Mpls l2vpn Vpls

Operation Manual VPLS
Quidway S8500 Series Routing Switches
Table of Contents
Table of Contents
1.1 VPLS Overview.................................................................................................................... 1
1.1.1 Introduction to VPLS.................................................................................................. 1
1.2 Basic VPLS Network Architectures......................................................................................2
1.3 VPLS Operational Principle.................................................................................................. 3
1.3.1 VPLS Basic Transmission Components....................................................................3
1.4 Concepts Related to VPLS................................................................................................... 5
1.4.1 MPLS L2VPN............................................................................................................. 5
1.4.2 CE.............................................................................................................................. 6
1.4.3 PE.............................................................................................................................. 6
1.4.4 VSI............................................................................................................................. 6
1.5 VPLS Basic Configuration.................................................................................................... 6
1.5.2 Configuring Routing Protocols...................................................................................7
1.5.3 Configuring Basic MPLS Functions...........................................................................7
1.5.4 Configuring LDP Expansion Session Peer.................................................................7
1.5.5 Enable MPLS L2VPN................................................................................................8
1.5.6 Creating a VPLS Instance.........................................................................................8
1.5.7 Configuring VLAN for User Access and Binding a VLPS Instance...........................10
1.5.8 Configuring Static MAC Address..............................................................................10
1.5.9 Enabling VLAN VPN on a Port.................................................................................11
1.5.10 Configuring MPLS Packets Redirection.................................................................11
1.5.11 Configuring VPLS Characteristics..........................................................................13
1.6 Displaying and Debugging VPLS.......................................................................................15
1.7 VPLS Basic Configuration Example...................................................................................16
1.8 Troubleshooting VPLS........................................................................................................ 20

VPLS Configuration
VPLS Configuration
Note:
The enhanced service processor card mentioned here refers to the LSB1VPNB card.
1.1 VPLS Overview

1.1.1 Introduction to VPLS
Today, IP networks have spread throughout the world. And the operators are focusing
on using their existing IP networks to provide enterprises with low-cost private
networks. Now, an easy-implemented technique called MPLS VPN (multiprotocol
label switching VPN) emerges as the times require, which enables the operators to
provide arbitrary-rate MPLS-based virtual private network (VPN) services over IP
networks
MPLS VPN services fall into two types: L3 MPLS VPN and L2 MPLS VPN. The latter
includes VPLS (virtual private LAN service) and VLL (virtual leased line). VLL only
applies to point-to-point networking, while VPLS can apply to multipoint-to-multipoint
VPN networking. VPLS provides the operators using point-to-point L2VPN with a
better solution. In addition, unlike L3VPN, VPLS does not participate in user's internal
routing. Now, operators need only manage and operate a single network to provide
multiple kinds of services such as best-effort, L3VPN, L2VPN, traffic-engineering, and
distinguished services. This greatly reduces their costs on network construction,
operation and maintenance.
With VPLS, users in different areas can be connected with each other through
MAN/WAN just like they are in one LAN. S8500 series provide a VPLS solution. This
solution uses MPLS-based virtual links as the links of Ethernet bridges and provides
transparent transmission LAN services (TLS) over MPLS networks.
The following table lists the acronyms referred in this document:
Table 1.1 Acronyms
Acronym
Full name
AC
Attachment Circuit
CE
Custom Edge
FEC
Forwarding Equivalence Class
Huawei Technologies Proprietary

1

VPLS Configuration
Acronym
Full name
FR
Frame Relay
NPE
Network Provider Edge
PE
Provider Edge Router
PW
Pseudo wires
PHP
Penultimate Hop Popping
UPE
User facing-Provider Edge
VLL
Virtual Leased Line
VPLS
Virtual Private LAN Service
VSI
Virtual Switch Instance
LSP
Label Switch Path
1.2 Basic VPLS Network Architectures

There are two kinds of VPLS network architectures: PW logical multipoint-tomultipoint connection architecture and hierarchical architecture. Figure 1.1 depicts a
VPLS network architecture with PW logical multipoint-to-multipoint connection.
VPN 1
Site 3
PE4
VPN 2
Site 1 CE1
CE6
PE1
MPLS network
VPN 1
Site 2
PE3
CE2
PE2
VPN 1
Site 1
CE5
CE4
CE3
VPN 2
Site 2
Figure 1.1 VPLS network with PW logical multipoint-to-multipoint connection

