Beruflich Dokumente
Kultur Dokumente
Carrier-Class Router
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright 2014 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited.
Revision History
Revision No.
Revision Date
Revision Reason
R1.0
2014-10-20
First edition.
SJ-20140731105308-013|2014-10-20 (R1.0)
Contents
About This Manual ......................................................................................... I
Chapter 1 VPN Overview............................................................................ 1-1
Chapter 2 MPLS L2VPN Configuration..................................................... 2-1
2.1 MPLS L2VPN Overview...................................................................................... 2-1
2.2 VPLS Basic Function Configuration ..................................................................... 2-4
2.2.1 VPLS Overview........................................................................................ 2-4
2.2.2 Configuring VPLS..................................................................................... 2-6
2.2.3 VPLS Un-qualified Configuration Instance................................................ 2-12
2.2.4 VPLS Qualified Configuration Instance .................................................... 2-20
2.3 VPLS-MAC Filtering Configuration..................................................................... 2-21
2.3.1 VPLS-MAC Filtering Overview ................................................................ 2-21
2.3.2 Configuring VPLS MAC Filtering.............................................................. 2-21
2.3.3 VPLS-MAC Filter Configuration Instance ................................................. 2-22
2.4 VPWS Basic Function Configuration.................................................................. 2-26
2.4.1 VPWS Overview .................................................................................... 2-26
2.4.2 Configuring VPWS ................................................................................. 2-27
2.4.3 VPWS Configuration Example................................................................. 2-34
2.5 VPWS Heterogeneous Function Configuration ................................................... 2-40
2.5.1 VPWS Heterogeneous Function Overview ............................................... 2-40
2.5.2 Configuring the VPWS Heterogeneous Function ...................................... 2-40
2.5.3 VPWS Heterogeneous Function Configuration Instance............................ 2-41
2.6 MC-ELAM Configuration ................................................................................... 2-45
2.6.1 MC-ELAM Overview ............................................................................... 2-45
2.6.2 Configuring MC-ELAM............................................................................ 2-46
2.6.3 MC-ELAM Configuration Instance ........................................................... 2-49
2.7 CES Service Configuration ............................................................................... 2-55
2.7.1 Overview of CES Services ...................................................................... 2-55
2.7.2 Configuirng CES .................................................................................... 2-55
2.7.3 CES Service Configuration Example........................................................ 2-56
2.8 L2VPN and L3VPN Bridge Function Configuration.............................................. 2-59
2.8.1 L2VPN and L3VPN Bridge Overview ....................................................... 2-59
2.8.2 Configuring L2 VPN and L3 VPN Bridge Function .................................... 2-59
2.8.3 L2VPN and L3VPN Bridge Configuration Instance.................................... 2-62
I
SJ-20140731105308-013|2014-10-20 (R1.0)
II
SJ-20140731105308-013|2014-10-20 (R1.0)
III
SJ-20140731105308-013|2014-10-20 (R1.0)
Figures............................................................................................................. I
Tables .............................................................................................................V
Glossary .......................................................................................................VII
IV
SJ-20140731105308-013|2014-10-20 (R1.0)
Intended Audience
This manual is intended for:
l
l
l
Configuration
configuration instances.
Configuration
configuration instances.
Configuration
configuration instances.
Conventions
This manual uses the following conventions:
Italics
Variables in commands. It may also refers to other related manuals and documents.
Bold
Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters and commands.
Constant
Text that you type, program codes, filenames, directory names, function names.
width
[]
Optional parameters.
{}
Mandatory parameters.
I
SJ-20140731105308-013|2014-10-20 (R1.0)
II
SJ-20140731105308-013|2014-10-20 (R1.0)
Chapter 1
VPN Overview
Development of Network Economy
With the social development, the Information Technology (IT) technology is increasingly
affect the business flows of modern businesses. Enterprise resource planning, Internet
Protocol (IP)-based voice, network-based conference and training, and other IT
technologies provide a supportive framework for office automation and information
acquisition. As more and more businesses expand their branches and partners, employee
mobility is also growing. Thus, businesses urgently need the help of telecom carriers'
networks to connect their headquarters with branches in private enterprise networks, so
that remote employees can easily access their company's internal network (intranet).
Then, with the rise of the Asynchronous Transfer Mode (ATM) and Frame Relay (FR)
technologies, telecom carriers began to provide point-to-point layer-2 connections over
virtual circuits to business customers. Based on these connections, the customers can
build their own layer-3 networks to bear IP and other types of data streams. Compared
with leased lines, virtual circuits feature in shorter service time, lower price, and the ability
to share the network structure of telecom carriers among different dedicated networks.
This typical dedicated network mode is still imperfect:
l
l
l
Introduction of VPN
Although traditional dedicated networks have brought more benefits to businesses, they
still cannot satisfy the requirements of businesses for network flexibility, security, economy,
1-1
SJ-20140731105308-013|2014-10-20 (R1.0)
and scalability. A new alternative is urgently demanded, which can simulate a traditional
dedicated network over the existing IP network. This new solution is called VPN.
Depending on Internet Service Providers (ISPs) and Network Service Providers (NSPs),
VPN can build a virtually dedicated communication network over public networks.
VPN Features
VPN has two basic features:
l
Private: For a VPN subscriber, using VPN is not different from using a traditional
dedicated network. On one hand, VPN and the bottom-layer bearer network have
separate resources. That is, the resources of a VPN generally are not used by other
VPNs or non-VPN users. On the other hand, VPN provides sufficient security to
ensure that the internal information of VPN will not be affected by the outside.
Virtual: The internal communications of VPN users are implemented through a public
network, which is shared by non-VPN users at the same time. That is, VPN users are
using a logically dedicated network. The public network is called VPN Backbone.
Due to the private and virtual features of VPN, the current IP network can be divided into
many logically separate networks. The logically separate networks can be used in a variety
of scenarios: They can be used to solve the interconnections within an enterprise, within
a government sector, or among different government sectors. They can also be used
to provide new services. For example, create a VPN particularly for the IP telephony
service, so as to solve the problem of IP address shortage, guarantee QoS, and launch
new services.
VPN, especially Multi-protocol Label Switching (MPLS) VPN, is increasingly valued by
carriers in solving enterprise interconnection problems and providing various new services.
VPN is becoming an important means of providing value-added services in the IP network.
VPN Advantages
Compared with traditional dedicated data networks, VPN has the following advantages
from the perspective of customers:
l
l
l
l
Operable: VPN can improve the usage ratio of network resources and increase the
profits of ISPs.
1-2
SJ-20140731105308-013|2014-10-20 (R1.0)
l
l
Flexible: VPN users can be added or deleted through software configuration, without
any change of hardware. Therefore, VPN is very flexible in practice.
Multi-service: While providing the VPN interconnection service, SPs can also operate multiple services including network outsourcing, service outsourcing, and customer-oriented professional services.
For its special features, VPN is gaining the favor of more and more enterprises. It allows the
enterprise to care less about network operation and maintenance and be more committed
to achieving business goals. In addition, a carrier can manage and operate only one
network and provide various services on this network, such as Best-effort IP service, VPN,
traffic engineering, and Differentiated Services (Diffserv). As a result, the carrier invests
less in building, operating and maintaining the network.
While ensuring the security, reliability, and manageability of the network, VPN provides
greater scalability and flexibility. As long as the Internet is accessible, VPN can be
deployed anywhere in the world.
1-3
SJ-20140731105308-013|2014-10-20 (R1.0)
1-4
SJ-20140731105308-013|2014-10-20 (R1.0)
Chapter 2
MSPW
Multi-Segmented PW (MSPW): Usually, it is also called Multi-Hop Pseudo Wire (PW).
MSPW means that a PW consists of multiple segmented PWs. It is used to accomplish
a cross-domain PW.
VLSS
VLSS (Virtual Local Switch Service): It provides a connection between local CEs.
The VPWS and VPLS services are most commonly used, which are described as follows.
Users can realize LANs of their own through Metropolitan Area Network (MAN) or Wide
Area Network (WAN).
2-3
SJ-20140731105308-013|2014-10-20 (R1.0)
PW
It is a bidirectional virtual connection between Virtual Switch Interfaces (VSIs) on a
pair of PE devices. It is composed of a pair of unidirectional MPLS Virtual Circuit (VC)
with opposite direction. It is also called emulation circuit.
TAG
TAG is added by service provider to distinguish users. It is called Service Delimiting
(SDT), also called PTAG.
2. Assume that a host connecting to CE1 sends a Medium Access Control (MAC) frame
containing source MAC address X and destination MAC address Y through PE1. If
PE1 does not know the destination PE, it encapsulates a tag 201 to the MAC frame
and then sends the MAC frame to PE2, and it encapsulates a tag 301 to the MAC
frame and then sends the MAC frame to PE3.
3. After PE2 receiving the MAC frame, it judges that the host connecting to PE1 according
to the tag 201, thus it can learn the MAC address X and bind the X to tag 102 (allocated
by PE1).
VPLS Features
There are two modes for PW emulating Ethernet, Raw and Tagged modes.
l
In Raw mode, the type of PW is Ethernet. The packets are transmitted in PW without
PTAG. PTAG will be removed if an AC packet containing PTAG is transmitted in PW.
The information of VLAN tag will not be changed in PW transmission if the AC packet
is transmitted without PTAG.
In Tag mode, the type of PW is Ethernet-VLAN. The packets are transmitted in PW
with PTAG. PTAG will be kept with the AC packet to transmit to the peer PE if the AC
packet contains PTAG. A PTAG or a special PTAG-Vlan 0tag is encapsulated into the
AC packet if the AC packet is transmitted in PW without PTAG.
Caution!
In both of RAW and Tag modes, the user VLAN tags locating at frame headers are
transmitted transparently without any changing.
There are two modes for MAC address learning, qualified and unqualified modes.
l
Qualified mode
PE learns MAC address according to the MAC address and VLAN tag containing in
user Ethernet packet. In qualified mode, every user VLAN has its own broadcast
domain and independent MAC address space.
Unqualified mode
PE learns MAC address according to the MAC address containing in user Ethernet
packet. In unqualified mode, all user VLANs share a broadcast domain and a MAC
address space. The MAC address of user VLAN has to be unique. The MAC
addresses cannot be repeated.
PW has two transmission modes, Spoke and Hub modes. To solve the full-connection
broadcast loop and realize the hierarchical accessing, people define PW transmission
attributes Spoke and Hub modes and AC Server/Client mode. In VPLS working
mechanism, PE router broadcasts (flooding) broadcast, multicast and unknow frames to
other network members. The broadcast rules of different modes are described as follows:
2-5
SJ-20140731105308-013|2014-10-20 (R1.0)
l
l
l
l
Broadcast the broadcast packets received from a Spoke mode PW to all ACs (Client
and Server), Hub mode PWs and other Spoke mode PWs.
Broadcast the broadcast packets received from a Server (Server-AC) to other ACs
(Client and Server), all Spoke mode PWs and Hub mode PWs.
Broadcast the broadcast packets received from a Hub mode PW to all Server-ACs
and Spoke mode PWs, but not broadcast to other Hub mode PWs and all Client-ACs.
Broadcast the broadcast packets received from a Client (Client-AC) to all Server-ACs
and Spoke mode PWs, but not broadcast to Hub mode PWs and other Client-ACs.
Steps
1. Enable L2VPN.
Command
Function
Enables L2VPN.
Command
Function
ZXR10(config)#pw pw <1-115968>
Creates a pw interface in
global configuration mode.
ZXR10(config)#tunnel-policy <tunnel-policy-name>
Command
Function
ZXR10(config)#vpls <vpls-name><multi-mac-spaces>
2-6
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpls-vpls-name)#access-point
Specifies an interface to be
<ac-interface>[split-horizon]
Without split-horizon:
The AC interface
operates in server mode.
ZXR10(config-vpls-vpls-name-ac-ac-interface)#a
ccess-params ethernet
4
ZXR10(config-vpls-vpls-name)#pseudo-wire
pw<1-115968>[spoke]
VPLS instance.
ZXR10(config-vpls-vpls-name-pw-pw-number)#neigh
Command
Function
ZXR10(config-vpls-vpls-name)#default-vcid <vcid>
ZXR10(config-vpls-vpls-name)#mac
mode.
3
Enables mac-withdraw
ZXR10(config-vpls-vpls-name)#mac-withdraw
function.
4
ZXR10(config-vpls-vpls-name)#description <string>
ZXR10(config-vpls-vpls-name)#mtu <mtu>
2-7
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpls-vpls-name)#traffic-statistics
{enable|disable}
ZXR10(config-vpls-vpls-name)#traffic-statistics
<number>]
8
ZXR10(config-vpls-vpls-name)#traffic-statistics
ZXR10(config-vpls-vpls-name)#traffic-statistics
pps <number>]
rate.
5. (Optional) Configure the attributes of the AC interface for the VPLS instance.
Step
Command
Function
ZXR10(config-vpls-vpls-name)#access-point
<ac-interface>[split-horizon]
ZXR10(config-vpls-vpls-name-ac-ac-interface)#a
ccess-params ethernet
3
ZXR10(config-vpls-vpls-name-ac-ac-interface-
ZXR10(config-vpls-vpls-name-ac-ac-interface-
(adds a VLAN).
ZXR10(config-vpls-vpls-name-ac-ac-interface-
Configures ingress
ZXR10(config-vpls-vpls-name-ac-ac-interface-
eth)#oam-mapping {enable|disable}
ZXR10(config-vpls-vpls-name-ac-ac-interface-
eth)#traffic-statistics{enable|disable}
6. (Optional) Configure the attributes of the PW instance for the VPLS instance.
Step
Command
Function
ZXR10(config-vpls-vpls-name-pw-pw-number-
neighbour)#control-word preferred
word or not.
2-8
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpls-vpls-name-pw-pw-number-
ZXR10(config-vpls-vpls-name-pw-pw-number-
neighbour)#tunnel-policy <tunnel-policy-name>
policy of a PW.
ZXR10(config-vpls-vpls-name-pw-pw-number-
of a PW to signal triggering.
ZXR10(config-vpls-vpls-name-pw-pw-number-
of a PW.
ZXR10(config-vpls-vpls-name-pw-pw-number-
neighbour)#track <track-name>
ZXR10(config-vpls-vpls-name-pw-pw-number-
neighbour)#traffic-statistics{enable|disable}
Command
Function
ZXR10(config-vpls-vpls-name)#pseudo-wire
pw<1-115968>[spoke]
2
ZXR10(config-vpls-vpls-name-spoke-pw-pw-
Binds a PW redundancy
number)#redundency-manager
2-9
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpls-vpls-name-spoke-pw-pw-
type.
ZXR10(config-vpls-vpls-name-spoke-pw-pw-
mode.
slave}
5
ZXR10(config-vpls-vpls-name)#backup-pw
ZXR10(config-vpls-vpls-name-spoke-pw-pw-
instance.
Command
Function
ZXR10(config)#aps
ZXR10(config-aps)#linear-protect
ZXR10(config-aps-linear-protect)#p
w-protector pw<1-115968>
APS PW mode.
ZXR10(config-aps-linear-protect-pw-
number)#revertive-mode {non-revertive |
Command
Function
ZXR10(config)#vpls <vpls-name><multi-mac-spaces>
ZXR10(config-vpls-vpls-name)#auto-discovery
kompella
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpls-vpls-name-kompella)#rd
{<0-65535>:<0-4294967295> | A.B.C.D:<0-65535>}
ZXR10(config-vpls-vpls-name-kompella)#route-tar
A.B.C.D:<0-65535>}
5
ZXR10(config-vpls-vpls-name-kompella)#ve-id
<0-65534>
6 (
ZXR10(config-vpls-vpls-name-kompella)#ve-set
Op-
discrete
tion-
discovery.
al)
7 (
ZXR10(config-vpls-vpls-name-kompella)#ve-set
Op-
max-ve-id <1-79>
tion-
discovery.
al)
Function
2-11
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
FEC128 type.
type>]|local-label <value>|remote-label
<value>|service-type {vpls|vpws|mspw}[id
<value>|name <instance-name>]|used-only|unuse-only
[no-remote|no-config]]
ZXR10#show pwe3 signal fec128 detail[[peer
of FEC128 type.
type>]|local-label <value>|remote-label
<value>|service-type {vpls|vpws|mspw}[id
<value>|name <instance-name>]|used-only|unuse-only
[no-remote|no-config]] detail
ZXR10#show pwe3 signal fec129 [{used-only | unuse-only
FEC129 type.
of FEC128 type.
signalling states.
ZXR10#show l2vpn protectgroup [<pw-name>]
information.
<0-65534>]}[detail]
End of Steps
2-12
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure information on the interfaces of PE1 and PE2 connected to CEs. If the
sub-interfaces are used as ACs, it is necessary to configure VLAN/QinQ encapsulation
on the sub-interfaces.
2. Configure information on the interconnected interfaces between PE1 and PE2 to make
PE1 interconnect to PE2.
3. Configure loopback interfaces on PE1 and PE2 and use them as LDP router-IDs.
4. Configure routing information to advertise the loopback interface addresses. Make
sure that the next hop/egress of the routes are the LDP public network interfaces in
the next step.
5. Configure an LDP instance. Enable MPLS LDP function on the interconnected
interfaces between PE1 and PE2. Use the interfaces as LDP public network
interfaces. PE1 and PE2 are directly connected, so it is unnecessary to establish a
target-session.
6. Configure a VPLS instance. Make sure that the VPLS neighbors are consistent with
LDP neighbors.
Configuration Command
Configuration on PE1:
Configure addresses on the direct-connected interface between PEs, loopback interface,
and AC sub-interface.
PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip address 100.10.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/1.1
PE1(config-gei-0/1/0/1.1)#exit
PE1(config)#vlan-configuration
PE1(config-vlan)#interface gei-0/1/0/1.1
PE1(config-vlan-if-gei-0/1/0/1.1)#encapsulation-dot1q 100
PE1(config-vlan-if-gei-0/1/0/1.1)#exit
PE1(config-vlan)#exit
2-13
SJ-20140731105308-013|2014-10-20 (R1.0)
Configure LDP:
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/2
PE1(config-ldp-1-if-gei-0/1/0/2)#exit
PE1(config-ldp-1)#exit
PE1(config-vpls-zte1-ac-gei-0/1/0/1.1)#access-params ethernet
/*This command is required, otherwise the AC interface is invalid.*/
PE1(config-vpls-zte1-ac-gei-0/1/0/1.1-eth)#end
Configuration on PE2:
Configure addresses on the direct-connected interface between PEs, loopback interface,
and AC sub-interface.
PE2(config)#interface gei-0/1/0/2
PE2(config-if-gei-0/1/0/2)#ip address 100.10.1.2 255.255.255.0
PE2(config-if-gei-0/1/0/2)#no shutdown
PE2(config-if-gei-0/1/0/2)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/1.1
PE2(config-gei-0/1/0/1.1)#exit
PE2(config)#vlan-configuration
PE2(config-vlan)#interface gei-0/1/0/1.1
PE2(config-vlan-if-gei-0/1/0/1.1)#encapsulation-dot1q 100
PE2(config-vlan-if-gei-0/1/0/1.1)#exit
2-14
SJ-20140731105308-013|2014-10-20 (R1.0)
Configure LDP:
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface gei-0/1/0/2
PE2(config-ldp-1-if-gei-0/1/0/2)#exit
PE2(config-ldp-1)#exit
Configuration Verification
Check the configuration results. Take PE1 as an example. The procedure to check the
configurations on PE2 is the same as that to check the configurations on PE1.
1. Run the show running-config ospf command to check whether the route configuration
is correct, and run the show ip forwarding route command to view the configuration
result, as shown in the following:
PE1#show running-config ospfv2
! <OSPF>
router ospf 1
network 1.1.1.1 0.0.0.0 area 0.0.0.0
/*Advertise the address that will be used as the address of a PW neighbor in VPLS.
When configuring LDP, make sure that this address is used as the LDP router-id,
and use this address to establish an LDP session.*/
network 100.10.1.0 0.0.0.255 area 0.0.0.0
/*Advertise the address on the interface directly connected to the peer PE.
Use this address to establish a connection with the OSPF neighbor.*/
router-id 1.1.1.1
2-15
SJ-20140731105308-013|2014-10-20 (R1.0)
Gw
Interface
Owner
100.10.1.2
gei-0/1/0/2
OSPF
Pri Metric
110 2
After the route configuration, the route to the router-id of the VPLS PW neighbor and
also the LDP peer is generated. The local egress interface is gei-0/1/0/2, and the next
hop address is 100.10.1.2.
2. Run the show running-config ldp command to check whether the LDP configuration
is correct, and run the show mpls ldp neighbor instance command to check the
configuration result of LDP neighbor establishment, as shown in the following:
PE1#show running-config ldp
! <LDP>
mpls ldp instance 1
router-id loopback1
interface gei-0/1/0/2
/*The egress interface of the route to the LDP neighbor (see step 1) must be
enabled under the mpls ldp.*/
$
! </LDP>
2-16
SJ-20140731105308-013|2014-10-20 (R1.0)
100.10.1.2
Note:
To establish a VPLS PW, it is necessary to check wether the LDP session to the
specified neighbor exists. This the session does not exist, signalling to establish PW
will not be sent, and the PW cannot be established.
3. Run the show mpls ldp bindings command on PE2 to check whether LDP distributes
the local label of public network for the PW neighbor. After the label is mapped to PE1,
check whether it is marked inuse as a remote label.
PE2#show mpls ldp bindings 1.1.1.2 32 detail instance 1
1.1.1.2/32
local binding:
label: imp-null
advertised to:
1.1.1.1:0
remote binding: lsr: 1.1.1.1:0, label: 16484
label: 16484
advertised to:
1.1.1.2:0
remote binding: lsr: 1.1.1.2:0, label: imp-null(inuse)
PE2 distributes an explicit null label {3} for the local loopback address 1.1.1.2. PE1
learns the label 3 distributed for 1.1.1.2 by PE2. The label is marked inuse.
4. Run the show mpls forwarding command to check whether the label distributed to
the PW neighbor is written to the label forwarding table, and run the ping mpls ipv4
command to check whether the public network tunnel to the specified PW neighbor is
established successfully.
PE1#show mpls forwarding-table
Local
Outgoing
Prefix or
Outgoing
label
label
Tunnel Id
interface
16484
Poptag
1.1.1.2/32
gei-0/1/0/2
Next Hop
100.10.1.2
M/S
2-17
SJ-20140731105308-013|2014-10-20 (R1.0)
5. Run the show pwe3 signal command to check whether the local device can send
signalling to establish a PW. In normal situations, if the LDP session to the specified
PW neighbor exists in the results of Step 2, PWE3 signalling can be sent.
