Login
- Table of Contents
-
- 09-MPLS Configuration Guide
- 00-Preface
- 01-Basic MPLS configuration
- 02-IPv6 MPLS L3VPN configuration examples
- 03-IPv6 MPLS L3VPN configuration
- 04-L2VPN access to L3VPN or IP backbone configuration
- 05-LDP configuration
- 06-MCE configuration
- 07-MPLS L2VPN configuration examples
- 08-MPLS L2VPN configuration
- 09-MPLS L3VPN configuration examples
- 10-MPLS L3VPN configuration
- 11-MPLS OAM configuration
- 12-MPLS TE configuration
- 13-RSVP configuration
- 14-Static CRLSP configuration
- 15-Static LSP configuration
- 16-Tunnel policy configuration
- 17-VPLS configuration examples
- 18-VPLS configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-MPLS L3VPN configuration examples | 1.81 MB |
MPLS L3VPN configuration examples
Example: Configuring basic MPLS L3VPN
Example: Configuring MPLS L3VPN over a GRE tunnel
Example: Configuring a hub-spoke network
Example: Configuring MPLS L3VPN inter-AS option A
Example: Configuring MPLS L3VPN inter-AS option B
Example: Configuring MPLS L3VPN carrier's carrier in the same AS
Example: Configuring nested VPN
Example: Configuring multirole host
Example: Configuring an OSPF sham link
Example: Configuring BGP AS number substitution
Example: Configuring BGP AS number substitution and SoO attribute
Example: Configuring MPLS L3VPN FRR through VPNv4 route backup for a VPNv4 route
Example: Configuring MPLS L3VPN FRR through VPNv4 route backup for an IPv4 route
Example: Configuring MPLS L3VPN FRR through IPv4 route backup for a VPNv4 route
Configuring MPLS L3VPN
MPLS L3VPN configuration examples
Example: Configuring basic MPLS L3VPN
Network configuration
CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2.
VPN 1 uses route target attribute 111:1. VPN 2 uses route target attribute 222:2. Users of different VPNs cannot access each other.
A PE and its connected CE use EBGP to exchange VPN routing information.
PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.
Table 1 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 2 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
XGE3/0/1 |
10.1.1.1/24 |
P |
Loop0 |
2.2.2.9/32 |
|
PE 1 |
Loop0 |
1.1.1.9/32 |
|
XGE3/0/4 |
172.1.1.2/24 |
|
|
XGE3/0/1 |
10.1.1.2/24 |
|
XGE3/0/5 |
172.2.1.1/24 |
|
|
XGE3/0/2 |
10.2.1.2/24 |
PE 2 |
Loop0 |
3.3.3.9/32 |
|
|
XGE3/0/4 |
172.1.1.1/24 |
|
XGE3/0/1 |
10.3.1.2/24 |
|
CE 2 |
XGE3/0/1 |
10.2.1.1/24 |
|
XGE3/0/2 |
10.4.1.2/24 |
|
CE 3 |
XGE3/0/1 |
10.3.1.1/24 |
|
XGE3/0/4 |
172.2.1.2/24 |
|
CE 4 |
XGE3/0/1 |
10.4.1.1/24 |
|
|
|
Procedure
1. Configure OSPF on the MPLS backbone to ensure IP connectivity within the backbone:
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] ip address 172.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/4] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure the P device.
<Sysname> system-view
[Sysname] sysname P
[P] interface loopback 0
[P-LoopBack0] ip address 2.2.2.9 32
[P-LoopBack0] quit
[P] interface ten-gigabitethernet 3/0/4
[P-Ten-GigabitEthernet3/0/4] ip address 172.1.1.2 24
[P-Ten-GigabitEthernet3/0/4] quit
[P] interface ten-gigabitethernet 3/0/5
[P-Ten-GigabitEthernet3/0/5] ip address 172.2.1.1 24
[P-Ten-GigabitEthernet3/0/5] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] ip address 172.2.1.2 24
[PE2-Ten-GigabitEthernet3/0/4] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Execute the display ospf peer command to verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. Execute the display ip routing-table command to verify that the PEs have learned the routes to the loopback interfaces of each other. (Details not shown.)
2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] mpls enable
[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/4] quit
# Configure the P device.
[P] mpls lsr-id 2.2.2.9
[P] mpls ldp
[P-ldp] quit
[P] interface ten-gigabitethernet 3/0/4
[P-Ten-GigabitEthernet3/0/4] mpls enable
[P-Ten-GigabitEthernet3/0/4] mpls ldp enable
[P-Ten-GigabitEthernet3/0/4] quit
[P] interface ten-gigabitethernet 3/0/5
[P-Ten-GigabitEthernet3/0/5] mpls enable
[P-Ten-GigabitEthernet3/0/5] mpls ldp enable
[P-Ten-GigabitEthernet3/0/5] quit
# Configure PE 2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] mpls enable
[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/4] quit
# Execute the display mpls ldp peer command to verify that LDP sessions in Operational state have been established between PE 1, P, and PE 2. Execute the display mpls ldp lsp command to verify that the LSPs have been established by LDP. (Details not shown.)
3. Configure VPN instances on PEs to allow CE access:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 222:2
[PE1-vpn-instance-vpn2] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2
[PE1-Ten-GigabitEthernet3/0/2] ip address 10.2.1.2 24
[PE1-Ten-GigabitEthernet3/0/2] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 200:2
[PE2-vpn-instance-vpn2] vpn-target 222:2
[PE2-vpn-instance-vpn2] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 10.3.1.2 24
[PE2-Ten-GigabitEthernet3/0/1] quit
[PE2] interface ten-gigabitethernet 3/0/2
[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2
[PE2-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24
[PE2-Ten-GigabitEthernet3/0/2] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
# Configure CE 3.
<Sysname> system-view
[Sysname] sysname CE3
[CE3] interface ten-gigabitethernet 3/0/1
[CE3-Ten-GigabitEthernet3/0/1] ip address 10.3.1.1 24
[CE3-Ten-GigabitEthernet3/0/1] quit
# Configure CE 4.
<Sysname> system-view
[Sysname] sysname CE4
[CE4] interface ten-gigabitethernet 3/0/1
[CE4-Ten-GigabitEthernet3/0/1] ip address 10.4.1.1 24
[CE4-Ten-GigabitEthernet3/0/1] quit
# Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance. Use the ping command on the PEs to verify that the PEs can ping their attached CEs. (Details not shown.)
4. Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP:
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure CE 2.
[CE2] bgp 65420
[CE2-bgp-default] peer 10.2.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# Configure CE 3.
[CE3] bgp 65430
[CE3-bgp-default] peer 10.3.1.2 as-number 100
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 10.3.1.2 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
# Configure CE 4.
[CE4] bgp 65440
[CE4-bgp-default] peer 10.4.1.2 as-number 100
[CE4-bgp-default] address-family ipv4 unicast
[CE4-bgp-default-ipv4] peer 10.4.1.2 enable
[CE4-bgp-default-ipv4] import-route direct
[CE4-bgp-default-ipv4] quit
[CE4-bgp-default] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] ip vpn-instance vpn2
[PE1-bgp-default-vpn2] peer 10.2.1.1 as-number 65420
[PE1-bgp-default-vpn2] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn2] peer 10.2.1.1 enable
[PE1-bgp-default-ipv4-vpn2] quit
[PE1-bgp-default-vpn2] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.3.1.1 as-number 65430
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] ip vpn-instance vpn2
[PE2-bgp-default-vpn2] peer 10.4.1.1 as-number 65440
[PE2-bgp-default-vpn2] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable
[PE2-bgp-default-ipv4-vpn2] quit
[PE2-bgp-default-vpn2] quit
[PE2-bgp-default] quit
# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)
5. Create an MP-IBGP peer relationship between PEs:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.9 as-number 100
[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)
Verifying the configuration
# Execute the display ip routing-table vpn-instance command on the PEs.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.2 GE1/0/1
10.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/1
10.1.1.255/32 Direct 0 0 10.1.1.2 GE1/0/1
10.3.1.0/24 BGP 255 0 3.3.3.9 GE1/0/4
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
The output shows that PE 1 has a route to the remote CE. Output on PE 2 is similar.
# Verify that CEs of the same VPN can ping each other, whereas those of different VPNs cannot. For example, CE 1 can ping CE 3 (10.3.1.1), but it cannot ping CE 4 (10.4.1.1). (Details not shown.)
Configuration files
· PE 1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 222:2 import-extcommunity
vpn-target 222:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn2
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 172.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65410
#
address-family ipv4 unicast
peer 10.1.1.1 enable
#
ip vpn-instance vpn2
peer 10.2.1.1 as-number 65420
#
address-family ipv4 unicast
peer 10.2.1.1 enable
#
return
· P:
#
sysname P
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/4
ip address 172.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/5
ip address 172.2.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 200:2
vpn-target 222:2 import-extcommunity
vpn-target 222:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.3.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn2
ip address 10.4.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 172.2.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
peer 10.3.1.1 as-number 65430
#
address-family ipv4 unicast
peer 10.3.1.1 enable
#
ip vpn-instance vpn2
peer 10.4.1.1 as-number 65440
#
address-family ipv4 unicast
peer 10.4.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
bgp 65410
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 65420
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
· CE 3:
#
sysname CE3
#
interface Ten-GigabitEthernet3/0/1
ip address 10.3.1.1 255.255.255.0
#
bgp 65430
peer 10.3.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.3.1.2 enable
#
return
· CE 4:
#
sysname CE4
#
interface Ten-GigabitEthernet3/0/1
ip address 10.4.1.1 255.255.255.0
#
bgp 65440
peer 10.4.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.4.1.2 enable
#
return
Example: Configuring MPLS L3VPN over a GRE tunnel
Network configuration
CE 1 and CE 2 belong to VPN 1. The PEs support MPLS. The P router does not support MPLS and provides only IP features.
On the backbone, use a GRE tunnel to encapsulate and forward VPN packets to implement MPLS L3VPN.
Configure tunnel policies on the PEs, and specify the tunnel type for VPN traffic as GRE.
Figure 2 Network diagram
Table 3 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 4 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
CE 1 |
XGE3/0/1 |
10.1.1.1/24 |
P |
XGE3/0/4 |
172.1.1.2/24 |
|
PE 1 |
Loop0 |
1.1.1.9/32 |
|
XGE3/0/5 |
172.2.1.1/24 |
|
|
XGE3/0/1 |
10.1.1.2/24 |
PE 2 |
Loop0 |
2.2.2.9/32 |
|
|
XGE3/0/5 |
172.1.1.1/24 |
|
XGE3/0/1 |
10.2.1.2/24 |
|
|
Tunnel0 |
20.1.1.1/24 |
|
XGE3/0/4 |
172.2.1.2/24 |
|
CE 2 |
XGE3/0/1 |
10.2.1.1/24 |
|
Tunnel0 |
20.1.1.2/24 |
Procedure
1. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone.
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 172.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/5] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<Sysname> system-view
[Sysname] sysname P
[P] interface ten-gigabitethernet 3/0/4
[P-Ten-GigabitEthernet3/0/4] ip address 172.1.1.2 24
[P-Ten-GigabitEthernet3/0/4] quit
[P] interface ten-gigabitethernet 3/0/5
[P-Ten-GigabitEthernet3/0/5] ip address 172.2.1.1 24
[P-Ten-GigabitEthernet3/0/5] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.9 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] ip address 172.2.1.2 24
[PE2-Ten-GigabitEthernet3/0/4] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Execute the display ospf peer command to verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. Execute the display ip routing-table command to verify that the PEs have learned the loopback route of each other. (Details not shown.)
2. Configure basic MPLS on the PEs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.9
# Configure PE 2.
[PE2] mpls lsr-id 2.2.2.9
3. Configure VPN instances on PEs to allow CE access, and apply tunnel policies to the VPN instances, using a GRE tunnel for VPN packet forwarding:
# Configure PE 1.
[PE1] tunnel-policy gre1
[PE1-tunnel-policy-gre1] select-seq gre load-balance-number 1
[PE1-tunnel-policy-gre1] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] tnl-policy gre1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Configure PE 2.
[PE2] tunnel-policy gre1
[PE2-tunnel-policy-gre1] select-seq gre load-balance-number 1
[PE2-tunnel-policy-gre1] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] tnl-policy gre1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[PE2-Ten-GigabitEthernet3/0/1] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
# Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance. Use the ping command on the PEs to verify that the PEs can ping their attached CEs. (Details not shown.)
4. Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP:
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 next-hop-local
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure CE 2.
[CE2] bgp 65420
[CE2-bgp-default] peer 10.2.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.2.1.1 as-number 65420
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 next-hop-local
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)
5. Configure an MP-IBGP peer relationship between PEs:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.9 as-number 100
[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.9 as-number 100
[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)
6. Configure a GRE tunnel:
# Configure PE 1.
[PE1] interface tunnel 0 mode gre
[PE1-Tunnel0] source loopback 0
[PE1-Tunnel0] destination 2.2.2.9
[PE1-Tunnel0] ip address 20.1.1.1 24
[PE1-Tunnel0] mpls enable
[PE1-Tunnel0] quit
# Configure PE 2.
[PE2] interface tunnel 0 mode gre
[PE2-Tunnel0] source loopback 0
[PE2-Tunnel0] destination 1.1.1.9
[PE2-Tunnel0] ip address 20.1.1.2 24
[PE2-Tunnel0] mpls enable
[PE2-Tunnel0] quit
Verifying the configuration
# Use the following command on CE 1 to verify that the CEs have learned the interface route from each other.
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.1 XGE3/0/1
10.1.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.1.1.255/32 Direct 0 0 10.1.1.1 XGE3/0/1
10.2.1.0/24 BGP 255 0 10.1.1.2 XGE3/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
tnl-policy gre1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
tunnel-policy gre1
select-seq gre load-balance-number 1
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 172.1.1.1 255.255.255.0
#
interface Tunnel0 mode gre
ip address 20.1.1.1 255.255.255.0
mpls enable
source LoopBack0
destination 2.2.2.9
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65410
#
address-family ipv4 unicast
peer 10.1.1.1 enable
peer 10.1.1.1 next-hop-local
#
return
· P:
#
sysname P
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
interface Ten-GigabitEthernet3/0/4
ip address 172.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 172.2.1.1 255.255.255.0
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:2
tnl-policy gre1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
tunnel-policy gre1
select-seq gre load-balance-number 1
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 172.2.1.2 255.255.255.0
#
interface Tunnel0 mode gre
ip address 20.1.1.2 255.255.255.0
mpls enable
source LoopBack0
destination 1.1.1.9
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
peer 10.2.1.1 as-number 65420
#
address-family ipv4 unicast
peer 10.2.1.1 enable
peer 10.2.1.1 next-hop-local
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
bgp 65410
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 65420
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
Example: Configuring a hub-spoke network
Network configuration
The Spoke-CEs cannot communicate directly. They can communicate only through Hub-CE.
Configure EBGP between the Spoke-CEs and Spoke-PEs and between Hub-CE and Hub-PE to exchange VPN routing information.
Configure OSPF between the Spoke-PEs and Hub-PE to implement communication between the PEs, and configure MP-IBGP between them to exchange VPN routing information.
Table 5 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface2 |
Ten-GigabitEthernet3/0/2 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 6 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
Spoke-CE 1 |
XGE3/0/1 |
10.1.1.1/24 |
Hub-CE |
XGE3/0/1 |
10.3.1.1/24 |
|
Spoke-PE 1 |
Loop0 |
1.1.1.9/32 |
|
XGE3/0/2 |
10.4.1.1/24 |
|
|
XGE3/0/1 |
10.1.1.2/24 |
Hub-PE |
Loop0 |
2.2.2.9/32 |
|
|
XGE3/0/4 |
172.1.1.1/24 |
|
XGE3/0/4 |
172.1.1.2/24 |
|
Spoke-CE 2 |
XGE3/0/1 |
10.2.1.1/24 |
|
XGE3/0/5 |
172.2.1.2/24 |
|
Spoke-PE 2 |
Loop0 |
3.3.3.9/32 |
|
XGE3/0/1 |
10.3.1.2/24 |
|
|
XGE3/0/1 |
10.2.1.2/24 |
|
XGE3/0/2 |
10.4.1.2/24 |
|
|
XGE3/0/4 |
172.2.1.1/24 |
|
|
|
Procedure
1. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone:
# Configure Spoke-PE 1.
<Sysname> system-view
[Sysname] sysname Spoke-PE1
[Spoke-PE1] interface loopback 0
[Spoke-PE1-LoopBack0] ip address 1.1.1.9 32
[Spoke-PE1-LoopBack0] quit
[Spoke-PE1] interface ten-gigabitethernet 3/0/4
[Spoke-PE1-Ten-GigabitEthernet3/0/4] ip address 172.1.1.1 24
[Spoke-PE1-Ten-GigabitEthernet3/0/4] quit
[Spoke-PE1] ospf
[Spoke-PE1-ospf-1] area 0
[Spoke-PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[Spoke-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[Spoke-PE1-ospf-1-area-0.0.0.0] quit
[Spoke-PE1-ospf-1] quit
# Configure Spoke-PE 2.
<Sysname> system-view
[Sysname] sysname Spoke-PE2
[Spoke-PE2] interface loopback 0
[Spoke-PE2-LoopBack0] ip address 3.3.3.9 32
[Spoke-PE2-LoopBack0] quit
[Spoke-PE2] interface ten-gigabitethernet 3/0/4
[Spoke-PE2-Ten-GigabitEthernet3/0/4] ip address 172.2.1.1 24
[Spoke-PE2-Ten-GigabitEthernet3/0/4] quit
[Spoke-PE2] ospf
[Spoke-PE2-ospf-1] area 0
[Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[Spoke-PE2-ospf-1-area-0.0.0.0] quit
[Spoke-PE2-ospf-1] quit
# Configure Hub-PE.
<Sysname> system-view
[Sysname] sysname Hub-PE
[Hub-PE] interface loopback 0
[Hub-PE-LoopBack0] ip address 2.2.2.9 32
[Hub-PE-LoopBack0] quit
[Hub-PE] interface ten-gigabitethernet 3/0/4
[Hub-PE-Ten-GigabitEthernet3/0/4] ip address 172.1.1.2 24
[Hub-PE-Ten-GigabitEthernet3/0/4] quit
[Hub-PE] interface ten-gigabitethernet 3/0/5
[Hub-PE-Ten-GigabitEthernet3/0/5] ip address 172.2.1.2 24
[Hub-PE-Ten-GigabitEthernet3/0/5] quit
[Hub-PE] ospf
[Hub-PE-ospf-1] area 0
[Hub-PE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[Hub-PE-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[Hub-PE-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[Hub-PE-ospf-1-area-0.0.0.0] quit
[Hub-PE-ospf-1] quit
# Execute the display ospf peer command on the devices to verify that OSPF adjacencies in Full state have been established between Spoke-PE 1, Spoke-PE 2, and Hub-PE. Execute the display ip routing-table command on the devices to verify that the PEs have learned the routes to the loopback interfaces of each other. (Details not shown.)
2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure Spoke-PE 1.
[Spoke-PE1] mpls lsr-id 1.1.1.9
[Spoke-PE1] mpls ldp
[Spoke-PE1-ldp] quit
[Spoke-PE1] interface ten-gigabitethernet 3/0/4
[Spoke-PE1-Ten-GigabitEthernet3/0/4] mpls enable
[Spoke-PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[Spoke-PE1-Ten-GigabitEthernet3/0/4] quit
# Configure Spoke-PE 2.
[Spoke-PE2] mpls lsr-id 3.3.3.9
[Spoke-PE2] mpls ldp
[Spoke-PE2-ldp] quit
[Spoke-PE2] interface ten-gigabitethernet 3/0/4
[Spoke-PE2-Ten-GigabitEthernet3/0/4] mpls enable
[Spoke-PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable
[Spoke-PE2-Ten-GigabitEthernet3/0/4] quit
# Configure Hub-PE.
[Hub-PE] mpls lsr-id 2.2.2.9
[Hub-PE] mpls ldp
[Hub-PE-ldp] quit
[Hub-PE] interface ten-gigabitethernet 3/0/4
[Hub-PE-Ten-GigabitEthernet3/0/4] mpls enable
[Hub-PE-Ten-GigabitEthernet3/0/4] mpls ldp enable
[Hub-PE-Ten-GigabitEthernet3/0/4] quit
[Hub-PE] interface ten-gigabitethernet 3/0/5
[Hub-PE-Ten-GigabitEthernet3/0/5] mpls enable
[Hub-PE-Ten-GigabitEthernet3/0/5] mpls ldp enable
[Hub-PE-Ten-GigabitEthernet3/0/5] quit
# Execute the display mpls ldp peer command on the devices to verify that LDP sessions in Operational state have been established between Spoke-PE 1, Spoke-PE 2, and Hub-PE. Execute the display mpls ldp lsp command on the devices to verify that the LSPs have been established by LDP. (Details not shown.)
3. Configure VPN instances on the Spoke-PEs and Hub-PE to connect CEs:
# Configure Spoke-PE 1.
[Spoke-PE1] ip vpn-instance vpn1
[Spoke-PE1-vpn-instance-vpn1] route-distinguisher 100:1
[Spoke-PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity
[Spoke-PE1-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity
[Spoke-PE1-vpn-instance-vpn1] quit
[Spoke-PE1] interface ten-gigabitethernet 3/0/1
[Spoke-PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[Spoke-PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24
[Spoke-PE1-Ten-GigabitEthernet3/0/1] quit
# Configure Spoke-PE 2.
[Spoke-PE2] ip vpn-instance vpn1
[Spoke-PE2-vpn-instance-vpn1] route-distinguisher 100:2
[Spoke-PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity
[Spoke-PE2-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity
[Spoke-PE2-vpn-instance-vpn1] quit
[Spoke-PE2] interface ten-gigabitethernet 3/0/1
[Spoke-PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[Spoke-PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[Spoke-PE2-Ten-GigabitEthernet3/0/1] quit
# Configure Hub-PE.
[Hub-PE] ip vpn-instance vpn1-in
[Hub-PE-vpn-instance-vpn1-in] route-distinguisher 100:3
[Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity
[Hub-PE-vpn-instance-vpn1-in] quit
[Hub-PE] ip vpn-instance vpn1-out
[Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4
[Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity
[Hub-PE-vpn-instance-vpn1-out] quit
[Hub-PE] interface ten-gigabitethernet 3/0/1
[Hub-PE-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1-in
[Hub-PE-Ten-GigabitEthernet3/0/1] ip address 10.3.1.2 24
[Hub-PE-Ten-GigabitEthernet3/0/1] quit
[Hub-PE] interface ten-gigabitethernet 3/0/2
[Hub-PE-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1-out
[Hub-PE-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24
[Hub-PE-Ten-GigabitEthernet3/0/2] quit
# Configure Spoke-CE 1.
<Sysname> system-view
[Sysname] sysname Spoke-CE1
[Spoke-CE1] interface ten-gigabitethernet 3/0/1
[Spoke-CE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[Spoke-CE1-Ten-GigabitEthernet3/0/1] quit
# Configure Spoke-CE 2.
<Sysname> system-view
[Sysname] sysname Spoke-CE2
[Spoke-CE2] interface ten-gigabitethernet 3/0/1
[Spoke-CE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[Spoke-CE2-Ten-GigabitEthernet3/0/1] quit
# Configure Hub-CE.
<Sysname> system-view
[Sysname] sysname Hub-CE
[Hub-CE] interface ten-gigabitethernet 3/0/1
[Hub-CE-Ten-GigabitEthernet3/0/1] ip address 10.3.1.1 24
[Hub-CE-Ten-GigabitEthernet3/0/1] quit
[Hub-CE] interface ten-gigabitethernet 3/0/2
[Hub-CE-Ten-GigabitEthernet3/0/2] ip address 10.4.1.1 24
[Hub-CE-Ten-GigabitEthernet3/0/2] quit
# Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance. Use the ping command on the PEs to verify that the PEs can ping their attached CEs. (Details not shown.)
4. Establish EBGP peer relationships between the PEs and CEs, and redistribute VPN routes into BGP:
# Configure Spoke-CE 1.
[Spoke-CE1] bgp 65410
[Spoke-CE1-bgp-default] peer 10.1.1.2 as-number 100
[Spoke-CE1-bgp-default] address-family ipv4
[Spoke-CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[Spoke-CE1-bgp-default-ipv4] import-route direct
[Spoke-CE1-bgp-default-ipv4] quit
[Spoke-CE1-bgp-default] quit
# Configure Spoke-CE 2.
[Spoke-CE2] bgp 65420
[Spoke-CE2-bgp-default] peer 10.2.1.2 as-number 100
[Spoke-CE2-bgp-default] address-family ipv4
[Spoke-CE2-bgp-default-ipv4] peer 10.2.1.2 enable
[Spoke-CE2-bgp-default-ipv4] import-route direct
[Spoke-CE2-bgp-default-ipv4] quit
[Spoke-CE2-bgp-default] quit
# Configure Hub-CE.
[Hub-CE] bgp 65430
[Hub-CE-bgp-default] peer 10.3.1.2 as-number 100
[Hub-CE-bgp-default] peer 10.4.1.2 as-number 100
[Hub-CE-bgp-default] address-family ipv4
[Hub-CE-bgp-default-ipv4] peer 10.3.1.2 enable
[Hub-CE-bgp-default-ipv4] peer 10.4.1.2 enable
[Hub-CE-bgp-default-ipv4] import-route direct
[Hub-CE-bgp-default-ipv4] quit
[Hub-CE-bgp-default] quit
# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp-default] ip vpn-instance vpn1
[Spoke-PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65410
[Spoke-PE1-bgp-default-vpn1] address-family ipv4
[Spoke-PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[Spoke-PE1-bgp-default-ipv4-vpn1] quit
[Spoke-PE1-bgp-default-vpn1] quit
[Spoke-PE1-bgp-default] quit
# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp-default] ip vpn-instance vpn1
[Spoke-PE2-bgp-default-vpn1] peer 10.2.1.1 as-number 65420
[Spoke-PE2-bgp-default-vpn1] address-family ipv4
[Spoke-PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[Spoke-PE2-bgp-default-ipv4-vpn1] quit
[Spoke-PE2-bgp-default-vpn1] quit
[Spoke-PE2-bgp-default] quit
# Configure Hub-PE.
[Hub-PE] bgp 100
[Hub-PE-bgp-default] ip vpn-instance vpn1-in
[Hub-PE-bgp-default-vpn1-in] peer 10.3.1.1 as-number 65430
[Hub-PE-bgp-default-vpn1-in] address-family ipv4
[Hub-PE-bgp-default-ipv4-vpn1-in] peer 10.3.1.1 enable
[Hub-PE-bgp-default-ipv4-vpn1-in] quit
[Hub-PE-bgp-default-vpn1-in] quit
[Hub-PE-bgp-default] ip vpn-instance vpn1-out
[Hub-PE-bgp-default-vpn1-out] peer 10.4.1.1 as-number 65430
[Hub-PE-bgp-default-vpn1-out] address-family ipv4
[Hub-PE-bgp-default-ipv4-vpn1-out] peer 10.4.1.1 enable
[Hub-PE-bgp-default-ipv4-vpn1-out] peer 10.4.1.1 allow-as-loop 2
[Hub-PE-bgp-default-ipv4-vpn1-out] quit
[Hub-PE-bgp-default-vpn1-out] quit
[Hub-PE-bgp-default] quit
# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)
5. Establish an MP-IBGP peer relationship between the Spoke-PEs and Hub-PE:
# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp-default] peer 2.2.2.9 as-number 100
[Spoke-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[Spoke-PE1-bgp-default] address-family vpnv4
[Spoke-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable
[Spoke-PE1-bgp-default-vpnv4] quit
[Spoke-PE1-bgp-default] quit
# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp-default] peer 2.2.2.9 as-number 100
[Spoke-PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[Spoke-PE2-bgp-default] address-family vpnv4
[Spoke-PE2-bgp-default-vpnv4] peer 2.2.2.9 enable
[Spoke-PE2-bgp-default-vpnv4] quit
[Spoke-PE2-bgp-default] quit
# Configure Hub-PE.
[Hub-PE] bgp 100
[Hub-PE-bgp-default] peer 1.1.1.9 as-number 100
[Hub-PE-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[Hub-PE-bgp-default] peer 3.3.3.9 as-number 100
[Hub-PE-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[Hub-PE-bgp-default] address-family vpnv4
[Hub-PE-bgp-default-vpnv4] peer 1.1.1.9 enable
[Hub-PE-bgp-default-vpnv4] peer 3.3.3.9 enable
[Hub-PE-bgp-default-vpnv4] quit
[Hub-PE-bgp-default] quit
# Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)
Verifying the configuration
# Execute the display ip routing-table vpn-instance command on the PEs to display the routes to the CEs. This example uses Spoke-PE 1 to verify that the next hop of the route from a Spoke-PE to its connected Spoke-CE is Hub-PE.
[Spoke-PE1] display ip routing-table vpn-instance vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/1
10.1.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/1
10.2.1.0/24 BGP 255 0 2.2.2.9 XGE3/0/4
10.3.1.0/24 BGP 255 0 2.2.2.9 XGE3/0/4
10.4.1.0/24 BGP 255 0 2.2.2.9 XGE3/0/4
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that Spoke-CE 1 and Spoke-CE 2 can ping each other. The TTL value indicates that traffic from Spoke-CE 1 to Spoke-CE 2 passes six hops (255-250+1) and is forwarded through Hub-CE. This example uses Spoke-CE 1 to verify their connectivity.