2

VPLS Configuration
As shown in Figure 1.1, VPLS can provide point-to-multipoint connection service like
a L3VAN. It can learn MAC addresses and exchange packets between multiple sites.
In addition, it keeps the forwarding tables of the individual VPNs independent with
each other and allows MAC address overlap between VPNs.
Figure 1.2 depicts a hierarchical VPLS network architecture.
VPN 1
Site 1
CE2
VPN 2
Site 1
NPE1
CE1
UPE1 MPLS edge network

NPE4
MPLS core network
NPE2
MPLS edge network
UPE2
NPE3
CE4
VPN 2
Site 2
CE3
VPN 1
Site 2
Figure 1.2 hierarchical VPLS network architecture

As shown in Figure 1.2, the network topology of the VPLS network is hierarchical, and
the access range of the network is expansible. The core devices (NPEs) in the core
network require high performance because VPN traffic concentrates there, while the
edge devices (UPEs) require lower performance because they are mainly used for
VPN service access. In addition, you can back up the links between NPEs and UPEs
to make the network more robust. The access networks between UPEs and NPEs
can be either a MPLS edge network connected by LSP, or a simple Ethernet network
for VLAN-VPN user access.
1.3 VPLS Operational Principle

1.3.1 VPLS Basic Transmission Components
As shown in the following figure, the whole VPLS network is just like a huge switch.
For each VPN, it sets up PWs between the sites of the VPN on MPLS tunnels and
transparently transmits user's layer 2 packets from one site to another through these
PWs. In this network, PEs forward packets, learn source MAC addresses, create

3

VPLS Configuration
MAC forwarding entries, and map the MAC addresses to corresponding ACs and
PWs. While, the P devices (provider routers, that is, core switches in the backbone
network), only implement MPLS forwarding according to MPLS labels without
considering layer 2 user data encapsulated in MPLS packets.
AC
PW
Tunnel
VPN 1
Site 1
CE1
PW
signaling protocol
Forwarder
CE2
VPN 2
Site 1
PE2
VPN 1
Site 2
MPLS network
PE1
CE3
CE4
VPN 2
Site 2
Figure 1.1 L2VPN universal transmission components

The transmission components and their functions in a VPLS network are as follows:
1. Attachment circuit
An attachment circuit (AC) is a virtual connection link between CE and PE. Users
layer 2 and layer 3 data are transmitted to the peer site through AC without any
modification.
2. Pseudo wire
A pseudo wire (PW) is a bidirectional virtual connection between two VSIs in a VPN.
One PW contains a pair of unidirectional MPLS VCs (virtual circuits). It is established
by PW signaling protocol and carried on LSP. For a VPLS system, a PW is just like a
directly connected path between local and peer ACs, through which users layer 2
data are transmitted transparently.
3. Forwarder
A forwarder is in fact a VPLS forwarding table, it chooses PWs to forward the frames
that PEs received from ACs.

4

VPLS Configuration
4. Tunnel
A tunnel is a directly connected path between local PE and peer PEs, on which data
is transmitted transparently from one PE to another. A tunnel can carry multiple PWs.
In general, a tunnel is an MPLS tunnel.
5. Encapsulation
Standard PW encapsulation formats and technique are adopted when packets are
transmitted over PWs. VPLS packets carried on PWs have two encapsulation modes:
Tagged and Raw.
6. PW signaling
PW signaling (pseudo wire signaling) protocol on which VPLS bases is used to
establish and maintain PW. It can also be used to automatically discover peer PEs of
VSIs. Currently, PW signaling protocol includes label distribution protocol (LDP) and
border gateway protocol (BGP).
7. Service quality
Service quality maps priority information in the headers of users layer 2 packets to
QoS priority carried on public network before the forwarding of the packets. This
feature generally requires the MPLS network to support traffic-engineering.
As shown in Figure 1.1, CE3 transmits uplink layer 2 packets to PE1 through AC.
When PE1 receives the packets, the forwarder chooses PW to forward them.
According to PW forwarding entries, the system generates two layers of MPLS labels
(private network labels are used to mark the PWs, and public network labels are used
to pass through tunnels to PE2). After the packets reach PE2 through public network
tunnel, the system pops out private network labels (public network labels have
already been popped out on P device through PHP). PE2 forwarder chooses an AC to
forward layer 2 packets from CE3 to CE1.
1.4 Concepts Related to VPLS

1.4.1 MPLS L2VPN
An MPLS L2VPN is a VPN that transparently transmits users layer 2 packets over
MPLS network. In user's perspective, an MPLS network is a layer 2 switching
network, over which layer 2 connections can be set up among different sites. MPLS
L2VPN includes VLL and VPLS.