PE1(config)#show pwe3 signal fec128 detail pw-name pw1
The detailed signal information of dynamic fec128 PWs or PW-segments:
UP
GR1
GR2
PW entity
LSPs formed
: YES
C-bits
: local
MTU
: local
negotiated
negotiated
: NO
, remote
: NO
, remote
: 1500
: NO
: 1500
: 1500
labels
: local
: 81920
, remote
: 81920
signal
: Configured
: YES
, Received
: YES
Negotiated
: YES
, Sent
: YES
AC ready
: YES
oam status
: local
redundancy
: local
remote
negotiated
application
, remote
: ACTIVE
: ??
: service-type : VPLS
, instance-id: 11
MAC-withdraw : received
: 0
, sent
: 0
local-VCCV
: CC-type
: AL|TTL
, CV-type
: LSP
remote-VCCV
: CC-type
: AL|TTL
, CV-type
: LSP
actual-VCCV
: CC-type
: AL
, CV-type
: LSP
2-18
SJ-20140731105308-013|2014-10-20 (R1.0)
attachment-circuit : ??
local-description
: zte1
remote-description : zte1
6. Run the show l2vpn forwardinfo comamnd to check whether the PW is established
successfully, and run the detail keyword to check the detailed information of the inner
and the outer labels for this PW.
PE1#show l2vpn forwardinfo vpnname zte1
Hearders: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - owner type and instance name
Codes:
PWName
PeerIP
FEC PWType
pw1
1.1.1.2
128 Ethernet
State Llabel
H UP
81920
Rlabel
VPNowner
81920
L:zte1
Codes
PWNF
AR
AT
PSNR
PSNT
PWFS
RS
PWSA
-------------------------------------------------------------------------------
zte1]
Peer IP address
: 1.1.1.2
VCID
: 10
Connection mode
: HUB
VCID Extend
: 0
Signaling protocol
: LDP
VC type
: Ethernet
: 00:10:59
Create time
: 81920
PW name
: pw1
Control Word : -
Activation status
: ENABLE
Band Width
: -
FRR type
: NULL
VC status
: UP
Remote status
: ALLOK
VCCV CC type
: ALERT_LABEL
VCCV CV type
: LSP
Tunnel label
: { 3 }
Output interface
: gei-0/1/0/2
: 0 kbps
2-19
SJ-20140731105308-013|2014-10-20 (R1.0)
: { 81920 3 }
7. Run the ping mpls pseudowire command to check whether the PW is established
correctly.
PE1#ping mpls pseudowire pw1
sending 5,120-byte MPLS echo(es) to pw1,timeout is 2 second(s).
'.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch,
transit router,
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 5/5/6 ms
After the VPLS application, the two CE devices can ping each successfully.
CE1#ping 10.1.1.2
sending 5,100-byte ICMP echoes to 10.1.1.2,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.
CE2#ping 10.1.1.1
sending 5,100-byte ICMP echoes to 10.1.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.
/*Configure an AC interface*/
PE1(config-vpls-zte1-ac-gei-0/1/0/1.1)#access-params ethernet
/*This command is required, otherwise the AC member is invalid.*/
2-20
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on PE2:
PE2(config)#mpls l2vpn enable
PE2(config)#pw pw1
PE2(config)#vpls zte1 multi-mac-spaces
PE2(config-vpls-zte1)#pseudo-wire pw1
PE2(config-vpls-zte1-pw-pw1)#neighbour 1.1.1.1 vcid 10
PE2(config-vpls-zte1-pw-pw1-neighbour-1.1.1.1)#exit
PE2(config-vpls-zte1-pw-pw1)#exit
PE2(config-vpls-zte1)#access-point gei-0/1/0/1.1
PE2(config-vpls-zte1-ac-gei-0/1/0/1.1)#access-params ethernet
The configuration verification procedure for a VPLS qualified instance is the same as that
for a VPLS un-qualified instance.
Steps
1. Creates L2VPN VPLS service instance.
2-21
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
ZXR10(config)#vpls <name>[multi-mac-spaces]
[multi-mac-spaces] means that the instance space can be divided into multiple MAC
address space based on the Tag information.
2.
Step
Command
Function
ZXR10(config-vpls-name)#mac
ZXR10(config-vpls-name-mac)#filter
Function
End of Steps
2-22
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Establish VPLS connection between PE1 and PE2, configure VPLS instance.
2. Enter VPLS MAC configuration mode on PE, configure MAC filter rule.
Configuration Command
Configuration on PE1:
PE1(config)#mpls l2vpn enable
PE1(config)#pw pw1
PE1(config)#vpls vpls_a
PE1(config-vpls-vpls_a)#pseudo-wire pw1
PE1(config-vpls-vpls_a-pw-pw1)#neighbour 1.1.1.2 vcid 100
PE1(config-vpls-vpls_a-pw-pw1-neighbour-1.1.1.2)#exit
PE1(config-vpls-vpls_a-pw-pw1)#exit
PE1(config-vpls-vpls_a)#access-point gei-0/1/0/2
PE1(config-vpls-vpls_a-ac-gei-0/1/0/2)#access-params ethernet
PE1(config-vpls-vpls_a-ac-gei-0/1/0/2-eth)#exit
PE1(config-vpls-vpls_a-ac-gei-0/1/0/2)#exit
PE1(config-vpls-vpls_a)#exit
PE1(config)#interface loopback10
PE1(config-if-loopback10)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback10)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip address 2.2.2.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 2.2.2.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#router-id 1.1.1.1
2-23
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on PE2:
PE2(config)#mpls l2vpn enable
PE2(config)#pw pw1
PE2(config)#vpls vpls_a
PE2(config-vpls-vpls_a)#pseudo-wire pw1
PE2(config-vpls-vpls_a-pw-pw1)#neighbour 1.1.1.1 vcid 100
PE2(config-vpls-vpls_a-pw-pw1-neighbour-1.1.1.1)#exit
PE2(config-vpls-vpls_a-pw-pw1)#exit
PE2(config-vpls-vpls_a)#access-point gei-0/3/0/3
PE2(config-vpls-vpls_a-ac-gei-0/1/0/2)#access-params ethernet
PE2(config-vpls-vpls_a-ac-gei-0/1/0/2-eth)#exit
PE2(config-vpls-vpls_a-ac-gei-0/1/0/2)#exit
PE2(config-vpls-vpls_a)#exit
PE2(config)#interface loopback10
PE2(config-if-loopback10)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback10)#exit
PE2(config)#interface gei-0/2/0/1
PE2(config-if-gei-0/2/0/1)#no shutdown
PE2(config-if-gei-0/2/0/1)#ip address 2.2.2.2 255.255.255.0
PE2(config-if-gei-0/2/0/1)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#network 2.2.2.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#router-id 1.1.1.2
PE2(config-ospf-1)#exit
Configuration Verification
Check the configuration on PE1, as shown in the following:
2-24
SJ-20140731105308-013|2014-10-20 (R1.0)
PWName
PeerIP
FEC PWType
State Llabel
Rlabel
VPNowner
pw1
1.1.1.2
128 Ethernet
H UP
81920
L:vpls_a
81920
CE1 and CE2 send streams whose source MAC addresses are 0000.0000.1111 and
0000.0000.2222 respectively. Check the MAC learning as follows:
PE1(config)#show mac vpls instance vpls_a
Total MAC Entries:
0000.0000.1111 0
gei-0/1/0/2
Attribute Age
Dynamic
00:00:02:28
0000.0000.2222 0
pw1
Dynamic
00:00:01:12
2-25
SJ-20140731105308-013|2014-10-20 (R1.0)
CE1 and CE2 sends streams whose source MAC addresses are 0000.0000.1111 and
0000.0000.2222 respectively. Check the MAC learning as follows:
PE1(config)#show mac vpls instance vpls_a
Total MAC Entries:
MAC
Attribute
Age
NULL
Filter(Src)
00:00:02:19
Filter(Src)
00:00:02:16
NULL
between clients and network providers maintain constant, but services encapsulated are
transmitted over IP backbone network of the network provider.
LSP tunnel through MPLS net should be defined between two PE routers, and it should
provide tunnel label transparently transmitting data between two PE routers. At the same
time, direct process of LDP label distribution protocol is also defined between two PE
routers to transmit virtual link information. Among them, distributing VC Label through
matching VCID is critical.
When data packet enters PE router at the port of Layer 2 transparent transmission, PE
router finds the corresponding Tunnel Label and VC Label through matching VCID. PE
router will put two layers labels on the data packet. External layer is Tunnel Label indicating
the route from this PE router to destination PE router. Internal layer is VC Label indicating
which corresponding router port of VCID belongs to on destination PE router.
PE router should monitor Layer 2 protocol state at each port, such as FR Local
Management Interface (LMI) and ATM Interim Local Management Interface (ILMI). When
a fault occurs, users can cancel VC Label through LDP label distribution protocol process
so that Layer 2 transparent transmission is shut off avoiding producing unidirectional
unwanted data stream.
Such Layer 2 transparent transmission based on MPLS changes traditional confinement
that Layer 2 link should be implemented through network switch. It essentially forms a
pattern of One Net Multi-Service pattern and makes the operator provide Layer 2 and Layer
3 Services simultaneously in a MPLS net.
Steps
1. Enable L2VPN.
Command
Function
Enables L2VPN.
Command
Function
ZXR10(config)#pw pw <1-115968>
Creates a pw interface in
global configuration mode.
ZXR10(config)#tunnel-policy <tunnel-policy-name>
2-27
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
ZXR10(config)#vpws <vpws-name>
ZXR10(config-vpws-vpws-name)#access-point
Specifies an interface to be
<ac-interface>
ZXR10(config-vpws-vpws-name-ac-ac-interface)#a
encapsulation type.
ZXR10(config-vpws-vpws-name)#pseudo-wire
pw<1-115968>
VPWS instance.
ZXR10(config-vpws-vpws-name-pw-pw-number)#neigh
Function
ZXR10(config-vpws-vpws-name)#mtu <mtu>
ZXR10(config-vpws-vpws-name)#description <string>
ZXR10(config-vpws-vpws-name)#traffic-statistics
{enable|disable}
5. (Optional) Configure the attributes of the AC interface for the VPWS instance.
Step
Command
Function
ZXR10(config-vpws-vpws-name-ac-ac-interface)#i
Enters heterogeneous IP
nter-working ip
mode.
ZXR10(config-vpws-vpws-name-ac-ac-interface-
iwf-ip)#local-ce-mac <mac-address>
ZXR10(config-vpws-vpws-name-ac-ac-interface)#a
Configures the AC
ccess-params ethernet
encapsulation type.
ZXR10(config-vpws-vpws-name-ac-ac-interface-
ZXR10(config-vpws-vpws-name-ac-ac-interface-
(adds a VLAN).
2-28
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpws-vpws-name-ac-ac-interface-
eth)#oam-mapping {enable|disable}
ZXR10(config-vpws-vpws-name-ac-ac-interface-
eth)#lst {enable|disable}
local AC interface.
8
ZXR10(config-vpws-vpws-name-ac-ac-interface-
eth)#traffic-statistics{enable|disable}
6. (Optional) Configures the attributes of the PW instance for the VPWS instance.
Step
Command
Function
ZXR10(config-vpws-vpws-name-pw-pw-number)#neigh
Configures a PW entity.
ZXR10(config-vpws-vpws-name-pw-pw-number-
neighbour)#control-word preferred
word or not.
ZXR10(config-vpws-vpws-name-pw-pw-number-
of a PW.
-port|fr-dlci|fr-dlci-old|aal5-sdu|atm-vcc|atm-vpc|atm-vcc
-group|atm-vpc-group|atm-port|{raw|tagged}[reversing]}
4
ZXR10(config-vpws-vpws-name-pw-pw-number-
ZXR10(config-vpws-vpws-name-pw-pw-number-
neighbour)#tunnel-policy <tunnel-policy-name>
policy of a PW.
ZXR10(config-vpws-vpws-name-pw-pw-number-
of a PW to signal triggering.
ZXR10(config-vpws-vpws-name-pw-pw-number-
a PW.
frr: If a CSF message is
received, the APS is not
notified, and FRR handover
calculation is not performed.
[abort]: The oam-mapping to
AC is not processed.
ZXR10(config-vpws-vpws-name-pw-pw-number-
neighbour)#traffic-statistics{enable|disable}
Command
Function
ZXR10(config-vpws-vpws-name-pw-pw-number)#redu
Binds a PW redundancy
ndency-manager
ZXR10(config-vpws-vpws-name-pw-pw-number-
type.
ZXR10(config-vpws-vpws-name-pw-pw-number-rm)#p
mode.
ZXR10(config-vpws-name-pw-pw-number-rm)#pfs-bits-
advertise regardless-of-ac
PW negotiation state to be
unrelated to the AC.
ZXR10(config-vpws-vpws-name)#backup-pw
ZXR10(config-vpws-vpws-name-protect-pw-
instance.
2-30
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config)#aps
ZXR10(config-aps)#linear-protect
instance.
3
ZXR10(config-aps-linear-protect)#pw-protector
pw<1-115968>
ZXR10(config-aps-linear-protect-pw-number)#r
default}}}
(non-revertive/revertive)
of the protector, and the
waiting time for the reversion.
Command
Function
Configures an inter-chassis
<1-4294967293>
ZXR10(config-rg-group-id)#apply mc-pw
protection group to an
MC-PW.
3
ZXR10(config-vpws-vpws-name)#pseudo-wire
pw<1-115968>
4
ZXR10(config-vpws-vpws-name-pw-pw-number)#neigh
Configures a PW entity.
ZXR10(config-vpws-vpws-name-pw-pw-number)#redu
ndancy-manager{mc-master|mc-slave}
redundancy group.
ZXR10(config-vpws-vpws-name-pw-pw-number-rm)#m
c-protect-type coworker-proxy
protection type to
coworker-proxy.
2-31
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
7 (
ZXR10(config-vpws-vpws-name-pw-pw-number-rm)#m
Op-
c-protect-type mc-selection
tion-
al)
8 (
ZXR10(config-vpws-vpws-name-pw-pw-number-rm)#m
Op-
c-protect-type oam-mapping
redundancy protection
tion-
al)
redundancy protection
type and the mc-selection
redundancy protection type
cannot be configured at the
same time.
9 (
ZXR10(config-vpws-vpws-name-pw-pw-number-
Op-
tion-
<1-18446744073709551615>
al)
object.
This command is configured
when it is necessary to
configure the mc-selection
type or oam-mapping type.
10
11
ZXR10(config-vpws-vpws-name)#coworker-proxy-pw
ZXR10(config-vpws-vpws-name-protect-pw-pw-
2-32
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpws-vpws-name)#access-point
<interface-name>
service.
ZXR10(config-vpws-vpws-name-ac-interface-
name)#traffic-behavior
mode.
ZXR10(config-vpws-vpws-name-ac-interface-name-
behavior)#ce-side {1+1|1:1|load-balance}
at the CE side.
ZXR10(config-vpws-vpws-name)#coworker-proxy-pw
Configures a PW to protect
the AC.
ZXR10(config-vpws-vpws-name-protect-pw-pw-
entity.
Function
instances.
ZXR10#show l2vpn forwordinfo vpnname <vpn-name>[detail]
summary of PW.
PW is down.
PW signalling states.
2-33
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
End of Steps
Configuration Flow
1.
2.
3.
4.
Configuration Command
Configuration on PE1:
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#ip address 1.1.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 100.100.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
2-34
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on PE2:
PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#ip address 1.1.1.2 255.255.255.0
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 100.100.1.2 255.255.255.255
PE2(config-if-loopback1)#exit
2-35
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
After the configuration, a VPWS PW can be established successfully. The following
information shows the result of configuration verification.
PE1#show l2vpn forwardinfo vpnname vpws_zte1
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes
PWName
PeerIP
FEC PWType
State Llabel
Rlabel
VPNowner
pw1
100.100.1.2
128 Ethernet
up
81921
W:vpws_zte1
81921
Codes
PWNF
AR
AT
PSNR
PSNT
PWFS
RS
PWSA
-------------------------------------------------------------------------------
vpws1]
Peer IP address
: 100.100.1.2
VCID
: 20
Connection mode
VCID Extend
: 0
2-36
SJ-20140731105308-013|2014-10-20 (R1.0)
: LDP
VC type
: Ethernet
Create time
: 00:02:27
: 81921
PW name
: pw1
Band Width
: 0 kbps
: -
VC status
: UP
Remote status
: ALLOK
VCCV CC type
: CWORD
VCCV CV type
: LSP
Tunnel label
: { 3 }
Output interface
: gei-0/1/0/1
: { 81921 3 }
FRR type
: NULL
Configuration Flow
1. Configure VPWS instances on R1 and R2.
2. Configure BFD under the VPWS instances of R1 and R2.
Configuration Commands
Configure R1 as follows:
R1(config)#interface xgei-0/5/0/3
R1(config-if-xgei-0/5/0/3)#ip address 201.2.3.2 255.255.255.0
R1(config-if-xgei-0/5/0/3)#exit
R1(config)#interface loopback1
R1(config-if-loopback1)#ip address 100.1.1.2 255.255.255.255
R1(config-if-loopback1)#exit
R1(config)#router ospf 1
R1(config-ospf-1)#network 201.2.3.0 0.0.0.255 area 0
R1(config-ospf-1)#network 100.1.1.2 0.0.0.0 area 0
R1(config-ospf-1)#exit
2-37
SJ-20140731105308-013|2014-10-20 (R1.0)
R1(config)# pw pw1
R1(config)#vpws vpws-bfd
R1(config-vpws-vpws-bfd)# access-point xgei-0/5/0/4
R1(config-vpws-vpws-bfd-ac-xgei-0/5/0/4)# access-params ethernet
R1(config-vpws-vpws-bfd-ac-xgei-0/5/0/4-eth)#exit
R1(config-vpws-vpws-bfd-ac-xgei-0/5/0/4)#exit
R1(config-vpws-vpws-bfd)# pseudo-wire pw1
R1(config-vpws-vpws-bfd-pw-pw1)#neighbour 100.1.1.3 vcid 1
R1(config-vpws-vpws-bfd-pw-pw1-neighbour-100.1.1.3)# vccv bfd capability basic
encapsulation ip
R1(config-vpws-vpws-bfd-pw-pw1-neighbour-100.1.1.3)#exit
R1(config-vpws-vpws-bfd-pw-pw1)#exit
R1(config-vpws-vpws-bfd)#exit
R1(config)#bfd
R1(config-bfd)# session pw-bfd pw-bfd pw-name pw1
R1(config-bfd-pw-pw-bfd)#exit
R1(config-bfd)#exit
Configure R2 as follows:
R2(config)#interface xgei-0/0/0/3
R2(config-if-xgei-0/0/0/3)#ip address 201.2.3.3 255.255.255.0
R2(config-if-xgei-0/0/0/3)#exit
R2(config)#interface loopback1
R2(config-if-loopback1)#ip address 100.1.1.3 255.255.255.255
R2(config-if-loopback1)#exit
R2(config)#router ospf 1
R2(config-ospf-1)#network 201.2.3.0 0.0.0.255 area 0
R2(config-ospf-1)#network 100.1.1.3 0.0.0.0 area 0
R2(config-ospf-1)#exit
R2(config)#pw pw1
2-38
SJ-20140731105308-013|2014-10-20 (R1.0)
R2(config)#bfd
R2(config-bfd)# session pw-bfd pw-bfd pw-name pw1
R2(config-bfd-pw-pw-bfd)#exit
R2(config-bfd)#exit
Configuration Verification
After the configurations, you can run the show l2vpn forwardinfo vpnname command to
check the VPWS instances and the show bfd neighbors pw brief command to check the
VPWS BFD configuration.
Check the VPWS instance on R1 as follows:
R1(config)#show l2vpn forwardinfo vpnname vpws-bfd
Headers: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - owner type and instance name
Codes
PWName
PeerIP
FEC PWType
State Llabel
Rlabel
VPNowner
pw1
100.1.1.3
128 Ethernet
UP
81921
W:vpws-bfd
81922
Pwname
LD
RD
Hold
State
pw1
33233
2981
150
UP
2-39
SJ-20140731105308-013|2014-10-20 (R1.0)
PWName
PeerIP
FEC PWType
State Llabel
Rlabel
VPNowner
pw1
100.1.1.2
128 Ethernet
UP
81922
W:vpws-bfd
81921
Pwname
LD
RD
Hold
State
pw1
2981
33233
150
UP
In this manual, the heterogeneous function is described in the heterogeneous types instead
of the heterogeneous modes.
Steps
1. Create a VPWS instance and bind an interface to an AC.
2-40
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
Enables L2VPN.
ZXR10(config)#vpws <vpws-name>
ZXR10(config-vpws-vpws-name)#access-point
<ac-interface>
Command
Function
ZXR10(config-vpws-vpws-name-ac-ac-interface)#in
Configures the IP
ter-networking ip
heterogeneous function.
ZXR10(config-vpws-vpws-name-ac-ac-interface-
iwf-ip)#local-ce-mac <xxxx.xxxx.xxxx>
ZXR10(config-vpws-vpws-name-ac-ac-interface-
iwf-ip)#remote-ce ip {<ipv4-address>}
a remote CE.
Function
<vpn-name>[detail]
specified instance.
End of Steps
Configuration Flow
1. Configure routes between PE1 and PE2.
2. Establish LDP neighbor relationship between PE1 and PE2.
2-41
SJ-20140731105308-013|2014-10-20 (R1.0)
3. Enable MPLS L2 VPN on PE1 and PE2. Create a PW. Configure a VPWS instance
and configure the related remote member.
4. On PE1, the POS interface works as an AC to connect to the VPWS instance. The
GE interface on the PE is connected to a VPWS instance.