[Spoke-CE1] ping 10.2.1.1
Ping 10.2.1.1 (10.2.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 10.2.1.1: icmp_seq=0 ttl=250 time=1.000 ms
56 bytes from 10.2.1.1: icmp_seq=1 ttl=250 time=2.000 ms
56 bytes from 10.2.1.1: icmp_seq=2 ttl=250 time=0.000 ms
56 bytes from 10.2.1.1: icmp_seq=3 ttl=250 time=1.000 ms
56 bytes from 10.2.1.1: icmp_seq=4 ttl=250 time=0.000 ms
--- Ping statistics for 10.2.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms
Configuration files
· Spoke-PE 1:
#
sysname Spoke-PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 import-extcommunity
vpn-target 222:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 172.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65410
#
address-family ipv4 unicast
peer 10.1.1.1 enable
#
return
· Spoke-PE 2:
#
sysname Spoke-PE2
#
ip vpn-instance vpn1
route-distinguisher 100:2
vpn-target 111:1 import-extcommunity
vpn-target 222:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 172.2.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
peer 10.2.1.1 as-number 65420
#
address-family ipv4 unicast
peer 10.2.1.1 enable
#
return
· Hub-PE:
#
sysname Hub-PE
#
ip vpn-instance vpn1-in
route-distinguisher 100:3
vpn-target 222:2 import-extcommunity
#
ip vpn-instance vpn1-out
route-distinguisher 100:4
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1-in
ip address 10.3.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn1-out
ip address 10.4.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 172.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/5
ip address 172.2.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ip vpn-instance vpn1-in
peer 10.3.1.1 as-number 65430
#
address-family ipv4 unicast
peer 10.3.1.1 enable
#
ip vpn-instance vpn1-out
peer 10.4.1.1 as-number 65430
#
address-family ipv4 unicast
peer 10.4.1.1 enable
peer 10.4.1.1 allow-as-loop 2
#
return
· Spoke-CE 1:
#
sysname Spoke-CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
bgp 65410
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
return
· Spoke-CE 2:
#
sysname Spoke-CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 65420
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
· Hub-CE:
#
sysname Hub-CE
#
interface Ten-GigabitEthernet3/0/1
ip address 10.3.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 10.4.1.1 255.255.255.0
#
bgp 65430
peer 10.3.1.2 as-number 100
peer 10.4.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.3.1.2 enable
peer 10.4.1.2 enable
#
return
Example: Configuring MPLS L3VPN inter-AS option A
Network configuration
CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100, and CE 2 accesses the network through PE 2 in AS 200.
Configure inter-AS option A MPLS L3VPN, and use the VRF-to-VRF method to manage VPN routes.
Run OSPF on the MPLS backbone of each AS.
Figure 4 Network diagram
Table 7 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 8 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
CE 1 |
XGE3/0/1 |
10.1.1.1/24 |
CE 2 |
XGE3/0/1 |
10.2.1.1/24 |
|
PE 1 |
Loop0 |
1.1.1.9/32 |
PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/1 |
10.1.1.2/24 |
|
XGE3/0/1 |
10.2.1.2/24 |
|
|
XGE3/0/4 |
172.1.1.2/24 |
|
XGE3/0/4 |
162.1.1.2/24 |
|
ASBR-PE1 |
Loop0 |
2.2.2.9/32 |
ASBR-PE2 |
Loop0 |
3.3.3.9/32 |
|
|
XGE3/0/4 |
172.1.1.1/24 |
|
XGE3/0/4 |
162.1.1.1/24 |
|
|
XGE3/0/5 |
192.1.1.1/24 |
|
XGE3/0/5 |
192.1.1.2/24 |
Restrictions and guidelines
For the same VPN, the route targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. This is not required for PEs in different ASs.
Procedure
1. Configure IGP on the MPLS backbone.
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] ip address 172.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/4] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure ASBR-PE1.
<Sysname> system-view
[Sysname] sysname ASBR-PE1
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 2.2.2.9 32
[ASBR-PE1-LoopBack0] quit
[ASBR-PE1] interface ten-gigabitethernet 3/0/4
[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 172.1.1.1 24
[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit
[ASBR-PE1] ospf
[ASBR-PE1-ospf-1] area 0
[ASBR-PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[ASBR-PE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[ASBR-PE1-ospf-1-area-0.0.0.0] quit
[ASBR-PE1-ospf-1] quit
# Configure ASBR-PE2.
<Sysname> system-view
[Sysname] sysname ASBR-PE2
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE2-LoopBack0] quit
[ASBR-PE2] interface ten-gigabitethernet 3/0/4
[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 162.1.1.1 24
[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit
[ASBR-PE2] ospf
[ASBR-PE2-ospf-1] area 0
[ASBR-PE2-ospf-1-area-0.0.0.0] network 162.1.1.0 0.0.0.255
[ASBR-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[ASBR-PE2-ospf-1-area-0.0.0.0] quit
[ASBR-PE2-ospf-1] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 4.4.4.9 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] ip address 162.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/4] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 162.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Execute the display ospf peer command to verify that each ASBR-PE has established an OSPF adjacency in Full state with the PE in the same AS, and that PEs and ASBR-PEs in the same AS have learned the routes to the loopback interfaces of each other. Verify that each ASBR-PE and the PE in the same AS can ping each other. (Details not shown.)
2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure basic MPLS on PE 1, and enable MPLS LDP on the interface connected to ASBR-PE 1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] mpls enable
[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/4] quit
# Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP on the interface connected to PE 1.
[ASBR-PE1] mpls lsr-id 2.2.2.9
[ASBR-PE1] mpls ldp
[ASBR-PE1-ldp] quit
[ASBR-PE1] interface ten-gigabitethernet 3/0/4
[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit
# Configure basic MPLS on ASBR-PE 2, and enable MPLS LDP on the interface connected to PE 2.
[ASBR-PE2] mpls lsr-id 3.3.3.9
[ASBR-PE2] mpls ldp
[ASBR-PE2-ldp] quit
[ASBR-PE2] interface ten-gigabitethernet 3/0/4
[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable
[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit
# Configure basic MPLS on PE 2, and enable MPLS LDP on the interface connected to ASBR-PE 2.
[PE2] mpls lsr-id 4.4.4.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] mpls enable
[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/4] quit
# Execute the display mpls ldp peer command on the devices to verify that the LDP session status is Operational, and that each PE and the ASBR-PE in the same AS have established an LDP neighbor relationship. (Details not shown.)
3. Configure VPN instances on PEs to connect CEs:
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:2
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:2
[PE2-vpn-instance-vpn1] vpn-target 200:1 both
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[PE2-Ten-GigabitEthernet3/0/1] quit
# On ASBR-PE 1, create a VPN instance, and bind the instance to the interface connected to ASBR-PE 2. ASBR-PE 1 considers ASBR-PE 2 to be its CE.
[ASBR-PE1] ip vpn-instance vpn1
[ASBR-PE1-vpn-instance-vpn1] route-distinguisher 100:1
[ASBR-PE1-vpn-instance-vpn1] vpn-target 100:1 both
[ASBR-PE1-vpn-instance-vpn1] quit
[ASBR-PE1] interface ten-gigabitethernet 3/0/5
[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1
[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 192.1.1.1 24
[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit
# On ASBR-PE 2, create a VPN instance, and bind the instance to the interface connected to ASBR-PE 1. ASBR-PE 2 considers ASBR-PE 1 to be its CE.
[ASBR-PE2] ip vpn-instance vpn1
[ASBR-PE2-vpn-instance-vpn1] route-distinguisher 200:1
[ASBR-PE2-vpn-instance-vpn1] vpn-target 200:1 both
[ASBR-PE2-vpn-instance-vpn1] quit
[ASBR-PE2] interface ten-gigabitethernet 3/0/5
[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1
[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 192.1.1.2 24
[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit
# Execute the display ip vpn-instance command to display VPN instance configurations. Verify that the PEs can ping their attached CEs, and the ASBR-PEs can ping each other. (Details not shown.)
4. Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP:
# Configure CE 1.
[CE1] bgp 65001
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure CE 2.
[CE2] bgp 65002
[CE2-bgp-default] peer 10.2.1.2 as-number 200
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# Configure PE 2.
[PE2] bgp 200
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.2.1.1 as-number 65002
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
5. Establish an MP-IBGP peer relationship between each PE and the ASBR-PE in the same AS, and an EBGP peer relationship between the ASBR-PEs:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.9 as-number 100
[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-default-vpnv4] peer 2.2.2.9 next-hop-local
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure ASBR-PE 1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] ip vpn-instance vpn1
[ASBR-PE1-bgp-default-vpn1] peer 192.1.1.2 as-number 200
[ASBR-PE1-bgp-default-vpn1] address-family ipv4 unicast
[ASBR-PE1-bgp-default-ipv4-vpn1] peer 192.1.1.2 enable
[ASBR-PE1-bgp-default-ipv4-vpn1] quit
[ASBR-PE1-bgp-default-vpn1] quit
[ASBR-PE1-bgp-default] peer 1.1.1.9 as-number 100
[ASBR-PE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[ASBR-PE1-bgp-default] address-family vpnv4
[ASBR-PE1-bgp-default-vpnv4] peer 1.1.1.9 enable
[ASBR-PE1-bgp-default-vpnv4] peer 1.1.1.9 next-hop-local
[ASBR-PE1-bgp-default-vpnv4] quit
[ASBR-PE1-bgp-default] quit
# Configure ASBR-PE 2.
[ASBR-PE2] bgp 200
[ASBR-PE2-bgp-default] ip vpn-instance vpn1
[ASBR-PE2-bgp-default-vpn1] peer 192.1.1.1 as-number 100
[ASBR-PE2-bgp-default-vpn1] address-family ipv4 unicast
[ASBR-PE2-bgp-default-ipv4-vpn1] peer 192.1.1.1 enable
[ASBR-PE2-bgp-default-ipv4-vpn1] quit
[ASBR-PE2-bgp-default-vpn1] quit
[ASBR-PE2-bgp-default] peer 4.4.4.9 as-number 200
[ASBR-PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[ASBR-PE2-bgp-default] address-family vpnv4
[ASBR-PE2-bgp-default-vpnv4] peer 4.4.4.9 enable
[ASBR-PE2-bgp-default-vpnv4] peer 4.4.4.9 next-hop-local
[ASBR-PE2-bgp-default-vpnv4] quit
[ASBR-PE2-bgp-default] quit
# Configure PE 2.
[PE2] bgp 200
[PE2-bgp-default] peer 3.3.3.9 as-number 200
[PE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE2-bgp-default-vpnv4] peer 3.3.3.9 next-hop-local
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
Verifying the configuration
# Verify that the CEs can learn the interface routes from each other and ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:2
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface GigabitEthernet1/0/1
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/4
ip address 172.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
peer 2.2.2.9 next-hop-local
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65001
#
address-family ipv4 unicast
peer 10.1.1.1 enable
#
return
· ASBR-PE 1:
#
sysname ASBR-PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface GigabitEthernet1/0/4
ip address 172.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface GigabitEthernet1/0/5
ip binding vpn-instance vpn1
ip address 192.1.1.1 255.255.255.0
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
peer 1.1.1.9 next-hop-local
#
ip vpn-instance vpn1
peer 192.1.1.2 as-number 200
#
address-family ipv4 unicast
peer 192.1.1.2 enable
#
return
· ASBR-PE 2:
#
sysname ASBR-PE2
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 200:1 import-extcommunity
vpn-target 200:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 162.1.1.0 0.0.0.255
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface GigabitEthernet1/0/4
ip address 162.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface GigabitEthernet1/0/5
ip binding vpn-instance vpn1
ip address 192.1.1.2 255.255.255.0
#
bgp 200
peer 4.4.4.9 as-number 200
peer 4.4.4.9 connect-interface LoopBack0
#
address-family vpnv4
peer 4.4.4.9 enable
peer 4.4.4.9 next-hop-local
#
ip vpn-instance vpn1
peer 192.1.1.1 as-number 100
#
address-family ipv4 unicast
peer 192.1.1.1 enable
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:2
vpn-target 200:1 import-extcommunity
vpn-target 200:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 162.1.1.0 0.0.0.255
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
interface GigabitEthernet1/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/4
ip address 162.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 200
peer 3.3.3.9 as-number 200
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
peer 3.3.3.9 next-hop-local
#
ip vpn-instance vpn1
peer 10.2.1.1 as-number 65002
#
address-family ipv4 unicast
peer 10.2.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface GigabitEthernet1/0/1
ip address 10.1.1.1 255.255.255.0
#
bgp 65001
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface GigabitEthernet1/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 65002
peer 10.2.1.2 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
Example: Configuring MPLS L3VPN inter-AS option B
Network configuration
Site 1 and Site 2 belong to the same VPN. CE 1 of Site 1 accesses the network through PE 1 in AS 100, and CE 2 of Site 2 accesses the network through PE 2 in AS 600.
PEs in the same AS run IS-IS.
PE 1 and ASBR-PE 1 exchange VPNv4 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv4 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv4 routes through MP-EBGP.
ASBRs do not perform route target filtering of received VPN-IPv4 routes.
Figure 5 Network diagram
Table 9 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 10 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
PE 1 |
Loop0 |
2.2.2.9/32 |
PE 2 |
Loop0 |
5.5.5.9/32 |
|
|
XGE3/0/1 |
30.0.0.1/8 |
|
XGE3/0/1 |
20.0.0.1/8 |
|
|
XGE3/0/5 |
1.1.1.2/8 |
|
XGE3/0/5 |
9.1.1.2/8 |
|
ASBR-PE 1 |
Loop0 |
3.3.3.9/32 |
ASBR-PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/5 |
1.1.1.1/8 |
|
XGE3/0/5 |
9.1.1.1/8 |
|
|
XGE3/0/4 |
11.0.0.2/8 |
|
XGE3/0/4 |
11.0.0.1/8 |
|
CE 1 |
XGE3/0/1 |
30.0.0.2/8 |
CE 2 |
XGE3/0/1 |
20.0.0.2/8 |
Procedure
1. Configure PE 1:
# Configure IS-IS on PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0001.00
[PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9
[PE1] mpls ldp
[PE1-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0
[PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0, and enable IS-IS on it.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 1:1 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Bind the interface connected to CE 1 to the created VPN instance.
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 8
[PE1-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 1.
[PE1] bgp 100
# Configure IBGP peer 3.3.3.9 as a VPNv4 peer.
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-default-vpnv4] quit
# Specify the CE as an EBGP peer of the PE.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
2. Configure ASBR-PE 1:
# Enable IS-IS on ASBR-PE 1.
<Sysname> system-view
[Sysname] sysname ASBR-PE1
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.0000.0000.0000.0002.00
[ASBR-PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls ldp
[ASBR-PE1-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface ten-gigabitethernet 3/0/5
[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS.
[ASBR-PE1] interface ten-gigabitethernet 3/0/4
[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit
# Configure Loopback 0, and enable IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit
# Enable BGP on ASBR-PE 1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface ten-gigabitethernet 3/0/4
# Disable route target based filtering of received VPNv4 routes.
[ASBR-PE1-bgp-default] address-family vpnv4
[ASBR-PE1-bgp-default-vpnv4] undo policy vpn-target
# Configure both IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv4 peers.
[ASBR-PE1-bgp-default-vpnv4] peer 11.0.0.1 enable
[ASBR-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable
[ASBR-PE1-bgp-default-vpnv4] quit
3. Configure ASBR-PE 2:
# Enable IS-IS on ASBR-PE 2.
<Sysname> system-view
[Sysname] sysname ASBR-PE2
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.0000.0000.0000.0003.00
[ASBR-PE2-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls ldp
[ASBR-PE2-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/5
[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS.
[ASBR-PE2] interface ten-gigabitethernet 3/0/4
[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit
# Configure Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit
# Enable BGP on ASBR-PE 2.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface ten-gigabitethernet 3/0/4
[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0
# Disable route target based filtering of received VPNv4 routes.
[ASBR-PE2-bgp-default] address-family vpnv4
[ASBR-PE2-bgp-default-vpnv4] undo policy vpn-target
# Configure both IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv4 peers.
[ASBR-PE2-bgp-default-vpnv4] peer 11.0.0.2 enable
[ASBR-PE2-bgp-default-vpnv4] peer 5.5.5.9 enable
[ASBR-PE2-bgp-default-vpnv4] quit
[ASBR-PE2-bgp-default] quit
4. Configure PE 2:
# Enable IS-IS on PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE2-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls ldp
[PE2-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5 and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0
[PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0 and enable IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 12:12
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 2:2 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Bind the interface connected to CE 1 to the created VPN instance.
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 8
[PE2-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Configure IBGP peer 4.4.4.9 as a VPNv4 peer.
[PE2-bgp-default] peer 4.4.4.9 as-number 600
[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 4.4.4.9 enable
[PE2-bgp-default-vpnv4] quit
# Specify the CE as an EBGP peer of the PE.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
5. Configure CE 1:
# Assign IP addresses to interfaces.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 8
[CE1-Ten-GigabitEthernet3/0/1] quit
# Specify the PE as an EBGP peer of the CE and redistribute direct routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 30.0.0.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 30.0.0.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
6. Configure CE 2:
# Assign IP addresses to interfaces.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 8
[CE2-Ten-GigabitEthernet3/0/1] quit
# Specify the PE as an EBGP peer of the CE and redistribute direct routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 20.0.0.1 as-number 600
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.0.0.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# Verify that the CEs can learn the interface routes from each other and ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0001.00
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 30.0.0.1 255.0.0.0
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
peer 30.0.0.2 as-number 65001
#
address-family ipv4 unicast
peer 30.0.0.2 enable
#
return
· ASBR-PE 1:
#
sysname ASBR-PE1
#
isis 1
network-entity 10.0000.0000.0000.0002.00
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.2 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 11.0.0.1 as-number 600
peer 11.0.0.1 connect-interface Ten-GigabitEthernet3/0/4
#
address-family vpnv4
undo policy vpn-target
peer 2.2.2.9 enable
peer 11.0.0.1 enable
#
return
· ASBR-PE 2:
#
sysname ASBR-PE2
#
isis 1
network-entity 10.0000.0000.0000.0003.00
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.1 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 5.5.5.9 as-number 600
peer 5.5.5.9 connect-interface LoopBack0
peer 11.0.0.2 as-number 100
peer 11.0.0.2 connect-interface Ten-GigabitEthernet3/0/4
#
address-family vpnv4
undo policy vpn-target
peer 5.5.5.9 enable
peer 11.0.0.2 enable
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 12:12
vpn-target 1:1 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 5.5.5.9
#
mpls ldp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 20.0.0.1 255.0.0.0
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 4.4.4.9 as-number 600
peer 4.4.4.9 connect-interface LoopBack0
#
address-family vpnv4
peer 4.4.4.9 enable
#
ip vpn-instance vpn1
peer 20.0.0.2 as-number 65002
#
address-family ipv4 unicast
peer 20.0.0.2 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 30.0.0.2 255.0.0.0
#
bgp 65001
peer 30.0.0.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 30.0.0.1 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 20.0.0.2 255.0.0.0
#
bgp 65002
peer 20.0.0.1 as-number 600
#
address-family ipv4 unicast
import-route direct
peer 20.0.0.1 enable
#
return
Verifying the configuration
# Use the following command on PE 1 to verify its connectivity to PE 2.
[PE1] ping -a 30.0.0.1 -vpn-instance vpn1 20.0.0.1
Ping 20.0.0.1 (20.0.0.1) from 30.0.0.1: 56 data bytes, press CTRL_C to break
56 bytes from 20.0.0.1: icmp_seq=0 ttl=255 time=1.208 ms
56 bytes from 20.0.0.1: icmp_seq=1 ttl=255 time=0.867 ms
56 bytes from 20.0.0.1: icmp_seq=2 ttl=255 time=0.551 ms
56 bytes from 20.0.0.1: icmp_seq=3 ttl=255 time=0.566 ms
56 bytes from 20.0.0.1: icmp_seq=4 ttl=255 time=0.570 ms
--- Ping statistics for 20.0.0.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.551/0.752/1.208/0.257 ms
Example: Configuring MPLS L3VPN inter-AS option C (method 1) (exchanging labeled routes in BGP IPv4 unicast address family)
Network configuration
Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.
PE 1 and ASBR-PE 1 exchange labeled IPv4 routes through IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes through IBGP. PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.
ASBR-PE 1 and ASBR-PE 2 use routing policies and label the routes received from each other.
ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes.
Figure 6 Network diagram
Table 11 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 12 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
PE 1 |
Loop0 |
2.2.2.9/32 |
PE 2 |
Loop0 |
5.5.5.9/32 |
|
|
XGE3/0/1 |
30.0.0.1/24 |
|
XGE3/0/1 |
20.0.0.1/24 |
|
|
XGE3/0/5 |
1.1.1.2/8 |
|
XGE3/0/5 |
9.1.1.2/8 |
|
ASBR-PE 1 |
Loop0 |
3.3.3.9/32 |
ASBR-PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/5 |
1.1.1.1/8 |
|
XGE3/0/5 |
9.1.1.1/8 |
|
|
XGE3/0/4 |
11.0.0.2/8 |
|
XGE3/0/4 |
11.0.0.1/8 |
|
CE 1 |
XGE3/0/1 |
30.0.0.2/24 |
CE 2 |
XGE3/0/1 |
20.0.0.2/24 |
Procedure
1. Configure CE 1:
# Configure an IP address for Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24
[CE1-Ten-GigabitEthernet3/0/1] quit
# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 30.0.0.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 30.0.0.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Configure IS-IS on PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0001.00
[PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9
[PE1] mpls ldp
[PE1-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0
[PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0 and enable IS-IS on it.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 1.
[PE1] bgp 100
# Enable the capability to advertise labeled routes to IBGP peer 3.3.3.9 and to receive labeled routes from the peer.
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp-default] address-family ipv4 unicast
[PE1-bgp-default-ipv4] peer 3.3.3.9 enable
[PE1-bgp-default-ipv4] peer 3.3.3.9 label-route-capability
[PE1-bgp-default-ipv4] quit
# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.
[PE1-bgp-default] peer 5.5.5.9 as-number 600
[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0
[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10
# Configure peer 5.5.5.9 as a VPNv4 peer.
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable
[PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
3. Configure ASBR-PE 1:
# Enable IS-IS on ASBR-PE 1.
<Sysname> system-view
[Sysname] sysname ASBR-PE1
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.0000.0000.0000.0002.00
[ASBR-PE1-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls ldp
[ASBR-PE1-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface ten-gigabitethernet 3/0/5
[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.
[ASBR-PE1] interface ten-gigabitethernet 3/0/4
[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit
# Configure Loopback 0, and enable IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit
# Create routing policies.
[ASBR-PE1] route-policy policy1 permit node 1
[ASBR-PE1-route-policy-policy1-1] apply mpls-label
[ASBR-PE1-route-policy-policy1-1] quit
[ASBR-PE1] route-policy policy2 permit node 1
[ASBR-PE1-route-policy-policy2-1] if-match mpls-label
[ASBR-PE1-route-policy-policy2-1] apply mpls-label
[ASBR-PE1-route-policy-policy2-1] quit
# Enable BGP on ASBR-PE 1, and apply the routing policy policy2 to routes advertised to IBGP peer 2.2.2.9.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp-default] address-family ipv4 unicast
[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 enable
[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 route-policy policy2 export
# Enable the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled routes from the peer.
[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 label-route-capability
# Redistribute routes from IS-IS process 1 to BGP.
[ASBR-PE1-bgp-default-ipv4] import-route isis 1
[ASBR-PE1-bgp-default-ipv4] quit
# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.
[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp-default] address-family ipv4 unicast
[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable
[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export
# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive labeled routes from the peer.
[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability
[ASBR-PE1-bgp-default-ipv4] quit
[ASBR-PE1-bgp-default] quit
4. Configure ASBR-PE 2:
# Enable IS-IS on ASBR-PE 2.
<Sysname> system-view
[Sysname] sysname ASBR-PE2
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.0000.0000.0000.0003.00
[ASBR-PE2-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls ldp
[ASBR-PE2-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/5
[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/4
[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit
# Create routing policies.
[ASBR-PE2] route-policy policy1 permit node 1
[ASBR-PE2-route-policy-policy1-1] apply mpls-label
[ASBR-PE2-route-policy-policy1-1] quit
[ASBR-PE2] route-policy policy2 permit node 1
[ASBR-PE2-route-policy-policy2-1] if-match mpls-label
[ASBR-PE2-route-policy-policy2-1] apply mpls-label
[ASBR-PE2-route-policy-policy2-1] quit
# Enable BGP on ASBR-PE 2, and enable the capability to advertise labeled routes to IBGP peer 5.5.5.9 and to receive labeled routes from the peer.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0
[ASBR-PE2-bgp-default] address-family ipv4 unicast
[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 enable
[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 label-route-capability
# Apply routing policy policy2 to routes advertised to IBGP peer 5.5.5.9.
[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 route-policy policy2 export
# Redistribute routes from IS-IS process 1.
[ASBR-PE2-bgp-default-ipv4] import-route isis 1
[ASBR-PE2-bgp-default-ipv4] quit
# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.
[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp-default] address-family ipv4 unicast
[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable
[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export
# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.
[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability
[ASBR-PE2-bgp-default-ipv4] quit
[ASBR-PE2-bgp-default] quit
5. Configure PE 2:
# Enable IS-IS on PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE2-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls ldp
[PE2-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0
[PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0, and enable IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 11:11
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24
[PE2-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Enable the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer.
[PE2-bgp-default] peer 4.4.4.9 as-number 600
[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp-default] address-family ipv4 unicast
[PE2-bgp-default-ipv4] peer 4.4.4.9 enable
[PE2-bgp-default-ipv4] peer 4.4.4.9 label-route-capability
[PE2-bgp-default-ipv4] quit
# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.
[PE2-bgp-default] peer 2.2.2.9 as-number 100
[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10
# Configure peer 2.2.2.9 as a VPNv4 peer.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable
[PE2-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
6. Configure CE 2:
# Configure an IP address for Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24
[CE2-Ten-GigabitEthernet3/0/1] quit
# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 20.0.0.1 as-number 600
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.0.0.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# Execute the display ip routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
Configuration files
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0001.00
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 30.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
peer 5.5.5.9 as-number 600
peer 5.5.5.9 connect-interface LoopBack0
peer 5.5.5.9 ebgp-max-hop 10
#
address-family ipv4 unicast
peer 3.3.3.9 enable
peer 3.3.3.9 label-route-capability
#
address-family vpnv4
peer 5.5.5.9 enable
#
ip vpn-instance vpn1
peer 30.0.0.2 as-number 65001
#
address-family ipv4 unicast
peer 30.0.0.2 enable
#
return
· ASBR-PE 1:
#
sysname ASBR-PE1
#
isis 1
network-entity 10.0000.0000.0000.0002.00
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.2 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 11.0.0.1 as-number 600
#
address-family ipv4 unicast
import-route isis 1
peer 2.2.2.9 enable
peer 2.2.2.9 route-policy policy2 export
peer 2.2.2.9 label-route-capability
peer 11.0.0.1 enable
peer 11.0.0.1 route-policy policy1 export
peer 11.0.0.1 label-route-capability
#
route-policy policy1 permit node 1
apply mpls-label
#
route-policy policy2 permit node 1
if-match mpls-label
apply mpls-label
#
return
· ASBR-PE 2:
#
sysname ASBR-PE2
#
isis 1
network-entity 10.0000.0000.0000.0003.00
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.1 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 5.5.5.9 as-number 600
peer 5.5.5.9 connect-interface LoopBack0
peer 11.0.0.2 as-number 100
#
address-family ipv4 unicast
import-route isis 1
peer 5.5.5.9 enable
peer 5.5.5.9 route-policy policy2 export
peer 5.5.5.9 label-route-capability
peer 11.0.0.2 enable
peer 11.0.0.2 route-policy policy1 export
peer 11.0.0.2 label-route-capability
#
route-policy policy1 permit node 1
apply mpls-label
#
route-policy policy2 permit node 1
if-match mpls-label
apply mpls-label
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 5.5.5.9
#
mpls ldp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 20.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 2.2.2.9 ebgp-max-hop 10
peer 4.4.4.9 as-number 600
peer 4.4.4.9 connect-interface LoopBack0
#
address-family ipv4 unicast
peer 4.4.4.9 enable
peer 4.4.4.9 label-route-capability
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
peer 20.0.0.2 as-number 65002
#
address-family ipv4 unicast
peer 20.0.0.2 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 30.0.0.2 255.255.255.0
#
bgp 65001
peer 30.0.0.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 30.0.0.1 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 20.0.0.2 255.255.255.0
#
bgp 65002
peer 20.0.0.1 as-number 600
#
address-family ipv4 unicast
import-route direct
peer 20.0.0.1 enable
#
return
Example: Configuring MPLS L3VPN inter-AS option C (method 1) (exchanging labeled routes in BGP IPv4 labeled unicast address family)
Network configuration
Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.
PE 1 and ASBR-PE 1 establish a session in BGP IPv4 labeled unicast address family to exchange IPv4 labeled routes.
PE 2 and ASBR-PE 2 establish a session in BGP IPv4 labeled unicast address family to exchange IPv4 labeled routes.
PE 1 and PE 2 establish an MP-EBGP session to exchange VPNv4 routes.
ASBR-PE 1 and ASBR-PE 2 establish a session in BGP IPv4 labeled unicast address family to exchange IPv4 labeled routes.
Figure 7 Network diagram
Table 13 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 14 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
PE 1 |
Loop0 |
2.2.2.9/32 |
PE 2 |
Loop0 |
5.5.5.9/32 |
|
|
XGE3/0/1 |
30.0.0.1/24 |
|
XGE3/0/1 |
20.0.0.1/24 |
|
|
XGE3/0/5 |
1.1.1.2/8 |
|
XGE3/0/5 |
9.1.1.2/8 |
|
ASBR-PE 1 |
Loop0 |
3.3.3.9/32 |
ASBR-PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/5 |
1.1.1.1/8 |
|
XGE3/0/5 |
9.1.1.1/8 |
|
|
XGE3/0/4 |
11.0.0.2/8 |
|
XGE3/0/4 |
11.0.0.1/8 |
|
CE 1 |
XGE3/0/1 |
30.0.0.2/24 |
CE 2 |
XGE3/0/1 |
20.0.0.2/24 |
Procedure
1. Configure CE 1:
# Configure an IP address for Ten-GigabitEthernet3/0/1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24
[CE1-Ten-GigabitEthernet3/0/1] quit
# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 30.0.0.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 30.0.0.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Configure IS-IS on PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0001.00
[PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9
[PE1] mpls ldp
[PE1-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0
[PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0, and enable IS-IS on it.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 1.