5

VPLS Configuration
1. VPLS
This is a kind of point-to-multipoint L2VPN service provided on public networks. VPLS
can connect user sites in different areas together over MAN/WAN as if they are in a
single LAN.
2. VLL
This is a kind of point-to-point L2VPN service provided on public networks. VLL can
connect two sites with each other as if they are directly connected by cables.
However, it cannot provide switching between multipoints.
1.4.2 CE
It is a user device that is directly connected with a service provider's device.
1.4.3 PE
It is an edge router in backbone network connected with CEs. PE is responsible for
VPN service access, it implement packet mapping and forwarding from private
networks to public network tunnels, and vice versa. It has two types: UPE and NPE.
1. UPE
It is a user-facing PE device, a kind of convergence device for users to access the
VPN.
2. NPE
It is a core PE device, locating at the edge of the VPLS core network. It provides
VPLS transparent transmission service in the core network.
The actual VPLS access links are mapped to virtual links through VSIs.
1.4.4 VSI
Through virtual switch instance (VSI) you can map the actually connected links to
each virtual links.
1.5 VPLS Basic Configuration

The following table describes the VPLS configuration tasks:

6

VPLS Configuration
Table 1.1 VPLS configuration tasks

Number
1
Item
Command
Description
Configuring
Refer to the related sections
routing
in
protocol
for
Operation
Manual
Mandatory
Routing Protocol
public network
2
Configuring
Refer to chapter 2 Configuring
basic
MPLS
MPLS
Basic
Functions
Mandatory
in
functions
Operation Manual MPLS
Configuring
[Quidway] mpls ldp remoter
Mandatory
[Quidway] mpls l2vpn
Mandatory
[Quidway] vsi vsi-name
Mandatory
[Quidway -vsi-3com-ldp] peer
Mandatory
[Quidway] mac-address
Optional
Configuring
[Quidway -vlan-interface100]
Mandatory
VLAN for user
l2 binding vsi
LDP expansion
session peer
4
Enabling
L2VPN
Configuring
VPLS instance
6
Configuring an
IP address of a
peer PE
Configuring
static
MAC
addresses
8
access
and
bind VSI
9
Configuring
[Quidway
-vsi-3com-ldp]
Optional
VPLS
bandwidth
Enabling VLAN
Optional
VPN on port
vlan-vpn enable
Configuring
packet
traffic-redirect
characteristics
10
11
redirection

7
Mandatory

VPLS Configuration
1.5.2 Configuring Routing Protocols

You must perform some basic routing configuration on your switch such that it can
exchange routing information with other P and PE devices. Currently, you can choose
the following routing protocols: static routing, routing information protocol (RIP), open
shortest path first (OSPF), exterior border gateway protocol (EBGP), and so on. For
specific configuration, refer to S8500 Series Routing Switches Operation Manual
Routing Protocol.
1.5.3 Configuring Basic MPLS Functions

Configure basic MPLS functions to create LSP tunnels over public network. For
specific configuration, refer to S8500 Series Routing Switches Operation Manual
MPLS.
1.5.4 Configuring LDP Expansion Session Peer

Configure LDP remote peer to set up LDP remote session.
I. Creating a remote peer

Perform the following configuration in system view.
Table 1.1 Create/remove a remote peer
Operation
Command
Create a remote peer and enter remote-peer

view
mpls ldp remote-peer index
Remove the remote peer
undo mpls ldp remote-peer index
By default, no remote peer exists.
II. Configuring an address for the remote peer

You can specify any LDP-enabled interface address of a remote peer device or the
loopback address of a label switch router (LSR) that has advertised its routing
information as the address of the remote peer.
Perform the following configuration in remote-peer view.
Table 1.1 Configure an address for the remote peer
Operation
Command
Configure an address for the remote peer
remote-ip remoteip

8

VPLS Configuration
remoteip: IP address for the remote peer. This address must be the lsr id of a peer
LSR.
By default, no IP address is configured for a remote peer.
1.5.5 Enable MPLS L2VPN