Configuration Command
The configuration of PE1:
ZXR10(config)#interface loopback1
ZXR10(config-if-loopback1)#ip address 1.1.1.46 255.255.255.255
ZXR10(config-if-loopback1)#exit
ZXR10(config)#interface gei-0/5/0/3
ZXR10(config-if-gei-0/5/0/3)#no shutdown
ZXR10(config-if-gei-0/5/0/3)#ip address 172.20.130.213 255.255.255.252
ZXR10(config-if-gei-0/5/0/3)#exit
ZXR10(config)#router isis 10
ZXR10(config-isis-10)#area 49.0172
ZXR10(config-isis-10)#system-id 0020.0096.0001
ZXR10(config-isis-10)#interface gei-0/5/0/3
ZXR10(config-isis-10-if-gei-0/5/0/3)#ip router isis
ZXR10(config-isis-10-if-gei-0/5/0/3)#exit
ZXR10(config-isis-10)#interface loopback1
ZXR10(config-isis-10-if-loopback1)#ip router isis
ZXR10(config-isis-10-if-loopback1)#exit
ZXR10(config-isis-10)#exit
2-42
SJ-20140731105308-013|2014-10-20 (R1.0)
ZXR10(config)#interface pos3-0/3/0/1
ZXR10(config-if-pos3-0/3/0/1)#no shutdown
ZXR10(config-if-pos3-0/3/0/1)#exit
ZXR10(config)#ppp
ZXR10(config-ppp)#interface pos3-0/3/0/1
/*Configure PPP proxy so that PPP routes will be generated on CE1*/
ZXR10(config-ppp-if)#end
ZXR10(config)#router isis 10
ZXR10(config-isis-10)#area 49.0172
ZXR10(config-isis-10)#system-id 0020.0096.0002
ZXR10(config-isis-10)#interface gei-0/5/0/3
ZXR10(config-isis-10-if-gei-0/5/0/3)#ip router isis
ZXR10(config-isis-10-if-gei-0/5/0/3)#exit
ZXR10(config-isis-10)#interface loopback1
ZXR10(config-isis-10-if-loopback1)#ip router isis
ZXR10(config-isis-10-if-loopback1)#exit
ZXR10(config-isis-10)#exit
2-43
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
After the configuration, the VPWS PW is Up. CE1 can ping CE2 (100.1.1.2) successfully.
CE1#show ip for rout ppp
IPv4 Routing Table:
status codes: *valid, >best
Dest
Gw
*> 100.1.1.2/32
Interface
100.1.1.1
pos3-0/5/0/1
Owner
ppp
Pri Metric
0
UP
GR1
GR2
PW entity
LSPs formed
: YES
C-bits
: local
negotiated
MTU
: local
negotiated
: NO
, remote
: NO
, remote
: 1500
: NO
: 1500
: 1500
labels
: local
: 81926
, remote
: 81932
signal
: Configured
: YES
, Received
: YES
Negotiated
: YES
, Sent
: YES
AC ready
: YES
oam status
: local
remote
redundancy
: local
negotiated
application
, remote
: ACTIVE
: ??
: service-type : VPWS
, instance-id: 1
MAC-withdraw : received
: 0
, sent
: 0
local-VCCV
: CC-type
: NO
, CV-type
: NO
remote-VCCV
: CC-type
: NO
, CV-type
: NO
actual-VCCV
: CC-type
: NO
, CV-type
: NO
LDP session
2-44
SJ-20140731105308-013|2014-10-20 (R1.0)
When AC1 has a fault, NPE2 can be aware of the fault quickly and starts to negotiate with
CE1 to make AC2 be active. So the traffic from CE1 to CE2 is changed over from AC1 to
AC2 directly. Meanwhile, NPE1 or NPE2 needs to send MAC WITHDRAW messages to
other NPE devices in the same Virtual Forwarding Instance (VFI) on the VPLS network to
inform other PEs to age the invalid MAC addresses. In this way, the traffic from CE2 to
CE1 can be learnt through broadcast and be forwarded through NPE2 correctly.
2-45
SJ-20140731105308-013|2014-10-20 (R1.0)
In the same way, when NPE1 has a fault, NPE2 can detect the fault through other
detection mechanisms and trigger AC link negotiation, and then it sends MAC WITHDRAW
messages to other NPE devices in the same VFI.
Steps
1. Create an MC-ELAM instance.
2-46
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config)#mc-elam-configuration
Enters MC-ELAM
configuration mode from
global configuration mode.
ZXR10(config-mc-elam-configuration)#mc-elam
Creates an MC-ELAM
<id>
Command
Function
ZXR10(config-mc-elam-configuration-mc-elam-
instance)#source <source-ip>
address of an MC-ELAM
instance.
ZXR10(config-mc-elam-configuration-mc-elam-
instance)#destination <destination-ip>
IP address of an MC-ELAM
instance.
Command
Function
ZXR10(config-mc-elam-configuration-mc-elam-
instance)#system-priority <priority-value>
of an MC-ELAM instance, in
the range of 1-65535. The
default value is 32768.
ZXR10(config-mc-elam-configuration-mc-elam-
instance)#system-mac <value>
ZXR10(config-mc-elam-configuration-mc-elam-
instance)#timeradvertise <advertise-interval>
2-47
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-mc-elam-configuration-mc-elam-
instance)#detect-multiplier <multiplier>
ZXR10(config-mc-elam-configuration-mc-elam-
immediately | non-revertive}
MC-ELAM instance.
<holdoff-time> ranges from 1
to 120 seconds.
immediately: reverting
immediately (default).
non-revertive: not reverting.
ZXR10(config-mc-elam-configuration-mc-elam-
relationship between an
pw-type}
ZXR10(config-mc-elam-configuration-mc-elam-
to a smartgroup interfaces
slave }]
Function
End of Steps
2-48
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure an MC-ELAM instance.
2. Configure the source and the destination IP addresses of the MC-ELAM instance.
3. Configure the MC-ELAM instance to bind to a smmartgroup interface in automatic
mode.
4. Configure the reverting mode of the MC-ELAM instance
Configuration Command
The configuration of the CE:
CE(config)#interface smartgroup1
CE(config-if-smartgroup1)#exit
CE(config)#lacp
CE(config-lacp)#interface smartgroup1
CE(config-lacp-sg-if-smartgroup1)#lacp mode 802.3ad
CE(config-lacp-sg-if-smartgroup1)#exit
CE(config-lacp)#interface gei-0/3/0/1
CE(config-lacp-member-if-gei-0/3/0/1)#smartgroup 1 mode active
CE(config-lacp-member-if-gei-0/3/0/1)#exit
CE(config-lacp)#interface gei-0/3/0/3
CE(config-lacp-member-if-gei-0/3/0/3)#smartgroup 1 mode active
CE(config-lacp-member-if-gei-0/3/0/3)#exit
CE(config-lacp)#exit
PE1(config)#mc-elam-configuration
PE1(config-mc-elam-configuration)#mc-elam 1
PE1(config-mc-elam-configuration-mc-elam-instance)#bind smartgroup 1 mode auto
PE1(config-mc-elam-configuration-mc-elam-instance)#source 1.1.1.1
PE1(config-mc-elam-configuration-mc-elam-instance)#destination 1.1.1.2
PE1(config-mc-elam-configuration-mc-elam-instance)#restore immediately
PE1(config-mc-elam-configuration-mc-elam-instance)#system-priority 30000
PE1(config-mc-elam-configuration-mc-elam-instance)#end
PE2(config)#mc-elam-configuration
PE2(config-mc-elam-configuration)#mc-elam 1
PE2(config-mc-elam-configuration-mc-elam-instance)#bind smartgroup 1 mode auto
PE2(config-mc-elam-configuration-mc-elam-instance)#source 1.1.1.2
PE2(config-mc-elam-configuration-mc-elam-instance)#destination 1.1.1.1
2-50
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
Check the configurations before switchover as follows:
Execute the show mc-elam 1 command to check the configuration result on PE1, as follows:
PE1#show mc-elam 1
----------------------------------------------------mcelam-instance-id
:1
destination_ip
:1.1.1.2
source_ip
:1.1.1.1
system_priority
:30000
system_mac
:0022.4432.edac
virtual_mcelam_priority
:30000
virtual_mcelam_smac
:0022.4432.edac
sm_state
:MCELAM_LINK_MS
smartgroup_id
:1
bind_mode
:MCELAM_AUTO_MODE
actor_mcelam_role
:MASTER
actor_lacp_role
:MASTER
actor_sg_admin_state
:UP
actor_sg_protocol_state
:UP
actor_revertive_mode
:MCELAM_IMMEDIATELY_MODE
revertive_time
:0
actor_adver_int
:10
actor_detect_multiplier
:5
actor_pwfault
:0
partner_mcelam_role
:SLAVE
partner_lacp_role
:SLAVE
partner_sg_protocol_state:DOWN
partner_adver_int
:10
partner_detect_multiplier:5
partner_pwfault
:0
IP-Address
Mask
Admin Phy
Prot
Smartgroup1
unassigned
unassigned
up
up
up
Execute the show mc-elam 1 command to check the configuration result on PE2, as follows:
2-51
SJ-20140731105308-013|2014-10-20 (R1.0)
:1
destination_ip
:1.1.1.1
source_ip
:1.1.1.2
system_priority
:40000
system_mac
:001e.739a.b21f
virtual_mcelam_priority
:30000
virtual_mcelam_smac
:0022.4432.edac
sm_state
:MCELAM_LINK_MS
smartgroup_id
:1
bind_mode
:MCELAM_AUTO_MODE
actor_mcelam_role
:SLAVE
actor_lacp_role
:SLAVE
actor_sg_admin_state
:UP
actor_sg_protocol_state
:DOWN
actor_revertive_mode
:MCELAM_IMMEDIATELY_MODE
revertive_time
:0
actor_adver_int
:10
actor_detect_multiplier
:5
actor_pwfault
:0
partner_mcelam_role
:MASTER
partner_lacp_role
:MASTER
partner_sg_protocol_state:UP
partner_adver_int
:10
partner_detect_multiplier:5
partner_pwfault
:0
/*Check the smartgroup interface (which should be in down status before switchover).*/
PE2(config)#show ip int brief smartgroup1
Interface
IP-Address
Mask
Admin Phy
Prot
Smartgroup1
unassigned
unassigned
up
down
up
Actor
Agg
LACPDUs
Port
Oper
Port
RX
Mux
2-52
SJ-20140731105308-013|2014-10-20 (R1.0)
State
Interval Pri
Key
State Machine
Machine
------------------------------------------------------------------------------gei-0/3/0/1[SA*]
ACTIVE
30
CURRENT
COLL&DIST
gei-0/3/0/3[SA ]
INACTIVE
30
CURRENT
ATTACHED
:1
destination_ip
:1.1.1.2
source_ip
:1.1.1.1
system_priority
:30000
system_mac
:00d0.1234.561f
virtual_mcelam_priority
:30000
virtual_mcelam_smac
:00d0.1234.561f
sm_state
:MCELAM_LINK_MS
smartgroup_id
:1
bind_mode
:MCELAM_AUTO_MODE
actor_mcelam_role
:MASTER
actor_lacp_role
:SLAVE
actor_sg_admin_state
:UP
actor_sg_protocol_state
:DOWN
actor_revertive_mode
:MCELAM_IMMEDIATELY_MODE
revertive_time
:0
actor_adver_int
:10
actor_detect_multiplier
:5
actor_pwfault
:0
partner_mcelam_role
:SLAVE
partner_lacp_role
:MASTER
partner_sg_protocol_state:UP
partner_adver_int
:10
partner_detect_multiplier:5
partner_pwfault
:0
IP-Address
Mask
Admin Phy
Prot
Smartgroup1
unassigned
unassigned
up
down
up
2-53
SJ-20140731105308-013|2014-10-20 (R1.0)
On PE2, run the show mc-elam 1 command to check the PE2 configuration.
PE2#show mc-elam 1
-----------------------------------------------------mcelam-instance-id
:1
destination_ip
:1.1.1.1
source_ip
:1.1.1.2
system_priority
:40000
system_mac
:0023.e422.1134
virtual_mcelam_priority
:30000
virtual_mcelam_smac
:00d0.1234.561f
sm_state
:MCELAM_LINK_MS
smartgroup_id
:1
bind_mode
:MCELAM_AUTO_MODE
actor_mcelam_role
:SLAVE
actor_lacp_role
:MASTER
actor_sg_admin_state
:UP
actor_sg_protocol_state
:UP
actor_revertive_mode
:MCELAM_IMMEDIATELY_MODE
revertive_time
:0
actor_adver_int
:10
actor_detect_multiplier
:5
actor_pwfault
:0
partner_mcelam_role
:MASTER
partner_lacp_role
:SLAVE
partner_sg_protocol_state:DOWN
partner_adver_int
:10
partner_detect_multiplier:5
partner_pwfault
:0
IP-Address
Mask
Admin Phy
Prot
Smartgroup1
unassigned
unassigned
up
up
up
Actor
Agg
LACPDUs
Port
Oper
Port
RX
Mux
2-54
SJ-20140731105308-013|2014-10-20 (R1.0)
State
Interval Pri
Key
State Machine
Machine
------------------------------------------------------------------------------gei-0/3/0/1[ A ]
INACTIVE
30
PORT_DISABLED DETACHED
gei-0/3/0/3[SA*]
ACTIVE
30
CURRENT
COLL&DIST
The SAToP protocol is defined in RFC. It provides the emulation function for the PDH
circuit service with a lower rate, such as E1, T1, and T3. The SAToP protocol is used
to transfer unstructured or non-frame E1/T1/E3/T3 services.
The biggest difference between the CESoPSN protocol and the SAToP protocol is
as follows: The CESoPSN protocol provides structured TDM service transmission
function. That is to say, it can identify and transmit frame structure and TDM
intra-frame signaling.
Steps
1. Configure the CES service.
Step
Command
Function
Enables L2VPN.
ZXR10(config)#vpws <instance-name>
2-55
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpws)#access-point<interface-name
>
services.
ZXR10(config-vpws-test-ac-cip1)#access-par
ams tdm
Command
Function
ZXR10(config-vpws-test-ac-cip1-tdm)#distrib
ution-period <2-64>
ZXR10(config-vpws-test-ac-cip1-tdm)#jitter-b
uffer <1-400>
emulation.
ZXR10(config-vpws-test-ac-cip1-tdm)#idle-c
Function
protocol.
End of Steps
2-56
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1.
2.
3.
4.
5.
6.
Create the TDM tunnel on the AC side of router CE and router PE.
Create the L2VPN example on router PE1 and router PE2 seperately.
Configure the TDM pseudo wire.
Bind the CE1 interface to the VPWS service.
Configure the type and parameters for the TDM service.
Test the configuration results. Each status of CES is normal.
Configuration Steps
The ZSR configuration on router CE is omitted. The following only descries the ZXR10
M6000-S configuration on router PE.
PE1(config)#controller cpos3-0/2/3/5
PE1(config-ctrl-cpos3-0/2/3/5)# framing sdh
PE1(config)#interface cpos3_e1-0/2/3/5.1/1/1:1
PE1(config-if-cpos3_e1-0/2/3/5.1/1/1:1)#no shutdown
2-57
SJ-20140731105308-013|2014-10-20 (R1.0)
For the L2VPN instance configuration, refer to section "VPWS configuration instances in
ZXR10 M6000-SConfiguration Guide (VPN).
The configuration on PE2 is just similar to that on PE1.
Configuration Verification
The verification results on router PE1 are as follows:
PE1#show l2vpn instance-name lqs1
Name:lqs1
Type:VPWS
Default-VCID:-
PW count:1
AC count:1
Kompella PW count:0
Activation Status:ENABLE
Default Cword:DISABLE
Headers: M - mode
Description:
Pseudo Wire(PW):
Codes
PwName
pw1
Attachment Circuit(AC):
InterfaceName
Client/Server
cpos3_e1-0/2/3/5.1/1/1:1
PWName
pw1
PeerIP
2.2.2.2
FEC PWType
128 SAToP_E1
State Llabel
UP
81922
Rlabel
81929
VPNowner
W:lqs1
2-58
SJ-20140731105308-013|2014-10-20 (R1.0)
Down
- PW not UP;
Marks
GR1
GR2
------------------------------------------------------------------------------Neighbourhood
AGI/VC-ID
Service
AIIs/Descriptions
Labels
Status
pw1
1
^^^^^^^^^^
SAToP_E1
cpos3_e1-0/1/1/1.1/1/1:1
83929
up
VPWS:3
cpos3_e1-0/2/3/5.1/1/1:1
81922
LMNSAC
There are two types of interfaces used for L2VPN and L3VPN bridge function, ulei interface
and bvi interface. For a loopback service, configure the ulei interface. For a non-loopback
service, configure the bvi interface.
Context
L2 VPN and L3 VPN bridge configuration on ZXR10 M6000-S includes the following steps.
1. Configure L2 VPN and L3 VPN on PEs. For details, please refer to VPLS configuration
and MPLS VPN configuration.
2. Create an L2 VPN or an L3 VPN bridge interface, that is, ulei interface.
3. Add an L2 VPN or an L3 VPN bridge interface to the L2 VPN and L3 VPN instance.
Steps
l
Function
Command
Function
ZXR10(config)#service-bridging virtual-links
ZXR10(config-bridge)#virtual-link
<interface-name> <interface-name>
bridge function.
Command
Function
<vrf-name>
Command
Function
ZXR10(config)#vpls <instance-name>
Configures a VPLS
[multi-mac-spaces]
instance.
2-60
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpls-vpls-name)#access-point ulei
<ulei-number>
ZXR10(config-vpls-vpls-name-ac-ulei-
number)#access-params ethernet
simulation parameters of
the AC interface.
Function
Function
ZXR10(config)#interface bvi<bvi-number>
Command
Function
ZXR10(config)#service-bridging virtual-links
ZXR10(config-bridge)#virtual-link
<interface-name> <interface-name>
bridge function.
Command
Function
<vrf-name>
2-61
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config)#vpls <instance-name>
Configures a VPLS
[multi-mac-spaces]
instance.
ZXR10(config-vpls-vpls-name)#access-point bvi
<bvi-number>
ZXR10(config-vpls-vpls-name-ac-bvi-
number)#access-params ethernet
simulation parameters of
the AC interface.
Function
End of Steps
2-62
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure IGP route between PE1 and PE2, PE2 and PE3 to make them
interconnected.
2. Establish LDP neighbor relationship between loopback interfaces of PE1 and PE2,
and between loopback interfaces of PE2 and PE3.
3. Create a VPLS instance zte1 between PE1 and PE2, meanwhile CE1 is taken as an
AC accessing PE1.
4. Configure L3 VPN on PE2 and PE3. The Virtual Route Forwarding (VRF) instance
name is zte2.
5. Establish and configure L2 and L3 bridge interfaces on PE2: access vrf zte2, access
VPLS instance zte1, configure IP address.
Configuration Command
The configuration of PE1:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback1)#no shutdown
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#ip address 104.110.111.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.1.1.1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 104.110.111.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#exit
2-63
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.1.1.2
PE2(config-ospf-1)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#network 104.110.111.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#network 104.130.131.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#exit
2-64
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#vpls zte1
PE2(config-vpls-zte1)#access-point ulei-0/1/0/1
PE2(config-vpls-zte1-ac-ulei-0/1/0/1)#access-params ethernet
PE2(config-vpls-zte1-ac-ulei-0/1/0/1-eth)#exit
PE2(config-vpls-zte1-ac-ulei-0/1/0/1)#exit
PE2(config-vpls-zte1)#exit
PE2(config)#interface ulei-0/1/0/2
PE2(config-if-ulei-0/1/0/2)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-ulei-0/1/0/2)#exit
2-65
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#vpls zte1
PE2(config-vpls-zte1)#access-point bvi1
PE2(config-vpls-zte1-ac-bvi1)#access-params ethernet
PE2(config-vpls-zte1-ac-bvi1-eth)#exit
PE2(config-vpls-zte1-ac-bvi1)#exit
PE2(config-vpls-zte1)#exit
PE2(config)#interface bvi2
PE2(config-if-bvi2)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-bvi2)#exit
255.255.255.0
PE3(config-if-gei-0/1/0/2)#exit
PE3(config)#router ospf 1
PE3(config-ospf-1)#router-id 1.1.1.3
PE3(config-ospf-1)#network 1.1.1.3 0.0.0.0 area 0.0.0.0
PE3(config-ospf-1)#network 104.130.131.0 0.0.0.255 area 0.0.0.0
PE3(config-ospf-1)#exit
2-66
SJ-20140731105308-013|2014-10-20 (R1.0)
PE3(config)#interface gei-0/1/0/1
PE3(config-if-gei-0/1/0/1)#ip vrf forwarding zte2
PE3(config-if-gei-0/1/0/1)#ip address 20.20.20.1 255.255.255.0
PE3(config-if-gei-0/1/0/1)#exit
Configuration Verification
If the loopback service (ulei interface) is configured, check the configuration result on PE2.
ZXR10(config)#show running-config-interface ulei-0/1/0/2
!<if-intf>
request interface ulei-0/1/0/2
interface ulei-0/1/0/2
ip vrf forwarding zte2
ip address 10.10.10.1 255.255.255.0
!
$
!</if-intf>
!<bridge>
service-bridging virtual-links
virtual-link ulei-0/1/0/1 ulei-0/1/0/2
$
!</bridge>
2-67
SJ-20140731105308-013|2014-10-20 (R1.0)
Age
Hardware
Address Interface
Exter
VlanID
Inter
Sub
VlanID
Interface
---------------------------------------------------------------------------10.10.10.1 -
1010.1111.1135
ulei-0/1/0/1
N/A
N/A
ulei-0/1/0/1
N/A
N/A
If the non-loopback service (bvi interface) is configured, check the configuration result on
PE2.
ZXR10(config)#show running-config-interface bvi1
!<if-intf>
interface bvi1
$
!</if-intf>
!<bridge>
service-bridging virtual-links
virtual-link bvi1 bvi2
$
!</bridge>
2-68
SJ-20140731105308-013|2014-10-20 (R1.0)
Hardware
Age
Address
Exter
Inter
Sub
-------------------------------------------------------------------------------10.10.10.1 -
1010.1111.1135 bvi2
N/A
N/A
N/A
N/A
protection between PEs on the user side and network side. Through PW-BFD or vccv
detection, quick switchover of layer-2 VPN FRR can be implemented. In addition, MAC
update of VPLS throughout the network can be realized by the mac-withdraw signaling.
1. Active and standby PWs are established respectively between UPE1 and NPE1 and
between UPE1 and NPE2, so that the active PW forwarding path of VPLS can be
protected.
2. After the active and standby PWs are established, the active/standby FRR table is
created for MAC forwarding. In addition, the standby PW is forbidden to learn MAC.
3. The active PW uses PW-BFD for detection. When detecting a BFD failure of the active
PW,
l The driver switches the FRR table of the active PW to realize rapid switching of
MAC forwarding.
l The driver notifies the related protocol of the active PW's failure. Then the protocol
performs mac-withdraw of VC, updates MAC throughout the network.
l Removes the restriction of MAC learning from the standby PW, so that the standby
PW can learn MAC again and the switchover between active and standby PWs
can be completed.
