Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-GRE with VPN Configuration Examples | 178.66 KB |
Introduction
This document provides GRE with VPN configuration examples.
In an MPLS VPN network where a CE and a PE cannot be connected directly, you can deploy a GRE tunnel to provide a logical direct connection between them.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of GRE and MPLS L3VPN.
Example: Configuring GRE with VPN
Network configuration
As shown in Figure 1:
· Customer A and Customer B belong to VPN network vpn1.
· CE 1 and CE 2 are the edge devices of customer network vpn1.
· PE 1 and PE 2 are the edge devices of the MPLS network.
· CE 1 and PE 1 are interconnected through a VPN network named vpn2.
Configure the following settings for Customer A and Customer B to communicate with each other through the MPLS and VPN networks:
· Set up a point-to-point GRE tunnel between CE 1 and PE 1 and configure static routes for them to reach each other.
· Configure an IGP routing protocol in the MPLS network to ensure IP connectivity among the PE and P devices. In this example, OSPF is used.
· Configure LDP in the MPLS network to distribute public network labels (outer labels) of packets from VPN network vpn1.
· Configure MP-BGP and establish peer relationship between the PEs so that the PEs can advertise private network routing information and distribute private network labels (inner labels).
Applicable hardware and software versions
The following matrix shows the hardware and software versions to which this configuration example is applicable:
|
Hardware |
Software version |
|
S12500G-AF |
Release 8053P05 and later |
|
S12500CR |
Release 8053P05 and later |
|
S10500X-G |
Release 7753P05 and later |
|
S7500X-G |
Release 7753P05 and later |
Restrictions and guidelines
Associating an interface with a VPN instance clears the IP address configuration on the interface. As a best practice, associate the interface with the VPN instance before you configure other settings on the interface.
Procedures
Configuring OSPF in the MPLS network
1. Configure PE 1:
# Configure IP addresses for Loopback 0 and VLAN-interface 2.
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] vlan 2
[PE1-vlan2] port ten-gigabitethernet 3/0/2
[PE1-vlan2] quit
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] ip address 10.1.1.1 24
[PE1-Vlan-interface2] quit
# Configure OSPF to advertise routes for the specified networks.
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
2. Configure P:
# Configure IP addresses for Loopback 0, VLAN-interface 2, and VLAN-interface 5.
<P> system-view
[P] interface loopback 0
[P-LoopBack0] ip address 2.2.2.9 32
[P-LoopBack0] quit
[P] vlan 2
[P-vlan2] port ten-gigabitethernet 3/0/2
[P-vlan2] quit
[P] vlan 5
[P-vlan5] port ten-gigabitethernet 3/0/3
[P-vlan5] quit
[P] interface vlan-interface 2
[P-Vlan-interface2] ip address 10.1.1.2 24
[P-Vlan-interface2] quit
[P] interface vlan-interface 5
[P-Vlan-interface5] ip address 10.1.4.1 24
[P-Vlan-interface5] quit
# Configure OSPF to advertise routes for the specified networks.
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
3. Configure PE 2:
# Configure IP addresses for Loopback 0 and VLAN-interface 5.
<PE2> system-view
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
[PE2] vlan 5
[PE2-vlan5] port ten-gigabitethernet 3/0/1
[PE2-vlan5] quit
[PE2] interface vlan-interface 5
[PE2-Vlan-interface5] ip address 10.1.4.2 24
[PE2-Vlan-interface5] quit
# Configure OSPF to advertise routes for the specified networks.
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
4. Verify that PE 1, P, and PE 2 have established OSPF neighbor relationship. This example uses PE 1 for illustration.
[PE1] display ospf peer verbose
OSPF Process 1 with Router ID 1.1.1.9
Neighbors
Area 0.0.0.0 interface 10.1.1.1(Vlan-interface2)'s neighbors
Router ID: 2.2.2.9 Address: 10.1.1.2 GR State: Normal
State: Full Mode: Nbr is Master Priority: 1
DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
Options is 0x02 (-|-|-|-|-|-|E|-)
Dead timer due in 38 sec
Neighbor is up for 17:30:25
Authentication Sequence: [ 0 ]