[PE1] bgp 100
# Configure IBGP peer 3.3.3.9 as a BGP IPv4 labeled unicast peer.
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp-default] address-family ipv4 labeled-unicast
[PE1-bgp-default-labeled-ipv4] peer 3.3.3.9 enable
[PE1-bgp-default-labeled-ipv4] quit
# Redistribute BGP routes in BGP IPv4 labeled unicast address family to the BGP routing table of BGP IPv4 unicast address family, and add the redistributed BGP routes to the public network routing table.
[PE1-bgp-default] address-family ipv4 unicast
[PE1-bgp-default-ipv4] import-rib public labeled-unicast
[PE1-bgp-default-ipv4] quit
# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.
[PE1-bgp-default] peer 5.5.5.9 as-number 600
[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0
[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10
# Configure peer 5.5.5.9 as a VPNv4 peer.
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable
[PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
3. Configure ASBR-PE 1:
# Enable IS-IS on ASBR-PE 1.
<Sysname> system-view
[Sysname] sysname ASBR-PE1
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.0000.0000.0000.0002.00
[ASBR-PE1-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls ldp
[ASBR-PE1-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface ten-gigabitethernet 3/0/5
[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.
[ASBR-PE1] interface ten-gigabitethernet 3/0/4
[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit
# Configure Loopback 0, and enable IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit
# Enable BGP on ASBR-PE 1, and configure peers 2.2.2.9 and 11.0.0.1 as BGP IPv4 labeled unicast peers.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp-default] address-family ipv4 labeled-unicast
[ASBR-PE1-bgp-default-labeled-ipv4] peer 2.2.2.9 enable
[ASBR-PE1-bgp-default-labeled-ipv4] peer 11.0.0.1 enable
# Redistribute routes from IS-IS process 1 to BGP.
[ASBR-PE1-bgp-default-labeled-ipv4] import-route isis 1
[ASBR-PE1-bgp-default-labeled-ipv4] quit
[ASBR-PE1-bgp-default] quit
4. Configure ASBR-PE 2:
# Enable IS-IS on ASBR-PE 2.
<Sysname> system-view
[Sysname] sysname ASBR-PE2
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.0000.0000.0000.0003.00
[ASBR-PE2-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls ldp
[ASBR-PE2-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/5
[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/4
[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit
# Enable BGP on ASBR-PE 2, and configure peers 5.5.5.9 and 11.0.0.2 as BGP IPv4 labeled unicast peers.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0
[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp-default] address-family ipv4 labeled-unicast
[ASBR-PE2-bgp-default-labeled-ipv4] peer 5.5.5.9 enable
[ASBR-PE2-bgp-default-labeled-ipv4] peer 11.0.0.2 enable
# Redistribute routes from IS-IS process 1.
[ASBR-PE2-bgp-default-labeled-ipv4] import-route isis 1
[ASBR-PE2-bgp-default-labeled-ipv4] quit
[ASBR-PE2-bgp-default] quit
5. Configure PE 2:
# Enable IS-IS on PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE2-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls ldp
[PE2-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0
[PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0, and enable IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 11:11
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify the IP address for the interface.
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24
[PE2-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Configure IBGP peer 4.4.4.9 as BGP IPv4 labeled unicast peer.
[PE2-bgp-default] peer 4.4.4.9 as-number 600
[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp-default] address-family ipv4 labeled-unicast
[PE2-bgp-default-labeled-ipv4] peer 4.4.4.9 enable
[PE2-bgp-default-labeled-ipv4] quit
# Redistribute BGP routes in BGP IPv4 labeled unicast address family to the BGP routing table of BGP IPv4 unicast address family, and add the redistributed BGP routes to the public network routing table.
[PE2-bgp-default] address-family ipv4 unicast
[PE2-bgp-default-ipv4] import-rib public labeled-unicast
[PE2-bgp-default-ipv4] quit
# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.
[PE2-bgp-default] peer 2.2.2.9 as-number 100
[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10
# Configure peer 2.2.2.9 as a VPNv4 peer.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable
[PE2-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
6. Configure CE 2:
# Configure an IP address for Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24
[CE2-Ten-GigabitEthernet3/0/1] quit
# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 20.0.0.1 as-number 600
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.0.0.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# Execute the display ip routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0001.00
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 30.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
peer 5.5.5.9 as-number 600
peer 5.5.5.9 connect-interface LoopBack0
peer 5.5.5.9 ebgp-max-hop 10
#
address-family ipv4 unicast
import-rib public labeled-unicast
#
address-family ipv4 labeled-unicast
peer 3.3.3.9 enable
#
address-family vpnv4
peer 5.5.5.9 enable
#
ip vpn-instance vpn1
peer 30.0.0.2 as-number 65001
#
address-family ipv4 unicast
peer 30.0.0.2 enable
#
return
· ASBR-PE 1:
#
sysname ASBR-PE1
#
isis 1
network-entity 10.0000.0000.0000.0002.00
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.2 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 11.0.0.1 as-number 600
#
address-family ipv4 labeled-unicast
import-route isis 1
peer 2.2.2.9 enable
peer 11.0.0.1 enable
#
return
· ASBR-PE 2:
#
sysname ASBR-PE2
#
isis 1
network-entity 10.0000.0000.0000.0003.00
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.1 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 5.5.5.9 as-number 600
peer 5.5.5.9 connect-interface LoopBack0
peer 11.0.0.2 as-number 100
#
address-family ipv4 labeled-unicast
import-route isis 1
peer 5.5.5.9 enable
peer 11.0.0.2 enable
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 5.5.5.9
#
mpls ldp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 20.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 2.2.2.9 ebgp-max-hop 10
peer 4.4.4.9 as-number 600
peer 4.4.4.9 connect-interface LoopBack0
#
address-family ipv4 unicast
import-rib public labeled-unicast
#
address-family ipv4 labeled-unicast
peer 4.4.4.9 enable
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
peer 20.0.0.2 as-number 65002
#
address-family ipv4 unicast
peer 20.0.0.2 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 30.0.0.2 255.255.255.0
#
bgp 65001
peer 30.0.0.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 30.0.0.1 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 20.0.0.2 255.255.255.0
#
bgp 65002
peer 20.0.0.1 as-number 600
#
address-family ipv4 unicast
import-route direct
peer 20.0.0.1 enable
#
return
Example: Configuring MPLS L3VPN inter-AS option C (method 2) (exchanging labeled routes in BGP IPv4 unicast address family)
Network configuration
Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.
PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.
ASBR-PE 1 and ASBR-PE 2 label the routes received from each other, use EBGP to exchange labeled IPv4 routes, and redistribute IGP and BGP routes from each other.
Figure 8 Network diagram
Table 15 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 16 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
PE 1 |
Loop0 |
2.2.2.9/32 |
PE 2 |
Loop0 |
5.5.5.9/32 |
|
|
XGE3/0/1 |
30.0.0.1/24 |
|
XGE3/0/1 |
20.0.0.1/24 |
|
|
XGE3/0/5 |
1.1.1.2/8 |
|
XGE3/0/5 |
9.1.1.2/8 |
|
ASBR-PE 1 |
Loop0 |
3.3.3.9/32 |
ASBR-PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/5 |
1.1.1.1/8 |
|
XGE3/0/5 |
9.1.1.1/8 |
|
|
XGE3/0/4 |
11.0.0.2/8 |
|
XGE3/0/4 |
11.0.0.1/8 |
|
CE 1 |
XGE3/0/1 |
30.0.0.2/24 |
CE 2 |
XGE3/0/1 |
20.0.0.2/24 |
Procedure
1. Configure CE 1:
# Configure an IP address for Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24
[CE1-Ten-GigabitEthernet3/0/1] quit
# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 30.0.0.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 30.0.0.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Configure IS-IS on PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0001.00
[PE1-isis-1] quit
# Configure an LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9
[PE1] mpls ldp
[PE1-ldp] quit
# Enable IS-IS, MPLS, and LDP on interface Ten-GigabitEthernet 3/0/5.
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0
[PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] quit
# Enable IS-IS on interface Loopback 0.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IP address for the interface.
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 1.
[PE1] bgp 100
# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.
[PE1-bgp-default] peer 5.5.5.9 as-number 600
[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0
[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10
# Configure peer 5.5.5.9 as a VPNv4 peer.
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable
[PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
3. Configure ASBR-PE1:
# Enable IS-IS on ASBR-PE 1.
<Sysname> system-view
[Sysname] sysname ASBR-PE1
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.0000.0000.0000.0002.00
# Redistribute BGP routes.
[ASBR-PE1-isis-1] address-family ipv4 unicast
[ASBR-PE1-isis-1-ipv4] import-route bgp
[ASBR-PE1-isis-1-ipv4] quit
[ASBR-PE1-isis-1] quit
# Configure an LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls ldp
[ASBR-PE1-ldp] quit
# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface ten-gigabitethernet 3/0/5
[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.
[ASBR-PE1] interface ten-gigabitethernet 3/0/4
[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit
# Create routing policy policy1.
[ASBR-PE1] route-policy policy1 permit node 1
[ASBR-PE1-route-policy-policy1-1] apply mpls-label
[ASBR-PE1-route-policy-policy1-1] quit
# Enable BGP on ASBR-PE 1, and redistribute routes from IS-IS process 1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] address-family ipv4 unicast
[ASBR-PE1-bgp-default-ipv4] import-route isis 1
[ASBR-PE1-bgp-default-ipv4] quit
# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.
[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp-default] address-family ipv4 unicast
[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable
[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export
# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive labeled routes from the peer.
[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability
[ASBR-PE1-bgp-default-ipv4] quit
[ASBR-PE1-bgp-default] quit
4. Configure ASBR-PE 2:
# Enable IS-IS on ASBR-PE 2.
<Sysname> system-view
[Sysname] sysname ASBR-PE2
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.0000.0000.0000.0003.00
# Redistribute BGP routes.
[ASBR-PE2-isis-1] address-family ipv4 unicast
[ASBR-PE2-isis-1-ipv4] import-route bgp
[ASBR-PE2-isis-1-ipv4] quit
[ASBR-PE2-isis-1] quit
# Configure an LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls ldp
[ASBR-PE2-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/5
[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/4
[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit
# Create routing policy policy1.
[ASBR-PE2] route-policy policy1 permit node 1
[ASBR-PE2-route-policy-policy1-1] apply mpls-label
[ASBR-PE2-route-policy-policy1-1] quit
# Enable BGP on ASBR-PE 2, and redistribute routes from IS-IS process 1.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] address-family ipv4 unicast
[ASBR-PE2-bgp-default-ipv4] import-route isis 1
[ASBR-PE2-bgp-default-ipv4] quit
# Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.
[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp-default] address-family ipv4 unicast
[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable
[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export
# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.
[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability
[ASBR-PE2-bgp-default-ipv4] quit
[ASBR-PE2-bgp-default] quit
5. Configure PE 2:
# Enable IS-IS on PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE2-isis-1] quit
# Configure an LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls ldp
[PE2-ldp] quit
# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0
[PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/5] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 11:11
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IP address for the interface.
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24
[PE2-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.
[PE2-bgp-default] peer 2.2.2.9 as-number 100
[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10
# Configure peer 2.2.2.9 as a VPNv4 peer.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable
[PE2-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
6. Configure CE 2:
# Configure an IP address for interface Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24
[CE2-Ten-GigabitEthernet3/0/1] quit
# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 20.0.0.1 as-number 600
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.0.0.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# Execute the display ip routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0001.00
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 30.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 5.5.5.9 as-number 600
peer 5.5.5.9 connect-interface LoopBack0
peer 5.5.5.9 ebgp-max-hop 10
#
address-family vpnv4
peer 5.5.5.9 enable
#
ip vpn-instance vpn1
peer 30.0.0.2 as-number 65001
#
address-family ipv4 unicast
peer 30.0.0.2 enable
#
return
· ASBR-PE 1:
#
sysname ASBR-PE1
#
isis 1
network-entity 10.0000.0000.0000.0002.00
#
address-family ipv4 unicast
import-route bgp
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.2 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 11.0.0.1 as-number 600
#
address-family ipv4 unicast
import-route isis 1
peer 11.0.0.1 enable
peer 11.0.0.1 route-policy policy1 export
peer 11.0.0.1 label-route-capability
#
route-policy policy1 permit node 1
apply mpls-label
#
return
· ASBR-PE 2:
#
sysname ASBR-PE2
#
isis 1
network-entity 10.0000.0000.0000.0003.00
#
address-family ipv4 unicast
import-route bgp
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.1 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 11.0.0.2 as-number 100
#
address-family ipv4 unicast
import-route isis 1
peer 11.0.0.2 enable
peer 11.0.0.2 route-policy policy1 export
peer 11.0.0.2 label-route-capability
#
route-policy policy1 permit node 1
apply mpls-label
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 5.5.5.9
#
mpls ldp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 20.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 2.2.2.9 ebgp-max-hop 10
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
peer 20.0.0.2 as-number 65002
#
address-family ipv4 unicast
peer 20.0.0.2 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 30.0.0.2 255.255.255.0
#
bgp 65001
peer 30.0.0.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 30.0.0.1 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 20.0.0.2 255.255.255.0
#
bgp 65002
peer 20.0.0.1 as-number 600
#
address-family ipv4 unicast
import-route direct
peer 20.0.0.1 enable
#
return
Example: Configuring MPLS L3VPN inter-AS option C (method 2) (exchanging labeled routes in BGP IPv4 labeled unicast address family)
Network configuration
Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.
PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.
ASBR-PE 1 and ASBR-PE 2 exchange labeled IPv4 routes through a session in the BGP IPv4 labeled unicast address family, and redistribute IGP and BGP routes from each other.
Figure 9 Network diagram
Table 17 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 18 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
PE 1 |
Loop0 |
2.2.2.9/32 |
PE 2 |
Loop0 |
5.5.5.9/32 |
|
|
XGE3/0/1 |
30.0.0.1/24 |
|
XGE3/0/1 |
20.0.0.1/24 |
|
|
XGE3/0/5 |
1.1.1.2/8 |
|
XGE3/0/5 |
9.1.1.2/8 |
|
ASBR-PE 1 |
Loop0 |
3.3.3.9/32 |
ASBR-PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/5 |
1.1.1.1/8 |
|
XGE3/0/5 |
9.1.1.1/8 |
|
|
XGE3/0/4 |
11.0.0.2/8 |
|
XGE3/0/4 |
11.0.0.1/8 |
|
CE 1 |
XGE3/0/1 |
30.0.0.2/24 |
CE 2 |
XGE3/0/1 |
20.0.0.2/24 |
Procedure
1. Configure CE 1:
# Configure an IP address for Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.2 24
[CE1-Ten-GigabitEthernet3/0/1] quit
# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.
[CE1] bgp 65001
[CE1-bgp-default] peer 30.0.0.1 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 30.0.0.1 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
2. Configure PE 1:
# Configure IS-IS on PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0001.00
[PE1-isis-1] quit
# Configure an LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9
[PE1] mpls ldp
[PE1-ldp] quit
# Enable IS-IS, MPLS, and LDP on interface Ten-GigabitEthernet 3/0/5.
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 255.0.0.0
[PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] quit
# Enable IS-IS on interface Loopback 0.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IP address for the interface.
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 30.0.0.1 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 1.
[PE1] bgp 100
# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.
[PE1-bgp-default] peer 5.5.5.9 as-number 600
[PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0
[PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10
# Configure peer 5.5.5.9 as a VPNv4 peer.
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 5.5.5.9 enable
[PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
3. Configure ASBR-PE 1:
# Enable IS-IS on ASBR-PE 1.
<Sysname> system-view
[Sysname] sysname ASBR-PE1
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.0000.0000.0000.0002.00
# Redistribute BGP routes.
[ASBR-PE1-isis-1] address-family ipv4 unicast
[ASBR-PE1-isis-1-ipv4] import-route bgp
[ASBR-PE1-isis-1-ipv4] quit
[ASBR-PE1-isis-1] quit
# Configure an LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls ldp
[ASBR-PE1-ldp] quit
# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface ten-gigabitethernet 3/0/5
[ASBR-PE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE1-Ten-GigabitEthernet3/0/5] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on it.
[ASBR-PE1] interface ten-gigabitethernet 3/0/4
[ASBR-PE1-Ten-GigabitEthernet3/0/4] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE1-Ten-GigabitEthernet3/0/4] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit
# Enable BGP on ASBR-PE 1, and configure EBGP peer 11.0.0.1 as a BGP IPv4 labeled unicast peer.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp-default] address-family ipv4 labeled-unicast
[ASBR-PE1-bgp-default-labeled-ipv4] peer 11.0.0.1 enable
# Redistribute routes from IS-IS process 1 to BGP.
[ASBR-PE1-bgp-default-labeled-ipv4] import-route isis 1
[ASBR-PE1-bgp-default-labeled-ipv4] quit
# Redistributes BGP IPv4 labeled unicast routes in the public network instance to the BGP routing table of the BGP IPv4 unicast address family.
[ASBR-PE1-bgp-default] address-family ipv4 unicast
[ASBR-PE1-bgp-default-ipv4] import-rib public labeled-unicast
[ASBR-PE1-bgp-default-ipv4] quit
[ASBR-PE1-bgp-default] quit
4. Configure ASBR-PE 2:
# Enable IS-IS on ASBR-PE 2.
<Sysname> system-view
[Sysname] sysname ASBR-PE2
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.0000.0000.0000.0003.00
# Redistribute BGP routes.
[ASBR-PE2-isis-1] address-family ipv4 unicast
[ASBR-PE2-isis-1-ipv4] import-route bgp
[ASBR-PE2-isis-1-ipv4] quit
[ASBR-PE2-isis-1] quit
# Configure an LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls ldp
[ASBR-PE2-ldp] quit
# Configure Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/5
[ASBR-PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[ASBR-PE2-Ten-GigabitEthernet3/0/5] quit
# Configure Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit
# Configure Ten-GigabitEthernet 3/0/4, and enable MPLS on the interface.
[ASBR-PE2] interface ten-gigabitethernet 3/0/4
[ASBR-PE2-Ten-GigabitEthernet3/0/4] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-Ten-GigabitEthernet3/0/4] mpls enable
[ASBR-PE2-Ten-GigabitEthernet3/0/4] quit
# Enable BGP on ASBR-PE 2, and configure EBGP peer 11.0.0.2 as a BGP IPv4 labeled unicast peer.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp-default] address-family ipv4 labeled-unicast
[ASBR-PE2-bgp-default-labeled-ipv4] peer 11.0.0.2 enable
# Redistribute routes from IS-IS process 1 to BGP.
[ASBR-PE2-bgp-default-labeled-ipv4] import-route isis 1
[ASBR-PE2-bgp-default-labeled-ipv4] quit
# Redistributes BGP IPv4 labeled unicast routes in the public network instance to the BGP routing table of the BGP IPv4 unicast address family.
[ASBR-PE2-bgp-default] address-family ipv4 unicast
[ASBR-PE2-bgp-default-ipv4] import-rib public labeled-unicast
[ASBR-PE2-bgp-default-ipv4] quit
[ASBR-PE2-bgp-default] quit
5. Configure PE 2:
# Enable IS-IS on PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] isis 1
[PE2-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE2-isis-1] quit
# Configure an LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls ldp
[PE2-ldp] quit
# Configure interface Ten-GigabitEthernet 3/0/5, and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip address 9.1.1.2 255.0.0.0
[PE2-Ten-GigabitEthernet3/0/5] isis enable 1
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/5] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 11:11
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Associate interface Ten-GigabitEthernet 3/0/1 with VPN instance vpn1, and specify an IP address for the interface.
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.1 24
[PE2-Ten-GigabitEthernet3/0/1] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.
[PE2-bgp-default] peer 2.2.2.9 as-number 100
[PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10
# Configure peer 2.2.2.9 as a VPNv4 peer.
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 2.2.2.9 enable
[PE2-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
6. Configure CE 2:
# Configure an IP address for interface Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 20.0.0.2 24
[CE2-Ten-GigabitEthernet3/0/1] quit
# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.
[CE2] bgp 65002
[CE2-bgp-default] peer 20.0.0.1 as-number 600
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 20.0.0.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
Verifying the configuration
# Execute the display ip routing-table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0001.00
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 30.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 5.5.5.9 as-number 600
peer 5.5.5.9 connect-interface LoopBack0
peer 5.5.5.9 ebgp-max-hop 10
#
address-family vpnv4
peer 5.5.5.9 enable
#
ip vpn-instance vpn1
peer 30.0.0.2 as-number 65001
#
address-family ipv4 unicast
peer 30.0.0.2 enable
#
return
· ASBR-PE 1:
#
sysname ASBR-PE1
#
isis 1
network-entity 10.0000.0000.0000.0002.00
#
address-family ipv4 unicast
import-route bgp
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.2 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 100
peer 11.0.0.1 as-number 600
#
address-family ipv4 unicast
import-rib public labeled-unicast
#
address-family ipv4 labeled-unicast
import-route isis 1
peer 11.0.0.1 enable
#
return
· ASBR-PE 2:
#
sysname ASBR-PE2
#
isis 1
network-entity 10.0000.0000.0000.0003.00
#
address-family ipv4 unicast
import-route bgp
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 11.0.0.1 255.0.0.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.1 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 11.0.0.2 as-number 100
#
address-family ipv4 unicast
import-rib public labeled-unicast
#
address-family ipv4 labeled-unicast
import-route isis 1
peer 11.0.0.2 enable
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 11:11
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 3:3 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 5.5.5.9
#
mpls ldp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 20.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 9.1.1.2 255.0.0.0
isis enable 1
mpls enable
mpls ldp enable
#
bgp 600
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 2.2.2.9 ebgp-max-hop 10
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
peer 20.0.0.2 as-number 65002
#
address-family ipv4 unicast
peer 20.0.0.2 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 30.0.0.2 255.255.255.0
#
bgp 65001
peer 30.0.0.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 30.0.0.1 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 20.0.0.2 255.255.255.0
#
bgp 65002
peer 20.0.0.1 as-number 600
#
address-family ipv4 unicast
import-route direct
peer 20.0.0.1 enable
#
return
Example: Configuring MPLS L3VPN carrier's carrier in the same AS
Network configuration
Configure carrier's carrier for the scenario shown in Figure 10. In this scenario:
· PE 1 and PE 2 are the provider carrier's PE routers. They provide VPN services for the customer carrier.
· CE 1 and CE 2 are the customer carrier's routers. They are connected to the provider carrier's backbone as CE routers.
· PE 3 and PE 4 are the customer carrier's PE routers. They provide MPLS L3VPN services for the end customers.
· CE 3 and CE 4 are customers of the customer carrier.
· The customer carrier and the provider carrier reside in the same AS.
The key to carrier's carrier deployment is to configure exchange of two kinds of routes:
· Exchange of the customer carrier's internal routes on the provider carrier's backbone.
· Exchange of the end customers' VPN routes between PE 3 and PE 4, the PEs of the customer carrier. In this process, an MP-IBGP peer relationship must be established between PE 3 and PE 4.
Table 19 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 20 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
CE 3 |
XGE3/0/1 |
100.1.1.1/24 |
CE 4 |
XGE3/0/1 |
120.1.1.1/24 |
|
PE 3 |
Loop0 |
1.1.1.9/32 |
PE 4 |
Loop0 |
6.6.6.9/32 |
|
|
XGE3/0/1 |
100.1.1.2/24 |
|
XGE3/0/1 |
120.1.1.2/24 |
|
|
XGE3/0/5 |
10.1.1.1/24 |
|
XGE3/0/5 |
20.1.1.2/24 |
|
CE 1 |
Loop0 |
2.2.2.9/32 |
CE 2 |
Loop0 |
5.5.5.9/32 |
|
|
XGE3/0/4 |
10.1.1.2/24 |
|
XGE3/0/4 |
21.1.1.2/24 |
|
|
XGE3/0/5 |
11.1.1.1/24 |
|
XGE3/0/5 |
20.1.1.1/24 |
|
PE 1 |
Loop0 |
3.3.3.9/32 |
PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/4 |
11.1.1.2/24 |
|
XGE3/0/4 |
30.1.1.2/24 |
|
|
XGE3/0/5 |
30.1.1.1/24 |
|
XGE3/0/5 |
21.1.1.1/24 |
Procedure
1. Configure MPLS L3VPN on the provider carrier backbone. Enable IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs:
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 3.3.3.9 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 3.3.3.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE1-isis-1] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[PE1-Ten-GigabitEthernet3/0/5] quit
[PE1] bgp 100
[PE1-bgp-default] peer 4.4.4.9 as-number 100
[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 4.4.4.9 32
[PE2-LoopBack0] quit
[PE2] mpls lsr-id 4.4.4.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] isis 1
[PE2-isis-1] network-entity 10.0000.0000.0000.0005.00
[PE2-isis-1] quit
[PE2] interface loopback 0
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] ip address 30.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/4] isis enable 1
[PE2-Ten-GigabitEthernet3/0/4] mpls enable
[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface
[PE2-Ten-GigabitEthernet3/0/4] quit
[PE2] bgp 100
[PE2-bgp-default] peer 3.3.3.9 as-number 100
[PE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# On PE 1 or PE 2, execute the following commands:
¡ Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.)
¡ Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. (Details not shown.)
¡ Execute the display isis peer command to verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. (Details not shown.)
2. Configure the customer carrier network. Enable IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:
# Configure PE 3.
<Sysname> system-view
[Sysname] sysname PE3
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 1.1.1.9 32
[PE3-LoopBack0] quit
[PE3] mpls lsr-id 1.1.1.9
[PE3] mpls ldp
[PE3-ldp] quit
[PE3] isis 2
[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00
[PE3-isis-2] quit
[PE3] interface loopback 0
[PE3-LoopBack0] isis enable 2
[PE3-LoopBack0] quit
[PE3] interface ten-gigabitethernet 3/0/5
[PE3-Ten-GigabitEthernet3/0/5] ip address 10.1.1.1 24
[PE3-Ten-GigabitEthernet3/0/5] isis enable 2
[PE3-Ten-GigabitEthernet3/0/5] mpls enable
[PE3-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE3-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[PE3-Ten-GigabitEthernet3/0/5] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 2.2.2.9 32
[CE1-LoopBack0] quit
[CE1] mpls lsr-id 2.2.2.9
[CE1] mpls ldp
[CE1-ldp] quit
[CE1] isis 2
[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00
[CE1-isis-2] quit
[CE1] interface loopback 0
[CE1-LoopBack0] isis enable 2
[CE1-LoopBack0] quit
[CE1] interface ten-gigabitethernet 3/0/4
[CE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.2 24
[CE1-Ten-GigabitEthernet3/0/4] isis enable 2
[CE1-Ten-GigabitEthernet3/0/4] mpls enable
[CE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[CE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface
[CE1-Ten-GigabitEthernet3/0/4] quit
# Configure PE 4.
<Sysname> system-view
[Sysname] sysname PE4
[PE4] interface loopback 0
[PE4-LoopBack0] ip address 6.6.6.9 32
[PE4-LoopBack0] quit
[PE4] mpls lsr-id 6.6.6.9
[PE4] mpls ldp
[PE4-ldp] quit
[PE4] isis 2
[PE4-isis-2] network-entity 10.0000.0000.0000.0003.00
[PE4-isis-2] quit
[PE4] interface loopback 0
[PE4-LoopBack0] isis enable 2
[PE4-LoopBack0] quit
[PE4] interface ten-gigabitethernet 3/0/5
[PE4-Ten-GigabitEthernet3/0/5] ip address 20.1.1.2 24
[PE4-Ten-GigabitEthernet3/0/5] isis enable 2
[PE4-Ten-GigabitEthernet3/0/5] mpls enable
[PE4-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE4-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[PE4-Ten-GigabitEthernet3/0/5] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 5.5.5.9 32
[CE2-LoopBack0] quit
[CE2] mpls lsr-id 5.5.5.9
[CE2] mpls ldp
[CE2-ldp] quit
[CE2] isis 2
[CE2-isis-2] network-entity 10.0000.0000.0000.0004.00
[CE2-isis-2] quit
[CE2] interface loopback 0
[CE2-LoopBack0] isis enable 2
[CE2-LoopBack0] quit
[CE2] interface ten-gigabitethernet 3/0/5
[CE2-Ten-GigabitEthernet3/0/5] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/5] isis enable 2
[CE2-Ten-GigabitEthernet3/0/5] mpls enable
[CE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[CE2-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[CE2-Ten-GigabitEthernet3/0/5] quit
# Verify that an LDP session and IS-IS neighbor relationship can be established between PE 3 and CE 1 and between PE 4 and CE 2. (Details not shown.)
3. Allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 200:1
[PE1-vpn-instance-vpn1] vpn-target 1:1
[PE1-vpn-instance-vpn1] quit
[PE1] mpls ldp
[PE1-ldp] vpn-instance vpn1
[PE1-ldp-vpn-instance-vpn1] quit
[PE1-ldp] quit
[PE1] isis 2 vpn-instance vpn1
[PE1-isis-2] network-entity 10.0000.0000.0000.0003.00
[PE1-isis-2] address-family ipv4
[PE1-isis-2-ipv4] import-route bgp
[PE1-isis-2-ipv4] quit
[PE1-isis-2] quit
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/4] ip address 11.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/4] isis enable 2
[PE1-Ten-GigabitEthernet3/0/4] mpls enable
[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface
[PE1-Ten-GigabitEthernet3/0/4] quit
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] import-route isis 2
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure CE 1.