Here, it should be noticed that the establishment of PW-BFD is triggered by PW, and the
driver associates the FRR table with BFD detection.
2-70
SJ-20140731105308-013|2014-10-20 (R1.0)
Steps
1. Enable L2VPN.
Command
Function
Enables L2VPN.
Function
ZXR10(config)#pw pw<1-115968>
Function
ZXR10(config)#vpls <name>[multi-mac-spaces]
4. Bind the VPLS instance to the active PW, set the operating mode to spoke, enter spoke
PW configuration mode, and configure the neighbor of the active PW.
Step
Command
Function
ZXR10(config-vpls-vpls-name)#pseudo-wire
pw<number> spoke
ZXR10(config-vpls-name-spoke-pw-pw-number)#neig
active PW.
Command
Function
ZXR10(config-vpls-name-spoke-pw-pw-number)#r
edundancy-manager
ZXR10(config-vpls-name-spoke-pw-pw-number-
type.
Step
Command
Function
ZXR10(config-vpls-name-spoke-pw-pw-number-
configures PW redundancy
Command
Function
ZXR10(config-vpws-vpws-name)#backup-pw
Creates a standby PW
instance.
ZXR10(config-vpws-vpws-name-protect-pw-
instance.
Command
Function
ZXR10(config)#aps
ZXR10(config-aps)#linear-protect
instance.
3
ZXR10(config-aps-linear-protect)#pw-protector
pw<1-115968>
ZXR10(config-aps-linear-protect-pwprotector-
protection.
2-72
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
ZXR10(config-vpls-vpls-name)#mac-withdraw
Configuration Flow
1. Configure IGP routes on UPE1, NPE2, NPE3 and NPE4 to make them ping each other
successfully. The router-ids are listed as follows:
2-73
SJ-20140731105308-013|2014-10-20 (R1.0)
Device
Router-ID
UPE1
1.1.1.1
NPE2
2.2.2.2
NPE3
3.3.3.3
NPE4
4.4.4.4
2. Establish LDP neighbour relationship between the four devices (UPE1, NPE2, NPE3
and NPE4).
3. Create a VPLS instance named zte among NPE2, NPE3 and NPE4. The VCID is 100,
and the PW type is ethernet-vlan. The access mode among them is hub. Meanwhile,
CE2 connects to NPE4 as an AC.
4. Associate the VPLS FRR function. Enter VPLS instance configuration mode on
UPE1 to configure the information related to the VPLS instance zte, and configure
the addresses of the active PW and the standby PW. The link between UPE1 and
NPE2 is the active PW. The link between UPE1 and NPE3 is the standby PW. CE1
connects to UPE1 as an AC.
Configuration Command
The IGP and LDP configuration on each router are omitted.
The VPLS FRR configuration on UPE1 is as follows:
UPE1(config)#mpls l2vpn enable
UPE1(config)#pw pw1
UPE1(config)#pw pw2
UPE1(config)#vpls zte
UPE1(config-vpls-zte)#pseudo-wire pw1 spoke
UPE1(config-vpls-zte-spoke-pw-pw1)#neighbour 2.2.2.2 vcid 100
UPE1(config-vpls-zte-spoke-pw-pw1-neighbour-2.2.2.2)#exit
UPE1(config-vpls-zte-spoke-pw-pw1)#redundancy-manager
UPE1(config-vpls-zte-spoke-pw-pw1-rm)#protect-type 1:1 unidirectional
protect-strategy aps
UPE1(config-vpls-zte-spoke-pw-pw1-rm)#exit
UPE1(config-vpls-zte-spoke-pw-pw1)#exit
2-74
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
Check the result of the configuration on UPE1, as shown in the following:
UPE1#show running-config l2vpn
!<pss-l2vpn>
mpls l2vpn enable
vpls zte
access-point gei-0/3/0/9
access-params ethernet
$
$
pseudo-wire pw1 spoke
neighbour 2.2.2.2 vcid 100
control-word preferred
$
redundancy-manager
protect-type 1:1 unidirectional protect-strategy aps
$
$
backup-pw pw2 protect pw1
neighbour 3.3.3.3 vcid 100
control-word preferred
$
$
2-75
SJ-20140731105308-013|2014-10-20 (R1.0)
PWName
PeerIP
FEC
PWType
State
Llabel
Rlabel
VPNowner
Pw1
2.2.2.2
128
Ethernet
S UP
81921
81921
L:zte
Pw2
3.3.3.3
128
Ethernet
S UP
81921
81921
L:zte
Configuration Flow
1. Configure IGP routes on PE1, PE2, and PE3 so that the devices can ping each other
successfully. The router-ids are listed as follows:
2-76
SJ-20140731105308-013|2014-10-20 (R1.0)
Device
Route-ID
PE1
1.1.1.1
PE2
2.2.2.2
PE3
3.3.3.3
Configuration Command
The IGP and LDP configuration on each device is omitted.
The VPWS FRR configuration on PE1 is as follows:
PE1(config)#mpls l2vpn enable
PE1(config)#pw pw1
PE1(config)#pw pw2
PE1(config)#vpws zte
PE1(config-vpws-zte)#pseudo-wire pw1
PE1(config-vpws-zte-pw-pw1)#neighbour 2.2.2.2 vcid 100
PE1(config-vpws-zte-pw-pw1-neighbour)#track 1
PE1(config-vpws-zte-pw-pw1-neighbour)#exit
PE1(config-vpws-zte-pw-pw1)#redundancy-manager
PE1(config-vpws-zte-pw-pw1-rm)#pfs-bits negotiate independent
PE1(config-vpws-zte-pw-pw1-rm)#protect-type 1:1 unidirectional protect-strategy aps
PE1(config-vpws-zte-pw-pw1-rm)#exit
PE1(config-vpws-zte-pw-pw1)#exit
PE1(config-vpws-zte)#backup-pw pw2 protect pw1
PE1(config-vpws-zte-protect-pw2)#neighbour 3.3.3.3 vcid 100
PE1(config-vpws-zte-protect-pw2-neighbour)#control-word preferred
PE1(config-vpws-zte-protect-pw2-neighbour)#signal dynamic
PE1(config-vpws-zte-protect-pw2-neighbour)#exit
PE1(config-vpws-zte-protect-pw2)#exit
PE1(config-vpws-zte)#access-point smartgroup1
PE1(config-vpws-zte-ac-smartgroup1)#access-params ethernet
PE1(config-vpws-zte-ac-smartgroup1-eth)#exit
PE1(config-vpws-zte-ac-smartgroup1)#exit
PE1(config-vpws-zte)#exit
Configuration Verification
Check the configuration result on PE1.
PE1#show running-config l2vpn
!<l2vpn>
mpls l2vpn enable
vpws zte
access-point smartgroup1
access-params ethernet
$
$
pseudo-wire pw1
neighbour 2.2.2.2 vcid 100
track 1
$
redundancy-manager
pfs-bits negotiate independent
protect-type 1:1 unidirectional protect-strategy aps
2-78
SJ-20140731105308-013|2014-10-20 (R1.0)
PWName
PeerIP
FEC PWType
State Llabel
Rlabel
VPNowner
pw1
2.2.2.2
128 Ethernet
UP
82021
82520
W:zte
pw2
3.3.3.3
128 Ethernet
UP
82020
81920
W:zte
T-PE: Terminate PE. The function is basically the same as a regular PE.
S-PE: Switching PE. It is a key device of MSPW. It is mainly used to receive and
process the mapping messages sent by T-PE.
MAC address learning is not required in the traffic forwarding on S-PE. Instead, the
forwarding is directly implemented according to labels. Thus, the load of S-PE is
dramatically minimized.
The emergence of MSPW reduces the number of LDP sessions that need to be established
in a VPLS network, and the number of TPC connections also decreases accordingly.
2-79
SJ-20140731105308-013|2014-10-20 (R1.0)
In a simple traffic forwarding model, the flow of sending traffic from CE1 to CE2 is as
follows:
Upon receiving a packet from CE1, T-PE1 attaches an inner layer label and an outer layer
label to the packet. These two labels are both assigned by S-PE (If S-PE is replaced by
P, the outer layer label is assigned by P, while the inner layer label is assigned by T-PE2.)
According to the outer layer label, T-PE1 forwards the packet to S-PE. Upon receiving
the packet, S-PE swaps the inner layer label and outer layer label. That is, S-PE replaces
them respectively with the inner layer label and outer layer label assigned by T-PE2. Then,
finding that it is the penultimate hop, S-PE forwards the packet to T-PE2 according to the
outer layer label. T-PE2 then forwards the packet to CE2 according to the inner layer label.
Establishment of MSPW
As shown in Figure 2-18, when T-PE1 configures one VPLS instance and specifies
S-PE as its peer, the establishment flow is as follows:
Figure 2-18 Establishment and Release of MSPW
2. Upon receiving the Mapping message, S-PE checks whether the corresponding
VPLS instance of MSPW has been configured locally (that is, the VCID of the peer
pointing to T-PE1 must be consistent with the VCID of VFI on T-PE1, and the VCID
of the peer pointing to T-PE2 may not be the same as the VCID of the peer pointing
to T-PE1.) If yes, S-PE forwards the Mapping message to T-PE2 (Here, S-PE
does not simply forwards the Mapping message received from T-PE1. Instead,
before forwarding the Mapping message, S-PE performs VC label swapping by
replacing the Remote VC label sent from T-PE1 with the Local VC label assigned
by T-PE2.)
3. Upon receiving the Mapping message, T-PE2 also checks whether the same
VPLS instance has been configured locally (that is, the VCID is the same as that
of S-PE pointing to T-PE2). If yes, T-PE2 negotiates all the parameters. If the
parameters are all consistent and the negotiation succeeds, PW is established
on T-PE2.
Similarly, upon receiving the Mapping message from S-PE, T-PE1 performs the same
steps as mentioned above.
l
Release of MSPW
As shown in Figure 2-18, if T-PE1 does not want to forward the packets of T-PE2 any
more, for example, when the user cancels the peer role of the specified S-PE, the
release flow is as follows:
1. T-PE1 releases the VC label that was bound locally, and then sends a Withdraw
message to S-PE.
2. Upon receiving the Withdraw message, S-PE sends a label release message
(Release) to T-PE1, saying that it has already released the VC label. In addition,
S-PE sends a Withdraw message to T-PE2.
3. Upon receiving the Withdraw message from S-PE, T-PE2 returns a Release
message to S-PE.
4. After the involved devices complete sending and receiving related messages, VC
is cancelled, and PW is released.
Steps
1. Create an MSPW instance.
Step
Command
Function
Enables L2VPN.
ZXR10(config)#pw pw<1-115968>
2-81
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
instance.
ZXR10(config-mspw-mspw-name)#status-signaling
Opti-
terminal
onal)
MSPW instance.
5 (
ZXR10(config-mspw-mspw-name)#traffic-statistics
Opti-
{enable|disable}
6 (
ZXR10(config-mspw-mspw-name)#traffic-statistics
Opti-
onal)
onal)
<1-4294967295>]
Command
Function
ZXR10(config-mspw-mspw-name)#pseudo-wire
pw<1-115968>
MSPW instance.
ZXR10(config-mspw-mspw-name-seg-pw-number)#n
Configures a PW entity.
ZXR10(config-mspw-mspw-name-seg-pw-
Modifies PW signaling.
number-neighbour-A.B.C.D)#signal {dynamic |
ZXR10(config-mspw-mspw-name-seg-pw-
number-neighbour-A.B.C.D)#tunnel-policy
<tunnel-policy-name>
ZXR10(config-mspw-mspw-name-seg-pw-number-
neighbour)#traffic-statistics{enable|disable}
Command
Function
ZXR10(config-mspw-mspw-name)#interface-params
ZXR10(config-mspw-mspw-name-if-params)#descri
Configure an interface
ption <text>
description.
ZXR10(config-mspw-mspw-name-if-params)#mtu<60-
9216>
instance.
ZXR10(config-mspw-mspw-name-if-params)#fragmen
tation
5
ZXR10(config-mspw-mspw-name-if-params)#fcs-ret
ZXR10(config-mspw-mspw-name-if-params)#atm
cell-concatenate <1-64>
10
11
ZXR10(config-mspw-mspw-name-if-params)#distribut
e-period <1-64>
TDM simulation.
ZXR10(config-mspw-mspw-name-if-params)#ethernet
Configures an Ethernet
request-vlan-id <1-4094>
request VLAN.
ZXR10(config-mspw-mspw-name-if-params)#fr
dlci-header-length <2-4>
headers.
ZXR10(config-mspw-mspw-name-if-params)#ts-count
<1-400>
of TDM simulation.
ZXR10(config-mspw-mspw-name-if-params)#tdm aal1
ZXR10(config-mspw-mspw-name-if-params)#tdm aal1
cells-per-packet <1-100>
in each PW encapsulation
packet.
13
ZXR10(config-mspw-mspw-name-if-params)#tdm aal2
14
15
ZXR10(config-mspw-mspw-name-if-params)#tdm aal2
max-duration <1-64>
duration of AAL2.
ZXR10(config-mspw-mspw-name-if-params)#tdm
Step
Command
Function
16
ZXR10(config-mspw-mspw-name-if-params)#tdm rtp
frequency <1-65535>
timestamps.
ZXR10(config-mspw-mspw-name-if-params)#tdm rtp
17
header
18
19
ZXR10(config-mspw-mspw-name-if-params)#tdm rtp
payload-type <1-127>
RTP headers.
ZXR10(config-mspw-mspw-name-if-params)#tdm rtp
20
ZXR10(config-mspw-mspw-name-if-params)#tdm
signaling-packets {non-transmitted|together-with-data|ap
art-from-data {just-here|over-there}}
21
22
23
24
ZXR10(config-mspw-mspw-name-if-params)#tdm
ZXR10(config-mspw-mspw-name-if-params)#tdm
sonet-sdh ebm-extension
header.
ZXR10(config-mspw-mspw-name-if-params)#tdm
sonet-sdh async-type { e3 | t3 }
attenuation type.
ZXR10(config-mspw-mspw-name-if-params)#tdm
mtu <60-9216>: This command can be configured for all MSPW types except the
atm and tdm types.
ethernet request-vlan-id <1-4094>: This command can be configured only when
the MSPW type is ethernet tagged.
description <text>: This command can be configured for all MSPW types.
fragmentation: This command can be configured for all MSPW service types.
fr dlci-header-length <2-4>: This command can be configured only when the
MSPW type is fr dlci or fr dlci-old.
fcs-retention header-length {2|4}: This command can be configured when the
MSPW type is ethernet tagged, ethernet raw, HDLC, PPP, and FR. For the
ethernet tagged and ethernet raw types, the value must be 4.
atm cell-concatenate <1-64>: This command can be configured when the MSPW
type is atm port, atm vpc, atm vcc, atm vpc-group, or atm vcc-group.
2-84
SJ-20140731105308-013|2014-10-20 (R1.0)
l
l
l
l
l
l
l
l
l
l
tdm ts-count <1-1000>: This command can be configured when the MSPW type
is tdm, including tdm { aal1 | aal2 | satop { e1 | t1 | e3 | t3 }| cesopsn { basic | cas }|
sonet-sdh {cesom | ceop}}.
tdm distribute-period <2-64>:This command can be configured when the MSPW
type is tdm, including tdm { aal1 | aal2 | satop { e1 | t1 | e3 | t3 } | cesopsn { basic
| cas } | sonet-sdh {cesom | ceop} }. When a PWE3 is encapsulating signaling
packets, this parameter is ignored for the aal1 and all2 types. This parameter
needs to be extracted for other tdm types, including tdm { satop { e1 | t1 | e3 | t3
} | cesopsn { basic | cas } | sonet-sdh {cesom | ceop} }.
tdm rtp header: This command can be configured when the MSPW type is tdm.
tdm rtp timestamp differential ssrc-id <1-4294967295>: This command can be
configured when the MSPW type is tdm. When a PWE3 is encapsulating
signaling packets, this parameter is ignored if the tdm rtp header is not configured.
tdm rtp frequency <1-65535>: This command can be configured when the MSPW
type is tdm. When a PWE3 is encapsulating signaling packets, this parameter is
ignored if the tdm rtp header is not configured.
tdm rtp payload-type <1-127>: This command can be configured when the MSPW
type is tdm. When a PWE3 is encapsulating signaling packets, this parameter is
ignored if the tdm rtp header is not configured.
tdm cas-trunk { e1 | t1-esf | t1-sf }: This command can be configured when the
MSPW type is tdm. When a PWE3 is encapsulating signaling packets, this
parameter is extracted based on the specified type.
tdm signaling-packets { non-transmitted | together-with-data | apart-from-data[just
-here|over-there]}: This command can be configured when the MSPW type is tdm.
When a PWE3 is encapsulating signaling packets, this parameter is extracted for
CES PWs of the following type: tdm {satop {e1 | t1 | e3 | t3}| cesopsn {basic | cas}}.
tdm sonet-sdh dba-trigger-event {[ais],[une]}: This command can be configured
when the MSPW type is tdm cep, including tdm sonet-sdh {cesom | ceop}.
tdm sonet-sdh ebm-extension: This command can be configured when the MSPW
type is tdm cep, including tdm sonet-sdh {cesom | ceop}.
tdm sonet-sdh async-type { e3 | t3 }: This command can be configured when the
MSPW type is tdm cep, including tdm sonet-sdh {cesom | ceop}.
tdm sonet-sdh connection-type { spe | vt | fractional-spe }: This command can be
configured when the MSPW type is tdm cep, including tdm sonet-sdh {cesom |
ceop}.
tdm aal1 cells-per-packet <1-100>: This command can be configured when the
MSPW type is tdm all1.
tdm aal1 mode {unstructured | structured | structured-with-cas}: This command
can be configured when the MSPW type is tdm all1.
tdm aal2 max-duration <1-64>: This command can be configured when the MSPW
type is tdm all2.
tdm aal2 vad-mode {signal-indicated | by-dectection | always-active}: This command
can be configured when the MSPW type istdm all2.
2-85
SJ-20140731105308-013|2014-10-20 (R1.0)
If any interface parameter configuration conflicts with the MSPW type, the system
displays the following error code: "This type MSPW instance does not support this
parameter! ". For a description of the MSPW types that support the parameter, refer
to CLI command descriptions.
4. (Optional) Configure PW redundancy in an MSPW instance.
Step
Command
Function
ZXR10(config-mspw-mspw-name-seg-pw-number)#r
Binds a PW redundancy
edundency-manager
ZXR10(config-mspw-mspw-name-seg-pw-number-
mode.
ZXR10(config-mspw-mspw-name-seg-pw-number-
rm)#exit
instance.
ZXR10(config-mspw-mspw-name-seg-pw-number)#exit
ZXR10(config-mspw-mspw-name)#backup-pw
ZXR10(config-mspw-mspw-name-protect-seg-pw-
Command
Function
ZXR10(config)#aps
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-aps)#linear-protect
ZXR10(config-aps-linear-protect)#pw-protector
pw<1-115968>
ZXR10(config-aps-linear-protect-pw-number)#reve
protection.
Configuration Flow
1. Establish LDP session between T-PE1 and S-PE, and between T-PE2 and S-PE. For
details, refer to ZXR10 M6000-S Carrier-level Router Configuration Guide (MPLS).
2. Configure MSPW on the S-PE router and configure a normal VPLS instance on the
T-PE router.
Configuration Command
The configuration on the T-PE1 router is as follows:
T-PE1(config)#pw pw1
T-PE1(config)#vpls zte
T-PE1(config-vpls-zte)#pseudo-wire pw1
T-PE1(config-vpls-zte-pw-pw1)#neighbour 133.133.5.1 vcid 1
T-PE1(config-vpls-zte-pw-pw1-neighbour)#exit
2-87
SJ-20140731105308-013|2014-10-20 (R1.0)
S-PE(config-mspw-zte)#pseudo-wire pw2
S-PE(config-mspw-zte-seg-pw2)# neighbour 133.133.11.1 vcid 1
S-PE(config-mspw-zte-seg-pw2-neighbour)#signal dynam
S-PE(config-mspw-zte-seg-pw2-neighbour)#exit
S-PE(config-mspw-zte-seg-pw2)#exit
Configuration Verification
On the S-PE router, execute the show pwe3 signal fec128 detail command to check the
information related to PWE3.
S-PE#show pwe3 signal fec128 detail
The detailed signal information of dynamic PWs or PW-segments:
UP
GR1
GR2
LSPs formed
: YES
C-bits
: local
negotiated
MTU
: local
negotiated
: NO
, remote
: NO
: NO
: 1500
, remote
: 1500
: 1500
2-88
SJ-20140731105308-013|2014-10-20 (R1.0)
: local
: 81923
, remote
: 83420
signal
: Configured
: YES
, Received
: YES
oam status
Negotiated
: YES
AC ready
: YES
: local
: local
negotiated
application
: YES
remote
redundancy
, Sent
, remote
: ??
: ??
: service-type : MSPW
, instance-id: 2
MAC-withdraw : received
: 0
, sent
local-VCCV
: CC-type
: TTL
remote-VCCV
: CC-type
: AL|TTL
actual-VCCV
: CC-type
: TTL
LDP session
: 0
, CV-type
: LSP
, CV-type
: LSP
, CV-type
: LSP
attachment-circuit : ??
local-description
: ??
remote-description : zte
PW entity
LSPs formed
: YES
C-bits
: local
negotiated
MTU
: local
: NO
labels
: local
signal
: Configured
: 81922
AC ready
: YES
redundancy
: local
: 1500
, Received
, Sent
: 81929
: YES
: YES
remote
negotiated
, remote
: YES
: YES
: local
, remote
: 1500
Negotiated
oam status
: NO
: NO
: 1500
negotiated
application
, remote
, remote
: ??
: ??
: service-type : MSPW
, instance-id: 2
MAC-withdraw : received
: 0
local-VCCV
: CC-type
: TTL
, sent
remote-VCCV
: CC-type
: AL|TTL
actual-VCCV
: CC-type
: TTL
LDP session
: 0
, CV-type
, CV-type
, CV-type
: LSP
: LSP
: LSP
attachment-circuit : ??
local-description
: ??
remote-description : zte
On the S-PE, execute the show l2vpn forwardinfo vpnname command to check whether
PW is established successfully. Use the detail option to check the detailed information,
such as the internal label of the PW.