Enable MPLS L2VPN globally before you configure VPLS.
Table 1.1 Enable MPLS L2VPN
Operation
Command
Enable MPLS L2VPN
mpls l2vpn
Disable MPLS L2VPN
undo mpls l2vpn
By default, MPLS L2VPN is disabled.
1.5.6 Creating a VPLS Instance

I. Specifying a VPLS instance name
Use the vsi command to create a VPLS instance or enter VSI view. When creating a
VPLS instance, you must specify a globally unique VPLS instance name, and choose
automatic discovery or manual configuration as peer discovery mechanism (currently,
only manual configuration is supported). At the same time, you can specify an access
encapsulation mode for VPLS users. By default, the access encapsulation mode is
Ethernet. User access mode is a global property of a VPLS instance, and the user
access modes configured on all peer PEs for this instance must be consistent.
Table 1.1 Specify a VPLS instance name
Operation
Command
Specify a VPLS instance name
vsi vsi-name [ static ] [ encapsulation

{ ethernet | vlan } ]
Remove a VPLS instance or quit the
undo vsi vsi-name
VSI view
II. Entering VSI-LDP view and configuring VSI ID

Use the pwsignal command to specify a PW signaling protocol used by VPLS and
enter VPLS protocol view.

9

VPLS Configuration
When you specify martini as the VPLS connection mode (MPLS L2VPN in Martini
mode adopts expanded LDP to send signaling of VC information), you will enter VSILDP view at the same time.
Table 1.1 Specify martini as the VPLS connection mode
Operation
Command
Specify martini as the VPLS connection

mode
pwsignal [ ldp ]
By default, VPLS adopts martini mode.

Use the vsi-id command to specify an ID for a VPLS instance. This ID ranges from 1
to 1024.
Perform the following configuration in VSI-LDP view.
Table 1.2 Configure a VPLS instance
Operation
Command
Specify a ID for a VPLS instance
vsi-id vsi-id
When you specify a Peer, vc-id defaults to vsi-id. And vsi-id ranges from 1 to
4,294,967,295.
III. Configuring an IP address of a peer PE

Use the peer command to create a VPLS peer PE contained in an instance. When
you create a VPLS peer PE, you must specify an IP address and peer type for the
peer PE. By default, the peer type is NPE. When you specify UPE as the peer type, it
indicates the peer is a user convergence node UPE in hierarchical VPLS architecture.
You can also specify an ID for a VC to the peer, and the ID must be consistent with
that of the remote. Multipoint-to-multipoint connections are needed among specified
multiple remote peer NPEs, but not needed between UPEs and NPEs.
Table 1.1 Configure an IP address for a peer PE
Operation
Command
Create a VPLS peer PE contained in the
peer peer-ip [ vc-id vc-id ] [ upe ]
instance
backup-peer
primary-peer
alternatepeer-ip ] [ trans-mode { raw |

tagged } ]

10

VPLS Configuration
Remove the specified VPLS peer PE
undo peer peer-ip
By default, vc-id is vsi-id
1.5.7 Configuring VLAN for User Access and Binding a VLPS Instance
The port configuration on a VLAN interface differs depending on user access modes.
If user gets access by Ethernet, you must enable VLAN-VPN on the access port of
the VLAN. If user makes H-VPLS access by VLAN, or user's convergence multitenant unit (MTU) makes H-VPLS access by VLAN-VPN, you need not enable VLANVPN on the access port; instead, you must configure the port as Trunk, in this case,
the VLAN tag (VLAN ID currently configured for the user) carried in uplink packets
must be consistent with that of the VLAN bound with the Trunk. If convergence UPE
makes H-VPLS access by LSP, you can bind a VPLS instance to a VLAN containing
no port. Additionally, you cannot bind one instance to multiple VLANs.
Perform the following configuration in VLAN interface view.
Table 1.1 Configure VLAN for user access and bind a VPLS instance
Operation
Command
Bind a VPLS instance to a VLAN
l2 binding vsi vsi-name
interface
Remove the binding
undo l2 binding vsi vsi-name
1.5.8 Configuring Static MAC Address

Use the mac-address command to configure a static MAC address for the VPLS
instance. The address you configured can be either a MAC address on a local CE or
a MAC address on a remote CE.
Table 1.1 Configure static MAC address
Operation
Command
Configure a static MAC address for
mac-address { static H-H-H } vsi vsi-name [
VPLS instance
peer peer-ip]
Remove the MAC address
undo mac-address { static H-H-H } vsi vsiname [ peer peer-ip]

11

VPLS Configuration
1.5.9 Enabling VLAN VPN on a Port
Caution:
User access mode of VSI determines whether you should enable VLAN-VPN on a
port or not. If the access mode is Ethernet, you must enable VLAN-VPN on the
access port such that your private VLAN TAG can be properly transferred. If the
access mode is VLAN, you must set the access port to trunk.
Perform the following configuration in Ethernet port view.

