviceA] cfd loopback service-instance 1 mep 1001 target-mep 2001

Loopback to MEP 2001 with the sequence number start from 1001-43404:

Reply from 0010-fc02-6512: sequence number=1001-43404 time=5ms

Reply from 0010-fc02-6512: sequence number=1001-43405 time=5ms

Reply from 0010-fc02-6512: sequence number=1001-43406 time=5ms

Reply from 0010-fc02-6512: sequence number=1001-43407 time=5ms

Reply from 0010-fc02-6512: sequence number=1001-43408 time=5ms

Sent: 5 Received: 5 Lost: 0

2. Verify the LT function after the CC function obtains the status information of the entire network:

# Identify the path between MEP 1001 and MEP 2001 in service instance 1 on Device A.

[DeviceA] cfd linktrace service-instance 1 mep 1001 target-mep 2001

Linktrace to MEP 2001 with the sequence number 1001-43462:

MAC address TTL Last MAC Relay action

0010-fc02-6512 63 0010-fc02-6512 Hit

3. Verify the one-way LM function after the CC function obtains the status information of the entire network:

# Use short-period LM to test the frame loss from MEP 1001 to MEP 2001 in service instance 1 on Device A.

[DeviceA] cfd slm service-instance 1 mep 1001 target-mep 2001

Reply from 0010-fc02-6512:

Far-end frame loss : 10 Far-end frame loss rate : 10.00%

Near-end frame loss: 20 Near-end frame loss rate: 20.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 40 Far-end frame loss rate : 40.00%

Near-end frame loss: 40 Near-end frame loss rate: 40.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 0 Far-end frame loss rate : 0.00%

Near-end frame loss: 10 Near-end frame loss rate: 10.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 30 Far-end frame loss rate : 30.00%

Near-end frame loss: 30 Near-end frame loss rate: 30.00%

Average:

Far-end frame loss : 20 Far-end frame loss rate : 20.00%

Near-end frame loss: 25 Near-end frame loss rate: 25.00%

Packet statistics:

Sent LMMs: 5 Received: 5

# Use continual LM to test the frame delay from MEP 1001 to MEP 2001 in service instance 1 on Device A.

[DeviceA] cfd slm continual service-instance 1 mep 1001 target-mep 2001

# Display the one-way LM result on MEP 1001 in service instance 1 on Device A.

[DeviceA] display cfd slm history service-instance 1 mep 1001

Total continual tests: 1

Service instance: 1

MEP ID: 1001

Send status: Testing

Test state: Active

Reply from 0010-fc02-6512:

Far-end frame loss : 10 Far-end frame loss rate : 10.00%

Near-end frame loss: 20 Near-end frame loss rate: 20.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 40 Far-end frame loss rate : 40.00%

Near-end frame loss: 40 Near-end frame loss rate: 40.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 0 Far-end frame loss rate : 0.00%

Near-end frame loss: 10 Near-end frame loss rate: 10.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 30 Far-end frame loss rate : 30.00%

Near-end frame loss: 30 Near-end frame loss rate: 30.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 20 Far-end frame loss rate : 20.00%

Near-end frame loss: 25 Near-end frame loss rate: 25.00%

Average:

Far-end frame loss : 20 Far-end frame loss rate : 20.00%

Near-end frame loss: 25 Near-end frame loss rate: 25.00%

4. Verify the two-way LM function after the CC function obtains the status information of the entire network:

# Use short-period LM to test the frame loss from MEP 1001 to MEP 2001 in service instance 1 on Device A.

[DeviceA] cfd dlm continual service-instance 1 mep 1001 target-mep 2001

# Use continual LM to test the frame loss from MEP 2001 to MEP 1001 in service instance 1 on Device B.

[DeviceB] cfd dlm continual service-instance 1 mep 2001 target-mep 1001

# Display the two-way LM result on MEP 1001 in service instance 1 on Device A.

[DeviceA] display cfd dlm history service-instance 1 mep 1001

Total continual tests: 1

Service instance: 1

MEP ID: 1001

Send status: Testing

Test state: Active

Reply from 0010-fc02-6512:

Far-end frame loss : 10 Far-end frame loss rate : 10.00%

Near-end frame loss: 20 Near-end frame loss rate: 20.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 40 Far-end frame loss rate : 40.00%

Near-end frame loss: 40 Near-end frame loss rate: 40.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 0 Far-end frame loss rate : 0.00%

Near-end frame loss: 10 Near-end frame loss rate: 10.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 30 Far-end frame loss rate : 30.00%

Near-end frame loss: 30 Near-end frame loss rate: 30.00%

Reply from 0010-fc02-6512:

Far-end frame loss : 20 Far-end frame loss rate : 20.00%

Near-end frame loss: 25 Near-end frame loss rate: 25.00%

Average:

Far-end frame loss : 20 Far-end frame loss rate : 20.00%

Near-end frame loss: 25 Near-end frame loss rate: 25.00%

5. Verify the one-way DM function after the CC function obtains the status information of the entire network:

# Use short-period DM to test the frame delay from MEP 1001 to MEP 2001 in service instance 1 on Device A.

[DeviceA] cfd dm one-way service-instance 1 mep 1001 target-mep 2001

5 1DMs have been sent. Please check the result on the remote device.

# Display the one-way DM result on MEP 1001 in service instance 1 on Device B.

[DeviceB] display cfd dm one-way history service-instance 1 mep 2001

Service instance: 1

MEP ID: 2001

Sent 1DM total number: 0

Received 1DM total number: 5

Frame delay: 10us 9us 11us 5us 5us

Delay average: 8us

Frame jitter: 1us 2us 6us 0us

Variation average: 2us

# Use continual DM to test the frame delay from MEP 1001 to MEP 2001 in service instance 1 on Device A.

[DeviceA] cfd dm one-way continual service-instance 1 mep 1001 target-mep 2001

# Display the one-way DM result on MEP 1001 in service instance 1 on Device B.

[DeviceB] display cfd dm one-way history service-instance 1 mep 2001

Total continual tests: 1

Service instance: 1

MEP ID: 2001

Send status: Testing

Test state: Active

Frame delay: 10us 9us 11us 5us 5us

Delay average: 8us

Frame jitter: 1us 2us 6us 0us

Variation average: 2us

6. Verify the two-way DM function after the CC function obtains the status information of the entire network:

# Use short-period DM to test the two-way frame delay from MEP 1001 to MEP 2001 in service instance 1 on Device A.

[DeviceA] cfd dm two-way service-instance 1 mep 1001 target-mep 2001

Frame delay:

Reply from 0010-fc02-6512: 10us

Reply from 0010-fc02-6512: 9us

Reply from 0010-fc02-6512: 11us

Reply from 0010-fc02-6512: 5us

Average: 8us

Frame jitter: 1us 2us 6us 0us

Average: 2us

Packet statistics:

Sent DMMs: 5 Received: 5 Lost: 0

# Use continual DM to test the frame delay from MEP 1001 to MEP 2001 in service instance 1 on Device A.

[DeviceA] cfd dm one-way continual service-instance 1 mep 1001 target-mep 2001

# Display the two-way DM result on MEP 1001 in service instance 1 on Device A.

[DeviceA] display cfd dm two-way history service-instance 1 mep 1001

Total continual tests: 1

Service instance: 1

MEP ID: 1001

Send status: Testing

Test state: Active

Frame delay:

Reply from 0010-fc02-6512: 10us

Reply from 0010-fc02-6512: 9us

Reply from 0010-fc02-6512: 11us

Reply from 0010-fc02-6512: 5us

Average: 8us

Frame jitter: 1us 2us 6us 0us

Average: 2us

Network configuration

As shown in Figure 398:

· Configure a static PW between PE 1 and PE 2 to enable CE 1 and CE 2 to communicate in VLAN 10. Assume that the MAC addresses of Device A through Device D are 0010-FC01-6511, 0010-FC02-6512, 0010-FC03-6513, and 0010-FC04-6514, respectively.

· Create Ethernet service instance 10 on Ten-GigabitEthernet 3/0/1 of PE 1 and PE 2 to match incoming packets with VLAN ID 10 on Ten-GigabitEthernet 3/0/1. Configure Ten-GigabitEthernet 3/0/1 on Device A and Device B as AC interfaces, and associate them with cross-connect svc of cross-connect group vpna.