Neighbor state change count: 6
BFD status: Disabled
[PE1] display ip routing-table protocol ospf
Summary Count : 5
OSPF Routing table Status : <Active>
Summary Count : 3
Destination/Mask Proto Pre Cost NextHop Interface
2.2.2.9/32 OSPF 10 1 10.1.1.2 Vlan2
3.3.3.9/32 OSPF 10 2 10.1.1.2 Vlan2
10.1.4.0/24 OSPF 10 2 10.1.1.2 Vlan2
OSPF Routing table Status : <Inactive>
Summary Count : 2
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 OSPF 10 0 1.1.1.9 Loop0
10.1.1.0/24 OSPF 10 1 10.1.1.1 Vlan2
Establishing LDP LSPs in the MPLS network
1. Configure PE 1:
# Configure the LSR ID as 1.1.1.9 and enable LDP globally.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls ldp
[PE1-ldp] quit
# Enable MPLS and IPv4 LDP on VLAN-interface 2.
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] mpls enable
[PE1-Vlan-interface2] mpls ldp enable
[PE1-Vlan-interface2] quit
2. Configure P:
# Configure the LSR ID as 2.2.2.9 and enable LDP globally.
[P] mpls lsr-id 2.2.2.9
[P] mpls ldp
[P-ldp] quit
# Enable MPLS and IPv4 LDP on VLAN-interface 2.
[P] interface vlan-interface 2
[P-Vlan-interface2] mpls enable
[P-Vlan-interface2] mpls ldp enable
[P-Vlan-interface2] quit
# Enable MPLS and IPv4 LDP on VLAN-interface 5.
[P] interface vlan-interface 5
[P-Vlan-interface5] mpls enable
[P-Vlan-interface5] mpls ldp enable
[P-Vlan-interface5] quit
3. Configure PE 2:
# Configure the LSR ID as 3.3.3.9 and enable LDP globally.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls ldp
[PE2-ldp] quit
# Enable MPLS and IPv4 LDP on VLAN-interface 5.
[PE2] interface vlan-interface 5
[PE2-Vlan-interface5] mpls enable
[PE2-Vlan-interface5] mpls ldp enable
[PE2-Vlan-interface5] quit
4. Verify that PE 1, P, and PE 2 have established LDP sessions. This example uses PE 1 for illustration.
[PE1] display mpls ldp peer
Total number of peers: 1
Peer LDP ID State Role GR MD5 KA Sent/Rcvd
2.2.2.9:0 Operational Passive Off Off 5/5
[PE1] display mpls ldp lsp
Status Flags: * - stale, L - liberal, B - backup
FECs: 4 Ingress: 1 Transit: 1 Egress: 3
FEC In/Out Label Nexthop OutInterface
1.1.1.9/32 3/-
-/1151(L)
2.2.2.9/32 -/3 10.1.1.2 Vlan2
1151/3 10.1.1.2 Vlan2
3.3.3.9/32 -/1150 10.1.1.2 Vlan2
1150/1150 10.1.1.2 Vlan2
Configuring GRE and VPN instances
1. Configure VPN instance vpn1 on PE 1:
# Create VPN instance vpn1.
[PE1] ip vpn-instance vpn1
# Configure an RD for the VPN instance.
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
# Configure route targets for the VPN instance.
[PE1-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate VLAN-interface 100 with VPN instance vpn1.
[PE1] vlan 100
[PE1-vlan100] port ten-gigabitethernet 3/0/1
[PE1-vlan100] quit
[PE1] interface vlan-interface 100
[PE1-Vlan-interface100] ip binding vpn-instance vpn1
[PE1-Vlan-interface100] ip address 200.1.1.2 24
[PE1-Vlan-interface100] quit
2. Configure VPN instance vpn1 on CE 1:
# Create VPN instance vpn1.
[CE1] ip vpn-instance vpn1
# Configure an RD for the VPN instance.
[CE1-vpn-instance-vpn1] route-distinguisher 100:1
# Configure route targets for the VPN instance.
[CE1-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[CE1-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[CE1-vpn-instance-vpn1] quit