2-89
SJ-20140731105308-013|2014-10-20 (R1.0)
PWName
PeerIP
FEC
PWType
State
pw2
133.133.11.1
128
Ethernet
UP
81923
83420
M:zte
pw1
133.133.1.1
128
Ethernet
UP
81922
81929
M:zte
Llabel
Rlabel
VPNowner
detail
Codes
PWNF
AR
AT
PSNR
PSNT
PWFS
RS
PWSA
-------------------------------------------------------------------------------
zte]
Peer IP address
: 133.133.11.1
Connection mode
VCID Extend
: 0
Signaling protocol
: LDP
VC type
: Ethernet
Create time
: 00:07:54
: 81922
PW name
: pw12
Control Word : -
Related PW name
: -
PW FRR type
: NULL
Activation status
: ENABLE
Band Width
: 0
VC status
: UP
Remote status
: ALLOK
VCCV CC type
: TTL
VCCV CV type
: LSP
Tunnel label
: { 3 }
Output interface
: gei-0/4/0/1
: { 81921 3 }
VCID
: 1
zte]
Peer IP address
: 133.133.1.1
VCID
: 1
Connection mode
VCID Extend
: 0
Signaling protocol
: LDP
VC type
: Ethernet
2-90
SJ-20140731105308-013|2014-10-20 (R1.0)
Create time
: 00:07:54
: 81921
PW name
: pw11
Control Word : -
Related PW name
: -
PW FRR type
: NULL
Activation status
: ENABLE
Band Width
: 0
VC status
: UP
Remote status
: ALLOK
VCCV CC type
: TTL
VCCV CV type
: LSP
Tunnel label
: { 3 }
Output interface
: smartgroup22
: { 81920 3 }
PE2 and ASBR2 are in the same AS. ASBR2 uses the IGP protocol to obtain the routing
information of PE2. Through the LDP protocol, ASBR2 and PE2 establish an LSP tunnel.
ASBR1 and PE2 are not in the same AS, and ASBR1 has no routing information of PE2.
In that case, the routing information of PE2 can be transferred to ASBR1 through the
EBGP protocol. In addition, the BGP protocol can be extended in such a way that BGP
2-91
SJ-20140731105308-013|2014-10-20 (R1.0)
can assign labels (such as IPv4-Label as shown in the above figure) while transferring
routing information. Hence, an LSP is established between ASBR1 and ASBR2, and label
swapping is performed on ASBR2.
Similarly, between ASBR1 and PE1, the routing information of PE2 is also transferred
through extended IBGP, labels are assigned, and label swapping is performed on ASBR1.
However, the establishment of the LSP is different from that of the LSP between two
ASBRs. Two ASBRs are directly connected, and the next hop is directly reachable. PE1
and ASBR1 are not directly connected, but an LSP tunnel can be established between
them through LDP, as they are in the same AS.
Thus, the LSP tunnel between PE1 and ASBR1 finally has three layers of labels: the
bottom-layer VPN label (assigned by PE2), the middle-layer to-PE2 label (assigned
by ASBR1 through extended BGP), and the outer-layer to-ASBR1 label (assigned by
LDP). Between ASBRs, a double-layer LSP tunnel is established with two labels: the
bottom-layer VPN label (assigned by PE2) and the outer-layer to-PE2 label (assigned by
ASBR2 through extended BGP). Between ASBR2 and PE2, a double-layer LSP tunnel
is established with two labels: the inner-layer VPN label (assigned by PE2) and the
outer-layer to-PE2 label (assigned by LDP). These three tunnels are bonded together by
label swapping on ASBRs to form an end-to-end LSP tunnel.
Steps
1. Configure VPLS Crossing Several ASs (Option C).
For details about the VPLS configuration crossing several ASs (option C), refer to the
Configuring VPLS.
2. Verify the configurations.
For details about the VPLS maintenance crossing several ASs (Option C), refer to
section Configuring VPLS.
End of Steps
2-92
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Build the network according to Figure 2-21.
addresses:
Configuration Command
The configuration on PE1 is as follows:
PE1(config)#router ospf 10
PE1(config-ospf-10)#router-id 100.1.5.1
2-93
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#mpls ldp
instance 1
PE1(config-ldp-1)#router-id loopback10
PE1(config-ldp-1)# target-session 100.1.5.4
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1) # exit
PE1(config-ldp-1)#exit
ASBR1(config)#mpls ldp
instance 1
ASBR1(config-ldp-1)#router-id loopback10
ASBR1(config-ldp-1)#interface gei-0/1/0/2
ASBR1(config-ldp-1-if-gei-0/1/0/2)#exit
ASBR1(config-ldp-1)#access-fec bgp
ASBR1(config-ldp-1)#exit
ASBR1(config)#ipv4-access-list zte
ASBR1(config-ipv4-acl)#rule 1 permit 100.1.5.1 0.0.0.0
ASBR1(config-ipv4-acl)#exit
ASBR1(config)#route-map zte
2-94
SJ-20140731105308-013|2014-10-20 (R1.0)
ASBR1(config)#router bgp100
ASBR1(config-bgp)#no synchronization
ASBR1(config-bgp)#neighbor 100.1.23.3 remote-as 200
ASBR1(config-bgp)#neighbor 100.1.23.3 route-map zte out
ASBR1(config-bgp)#neighbor 100.1.23.3 send-label
ASBR1(config-bgp)#neighbor 100.1.5.1 remote-as 100
ASBR1(config-bgp)#neighbor 100.1.5.1 update-source loopback10
ASBR1(config-bgp)#neighbor 100.1.5.1 next-hop-self
ASBR1(config-bgp)#neighbor 100.1.5.1 send-label
ASBR1(config-bgp)#network 100.1.5.1 255.255.255.255
ASBR1(config-bgp)#exit
ASBR2(config)#ipv4-access-list zte
ASBR2(config-ipv4-acl)#rule 1 permit 100.1.5.4 0.0.0.0
ASBR2(config-ipv4-acl)#exit
ASBR2(config)#route-map zte
ASBR2(config-route-map)#match ip address zte
ASBR2(config-route-map)#set mpls-label
ASBR2(config-route-map)#exit
2-95
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
On PE1 or PE2, run the show l2vpn forwardinfo vpnname command to check whether the
PW is established successfully. In the "details" option, you can see the detailed information
about the PW, such as inner-layer and outer-layer labels.
PE1(config)#show l2vpn forwardinfo vpnname zte
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
2-96
SJ-20140731105308-013|2014-10-20 (R1.0)
PWName
PeerIP
FEC
pw1
100.1.5.4 128
PWType
State
Ethernet
H UP
Llabel
Rlabel
VPNowner
81920
81920
L:zte
Codes
PWNF
AR
AT
PSNR
PSNT
PWFS
RS
PWSA
-------------------------------------------------------------------------------
zte]
Peer IP address
: 100.1.5.4
VCID
: 10000
Connection mode
: HUB
VCID Extend
: 0
Signaling protocol
: LDP
VC type
: Ethernet
Create time
: 00:00:13
: 81920
PW name
: pw1
Control Word : -
Related PW name
: -
PW FRR type
: NULL
Activation status
: ENABLE
Band Width
: 0
VC status
: UP
Remote status
: ALLOK
VCCV CC type
: TTL
VCCV CV type
: LSP
Tunnel label
: { 3 }
Output interface
: gei-0/1/0/1
: { 81921 3 }
Outgoing
label
Local
Outgoing
label
Tunnel Id
interface
16389
Poptag
100.1.5.2/32
gei-0/1/0/1
Next Hop
M/S
100.1.12.2
Next Hop
In Label/Out Label
2-97
SJ-20140731105308-013|2014-10-20 (R1.0)
100.1.5.2
notag/nolabel
100.1.5.2/32
100.1.5.2
213006/213024
100.1.5.3/32
100.1.5.2
213007/213025
100.1.5.4/32
100.1.5.2
212999/212996
Steps
1. Configure VLSS.
Step
Command
Function
Enables L2VPN.
ZXR10(config)#vlss<vlss-name>
ZXR10(config-vlss-name)#description <string>
ZXR10(config-vlss-name)#traffic-statistics
{enable|disable}
for a instance.
ZXR10(config-vlss)#access-point<ac-interface>
ZXR10(config-vlss-vlss-name-ac-ac-
type.
ppp | tdm}
ZXR10(config-vlss-vlss-name-ac-ac-
interface-eth)#ingress-adjust {push
as follows:
{all|from-sublayer}}
package.
rewrite: modifies ptag.
tag-as-payload: Treats some or
all tags of AC uplink service traffic
2-98
SJ-20140731105308-013|2014-10-20 (R1.0)
as payloads.
ZTE Proprietary and Confidential
Step
Command
Function
ZXR10(config-vlss-vlss-name-ac-ac-
interface-eth)#traffic-statistics{enable|disable}
for an AC.
ZXR10(config-vlss-vlss-name-ac-ac-
interface-eth)#traffic-statistics threshold
<1-4294967295>]
ethernet | fr | hdlc | ppp | tdm: Encapsulation types of the AC interface in the VLSS
instance.
2. Verify the configurations.
Command
Function
Displays a list of L2VPN
instances.
End of Steps
Configuration Flow
1. Enable L2VPN.
2. Create a VLSS instance and bind the local connections.
Configuration Commands
Run the following commands to configure the VLSS on the ZXR10 M6000-S:
ZXR10(config)#mpls l2vpn enable
ZXR10(config)#vlss zte
ZXR10(config-vlss-zte)#description l2vpn-zte
ZXR10(config-vlss-zte)#access-point gei-0/1/0/3
ZXR10(config-vlss-zte-ac-gei-0/1/0/3)#access-params ethernet
2-99
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
Run the show command to check the VLSS instance configuration.
ZXR10(config)#show l2vpn brief
VPLS count:0
VPWS count:0
VLSS count:1
MSPW count:0
MONITOR count:0
name
type
Default-VCID PW
AC
description
zte
VLSS
l2vpn-zte
Default-VCID:-
PW count:0
AC count:2
Kompella PW count:0
Activation Status:ENABLE
Default Cword:Description:l2vpn-zte
Attachment Circuit(AC):
InterfaceName
Client/Server
gei-0/1/0/3
gei-0/1/0/4
2-100
SJ-20140731105308-013|2014-10-20 (R1.0)
MSP Protection
Multiplex Section Protection (MSP) is a dedicated or shared protection mechanism. MSP
provides protections for the multiplex section layer, and is applicable for point-to-point
physical network. It implements the protection for the service channel, and used for the
STM-N port network or connection with the client device (such as BSC/RNC).
MSP includes two protection types: 1+1 and 1:1. The UNI side should support the 1+1
and 1:1 MSP protections
As shown in Figure 2-22, PW1 is created between P1 to P2, and PW2 is created between
P1 and P3. The two PWs are related through the PW redundancy group created on P1.
PW1 is the working path, and PW2 is the protection path.
Figure 2-22 Typical Network of Port Protection Group
The MSP is run on the UNI side. LINK1 is the working link, and LINK2 is the protection link.
When the SDH OAM detects that the link has faults, it notifies to the MSP. The MSP selects
LINK1 or LINK2 as the new working link, and reports the result to the PW redundancy
group on P1 through the PW OAM. Then, the redundancy group selects the PW same as
that on the UNI side as the new working path.
MC-APS Protection
Multi-Chassis Automatic Protection Switching (MC-APS) is the extension of the MSP
protection.
2-101
SJ-20140731105308-013|2014-10-20 (R1.0)
The current MSP is run on the same rack, and the head and tail nodes of the working and
protection links are on the same device. In this case, the MSP status machines of both
ends are run on the same device.
If the head and tail nodes of the working and protection links are on different devices,
the information obtained from the single device is not complete. The status machine
calculation must be performed with information on the other device. Therefore, the MSP
should be extended to make it receive information of other devices and synchronize the
information with other devices to implement the MC-APS protection.
As shown in Figure 2-22, the MSP information should be synchronized between P2 and
P3 reliably and in order, which requires to be guaranteed by a set of mechanisms. IEFT
releases ICCP based on LDP, which guarantees that reliable information transmission
between racks through the channels created between devices.
ICCP provides a series of management mechanisms, which requires to put the devices
whose information needs to be synchronized to a Redundancy Group (RG). The
information transmitted between devices are encapsulated into the messages in the TLV
format. Then, the information is sent to the peer through channels. The ICCP messages
must be born through the extended LDP TLV field, which means that the LDP must be
deployed on PE nodes of both ends.
Steps
1. Configure a port protection group.
Step
Command
Function
ZXR10(config)#port-group <group-id>
ZXR10(config-port-group-group-id)#group-type
{msp | mc-aps}
ZXR10(config-port-group-group-id)#protect-type
receiving {selective}
4
ZXR10(config-port-group-group-id)#working-port
<interface-name>
ZXR10(config-port-group-group-id)#protect-port
<interface-name>
5
ZXR10(config-port-group-group-id)#communicate-
unit.
2-102
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-port-group-group-id)#protect-strat
egy aps
ZXR10(config)#aps
instance mode.
Configures a linear APS
ZXR10(config-aps)#linear-protect
instance.
ZXR10(config-aps-linear-protect)#port-group
<group-id>
ZXR10(config-aps-linear-protect-portgroupid)#switch {clear|exercise|force-switch|force-switch-work
|lockout|manual-switch|manual-switch-work}
Command
Function
Configuration Flow
1. Configure the port protection groups.
2. Configure APS parameters.
Configuration Command
The configuration for PE1 as follows. The configuration for PE2 is the same as that for
PE1.
PE1(config)#port-group 1
PE1(config-port-group-1)#group-type msp
PE1(config-port-group-1)#protect-type 1+1 bidirectional receiving selective
PE1(config-port-group-1)#working-port cpos3-1/3/0/1
PE1(config-port-group-1)#protect-port cpos3-0/2/2/1
PE1(config-port-group-1)#protect-strategy aps
PE1(config-port-group-1)#exit
PE1(config)#aps
PE1(config-aps)#linear-protect
PE1(config-aps-linear-protect)#port-group 1
PE1(config-aps-linear-protect-portgroup1)#revertive-mode revertive wtr 5
Configuration Verification
View the port protection group on PE1.
ZXR10#show aps linear-protect port-group 1
2-104
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1 is connected to PE2 through PW1 (the active PW), and PE1 is connected to PE3
through PW2 (the standby PW). CE1 is connected to PE2 and PE3 in dual-homed mode.
l
If AC1 fails, CE1 performs access switchover, and traffic is rerouted to AC2. PE1 is
notified of the failure through mapping. PE1 switches the PW and drects traffic to
PW2.
2-105
SJ-20140731105308-013|2014-10-20 (R1.0)
If PW1 fails, PE1 switches the PW after detecting the failure, and directs traffic to
PW2. PE1 notifies the AC side of the failure through mapping, so that CE1 performs
access switchover, and traffic is rerouted to AC2.
The VPWS supports DNI-PW redundancy protection. Different from common VPWS
instances, each VPWS instance on PE2 and PE3 includes three PWs. One (PW1 or
PW2) is a common PW, and the other two PWs (PW3 and PW4) are DNI-PWs. The
two DNI-PWs are configured and used on both PE2 and PE3. One NDI-PW is used for
PW protection and remote uplink traffic bridging, and the other DNI-PW is used for AC
traffic protection and remote downlink traffic bridging. The DNI-PWs (PW3 and PW4) are
deployed for outer protection, and all DNI-PWs between PE2 and PE3 are deployed in
the same outer protection range.
SJ-20140731105308-013|2014-10-20 (R1.0)
PE3) and CE1. CE1 performs load sharing through SmargGroup. The dual-homed
nodes use 1:1 single-transmit, dual-receive mode. The blue arrows indicate uplink
traffic, and the red arrows indicate downlink traffic.
1. When all links are operating properly, the operational procedure is as shown in
Figure 2-26.
Figure 2-26 DNI-PW Operating StateSteady State (MC-LAG Loading Sharing)
2-107
SJ-20140731105308-013|2014-10-20 (R1.0)
3. If PW1 fails, and if PW2 also fails during PW1 recovery or the WTR, the operational
procedure is as shown in Figure 2-28.
Figure 2-28 DNI-PW Operating StatePW2 Fails During PW1 Recovery
2-108
SJ-20140731105308-013|2014-10-20 (R1.0)
4. If PW2 fails, and if PW1 also fails during PW2 recovery or the WTR, the operational
procedure is as shown in Figure 2-29.
Figure 2-29 DNI-PW Operating StatePW1 Fails During PW2 Recovery
6. If AC1 and PW1 fail, the operational procedure is as shown in Figure 2-31.
2-109
SJ-20140731105308-013|2014-10-20 (R1.0)
7. If the PE2 node fails, the operational procedure is as shown in Figure 2-32.
Figure 2-32 DNI-PW Operating StatePE2 Node Fails (MC-LAG Loading
Sharing)
SJ-20140731105308-013|2014-10-20 (R1.0)
the AC side, MC-LAG/MSP 1:1 mode is used between the dual-homed nodes (PE2
and PE3) and CE1. CE1 uses single-transmit, dual-receive mode or single-transmit,
single-receive mode. The dual-homed nodes use single-transmit, dual-receive mode.
The blue arrows indicate uplink traffic, and the red arrows indicate downlink traffic.
1. When all links are operating properly, the operational procedure is as shown in
Figure 2-33.
Figure 2-33 DNI-PW Operating StateSteady State (MC-LAG PW 1:1)
2-111
SJ-20140731105308-013|2014-10-20 (R1.0)
4. If AC1 and PW1 fail, the operational procedure is as shown in Figure 2-36 and
Figure 2-37.
2-112
SJ-20140731105308-013|2014-10-20 (R1.0)
Figure 2-36 DNI-PW Operating StateAC1 and PW1 Fail (Transient State)
Figure 2-37 DNI-PW Operating StateAC1 and PW1 Fail (Steady State)
5. If the PE2 node fails, the operational procedure is as shown in Figure 2-38.
2-113
SJ-20140731105308-013|2014-10-20 (R1.0)
Steps
l
Command
Function
ZXR10(config)#pw pw<1-115968>
p
1
configuration mode.
2 (
Configures an inter-chassis
Op-
<group-id>
tion-
ZXR10(config-rg-group-id)#apply mc-pw
al)
ZXR10(config)#pw-configuration
Enters independent PW
configuration mode.
2-114
SJ-20140731105308-013|2014-10-20 (R1.0)
Ste-
Command
Function
ZXR10(config-pw)#pseudo-wire
Configures a PW entity.
p
4
xit
ZXR10(config-pw)#redundancy-manager
group.
pw<1-115968>{mc-master|mc-slave}
5
ZXR10(config-pw-pw-number-rm)#mc-protec
t-type coworker-proxy
type to coworker-proxy.
6 (
ZXR10(config-pw-pw-number-rm)#mc-protec
Op-
t-type mc-selection
tion-
al)
OAM-mapping redundancy
protection type cannot be
configured at the same time.
7 (
ZXR10(config-pw-pw-number-rm)#mc-prote
Op-
ct-type oam-mapping
tion-
al)
8 (
ZXR10(config-pw-pw-number-rm)#com
Op-
tion-
<redundancy-object-id>
al)
ZXR10(config-pw-pw-number-rm)#exit
ZXR10(config-pw)#coworker-proxy-pw
pw<1-115968>
10
ZXR10(config-pw)#pseudo-wire
<1-4294967295>]
Step 9).
2-115
SJ-20140731105308-013|2014-10-20 (R1.0)
Ste-
Command
Function
ZXR10(config)#vpws <vpws-name>
ZXR10(config-vpws-vpws-name)#pseudo-w
p
11
ire pw<1-115968>
Function
Displays inter-chassis PW
protection group information.
Displays all information about
Command
Function
ZXR10(config)#pw pw<1-115968>
Creates a PW interface in
p
1
Enters independent PW
ZXR10(config)#pw-configuration
configuration mode.
3
ZXR10(config-pw)#traffic-behavior <interface-name>
2-116
SJ-20140731105308-013|2014-10-20 (R1.0)
Ste-
Command
Function
ZXR10(config-pw-interface-name-behavior)#ce-s
ide {1+1|1:1|load-balance}
behavior.
ZXR10(config-pw)#coworker-proxy-pw
p
4
ZXR10(config-pw)#pseudo-wire pw<1-115968>
standby PW.
ZXR10(config)#vpws <vpws-name>
ZXR10(config-vpws-vpws-name)#access-point
<interface-name>
ZXR10(config-vpws-zte-ac-interface-name)#acc
ess-params ethernet
Function
End of Steps
2-117
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure an ICCP protection group on PE2 and PE3.
2. Configure DNI-PW in 1:1 mode on PE2 and PE3.
3. Configure active/standby MC-LAG on PE2 and PE3.
The LDP neighbor configuration, route configuration and PW FRR configuration for
the header node are omitted.