· Assign the network to MD_A (level 5). MD_A has two edge interfaces: Ten-GigabitEthernet 3/0/1 on Device A and Ten-GigabitEthernet 3/0/1 on Device B. They are both inward-facing MEPs.

· Configure CC to monitor the connectivity between the inward-facing MEPs. Configure LB to locate link faults.

· After the status information of the entire network is obtained, use LT, LM, and DM to detect link faults.

Figure 398 Network diagram

‌

Procedure

1. Configure VLANs and assign interfaces to them:

On each device shown in Figure 398, create VLAN 10 and VLAN 20, assign Ten-GigabitEthernet 3/0/1 to VLAN 10, and assign Ten-GigabitEthernet 3/0/2 to VLAN 20.

2. Configure a static PW. (Details not shown.)

For information about configuring a static PW, see MPLS L2VPN in MPLS Configuration Guide.

3. Enable CFD:

# Enable CFD on Device A.

<DeviceA> system-view

[DeviceA] cfd enable

# Configure Device B in the same way Device A is configured. (Details not shown.)

4. Configure service instances:

# Create MD_A (level 5) on Device A, and create service instance 1 (in which the MA is identified by vpnma and serves cross-connect svc of cross-connect group vpna).

[DeviceA] cfd md MD_A level 5

[DeviceA] cfd service-instance 1 ma-id string vpnma md MD_A xconnect-group vpna connection svc

# Configure Device B in the same way Device A is configured. (Details not shown.)

5. Configure MEPs:

# On Device A, configure a MEP list in service instance 1, and create inward-facing MEP 1001 in Ethernet service instance 10 on Ten-GigabitEthernet 3/0/1.

[DeviceA] cfd meplist 1001 2001 service-instance 1

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] service-instance 10

[DeviceA-Ten-GigabitEthernet3/0/1-srv10] cfd mep 1001 service-instance 1 inbound

[DeviceA-Ten-GigabitEthernet3/0/1-srv10] quit

# On Device B, configure a MEP list in service instance 1, and create inward-facing MEP 2001 in Ethernet service instance 10 on Ten-GigabitEthernet 3/0/1.

[DeviceB] cfd meplist 1001 2001 service-instance 1

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] service-instance 10

[DeviceB-Ten-GigabitEthernet3/0/1-srv10] cfd mep 2001 service-instance 1 inbound

[DeviceB-Ten-GigabitEthernet3/0/1-srv10] quit

6. Configure CC:

# On Device A, enable the sending of CCM frames for MEP 1001 in Ethernet service instance 10 on Ten-GigabitEthernet 3/0/1.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] service-instance 10

[DeviceA-Ten-GigabitEthernet3/0/1-srv10] cfd cc service-instance 1 mep 1001 enable

[DeviceA-Ten-GigabitEthernet3/0/1-srv10] quit

# On Device B, enable the sending of CCM frames for MEP 2001 in Ethernet service instance 10 on Ten-GigabitEthernet 3/0/1.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] service-instance 10

[DeviceB-Ten-GigabitEthernet3/0/1-srv10] cfd cc service-instance 1 mep 2001 enable

[DeviceB-Ten-GigabitEthernet3/0/1-srv10] quit

7. Configure the frame counting mode:

# Configure the frame counting mode as port-based for Layer 2 Ethernet service instance on Ten-GigabitEthernet 3/0/1 on Device A.

[DeviceA] interface ten-gigabitethernet 3/0/1

[DeviceA-Ten-GigabitEthernet3/0/1] service-instance 10

[DeviceA-Ten-GigabitEthernet3/0/1-srv10] cfd frame-count mode port-based

[DeviceA-Ten-GigabitEthernet3/0/1-srv10] quit

# Configure the frame counting mode as port-based for Layer 2 Ethernet service instance on Ten-GigabitEthernet 3/0/1 on Device B.

[DeviceB] interface ten-gigabitethernet 3/0/1

[DeviceB-Ten-GigabitEthernet3/0/1] service-instance 10

[DeviceB-Ten-GigabitEthernet3/0/1-srv10] cfd frame-count mode port-based