Table 1.1 Enable VLAN VPN on a port
Operation
Command
Enable VLAN VPN on a port
vlan-vpn enable
Disable VLAN VPN on the port
undo vlan-vpn
Caution:
If GARP VLAN registration protocol (GVRP), spanning tree protocol (STP) or 802.1x
protocol is enabled on a port, VLAN VPN on this port is not allowed to enable.
By default, VLAN VPN is disabled on ports.
1.5.10 Configuring MPLS Packets Redirection

Because only enhanced service processor card can process VPLS service, you
should configure access control list (ACL) rules to redirect the VPLS packets back
from public network to the enhanced service processor card.
I. Configuring user-defined flow template

Table 1.1 Configure user-defined flow template
Operation
Command
Define flow template
flow-template user-defined { templateinfo | vpn }

12

VPLS Configuration
Operation
Command
Remove flow template
undo flow-template user-defined
When you define the flow template, the total size of all the elements in the template
must be less than 16 bytes.
II. Configuring ACL rules

Rules in basic ACL can only be defined depending on source IP addresses. You can
use the rules to analyze and process data packets correspondingly.
Use the following commands to define a basic ACL.
Perform the following configuration in corresponding views.
Table 1.1 Configure ACL rules
Operation
Command
Enter a basic ACL view from system view
acl { number acl-number | name acl-name

basic } [ match-order { config | auto } ]
Define a sub-rule in basic ACL view
rule [ rule-id ] { permit | deny } [ source {

source-addr wildcard | any } | fragment |
time-range name | vpn-instance instancename ]*
Remove a sub-rule in basic ACL view
undo rule rule-id [ source | fragment |

time-range | vpn-instance instance-name ]*
Remove an ACL or all ACLs in system view
undo acl { number acl-number | name aclname | all }
III. Configuring redirection on a port

Perform the following configuration in Ethernet port view.
Table 1.1 Configure packet redirection on Ethernet port of card B
Operation
Command
Configure packet redirection to a specific

port of card C
traffic-redirect inbound { link-group { aclnumber | acl-name } [ rule rule [ systemindex index ] ] | ip-group { acl-number | aclname } [ rule rule [ system-index index ] ] }
interface { interface-name | interface-type
interface-num } destination-vlan l3-vpn
Remove packet redirection
undo traffic-redirect inbound { link-group

{ acl-number | acl-name } [ rule rule ] | ipgroup { acl-number | acl-name } [ rule
rule ] }

13

VPLS Configuration
1.5.11 Configuring VPLS Characteristics

1. Configuring VPN rate restriction
Use the bandwidth command to configure the VPN rate restriction in the range of 64
kbps to 4,194,303 kbps with the increment of 64. After the configuration, the system
automatically takes the biggest number that can be exactly divided by 64 and is no
more than the setting number as the rate restriction. The actually supported rate
restriction ranges from 64 kbps to 2,097,152 kbps, and if the value you set is above
2,097,152 kbps, no rate restriction is performed. In the instance, the part of traffic
beyond this bandwidth restriction is discarded by the system.
Table 1.1 Configure VPN rate restriction
Operation
Command
Configure VPN rate restriction
bandwidth vpn-speed
By default, the VPN rate restriction is 102,400 kbps.
2. Configuring VPN broadcast suppression percentage

Use the broadcast-restrain command to configure the VPN broadcast suppression
percentage, which is in the range of 0 to 100. You cannot set the percentage to 0. In
the VSI, the part of broadcast traffic (including broadcast, multicast, and unknown
unicast) beyond the suppression percentage is discarded.
Table 1.2 Configure VPN broadcast suppression percentage
Operation
Command
Configure VPN broadcast suppression
broadcast-restrain restrain-number
percentage
By default, VPN broadcast suppression percentage is 5%.
3. Configuring packet MTU

Use the mtu command to specify the maximum transmission unit (MTU) value for
user access packets of this VPLS instance, which is in the range of 128 to 1,500. This
mtu value is also the mtu value for PW.