Configuration Commands
Run the following commands on PE2:
PE2(config)#redundancy interchassis group 1
PE2(config-rg-1)#apply mc-pw
PE2(config-rg-1)#apply mlacp
PE2(config-rg-1)#peer 52.52.52.52
PE2(config-rg-1)#exit
2-118
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#interface smartgroup1.1
PE2(config-if-smartgroup1.1)#exit
PE2(config)#vlan-configuration
PE2(config-vlan)#interface smartgroup1.1
PE2(config-vlan-if-smartgroup1.1)#encapsulation-dot1q 1
PE2(config-vlan-if-smartgroup1.1)#exit
PE2(config-vlan)#exit
PE2(config)#vpws zlj10001
PE2(config-vpws-zlj10001)#access-point smartgroup1.1
PE2(config-vpws-zlj10001-ac-smartgroup1.1)#access-params ethernet
PE2(config-vpws-zlj10001-ac-smartgroup1.1-eth)#exit
PE2(config-vpws-zlj10001-ac-smartgroup1.1)#traffic-behavior
PE2(config-vpws-zlj10001-ac-smartgroup1.1-behavior)#ce-side 1:1
PE2(config-vpws-zlj10001-ac-smartgroup1.1-behavior)#exit
PE2(config-vpws-zlj10001-ac-smartgroup1.1)#exit
PE2(config-vpws-zlj10001)#pseudo-wire pw10001
PE2(config-vpws-zlj10001-pw-pw10001)#neighbour 66.66.66.66 vcid 10001
PE2(config-vpws-zlj10001-pw-pw10001-neighbour)#exit
PE2(config-vpws-zlj10001-pw-pw10001)#redundancy-manager mc-master
PE2(config-vpws-zlj10001-pw-pw10001-rm)#mc-protect-type coworker-proxy
PE2(config-vpws-zlj10001-pw-pw10001-rm)#mc-protect-type mc-selection
PE2(config-vpws-zlj10001-pw-pw10001-rm)#communicate-unit iccp 1 roid 10001
PE2(config-vpws-zlj10001-pw-pw10001-rm)#exit
PE2(config-vpws-zlj10001-pw-pw10001)#exit
PE2(config-vpws-zlj10001)#coworker-proxy-pw pw40001 as-remote-ac protect smartgroup1.1
PE2(config-vpws-zlj10001-protect-pw40001)#neighbour 52.52.52.52 vcid 40001
PE2(config-vpws-zlj10001-protect-pw40001-neighbour)#exit
PE2(config-vpws-zlj10001-protect-pw40001)#exit
PE2(config-vpws-zlj10001)#coworker-proxy-pw pw30001 as-remote-pw protect pw10001
PE2(config-vpws-zlj10001-protect-pw30001)#neighbour 52.52.52.52 vcid 30001
PE2(config-vpws-zlj10001-protect-pw30001-neighbour)#exit
PE2(config-vpws-zlj10001-protect-pw30001)#exit
PE2(config-vpws-zlj10001)#exit
PE2(config)#lacp
PE2(config-lacp)#interface smartgroup1
PE2(config-lacp-sg-if-smartgroup1)#lacp mode 802.3ad
PE2(config-lacp-sg-if-smartgroup1)#lacp fast respond
PE2(config-lacp-sg-if-smartgroup1)#mc-lag iccp 1
PE2(config-lacp-sg-if-smartgroup1)#mc-lag priority 100
PE2(config-lacp-sg-if-smartgroup1)#mc-lag roid 1 node-id 1
PE2(config-lacp-sg-if-smartgroup1)#mc-lag sys-id 0000.5152.0000 sys-priority 1
PE2(config-lacp-sg-if-smartgroup1)#exit
2-119
SJ-20140731105308-013|2014-10-20 (R1.0)
PE3(config)#interface smartgroup1.1
PE3(config-if-smartgroup1.1)#exit
PE3(config)#vlan-configuration
PE3(config-vlan)#interface smartgroup1.1
PE3(config-vlan-if-smartgroup1.1)#encapsulation-dot1q 1
PE3(config-vlan-if-smartgroup1.1)#exit
PE3(config-vlan)#exit
PE3(config)#vpws zlj10001
PE3(config-vpws-zlj10001)#access-point smartgroup1.1
PE3(config-vpws-zlj10001-ac-smartgroup1.1)#access-params ethernet
PE3(config-vpws-zlj10001-ac-smartgroup1.1-eth)#exit
PE3(config-vpws-zlj10001-ac-smartgroup1.1)#traffic-behavior
PE3(config-vpws-zlj10001-ac-smartgroup1.1-behavior)#ce-side 1:1
PE3(config-vpws-zlj10001-ac-smartgroup1.1-behavior)#exit
PE3(config-vpws-zlj10001-ac-smartgroup1.1)#exit
PE3(config-vpws-zlj10001)#pseudo-wire pw20001
PE3(config-vpws-zlj10001-pw-pw20001)#neighbour 66.66.66.66 vcid 20001
PE3(config-vpws-zlj10001-pw-pw20001-neighbour)#exit
PE3(config-vpws-zlj10001-pw-pw20001)#redundancy-manager mc-slave
PE3(config-vpws-zlj10001-pw-pw20001-rm)#mc-protect-type coworker-proxy
PE3(config-vpws-zlj10001-pw-pw20001-rm)#mc-protect-type mc-selection
PE3(config-vpws-zlj10001-pw-pw20001-rm)#communicate-unit iccp 1 roid 10001
PE3(config-vpws-zlj10001-pw-pw20001-rm)#exit
PE3(config-vpws-zlj10001-pw-pw20001)#exit
PE3(config-vpws-zlj10001)#coworker-proxy-pw pw30001 as-remote-ac protect smartgroup1.1
PE3(config-vpws-zlj10001-protect-pw30001)#neighbour 51.51.51.51 vcid 30001
PE3(config-vpws-zlj10001-protect-pw30001-neighbour)#exit
PE3(config-vpws-zlj10001-protect-pw30001)#exit
PE3(config-vpws-zlj10001)#coworker-proxy-pw pw40001 as-remote-pw protect pw20001
2-120
SJ-20140731105308-013|2014-10-20 (R1.0)
PE3(config)#lacp
PE3(config-lacp)#interface smartgroup1
PE3(config-lacp-sg-if-smartgroup1)#lacp mode 802.3ad
PE3(config-lacp-sg-if-smartgroup1)#lacp fast respond
PE3(config-lacp-sg-if-smartgroup1)#mc-lag iccp 1
PE3(config-lacp-sg-if-smartgroup1)#mc-lag priority 200
PE3(config-lacp-sg-if-smartgroup1)#mc-lag roid 1 node-id 2
PE3(config-lacp-sg-if-smartgroup1)#mc-lag sys-id 0000.5152.0000 sys-priority 1
PE3(config-lacp-sg-if-smartgroup1)#exit
PE3(config-lacp)#interface xgei-0/3/0/1
PE3(config-lacp-member-if-xgei-0/3/0/1)#smartgroup 1 mode active
PE3(config-lacp-member-if-xgei-0/3/0/1)#exit
Configuration Verification
View the DNI-PW state on PE2.
PE2(config)#show aps linear-protect pw-protector pw10001
----------[APS Linear Instance]---------Protection group type: pw
Protection group id: 253
Protection group name: pw10001
Protection type: 1:1 unidirectional receiving both
APS is enabled
APS state: NO_REQUEST_NULL
Protection mode: remote
Active-state: restore-run
Revertive mode: revertive, WTR time: 5min
Hold-off time: 0ms,valid hold-off time: 0ms
Switch command: nul
PE2(config)#show aps linear-protect pw-protector smartgroup1.1
----------[APS Linear Instance]---------Protection group type: pw
Protection group id: 252
Protection group name: smartgroup1.1
Protection type: 1:1 unidirectional receiving both
APS is enabled
APS state: NO_REQUEST_NULL
Protection mode: remote
Active-state: restore-run
2-121
SJ-20140731105308-013|2014-10-20 (R1.0)
Actor
Agg
LACPDUs
Port
Port[Flags]
State
Interval Pri
Oper
Port
RX
Key
State Machine
Mux
Machine
-------------------------------------------------------------------------------xgei-0/3/0/23[SA*]
ACTIVE
30
32768 0x121
0x3d
CURRENT
COLL&DIST
2-122
SJ-20140731105308-013|2014-10-20 (R1.0)
2-123
SJ-20140731105308-013|2014-10-20 (R1.0)
Actor
Agg
LACPDUs
Port
Port[Flags]
State
Interval Pri
Oper
Port
RX
Mux
Key
State Machine
Machine
-------------------------------------------------------------------------------xgei-0/2/0/9[SA ]
INACTIVE 30
32768 0x121
0x5
CURRENT
WAITING
Steps
1. Configure a PW list.
l Method 1: Configure a PW entity in the L2VPN service, and then configure a PW
list.
Step
Command
Function
ZXR10(config)#pw pw<1-115968>
Creates a PW interface in
global configuration mode.
es]
2-124
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vpls-vpls-name)#pseudo-wire
pw<1-115968>[spoke]
Configures a PW entity.
ZXR10(config-vpls-vpls-name-pwpw-number)#neighbour <A.B.C.D>[vcid
<1-4294967295>]
5
ZXR10(config)#pw-list <1-1024>
Creates a PW list.
ZXR10(config-pw-list-number)#master pw
<pw-name>
PW list.
ZXR10(config-pw-list-number)#slave pw
<pw-name>
list.
A PW list supports a
maximum of 1023 slave
PWs.
Command
Function
ZXR10(config)#pw pw<1-115968>
Creates a PW interface in
global configuration mode.
Enters independent PW
ZXR10(config)#pw-configuration
configuration mode.
3
ZXR10(config-pw)#pseudo-wire pw<1-115968>
Configures a PW entity
in independent PW
configuration mode. You
can multiple PWs.
ZXR10(config)#vpls<vpls-name><multi-mac-spac
es>
ZXR10(config-vpls-vpls-name)#pseudo-wire
pw<1-115968>[spoke]
ZXR10(config)#pw-list <1-1024>
Creates a PW list.
ZXR10(config-pw-list-list-number)#master
pw <pw-name>
PW list.
2-125
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-pw-list-list-number)#slave pw
<pw-name>
list.
A PW list supports a
maximum of 1023 slave
PWs.
Function
End of Steps
2-126
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure FRR for multiple PWs on PE1. (The configuration is omitted.)
2. Set one of the PWs to the master PW in the PW list, and set other PWs to slave PWs.
3. Enable BFD for the master PW in the PW list.
Configuration Commands
Run the following commands on PE1:
PE1(config)#pw-list 1
PE1(config-pw-list-1)#master pw pw1
PE1(config-pw-list-1)#slave pw pw2
PE1(config-pw-list-1)#slave pw pw3
PE1(config-pw-list-1)#slave pw pw4
PE1(config-pw-list-1)#slave pw pw5
PE1(config-pw-list-1)#slave pw pw6
PE1(config-pw-list-1)#slave pw pw7
PE1(config-pw-list-1)#slave pw pw8
PE1(config-pw-list-1)#slave pw pw9
PE1(config-pw-list-1)#slave pw pw10
PE1(config-pw-list-1)#slave pw pw11
PE1(config-pw-list-1)#exit
PE1(config)#bfd
PE1(config-bfd)#session 1 pw-bfd pw-name pw1
PE1(config-bfd-pw-1)#time-negotiation interval 10 min-rx 10 multiplier 3
Configuration Verification
View the state of the PW list on PE1.
PE1(config)#show pw-list 1
pw-list: 1
status: UP
Master PW: pw1
Slave
PW: pw11
Slave
PW: pw10
Slave
PW: pw9
Slave
PW: pw8
Slave
PW: pw7
Slave
PW: pw6
Slave
PW: pw5
Slave
PW: pw4
Slave
PW: pw3
Slave
PW: pw2
LD
RD
pw1
2051
2051
Hold
State
30
UP
LD
RD
Pw1
2051
2051
Hold
State
30
UP
When BFD detects a down event, BFD triggers the master PW (pw1) to be down, and then
all slave PWs in the PW list are triggered. View the PW BFD state on PE1 and PE2.
PE1(config)#show bfd neighbors pw brief
Pwname
LD
pw1
2051
RD
0
Hold
State
DOWN
LD
RD
Pw1
2051
Hold
State
DOWN
2-128
SJ-20140731105308-013|2014-10-20 (R1.0)
status: DOWN
Master PW: pw1
Slave
PW: pw11
Slave
PW: pw10
Slave
PW: pw9
Slave
PW: pw8
Slave
PW: pw7
Slave
PW: pw6
Slave
PW: pw5
Slave
PW: pw4
Slave
PW: pw3
Slave
PW: pw2
Steps
l
Command
Function
ZXR10(config)#pw pw<1-115968>
Creates a PW interface in
global configuration mode.
2-129
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config)#pw-configuration
Enters independent PW
configuration mode.
ZXR10(config-pw)#pseudo-wire pw<1-115968>
Configures a PW entity.
Command
Function
ZXR10(config-pw-pw-number-neighbour)#contr
ol-word preferred
ZXR10(config-pw-pw-number-neighbour)#enca
{port|dlci|dlci-old}|tdm {aal1|aal2|satop
{e1|e3|t1|t3}|cesopsn {basic|cas}|sonet-sdh
{cesom|ceop}}|atm {port|vpc|vcc|vpc-group|vcc-grou
p|sdu|pdu}|ip|hdlc|ppp}
3
ZXR10(config-pw-pw-number-neighbour)#vccv
VCCV function.
{raw|ip}[compatible cc {ttl|alert-label|cw}]
4
ZXR10(config-pw-pw-number-neighbour)#tunnel
-policy <tunnel-policy-name>
ZXR10(config-pw-pw-number-neighbour)#signal
mode to signaling
remote-label <16-1048575>}
triggering.
ZXR10(config-pw-pw-number-neighbour)#oam-
ZXR10(config-pw-pw-number-neighbour)#traffic
-statistics{enable|disable}
2-130
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-pw-pw-number-neighbour)#track
<track-name>
ZXR10(config-pw-pw-number-neighbour)#shut
down
10
ZXR10(config-pw-pw-number-neighbour)#ban
ZXR10(config-pw-pw-number-neighbour)#rate-li
mit mode { blind | aware } cir < 8-20000000 > cbs <
1-5120000 > pir < 8-20000000 > pbs < 1-5120000 >
< 8-20000000 >, < 1-5120000 >: range of the parameters related to the rate limit.
3. Verify the configurations.
Command
Function
Command
Function
ZXR10(config)#pw pw<1-115968>
Creates a PW interface in
global configuration mode.
Enters independent PW
ZXR10(config)#pw-configuration
configuration mode.
3
ZXR10(config-pw)#pseudo-wire pw<1-115968>
Configures a PW entity.
ZXR10(config-pw-pw-number-neighbour)#exit
Configures a PW
ZXR10(config-pw)#redundancy-manager
redundancy group.
pw<1-115968>{mc-master|mc-slave}
To configure a common
PW protection group, the
mc-master and mc-slave
parameters do not need to
be set.
ZXR10(config-pw-pw-number-rm)#protect-typ
Configures the PW
e{1+1|1:1}{bidirectional|unidirectional}[receiving
protection type.
ZXR10(config-pw-pw-number-rm)#pfs-bits
Configures the PW
tional)
negotiation mode.
7 (Op-
ZXR10(config-pw-pw-number-rm)#pfs-bits-advert
tional)
ise regardless-of-ac
active/standby PW
negotiation state is related
to an AC.
ZXR10(config-pw-pw-number-rm)#exit
<pw-name>
9
ZXR10(config-pw)#pseudo-wire pw<1-115968>
standby PW.
Function
End of Steps
Steps
1. Enables the PWE3 event debugging function.
Command
Function
Parameter descriptions:
Parameter
Description
<ip-address>
<vcid>
ID of a PW.
2-133
SJ-20140731105308-013|2014-10-20 (R1.0)
Parameter
Description
<0-65535>:<0-4294967295>
A.B.C.D:<0-65535>
raw
PW type, Ethernet.
tagged
ip
ppp
PW type, PPP.
hdlc
PW type, HDLC.
port
dlci
dlci-old
aal1
aal2
e1
t1
e3
t3
basic
cas
cesom
ceop
port
vpc
vcc
vcc-group
vpc-group
sdu
2-134
SJ-20140731105308-013|2014-10-20 (R1.0)
Parameter
Description
pdu
Function
{<0-65535>:<0-4294967295>|A.B.C.D:<0-65535>} pw-type
mappingwithdraw messages.
ethernet {raw|tagged}}]
Parameter descriptions:
Parameter
Description
<ip-address>
<vcid>
ID of a PW.
<0-65535>:<0-4294967295>
raw
PW type, Ethernet.
tagged
ip
ppp
PW type, PPP.
hdlc
PW type, HDLC.
port
dlci
dlci-old
aal1
aal2
e1
t1
e3
t3
basic
2-135
SJ-20140731105308-013|2014-10-20 (R1.0)
Parameter
Description
cas
cesom
ceop
port
vpc
vcc
vcc-group
vpc-group
sdu
pdu
Function
End of Steps
2-136
SJ-20140731105308-013|2014-10-20 (R1.0)
Chapter 3
Reduce cost
3-1
SJ-20140731105308-013|2014-10-20 (R1.0)
MPLS simplifies the integration technology of ATM and IP. It efficiently combines the
L2 and L3 technologies. Therefore, the cost is reduced and the investment is saved
at earlier stages.
l
Convenience
MPLS is widely used in operator networks. It bring more convenience to enterprise
users establish global VPN.
3-2
SJ-20140731105308-013|2014-10-20 (R1.0)
The new address is a part of VPN-IPv4 address family, and it also is a BGP address family
of the MP-BGP protocol. In a VPN-IPv4 address, there is a value used to differentiate
different VPNs, called Route Distinguisher (RD).
The format of a VPN-IPv4 address is an eight-byte RD plus a four-byte IP address. RD is
the eight-byte value used for VPN differentiation. An RD consists of the following fields:
l
Type field (two bytes): It determines the length of the other fields.
If the value of the type field is 0, Administrator (ADM) field covers two bytes and
the Assignment Number (AN) domain covers four bytes.
If the value of the type field is 1, ADM field covers four bytes and the Assignment
Number (AN) field covers two bytes.
If the value of the type field is 2, ADM field covers four bytes and the Assignment
Number (AN) field covers two bytes.
If the type domain is 1, the ADM field contains an IPv4 address. RFC
recommends to use router IP address (this address is normally configured as
router ID). Router IP address is a public address.
The RD is only used between PEs and CEs to differentiate IPv4 addresses of different
VPNs. The ingress generates an RD and converts the received IPv4 route of the CE into
a VPN-IPv4 address. Before advertising the route to the CE, the egress PE converts the
VPN-IPv4 route into an IPv4 route.
l
l
MPLS L3VPN uses L3 technology. Every VPN has its own VPN-ID. Every VPN user
can only communicate with the members belonging to the same VPN, and only VPN
members can enter the VPN.
In MPLS VPN, the Service Provider (SP) allocates an RD to every VPN. The RD is
unique in SP network.
Forwarding table contains a unique address, called VPN-IP address, which is formed
through the connection of the RD and user IP address. The VPN-IP address is unique
in the network. The address table is stored in the forwarding table.
3-3
SJ-20140731105308-013|2014-10-20 (R1.0)
read the inner label, find the next-hop CE in the corresponding VPN routing table and
send the packet to the related interface, and then transmit the packet to the CE network
of the VPN.
Context
A VRF table is created for each VPN on a PE. VRF only saves the route information related
to this VPN. VPN is independent, which has its own interface, routing and label tables,
route protocol and so on.
Steps
1. Create a VPN instance.
Command
Function
Command
Function
ZXR10(config-vrf-vrf-name)#rd
<route-distinguisher>
2
ZXR10(config-vrf-vrf-name)#address-family
{ipv4|ipv6}
family.
ZXR10(config-vrf-vrf-name-af-ipv4)#route-ta
<0~65535> :<0~4294967295>
A.B.C.D:<0~65535>
<1-65535>.<0-65535>:<0-65535>
<0~65535>:<0~4294967295>
A.B.C.D:<0~65535>
<1-65535>.<0-65535>:<0-65535>
Command
Function
ZXR10(config-if-interface-name)#ip vrf
ZXR10(config-if-interface-name)#ip address
Function
[<vrf-name>]|summary]
End of Steps
Context
In order to run static route protocol between a CE and a PE, a static route pointing to a CE
needs to be configured on a PE, and the static route needs to be distributed to BGP.
Steps
1. Configure a static route pointing to CE on PE.
3-6
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
t-mask>{<forwarding-router's-addres>[global]|<interface-nam
to CE on PE.
e>[<forwarding-router's-address>]}[<distance-metric>][metric
<track-name>][name <description-name>]
2. Redistribute the static route in BGP VRF address family configuration mode.
Step
Command
Function
ZXR10(config-bgp-af-ipv4-vrf)#redistribute static
Function
[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n
End of Steps
Example
As shown in Figure 3-1, static routes are established between CE1 and PE1.
3-7
SJ-20140731105308-013|2014-10-20 (R1.0)
Configure addresses in the same segment on the direct-connected interfaces of CE1 and
PE1. Configure a static route on PE1.
Configuration on CE1:
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#ip address 10.1.0.1 255.255.255.252
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#interface gei-0/1/0/2
CE1(config-if-gei-0/1/0/2)#ip address 10.1.1.254 255.255.255.0
CE1(config-if-gei-0/1/0/2)#exit
CE1(config)#ip route 10.2.0.0 255.255.0.0 10.1.0.2
Configuration on PE1:
PE1(config)#ip route vrf vpn_a 10.1.0.0 255.255.0.0 10.1.0.1
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#redistribute static
PE1(config-bgp-af-ipv4-vrf)#end
Steps
1. Enable RIP.
3-8
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config)#router rip
Configures RIPv2.
ZXR10(config)#version 2
Command
Function
ZXR10(config-rip-af)#no auto-summary
function.
3
ZXR10(config-rip-af)#version 2
Configures RIPv2.
ZXR10(config-rip-af)#network <network-number><w
This advertises
direct-connected network
ild-card>
segment to RIP.
5
This redistributes
ZXR10(config-rip-af)#redistribute connected
direct-connected route to
RIP.
6
ZXR10(config-rip-af)#redistribute bgp-int
RIP.
3. Redistribute the RIP route in BGP VRF address family configuration mode.
Step
Command
Function
ZXR10(config-bgp-af-ipv4-vrf)#redistribute rip
Function
[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n
End of Steps
3-9
SJ-20140731105308-013|2014-10-20 (R1.0)
Example
As shown in Figure 3-2, RIP runs between CE1 and PE1.
Figure 3-2 Running RIP between CE and PE
Run RIP protocol on CE1 and PE1 respectively. Distribute routing information to each
other in rip vrf and bgp vrfon PE1.
Configuration on CE1:
CE1(config)#router rip
CE1(config)#no auto-summary
CE1(config-rip)#version 2
CE1(config-rip)#network 10.1.0.0 0.0.0.3
CE1(config-rip)#redistribute connected
CE1(config-rip)#exit
Configuration on PE1:
PE1(config)#router rip
PE1(config-rip)#version 2
PE1(config-rip)#address-family ipv4 vrf vpn_a
PE1(config-rip-af)#no auto-summary
PE1(config-rip-af)#version 2
PE1(config-rip-af)#network 10.1.0.0 0.0.0.3
PE1(config-rip-af)#redistribute bgp-int
PE1(config-rip-af)#exit
PE1(config-rip)#exit
3-10
SJ-20140731105308-013|2014-10-20 (R1.0)
Steps
1. Enable and configure the OSPF protocol.
Step
Command
Function
vrf-name>]
configuration mode.
ZXR10(config-ospf-process-id)#network<networ
these interfaces.
3
ZXR10(config-ospf-process-id)#redistribute
bgp-int
2. Redistribute the OSPF route in BGP VRF address family configuration mode.
Step
Command
Function
vrf-name>
configuration mode.
ZXR10(config-bgp-af-ipv4-vrf)#redistribute
{ospf-int | ospf-ext}<process-id>
routes.
Function
[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n
End of Steps
3-11
SJ-20140731105308-013|2014-10-20 (R1.0)
Example
As shown in Figure 3-3, enable the OSPF protocol on both CE1 and PE1, and distribute
the routing information mutually.