[CE1] interface ten-gigabitethernet 3/0/5
[CE1-Ten-GigabitEthernet3/0/5] ip address 11.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/5] isis enable 2
[CE1-Ten-GigabitEthernet3/0/5] mpls enable
[CE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[CE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[CE1-Ten-GigabitEthernet3/0/5] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:2
[PE2-vpn-instance-vpn1] vpn-target 1:1
[PE2-vpn-instance-vpn1] quit
[PE2] mpls ldp
[PE2-ldp] vpn-instance vpn1
[PE2-ldp-vpn-instance-vpn1] quit
[PE2-ldp] quit
[PE2] isis 2 vpn-instance vpn1
[PE2-isis-2] network-entity 10.0000.0000.0000.0006.00
[PE2-isis-2] address-family ipv4
[PE2-isis-2-ipv4] import-route bgp
[PE2-isis-2-ipv4] quit
[PE2-isis-2] quit
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/5] ip address 21.1.1.1 24
[PE2-Ten-GigabitEthernet3/0/5] isis enable 2
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[PE2-Ten-GigabitEthernet3/0/5] quit
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] import-route isis 2
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Configure CE 2.
[CE2] interface ten-gigabitethernet 3/0/4
[CE2-Ten-GigabitEthernet3/0/4] ip address 21.1.1.2 24
[CE2-Ten-GigabitEthernet3/0/4] isis enable 2
[CE2-Ten-GigabitEthernet3/0/4] mpls enable
[CE2-Ten-GigabitEthernet3/0/4] mpls ldp enable
[CE2-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface
[CE2-Ten-GigabitEthernet3/0/4] quit
# Verify that an LDP session and IS-IS neighbor relationship can be established between PE 1 and CE 1 and between PE 2 and CE 2. (Details not shown.)
4. Connect CEs of the end customers and the PEs of the customer carrier:
# Configure CE 3.
<Sysname> system-view
[Sysname] sysname CE3
[CE3] interface ten-gigabitethernet 3/0/1
[CE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24
[CE3-Ten-GigabitEthernet3/0/1] quit
[CE3] bgp 65410
[CE3-bgp-default] peer 100.1.1.2 as-number 100
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 100.1.1.2 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
# Configure PE 3.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:1
[PE3-vpn-instance-vpn1] vpn-target 1:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface ten-gigabitethernet 3/0/1
[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24
[PE3-Ten-GigabitEthernet3/0/1] quit
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 100.1.1.1 as-number 65410
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 100.1.1.1 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Configure CE 4.
<Sysname> system-view
[Sysname] sysname CE4
[CE4] interface ten-gigabitethernet 3/0/1
[CE4-Ten-GigabitEthernet3/0/1] ip address 120.1.1.1 24
[CE4-Ten-GigabitEthernet3/0/1] quit
[CE4] bgp 65420
[CE4-bgp-default] peer 120.1.1.2 as-number 100
[CE4-bgp-default] address-family ipv4 unicast
[CE4-bgp-default-ipv4] peer 120.1.1.2 enable
[CE4-bgp-default-ipv4] import-route direct
[CE4-bgp-default-ipv4] quit
[CE4-bgp-default] quit
# Configure PE 4.
[PE4] ip vpn-instance vpn1
[PE4-vpn-instance-vpn1] route-distinguisher 100:2
[PE4-vpn-instance-vpn1] vpn-target 1:1
[PE4-vpn-instance-vpn1] quit
[PE4] interface ten-gigabitethernet 3/0/1
[PE4-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE4-Ten-GigabitEthernet3/0/1] ip address 120.1.1.2 24
[PE4-Ten-GigabitEthernet3/0/1] quit
[PE4] bgp 100
[PE4-bgp-default] ip vpn-instance vpn1
[PE4-bgp-default-vpn1] peer 120.1.1.1 as-number 65420
[PE4-bgp-default-vpn1] address-family ipv4 unicast
[PE4-bgp-default-ipv4-vpn1] peer 120.1.1.1 enable
[PE4-bgp-default-ipv4-vpn1] quit
[PE4-bgp-default-vpn1] quit
[PE4-bgp-default] quit
5. Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers:
# Configure PE 3.
[PE3] bgp 100
[PE3-bgp-default] peer 6.6.6.9 as-number 100
[PE3-bgp-default] peer 6.6.6.9 connect-interface loopback 0
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 6.6.6.9 enable
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] quit
# Configure PE 4.
[PE4] bgp 100
[PE4-bgp-default] peer 1.1.1.9 as-number 100
[PE4-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE4-bgp-default] address-family vpnv4
[PE4-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE4-bgp-default-vpnv4] quit
[PE4-bgp-default] quit
Verifying the configuration
1. Display the public network routing table and VPN routing table on the provider carrier PEs, for example, on PE 1:
# Verify that the public network routing table contains only routes of the provider carrier network.
[PE1] display ip routing-table
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
3.3.3.9/32 Direct 0 0 127.0.0.1 Loop0
4.4.4.9/32 IS_L1 15 10 30.1.1.2 GE1/0/5
30.1.1.0/24 Direct 0 0 30.1.1.1 GE1/0/5
30.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/5
30.1.1.255/32 Direct 0 0 30.1.1.1 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that the VPN routing table contains the internal routes of the customer carrier, but it does not contain the VPN routes that the customer carrier maintains.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 IS_L1 15 20 11.1.1.1 GE1/0/4
2.2.2.9/32 IS_L1 15 10 11.1.1.1 GE1/0/4
5.5.5.9/32 BGP 255 10 4.4.4.9 GE1/0/5
6.6.6.9/32 BGP 255 20 4.4.4.9 GE1/0/5
10.1.1.0/24 IS_L1 15 20 11.1.1.1 GE1/0/4
11.1.1.0/24 Direct 0 0 11.1.1.2 GE1/0/4
11.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/4
11.1.1.255/32 Direct 0 0 11.1.1.2 GE1/0/4
20.1.1.0/24 BGP 255 20 4.4.4.9 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
2. Display the routing table on the customer carrier CEs, for example, on CE 1:
# Verify that the routing table contains the internal routes of the customer carrier network, but it does not contain the VPN routes that the customer carrier maintains.
[CE1] display ip routing-table
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 IS_L1 15 10 10.1.1.1 GE1/0/4
2.2.2.9/32 Direct 0 0 127.0.0.1 Loop0
5.5.5.9/32 IS_L2 15 74 11.1.1.2 GE1/0/5
6.6.6.9/32 IS_L2 15 74 11.1.1.2 GE1/0/5
10.1.1.0/24 Direct 0 0 10.1.1.2 GE1/0/4
10.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/4
10.1.1.255/32 Direct 0 0 10.1.1.2 GE1/0/4
11.1.1.0/24 Direct 0 0 11.1.1.1 GE1/0/5
11.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/5
11.1.1.255/32 Direct 0 0 11.1.1.1 GE1/0/5
20.1.1.0/24 IS_L2 15 74 11.1.1.2 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
3. Display the public network routing table and VPN routing table on the customer carrier PEs, for example, on PE 3:
# Verify that the public network routing table contains the internal routes of the customer carrier network.
[PE3] display ip routing-table
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 Direct 0 0 127.0.0.1 Loop0
2.2.2.9/32 IS_L1 15 10 10.1.1.2 GE1/0/5
5.5.5.9/32 IS_L2 15 84 10.1.1.2 GE1/0/5
6.6.6.9/32 IS_L2 15 84 10.1.1.2 GE1/0/5
10.1.1.0/24 Direct 0 0 10.1.1.1 GE1/0/5
10.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/5
10.1.1.255/32 Direct 0 0 10.1.1.1 GE1/0/5
11.1.1.0/24 IS_L1 15 20 10.1.1.2 GE1/0/5
20.1.1.0/24 IS_L2 15 84 10.1.1.2 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that the VPN routing table contains the route to the remote VPN customer.
[PE3] display ip routing-table vpn-instance vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 Direct 0 0 100.1.1.2 GE1/0/1
100.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/1
100.1.1.255/32 Direct 0 0 100.1.1.2 GE1/0/1
120.1.1.0/24 BGP 255 0 6.6.6.9 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
4. Verify that PE 3 and PE 4 can ping each other. (Details not shown.)
5. Verify that CE 3 and CE 4 can ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0004.00
#
isis 2 vpn-instance vpn1
network-entity 10.0000.0000.0000.0003.00
#
address-family ipv4 unicast
import-route bgp
#
mpls lsr-id 3.3.3.9
#
mpls ldp
vpn-instance vpn1
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip binding vpn-instance vpn1
ip address 11.1.1.2 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
interface Ten-GigabitEthernet3/0/5
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 100
peer 4.4.4.9 as-number 100
peer 4.4.4.9 connect-interface LoopBack0
#
address-family vpnv4
peer 4.4.4.9 enable
#
ip vpn-instance vpn1
#
address-family ipv4 unicast
import-route isis 2
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0005.00
#
isis 2 vpn-instance vpn1
network-entity 10.0000.0000.0000.0006.00
#
address-family ipv4 unicast
import-route bgp
#
mpls lsr-id 4.4.4.9
#
mpls ldp
vpn-instance vpn1
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
interface Ten-GigabitEthernet3/0/5
ip binding vpn-instance vpn1
ip address 21.1.1.1 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
#
address-family ipv4 unicast
import-route isis 2
#
return
· CE 1:
#
sysname CE1
#
isis 2
network-entity 10.0000.0000.0000.0002.00
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/4
ip address 10.1.1.2 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
interface Ten-GigabitEthernet3/0/5
ip address 11.1.1.1 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
return
· CE 2:
#
sysname CE2
#
isis 2
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 5.5.5.9
#
mpls ldp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/4
ip address 21.1.1.2 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
interface Ten-GigabitEthernet3/0/5
ip address 20.1.1.1 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
return
· PE 3:
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 2
network-entity 10.0000.0000.0000.0001.00
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 100.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 10.1.1.1 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 100
peer 6.6.6.9 as-number 100
peer 6.6.6.9 connect-interface LoopBack0
#
address-family vpnv4
peer 6.6.6.9 enable
#
ip vpn-instance vpn1
peer 100.1.1.1 as-number 65410
#
address-family ipv4 unicast
peer 100.1.1.1 enable
#
return
· PE 4:
#
sysname PE4
#
ip vpn-instance vpn1
route-distinguisher 100:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 2
network-entity 10.0000.0000.0000.0003.00
#
mpls lsr-id 6.6.6.9
#
mpls ldp
#
interface LoopBack0
ip address 6.6.6.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 120.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 20.1.1.2 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
peer 120.1.1.1 as-number 65420
#
address-family ipv4 unicast
peer 120.1.1.1 enable
#
return
· CE 3:
#
sysname CE3
#
interface Ten-GigabitEthernet3/0/1
ip address 100.1.1.1 255.255.255.0
#
bgp 65410
peer 100.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 100.1.1.2 enable
#
return
· CE 4:
#
sysname CE4
#
interface Ten-GigabitEthernet3/0/1
ip address 120.1.1.1 255.255.255.0
#
bgp 65420
peer 120.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 120.1.1.2 enable
#
return
Example: Configuring MPLS L3VPN carrier's carrier in different ASs (exchanging labeled routes in BGP IPv4 unicast address family)
Network configuration
Configure carrier's carrier for the scenario shown in Figure 11. In this scenario:
· PE 1 and PE 2 are the provider carrier's PE routers. They provide VPN services for the customer carrier.
· CE 1 and CE 2 are the customer carrier's routers. They are connected to the provider carrier's backbone as CE routers.
· PE 3 and PE 4 are the customer carrier's PE routers. They provide MPLS L3VPN services for the end customers.
· CE 3 and CE 4 are customers of the customer carrier.
· The customer carrier and the provider carrier reside in different ASs.
The key to carrier's carrier deployment is to configure exchange of two kinds of routes:
· Exchange of the customer carrier's internal routes on the provider carrier's backbone.
· Exchange of the end customers' VPN routes between PE 3 and PE 4, the PEs of the customer carrier. In this process, an MP-EBGP peer relationship must be established between PE 3 and PE 4.
Table 21 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 22 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 3 |
XGE3/0/1 |
100.1.1.1/24 |
CE 4 |
XGE3/0/1 |
120.1.1.1/24 |
|
PE 3 |
Loop0 |
1.1.1.9/32 |
PE 4 |
Loop0 |
6.6.6.9/32 |
|
|
XGE3/0/1 |
100.1.1.2/24 |
|
XGE3/0/1 |
120.1.1.2/24 |
|
|
XGE3/0/5 |
10.1.1.1/24 |
|
XGE3/0/5 |
20.1.1.2/24 |
|
CE 1 |
Loop0 |
2.2.2.9/32 |
CE 2 |
Loop0 |
5.5.5.9/32 |
|
|
XGE3/0/4 |
10.1.1.2/24 |
|
XGE3/0/4 |
21.1.1.2/24 |
|
|
XGE3/0/5 |
11.1.1.1/24 |
|
XGE3/0/5 |
20.1.1.1/24 |
|
PE 1 |
Loop0 |
3.3.3.9/32 |
PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/4 |
11.1.1.2/24 |
|
XGE3/0/4 |
30.1.1.2/24 |
|
|
XGE3/0/5 |
30.1.1.1/24 |
|
XGE3/0/5 |
21.1.1.1/24 |
Procedure
1. Configure MPLS L3VPN on the provider carrier backbone. Enable IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs:
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 3.3.3.9 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 3.3.3.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE1-isis-1] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[PE1-Ten-GigabitEthernet3/0/5] quit
[PE1] bgp 200
[PE1-bgp-default] peer 4.4.4.9 as-number 200
[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 4.4.4.9 32
[PE2-LoopBack0] quit
[PE2] mpls lsr-id 4.4.4.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] isis 1
[PE2-isis-1] network-entity 10.0000.0000.0000.0005.00
[PE2-isis-1] quit
[PE2] interface loopback 0
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] ip address 30.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/4] isis enable 1
[PE2-Ten-GigabitEthernet3/0/4] mpls enable
[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface
[PE2-Ten-GigabitEthernet3/0/4] quit
[PE2] bgp 200
[PE2-bgp-default] peer 3.3.3.9 as-number 200
[PE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# On PE 1 or PE 2, execute the following commands:
¡ Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.)
¡ Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. (Details not shown.)
¡ Execute the display isis peer command to verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. (Details not shown.)
2. Configure the customer carrier network. Enable IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:
# Configure PE 3.
<Sysname> system-view
[Sysname] sysname PE3
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 1.1.1.9 32
[PE3-LoopBack0] quit
[PE3] mpls lsr-id 1.1.1.9
[PE3] mpls ldp
[PE3-ldp] quit
[PE3] isis 2
[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00
[PE3-isis-2] quit
[PE3] interface loopback 0
[PE3-LoopBack0] isis enable 2
[PE3-LoopBack0] quit
[PE3] interface ten-gigabitethernet 3/0/5
[PE3-Ten-GigabitEthernet3/0/5] ip address 10.1.1.1 24
[PE3-Ten-GigabitEthernet3/0/5] isis enable 2
[PE3-Ten-GigabitEthernet3/0/5] mpls enable
[PE3-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE3-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[PE3-Ten-GigabitEthernet3/0/5] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 2.2.2.9 32
[CE1-LoopBack0] quit
[CE1] mpls lsr-id 2.2.2.9
[CE1] mpls ldp
[CE1-ldp] import bgp
[CE1-ldp] quit
[CE1] isis 2
[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00
[CE1-isis-2] address-family ipv4
[CE1-isis-2-ipv4] import-route bgp
[CE1-isis-2-ipv4] quit
[CE1-isis-2] quit
[CE1] interface loopback 0
[CE1-LoopBack0] isis enable 2
[CE1-LoopBack0] quit
[CE1] interface ten-gigabitethernet 3/0/4
[CE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.2 24
[CE1-Ten-GigabitEthernet3/0/4] isis enable 2
[CE1-Ten-GigabitEthernet3/0/4] mpls enable
[CE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[CE1-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface
[CE1-Ten-GigabitEthernet3/0/4] quit
# Configure PE 4.
[Sysname] sysname PE4
[PE4] interface loopback 0
[PE4-LoopBack0] ip address 6.6.6.9 32
[PE4-LoopBack0] quit
[PE4] mpls lsr-id 6.6.6.9
[PE4] mpls ldp
[PE4-ldp] quit
[PE4] isis 2
[PE4-isis-2] network-entity 10.0000.0000.0000.0003.00
[PE4-isis-2] quit
[PE4] interface loopback 0
[PE4-LoopBack0] isis enable 2
[PE4-LoopBack0] quit
[PE4] interface ten-gigabitethernet 3/0/5
[PE4-Ten-GigabitEthernet3/0/5] ip address 20.1.1.2 24
[PE4-Ten-GigabitEthernet3/0/5] isis enable 2
[PE4-Ten-GigabitEthernet3/0/5] mpls enable
[PE4-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE4-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[PE4-Ten-GigabitEthernet3/0/5] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 5.5.5.9 32
[CE2-LoopBack0] quit
[CE2] mpls lsr-id 5.5.5.9
[CE2] mpls ldp
[CE2-ldp] import bgp
[CE2-ldp] quit
[CE2] isis 2
[CE2-isis-2] network-entity 10.0000.0000.0000.0004.00
[CE2-isis-2] address-family ipv4
[CE2-isis-2-ipv4] import-route bgp
[CE2-isis-2-ipv4] quit
[CE2-isis-2] quit
[CE2] interface loopback 0
[CE2-LoopBack0] isis enable 2
[CE2-LoopBack0] quit
[CE2] interface ten-gigabitethernet 3/0/5
[CE2-Ten-GigabitEthernet3/0/5] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/5] isis enable 2
[CE2-Ten-GigabitEthernet3/0/5] mpls enable
[CE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[CE2-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[CE2-Ten-GigabitEthernet3/0/5] quit
# Verify that an LDP session and IS-IS neighbor relationship can be established between PE 3 and CE 1 and between PE 4 and CE 2. (Details not shown.)
3. Allow CEs of the customer carrier to access PEs of the provider carrier:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 200:1
[PE1-vpn-instance-vpn1] vpn-target 1:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/4] ip address 11.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/4] mpls enable
[PE1-Ten-GigabitEthernet3/0/4] quit
[PE1] bgp 200
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 11.1.1.1 as-number 100
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 label-route-capability
[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 route-policy csc export
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
[PE1] route-policy csc permit node 0
[PE1-route-policy-csc-0] apply mpls-label
[PE1-route-policy-csc-0] quit
# Configure CE 1.
[CE1] interface ten-gigabitethernet 3/0/5
[CE1-Ten-GigabitEthernet3/0/5] ip address 11.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/5] mpls enable
[CE1-Ten-GigabitEthernet3/0/5] quit
[CE1] bgp 100
[CE1-bgp-default] peer 11.1.1.2 as-number 200
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 11.1.1.2 enable
[CE1-bgp-default-ipv4] peer 11.1.1.2 label-route-capability
[CE1-bgp-default-ipv4] peer 11.1.1.2 route-policy csc export
[CE1-bgp-default-ipv4] import-route isis 2
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
[CE1] route-policy csc permit node 0
[CE1-route-policy-csc-0] apply mpls-label
[CE1-route-policy-csc-0] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:2
[PE2-vpn-instance-vpn1] vpn-target 1:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/5] ip address 21.1.1.1 24
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] quit
[PE2] bgp 200
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 21.1.1.2 as-number 300
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 21.1.1.2 enable
[PE2-bgp-default-ipv4-vpn1] peer 21.1.1.2 label-route-capability
[PE2-bgp-default-ipv4-vpn1] peer 21.1.1.2 route-policy csc export
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
[PE2] route-policy csc permit node 0
[PE2-route-policy-csc-0] apply mpls-label
[PE2-route-policy-csc-0] quit
# Configure CE 2.
[CE2] interface ten-gigabitethernet 3/0/4
[CE2-Ten-GigabitEthernet3/0/4] ip address 21.1.1.2 24
[CE2-Ten-GigabitEthernet3/0/4] mpls enable
[CE2-Ten-GigabitEthernet3/0/4] quit
[CE2] bgp 300
[CE2-bgp-default] peer 21.1.1.1 as-number 200
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 21.1.1.1 enable
[CE2-bgp-default-ipv4] peer 21.1.1.1 label-route-capability
[CE2-bgp-default-ipv4] peer 21.1.1.1 route-policy csc export
[CE2-bgp-default-ipv4] import-route isis 2
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
[CE2] route-policy csc permit node 0
[CE2-route-policy-csc-0] apply mpls-label
[CE2-route-policy-csc-0] quit
# Verify that PE 1 and CE 1 can establish a BGP session and exchange labeled IPv4 unicast routes through BGP. Repeat this step for PE 2 and CE 2. (Details not shown.)
4. Connect CEs of the end customers and the PEs of the customer carrier:
# Configure CE 3.
<Sysname> system-view
[Sysname] sysname CE3
[CE3] interface ten-gigabitethernet 3/0/1
[CE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24
[CE3-Ten-GigabitEthernet3/0/1] quit
[CE3] bgp 65410
[CE3-bgp-default] peer 100.1.1.2 as-number 100
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 100.1.1.2 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
# Configure PE 3.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:1
[PE3-vpn-instance-vpn1] vpn-target 1:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface ten-gigabitethernet 3/0/1
[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24
[PE3-Ten-GigabitEthernet3/0/1] quit
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 100.1.1.1 as-number 65410
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 100.1.1.1 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Configure CE 4.
<Sysname> system-view
[Sysname] sysname CE4
[CE4] interface ten-gigabitethernet 3/0/1
[CE4-Ten-GigabitEthernet3/0/1] ip address 120.1.1.1 24
[CE4-Ten-GigabitEthernet3/0/1] quit
[CE4] bgp 65420
[CE4-bgp-default] peer 120.1.1.2 as-number 300
[CE4-bgp-default] address-family ipv4 unicast
[CE4-bgp-default-ipv4] peer 120.1.1.2 enable
[CE4-bgp-default-ipv4] import-route direct
[CE4-bgp-default-ipv4] quit
[CE4-bgp-default] quit
# Configure PE 4.
[PE4] ip vpn-instance vpn1
[PE4-vpn-instance-vpn1] route-distinguisher 100:2
[PE4-vpn-instance-vpn1] vpn-target 1:1
[PE4-vpn-instance-vpn1] quit
[PE4] interface ten-gigabitethernet 3/0/1
[PE4-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE4-Ten-GigabitEthernet3/0/1] ip address 120.1.1.2 24
[PE4-Ten-GigabitEthernet3/0/1] quit
[PE4] bgp 300
[PE4-bgp-default] ip vpn-instance vpn1
[PE4-bgp-default-vpn1] peer 120.1.1.1 as-number 65420
[PE4-bgp-default-vpn1] address-family ipv4 unicast
[PE4-bgp-default-ipv4-vpn1] peer 120.1.1.1 enable
[PE4-bgp-default-ipv4-vpn1] quit
[PE4-bgp-default-vpn1] quit
[PE4-bgp-default] quit
5. Configure an MP-EBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers:
# Configure PE 3.
[PE3] bgp 100
[PE3-bgp-default] peer 6.6.6.9 as-number 300
[PE3-bgp-default] peer 6.6.6.9 connect-interface loopback 0
[PE3-bgp-default] peer 6.6.6.9 ebgp-max-hop 10
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 6.6.6.9 enable
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] quit
# Configure PE 4.
[PE4] bgp 300
[PE4-bgp-default] peer 1.1.1.9 as-number 100
[PE4-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE4-bgp-default] peer 1.1.1.9 ebgp-max-hop 10
[PE4-bgp-default] address-family vpnv4
[PE4-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE4-bgp-default-vpnv4] quit
[PE4-bgp-default] quit
Verifying the configuration
1. Display the public network routing table and VPN routing table on the provider carrier PEs, for example, on PE 1:
# Verify that the public network routing table contains only routes of the provider carrier network.
[PE1] display ip routing-table
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
3.3.3.9/32 Direct 0 0 127.0.0.1 Loop0
4.4.4.9/32 IS_L1 15 10 30.1.1.2 GE1/0/5
30.1.1.0/24 Direct 0 0 30.1.1.1 GE1/0/5
30.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/5
30.1.1.255/32 Direct 0 0 30.1.1.1 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that the VPN routing table contains the internal routes of the customer carrier, but it does not contain the VPN routes that the customer carrier maintains.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 BGP 255 10 11.1.1.1 GE1/0/4
6.6.6.9/32 BGP 255 10 4.4.4.9 GE1/0/5
11.1.1.0/24 Direct 0 0 11.1.1.2 GE1/0/4
11.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/4
11.1.1.255/32 Direct 0 0 11.1.1.2 GE1/0/4
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
2. Display the routing table on the customer carrier CEs, for example, on CE 1.
# Verify that the routing table contains the internal routes of the customer carrier network, but it does not contain the VPN routes that the customer carrier maintains.
[CE1] display ip routing-table
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 IS_L1 15 10 10.1.1.1 GE1/0/4
2.2.2.9/32 Direct 0 0 127.0.0.1 Loop0
6.6.6.9/32 BGP 255 0 11.1.1.2 GE1/0/5
10.1.1.0/24 Direct 0 0 10.1.1.2 GE1/0/4
10.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/4
10.1.1.255/32 Direct 0 0 10.1.1.2 GE1/0/4
11.1.1.0/24 Direct 0 0 11.1.1.1 GE1/0/5
11.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/5
11.1.1.255/32 Direct 0 0 11.1.1.1 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
3. Display the public network routing table and VPN routing table on the customer carrier PEs, for example, on PE 3:
# Verify that the public network routing table contains the internal routes of the customer carrier network.
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 Direct 0 0 127.0.0.1 Loop0
2.2.2.9/32 IS_L1 15 10 10.1.1.2 GE1/0/5
6.6.6.9/32 IS_L2 15 74 10.1.1.2 GE1/0/5
10.1.1.0/24 Direct 0 0 10.1.1.1 GE1/0/5
10.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/5
10.1.1.255/32 Direct 0 0 10.1.1.1 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that the VPN routing table contains the route to the remote VPN customer.
[PE3] display ip routing-table vpn-instance vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 Direct 0 0 100.1.1.2 GE1/0/1
100.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/1
100.1.1.255/32 Direct 0 0 100.1.1.2 GE1/0/1
120.1.1.0/24 BGP 255 0 6.6.6.9 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
4. Verify that PE 3 and PE 4 can ping each other. (Details not shown.)
5. Verify that CE 3 and CE 4 can ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip binding vpn-instance vpn1
ip address 11.1.1.2 255.255.255.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 200
peer 4.4.4.9 as-number 200
peer 4.4.4.9 connect-interface LoopBack0
#
address-family vpnv4
peer 4.4.4.9 enable
#
ip vpn-instance vpn1
peer 11.1.1.1 as-number 100
#
address-family ipv4 unicast
peer 11.1.1.1 enable
peer 11.1.1.1 route-policy csc export
peer 11.1.1.1 label-route-capability
#
route-policy csc permit node 0
apply mpls-label
#
Return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0005.00
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
interface Ten-GigabitEthernet3/0/5
ip binding vpn-instance vpn1
ip address 21.1.1.1 255.255.255.0
mpls enable
#
bgp 200
peer 3.3.3.9 as-number 200
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
peer 21.1.1.2 as-number 300
#
address-family ipv4 unicast
peer 21.1.1.2 enable
peer 21.1.1.2 route-policy csc export
peer 21.1.1.2 label-route-capability
#
route-policy csc permit node 0
apply mpls-label
#
return
· CE 1:
#
sysname CE1
#
isis 2
network-entity 10.0000.0000.0000.0002.00
#
address-family ipv4 unicast
import-route bgp
#
mpls lsr-id 2.2.2.9
#
mpls ldp
import bgp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/4
ip address 10.1.1.2 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
interface Ten-GigabitEthernet3/0/5
ip address 11.1.1.1 255.255.255.0
mpls enable
#
bgp 100
peer 11.1.1.2 as-number 200
#
address-family ipv4 unicast
import-route isis 2
peer 11.1.1.2 enable
peer 11.1.1.2 route-policy csc export
peer 11.1.1.2 label-route-capability
#
route-policy csc permit node 0
apply mpls-label
#
return
· CE 2:
#
sysname CE2
#
isis 2
network-entity 10.0000.0000.0000.0004.00
#
address-family ipv4 unicast
import-route bgp
#
mpls lsr-id 5.5.5.9
#
mpls ldp
import bgp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/4
ip address 21.1.1.2 255.255.255.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 20.1.1.1 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 300
peer 21.1.1.1 as-number 200
#
address-family ipv4 unicast
import-route isis 2
peer 21.1.1.1 enable
peer 21.1.1.1 route-policy csc export
peer 21.1.1.1 label-route-capability
#
route-policy csc permit node 0
apply mpls-label
#
return
· PE 3:
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 2
network-entity 10.0000.0000.0000.0001.00
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 100.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 10.1.1.1 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 100
peer 6.6.6.9 as-number 300
peer 6.6.6.9 connect-interface LoopBack0
peer 6.6.6.9 ebgp-max-hop 10
#
address-family vpnv4
peer 6.6.6.9 enable
#
ip vpn-instance vpn1
peer 100.1.1.1 as-number 65410
#
address-family ipv4 unicast
peer 100.1.1.1 enable
#
return
· PE 4:
#
sysname PE4
#
ip vpn-instance vpn1
route-distinguisher 100:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 2
network-entity 10.0000.0000.0000.0003.00
#
mpls lsr-id 6.6.6.9
#
mpls ldp
#
interface LoopBack0
ip address 6.6.6.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 120.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 20.1.1.2 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 300
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
peer 1.1.1.9 ebgp-max-hop 10
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
peer 120.1.1.1 as-number 65420
#
address-family ipv4 unicast
peer 120.1.1.1 enable
#
return
· CE 3:
#
sysname CE3
#
interface Ten-GigabitEthernet3/0/1
ip address 100.1.1.1 255.255.255.0
#
bgp 65410
peer 100.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 100.1.1.2 enable
#
Return
· CE 4:
#
sysname CE4
#
interface Ten-GigabitEthernet3/0/1
ip address 120.1.1.1 255.255.255.0
#
bgp 65420
peer 120.1.1.2 as-number 300
#
address-family ipv4 unicast
import-route direct
peer 120.1.1.2 enable
#
return
Example: Configuring nested VPN
Network configuration
The service provider provides nested VPN services for users, as shown in Figure 12.
· PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested VPN feature.
· CE 1 and CE 2 are provider CEs connected to the service provider backbone. Both of them support VPNv4 routes.
· PE 3 and PE 4 are PE devices of the customer VPN. Both of them support MPLS L3VPN.
· CE 3 through CE 6 are CE devices of sub-VPNs in the customer VPN.
The key of nested VPN configuration is to understand the processing of routes of sub-VPNs on the service provider PEs:
· When receiving a VPNv4 route from a provider CE (CE 1 or CE 2, in this example), a provider PE performs the following operations:
a. Replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider network.
b. Adds the export target attribute of the MPLS VPN on the service provider network to the extended community attribute list.
c. Forwards the VPNv4 route.
· To implement exchange of sub-VPN routes between customer PEs and service provider PEs, MP-EBGP peers must be established between provider PEs and provider CEs.
Table 23 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface2 |
Ten-GigabitEthernet3/0/2 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 24 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
Loop0 |
2.2.2.9/32 |
CE 2 |
Loop0 |
5.5.5.9/32 |
|
|
XGE3/0/4 |
10.1.1.2/24 |
|
XGE3/0/4 |
21.1.1.2/24 |
|
|
XGE3/0/5 |
11.1.1.1/24 |
|
XGE3/0/5 |
20.1.1.1/24 |
|
CE 3 |
XGE3/0/1 |
100.1.1.1/24 |
CE 4 |
XGE3/0/1 |
120.1.1.1/24 |
|
CE 5 |
XGE3/0/1 |
110.1.1.1/24 |
CE 6 |
XGE3/0/1 |
130.1.1.1/24 |
|
PE 1 |
Loop0 |
3.3.3.9/32 |
PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/4 |
11.1.1.2/24 |
|
XGE3/0/4 |
30.1.1.2/24 |
|
|
XGE3/0/5 |
30.1.1.1/24 |
|
XGE3/0/5 |
21.1.1.1/24 |
|
PE 3 |
Loop0 |
1.1.1.9/32 |
PE 4 |
Loop0 |
6.6.6.9/32 |
|
|
XGE3/0/1 |
100.1.1.2/24 |
|
XGE3/0/1 |
120.1.1.2/24 |
|
|
XGE3/0/2 |
110.1.1.2/24 |
|
XGE3/0/2 |
130.1.1.2/24 |
|
|
XGE3/0/5 |
10.1.1.1/24 |
|
XGE3/0/5 |
20.1.1.2/24 |
Procedure
1. Configure MPLS L3VPN on the service provider backbone. Enable IS-IS, enable LDP, and establish an MP-IBGP peer relationship between PE 1 and PE 2:
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 3.3.3.9 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 3.3.3.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE1-isis-1] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/5] isis enable 1
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp transport-address interface
[PE1-Ten-GigabitEthernet3/0/5] quit
[PE1] bgp 100
[PE1-bgp-default] peer 4.4.4.9 as-number 100
[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 4.4.4.9 32
[PE2-LoopBack0] quit
[PE2] mpls lsr-id 4.4.4.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] isis 1
[PE2-isis-1] network-entity 10.0000.0000.0000.0005.00
[PE2-isis-1] quit
[PE2] interface loopback 0
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] ip address 30.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/4] isis enable 1
[PE2-Ten-GigabitEthernet3/0/4] mpls enable
[PE2-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/4] mpls ldp transport-address interface
[PE2-Ten-GigabitEthernet3/0/4] quit
[PE2] bgp 100
[PE2-bgp-default] peer 3.3.3.9 as-number 100
[PE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# On PE 1 or PE 2, execute the following commands:
¡ Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.)
¡ Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. (Details not shown.)
¡ Execute the display isis peer command to verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. (Details not shown.)
2. Configure the customer VPN. Enable IS-IS, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:
# Configure PE 3.
<Sysname> system-view
[Sysname] sysname PE3
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 1.1.1.9 32
[PE3-LoopBack0] quit
[PE3] mpls lsr-id 1.1.1.9
[PE3] mpls ldp
[PE3-ldp] quit
[PE3] isis 2
[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00
[PE3-isis-2] quit
[PE3] interface loopback 0
[PE3-LoopBack0] isis enable 2
[PE3-LoopBack0] quit
[PE3] interface ten-gigabitethernet 3/0/5
[PE3-Ten-GigabitEthernet3/0/5] ip address 10.1.1.1 24
[PE3-Ten-GigabitEthernet3/0/5] isis enable 2
[PE3-Ten-GigabitEthernet3/0/5] mpls enable
[PE3-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE3-Ten-GigabitEthernet3/0/5] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 2.2.2.9 32
[CE1-LoopBack0] quit
[CE1] mpls lsr-id 2.2.2.9
[CE1] mpls ldp
[CE1-ldp] quit
[CE1] isis 2
[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00
[CE1-isis-2] quit
[CE1] interface loopback 0
[CE1-LoopBack0] isis enable 2
[CE1-LoopBack0] quit
[CE1] interface ten-gigabitethernet 3/0/4
[CE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.2 24
[CE1-Ten-GigabitEthernet3/0/4] isis enable 2
[CE1-Ten-GigabitEthernet3/0/4] mpls enable
[CE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[CE1-Ten-GigabitEthernet3/0/4] quit
# Configure PE 4.
<Sysname> system-view
[Sysname] sysname PE4
[PE4] interface loopback 0
[PE4-LoopBack0] ip address 6.6.6.9 32
[PE4-LoopBack0] quit
[PE4] mpls lsr-id 6.6.6.9
[PE4] mpls ldp
[PE4-ldp] quit
[PE4] isis 2
[PE4-isis-2] network-entity 10.0000.0000.0000.0003.00
[PE4-isis-2] quit
[PE4] interface loopback 0
[PE4-LoopBack0] isis enable 2
[PE4-LoopBack0] quit
[PE4] interface ten-gigabitethernet 3/0/5
[PE4-Ten-GigabitEthernet3/0/5] ip address 20.1.1.2 24
[PE4-Ten-GigabitEthernet3/0/5] isis enable 2
[PE4-Ten-GigabitEthernet3/0/5] mpls enable
[PE4-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE4-Ten-GigabitEthernet3/0/5] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 5.5.5.9 32
[CE2-LoopBack0] quit
[CE2] mpls lsr-id 5.5.5.9
[CE2] mpls ldp
[CE2-ldp] quit
[CE2] isis 2
[CE2-isis-2] network-entity 10.0000.0000.0000.0004.00
[CE2-isis-2] quit
[CE2] interface loopback 0
[CE2-LoopBack0] isis enable 2
[CE2-LoopBack0] quit
[CE2] interface ten-gigabitethernet 3/0/5
[CE2-Ten-GigabitEthernet3/0/5] ip address 20.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/5] isis enable 2
[CE2-Ten-GigabitEthernet3/0/5] mpls enable
[CE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[CE2-Ten-GigabitEthernet3/0/5] quit
# Verify that an LDP session and IS-IS neighbor relationship can be established between PE 3 and CE 1 and between PE 4 and CE 2. (Details not shown.)
3. Connect CE 1 and CE 2 to service provider PEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 200:1
[PE1-vpn-instance-vpn1] vpn-target 1:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/4] ip address 11.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/4] mpls enable
[PE1-Ten-GigabitEthernet3/0/4] quit
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 11.1.1.1 as-number 200
[PE1-bgp-default-vpn1] address-family ipv4
[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure CE 1.
[CE1] interface ten-gigabitethernet 3/0/5
[CE1-Ten-GigabitEthernet3/0/5] ip address 11.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/5] mpls enable
[CE1-Ten-GigabitEthernet3/0/5] quit
[CE1] bgp 200
[CE1-bgp-default] peer 11.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4
[CE1-bgp-default-ipv4] peer 11.1.1.2 enable
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:2
[PE2-vpn-instance-vpn1] vpn-target 1:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/5] ip address 21.1.1.1 24
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] quit
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 21.1.1.2 as-number 200
[PE2-bgp-default-vpn1] address-family ipv4
[PE2-bgp-default-ipv4-vpn1] peer 21.1.1.2 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Configure CE 2.
[CE2] interface ten-gigabitethernet 3/0/4
[CE2-Ten-GigabitEthernet3/0/4] ip address 21.1.1.2 24
[CE2-Ten-GigabitEthernet3/0/4] mpls enable
[CE2-Ten-GigabitEthernet3/0/4] quit
[CE2] bgp 200
[CE2-bgp-default] peer 21.1.1.1 as-number 100
[CE2-bgp-default] address-family ipv4
[CE2-bgp-default-ipv4] peer 21.1.1.1 enable
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
4. Connect sub-VPN CEs to the customer VPN PEs:
# Configure CE 3.
<Sysname> system-view
[Sysname] sysname CE3
[CE3] interface ten-gigabitethernet 3/0/1
[CE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24
[CE3-Ten-GigabitEthernet3/0/1] quit
[CE3] bgp 65410
[CE3-bgp-default] peer 100.1.1.2 as-number 200
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 100.1.1.2 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
# Configure CE 5.
<Sysname> system-view
[Sysname] sysname CE5
[CE5] interface ten-gigabitethernet 3/0/1
[CE5-Ten-GigabitEthernet3/0/1] ip address 110.1.1.1 24
[CE5-Ten-GigabitEthernet3/0/1] quit
[CE5] bgp 65411
[CE5-bgp-default] peer 110.1.1.2 as-number 200
[CE5-bgp-default] address-family ipv4 unicast
[CE5-bgp-default-ipv4] peer 110.1.1.2 enable
[CE5-bgp-default-ipv4] import-route direct
[CE5-bgp-default-ipv4] quit
[CE5-bgp-default] quit
# Configure PE 3.
[PE3] ip vpn-instance SUB_VPN1
[PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1
[PE3-vpn-instance-SUB_VPN1] vpn-target 2:1
[PE3-vpn-instance-SUB_VPN1] quit
[PE3] interface ten-gigabitethernet 3/0/1
[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance SUB_VPN1
[PE3-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24
[PE3-Ten-GigabitEthernet3/0/1] quit
[PE3] ip vpn-instance SUB_VPN2
[PE3-vpn-instance-SUB_VPN2] route-distinguisher 101:1
[PE3-vpn-instance-SUB_VPN2] vpn-target 2:2
[PE3-vpn-instance-SUB_VPN2] quit
[PE3] interface ten-gigabitethernet 3/0/2
[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance SUB_VPN2
[PE3-Ten-GigabitEthernet3/0/2] ip address 110.1.1.2 24
[PE3-Ten-GigabitEthernet3/0/2] quit
[PE3] bgp 200
[PE3-bgp-default] ip vpn-instance SUB_VPN1
[PE3-bgp-default-SUB_VPN1] peer 100.1.1.1 as-number 65410
[PE3-bgp-default-SUB_VPN1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-SUB_VPN1] peer 100.1.1.1 enable
[PE3-bgp-default-ipv4-SUB_VPN1] quit
[PE3-bgp-default-SUB_VPN1] quit
[PE3-bgp-default] ip vpn-instance SUB_VPN2
[PE3-bgp-default-SUB_VPN2] peer 110.1.1.1 as-number 65411
[PE3-bgp-default-SUB_VPN2] address-family ipv4 unicast
[PE3-bgp-default-ipv4-SUB_VPN2] peer 110.1.1.1 enable
[PE3-bgp-default-ipv4-SUB_VPN2] quit
[PE3-bgp-default-SUB_VPN2] quit
[PE3-bgp-default] quit
# Configure CE 4.
<Sysname> system-view
[Sysname] sysname CE4
[CE4] interface ten-gigabitethernet 3/0/1
[CE4-Ten-GigabitEthernet3/0/1] ip address 120.1.1.1 24
[CE4-Ten-GigabitEthernet3/0/1] quit
[CE4] bgp 65420
[CE4-bgp-default] peer 120.1.1.2 as-number 200
[CE4-bgp-default] address-family ipv4 unicast
[CE4-bgp-default-ipv4] peer 120.1.1.2 enable
[CE4-bgp-default-ipv4] import-route direct
[CE4-bgp-default-ipv4] quit
[CE4-bgp-default] quit
# Configure CE 6.
<Sysname> system-view
[Sysname] sysname CE6
[CE6] interface ten-gigabitethernet 3/0/1
[CE6-Ten-GigabitEthernet3/0/1] ip address 130.1.1.1 24
[CE6-Ten-GigabitEthernet3/0/1] quit
[CE6] bgp 65421
[CE6-bgp-default] peer 130.1.1.2 as-number 200
[CE6-bgp-default] address-family ipv4 unicast
[CE6-bgp-default-ipv4] peer 130.1.1.2 enable
[CE6-bgp-default-ipv4] import-route direct
[CE6-bgp-default-ipv4] quit
[CE6-bgp-default] quit
# Configure PE 4.
[PE4] ip vpn-instance SUB_VPN1
[PE4-vpn-instance-SUB_VPN1] route-distinguisher 100:2
[PE4-vpn-instance-SUB_VPN1] vpn-target 2:1
[PE4-vpn-instance-SUB_VPN1] quit
[PE4] interface ten-gigabitethernet 3/0/1
[PE4-Ten-GigabitEthernet3/0/1] ip binding vpn-instance SUB_VPN1
[PE4-Ten-GigabitEthernet3/0/1] ip address 120.1.1.2 24
[PE4-Ten-GigabitEthernet3/0/1] quit
[PE4] ip vpn-instance SUB_VPN2
[PE4-vpn-instance-SUB_VPN2] route-distinguisher 101:2
[PE4-vpn-instance-SUB_VPN2] vpn-target 2:2
[PE4-vpn-instance-SUB_VPN2] quit
[PE4] interface ten-gigabitethernet 3/0/2
[PE4-Ten-GigabitEthernet3/0/2] ip binding vpn-instance SUB_VPN2
[PE4-Ten-GigabitEthernet3/0/2] ip address 130.1.1.2 24
[PE4-Ten-GigabitEthernet3/0/2] quit
[PE4] bgp 200
[PE4-bgp-default] ip vpn-instance SUB_VPN1
[PE4-bgp-default-SUB_VPN1] peer 120.1.1.1 as-number 65420
[PE4-bgp-default-SUB_VPN1] address-family ipv4 unicast
[PE4-bgp-default-ipv4-SUB_VPN1] peer 120.1.1.1 enable
[PE4-bgp-default-ipv4-SUB_VPN1] quit
[PE4-bgp-default-SUB_VPN1] quit
[PE4-bgp-default] ip vpn-instance SUB_VPN2
[PE4-bgp-default-SUB_VPN2] peer 130.1.1.1 as-number 65421
[PE4-bgp-default-SUB_VPN2] address-family ipv4 unicast
[PE4-bgp-default-ipv4-SUB_VPN2] peer 130.1.1.1 enable
[PE4-bgp-default-ipv4-SUB_VPN2] quit
[PE4-bgp-default-SUB_VPN2] quit
[PE4-bgp-default] quit
5. Establish MP-EBGP peer relationship between service provider PEs and their CEs to exchange user VPNv4 routes:
# On PE 1, enable nested VPN, and enable VPNv4 route exchange with CE 1.
[PE1] bgp 100
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] nesting-vpn
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family vpnv4
[PE1-bgp-default-vpnv4-vpn1] peer 11.1.1.1 enable
[PE1-bgp-default-vpnv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# On CE 1, enable VPNv4 route exchange with PE 1.
[CE1] bgp 200
[CE1-bgp-default] address-family vpnv4
[CE1-bgp-default-vpnv4] peer 11.1.1.2 enable
# Configure CE 1 to allow the local AS number to appear in the AS-PATH attribute of the routes received.
[CE1-bgp-default-vpnv4] peer 11.1.1.2 allow-as-loop 2
# On CE 1, disable route target based filtering of received VPNv4 routes.
[CE1-bgp-default-vpnv4] undo policy vpn-target
[CE1-bgp-default-vpnv4] quit
[CE1-bgp-default] quit
# On PE 2, enable nested VPN, and enable VPNv4 route exchange with CE 2.
[PE2] bgp 100
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] nesting-vpn
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family vpnv4
[PE2-bgp-default-vpnv4-vpn1] peer 21.1.1.2 enable
[PE2-bgp-default-vpnv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# On CE 2, enable VPNv4 route exchange with PE 2.
[CE2] bgp 200
[CE2-bgp-default] address-family vpnv4
[CE2-bgp-default-vpnv4] peer 21.1.1.1 enable
# Configure CE 2 to allow the local AS number to appear in the AS-PATH attribute of the routes received.
[CE2-bgp-default-vpnv4] peer 21.1.1.1 allow-as-loop 2
# On CE 2, disable route target based filtering of incoming VPNv4 routes.
[CE2-bgp-default-vpnv4] undo policy vpn-target
[CE2-bgp-default-vpnv4] quit
[CE2-bgp-default] quit
6. Establish MP-IBGP peer relationships between sub-VPN PEs and CEs of the customer VPN to exchange VPNv4 routes of sub-VPNs:
# Configure PE 3.
[PE3] bgp 200
[PE3-bgp-default] peer 2.2.2.9 as-number 200
[PE3-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 2.2.2.9 enable
# Configure PE 3 to allow the local AS number to appear in the AS-PATH attribute of the routes received.
[PE3-bgp-default-vpnv4] peer 2.2.2.9 allow-as-loop 2
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] quit
# Configure CE 1.
[CE1] bgp 200
[CE1-bgp-default] peer 1.1.1.9 as-number 200
[CE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[CE1-bgp-default] address-family vpnv4
[CE1-bgp-default-vpnv4] peer 1.1.1.9 enable
[CE1-bgp-default-vpnv4] undo policy vpn-target
[CE1-bgp-default-vpnv4] quit
[CE1-bgp-default] quit
# Configure PE 4.
[PE4] bgp 200
[PE4-bgp-default] peer 5.5.5.9 as-number 200
[PE4-bgp-default] peer 5.5.5.9 connect-interface loopback 0
[PE4-bgp-default] address-family vpnv4
[PE4-bgp-default-vpnv4] peer 5.5.5.9 enable
# Configure PE 4 to allow the local AS number to appear in the AS-PATH attribute of the routes received.
[PE4-bgp-default-vpnv4] peer 5.5.5.9 allow-as-loop 2
[PE4-bgp-default-vpnv4] quit
[PE4-bgp-default] quit
# Configure CE 2.
[CE2] bgp 200
[CE2-bgp-default] peer 6.6.6.9 as-number 200
[CE2-bgp-default] peer 6.6.6.9 connect-interface loopback 0
[CE2-bgp-default] address-family vpnv4
[CE2-bgp-default-vpnv4] peer 6.6.6.9 enable
[CE2-bgp-default-vpnv4] undo policy vpn-target
[CE2-bgp-default-vpnv4] quit
[CE2-bgp-default] quit
Verifying the configuration
1. Display the public routing table and VPN routing table on the provider PEs, for example, on PE 1:
# Verify that the public routing table contains only routes on the service provider network.
[PE1] display ip routing-table
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
3.3.3.9/32 Direct 0 0 127.0.0.1 Loop0
4.4.4.9/32 IS_L1 15 10 30.1.1.2 GE1/0/5
30.1.1.0/24 Direct 0 0 30.1.1.1 GE1/0/5
30.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/5
30.1.1.255/32 Direct 0 0 30.1.1.1 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that the VPN routing table contains sub-VPN routes.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
11.1.1.0/24 Direct 0 0 11.1.1.2 GE1/0/4
11.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/4
11.1.1.255/32 Direct 0 0 11.1.1.2 GE1/0/4
100.1.1.0/24 BGP 255 0 11.1.1.1 GE1/0/4
110.1.1.0/24 BGP 255 0 11.1.1.1 GE1/0/4
120.1.1.0/24 BGP 255 0 4.4.4.9 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
130.1.1.0/24 BGP 255 0 4.4.4.9 GE1/0/5
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
2. Display the VPNv4 routing table on the provider CEs, for example, on CE 1.
# Verify that the VPNv4 routing table on the customer VPN contains internal sub-VPN routes.
[CE1] display bgp routing-table vpnv4
BGP local router ID is 2.2.2.9
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of VPN routes: 4
Total number of routes from all PEs: 4
Route distinguisher: 100:1
Total number of routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 100.1.1.0/24 1.1.1.9 0 100 0 65410?
Route distinguisher: 101:1
Total number of routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 110.1.1.0/24 1.1.1.9 0 100 0 65411?
Route distinguisher: 200:2
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e 120.1.1.0/24 11.1.1.2 0 100 200 65420?
* >e 130.1.1.0/24 11.1.1.2 0 100 200 65421?
3. Display the VPN routing table on the customer PEs, for example, on PE 3:
# Verify that the VPN routing table contains routes sent by the provider PE to the sub-VPN.
[PE3] display ip routing-table vpn-instance SUB_VPN1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 Direct 0 0 100.1.1.2 GE1/0/1
100.1.1.2/32 Direct 0 0 127.0.0.1 GE1/0/1
100.1.1.255/32 Direct 0 0 100.1.1.2 GE1/0/1
120.1.1.0/24 BGP 255 0 2.2.2.9 GE1/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
4. Display the routing table on the CEs of sub-VPNs in the customer VPN, for example, on CE 3 and CE 5:
# Verify that the routing table contains the route to the remote sub-VPN on CE 3.
[CE3] display ip routing-table
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 Direct 0 0 100.1.1.1 GE1/0/1
100.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/1
100.1.1.255/32 Direct 0 0 100.1.1.1 GE1/0/1
120.1.1.0/24 BGP 255 0 100.1.1.2 GE1/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that the routing table contains the route to the remote sub-VPN on CE 5.
[CE5] display ip routing-table
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
110.1.1.0/24 Direct 0 0 110.1.1.1 GE1/0/1
110.1.1.1/32 Direct 0 0 127.0.0.1 GE1/0/1
110.1.1.255/32 Direct 0 0 110.1.1.1 GE1/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
130.1.1.0/24 BGP 255 0 110.1.1.2 GE1/0/1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
5. Verify that CE 3 and CE 4 can ping each other. (Details not shown.)
6. Verify that CE 5 and CE 6 can ping each other. (Details not shown.)
7. Verify that CE 3 and CE 6 cannot ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip binding vpn-instance vpn1
ip address 11.1.1.2 255.255.255.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
bgp 100
peer 4.4.4.9 as-number 100
peer 4.4.4.9 connect-interface LoopBack0
#
address-family vpnv4
nesting-vpn
peer 4.4.4.9 enable
#
ip vpn-instance vpn1
peer 11.1.1.1 as-number 200
#
address-family ipv4 unicast
peer 11.1.1.1 enable
#
address-family vpnv4
peer 11.1.1.1 enable
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
isis 1
network-entity 10.0000.0000.0000.0005.00
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet3/0/4
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls enable
mpls ldp enable
mpls ldp transport-address interface
#
interface Ten-GigabitEthernet3/0/5
ip binding vpn-instance vpn1
ip address 21.1.1.1 255.255.255.0
mpls enable
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
nesting-vpn
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
peer 21.1.1.2 as-number 200
#
address-family ipv4 unicast
peer 21.1.1.2 enable
#
address-family vpnv4
peer 21.1.1.2 enable
#
return
· CE 1:
#
sysname CE1
#
isis 2
network-entity 10.0000.0000.0000.0002.00
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/4
ip address 10.1.1.2 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/5
ip address 11.1.1.1 255.255.255.0
mpls enable
#
bgp 200
peer 1.1.1.9 as-number 200
peer 1.1.1.9 connect-interface LoopBack0
peer 11.1.1.2 as-number 100
#
address-family ipv4 unicast
peer 11.1.1.2 enable
#
address-family vpnv4
undo policy vpn-target
peer 1.1.1.9 enable
peer 11.1.1.2 enable
peer 11.1.1.2 allow-as-loop 2
#
return
· CE 2:
#
sysname CE2
#
isis 2
network-entity 10.0000.0000.0000.0004.00
#
mpls lsr-id 5.5.5.9
#
mpls ldp
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/4
ip address 21.1.1.2 255.255.255.0
mpls enable
#
interface Ten-GigabitEthernet3/0/5
ip address 20.1.1.1 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
#
bgp 200
peer 6.6.6.9 as-number 200
peer 6.6.6.9 connect-interface LoopBack0
peer 21.1.1.1 as-number 100
#
address-family ipv4 unicast
peer 21.1.1.1 enable
#
address-family vpnv4
undo policy vpn-target
peer 6.6.6.9 enable
peer 21.1.1.1 enable
peer 21.1.1.1 allow-as-loop 2
#
return
· PE 3:
#
sysname PE3
#
ip vpn-instance SUB_VPN1
route-distinguisher 100:1
vpn-target 2:1 import-extcommunity
vpn-target 2:1 export-extcommunity
#
ip vpn-instance SUB_VPN2
route-distinguisher 101:1
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
isis 2
network-entity 10.0000.0000.0000.0001.00
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance SUB_VPN1
ip address 100.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance SUB_VPN2
ip address 110.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 10.1.1.1 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
#
bgp 200
peer 2.2.2.9 as-number 200
peer 2.2.2.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
peer 2.2.2.9 allow-as-loop 2
#
ip vpn-instance SUB_VPN1
peer 100.1.1.1 as-number 65410
#
address-family ipv4 unicast
peer 100.1.1.1 enable
#
ip vpn-instance SUB_VPN2
peer 110.1.1.1 as-number 65411
#
address-family ipv4 unicast
peer 110.1.1.1 enable
#
return
· PE 4:
#
sysname PE4
#
ip vpn-instance SUB_VPN1
route-distinguisher 100:2
vpn-target 2:1 import-extcommunity
vpn-target 2:1 export-extcommunity
#
ip vpn-instance SUB_VPN2
route-distinguisher 101:2
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
isis 2
network-entity 10.0000.0000.0000.0003.00
#
mpls lsr-id 6.6.6.9
#
mpls ldp
#
interface LoopBack0
ip address 6.6.6.9 255.255.255.255
isis enable 2
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance SUB_VPN1
ip address 120.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance SUB_VPN2
ip address 130.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 20.1.1.2 255.255.255.0
isis enable 2
mpls enable
mpls ldp enable
#
bgp 200
peer 5.5.5.9 as-number 200
peer 5.5.5.9 connect-interface LoopBack0
#
address-family vpnv4
peer 5.5.5.9 enable
peer 5.5.5.9 allow-as-loop 2
#
ip vpn-instance SUB_VPN1
peer 120.1.1.1 as-number 65420
#
address-family ipv4 unicast
peer 120.1.1.1 enable
#
ip vpn-instance SUB_VPN2
peer 130.1.1.1 as-number 65421
#
address-family ipv4 unicast
peer 130.1.1.1 enable
#
return
· CE 3:
#
sysname CE3
#
interface Ten-GigabitEthernet3/0/1
ip address 100.1.1.1 255.255.255.0
#
bgp 65410
peer 100.1.1.2 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 100.1.1.2 enable
#
return
· CE 4:
#
sysname CE4
#
interface Ten-GigabitEthernet3/0/1
ip address 120.1.1.1 255.255.255.0
#
bgp 65420
peer 120.1.1.2 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 120.1.1.2 enable
#
return
· CE 5:
#
sysname CE5
#
interface Ten-GigabitEthernet3/0/1
ip address 110.1.1.1 255.255.255.0
#
bgp 65411
peer 110.1.1.2 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 110.1.1.2 enable
#
return
· CE 6:
#
sysname CE6
#
interface Ten-GigabitEthernet3/0/1
ip address 130.1.1.1 255.255.255.0
#
bgp 65421
peer 130.1.1.2 as-number 200
#
address-family ipv4 unicast
import-route direct
peer 130.1.1.2 enable
#
return
Example: Configuring multirole host
Network configuration
Configure the multirole host feature to allow Host A to access VPN 1 and VPN 2 and Host B to access only VPN 1.
Figure 13 Network diagram
Table 25 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Procedure
1. Configure CE 1:
# Assign IP addresses to interfaces.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
[CE1] interface ten-gigabitethernet 3/0/5
[CE1-Ten-GigabitEthernet3/0/5] ip address 1.1.1.2 24
[CE1-Ten-GigabitEthernet3/0/5] quit
# Configure a default route to PE 1.
[CE1] ip route-static 0.0.0.0 0 1.1.1.1
2. Configure PE 1:
# Configure an IGP on the MPLS backbone to enable public network connectivity between backbone PEs.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] ip address 2.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/5] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 2.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/5
[PE1-Ten-GigabitEthernet3/0/5] mpls enable
[PE1-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/5] quit
# Establish an MP-IBGP peer relationship with PE 2.
[PE1] bgp 100
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Create VPN instances vpn1 and vpn2 for VPN 1 and VPN 2, respectively, and configure different RDs and route targets for the VPN instances.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 100:2 both
[PE1-vpn-instance-vpn2] quit
# Associate VPN instance vpn1 with Ten-GigabitEthernet 3/0/4 (the interface connected to CE 1).
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/4] ip address 1.1.1.1 255.255.255.0
[PE1-Ten-GigabitEthernet3/0/4] quit
# Configure a static route for VPN 2 to reach Host A and redistribute the route to BGP. This configuration ensures that packets from VPN 2 to Host A can be forwarded through the correct route in the routing table of VPN instance vpn1.