14

VPLS Configuration
Table 1.3 Configure packet MTU

Operation
Command
Configure packet mtu for the VPLS
mtu mtu
instance
By default, mtu is 1,500 Bytes.
4. Configuring the QoS level

Use the command here to configure the QoS level for the VSI, which is in the range of
0 to 7. When configuring the QoS level, you can either use the QoS mapping table
suggested by the protocol, or the user-defined QoS table and set p-p-p-p-p-p-p-p with
this command.
Table 1.4 Configure the QoS level
Operation
Command
Configure the QoS level for the VSI
qos { 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | { userdefine-table p p p p p p p p } }
5. Configuring other VPLS characteristics

Perform the following configuration in the corresponding VSI-LDP views.
Table 1.5 Configure other VPLS characteristics
Operation
Command
Define/remove a description of this
description TEXT
VPLS instance
undo description
Disable/enable the VPN service of the
shut
VPLS instance
undo shut
Configure the maximum number of the
mac-table limit
MAC addresses in the VPN

15

VPLS Configuration
1.6 Displaying and Debugging VPLS

VPLS provides various displaying and debugging commands to monitor the LDP
session status, tunnel configuration, all LSPs and their status.
Execute the following commands in any view.
Table 1.1 Display VPLS
Operation
Command
Display a VPLS forwarding table
display mac-address vsi [ vsi-name ] [

dynamic | static ] [ count ]
Display the MPLS-based layer 2 virtual
display mpls l2vc [ verbose | interface {
connection information
interface-name | interface-type interfacenum } | { [ vsi vsi-name ] [ peer peer-ip ] [ up

| down | block ] } ]
Display VPLS instance information
display vsi vsi-name
Execute the debugging command to debug various LDP messages.

Execute the following commands in user view.
Table 1.2 Debug VPLS
Operation
Enable
individual
kinds
Command
of
L2VPN
debugging
Disable
individual
debugging mpls l2vpn { advertisement |

all | connections | error | event }
kinds
of
L2VPN
debugging
undo
debugging
mpls
l2vpn
{ advertisement | all | connections | error |

event }
By default, all debugging is disabled.
1.7 VPLS Basic Configuration Example

1. Network requirements
S8500 series support all kinds of VPLS architectures and networking. Figure 1.1
shows a simple back-to-back network diagram. Where, two sites of VPN1 connect to
port E6/1/48 of the two PEs (PE1 and PE2) respectively. Both PEs are configured
with the private VLAN 100 and public VLAN 10 connected through G4/1/1 to
implement basic VPLS service.
16

VPLS Configuration
2. Network diagram
CE1
VL AN 100 PE1
10.10.10.10/24
e6/1/48
VLAN 10
5.6.7.8 g4/1/1
VPN1
PE2 VLAN 100 CE2

e6/1/48
10.10.10.11/24
VL AN 10
g4/1/1
1.2.3.4
VPN1
Figure 1.1 Network diagram for VPLS configuration of back-to back PEs
3. Configuration procedure
(1)
Configure PE1
# Configure the router id used to advertise OSPF routing information. Generally, the
virtual interface address of both mpls lsr-id and loopback0 can be configured with the
same IP address.
[PE1] router id 5.6.7.8
# Configure mpls lsr-id. Enable MPLS and MPLS LDP globally.
[PE1] mpls lsr-id 5.6.7.8
[PE1] mpls
[PE1] mpls ldp
# Configure a 32-bit loopback address, which is used to create LSP.
[PE1] interface loopback0
[PE1 -LoopBack0] ip address 5.6.7.8 32
# Configure a public VLAN, add a port to it, configure an IP address for the virtual
interface, then, enable MPLS and MPLS LDP on the interface.
[PE1] vlan 10
[PE1-vlan10] port GigabitEthernet 4/1/1
[PE1-vlan10] interface vlan 10
[PE1-vlan-interface10] ip address 10.10.10.10 24
[PE1-vlan-interface10] mpls
[PE1-vlan-interface10] mpls ldp enable
# # Configure OSPF to set up routes.
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 5.6.7.8 0.0.0.0