Figure 3-3 Running OSPF Protocol between CE and PE
Configuration on CE1:
CE1(config)#router ospf 1
CE1(config-ospf-1)#network 10.1.0.0 0.0.0.3 area 0.0.0.0
CE1(config-ospf-1)#network 10.1.1.0 0.0.0.255 area 0.0.0.0
CE1(config-ospf-1)#exit
Configuration on PE1:
PE1(config)#router ospf 2 vrf vpn_a
PE1(config-ospf-2)#network 10.1.0.0 0.0.0.3 area 0.0.0.0
PE1(config-ospf-2)#redistribute bgp-int
PE1(config-ospf-2)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#redistribute ospf-int 2
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit
3-12
SJ-20140731105308-013|2014-10-20 (R1.0)
Steps
1. Enable and configure IS-IS.
Step
Command
Function
ZXR10(config-isis-process-id)#area <area-address>
ZXR10(config-isis-process-id)#system-id
<system-id>
4
ZXR10(config-isis-process-id)#interface
<interface-name>
5
ZXR10(config-isis-process-id)#redistribute bgp
Command
Function
ZXR10(config-bgp-af-ipv4-vrf)#redistribute {isis-1
|isis-1-2|isis-2}<process-id>
Function
mary]
ZXR10#show ip protocol routing vrf <vrf-name>[network
<ip-address>[mask <net-mask>]]
table.
End of Steps
Example
As shown in Figure 3-4, IS-IS is enabled on CE1 and PE1. CE1 and PE2 distribute routes
to each other.
3-13
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on CE1:
CE1(config)#router isis 1
CE1(config-isis-1)#area 01
CE1(config-isis-1)#system-id 0121.4567.8956
CE1(config-isis-1)#exit
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip address 10.1.0.1/30
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#router isis 1
CE1(config-isis-1)#interface gei-0/1/0/1
CE1(config-isis-1-if-gei-0/1/0/1)ip router isis
CE1(config-isis-1-if-gei-0/1/0/1)#end
Configuration on PE1:
PE1(config)#router isis 2 vrf vpn_a
PE1(config-isis-2)#area 02
PE1(config-isis-2)#system-id0181.4857.8969
PE1(config-isis-2)#redistribute bgp
PE1(config-isis-2)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip address 10.1.0.2/30
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#router isis 2
PE1(config-isis-2)#interface gei-0/1/0/1
3-14
SJ-20140731105308-013|2014-10-20 (R1.0)
Steps
1. Configure EBGP between a CE and a PE.
Step
Command
Function
ZXR10(config-bgp-af-ipv4-vrf)#neighbor <
or AS number of a neighbor
peers.
Function
[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n
End of Steps
3-15
SJ-20140731105308-013|2014-10-20 (R1.0)
Example
As shown in Figure 3-5, EBGP runs between CE1 and PE1.
Figure 3-5 Running EBGP between CE and PE
Configure BGP on CE1 and PE1 respectively. Make sure that CE1 and PE1 can distribute
routes to each other.
Configuration on CE1:
CE1(config)#router bgp 65001
CE1(config-bgp)#neighbor 10.1.0.2 remote-as 100
CE1(config-bgp)#neighbor 10.1.0.2 activate
CE1(config-bgp)#redistribute connected
CE1(config-bgp)#exit
Configuration on PE1:
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.0.1 remote-as 65001
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.0.1 activate
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#end
Steps
1. Configure BGP neighbor.
3-16
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
<as-number>
3
ZXR10(config-bgp)#neighbor <ip-address>
update-source <interface-name>
Specifies update-source IP
address as its own loopback
address of MPBGP set link.
Command
Function
ZXR10(config-bgp)#address-family vpnv4
ZXR10(config-bgp-vpnv4)#neighbor <ip-address>
activate
neighbor.
Function
[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n
End of Steps
Example
As shown in Figure 3-6, MPBGP runs between PE1 and PE2.
3-17
SJ-20140731105308-013|2014-10-20 (R1.0)
Note:
Before perform the following configurations, make sure that PE1 and PE2 can ping each
other by using their loopback addresses.
Configuration on PE1:
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.3 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.3 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.3 activate
PE1(config-bgp-af-vpnv4)#end
Configuration on PE2:
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.1.1.1 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.1 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.1 activate
PE2(config-bgp-af-vpnv4)#end
After AS override is configured on PE, but before PE sends route update packets to CE,
PE will replace the AS number of each direct-connectd CE device in the entity AS_PATH
by its own AS number. The length of AS_PATH is still kept when AS override is configured.
To configure AS override on ZXR10 M6000-S, perform the following steps:
Step
Command
Function
vrf-name>
configuration mode.
ZXR10(config-bgp-af-ipv4-vrf)#neighbor
<neighbor-address> as-override
Import Map
VRF can save its concerned route prefix by means of import map.
Export Map
The export map is used to configure different Route Targets (RTs) to route prefix.
Different VRFs can selective accept the prefixes with different RTs.
To configure export and import map, perform the following steps on ZXR10 M6000-S
Step
Command
Function
ZXR10(config-vrf-vrf-name)#address-family
{ipv4|ipv6}
family.
ZXR10(config-vrf-vrf-name-af-ipv4)#export map
< route-map-name>
ZXR10(config-vrf-vrf-name-af-ipv4)#import map
< route-map-name>
Example
As shown in Figure 3-7, P acts as a Router Reflector (RR), the loopback1 address of PE1
is 61.139.36.34/32, the loopback1 address of PE2 is 61.139.36.35/32, and the loopback1
address of P is 61.139.36.31/32.
3-19
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Requirements
l
l
Make sure that PE1 and PE2 can learn loopback addresses between each other. PE1
and PE2 establish LDP neighborhood with RR respectively.
RR establishes MP-Interior Border Gateway Protocol (IBGP) neighborhood with PE1
and PE2 respectively. PE1 and PE2 are RR clients, their Loopback addresses are
used to set up BGP connection.
A VRF called ok is configured on PE1 and PE2. Configure the same RDs and RTs.
RR establishes MP-IBGP neighborhood with PE1 and PE2 respectively. PE1 and PE2 are
RR clients. PE1 and PE2 advertise a direct-connected route formed by loopback interface
on the private network respectively. As a result, the local PE can learn the private network
loopback route from the peer PE. The next hop of the this route is the direct-connected
address that is used to establish IGP neighborhood with the RR by the peer PE.
Configuration on RR (P):
P(config)#router bgp 65190
P(config-bgp)#no bgp default route-target filter
P(config-bgp)#neighbor 61.139.36.34 remote-as 65190
P(config-bgp)#neighbor 61.139.36.34 update-source loopback1
P(config-bgp)#neighbor 61.139.36.35 remote-as 65190
P(config-bgp)#neighbor 61.139.36.35 update-source loopback1
P(config-bgp)#address-family vpnv4
P(config-bgp-af-vpnv4)#neighbor 61.139.36.34 active
P(config-bgp-af-vpnv4)#neighbor 61.139.36.35 active
P(config-bgp-af-vpnv4)#neighbor 61.139.36.34 route-reflector-client
P(config-bgp-af-vpnv4)#neighbor 61.139.36.35 route-reflector-client
P(config-bgp-af-vpnv4)#end
Configuration on PE1:
PE1(config)#ip vrf ok
PE1(config-vrf-ok)#rd 1:1
PE1(config-vrf-ok)#address-family ipv4
PE1(config-vrf-ok-af-ipv4)#route-target 1:1
PE1(config-vrf-ok-af-ipv4)#exit
PE1(config-vrf-ok)#exit
remote-as 65190
3-20
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface loopback10
PE1(config-if-loopback10)#ip vrf forwarding ok
PE1(config-if-loopback10)#ip address 10.10.10.10 255.255.0.0
PE1(config-if)#exit
Configuration on PE2:
PE2(config)#ip vrf ok
PE2(config-vrf-ok)#rd 1:1
PE2(config-vrf-ok)#address-family ipv4
PE2(config-vrf-ok-af-ipv4)#route-target 1:1
PE2(config-vrf-ok-af-ipv4)#exit
PE2(config-vrf-ok)#exit
remote-as 65190
PE2(config)#interface loopback20
PE2(config-if-loopback20)#ip vrf forwarding ok
PE2(config-if-loopback20)#ip address 20.20.20.20 255.255.0.0
PE2(config-if-loopback20)#exit
3-21
SJ-20140731105308-013|2014-10-20 (R1.0)
NextHop
Intag
Outtag
RtPrf
Protocol
*>20.20.0.0/16
20.1.2.2
163898
34
200
BGP-INT
NextHop
Intag
Outtag
RtPrf
Protocol
*>10.10.0.0/16
30.1.2.1
164963
163863
200
BGP-INT
Interface Name
Address
CE1
gei-0/1/0/1
10.1.1.2/24
PE1
gei-0/1/0/2
10.1.1.1/24
gei-0/1/0/3
10.10.12.1/24
gei-0/1/0/4
10.10.12.2/24
gei-0/1/0/5
10.10.23.2/24
gei-0/1/0/6
10.10.23.3/24
gei-0/1/0/7.10
10.10.10.1/24
gei-0/1/0/8.10
10.10.10.2/24
PE2
CE2
Configuration Flow
1. Configure the IP addresses of loopback1 and physical interface on CE1. Establish
EBGP neighborhood between CE1 and PE1. Advertise the loopback address in BGP.
2. Configure the IP addresses of loopback1 and gei-0/1/0/3 on PE1. Configure a VRF
called test1. Bind the interface gei-0/1/0/2 to the test 1 and configure IP address.
Configure OSPF and advertise the network segment 10.0.0.0/8 in OSPF. Establish
MPBGP neighborhood between PE1 and PE2, and enable VPNv4. Establish EBGP
neighborhood between PE1 and CE1. Enable LDP on the interface gei-0/1/0/3.
Specify the loopback1 address as the LDP router ID.
3. Configure the IP addresses of gei-0/1/0/4 and gei-0/1/0/5 on P. Configure OSPF and
advertise the network segment 10.0.0.0/8 in OSPF. Enable LDP on the interfaces
gei-0/1/0/4 and gei-0/1/0/5. Configure loopback1 and specify the loopback1 address
as the LDP router ID.
4. Configure the IP addresses of loopback1 and gei-0/1/0/6. Configure a VRF called
test1. Bind the sub-interface gei-0/1/0/7.10 to the test1 and configure IP address.
Configure OSPF and advertise the network segment 10.0.0.0/8 in OSPF. Establish
MPBGP neighborhood between PE1 and PE2, and enable VPNv4. Establish OSPF
neighborhood between CE2 and PE2. Enable LDP on the interface gei-0/1/0/6.
5. Configure the IP addresses of loopback1 and gei-0/1/0/8.10. Configure OSPF and
advertise the network segments 10.10.10.2 and loopback 200.1.1.1 in OSPF.
Configuration Command
Configuration on CE1:
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 100.1.1.1 255.255.255.0
CE1(config-if-loopback1)#exit
CE1(config)#interface gei-0/1/1/1
CE1(config-if-gei-0/1/1/1)#no shutdown
CE1(config-if-gei-0/1/1/1)#ip address 10.1.1.2 255.255.255.0
CE1(config-if-gei-0/1/1/1)#exit
3-23
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on PE1:
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 10.10.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/3
PE1(config-if-gei-0/1/0/3)#no shutdown
PE1(config-if-gei-0/1/0/3)#ip address 10.10.12.1 255.255.255.0
PE1(config-if-gei-0/1/0/3)#exit
PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#ip vrf forwarding test1
PE1(config-if-gei-0/1/0/2)#ip address 10.1.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 10.10.1.1
PE1(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE1(config-ospf-1)#exit
3-24
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on P:
P(config)#interface gei-0/1/0/4
P(config-if-gei-0/1/0/4)#no shutdown
P(config-if-gei-0/1/0/4)#ip address 10.10.12.2 255.255.255.0
P(config-if-gei-0/1/0/4)#exit
P(config)#interface gei-0/1/0/5
P(config-if-gei-0/1/0/5)#no shutdown
P(config-if-gei-0/1/0/5)#ip address 10.10.23.2 255.255.255.0
P(config-if-gei-0/1/0/5)#exit
P(config)#interface loopback1
P(config-if-loopback1)#ip address 10.10.2.2 255.255.255.255
P(config-if-loopback1)#exit
P(config)#router ospf 1
P(config-ospf-1)#router-id 10.10.2.2
P(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
P(config-ospf-1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 10.10.3.3 255.255.255.255
3-25
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#interface gei-0/1/0/7.10
PE2(config-if-gei-0/1/0/7.10)#exit
PE2(config)#vlan-configuration
PE2(config-vlan)#interface gei-0/1/0/7.10
PE2(config-vlan-if-gei-0/1/0/7.10)#encapsulation-dot1q 10
PE2(config-vlan-if-gei-0/1/0/7.10)#exit
PE2(config-vlan)#exit
PE2(config)#interface gei-0/1/0/7.10
PE2(config-if-gei-0/1/0/7.10)#ip vrf forwarding test1
PE2(config-if-gei-0/1/0/7.10)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-gei-0/1/0/7.10)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)# router-id 10.10.3.3
PE2(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE2(config-ospf-1)#exit
3-26
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on CE2:
CE2(config)#interface loopback1
CE2(config-if-loopback1)#ip address 200.1.1.1 255.255.255.0
CE2(config-if-loopback1)#exit
CE2(config)#interface gei-0/1/0/8.10
CE2(config-if-gei-0/1/0/8.10)#exit
CE2(config)#vlan-configuration
CE2(config-vlan)#interface gei-0/1/0/8.10
CE2(config-vlan-if-gei-0/1/0/8.10)#encapsulation-dot1q 10
CE2(config-vlan-if-gei-0/1/0/8.10)#exit
CE2(config-vlan)#exit
CE2(config)#interface gei-0/1/0/8.10
CE2(config-if-gei-0/1/0/8.10)#ip address 10.10.10.2 255.255.255.0
CE2(config-if-gei-0/1/0/8.10)#exit
CE2(config)#router ospf 1
CE2(config-ospf-1)#network 10.10.10.2 0.0.0.255 area 0
CE2(config-ospf-1)#network 200.1.1.1 0.0.0.255 area 0
CE2(config-ospf-1)#exit
Configuration Verification
View the EBGP connection running between CE1 and PE1, as shown in the following:
PE1#show bgp vpnv4 unicast vrf-summary test1
Neighbor
Ver
As
MsgRcvd
MsgSend
Up/Down
10.1.1.1
100
12
00:00:09
State/PfxRcd
0
View the routing table of CE1. Here, the BGP route is the VPN route learnt by CE1.
CE1#show ip forwarding route
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest
Gw
Interface
Owner
Pri
Metric
10.1.1.0/24
10.1.1.2
gei-0/1/0/1
Direct
10.1.1.2/32
10.1.1.2
gei-0/1/0/1
Address
3-27
SJ-20140731105308-013|2014-10-20 (R1.0)
100.1.1.1
loopback1
Direct
100.1.1.1/32
100.1.1.1
loopback1
Address
200.1.1.1/32
10.1.1.1
gei-0/1/0/1
20
BGP
Interface Name
Address
CE1
gei-0/1/0/1
10.1.1.2/24
gei-0/1/0/9
20.1.1.2/24
gei-0/1/0/2
10.1.1.1/24
gei-0/1/0/3
10.10.12.1/24
gei-0/1/0/4
10.10.12.2/24
gei-0/1/0/5
10.10.23.2/24
gei-0/1/0/6
10.10.23.3/24
gei-0/1/0/7.10
10.10.10.1/24
gei-0/1/0/8.10
10.10.10.2/24
gei-0/1/0/10
20.1.1.1/24
PE1
PE2
CE2
3-28
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure the IP addresses of loopback and physical interfaces on CE1. Configure
OSPF route.
2. Advertise the loopback interface IP address and the direct-connected network
segment in OSPF.
3. Set up SHAM-LINK.
Configuration Command
Configuration on CE1:
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 100.1.1.1 255.255.255.0
CE1(config-if-loopback1)#exit
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip address 10.1.1.2 255.255.255.0
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#interface gei-0/1/0/9
CE1(config-if-gei-0/1/0/9)#no shutdown
CE1(config-if-gei-0/1/0/9)#ip address 20.1.1.2 255.255.255.0
CE1(config-if-gei-0/1/0/9)#exit
CE1(config)#router ospf 1
CE1(config-ospf-1)#network 10.1.1.0 0.0.0.255 area 0
CE1(config-ospf-1)#network 20.1.1.0 0.0.0.255 area 0
CE1(config-ospf-1)#network 100.1.1.1 0.0.0.0 area 0
CE1(config-ospf-1)#exit
Configuration on PE1:
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 10.10.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/3
PE1(config-if-gei-0/1/0/3)#no shutdown
PE1(config-if-gei-0/1/0/3)#ip address 10.10.12.1 255.255.255.0
PE1(config-if-gei-0/1/0/3)#exit
PE1(config)#interface loopback64
3-29
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip vrf forwarding test1
PE1(config-if-gei-0/1/0/2)#ip address 10.1.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 10.10.1.1
PE1(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE1(config-ospf-1)#exit
Configuration on P:
P(config)#interface gei-0/1/0/4
P(config-if-gei-0/1/0/4)#no shutdown
P(config-if-gei-0/1/0/4)#ip address 10.10.12.2 255.255.255.0
P(config-if-gei-0/1/0/4)#exit
3-30
SJ-20140731105308-013|2014-10-20 (R1.0)
P(config)#interface loopback1
P(config-if-loopback1)#ip address 10.10.2.2 255.255.255.255
P(config-if-loopback1)#exit
P(config)#router ospf 1
P(config-ospf-1)#router-id 10.10.2.2
P(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
P(config-ospf-1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 10.10.3.3 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/6
PE2(config-if-gei-0/1/0/6)#no shutdown
PE2(config-if-gei-0/1/0/6)#ip address 10.10.23.3 255.255.255.0
PE2(config-if-gei-0/1/0/6)#exit
PE2(config)#interface loopback64
PE2(config-if-loopback64)#ip vrf forwarding test1
PE2(config-if-loopback64)#ip address 64.64.64.2 255.255.255.255
PE2(config-if-loopback64)#exit
3-31
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#interface gei-0/1/0/7.10
PE2(config-if-gei-0/1/0/7.10)#exit
PE2(config)#vlan-configuration
PE2(config-vlan)#interface gei-0/1/0/7.10
PE2(config-vlan-if-gei-0/1/0/7.10)#encapsulation-dot1q 10
PE2(config-vlan-if-gei-0/1/0/7.10)#exit
PE2(config-vlan)#exit
PE2(config)#interface gei-0/1/0/7.10
PE2(config-if-gei-0/1/0/7.10)#ip vrf forwarding test1
PE2(config-if-gei-0/1/0/7.10)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-gei-0/1/0/7.10)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 10.10.3.3
PE2(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE2(config-ospf-1)#exit
Configuration on CE2:
CE2(config)#interface loopback1
CE2(config-if-loopback1)#ip address 200.1.1.1 255.255.255.0
CE2(config-if-loopback1)#exit
3-32
SJ-20140731105308-013|2014-10-20 (R1.0)
CE2(config)#vlan-configuration
CE2(config-vlan)#interface gei-0/1/0/8.10
CE2(config-vlan-if-gei-0/1/0/8.10)#encapsulation-dot1q 10
CE2(config-vlan-if-gei-0/1/0/8.10)#exit
CE2(config-vlan)#exit
CE2(config)#interface gei-0/1/0/8.10
CE2(config-if-gei-0/1/0/8.10)#ip address 10.10.10.2 255.255.255.0
CE2(config-if-gei-0/1/0/8.10)#exit
CE2(config)#interface gei-0/1/0/10
CE2(config-if-gei-0/1/0/10)#ip address 20.1.1.1 255.255.255.0
CE2(config-if-gei-0/1/0/10)#exit
CE2(config)#router ospf 1
CE2(config-ospf-1)#network 10.10.10.0 0.0.0.255 area 0
CE2(config-ospf-1)#network 200.1.1.0 0.0.0.255 area 0
CE2(config-ospf-1)#network 20.1.1.0 0.0.0.255 area 0
CE2(config-ospf-1)#exit
Configuration Verification
Displays shamlink neighbor information on PE1.
ZXR10(config)#show ip ospf neighbor detail process 100
OSPF Router with ID (64.64.64.1) (Process ID 100)
Neighbor 0.0.0.0
In the area 0.0.0.0
Via interface sl(To 64.64.64.2) 64.64.64.2
State DOWN, Priority 0, Cost 1
Queue count : Retransmit 0, DD 0, LS Req 0
Dead time : 00:00:40 Options : 0x0
In Full State for 00:00:09
3-33
SJ-20140731105308-013|2014-10-20 (R1.0)
OSPF 110 2
Then displays the routes information to CE2 on CE1. The route is forwarding through PE1.
ZXR10#show ip forwarding route 200.1.1.1
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest Gw Interface Owner Pri Metric
*> 200.1.1.1/32 104.1.1.1 gei-0/1/0/1 OSPF 110 4
l
l
The storage of BGP routing tables occupies much memory of a router, and the router
also needs quite a lot resources to transfer and process routing information. In
addition, the bandwidth required for transferring and processing routing information
also needs numerous resources. Using route aggregation can dramatically minimize
the scale of a routing table.
By aggregating route entries, route aggregation can hide some specific routes and
thus reduce the impact of route flapping on the network.
BGP route aggregation, combined with flexible routing policies, can allow BGP to
transfer and control route information more effectively.
3-34
SJ-20140731105308-013|2014-10-20 (R1.0)
l
l
Combined with routing policies, route aggregation can realize link backup and load
sharing, and thus can fully satisfy various networking requirements.
If VPN route aggregation can be applied in L3VPN, the number of route entries
transferred and stored by BGP can also be decreased.
However, as route aggregation hides some specific routes, there is a risk of routing loop.
Therefore, network designers should evaluate the risk before using route aggregation.
Manual aggregation
Create an aggregation rule to realize aggregation. Announce the aggregation route
determined by the aggregate command, provided that the specific routes of the
aggregation route have been added to the BGP routing table. The specific routes
can be the routes learned from neighbors, or introduced IGP routes, or BGP routes
generated with the network command.
Manual aggregation is more flexible and maintainable. It has been realized by most
vendors and accepted by many users.