[PE1] ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 1.1.1.2
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn2
[PE1-bgp-default-vpn2] address-family ipv4
[PE1-bgp-default-ipv4-vpn2] import-route static
[PE1-bgp-default-ipv4-vpn2] quit
[PE1-bgp-default-vpn2] quit
[PE1-bgp-default] quit
# Configure PBR to route packets from Host A according to the routing tables of both VPN instances vpn1 and vpn2.
[PE1] acl advanced 3001
[PE1-acl-ipv4-adv-3001] rule 0 permit ip vpn-instance vpn1 source 100.1.1.2 0
[PE1-acl-ipv4-adv-3001] quit
[PE1] policy-based-route policy1 permit node 10
[PE1-policy-based-route] if-match acl 3001
[PE1-policy-based-route] apply access-vpn vpn-instance vpn1 vpn2
[PE1-policy-based-route] quit
# Apply policy policy1 to Ten-GigabitEthernet 3/0/4.
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] ip policy-based-route policy1
3. Configure PE 2:
# Configure an IGP on the MPLS backbone to enable public network connectivity between backbone PEs.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip address 2.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/5] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/5] quit
# Establish an MP-IBGP peer relationship with PE 1.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.9 as-number 100
[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Create VPN instance vpn2 for VPN 2 and configure an RD and route target for the VPN instance.
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 100:3
[PE2-vpn-instance-vpn2] vpn-target 100:2 both
[PE2-vpn-instance-vpn2] quit
# Associate VPN instance vpn2 with the interface connected to CE 2.
[PE2] interface ten-gigabitethernet 3/0/4
[PE2-Ten-GigabitEthernet3/0/4] ip binding vpn-instance vpn2
[PE2-Ten-GigabitEthernet3/0/4] ip address 3.1.1.2 255.255.255.0
[PE2-Ten-GigabitEthernet3/0/4] quit
# Establish an EBGP peer relationship with CE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn2
[PE2-bgp-default-vpn2] peer 3.1.1.1 as-number 65420
[PE2-bgp-default-vpn2] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn2] peer 3.1.1.1 enable
[PE2-bgp-default-ipv4-vpn2] quit
[PE2-bgp-default-vpn2] quit
[PE2-bgp-default] quit
4. Configure CE 2:
# Assign IP addresses to interfaces on CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 110.2.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
[CE2] interface ten-gigabitethernet 3/0/5
[CE2-Ten-GigabitEthernet3/0/5] ip address 3.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/5] quit
# Establish an EBGP peer relationship with PE 2 and redistribute VPN routes.
[CE2] bgp 65420
[CE2-bgp-default] peer 3.1.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 3.1.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
5. Configure the hosts:
Assign IP addresses to Host A, Host B, and Host C. Specify the default gateway address as 100.1.1.1 on Host A and Host B, and set the default gateway address to 110.2.1.1 on Host C. (Details not shown.)
Verifying the configuration
# On PE 1, display the routing tables of VPN instances vpn1 and vpn2. Verify the following information:
· PE 1 has learned the route to the remote site's subnet 110.2.1.0/24.
· The next hop for the route to the local site's subnet 100.1.1.0/24 is CE 1 (at 1.1.1.2) in VPN instance vpn1.
[PE1] display ip routing-table vpn-instance vpn2
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
3.1.1.0/24 BGP 255 0 3.3.3.9 XGE3/0/5
100.1.1.0/24 Static 60 0 1.1.1.2 XGE3/0/4
110.2.1.0/24 BGP 255 0 3.3.3.9 XGE3/0/5
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.0/24 Direct 0 0 1.1.1.1 XGE3/0/4
1.1.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/4
1.1.1.255/32 Direct 0 0 1.1.1.1 XGE3/0/4
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that Host A can ping Host C, and that Host B cannot ping Host C. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 import-extcommunity
vpn-target 100:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 2.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
policy-based-route policy1 permit node 10
if-match acl 3001
apply access-vpn vpn-instance vpn1
apply access-vpn vpn-instance vpn2
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/4
ip binding vpn-instance vpn1
ip address 1.1.1.1 255.255.255.0
ip policy-based-route policy1
#
interface Ten-GigabitEthernet3/0/5
ip address 2.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
#
ip vpn-instance vpn2
#
address-family ipv4 unicast
import-route static
#
ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 1.1.1.2
#
acl advanced 3001
rule 0 permit ip vpn-instance vpn1 source 100.1.1.2 0
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn2
route-distinguisher 100:3
vpn-target 100:2 import-extcommunity
vpn-target 100:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.1.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/4
ip binding vpn-instance vpn2
ip address 3.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 2.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn2
peer 3.1.1.1 as-number 65420
#
address-family ipv4 unicast
peer 3.1.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 100.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 1.1.1.2 255.255.255.0
#
ip route-static 0.0.0.0 0 1.1.1.1
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 110.2.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 3.1.1.1 255.255.255.0
#
bgp 65420
peer 3.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 3.1.1.2 enable
#
return
Example: Configuring HoVPN
Network configuration
As shown in Figure 14, there are two levels of networks: the backbone and the MPLS VPN networks.
· SPEs act as PEs to allow MPLS VPNs to access the backbone.
· UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs.
· Performance requirements for the UPEs are lower than those for the SPEs.
· SPEs advertise routes permitted by routing policies to UPEs, permitting CE 1 and CE 3 in VPN 1 to communicate with each other and forbidding CE 2 and CE 4 in VPN 2 from communicating with each other.
Table 26 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 27 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
CE 1 |
XGE3/0/1 |
10.2.1.1/24 |
CE 3 |
XGE3/0/1 |
10.1.1.1/24 |
|
CE 2 |
XGE3/0/1 |
10.4.1.1/24 |
CE 4 |
XGE3/0/1 |
10.3.1.1/24 |
|
UPE 1 |
Loop0 |
1.1.1.9/32 |
UPE 2 |
Loop0 |
4.4.4.9/32 |
|
|
XGE3/0/1 |
10.2.1.2/24 |
|
XGE3/0/1 |
172.2.1.1/24 |
|
|
XGE3/0/2 |
10.4.1.2/24 |
|
XGE3/0/2 |
10.1.1.2/24 |
|
|
XGE3/0/3 |
172.1.1.1/24 |
|
XGE3/0/3 |
10.3.1.2/24 |
|
SPE 1 |
Loop0 |
2.2.2.9/32 |
SPE 2 |
Loop0 |
3.3.3.9/32 |
|
|
XGE3/0/1 |
172.1.1.2/24 |
|
XGE3/0/1 |
180.1.1.2/24 |
|
|
XGE3/0/2 |
180.1.1.1/24 |
|
XGE3/0/2 |
172.2.1.2/24 |
Procedure
1. Configure UPE 1:
# Configure basic MPLS and MPLS LDP to establish LDP LSPs.
<Sysname> system-view
[Sysname] sysname UPE1
[UPE1] interface loopback 0
[UPE1-LoopBack0] ip address 1.1.1.9 32
[UPE1-LoopBack0] quit
[UPE1] mpls lsr-id 1.1.1.9
[UPE1] mpls ldp
[UPE1-ldp] quit
[UPE1] interface ten-gigabitethernet 3/0/3
[UPE1-Ten-GigabitEthernet3/0/3] ip address 172.1.1.1 24
[UPE1-Ten-GigabitEthernet3/0/3] mpls enable
[UPE1-Ten-GigabitEthernet3/0/3] mpls ldp enable
[UPE1-Ten-GigabitEthernet3/0/3] quit
# Configure the IGP protocol (OSPF, in this example).
[UPE1] ospf
[UPE1-ospf-1] area 0
[UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[UPE1-ospf-1-area-0.0.0.0] quit
[UPE1-ospf-1] quit
# Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1.
[UPE1] ip vpn-instance vpn1
[UPE1-vpn-instance-vpn1] route-distinguisher 100:1
[UPE1-vpn-instance-vpn1] vpn-target 100:1 both
[UPE1-vpn-instance-vpn1] quit
[UPE1] ip vpn-instance vpn2
[UPE1-vpn-instance-vpn2] route-distinguisher 100:2
[UPE1-vpn-instance-vpn2] vpn-target 100:2 both
[UPE1-vpn-instance-vpn2] quit
[UPE1] interface ten-gigabitethernet 3/0/1
[UPE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[UPE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[UPE1-Ten-GigabitEthernet3/0/1] quit
[UPE1] interface ten-gigabitethernet 3/0/2
[UPE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn2
[UPE1-Ten-GigabitEthernet3/0/2] ip address 10.4.1.2 24
[UPE1-Ten-GigabitEthernet3/0/2] quit
# Establish an MP-IBGP peer relationship with SPE 1.
[UPE1] bgp 100
[UPE1-bgp-default] peer 2.2.2.9 as-number 100
[UPE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[UPE1-bgp-default] address-family vpnv4
[UPE1-bgp-default-vpnv4] peer 2.2.2.9 enable
[UPE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 1.
[UPE1-bgp-default] ip vpn-instance vpn1
[UPE1-bgp-default-vpn1] peer 10.2.1.1 as-number 65410
[UPE1-bgp-default-vpn1] address-family ipv4 unicast
[UPE1-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[UPE1-bgp-default-ipv4-vpn1] quit
[UPE1-bgp-default-vpn1] quit
# Establish an EBGP peer relationship with CE 2.
[UPE1-bgp-default] ip vpn-instance vpn2
[UPE1-bgp-default-vpn2] peer 10.4.1.1 as-number 65420
[UPE1-bgp-default-vpn2] address-family ipv4 unicast
[UPE1-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable
[UPE1-bgp-default-ipv4-vpn2] quit
[UPE1-bgp-default-vpn2] quit
[UPE1-bgp-default] quit
2. Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 255.255.255.0
[CE1-Ten-GigabitEthernet3/0/1] quit
[CE1] bgp 65410
[CE1-bgp-default] peer 10.2.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.2.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
3. Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.4.1.1 255.255.255.0
[CE2-Ten-GigabitEthernet3/0/1] quit
[CE2] bgp 65420
[CE2-bgp-default] peer 10.4.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.4.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
4. Configure UPE 2:
# Configure basic MPLS and MPLS LDP to establish LDP LSPs.
<Sysname> system-view
[Sysname] sysname UPE2
[UPE2] interface loopback 0
[UPE2-LoopBack0] ip address 4.4.4.9 32
[UPE2-LoopBack0] quit
[UPE2] mpls lsr-id 4.4.4.9
[UPE2] mpls ldp
[UPE2-ldp] quit
[UPE2] interface ten-gigabitethernet 3/0/1
[UPE2-Ten-GigabitEthernet3/0/1] ip address 172.2.1.1 24
[UPE2-Ten-GigabitEthernet3/0/1] mpls enable
[UPE2-Ten-GigabitEthernet3/0/1] mpls ldp enable
[UPE2-Ten-GigabitEthernet3/0/1] quit
# Configure the IGP protocol (OSPF, in this example).
[UPE2] ospf
[UPE2-ospf-1] area 0
[UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[UPE2-ospf-1-area-0.0.0.0] quit
[UPE2-ospf-1] quit
# Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.
[UPE2] ip vpn-instance vpn1
[UPE2-vpn-instance-vpn1] route-distinguisher 300:1
[UPE2-vpn-instance-vpn1] vpn-target 100:1 both
[UPE2-vpn-instance-vpn1] quit
[UPE2] ip vpn-instance vpn2
[UPE2-vpn-instance-vpn2] route-distinguisher 400:2
[UPE2-vpn-instance-vpn2] vpn-target 100:2 both
[UPE2-vpn-instance-vpn2] quit
[UPE2] interface ten-gigabitethernet 3/0/2
[UPE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1
[UPE2-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 24
[UPE2-Ten-GigabitEthernet3/0/2] quit
[UPE2] interface ten-gigabitethernet 3/0/3
[UPE2-Ten-GigabitEthernet3/0/3] ip binding vpn-instance vpn2
[UPE2-Ten-GigabitEthernet3/0/3] ip address 10.3.1.2 24
[UPE2-Ten-GigabitEthernet3/0/3] quit
# Establish an MP-IBGP peer relationship with SPE 2.
[UPE2] bgp 100
[UPE2-bgp-default] peer 3.3.3.9 as-number 100
[UPE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[UPE2-bgp-default] address-family vpnv4
[UPE2-bgp-default-vpnv4] peer 3.3.3.9 enable
[UPE2-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 3.
[UPE2-bgp-default] ip vpn-instance vpn1
[UPE2-bgp-default-vpn1] peer 10.1.1.1 as-number 65430
[UPE2-bgp-default-vpn1] address-family ipv4 unicast
[UPE2-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[UPE2-bgp-default-ipv4-vpn1] quit
[UPE2-bgp-default-vpn1] quit
# Establish an EBGP peer relationship with CE 4.
[UPE2-bgp-default] ip vpn-instance vpn2
[UPE2-bgp-default-vpn2] peer 10.3.1.1 as-number 65440
[UPE2-bgp-default-vpn2] address-family ipv4 unicast
[UPE2-bgp-default-ipv4-vpn2] peer 10.3.1.1 enable
[UPE2-bgp-default-ipv4-vpn2] quit
[UPE2-bgp-default-vpn2] quit
[UPE2-bgp-default] quit
5. Configure CE 3.
<Sysname> system-view
[Sysname] sysname CE3
[CE3] interface ten-gigabitethernet 3/0/1
[CE3-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 255.255.255.0
[CE3-Ten-GigabitEthernet3/0/1] quit
[CE3] bgp 65430
[CE3-bgp-default] peer 10.1.1.2 as-number 100
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 10.1.1.2 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
6. Configure CE 4.
<Sysname> system-view
[Sysname] sysname CE4
[CE4] interface ten-gigabitethernet 3/0/1
[CE4-Ten-GigabitEthernet3/0/1] ip address 10.3.1.1 255.255.255.0
[CE4-Ten-GigabitEthernet3/0/1] quit
[CE4] bgp 65440
[CE4-bgp-default] peer 10.3.1.2 as-number 100
[CE4-bgp-default] address-family ipv4 unicast
[CE4-bgp-default-ipv4] peer 10.3.1.2 enable
[CE4-bgp-default-ipv4] import-route direct
[CE4-bgp-default-ipv4] quit
[CE4-bgp-default] quit
7. Configure SPE 1:
# Configure basic MPLS and MPLS LDP to establish LDP LSPs.
<Sysname> system-view
[Sysname] sysname SPE1
[SPE1] interface loopback 0
[SPE1-LoopBack0] ip address 2.2.2.9 32
[SPE1-LoopBack0] quit
[SPE1] mpls lsr-id 2.2.2.9
[SPE1] mpls ldp
[SPE1-ldp] quit
[SPE1] interface ten-gigabitethernet 3/0/1
[SPE1-Ten-GigabitEthernet3/0/1] ip address 172.1.1.2 24
[SPE1-Ten-GigabitEthernet3/0/1] mpls enable
[SPE1-Ten-GigabitEthernet3/0/1] mpls ldp enable
[SPE1-Ten-GigabitEthernet3/0/1] quit
[SPE1] interface ten-gigabitethernet 3/0/2
[SPE1-Ten-GigabitEthernet3/0/2] ip address 180.1.1.1 24
[SPE1-Ten-GigabitEthernet3/0/2] mpls enable
[SPE1-Ten-GigabitEthernet3/0/2] mpls ldp enable
[SPE1-Ten-GigabitEthernet3/0/2] quit
# Configure the IGP protocol, OSPF, in this example.
[SPE1] ospf
[SPE1-ospf-1] area 0
[SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] quit
[SPE1-ospf-1] quit
# Configure VPN instances vpn1 and vpn2.
[SPE1] ip vpn-instance vpn1
[SPE1-vpn-instance-vpn1] route-distinguisher 500:1
[SPE1-vpn-instance-vpn1] vpn-target 100:1 both
[SPE1-vpn-instance-vpn1] quit
[SPE1] ip vpn-instance vpn2
[SPE1-vpn-instance-vpn2] route-distinguisher 700:1
[SPE1-vpn-instance-vpn2] vpn-target 100:2 both
[SPE1-vpn-instance-vpn2] quit
# Establish MP-IBGP peer relationships with SPE 2 and UPE 1, and specify UPE 1 as a UPE.
[SPE1] bgp 100
[SPE1-bgp-default] peer 1.1.1.9 as-number 100
[SPE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[SPE1-bgp-default] peer 3.3.3.9 as-number 100
[SPE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[SPE1-bgp-default] address-family vpnv4
[SPE1-bgp-default-vpnv4] peer 3.3.3.9 enable
[SPE1-bgp-default-vpnv4] peer 1.1.1.9 enable
[SPE1-bgp-default-vpnv4] peer 1.1.1.9 upe
[SPE1-bgp-default-vpnv4] peer 1.1.1.9 next-hop-local
[SPE1-bgp-default-vpnv4] quit
# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.
[SPE1-bgp-default] ip vpn-instance vpn1
[SPE1-bgp-default-vpn1] quit
[SPE1-bgp-default] ip vpn-instance vpn2
[SPE1-bgp-default-vpn2] quit
[SPE1-bgp-default] quit
# Advertise to UPE 1 the routes permitted by a routing policy (the routes of CE 3).
[SPE1] ip prefix-list hope index 10 permit 10.1.1.1 24
[SPE1] route-policy hope permit node 0
[SPE1-route-policy-hope-0] if-match ip address prefix-list hope
[SPE1-route-policy-hope-0] quit
[SPE1] bgp 100
[SPE1-bgp-default] address-family vpnv4
[SPE1-bgp-default-vpnv4] peer 1.1.1.9 upe route-policy hope export
8. Configure SPE 2:
# Configure basic MPLS and MPLS LDP to establish LDP LSPs.
<Sysname> system-view
[Sysname] sysname SPE2
[SPE2] interface loopback 0
[SPE2-LoopBack0] ip address 3.3.3.9 32
[SPE2-LoopBack0] quit
[SPE2] mpls lsr-id 3.3.3.9
[SPE2] mpls ldp
[SPE2-ldp] quit
[SPE2] interface ten-gigabitethernet 3/0/1
[SPE2-Ten-GigabitEthernet3/0/1] ip address 180.1.1.2 24
[SPE2-Ten-GigabitEthernet3/0/1] mpls enable
[SPE2-Ten-GigabitEthernet3/0/1] mpls ldp enable
[SPE2-Ten-GigabitEthernet3/0/1] quit
[SPE2] interface ten-gigabitethernet 3/0/2
[SPE2-Ten-GigabitEthernet3/0/2] ip address 172.2.1.2 24
[SPE2-Ten-GigabitEthernet3/0/2] mpls enable
[SPE2-Ten-GigabitEthernet3/0/2] mpls ldp enable
[SPE2-Ten-GigabitEthernet3/0/2] quit
# Configure the IGP protocol, OSPF, in this example.
[SPE2] ospf
[SPE2-ospf-1] area 0
[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0] quit
[SPE2-ospf-1] quit
# Configure VPN instances vpn1 and vpn2.
[SPE2] ip vpn-instance vpn1
[SPE2-vpn-instance-vpn1] route-distinguisher 600:1
[SPE2-vpn-instance-vpn1] vpn-target 100:1 both
[SPE2-vpn-instance-vpn1] quit
[SPE2] ip vpn-instance vpn2
[SPE2-vpn-instance-vpn2] route-distinguisher 800:1
[SPE2-vpn-instance-vpn2] vpn-target 100:2 both
[SPE2-vpn-instance-vpn2] quit
# Establish MP-IBGP peer relationships with SPE 1 and UPE 2, and specify UPE 2 as a UPE.
[SPE2] bgp 100
[SPE2-bgp-default] peer 4.4.4.9 as-number 100
[SPE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[SPE2-bgp-default] peer 2.2.2.9 as-number 100
[SPE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[SPE2-bgp-default] address-family vpnv4
[SPE2-bgp-default-vpnv4] peer 2.2.2.9 enable
[SPE2-bgp-default-vpnv4] peer 4.4.4.9 enable
[SPE2-bgp-default-vpnv4] peer 4.4.4.9 upe
[SPE2-bgp-default-vpnv4] peer 4.4.4.9 next-hop-local
[SPE2-bgp-default-vpnv4] quit
# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.
[SPE2-bgp-default] ip vpn-instance vpn1
[SPE2-bgp-default-vpn1] quit
[SPE2-bgp-default] ip vpn-instance vpn2
[SPE2-bgp-default-vpn2] quit
[SPE2-bgp-default] quit
# Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1).
[SPE2] ip prefix-list hope index 10 permit 10.2.1.1 24
[SPE2] route-policy hope permit node 0
[SPE2-route-policy-hope-0] if-match ip address prefix-list hope
[SPE2-route-policy-hope-0] quit
[SPE2] bgp 100
[SPE2-bgp-default] address-family vpnv4
[SPE2-bgp-default-vpnv4] peer 4.4.4.9 upe route-policy hope export
Verifying the configuration
# Verify that CE 1 and CE3 can learn each other's interface routes and can ping each other. CE 2 and CE 4 cannot learn each other's interface routes and cannot ping each other. (Details not shown.)
Configuration files
· SPE 1:
#
sysname SPE1
#
ip vpn-instance vpn1
route-distinguisher 500:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 700:1
vpn-target 100:2 import-extcommunity
vpn-target 100:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
network 180.1.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 172.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip address 180.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
peer 1.1.1.9 next-hop-local
peer 1.1.1.9 upe
peer 1.1.1.9 upe route-policy hope export
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
route-policy hope permit node 0
if-match ip address prefix-list hope
#
ip prefix-list hope index 10 permit 10.1.1.0 24
#
return
· SPE 2:
#
sysname SPE2
#
ip vpn-instance vpn1
route-distinguisher 600:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 800:1
vpn-target 100:2 import-extcommunity
vpn-target 100:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 172.2.1.0 0.0.0.255
network 180.1.1.0 0.0.0.255
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 180.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip address 172.2.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 4.4.4.9 as-number 100
peer 4.4.4.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
peer 4.4.4.9 enable
peer 4.4.4.9 next-hop-local
peer 4.4.4.9 upe
peer 4.4.4.9 upe route-policy hope export
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
route-policy hope permit node 0
if-match ip address prefix-list hope
#
ip prefix-list hope index 10 permit 10.2.1.0 24
#
return
· UPE 1:
#
sysname UPE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 import-extcommunity
vpn-target 100:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn2
ip address 10.4.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/3
ip address 172.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
peer 10.2.1.1 as-number 65410
#
address-family ipv4 unicast
peer 10.2.1.1 enable
#
ip vpn-instance vpn2
peer 10.4.1.1 as-number 65420
#
address-family ipv4 unicast
peer 10.4.1.1 enable
#
return
· UPE 2:
#
sysname UPE2
#
ip vpn-instance vpn1
route-distinguisher 300:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 400:2
vpn-target 100:2 import-extcommunity
vpn-target 100:2 export-extcommunity
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 172.2.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/3
ip binding vpn-instance vpn2
ip address 10.3.1.2 255.255.255.0
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65430
#
address-family ipv4 unicast
peer 10.1.1.1 enable
#
ip vpn-instance vpn2
peer 10.3.1.1 as-number 65440
#
address-family ipv4 unicast
peer 10.3.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 65410
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 10.4.1.1 255.255.255.0
#
bgp 65420
peer 10.4.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.4.1.2 enable
#
return
· CE 3:
#
sysname CE3
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
bgp 65430
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
return
· CE 4:
#
sysname CE4
#
interface Ten-GigabitEthernet3/0/1
ip address 10.3.1.1 255.255.255.0
#
bgp 65440
peer 10.3.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.3.1.2 enable
#
return
Example: Configuring an OSPF sham link
Network configuration
As shown in Figure 15, CE 1 and CE 2 belong to VPN 1. Configure an OSPF sham link between PE 1 and PE 2 so traffic between the CEs is forwarded through the MPLS backbone instead of the backdoor link.
Table 28 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface4 |
Ten-GigabitEthernet3/0/4 |
|
Interface5 |
Ten-GigabitEthernet3/0/5 |
Table 29 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
CE 1 |
XGE3/0/1 |
100.1.1.1/24 |
CE 2 |
XGE3/0/1 |
120.1.1.1/24 |
|
|
XGE3/0/4 |
20.1.1.1/24 |
|
XGE3/0/4 |
30.1.1.2/24 |
|
PE 1 |
Loop0 |
1.1.1.9/32 |
PE 2 |
Loop0 |
2.2.2.9/32 |
|
|
Loop1 |
3.3.3.3/32 |
|
Loop1 |
5.5.5.5/32 |
|
|
XGE3/0/1 |
100.1.1.2/24 |
|
XGE3/0/1 |
120.1.1.2/24 |
|
|
XGE3/0/4 |
10.1.1.1/24 |
|
XGE3/0/5 |
10.1.1.2/24 |
|
Router A |
XGE3/0/5 |
30.1.1.1/24 |
|
|
|
|
|
XGE3/0/4 |
20.1.1.2/24 |
|
|
|
Procedure
1. Configure OSPF on the customer networks:
# Configure OSPF on CE 1 and set the cost of the link between CE 1 and Router A to 2.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
[CE1] interface ten-gigabitethernet 3/0/4
[CE1-Ten-GigabitEthernet3/0/4] ip address 20.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/4] ospf cost 2
[CE1-Ten-GigabitEthernet3/0/4] quit
[CE1] ospf 1
[CE1-ospf-1] area 1
[CE1-ospf-1-area-0.0.0.1] network 100.1.1.0 0.0.0.255
[CE1-ospf-1-area-0.0.0.1] network 20.1.1.0 0.0.0.255
[CE1-ospf-1-area-0.0.0.1] quit
[CE1-ospf-1] quit
# Configure OSPF on CE 2 and set the cost of the link between CE 2 and Router A to 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 120.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
[CE2] interface ten-gigabitethernet 3/0/4
[CE2-Ten-GigabitEthernet3/0/4] ip address 30.1.1.2 24
[CE2-Ten-GigabitEthernet3/0/4] ospf cost 2
[CE2-Ten-GigabitEthernet3/0/4] quit
[CE2] ospf 1
[CE2-ospf-1] area 1
[CE2-ospf-1-area-0.0.0.1] network 120.1.1.0 0.0.0.255
[CE2-ospf-1-area-0.0.0.1] network 30.1.1.0 0.0.0.255
[CE2-ospf-1-area-0.0.0.1] quit
[CE2-ospf-1] quit
# Configure OSPF on Router A.
<Sysname> system-view
[Sysname] sysname RouterA
[RouterA] interface ten-gigabitethernet 3/0/4
[RouterA-Ten-GigabitEthernet3/0/4] ip address 20.1.1.2 24
[RouterA-Ten-GigabitEthernet3/0/4] quit
[RouterA] interface ten-gigabitethernet 3/0/5
[RouterA-Ten-GigabitEthernet3/0/5] ip address 30.1.1.1 24
[RouterA-Ten-GigabitEthernet3/0/5] quit
[RouterA] ospf 1
[RouterA-ospf-1] area 1
[RouterA-ospf-1-area-0.0.0.1] network 20.1.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.1] network 30.1.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.1] quit
[RouterA-ospf-1] quit
# Execute the display ip routing-table command to verify that CE 1 and CE 2 have learned the route to each other. (Details not shown.)
2. Configure MPLS L3VPN on the backbone:
# Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/4
[PE1-Ten-GigabitEthernet3/0/4] ip address 10.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/4] mpls enable
[PE1-Ten-GigabitEthernet3/0/4] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/4] quit
# Configure PE 1 to take PE 2 as an MP-IBGP peer.
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.9 as-number 100
[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure OSPF on PE 1.
[PE1]ospf 1
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure basic MPLS and MPLS LDP on PE 2 to establish LDP LSPs.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.9 32
[PE2-LoopBack0] quit
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/5
[PE2-Ten-GigabitEthernet3/0/5] ip address 10.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/5] mpls enable
[PE2-Ten-GigabitEthernet3/0/5] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/5] quit
# Configure PE 2 to take PE 1 as an MP-IBGP peer.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.9 as-number 100
[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Configure OSPF on PE 2.
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
3. Configure PEs to allow CE access:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 1:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 100.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
[PE1] ospf 100 vpn-instance vpn1
[PE1-ospf-100] domain-id 10
[PE1-ospf-100] area 1
[PE1-ospf-100-area-0.0.0.1] network 100.1.1.0 0.0.0.255
[PE1-ospf-100-area-0.0.0.1] quit
[PE1-ospf-100] quit
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] import-route ospf 100
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 1:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 120.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/1] quit
[PE2] ospf 100 vpn-instance vpn1
[PE2-ospf-100] domain-id 10
[PE2-ospf-100] area 1
[PE2-ospf-100-area-0.0.0.1] network 120.1.1.0 0.0.0.255
[PE2-ospf-100-area-0.0.0.1] quit
[PE2-ospf-100] quit
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] import-route ospf 100
[PE2-bgp-default-ipv4-vpn1] import-route direct
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Execute the display ip routing-table vpn-instance command on the PEs. Verify that the path to the peer CE is along the OSPF route across the customer networks, instead of the BGP route across the backbone. (Details not shown.)
4. Configure a sham link:
# Configure PE 1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip binding vpn-instance vpn1
[PE1-LoopBack1] ip address 3.3.3.3 32
[PE1-LoopBack1] quit
[PE1] ospf 100
[PE1-ospf-100] area 1
[PE1-ospf-100-area-0.0.0.1] sham-link 3.3.3.3 5.5.5.5
[PE1-ospf-100-area-0.0.0.1] quit
[PE1-ospf-100] quit
# Configure PE 2.
[PE2] interface loopback 1
[PE2-LoopBack1] ip binding vpn-instance vpn1
[PE2-LoopBack1] ip address 5.5.5.5 32
[PE2-LoopBack1] quit
[PE2] ospf 100
[PE2-ospf-100] area 1
[PE2-ospf-100-area-0.0.0.1] sham-link 5.5.5.5 3.3.3.3
[PE2-ospf-100-area-0.0.0.1] quit
[PE2-ospf-100] quit
Verifying the configuration
# Execute the display ip routing-table vpn-instance command on the PEs to verify the following results:
· The path to the peer CE is now along the BGP route across the backbone.