17

VPLS Configuration

[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] import-route direct
[PE1-ospf-1] quit
# Configure a LDP remote peer (PE2) to set up LDP session.
[PE1] mpls ldp remote-peer 1
[PE1-mpls-remote1] remote-ip 1.2.3.4
# Enable L2VPN globally.
[PE1] mpls l2vpn
# Configure a VPLS instance and VSI-ID (VPN-ID). Enter VSI-LDP view to configure
the IP address of PE2.
[PE1] vsi 3com encapsulation ethernet
[PE1-vsi-3com] pwsignal ldp
[PE1-vsi-3com-ldp] vsi-id 500
[PE1-vsi-3com-ldp] peer 1.2.3.4
[PE1-vsi-3com-ldp] quit
# Configure a private VLAN, add a port to it, and bind a VSI instance.
[PE1] vlan 100
[PE1-vlan-100] port Ethernet 6/1/48
[PE1-vlan-100] interface vlan 100
[PE1-vlan-interface100] l2 binding vsi 3com
# Enable VLAN-VPN on the port of the private network.
[PE1] interface Ethernet 6/1/48
[PE1-Ethernet6/1/48] vlan-vpn enable
# Configure user-defined flow template, and ACL redirection rule to allow for MPLS
packets with VPLS labels.
[PE1] flow-template user-defined slot 4 ethernet-protocol vlanid
[PE1] acl number 4000
[PE1-acl-link-4000] rule 0 permit mpls l2lable-range ingress any egress any
[PE1-acl-link-4000] quit
# Define user flow template in port view and configure redirection rule to redirect
VPLS packets back from the public network to the VPLS service processor card and
specify the VLAN ID of the redirection flow.
[PE1] interface GigabitEthernet4/1/1

18

VPLS Configuration
[PE1-GigabitEthernet4/1/1] flow-template user-defined

[PE1-GigabitEthernet4/1/1] traffic-redirect inbound link-group 4000 rule 0 slot 4 10
(2)
Configure PE2
# Configure the router id used to advertise OSPF routing information. Generally, the
virtual interface address of both mpls lsr-id and loopback0 can be configured with the
same IP address.
[PE2] router id 1.2.3.4
# Configure mpls lsr-id. Enable MPLS and MPLS LDP globally.
[PE2] mpls lsr-id 1.2.3.4
[PE2] mpls
[PE2] mpls ldp
# Configure a 32-bit loopback address, which is used to create LSP.
[PE2] interface loopback0
[PE2 -LoopBack0] ip address 1.2.3.4 32
# Configure a public VLAN, add a port to it, configure the IP address for the virtual
interface, then, enable MPLS and MPLS LDP on the interface.
[PE2] vlan 10
[PE2-vlan10] port GigabitEthernet 4/1/1
[PE2-vlan10] interface vlan 10
[PE2-vlan-interface10] ip address 10.10.10.11 24
[PE2-vlan-interface10] mpls
[PE2-vlan-interface10] mpls ldp enable
# Configure OSPF to set up routes.
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] import-route direct
[PE2-ospf-1] quit
# Configure a LDP remote peer (PE1) to set up LDP session.
[PE2] mpls ldp remote-peer 1
[PE2-mpls-remote2] remote-ip 5.6.7.8
# Enable L2VPN globally.

19

VPLS Configuration
[PE2] mpls l2vpn

# Configure a VPLS instance and VSI-ID (VPN-ID). Enter VSI-LDP view to configure
the IP address for PE1.
[PE2] vsi 3com encapsulation ethernet
[PE2-vsi-3com] pwsignal ldp
[PE2-vsi-3com-ldp] vsi-id 500
[PE2-vsi-3com-ldp] peer 5.6.7.8
[PE2-vsi-3com-ldp] quit
# Configure a private VLAN, add a port to it, and bind a VSI instance.
[PE2] vlan 100
[PE2-vlan-100] port Ethernet 6/1/48
[PE2-vlan-100] interface vlan 100
[PE2-vlan-interface100] l2 binding vsi 3com
# Enable VLAN-VPN on the port of the private network.
[PE2] interface Ethernet 6/1/48
[PE2-Ethernet6/1/48] vlan-vpn enable
# Configure user-defined flow template, and ACL redirection rule to allow for MPLS
packets with VPLS labels.
[PE2] flow-template user-defined slot 4 ethernet-protocol vlanid
[PE2] acl number 4000
[PE2-acl-link-4000] rule 0 permit mpls l2lable-range ingress any egress any
[PE2-acl-link-4000] quit
# Define user flow template in port view and configure redirection rule to redirect
VPLS packets back from the public network to the VPLS service processor card and
specify the VLAN ID of the redirect flow.
[PE2] interface GigabitEthernet4/1/1
[PE2-GigabitEthernet4/1/1] flow-template user-defined
[PE2-GigabitEthernet4/1/1] traffic-redirect inbound link-group 4000 rule 0 slot 4 10
1.8 Troubleshooting VPLS