# Associate VLAN-interface 101 with VPN instance vpn1.
[CE1] vlan 101
[CE1-vlan101] port ten-gigabitethernet 3/0/1
[CE1-vlan101] quit
[CE1] interface vlan-interface 101
[CE1-Vlan-interface101] ip binding vpn-instance vpn1
[CE1-Vlan-interface101] ip address 100.1.1.1 24
[CE1-Vlan-interface101] quit
3. Configure GRE on CE 1:
# Create tunnel interface Tunnel 1, and specify the tunnel mode as GRE/IPv4.
[CE1] interface tunnel 1 mode gre
# Specify the VPN instance to which the tunnel source belongs.
[CE1-Tunnel1] ip binding vpn-instance vpn1
# Configure an IP address for tunnel interface Tunnel 1.
[CE1-Tunnel1] ip address 20.1.1.1 255.255.255.0
# Configure the source address of tunnel interface Tunnel 1 as the IP address of VLAN-interface 101 on CE 1.
[CE1-Tunnel1] source vlan-interface 101
# Configure the destination address of the tunnel interface as the IP address of VLAN-interface 100 on PE 1.
[CE1-Tunnel1] destination 200.1.1.2
# Specify the VPN instance to which the tunnel destination belongs.
[CE1-Tunnel1] tunnel vpn-instance vpn1
[CE1-Tunnel1] quit
# Configure a static route from Customer A through tunnel interface Tunnel 1 to Customer B.
[CE1] ip route-static vpn-instance vpn1 172.2.0.0 24 tunnel 1
4. Configure GRE on PE 1:
# Create tunnel interface Tunnel 1, and specify the tunnel mode as GRE/IPv4.
[PE1] interface tunnel 1 mode gre
# Specify the VPN instance to which the tunnel source belongs.
[PE1-Tunnel1] ip binding vpn-instance vpn1
# Configure an IP address for tunnel interface Tunnel 0.
[PE1-Tunnel1] ip address 20.1.1.2 255.255.255.0
# Configure the source address of tunnel interface Tunnel 0 as the IP address of VLAN-interface 100 on PE 1.
[PE1-Tunnel1] source vlan-interface 100
# Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on CE 1.
[PE1-Tunnel1] destination 100.1.1.1
# Specify the VPN instance to which the tunnel destination belongs.
[PE1-Tunnel1] tunnel vpn-instance vpn1
[PE1-Tunnel1] quit
# Configure a static route from Customer B through tunnel interface Tunnel 1 to Customer A.
[PE1] ip route-static vpn-instance vpn1 172.1.0.0 24 Tunnel 1
5. Configure VPN instance vpn1 on PE 2:
# Create VPN instance vpn1.
[PE2] ip vpn-instance vpn1
# Configure an RD for the VPN instance.
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
# Configure route targets for the VPN instance. Make sure the import route target on PE 2 is the same as the export route target on PE 1 and the export route target on PE 2 is the same as the import route target on PE 1.
[PE2-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Associate VLAN-interface 101 with VPN instance vpn1.
[PE2] vlan 101
[PE2-vlan101] port ten-gigabitethernet 3/0/2
[PE2-vlan101] quit
[PE2] interface vlan-interface 101
[PE2-Vlan-interface101] ip binding vpn-instance vpn1
[PE2-Vlan-interface101] ip address 101.1.1.1 24
[PE2-Vlan-interface101] quit
6. Configure IP addresses for interfaces on CE 2, as shown in Figure 1. (Details not shown.)
7. Verify the configuration. This example uses PE 2 for illustration.
# Display VPN instance information.
[PE2] display ip vpn-instance
Total VPN-Instances configured : 1
VPN-Instance Name RD Create time
vpn1 100:1 2016/06/22 13:20:08
# Verify that PE 2 can ping CE 2.
[PE2] ping -vpn-instance vpn1 101.1.1.2
Ping 10.1.4.2 (101.1.1.2): 56 data bytes, press CTRL_C to break
56 bytes from 101.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 101.1.1.2: icmp_seq=1 ttl=255 time=2.000 ms
56 bytes from 101.1.1.2: icmp_seq=2 ttl=255 time=0.000 ms
56 bytes from 101.1.1.2: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 101.1.1.2: icmp_seq=4 ttl=255 time=0.000 ms
--- Ping statistics for 10.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms
Establishing EBGP peer relationship between PEs and CEs and redistributing VPN routes
1. Configure PE 1:
# Enable BGP instance default, set the local AS number to 100, and enter BGP instance view.
[PE1] bgp 100
# Specify CE 1 as a BGP peer and set its AS number to 65410.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 20.1.1.1 as-number 65410
# Redistribute the direct routes of PE 1 to BGP-VPN IPv4 unicast address family.
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 20.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
2. Configure PE 2:
# Enable BGP instance default, set the local AS number to 100, and enter BGP instance view.
[PE2] bgp 100
# Specify CE 2 as a BGP peer and set its AS number to 65410.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 101.1.1.2 as-number 65410
# Redistribute the direct routes of PE 2 to BGP-VPN IPv4 unicast address family.
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 101.1.1.2 enable
[PE2-bgp-default-ipv4-vpn1] import-route direct
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
3. Configure CE 1:
# Enable BGP instance default, set the local AS number to 65410, and enter BGP instance view.
<CE1> system-view
[CE1] bgp 65410
# Specify PE 1 as a BGP peer and set its AS number to 100.
[CE1-bgp-default] peer 20.1.1.2 as-number 100
# Enter BGP IPv4 unicast address family view, and enable BGP to exchange IPv4 unicast routing information with peer 20.1.1.2.