· A route to the sham link destination address exists.
The following is the sample output from the command on PE 1:
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
3.3.3.3/32 Direct 0 0 127.0.0.1 Loop1
5.5.5.5/32 BGP 255 0 2.2.2.9 XGE3/0/4
20.1.1.0/24 O_INTRA 10 3 100.1.1.1 XGE3/0/1
30.1.1.0/24 O_INTRA 10 4 100.1.1.1 XGE3/0/1
100.1.1.0/24 Direct 0 0 100.1.1.2 XGE3/0/1
100.1.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/1
100.1.1.255/32 Direct 0 0 100.1.1.2 XGE3/0/1
120.1.1.0/24 BGP 255 0 2.2.2.9 XGE3/0/4
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Execute the display ip routing-table command on the CEs. Verify that the next hop of the OSPF route to the peer CE is the interface connected to the PE. The VPN traffic to the peer CE will be forwarded over the backbone.
The following is the sample output from the command on CE 1:
[CE1] display ip routing-table
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost NextHop Interface
20.1.1.0/24 Direct 0 0 20.1.1.1 XGE3/0/4
20.1.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/4
20.1.1.255/32 Direct 0 0 20.1.1.1 XGE3/0/4
30.1.1.0/24 O_INTRA 10 3 20.1.1.2 XGE3/0/4
100.1.1.0/24 Direct 0 0 100.1.1.1 XGE3/0/1
100.1.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/1
100.1.1.255/32 Direct 0 0 100.1.1.1 XGE3/0/1
120.1.1.0/24 O_INTRA 10 3 100.1.1.2 XGE3/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that a sham link has been established on PEs, for example, on PE 1.
[PE1] display ospf sham-link
OSPF Process 100 with Router ID 100.1.1.2
Sham link
Area Neighbor ID Source IP Destination IP State Cost
0.0.0.1 120.1.1.2 3.3.3.3 5.5.5.5 P-2-P 1
# Verify that the peer state is Full on PE 1.
[PE1] display ospf sham-link area 1
OSPF Process 100 with Router ID 100.1.1.2
Sham link: 3.3.3.3 --> 5.5.5.5
Neighbor ID: 120.1.1.2 State: Full
Area: 0.0.0.1
Cost: 1 State: P-2-P Type: Sham
Timers: Hello 10, Dead 40, Retransmit 5, Transmit Delay 1
Request list: 0 Retransmit list: 0
# Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpn1
domain-id 0.0.0.10
area 0.0.0.1
network 100.1.1.0 0.0.0.255
sham-link 3.3.3.3 5.5.5.5
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 3.3.3.3 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 100.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 10.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
#
ip vpn-instance vpn1
#
address-family ipv4 unicast
import-route direct
import-route ospf 100
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 100:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpn1
domain-id 0.0.0.10
area 0.0.0.1
network 120.1.1.0 0.0.0.255
sham-link 5.5.5.5 3.3.3.3
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 5.5.5.5 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 120.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 10.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
#
address-family ipv4 unicast
import-route direct
import-route ospf 100
#
return
· CE 1:
#
sysname CE1
#
ospf 1
area 0.0.0.1
network 20.1.1.0 0.0.0.255
network 100.1.1.0 0.0.0.255
#
interface Ten-GigabitEthernet3/0/1
ip address 100.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 20.1.1.1 255.255.255.0
ospf cost 2
#
return
· CE 2:
#
sysname CE2
#
ospf 1
area 0.0.0.1
network 30.1.1.0 0.0.0.255
network 120.1.1.0 0.0.0.255
#
interface Ten-GigabitEthernet3/0/1
ip address 120.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/4
ip address 30.1.1.2 255.255.255.0
ospf cost 2
#
return
· Router A:
#
sysname RouterA
#
ospf 1
area 0.0.0.1
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
interface Ten-GigabitEthernet3/0/4
ip address 20.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/5
ip address 30.1.1.1 255.255.255.0
#
return
Example: Configuring BGP AS number substitution
Network configuration
As shown in Figure 16, CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2, respectively. The two CEs have the same AS number, 600.
Configure BGP AS number substitution on the PEs to enable the CEs to communicate with each other.
Table 30 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface2 |
Ten-GigabitEthernet3/0/2 |
Table 31 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
CE 1 |
XGE3/0/1 |
10.1.1.1/24 |
P |
Loop0 |
2.2.2.9/32 |
|
|
XGE3/0/2 |
100.1.1.1/24 |
|
XGE3/0/1 |
20.1.1.2/24 |
|
PE 1 |
Loop0 |
1.1.1.9/32 |
|
XGE3/0/2 |
30.1.1.1/24 |
|
|
XGE3/0/1 |
10.1.1.2/24 |
PE 2 |
Loop0 |
3.3.3.9/32 |
|
|
XGE3/0/2 |
20.1.1.1/24 |
|
XGE3/0/1 |
10.2.1.2/24 |
|
CE 2 |
XGE3/0/1 |
10.2.1.1/24 |
|
XGE3/0/2 |
30.1.1.2/24 |
|
|
XGE3/0/2 |
200.1.1.1/24 |
|
|
|
Procedure
1. Configure OSPF on the MPLS backbone to establish connectivity between the PEs and the P device:
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] ip address 20.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/2] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure the P device.
<Sysname> system-view
[Sysname] sysname P
[P] interface loopback 0
[P-LoopBack0] ip address 2.2.2.9 32
[P-LoopBack0] quit
[P] interface ten-gigabitethernet 3/0/1
[P-Ten-GigabitEthernet3/0/1] ip address 20.1.1.2 24
[P-Ten-GigabitEthernet3/0/1] quit
[P] interface ten-gigabitethernet 3/0/2
[P-Ten-GigabitEthernet3/0/2] ip address 30.1.1.1 24
[P-Ten-GigabitEthernet3/0/2] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/2
[PE2-Ten-GigabitEthernet3/0/2] ip address 30.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/2] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Verify that OSPF neighbor relationships can be established between PE 1, the P device, and PE 2:
¡ Execute the display ospf peer command on each device to verify that their OSPF neighbors have reached the FULL state.
¡ Execute the display ip routing-table command to verify that the PEs can learn the routes to the Loopback interfaces on the remote PEs.
2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] mpls enable
[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/2] quit
# Configure the P device.
[P] mpls lsr-id 2.2.2.9
[P] mpls ldp
[P-ldp] quit
[P] interface ten-gigabitethernet 3/0/1
[P-Ten-GigabitEthernet3/0/1] mpls enable
[P-Ten-GigabitEthernet3/0/1] mpls ldp enable
[P-Ten-GigabitEthernet3/0/1] quit
[P] interface ten-gigabitethernet 3/0/2
[P-Ten-GigabitEthernet3/0/2] mpls enable
[P-Ten-GigabitEthernet3/0/2] mpls ldp enable
[P-Ten-GigabitEthernet3/0/2] quit
# Configure PE 2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/2
[PE2-Ten-GigabitEthernet3/0/2] mpls enable
[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/2] quit
# Verify that LDP sessions can be established between PE 1, the P device, and PE 2:
¡ Execute the display mpls ldp peer command on each device to verify that their LDP sessions are in operational state.
¡ Execute the display mpls ldp lsp command to verify establishment of LDP LSPs.
3. Configure VPN instances on PEs to provide network access for CEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[PE2-Ten-GigabitEthernet3/0/1] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
[CE1] interface ten-gigabitethernet 3/0/2
[CE1-Ten-GigabitEthernet3/0/2] ip address 100.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/2] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
[CE2] interface ten-gigabitethernet 3/0/2
[CE2-Ten-GigabitEthernet3/0/2] ip address 200.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/2] quit
# Execute the display ip vpn-instance command on the PEs to verify the VPN instance configuration. Make sure the PEs can ping the CEs attached to them.
4. Establish EBGP peer relationships between each PE and the CE attached to them, and redistribute VPN IPv4 routes:
# Configure CE 1.
[CE1] bgp 600
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure CE 2.
[CE2] bgp 600
[CE2-bgp-default] peer 10.2.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 600
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.2.1.1 as-number 600
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that they have established BGP peer relationships with their CEs and the peer relationships are in Established state.
5. Establish MP-IBGP peer relationships between PEs:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.9 as-number 100
[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Execute the display ip routing-table command on CE 2. The output shows that CE 2 has not learned the route to CE 1.
<CE2> display ip routing-table
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
10.2.1.0/24 Direct 0 0 10.2.1.1 XGE3/0/1
10.2.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.1 XGE3/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
200.1.1.0/24 Direct 0 0 200.1.1.1 XGE3/0/2
200.1.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/2
200.1.1.255/32 Direct 0 0 200.1.1.1 XGE3/0/2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Execute the display ip routing-table command on CE 1 to verify that CE 1 has not learned the route to CE 2. (Details not shown.)
# Execute the display ip routing-table vpn-instance command on the PEs. The output shows the route to the VPN behind the peer CE. The following is the sample command output on PE 2:
<PE2> display ip routing-table vpn-instance vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 BGP 255 0 1.1.1.9 XGE3/0/2
10.2.1.0/24 Direct 0 0 10.2.1.2 XGE3/0/1
10.2.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.2 XGE3/0/1
100.1.1.0/24 BGP 255 0 1.1.1.9 XGE3/0/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
200.1.1.0/24 BGP 255 0 10.2.1.1 XGE3/0/1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Enable BGP update packet debugging on CE 2.
<CE2> terminal monitor
<CE2> terminal logging level 7
<CE2> debugging bgp update 10.2.1.2 ipv4
# Soft-reset all BGP sessions on PE 2.
<PE2> refresh bgp all export ipv4 vpn-instance vpn1
# View the debugging messages on CE 2. The messages show that CE 2 received the route towards CE 1 from PE 2, with an AS path list of 100 600. Because AS number 600 in the AS path list is the local AS number of CE 2, CE 2 determined that a loop exited and ignored the route.
<CE2> *Apr 16 17:47:40:719 2025 CE2 BGP/7/DEBUG:
BGP.: Recv UPDATE from peer 10.2.1.2 with following destinations:
Update message length : 55
Origin : Incomplete
AS path : 100 600
Next hop : 10.2.1.2
*Apr 16 17:47:40:719 2025 CE2 BGP/7/DEBUG:
BGP.: Error identified while receiving UPDATE message from the peer 10.2.1.2 and ignored
Reason: Looping in ASPATH value.
10.1.1.0/24 PathID 0 ,100.1.1.0/24 PathID 0 ,
6. Configure BGP AS number substitution:
# Configure BGP AS number substitution on PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 substitute-as
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure BGP AS number substitution on PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.2.1.1 substitute-as
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
Verifying the configuration
# On CE 2, verify that among the routes advertised by PE 2 to CE 2, the AS path lists in the routes for 10.1.1.0/24 and 100.1.1.0/24 have changed from 100 600 to 100 100.
<CE2> *Apr 16 17:54:52:711 2025 CE2 BGP/7/DEBUG:
BGP.: Recv UPDATE from peer 10.2.1.2 with following destinations:
Update message length : 55
Origin : Incomplete
AS path : 100 100
Next hop : 10.2.1.2
*Apr 16 17:54:52:711 2025 CE2 BGP/7/DEBUG:
10.1.1.0/24 PathID 0 ,100.1.1.0/24 PathID 0 ,
# Verify that CEs have learned routes to each other. Take CE 2 for example:
<CE2> display ip routing-table
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1
10.2.1.0/24 Direct 0 0 10.2.1.1 XGE3/0/1
10.2.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.1 XGE3/0/1
100.1.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
200.1.1.0/24 Direct 0 0 200.1.1.1 XGE3/0/2
200.1.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/2
200.1.1.255/32 Direct 0 0 200.1.1.1 XGE3/0/2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Verify that CE 1 and CE 2 can ping the interface addresses of each other. (Details not shown.)
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 20.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 20.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.9 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 600
peer 10.1.1.1 substitute-as
#
address-family ipv4 unicast
peer 10.1.1.1 enable
#
return
· P:
#
sysname P
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 20.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip address 30.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 30.1.1.0 0.0.0.255
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 30.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
peer 10.2.1.1 as-number 600
peer 10.2.1.1 substitute-as
#
address-family ipv4 unicast
peer 10.2.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 100.1.1.1 255.255.255.0
#
bgp 600
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 200.1.1.1 255.255.255.0
#
bgp 600
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
Example: Configuring BGP AS number substitution and SoO attribute
Network configuration
CE 1, CE 2, and CE 3 belong to VPN 1, and are connected to PE1, PE 2, and PE 3, respectively.
CE 1 and CE 2 reside in the same site. CE1, CE2, and CE 3 all use AS number 600.
· To avoid route loss, configure BGP AS number substitution on PEs.
· To avoid routing loops, configure the same SoO attribute on PE 1 and PE 2 for CE 1 and CE 2.
Figure 17 Network diagram
Table 32 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface2 |
Ten-GigabitEthernet3/0/2 |
|
Interface3 |
Ten-GigabitEthernet3/0/3 |
Table 33 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
Loop0 |
100.1.1.1/32 |
CE 3 |
Loop0 |
200.1.1.1 /32 |
|
|
XGE3/0/1 |
10.1.1.1/24 |
|
XGE3/0/1 |
10.3.1.1/24 |
|
CE 2 |
XGE3/0/1 |
10.2.1.1/24 |
PE 2 |
Loop0 |
2.2.2.9/32 |
|
PE 1 |
Loop0 |
1.1.1.9/32 |
|
XGE3/0/1 |
10.2.1.2/24 |
|
|
XGE3/0/1 |
10.1.1.2/24 |
|
XGE3/0/2 |
40.1.1.1/24 |
|
|
XGE3/0/2 |
20.1.1.1/24 |
|
XGE3/0/3 |
20.1.1.2/24 |
|
|
XGE3/0/3 |
30.1.1.1/24 |
P |
Loop0 |
3.3.3.9/32 |
|
PE 3 |
Loop0 |
4.4.4.9/32 |
|
XGE3/0/1 |
30.1.1.2/24 |
|
|
XGE3/0/1 |
10.3.1.2/24 |
|
XGE3/0/2 |
40.1.1.2/24 |
|
|
XGE3/0/2 |
50.1.1.2/24 |
|
XGE3/0/3 |
50.1.1.1/24 |
Procedure
1. Configure an IGP (OSPF in this example) on the MPLS backbone to establish connectivity between the PEs and the P device:
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] ip address 20.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/2] quit
[PE1] interface ten-gigabitethernet 3/0/3
[PE1-Ten-GigabitEthernet3/0/3] ip address 30.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/3] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.9 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/2
[PE2-Ten-GigabitEthernet3/0/2] ip address 40.1.1.1 24
[PE2-Ten-GigabitEthernet3/0/2] quit
[PE2] interface ten-gigabitethernet 3/0/3
[PE2-Ten-GigabitEthernet3/0/3] ip address 20.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/3] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure the P device.
<Sysname> system-view
[Sysname] sysname P
[P] interface loopback 0
[P-LoopBack0] ip address 3.3.3.9 32
[P-LoopBack0] quit
[P] interface ten-gigabitethernet 3/0/1
[P-Ten-GigabitEthernet3/0/1] ip address 30.1.1.2 24
[P-Ten-GigabitEthernet3/0/1] quit
[P] interface ten-gigabitethernet 3/0/2
[P-Ten-GigabitEthernet3/0/2] ip address 40.1.1.2 24
[P-Ten-GigabitEthernet3/0/2] quit
[P] interface ten-gigabitethernet 3/0/3
[P-Ten-GigabitEthernet3/0/3] ip address 50.1.1.1 24
[P-Ten-GigabitEthernet3/0/3] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE 3.
<Sysname> system-view
[Sysname] sysname PE3
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 4.4.4.9 32
[PE3-LoopBack0] quit
[PE3] interface ten-gigabitethernet 3/0/2
[PE3-Ten-GigabitEthernet3/0/2] ip address 50.1.1.2 24
[PE3-Ten-GigabitEthernet3/0/2] quit
[PE3] ospf
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
# Verify that OSPF neighbor relationships can be established between PE 1, PE 2, the P device, and PE 3:
¡ Execute the display ospf peer command on each device to verify that their OSPF neighbors have reached the FULL state.
¡ Execute the display ip routing-table command to verify that the PEs can learn the routes to the loopback interfaces on the remote PEs.
2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] mpls enable
[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/2] quit
[PE1] interface ten-gigabitethernet 3/0/3
[PE1-Ten-GigabitEthernet3/0/3] mpls enable
[PE1-Ten-GigabitEthernet3/0/3] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/3] quit
# Configure PE 2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/2
[PE2-Ten-GigabitEthernet3/0/2] mpls enable
[PE2-Ten-GigabitEthernet3/0/2] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/2] quit
[PE2] interface ten-gigabitethernet 3/0/3
[PE2-Ten-GigabitEthernet3/0/3] mpls enable
[PE2-Ten-GigabitEthernet3/0/3] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/3] quit
# Configure the P device.
[P] mpls lsr-id 3.3.3.9
[P] mpls ldp
[P-ldp] quit
[P] interface ten-gigabitethernet 3/0/1
[P-Ten-GigabitEthernet3/0/1] mpls enable
[P-Ten-GigabitEthernet3/0/1] mpls ldp enable
[P-Ten-GigabitEthernet3/0/1] quit
[P] interface ten-gigabitethernet 3/0/2
[P-Ten-GigabitEthernet3/0/2] mpls enable
[P-Ten-GigabitEthernet3/0/2] mpls ldp enable
[P-Ten-GigabitEthernet3/0/2] quit
[P] interface ten-gigabitethernet 3/0/3
[P-Ten-GigabitEthernet3/0/3] mpls enable
[P-Ten-GigabitEthernet3/0/3] mpls ldp enable
[P-Ten-GigabitEthernet3/0/3] quit
# Configure PE 3.
[PE3] mpls lsr-id 4.4.4.9
[PE3] mpls ldp
[PE3-ldp] quit
[PE3] interface ten-gigabitethernet 3/0/2
[PE3-Ten-GigabitEthernet3/0/2] mpls enable
[PE3-Ten-GigabitEthernet3/0/2] mpls ldp enable
[PE3-Ten-GigabitEthernet3/0/2] quit
# Verify that LDP sessions can be established between PE 1, PE 2, the P device, and PE 3:
¡ Execute the display mpls ldp peer command on each device to verify that their LDP sessions are in operational state.
¡ Execute the display mpls ldp lsp command to verify establishment of LDP LSPs.
3. Configure VPN instances on PEs to provide network access for CEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[PE2-Ten-GigabitEthernet3/0/1] quit
# Configure PE 3.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 300:1
[PE3-vpn-instance-vpn1] vpn-target 111:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface ten-gigabitethernet 3/0/1
[PE3-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet3/0/1] ip address 10.3.1.2 24
[PE3-Ten-GigabitEthernet3/0/1] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 100.1.1.1 32
[CE1-LoopBack0] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
# Configure CE 3.
<Sysname> system-view
[Sysname] sysname CE3
[CE3] interface ten-gigabitethernet 3/0/1
[CE3-Ten-GigabitEthernet3/0/1] ip address 10.3.1.1 24
[CE3-Ten-GigabitEthernet3/0/1] quit
[CE3] interface loopback 0
[CE3-LoopBack0] ip address 200.1.1.1 32
[CE3-LoopBack0] quit
# Execute the display ip vpn-instance command on the PEs to verify the VPN instance configuration. Make sure the PEs can ping the CEs attached to them.
4. Establish EBGP peer relationships between each PE and the CE attached to them, and redistribute VPN IPv4 routes:
# Configure CE 1.
[CE1] bgp 600
[CE1-bgp-default] peer 10.1.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure CE 2.
[CE2] bgp 600
[CE2-bgp-default] peer 10.2.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.2.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# Configure CE 3.
[CE3] bgp 600
[CE3-bgp-default] peer 10.3.1.2 as-number 100
[CE3-bgp-default] address-family ipv4 unicast
[CE3-bgp-default-ipv4] peer 10.3.1.2 enable
[CE3-bgp-default-ipv4] import-route direct
[CE3-bgp-default-ipv4] quit
[CE3-bgp-default] quit
5. Configure BGP AS number substitution:
# Configure BGP AS number substitution on PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 600
[PE1-bgp-default-vpn1] peer 10.1.1.1 substitute-as
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure BGP AS number substitution on PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.2.1.1 as-number 600
[PE2-bgp-default-vpn1] peer 10.2.1.1 substitute-as
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Configure BGP AS number substitution on PE 3.
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 10.3.1.1 as-number 600
[PE3-bgp-default-vpn1] peer 10.3.1.1 substitute-as
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that they have established BGP peer relationships with their CEs and the peer relationships are in Established state.
6. Establish MP-IBGP peer relationships between PEs and specify PE 1 as the RR:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.9 as-number 100
[PE1-bgp-default] peer 4.4.4.9 as-number 100
[PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-default-vpnv4] peer 2.2.2.9 reflect-client
[PE1-bgp-default-vpnv4] peer 4.4.4.9 enable
[PE1-bgp-default-vpnv4] peer 4.4.4.9 reflect-client
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.9 as-number 100
[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Configure PE 3.
[PE3] bgp 100
[PE3-bgp-default] peer 1.1.1.9 as-number 100
[PE3-bgp-default] peer 1.1.1.9 connect-interface loopback 0
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 1.1.1.9 enable
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] quit
7. Configure BGP SoO attributes:
# Display routing information on CE 2. The output shows that CE 2 has learned the route for 100.1.1.1/32 from CE 1. Routing loop occurs when the route advertised by CE 1 is re-advertised back to the site where CE 1 and CE 2 reside via PE 1, PE 2, and CE 2.
[CE2] display ip routing-table
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1
10.2.1.0/24 Direct 0 0 10.2.1.1 XGE3/0/1
10.2.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.1 XGE3/0/1
10.3.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1
100.1.1.1/32 BGP 255 0 10.2.1.2 XGE3/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
200.1.1.1/32 BGP 255 0 10.2.1.2 XGE3/0/1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# On PE 1, configure the SoO attribute as 1:100 for CE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 soo 1:100
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# On PE 2, configure the SoO attribute as 1:100 for CE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4
[PE2-bgp-default-ipv4-vpn1] peer 10.2.1.1 soo 1:100
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
Verifying the configuration
# PE 2 does not advertise routes received from CE 1 to CE 2 because the same SoO attribute has been configured for the CEs. Display the routing table of CE 2. The output shows that the route 100.1.1.1/32 has been removed.
<CE2> display ip routing-table
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
10.2.1.0/24 Direct 0 0 10.2.1.1 XGE3/0/1
10.2.1.1/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.1 XGE3/0/1
10.3.1.0/24 BGP 255 0 10.2.1.2 XGE3/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
200.1.1.1/32 BGP 255 0 10.2.1.2 XGE3/0/1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.9
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 20.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/3
ip address 30.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack0
peer 4.4.4.9 as-number 100
peer 4.4.4.9 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.9 enable
peer 2.2.2.9 reflect-client
peer 4.4.4.9 enable
peer 4.4.4.9 reflect-client
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 600
peer 10.1.1.1 substitute-as
#
address-family ipv4 unicast
peer 10.1.1.1 enable
peer 10.1.1.1 soo 1:100
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.9
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 40.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/3
ip address 20.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
peer 10.2.1.1 as-number 600
peer 10.2.1.1 substitute-as
#
address-family ipv4 unicast
peer 10.2.1.1 enable
peer 10.2.1.1 soo 1:100
#
return
· P:
#
sysname P
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
network 50.1.1.0 0.0.0.255
#
mpls lsr-id 3.3.3.9
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 30.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip address 40.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/3
ip address 50.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
return
· PE 3:
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 300:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 50.1.1.0 0.0.0.255
#
mpls lsr-id 4.4.4.9
#
mpls ldp
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.3.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 50.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.9 enable
#
ip vpn-instance vpn1
peer 10.3.1.1 as-number 600
peer 10.3.1.1 substitute-as
#
address-family ipv4 unicast
peer 10.3.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface LoopBack0
ip address 100.1.1.1 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
bgp 600
peer 10.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 600
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
· CE 3:
#
sysname CE3
#
interface LoopBack0
ip address 200.1.1.1 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 10.3.1.1 255.255.255.0
#
bgp 600
peer 10.3.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.3.1.2 enable
#
return
Example: Configuring MPLS L3VPN FRR through VPNv4 route backup for a VPNv4 route
Network configuration
CE 1 and CE 2 belong to VPN 1.
Configure EBGP between CEs and PEs to exchange VPN routes.
Configure OSPF to ensure connectivity between PEs, and configure MP-IBGP to exchange VPNv4 routing information between PEs.
Configure MPLS L3VPN FRR on PE 1 to achieve the following purposes:
· When the link PE 1—PE 2 operates correctly, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2.
· When BFD detects that the LSP between PE 1 and PE 2 fails, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 3—CE 2.
Table 34 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface2 |
Ten-GigabitEthernet3/0/2 |
|
Interface3 |
Ten-GigabitEthernet3/0/3 |
Table 35 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
Loop0 |
5.5.5.5/32 |
PE 1 |
Loop0 |
1.1.1.1/32 |
|
XGE3/0/1 |
10.2.1.1/24 |
XGE3/0/1 |
10.2.1.2/24 |
||
|
PE 2 |
Loop0 |
2.2.2.2/32 |
XGE3/0/2 |
172.1.1.1/24 |
|
|
XGE3/0/1 |
172.1.1.2/24 |
XGE3/0/3 |
172.2.1.1/24 |
||
|
XGE3/0/2 |
10.1.1.2/24 |
CE 2 |
Loop0 |
4.4.4.4/32 |
|
|
PE 3 |
Loop0 |
3.3.3.3/32 |
XGE3/0/1 |
10.1.1.1/24 |
|
|
XGE3/0/1 |
172.2.1.3/24 |
XGE3/0/2 |
10.3.1.1/24 |
||
|
XGE3/0/2 |
10.3.1.2/24 |
Procedure
1. Configure an IGP (OSPF in this example) on the MPLS backbone to establish connectivity between the PEs.
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] ip address 172.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/2] quit
[PE1] interface ten-gigabitethernet 3/0/3
[PE1-Ten-GigabitEthernet3/0/3] ip address 172.2.1.1 24
[PE1-Ten-GigabitEthernet3/0/3] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip address 172.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/1] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE 3.
<Sysname> system-view
[Sysname] sysname PE3
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 3.3.3.3 32
[PE3-LoopBack0] quit
[PE3] interface ten-gigabitethernet 3/0/1
[PE3-Ten-GigabitEthernet3/0/1] ip address 172.2.1.3 24
[PE3-Ten-GigabitEthernet3/0/1] quit
[PE3] ospf
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
# Verify that OSPF neighbor relationships can be established between PE 1, PE 2, and PE 3:
¡ Execute the display ospf peer command on each device to verify that their OSPF neighbors have reached the FULL state.
¡ Execute the display ip routing-table command to verify that the PEs can learn the routes to the loopback interfaces on the remote PEs.
2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] mpls enable
[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/2] quit
[PE1] interface ten-gigabitethernet 3/0/3
[PE1-Ten-GigabitEthernet3/0/3] mpls enable
[PE1-Ten-GigabitEthernet3/0/3] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/3] quit
# Configure PE 2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] mpls enable
[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/1] quit
# Configure PE 3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls ldp
[PE3-ldp] quit
[PE3] interface ten-gigabitethernet 3/0/1
[PE3-Ten-GigabitEthernet3/0/1] mpls enable
[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable
[PE3-Ten-GigabitEthernet3/0/1] quit
# Verify that LDP sessions can be established between PE 1, PE 2, and PE 3:
¡ Execute the display mpls ldp peer command on each device to verify that their LDP sessions are in operational state.
¡ Execute the display mpls ldp lsp command to verify establishment of LDP LSPs.
3. Configure VPN instances on PEs to provide network access for CEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/2
[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/2] quit
# Configure PE 3.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 300:1
[PE3-vpn-instance-vpn1] vpn-target 111:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface ten-gigabitethernet 3/0/2
[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24
[PE3-Ten-GigabitEthernet3/0/2] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 5.5.5.5 32
[CE1-LoopBack0] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
[CE2] interface ten-gigabitethernet 3/0/2
[CE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.1 24
[CE2-Ten-GigabitEthernet3/0/2] quit
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 4.4.4.4 32
[CE2-LoopBack0] quit
# Execute the display ip vpn-instance command on the PEs to verify the VPN instance configuration. Make sure the PEs can ping the CEs attached to them.
4. Establish EBGP peer relationships between each PE and the CE attached to them, and redistribute VPN IPv4 routes:
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp-default] peer 10.2.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.2.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure CE 2.
[CE2] bgp 65420
[CE2-bgp-default] peer 10.1.1.2 as-number 100
[CE2-bgp-default] peer 10.3.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.1.1.2 enable
[CE2-bgp-default-ipv4] peer 10.3.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.2.1.1 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.1.1.1 as-number 65420
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Configure PE 3.
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 10.3.1.1 as-number 65420
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that they have established BGP peer relationships with their CEs and the peer relationships are in Established state.
5. Establish MP-IBGP peer relationships between PEs:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.2 as-number 100
[PE1-bgp-default] peer 3.3.3.3 as-number 100
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable
[PE1-bgp-default-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.1 as-number 100
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Configure PE 3.