Symptom 1: PW is not in UP state.
Solution:

20

VPLS Configuration
The LSP tunnel over the public network is not set up for the two ends: verify that
the route is available on both end, you can successfully ping the loopback port of
the peer, and the LDP session is normal.
Expansion session is abnormal: verify that the commands used to configure the
expansion session are executed on both ends, and the configurations are all
right.
The virtual interface of the private VLAN is not bound with the corresponding
VPLS instance, or is DOWN: make sure the interface is UP, or the PW to the
UPE is UP.
The parameters for the peer or the MTU value of the VPLS instance is inconsistent:
verify that the MTU value configured for the VPLS instance is consistent on both end,
and the vc-id and transmission mode for the peer is also consistent.
Symptom 2: Packets cannot be forwarded.
The enhanced card is not in place: use the display device command to verify
that the enhanced card is in Normal state.
The enhanced card version is inconsistent with the SRP version: verify the
enhanced card version.
The flow template and redirection are not correctly configured on the public side:
verify the port for the public network is correctly configured.
Symptom 3: Packets are lost during forwarding

Solution:
Traffic exceeds VPN bandwidth restriction: check the VPN bandwidth and the traffic in
the VPN. Then reconfigure a larger bandwidth.
Traffic for broadcast, multicast, and unknown-unicast exceeds the broadcast

suppression: check the VPN broadcast suppression and the broadcast traffic in
the VPN. Then reconfigure a proper broadcast suppression percentage.

21

Mpls l2vpn Vpls

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Mpls l2vpn Vpls

Hochgeladen von

Copyright:

Verfügbare Formate

Operation Manual VPLS

Quidway S8500 Series Routing Switches

Operation Manual VPLS

1.1 VPLS Overview

Forwarding Equivalence Class

Huawei Technologies Proprietary

Operation Manual VPLS

Network Provider Edge

Provider Edge Router

Penultimate Hop Popping

User facing-Provider Edge

Virtual Leased Line

Virtual Private LAN Service

Virtual Switch Instance

Label Switch Path

1.2 Basic VPLS Network Architectures

Figure 1.1 VPLS network with PW logical multipoint-to-multipoint connection

Huawei Technologies Proprietary

Operation Manual VPLS

UPE1 MPLS edge network

Figure 1.2 hierarchical VPLS network architecture

1.3 VPLS Operational Principle

Huawei Technologies Proprietary

Operation Manual VPLS

Figure 1.1 L2VPN universal transmission components

Huawei Technologies Proprietary

Operation Manual VPLS

1.4 Concepts Related to VPLS

Huawei Technologies Proprietary

Operation Manual VPLS

1.5 VPLS Basic Configuration

Huawei Technologies Proprietary

Operation Manual VPLS

Table 1.1 VPLS configuration tasks

Refer to the related sections

Refer to chapter 2 Configuring

Operation Manual MPLS

[Quidway] mpls ldp remoter

[Quidway] mpls l2vpn

[Quidway] vsi vsi-name

[Quidway -vsi-3com-ldp] peer

VLAN for user

Huawei Technologies Proprietary

Operation Manual VPLS

1.5.2 Configuring Routing Protocols

1.5.3 Configuring Basic MPLS Functions

1.5.4 Configuring LDP Expansion Session Peer

I. Creating a remote peer

Create a remote peer and enter remote-peer

mpls ldp remote-peer index

Remove the remote peer

undo mpls ldp remote-peer index

By default, no remote peer exists.

II. Configuring an address for the remote peer

Configure an address for the remote peer

Huawei Technologies Proprietary

Operation Manual VPLS

1.5.5 Enable MPLS L2VPN

Enable MPLS L2VPN

Disable MPLS L2VPN

undo mpls l2vpn

By default, MPLS L2VPN is disabled.

1.5.6 Creating a VPLS Instance