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 20.1.1.2 enable
# Redistribute direct routes to BGP IPv4 unicast address family.
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
4. Configure CE 2:
# Enable BGP instance default, set the local AS number to 65410, and enter BGP instance view.
<CE2> system-view
[CE2] bgp 65410
# Specify PE 2 as a BGP peer and set its AS number to 100.
[CE2-bgp-default] peer 101.1.1.1 as-number 100
# Enter BGP IPv4 unicast address family view, and enable BGP to exchange IPv4 unicast routing information with peer 101.1.1.1.
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 101.1.1.1 enable
# Redistribute direct routes to BGP IPv4 unicast address family.
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
5. On PE 2, verify that PE 2 and CE 2 have established BGP peer relationship.
[PE2] display bgp peer ipv4 vpn-instance vpn1
BGP local router ID: 3.3.3.9
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
101.1.1.2 65410 4 4 0 2 13:35:25 Established
Establishing MP-IBGP peer relationship between PEs
1. Configure PE 1:
# Specify PE 2 as a BGP peer and specify Loopback 0 as the source interface for TCP connections to the peer.
[PE1] bgp 100
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
# Enter BGP VPNv4 address family view and specify PE 2 as a BGP peer.
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
2. Configure PE 2:
# Specify PE 1 as a BGP peer and specify Loopback 0 as the source interface for TCP connections to the peer.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.9 as-number 100
[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0
# Enter BGP VPNv4 address family view and specify PE 1 as a BGP peer.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
3. Verify that the PEs have established BGP peer relationship.
[PE1] display bgp peer vpnv4
BGP local router ID: 1.1.1.9
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
3.3.3.9 100 8 8 0 0 00:00:08 Established
Verifying the configuration
# Display routing table information on the PEs. Verify that they have routes to reach the CEs. In this example, the routing table of VPN instance vpn1 on PE 1 is displayed.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
20.1.1.0/24 Direct 0 0 20.1.1.2 Tun0
20.1.1.0/32 Direct 0 0 20.1.1.2 Tun0
20.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
200.1.1.0/24 Direct 0 0 200.1.1.2 Vlan100
200.1.1.0/32 Direct 0 0 200.1.1.2 Vlan100
200.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
200.1.1.255/32 Direct 0 0 100.1.1.2 Vlan100
101.1.1.0/24 BGP 255 0 3.3.3.9 Vlan2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
Configuration files
· PE 1:
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
vlan 2
#
vlan 100
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Vlan-interface100
ip binding vpn-instance vpn1
ip address 200.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/1
port link-mode bridge
port access vlan 100
#
interface Ten-GigabitEthernet3/0/2
port link-mode bridge
port access vlan 2
#
#
interface Ten-GigabitEthernet3/0/3
port link-mode bridge
#
interface Tunnel1 mode gre
ip binding vpn-instance vpn1
ip address 20.1.1.2 255.255.255.0
source Vlan-interface100
tunnel vpn-instance vpn1
destination 100.1.1.1
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
peer 20.1.1.1 as-number 65410
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.1 enable
#
ip route-static vpn-instance vpn1 172.1.0.0 24 Tunnel1
· P:
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
vlan 2
#
vlan 5
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Vlan-interface5
ip address 10.1.4.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet3/0/3
port link-mode bridge
port access vlan 5
#
· PE 2:
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.1.4.0 0.0.0.255
#
mpls lsr-id 3.3.3.9
#
lldp global enable
#
vlan 5
#
vlan 101
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Vlan-interface5
ip address 10.1.4.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Vlan-interface101
ip binding vpn-instance vpn1
ip address 101.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/1
port link-mode bridge
port access vlan 5
#
interface Ten-GigabitEthernet3/0/2
port link-mode bridge
port access vlan 101
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
peer 101.1.1.2 as-number 65410
#
address-family ipv4 unicast
import-route direct
peer 101.1.1.2 enable
#
· CE 1:
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
vlan 101
#
interface Vlan-interface101
ip binding vpn-instance vpn1
ip address 100.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet3/0/3
port link-mode bridge
#
interface Tunnel1 mode gre
ip binding vpn-instance vpn1
ip address 20.1.1.1 255.255.255.0
source Vlan-interface101
tunnel vpn-instance vpn1
destination 200.1.1.2
#
bgp 65410
peer 20.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 20.1.1.2 enable
#
ip route-static vpn-instance vpn1 172.2.0.0 24 Tunnel1
#
· CE 2:
#
vlan 101
#
interface Vlan-interface101
ip address 101.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/1
port link-mode bridge
port access vlan 101
#
bgp 65410
peer 101.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 101.1.1.1 enable
#