[PE3] bgp 100
[PE3-bgp-default] peer 1.1.1.1 as-number 100
[PE3-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 1.1.1.1 enable
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] quit
6. Configure MPLS L3VPN FRR:
On PE 1:
# Configure BFD to test the connectivity of the LSP to 2.2.2.2/32.
[PE1] mpls bfd enable
[PE1] mpls bfd 2.2.2.2 32
# Create routing policy frr, and specify the backup next hop as 3.3.3.3 for the route to 4.4.4.4/32.
[PE1] ip prefix-list abc index 10 permit 4.4.4.4 32
[PE1] route-policy frr permit node 10
[PE1-route-policy-frr-10] if-match ip address prefix-list abc
[PE1-route-policy-frr-10] apply fast-reroute backup-nexthop 3.3.3.3
[PE1-route-policy-frr-10] quit
# Configure FRR for VPN instance vpn1 to use routing policy frr.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] fast-reroute route-policy frr
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# Specify the preferred value as 100 for routes received from PE 2. This value is greater than the preferred value (0) for routes from PE 3, so PE 1 prefers the routes from PE 2.
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 preferred-value 100
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
On PE 2:
# Enable MPLS BFD on PE 2.
[PE2] mpls bfd enable
Verifying the configuration
# Display detailed information about the route to 4.4.4.4/32 on PE 1. The output shows the backup next hop for the route.
[PE1] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose
Summary count : 1
Destination: 4.4.4.4/32
Protocol: BGP instance default
Process ID: 0
SubProtID: 0x1 Age: 00h00m21s
FlushedAge: 00h00m21s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x102 OrigVrf: default-vrf
TableID: 0x102 OrigAs: 65420
NibID: 0x1600000e LastAs: 100
AttrID: 0x1
BkAttrID: 0x2 Neighbor: 2.2.2.2
Flags: 0x110060 OrigNextHop: 2.2.2.2
Label: 1279 RealNextHop: 172.1.1.2
BkLabel: 1279 BkNextHop: 172.2.1.3
SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2
BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/3
Tunnel ID: 0x1 IPInterface: Ten-GigabitEthernet3/0/2
BkTunnel ID: 0x3 BkIPInterface: Ten-GigabitEthernet3/0/3
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: Ten-GigabitEthernet3/0/2
TrafficIndex: N/A BkTunnelInterface: Ten-GigabitEthernet3/0/3
Connector: N/A PathID: 0x0
UserID: 0xffffffff SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: 0x1 BkNID: Invalid
BkFlushNID: 0x3 StatFlags: 0x0
SID: N/A
BkSID: N/A
CommBlockLen: 0 Priority: Low
MemberPort: N/A ExtFlags: 0x0
UCMIndex: 0x0 UserVLAN: 65535
UCMMTU: 0 BrasHash: 0
SessionID: 0 UserGroupID: 0
IsoGroupID: 256 BkIsoGroupID: 256
# When the network is operating correctly, display the routing table of VPN instance vpn1 on PE 1 to verify that the next hop for PE 1 to reach 4.4.4.4/32 is PE 2.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 BGP 255 0 2.2.2.2 XGE3/0/2
5.5.5.5/32 BGP 255 0 10.2.1.1 XGE3/0/1
10.1.1.0/24 BGP 255 0 2.2.2.2 XGE3/0/2
10.2.1.0/24 Direct 0 0 10.2.1.2 XGE3/0/1
10.2.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.2 XGE3/0/1
10.3.1.0/24 BGP 255 0 2.2.2.2 XGE3/0/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Shut down interface Ten-GigabitEthernet 3/0/1 on CE 2. Then, display the routing table of VPN instance vpn1 on PE 1 to verify that the next hop for PE 1 to reach 4.4.4.4/32 has changed to PE 3. CE 1 and CE 2 can still ping each other.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 BGP 255 0 3.3.3.3 XGE3/0/3
5.5.5.5/32 BGP 255 0 10.2.1.1 XGE3/0/1
10.2.1.0/24 Direct 0 0 10.2.1.2 XGE3/0/1
10.2.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.2 XGE3/0/1
10.3.1.0/24 BGP 255 0 3.3.3.3 XGE3/0/3
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.1
#
mpls ldp
#
mpls bfd enable
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 172.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/3
ip address 172.2.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.2 enable
peer 2.2.2.2 preferred-value 100
peer 3.3.3.3 enable
#
ip vpn-instance vpn1
peer 10.2.1.1 as-number 65410
#
address-family ipv4 unicast
fast-reroute route-policy frr
peer 10.2.1.1 enable
#
route-policy frr permit node 10
if-match ip address prefix-list abc
apply fast-reroute backup-nexthop 3.3.3.3
#
ip prefix-list abc index 10 permit 4.4.4.4 32
#
mpls bfd 2.2.2.2 32
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.1.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.2
#
mpls ldp
#
mpls bfd enable
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 172.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.1 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65420
#
address-family ipv4 unicast
peer 10.1.1.1 enable
#
return
· PE 3:
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 300:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 3.3.3.3
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 172.2.1.3 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn1
ip address 10.3.1.2 255.255.255.0
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.1 enable
#
ip vpn-instance vpn1
peer 10.3.1.1 as-number 65420
#
address-family ipv4 unicast
peer 10.3.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 65410
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 10.3.1.1 255.255.255.0
#
bgp 65420
peer 10.1.1.2 as-number 100
peer 10.3.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
peer 10.3.1.2 enable
#
return
Example: Configuring MPLS L3VPN FRR through VPNv4 route backup for an IPv4 route
Network configuration
CE 1 and CE 2 belong to VPN 1.
Configure EBGP between CEs and PEs to exchange VPN routes.
Configure OSPF to ensure connectivity between PEs, and configure MP-IBGP to exchange VPNv4 routing information between PEs.
Configure MPLS L3VPN FRR on PE 2 to achieve the following purposes:
· When the link PE 2—CE 2 operates correctly, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2.
· When BFD detects that the link between PE 2 and CE 2 fails, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—PE 3—CE 2.
Table 36 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface2 |
Ten-GigabitEthernet3/0/2 |
|
Interface3 |
Ten-GigabitEthernet3/0/3 |
Table 37 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
Loop0 |
5.5.5.5/32 |
PE 2 |
Loop0 |
2.2.2.2/32 |
|
XGE3/0/1 |
10.2.1.1/24 |
XGE3/0/1 |
172.1.1.2/24 |
||
|
PE 1 |
Loop0 |
1.1.1.1/32 |
XGE3/0/2 |
10.1.1.2/24 |
|
|
XGE3/0/1 |
10.2.1.2/24 |
XGE3/0/3 |
172.3.1.2/24 |
||
|
XGE3/0/2 |
172.1.1.1/24 |
PE 3 |
Loop0 |
3.3.3.3/32 |
|
|
XGE3/0/3 |
172.2.1.1/24 |
XGE3/0/1 |
172.2.1.3/24 |
||
|
CE 2 |
Loop0 |
4.4.4.4/32 |
XGE3/0/2 |
10.3.1.2/24 |
|
|
XGE3/0/1 |
10.1.1.1/24 |
XGE3/0/3 |
172.3.1.3/24 |
||
|
XGE3/0/2 |
10.3.1.1/24 |
Procedure
1. Configure an IGP (OSPF in this example) on the MPLS backbone to establish connectivity between the PEs:
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] ip address 172.1.1.1 24
[PE1-Ten-GigabitEthernet3/0/2] quit
[PE1] interface ten-gigabitethernet 3/0/3
[PE1-Ten-GigabitEthernet3/0/3] ip address 172.2.1.1 24
[PE1-Ten-GigabitEthernet3/0/3] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] ip address 172.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/1] quit
[PE2] interface ten-gigabitethernet 3/0/3
[PE2-Ten-GigabitEthernet3/0/3] ip address 172.3.1.2 24
[PE2-Ten-GigabitEthernet3/0/3] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 172.3.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE 3.
<Sysname> system-view
[Sysname] sysname PE3
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 3.3.3.3 32
[PE3-LoopBack0] quit
[PE3] interface ten-gigabitethernet 3/0/1
[PE3-Ten-GigabitEthernet3/0/1] ip address 172.2.1.3 24
[PE3-Ten-GigabitEthernet3/0/1] quit
[PE3] interface ten-gigabitethernet 3/0/3
[PE3-Ten-GigabitEthernet3/0/3] ip address 172.3.1.3 24
[PE3-Ten-GigabitEthernet3/0/3] quit
[PE3] ospf
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 172.3.1.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
# Verify that OSPF neighbor relationships can be established between PE 1, PE 2, and PE 3:
¡ Execute the display ospf peer command on each device to verify that their OSPF neighbors have reached the FULL state.
¡ Execute the display ip routing-table command to verify that the PEs can learn the routes to the loopback interfaces on the remote PEs.
2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] mpls enable
[PE1-Ten-GigabitEthernet3/0/2] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/2] quit
[PE1] interface ten-gigabitethernet 3/0/3
[PE1-Ten-GigabitEthernet3/0/3] mpls enable
[PE1-Ten-GigabitEthernet3/0/3] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/3] quit
# Configure PE 2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/1
[PE2-Ten-GigabitEthernet3/0/1] mpls enable
[PE2-Ten-GigabitEthernet3/0/1] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/1] quit
[PE2] interface ten-gigabitethernet 3/0/3
[PE2-Ten-GigabitEthernet3/0/3] mpls enable
[PE2-Ten-GigabitEthernet3/0/3] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/3] quit
# Configure PE 3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls ldp
[PE3-ldp] quit
[PE3] interface ten-gigabitethernet 3/0/1
[PE3-Ten-GigabitEthernet3/0/1] mpls enable
[PE3-Ten-GigabitEthernet3/0/1] mpls ldp enable
[PE3-Ten-GigabitEthernet3/0/1] quit
[PE3] interface ten-gigabitethernet 3/0/3
[PE3-Ten-GigabitEthernet3/0/3] mpls enable
[PE3-Ten-GigabitEthernet3/0/3] mpls ldp enable
[PE3-Ten-GigabitEthernet3/0/3] quit
# Verify that LDP sessions can be established between PE 1, PE 2, and PE 3:
¡ Execute the display mpls ldp peer command on each device to verify that their LDP sessions are in operational state.
¡ Execute the display mpls ldp lsp command to verify establishment of LDP LSPs.
3. Configure VPN instances on PEs to provide network access for CEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/2
[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 24
[PE2-Ten-GigabitEthernet3/0/2] quit
# Configure PE 3.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 300:1
[PE3-vpn-instance-vpn1] vpn-target 111:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface ten-gigabitethernet 3/0/2
[PE3-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1
[PE3-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24
[PE3-Ten-GigabitEthernet3/0/2] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 5.5.5.5 32
[CE1-LoopBack0] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
[CE2] interface ten-gigabitethernet 3/0/2
[CE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.1 24
[CE2-Ten-GigabitEthernet3/0/2] quit
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 4.4.4.4 32
[CE2-LoopBack0] quit
# Execute the display ip vpn-instance command on the PEs to verify the VPN instance configuration. Make sure the PEs can ping the CEs attached to them.
4. Establish EBGP peer relationships between each PE and the CE attached to them, and redistribute VPN IPv4 routes.
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp-default] peer 10.2.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.2.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure CE 2.
[CE2] bgp 65420
[CE2-bgp-default] peer 10.1.1.2 as-number 100
[CE2-bgp-default] peer 10.3.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.1.1.2 enable
[CE2-bgp-default-ipv4] peer 10.3.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.2.1.1 as-number 65410
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.1.1.1 as-number 65420
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Configure PE 3.
[PE3] bgp 100
[PE3-bgp-default] ip vpn-instance vpn1
[PE3-bgp-default-vpn1] peer 10.3.1.1 as-number 65420
[PE3-bgp-default-vpn1] address-family ipv4 unicast
[PE3-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable
[PE3-bgp-default-ipv4-vpn1] quit
[PE3-bgp-default-vpn1] quit
[PE3-bgp-default] quit
# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that they have established BGP peer relationships with their CEs and the peer relationships are in Established state.
5. Establish MP-IBGP peer relationships between PEs and specify PE 1 as the RR.
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.2 as-number 100
[PE1-bgp-default] peer 3.3.3.3 as-number 100
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable
[PE1-bgp-default-vpnv4] peer 2.2.2.2 reflect-client
[PE1-bgp-default-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-default-vpnv4] peer 3.3.3.3 reflect-client
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.1 as-number 100
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
# Configure PE 3.
[PE3] bgp 100
[PE3-bgp-default] peer 1.1.1.1 as-number 100
[PE3-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE3-bgp-default] address-family vpnv4
[PE3-bgp-default-vpnv4] peer 1.1.1.1 enable
[PE3-bgp-default-vpnv4] quit
[PE3-bgp-default] quit
6. Configure MPLS L3VPN FRR on PE 2:
# Configure the source IP address of BFD echo packets as 12.1.1.1.
[PE2] bfd echo-source-ip 12.1.1.1
# Create routing policy frr, and specify the backup next hop as 3.3.3.3 for the route to 4.4.4.4/32.
[PE2] ip prefix-list abc index 10 permit 4.4.4.4 32
[PE2] route-policy frr permit node 10
[PE2-route-policy-frr-10] if-match ip address prefix-list abc
[PE2-route-policy-frr-10] apply fast-reroute backup-nexthop 3.3.3.3
[PE2-route-policy-frr-10] quit
# Use echo-mode BFD to detect the primary route connectivity.
[PE2] bgp 100
[PE2-bgp-default] primary-path-detect bfd echo
# Configure FRR for VPN instance vpn1 to use routing policy frr.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] fast-reroute route-policy frr
# Specify the preferred value as 200 for BGP routes received from CE 2. This value is greater than the preferred value (0) for routes from PE 3, so PE 2 prefers the routes from CE 2.
[PE2-bgp-default-ipv4-vpn1] peer 10.1.1.1 preferred-value 200
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
Verifying the configuration
# Display detailed information about the route to 4.4.4.4/32 on PE 2. The output shows the backup next hop for the route.
[PE2] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose
Summary count : 1
Destination: 4.4.4.4/32
Protocol: BGP instance default
Process ID: 0
SubProtID: 0x6 Age: 00h01m10s
FlushedAge: 00h01m10s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x102 OrigVrf: vpn1
TableID: 0x102 OrigAs: 65420
NibID: 0x1600000c LastAs: 65420
AttrID: 0x2
BkAttrID: 0x1 Neighbor: 10.1.1.1
Flags: 0x10060 OrigNextHop: 10.1.1.1
Label: NULL RealNextHop: 10.1.1.1
BkLabel: 1279 BkNextHop: 172.3.1.3
SRLabel: NULL Interface: Ten-GigabitEthernet3/0/2
BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/3
Tunnel ID: Invalid IPInterface: Ten-GigabitEthernet3/0/2
BkTunnel ID: 0x3 BkIPInterface: Ten-GigabitEthernet3/0/3
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: Ten-GigabitEthernet3/0/3
Connector: N/A PathID: 0x0
UserID: 0xffffffff SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: 0x3 StatFlags: 0x0
SID: N/A
BkSID: N/A
CommBlockLen: 0 Priority: Low
MemberPort: N/A ExtFlags: 0x0
UCMIndex: 0x0 UserVLAN: 65535
UCMMTU: 0 BrasHash: 0
SessionID: 0 UserGroupID: 0
IsoGroupID: 256 BkIsoGroupID: 256
# When the network is operating correctly, display the routing table of VPN instance vpn1 on PE 2 to verify that the next hop for PE 2 to reach 4.4.4.4/32 is CE 2.
[PE2] display ip routing-table vpn-instance vpn1
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 BGP 255 0 10.1.1.1 XGE3/0/2
5.5.5.5/32 BGP 255 0 1.1.1.1 XGE3/0/1
10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/2
10.1.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/2
10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/2
10.2.1.0/24 BGP 255 0 1.1.1.1 XGE3/0/1
10.3.1.0/24 BGP 255 0 10.1.1.1 XGE3/0/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Shut down interface Ten-GigabitEthernet 3/0/1 on CE 2. Then, display the routing table of VPN instance vpn1 on PE 2 to verify that the next hop for PE 2 to reach 4.4.4.4/32 has changed to PE 3. CE 1 and CE 2 can still ping each other.
[PE2] display ip routing-table vpn-instance vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 BGP 255 0 3.3.3.3 XGE3/0/3
5.5.5.5/32 BGP 255 0 1.1.1.1 XGE3/0/1
10.2.1.0/24 BGP 255 0 1.1.1.1 XGE3/0/1
10.3.1.0/24 BGP 255 0 3.3.3.3 XGE3/0/3
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.1
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 172.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/3
ip address 172.2.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
#
ip vpn-instance vpn1
peer 10.2.1.1 as-number 65410
#
address-family ipv4 unicast
peer 10.2.1.1 enable
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
bfd echo-source-ip 12.1.1.1
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.3.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.2
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 172.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/3
ip address 172.3.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
primary-path-detect bfd echo
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.1 enable
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65420
#
address-family ipv4 unicast
fast-reroute route-policy frr
peer 10.1.1.1 enable
peer 10.1.1.1 preferred-value 200
#
route-policy frr permit node 10
if-match ip address prefix-list abc
apply fast-reroute backup-nexthop 3.3.3.3
#
ip prefix-list abc index 10 permit 4.4.4.4 32
#
return
· PE 3:
#
sysname PE3
#
ip vpn-instance vpn1
route-distinguisher 300:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 172.2.1.0 0.0.0.255
network 172.3.1.0 0.0.0.255
#
mpls lsr-id 3.3.3.3
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 172.2.1.3 255.255.255.0
mpls enable
mpls ldp enable
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn1
ip address 10.3.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/3
ip address 172.3.1.3 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.1 enable
#
ip vpn-instance vpn1
peer 10.3.1.1 as-number 65420
#
address-family ipv4 unicast
peer 10.3.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 65410
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 10.3.1.1 255.255.255.0
#
bgp 65420
peer 10.1.1.2 as-number 100
peer 10.3.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
peer 10.3.1.2 enable
#
return
Example: Configuring MPLS L3VPN FRR through IPv4 route backup for a VPNv4 route
Network configuration
CE 1 and CE 2 belong to VPN 1.
Configure EBGP between CEs and PEs to exchange VPN routes.
Configure OSPF to ensure connectivity between PEs, and configure MP-IBGP to exchange VPNv4 routing information between PEs.
Configure MPLS L3VPN FRR on PE 1 to achieve the following purposes:
· When the link PE 1—PE 2 operates correctly, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2.
· When BFD detects that the link between PE 1 and PE 2 fails, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—CE 2.
Table 38 Interface label and interface name mappings
|
Interface label |
Interface name |
|
Interface1 |
Ten-GigabitEthernet3/0/1 |
|
Interface2 |
Ten-GigabitEthernet3/0/2 |
|
Interface3 |
Ten-GigabitEthernet3/0/3 |
Table 39 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
Loop0 |
5.5.5.5/32 |
CE 2 |
Loop0 |
4.4.4.4/32 |
|
XGE3/0/1 |
10.2.1.1/24 |
XGE3/0/1 |
10.1.1.1/24 |
||
|
PE 1 |
Loop0 |
1.1.1.1/32 |
XGE3/0/2 |
10.3.1.1/24 |
|
|
XGE3/0/1 |
10.2.1.2/24 |
PE 2 |
Loop0 |
2.2.2.2/32 |
|
|
XGE3/0/2 |
10.1.1.2/24 |
XGE3/0/2 |
10.3.1.2/24 |
||
|
XGE3/0/3 |
172.2.1.1/24 |
XGE3/0/3 |
172.2.1.2/24 |
Procedure
1. Configure an IGP (OSPF in this example) on the MPLS backbone to establish connectivity between the PEs:
# Configure PE 1.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] quit
[PE1] interface ten-gigabitethernet 3/0/3
[PE1-Ten-GigabitEthernet3/0/3] ip address 172.2.1.1 24
[PE1-Ten-GigabitEthernet3/0/3] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE 2.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 32
[PE2-LoopBack0] quit
[PE2] interface ten-gigabitethernet 3/0/3
[PE2-Ten-GigabitEthernet3/0/3] ip address 172.2.1.2 24
[PE2-Ten-GigabitEthernet3/0/3] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Verify that OSPF neighbor relationships can be established between PE 1 and PE 2:
¡ Execute the display ospf peer command on each device to verify that their OSPF neighbors have reached the FULL state.
¡ Execute the display ip routing-table command to verify that the PEs can learn the routes to the loopback interfaces on the remote PEs.
2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface ten-gigabitethernet 3/0/3
[PE1-Ten-GigabitEthernet3/0/3] mpls enable
[PE1-Ten-GigabitEthernet3/0/3] mpls ldp enable
[PE1-Ten-GigabitEthernet3/0/3] quit
# Configure PE 2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls ldp
[PE2-ldp] quit
[PE2] interface ten-gigabitethernet 3/0/3
[PE2-Ten-GigabitEthernet3/0/3] mpls enable
[PE2-Ten-GigabitEthernet3/0/3] mpls ldp enable
[PE2-Ten-GigabitEthernet3/0/3] quit
# Verify that LDP sessions can be established between PE 1 and PE 2:
¡ Execute the display mpls ldp peer command on each device to verify that their LDP sessions are in operational state.
¡ Execute the display mpls ldp lsp command to verify establishment of LDP LSPs.
3. Configure VPN instances on PEs to provide network access for CEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ten-gigabitethernet 3/0/1
[PE1-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.2 24
[PE1-Ten-GigabitEthernet3/0/1] quit
[PE1] interface ten-gigabitethernet 3/0/2
[PE1-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1
[PE1-Ten-GigabitEthernet3/0/2] ip address 10.1.1.2 24
[PE1-Ten-GigabitEthernet3/0/2] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ten-gigabitethernet 3/0/2
[PE2-Ten-GigabitEthernet3/0/2] ip binding vpn-instance vpn1
[PE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.2 24
[PE2-Ten-GigabitEthernet3/0/2] quit
# Configure CE 1.
<Sysname> system-view
[Sysname] sysname CE1
[CE1] interface ten-gigabitethernet 3/0/1
[CE1-Ten-GigabitEthernet3/0/1] ip address 10.2.1.1 24
[CE1-Ten-GigabitEthernet3/0/1] quit
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 5.5.5.5 32
[CE1-LoopBack0] quit
# Configure CE 2.
<Sysname> system-view
[Sysname] sysname CE2
[CE2] interface ten-gigabitethernet 3/0/1
[CE2-Ten-GigabitEthernet3/0/1] ip address 10.1.1.1 24
[CE2-Ten-GigabitEthernet3/0/1] quit
[CE2] interface ten-gigabitethernet 3/0/2
[CE2-Ten-GigabitEthernet3/0/2] ip address 10.3.1.1 24
[CE2-Ten-GigabitEthernet3/0/2] quit
[CE2] interface loopback 0
[CE2-LoopBack0] ip address 4.4.4.4 32
[CE2-LoopBack0] quit
# Execute the display ip vpn-instance command on the PEs to verify the VPN instance configuration. Make sure the PEs can ping the CEs attached to them.
4. Establish EBGP peer relationships between each PE and the CE attached to them, and redistribute VPN IPv4 routes:
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp-default] peer 10.2.1.2 as-number 100
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.2.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
# Configure CE 2.
[CE2] bgp 65420
[CE2-bgp-default] peer 10.1.1.2 as-number 100
[CE2-bgp-default] peer 10.3.1.2 as-number 100
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 10.1.1.2 enable
[CE2-bgp-default-ipv4] peer 10.3.1.2 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 10.2.1.1 as-number 65410
[PE1-bgp-default-vpn1] peer 10.1.1.1 as-number 65420
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable
[PE1-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] peer 10.3.1.1 as-number 65420
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] peer 10.3.1.1 enable
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that they have established BGP peer relationships with their CEs and the peer relationships are in Established state.
5. Establish MP-IBGP peer relationships between PEs:
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp-default] peer 2.2.2.2 as-number 100
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100
[PE2-bgp-default] peer 1.1.1.1 as-number 100
[PE2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-default-vpnv4] quit
[PE2-bgp-default] quit
6. Configure MPLS L3VPN FRR:
On PE 1:
# Configure BFD to test the connectivity of the LSP to 2.2.2.2/32.
[PE1] mpls bfd enable
[PE1] mpls bfd 2.2.2.2 32
# Create routing policy frr, and specify the backup next hop as 10.1.1.1 for the route to 4.4.4.4/32.
[PE1] ip prefix-list abc index 10 permit 4.4.4.4 32
[PE1] route-policy frr permit node 10
[PE1-route-policy-frr-10] if-match ip address prefix-list abc
[PE1-route-policy-frr-10] apply fast-reroute backup-nexthop 10.1.1.1
[PE1-route-policy-frr-10] quit
# Configure FRR for VPN instance vpn1 to use routing policy frr.
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] fast-reroute route-policy frr
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
# Specify the preferred value as 200 for BGP VPNv4 routes received from PE 2. This value is greater than the preferred value (0) for IPv4 unicast routes from CE 2, so PE 1 prefers the routes from PE 2.
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 preferred-value 200
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
On PE 2:
# Enable MPLS BFD on PE 2.
[PE2] mpls bfd enable
Verifying the configuration
# Display detailed information about the route to 4.4.4.4/32 on PE 1. The output shows the backup next hop for the route.
[PE1] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose
Summary count : 1
Destination: 4.4.4.4/32
Protocol: BGP instance default
Process ID: 0
SubProtID: 0x1 Age: 00h00m24s
FlushedAge: 00h00m24s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x102 OrigVrf: default-vrf
TableID: 0x102 OrigAs: 65420
NibID: 0x1600000a LastAs: 100
AttrID: 0x2
BkAttrID: 0x1 Neighbor: 2.2.2.2
Flags: 0x110060 OrigNextHop: 2.2.2.2
Label: 1279 RealNextHop: 172.2.1.2
BkLabel: NULL BkNextHop: 10.1.1.1
SRLabel: NULL Interface: Ten-GigabitEthernet3/0/3
BkSRLabel: NULL BkInterface: Ten-GigabitEthernet3/0/2
Tunnel ID: 0x1 IPInterface: Ten-GigabitEthernet3/0/3
BkTunnel ID: Invalid BkIPInterface: Ten-GigabitEthernet3/0/2
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: Ten-GigabitEthernet3/0/3
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0xffffffff SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: 0x1 BkNID: Invalid
BkFlushNID: Invalid StatFlags: 0x0
SID: N/A
BkSID: N/A
CommBlockLen: 0 Priority: Low
MemberPort: N/A ExtFlags: 0x0
UCMIndex: 0x0 UserVLAN: 65535
UCMMTU: 0 BrasHash: 0
SessionID: 0 UserGroupID: 0
IsoGroupID: 256 BkIsoGroupID: 256
# When the network is operating correctly, display the routing table of VPN instance vpn1 on PE 1 to verify that the next hop for PE 1 to reach 4.4.4.4/32 is PE 2.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 BGP 255 0 2.2.2.2 XGE3/0/3
5.5.5.5/32 BGP 255 0 10.2.1.1 XGE3/0/1
10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/2
10.1.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/2
10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/2
10.2.1.0/24 Direct 0 0 10.2.1.2 XGE3/0/1
10.2.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.2 XGE3/0/1
10.3.1.0/24 BGP 255 0 2.2.2.2 XGE3/0/3
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# On PE 2, execute the undo mpls ldp enable command on interface Ten-GigabitEthernet 3/0/3. Then, display the routing table of VPN instance vpn1 on PE 1 to verify that the next hop for PE 1 to reach 4.4.4.4/32 has changed to CE 2. CE 1 and CE 2 can still ping each other.
[PE1] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 BGP 255 0 10.1.1.1 XGE3/0/2
5.5.5.5/32 BGP 255 0 10.2.1.1 XGE3/0/1
10.1.1.0/24 Direct 0 0 10.1.1.2 XGE3/0/2
10.1.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/2
10.1.1.255/32 Direct 0 0 10.1.1.2 XGE3/0/2
10.2.1.0/24 Direct 0 0 10.2.1.2 XGE3/0/1
10.2.1.2/32 Direct 0 0 127.0.0.1 XGE3/0/1
10.2.1.255/32 Direct 0 0 10.2.1.2 XGE3/0/1
10.3.1.0/24 BGP 255 0 10.1.1.1 XGE3/0/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
Configuration files
· PE 1:
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 1.1.1.1
#
mpls ldp
#
mpls bfd enable
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/3
ip address 172.2.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
address-family vpnv4
peer 2.2.2.2 enable
peer 2.2.2.2 preferred-value 200
#
ip vpn-instance vpn1
peer 10.1.1.1 as-number 65420
peer 10.2.1.1 as-number 65410
#
address-family ipv4 unicast
fast-reroute route-policy frr
peer 10.1.1.1 enable
peer 10.2.1.1 enable
#
route-policy frr permit node 10
if-match ip address prefix-list abc
apply fast-reroute backup-nexthop 10.1.1.1
#
ip prefix-list abc index 10 permit 4.4.4.4 32
#
return
· PE 2:
#
sysname PE2
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 172.2.1.0 0.0.0.255
#
mpls lsr-id 2.2.2.2
#
mpls ldp
#
mpls bfd enable
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Ten-GigabitEthernet3/0/2
ip binding vpn-instance vpn1
ip address 10.3.1.2 255.255.255.0
#
interface Ten-GigabitEthernet3/0/3
ip address 172.2.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.1 enable
#
ip vpn-instance vpn1
peer 10.3.1.1 as-number 65420
#
address-family ipv4 unicast
peer 10.3.1.1 enable
#
return
· CE 1:
#
sysname CE1
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 10.2.1.1 255.255.255.0
#
bgp 65410
peer 10.2.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.2.1.2 enable
#
return
· CE 2:
#
sysname CE2
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Ten-GigabitEthernet3/0/1
ip address 10.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet3/0/2
ip address 10.3.1.1 255.255.255.0
#
bgp 65420
peer 10.1.1.2 as-number 100
peer 10.3.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 10.1.1.2 enable
peer 10.3.1.2 enable
#
return