Steps
1. Configure MPLS L3VPN route aggregation.
Step
Command
Function
ZXR10(config-bgp-af-ipv4-vrf)#aggregate-address
<ip-address><net-mask>{[as-set],[summary-only],[strict],[a
ttribute-map<map-tag>],[ suppress-map<map-tag>]}
3-35
SJ-20140731105308-013|2014-10-20 (R1.0)
Function
End of Steps
Interface Name
Address
CE1
gei-0/1/0/1
20.0.0.2/24
3-36
SJ-20140731105308-013|2014-10-20 (R1.0)
Device
Interface Name
Address
gei-0/1/0/2
20.0.0.1/24
gei-0/1/0/4
30.0.0.1/24
gei-0/1/0/5
10.0.0.1/24
PE2
gei-0/1/0/6
10.0.0.2/24
CE2
gei-0/1/0/3
30.0.0.2/24
PE1
Configuration Flow
1. Establish MP-BGP neighborhood between PE1 and PE2. The loopback address of
PE1 is 1.1.1.1/32, and that of PE2 is 1.1.1.2/32.
2. Configure the same vpn1 on PE1 and PE2. Bind gei-0/1/0/2 and gei-0/1/0/4 to VPN1.
3. Establish EBGP neighborhood between CE2 and PE1, CE1 and PE1 respectively.
Configuration Command
Configuration on CE1:
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip address 20.0.0.2 255.255.255.0
CE1(config-if-gei-0/1/0/1)#exit
Configuration on CE2:
CE2(config)#interface gei-0/1/0/3
CE2(config-if-gei-0/1/0/3)#no shutdown
CE2(config-if-gei-0/1/0/3)#ip address 30.0.0.2 255.255.255.0
CE2(config-if-gei-0/1/0/3)#exit
Configuration on PE1:
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
3-37
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/5
PE1(config-if-gei-0/1/0/5)#no shutdown
PE1(config-if-gei-0/1/0/5)#ip address 10.0.0.1 255.255.255.0
PE1(config-if-gei-0/1/0/5)#exit
PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip vrf forwarding test1
PE1(config-if-gei-0/1/0/2)#ip address 20.0.0.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#interface gei-0/1/0/4
PE1(config-if-gei-0/1/0/4)#no shutdown
PE1(config-if-gei-0/1/0/4)#ip vrf forwarding test1
PE1(config-if-gei-0/1/0/4)#ip address 30.0.0.1 255.255.255.0
PE1(config-if-gei-0/1/0/4)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.1.1.1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#exit
3-38
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on PE2:
PE2(config)#ip vrf test1
PE2(config-vrf-test1)#rd 100:1
PE2(config-vrf-test1)#address-family ipv4
PE2(config-vrf-test1-af-ipv4)#route-target import 100:1
PE2(config-vrf-test1-af-ipv4)#route-target export 100:1
PE2(config-vrf-test1-af-ipv4)#exit
PE2(config-vrf-test1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/6
PE2(config-if-gei-0/1/0/6)#no shutdown
PE2(config-if-gei-0/1/0/6)#ip address 10.0.0.2 255.255.255.0
PE2(config-if-gei-0/1/0/6)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.1.1.2
PE2(config-ospf-1)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#exit
Configuration Verification
View VRF routing table on PE1. Here, both the sub-routes and the aggregated route can
be viewed.
PE1(config)#show ip protocol routing
vrf test1
3-39
SJ-20140731105308-013|2014-10-20 (R1.0)
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
*>
150.0.0.0/8
0.0.0.0
87
notag
254
BGP-AD
*>
150.1.0.0/16
20.0.0.2
86
notag
20
BGP-EXT
*>
150.2.0.0/16
30.0.0.2
85
notag
20
BGP-EXT
View PE2 routing table. Here, only the aggregated route can be viewed.
PE2(config)#show ip protocol routing
vrf test1
Dest
*> 150.0.0.0/8
NextHop
Intag
1.1.1.1
165366
Outtag
87
RtPrf
Protocol
200
BGP-INT
Direct connection
Static
Dynamic unicast route protocol
The function of L3VPN Route Limit controls the routes to access to PE from CE through
many methods.
3-40
SJ-20140731105308-013|2014-10-20 (R1.0)
Figure 3-12 shows the flow of adding a dynamic route learned by a dynamic routing protocol
to the VRF routing table.
3-41
SJ-20140731105308-013|2014-10-20 (R1.0)
The function of L3VPN route restriction and alarm can improve the performance of PE,
enhance network security, and avoid network attacks caused by mass routes poured into
the network.
Steps
1. Set the maximum number of routes in a VRF and configure the alarm function.
Step
Command
Function
3-42
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-vrf-vrf-name)#address-family
{ipv4|ipv6}
family.
ZXR10(config-vrf-vrf-name-af-ipv4)#maximum
ZXR10(config-vrf-vrf-name-af-ipv6)#maximum
Function
By showing VRF configuration in detail, the information of route restriction and alarm
can be viewed.
End of Steps
Configuration Command
1. To establish EBGP neighborhood between PE1 and CE1, configure PE1 as follows,
PE1(config)#router bgp 100
3-43
SJ-20140731105308-013|2014-10-20 (R1.0)
Run the show ip vrf detail zte to view the configuration result of maximum routes.
Enable alarm and terminal monitor functions on PE1 to view the alarm if the number
of routes exceeds the threshold.
PE1#terminal monitor
PE1#configure terminal
PE1#(config)#logging on
3. CE1 advertises 50 EBGP route entries to PE1 (it does not exceed the 60% of alarm
threshold value). Run the show ip protocol routing vrf zte command to view the 50
VRF EBGP route entries on PE1. PE1 does not give any alarm.
4. CE1 continues to advertise 20 EBGP route entries to PE1. There are 70 EBGP route
entries now (It exceeds 60% of alarm threshold value). Run the show ip protocol rout
ing vrf-summary zte command on PE1 to view the 70 VRF EBGP route entries. PE1
gives an alarm.
PE1(config)#show ip protocol routing vrf-summary zte
VRF
Source
Count
connected:
static:
ospf:
rip:
bgp:
70
isis:
icmp:
snmp:
nat:
natpt:
vrrp:
ppp:
asbr_vpn:
3-44
SJ-20140731105308-013|2014-10-20 (R1.0)
usr-ipaddr:
usr-net:
ipsec:
ps-user:
ps-busi:
ves:
ldp:
user-special:
dhcp-dft:
dhcp-static:
sl_nat64_v4:
Total:
72
5. CE1 continues to advertise 40 route entries to PE1. There are 100 EBGP route entries
(It exceeds 100 of alarm threshold value). Run the show ip protocol routing vrf-summ
ary zte command on PE1 to view the 100 VRF EBGP route entries.
PE1(config)#show ip protocol routing vrf-summary zte
VRF Source Count
connected: 2
static: 0
ospf: 0
rip: 0
bgp: 100
isis: 0
icmp: 0
snmp: 0
nat: 0
natpt: 0
vrrp: 0
ppp: 0
asbr_vpn: 0
rsvpte: 0
usr-ipaddr: 0
usr-net: 0
ipsec: 0
ps-user: 0
ps-busi: 0
3-45
SJ-20140731105308-013|2014-10-20 (R1.0)
The alarm that the number of VRF routes exceeds the threshold value is displayed by
PE1.
An alarm 200310 ID 3441 level 3 occurred at 10:16:59 05-06-2013
sent by PE1 MPU-0/11/0 %L3VPN% Routes limit is exceeded.
Error data:The routes limit of zte is exceeded
6. CE1 cancels the route entries that it advertised to PE1 before, and it advertises another
50 EBGP route entries to PE1. Run the show ip protocol routing vrf-summary zte
command on PE1 to view the 50 VRF EBGP routes. PE1 does not give any alarm.
7. Modify the route alarm threshold of VRF zte to 40% on PE1. The upper limitation of
route is still 100 entries.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 40
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit
Run the show ip vrf detail zte command to view the configuration result of the maximum
routes command. It shows that there are 50 route entries and PE1 does not give any
alarm.
8. CE1 cancels the 50 EBGP route entries that it advertised to PE1 before, and it
advertises to PE1 again. PE1 gives an alarm to prompt that the route alarm threshold
is exceeded.
An alarm 200311 ID 3442 level 5 occurred at 10:16:59 05-06-2013
sent by PE1 MPU-0/11/0 %L3VPN% Routes warning limit is exceeded.
Warning data:The routes warning limit of zte is exceeded
9. Configure warning-only function of VPN route restriction alarm on vrf zte on PE1.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 warning-only
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit
10. View the current route number, route restriction value and alarm threshold value of vrf
zte on PE1. The route number is 50, the route threshold value is not exceeded. There
is no alarm appears.
PE1(config)#show ip vrf detail zte
VRF zte (VRF Id = 1); default RD 1:1
3-46
SJ-20140731105308-013|2014-10-20 (R1.0)
Ttl-mode: pipe
Ds-mode: pipe
No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Mpls label mode:
ipv4 VRF label allocation mode: per-prefix
ipv6 VRF label allocation mode: per-prefix
per-vrf inlabel: 213009
Interfaces:
gei-0/1/0/1.1
gei-0/1/0/5
11. Advertise 60 routes from CE1. The route number exceeds the threshold value. PE1
displays the corresponding alarm. VRF zte of PE1 does not restrict the routes if the
number of routes exceeds 100. On PE1, you can run the show ip protocol routing
vrf-summary zte command and identify that there are a total of 110 routes.
An alarm 200310 ID 143
3-47
SJ-20140731105308-013|2014-10-20 (R1.0)
No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Mpls label mode:
ipv4 VRF label allocation mode: per-prefix
ipv6 VRF label allocation mode: per-prefix
per-vrf inlabel: 213009
Interfaces:
gei-0/1/0/1.1
gei-0/1/0/5
3-48
SJ-20140731105308-013|2014-10-20 (R1.0)
Steps
1. On the ZXR10 M6000-S, run the following commands to configure a global static route.
Step
Command
Function
ZXR10(config-bgp-af)#redistribute static
<vrf-name>: specifies a VRF where the static route is configured, range: 132
characters.
3-49
SJ-20140731105308-013|2014-10-20 (R1.0)
Function
End of Steps
3-50
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configures a global static route, with the destination address being a private network
address, and the next hop of the destination address being a public network address.
2. Redistribute the static route.
3. Establish a BGP neighbor between a CE and a PE.
Configuration Command
Configuration on CE1:
CE1(config)#interface gei-0/1/0/3
CE1(config-if-gei-0/1/0/3)#no shutdown
CE1(config-if-gei-0/1/0/3)#ip address 33.24.1.5 255.255.255.0
CE1(config-if-gei-0/1/0/3)#exit
CE1(config)#router bgp 1
CE1(config-bgp)#neighbor 33.24.1.6 remote-as 2
CE1(config-bgp)#exit
Configuration on PE1:
PE1(config)#tunnel-policy 11
PE1(config-tunnel-policy-11)#tunnel select-seq ldp-lsp te-lsp
PE1(config-tunnel-policy-11)#exit
PE1(config)#ip vrf wy
PE1(config-vrf-wy)#rd 1:100
PE1(config-vrf-wy)#route-target both 1:100
PE1(config-vrf-wy)#address-family ipv4
PE1(config-vrf-wy-af-ipv4)#peer 64.1.1.4 tunnel-policy 11
PE1(config-vrf-wy-af-ipv4)#static-outlabel 64.1.1.4 31
PE1(config-vrf-wy-af-ipv4)#exit
PE1(config-vrf-wy)#static-inlabel 21
PE1(config-vrf-wy)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip vrf forwarding wy
PE1(config-if-gei-0/1/0/1)#ip address 33.24.1.6 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip address 21.33.1.6 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#interface loopback64
PE1(config-if-loopback64)#ip address 64.1.1.6 255.255.255.0
PE1(config-if-loopback64)#exit
3-51
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#router ospf 1
PE1(config-ospf-1)#network 21.33.1.0 0.0.0.255 area 0
PE1(config-ospf-1)#network 64.1.1.6 0.0.0.0 area 0
PE1(config-ospf-1)#exit
PE1(config)#router bgp 2
PE1(config-bgp)#address-family ipv4 vrf wy
PE1(config-bgp-af-ipv4-vrf)#neighbor 33.24.1.5 remote-as 1
PE1(config-bgp-af-ipv4-vrf)#redistribute static
PE1(config-bgp-af-ipv4-vrf)#end
Configuration on PE2:
PE2(config)#tunnel-policy 11
PE2(config-tunnel-policy-11)#tunnel select-seq ldp-lsp te-lsp
PE2(config-tunnel-policy-11)#exit
PE2(config)#ip vrf wy
PE2(config-vrf-wy)#rd 1:100
PE2(config-vrf-wy)#route-target both 1:100
PE2(config-vrf-wy)#address-family ipv4
PE2(config-vrf-wy-af-ipv4)#peer 64.1.1.6 tunnel-policy 11
PE2(config-vrf-wy-af-ipv4)#static-outlabel 64.1.1.6 21
PE2(config-vrf-wy-af-ipv4)#exit
PE2(config-vrf-wy)#static-inlabel 31
PE2(config-vrf-wy)#exit
PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#ip vrf forwarding wy
PE2(config-if-gei-0/1/0/1)#ip address 20.1.1.4 255.255.255.0
PE2(config-if-gei-0/1/0/1)#exit
PE2(config)#interface gei-0/1/0/2
PE2(config-if-gei-0/1/0/2)#no shutdown
PE2(config-if-gei-0/1/0/2)#ip address 21.33.1.4 255.255.255.0
PE2(config-if-gei-0/1/0/2)#exit
PE2(config)#interface loopback64
PE2(config-if-loopback64)#ip address 64.1.1.4 255.255.255.0
3-52
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#router ospf 1
PE2(config-ospf-1)#network 20.1.1.0 0.0.0.255 area 0
PE2(config-ospf-1)#network 64.1.1.4 0.0.0.0 area 0
PE2(config-ospf-1)#exit
PE2(config)#router bgp 2
PE2(config-bgp)#address-family ipv4 vrf wy
PE2(config-bgp-af-ipv4-vrf)#neighbor 20.1.1.3 remote-as 1
PE2(config-bgp-af-ipv4-vrf)#redistribute static
PE2(config-bgp-af-ipv4-vrf)#end
Configuration on CE2:
CE2(config)#interface gei-0/1/0/3
CE2(config-if-gei-0/1/0/3)#no shutdown
CE2(config-if-gei-0/1/0/3)#ip address 20.1.1.3 255.255.255.0
CE2(config-if-gei-0/1/0/3)#exit
CE2(config)#router bgp 1
CE2(config-bgp)#neighbor 20.1.1.4 remote-as 2
CE2(config-bgp)#exit
Configuration Verification
Check the configuration on PE1:
PE1(config)#show ip protocol routing vrf wy
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest
*> 20.1.1.0/24
*> 33.24.1.0/24
NextHop
64.1.1.4
33.24.1.6
Intag
notag
notag
Outtag
RtPrf
31
notag
1
0
Protocol
Static
Direct
3-53
SJ-20140731105308-013|2014-10-20 (R1.0)
33.24.1.6
notag
notag
Address
Interface
Owner
Pri Metric
*> 20.1.1.0/24
Dest
64.1.1.4
gei-0/2/0/1
STAT-V
*> 33.24.1.0/24
33.24.1.6
gei-0/2/0/4
Direct
*> 33.24.1.6/32
33.24.1.6
gei-0/2/0/4
Address 0
NextHop
Intag
Outtag
RtPrf
Protocol
*> 20.1.1.4/32
20.1.1.4
notag
notag
Address
20.1.1.4
notag
notag
Direct
notag
21
Static
20.1.1.4/32
Pri
Metric
*> 20.1.1.4/32
Dest
20.1.1.4 loopback63
Gw
Interface
Address
*> 33.24.1.0/24
64.1.1.6 gei-0/3/0/3
STAT-V
3-54
SJ-20140731105308-013|2014-10-20 (R1.0)
Gw
Interface
Owner
Pri
33.24.1.6
gei-0/1/0/1
bgp
200
Metric
VPN FRR uses the VPN-based quick private network route switching technology. It sets
active/standby forwarding entries pointing to the active and standby PEs on the remote PE
in advanced. According to these forwarding entries, together with quick PE fault detection,
3-55
SJ-20140731105308-013|2014-10-20 (R1.0)
VPN FRR can switch VPN traffic to the standby path before VPN route convergence is
completed. The detailed process is as follows:
1. Detect a fault quickly. The technologies usually used include BFD and physical signal
detection.
2. Modify the forwarding plane and change the traffic over to the standby path that has
been calculated out.
3. Perform route re-convergence.
4. After route re-convergence, change the traffic over to the optimal path.
Steps
1. Configure L3VPN FRR.
Step
Command
Function
vpn-name>
ZXR10(config-bgp-af-ipv4-vrf)#bgp frr
Function
vpn-name>
route.
End of Steps
Configuration Flow
1. According to the network topology, construct an MP-BGP network for PE1, PE2 and
PE3.
2. Establish OSPF neighbor relationship with the VRF access interfaces of PE2 and PE3
on CE2. Establish OSPF neighbor relationship between CE2 and R1.
3. Redistribute OSPF in VRF address family configuration mode on PE2 and PE3.
4. Configure FRR in the VRF instance on PE1.
Configuration Command
The configuration of PE1:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 172.20.96.2 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface xgei-0/2/0/3
PE1(config-if-xgei-0/2/0/3)#no shutdown
PE1(config-if-xgei-0/2/0/3)#ip address 172.20.130.18 255.255.255.0
PE1(config-if-xgei-0/2/0/3)#exit
PE1(config)#interface xgei-0/2/0/2
PE1(config-if-xgei-0/2/0/2)#no shutdown
PE1(config-if-xgei-0/2/0/2)#ip address 172.20.130.221 255.255.255.0
PE1(config-if-xgei-0/2/0/2)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 172.20.96.2
PE1(config-ospf-1)#network 172.20.130.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#network 172.20.96.2 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#exit
3-57
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface gei-0/5/1/10
PE1(config-if-gei-0/5/1/10)#no shutdown
PE1(config-if-gei-0/5/1/10)#ip vrf forwarding zte
PE1(config-if-gei-0/5/1/10)#ip address 202.10.10.61 255.255.255.0
PE1(config-if-gei-0/5/1/10)#exit
3-58
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#interface xgei-0/5/0/1
PE2(config-if-xgei-0/5/0/1)#no shutdown
PE2(config-if-xgei-0/5/0/1)#ip address 172.20.130.17 255.255.255.0
PE2(config-if-xgei-0/5/0/1)#exit
PE2(config)#interface xgei-0/5/0/3
PE2(config-if-xgei-0/5/0/3)#no shutdown
PE2(config-if-xgei-0/5/0/3)#ip vrf for zte
PE2(config-if-xgei-0/5/0/3)#ip address 200.1.1.60 255.255.255.0
PE2(config-if-xgei-0/5/0/3)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 172.20.96.1
PE2(config-ospf-1)#network 172.20.130.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#network 172.20.96.1 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#exit
3-59
SJ-20140731105308-013|2014-10-20 (R1.0)
PE3(config)#interface xgei-0/0/0/4
PE3(config-if-xgei-0/0/0/4)#no shutdown
PE3(config-if-xgei-0/0/0/4)#ip address 172.20.130.222 255.255.255.0
PE3(config-if-xgei-0/0/0/4)#exit
PE3(config)#interface xgei-0/0/0/1
PE3(config-if-xgei-0/0/0/1)#no shutdown
PE3(config-if-xgei-0/0/0/1)#ip vrf forwarding zte
PE3(config-if-xgei-0/0/0/1)#ip address 100.1.1.63 255.255.255.0
PE3(config-if-xgei-0/0/0/1)#exit
PE3(config)#router ospf 1
PE3(config-ospf-1)#router-id 172.20.108.2
PE3(config-ospf-1)#network 172.20.130.0 0.0.0.255 area 0.0.0.0
PE3(config-ospf-1)#network 172.20.108.2 0.0.0.0 area 0.0.0.0
PE3(config-ospf-1)#exit
3-60
SJ-20140731105308-013|2014-10-20 (R1.0)
CE2(config)#router ospf 1
CE2(config-ospf-1)#network 100.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#network 200.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#network 192.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#exit
Configuration Verification
Verify the configuration on PE1.
PE1#show ip protocol routing vrf zte
network 192.1.1.0 mask 255.255.255.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
*>
192.1.1.0/24
172.20.108.2
213015
213400
200
BGP-INT
*>
192.1.1.0/24
172.20.96.1
213015
213008
200
BGP-INT
Gw
Interface
Owner
Pri Metric
192.1.1.0/24
172.20.108.2
xgei-0/2/0/2
BGP
200 3
3-61
SJ-20140731105308-013|2014-10-20 (R1.0)
213400
213008
According to the information, VPN FRR relationship is formed on PE1. When the active
link between PE1 and PE2 is down, VPN FRR on PE1 will change the traffic over to the
standby link from the active link, thus accomplishing fast changeover.
3-62
SJ-20140731105308-013|2014-10-20 (R1.0)
Figure 3-17 Network Structure for L3VPN Access Side FRR Configuration
Configuration Flow
1. Establish an MP-IBGP environment between PE1 and PE2.
2. Create IS-IS neighbor relationships between CE1 and PE1s VRF interface and between CE2 and PE2s VRF interface respectively.
3. Redistribute IS-IS links under the VRF address families of PE1 and PE2 respectively.
4. Configure FRR under the VRF of PE1.
Configuration Commands
Configure CE1 as follows:
/*Configure IP addresses of interfaces as follows:*/
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip address 100.101.1.11 255.255.255.0
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#interface gei-0/1/0/2
CE1(config-if-gei-0/1/0/2)#no shutdown
CE1(config-if-gei-0/1/0/2)#ip address 100.101.2.11 255.255.255.0
CE1(config-if-gei-0/1/0/2)#exit
3-63
SJ-20140731105308-013|2014-10-20 (R1.0)
3-64
SJ-20140731105308-013|2014-10-20 (R1.0)
3-65
SJ-20140731105308-013|2014-10-20 (R1.0)
activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#address-family ipv4 vrf zte
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#redistribute isis-1-2 2
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit
3-66
SJ-20140731105308-013|2014-10-20 (R1.0)
255.255.255.0
CE2(config-if-gei-0/1/0/4)#exit
LDP
VRF
MP-BGP
By means of the three configurations above, the multiple routes formed load balancing in
MPLS VPN outer layer, inner layer and CE side to perform the load balancing of multiple
links in private and public networks.
According to the two policies, flow-based and destination-based, load equation, directional
and link backup.
3-67
SJ-20140731105308-013|2014-10-20 (R1.0)
There are two possible transmission paths between PE1 and PE2.
l
l
Usually, the data is only transmitted along one LSP, supposing it is LSP1. However, in
some special cases, such as bandwidth restriction, congestion and so on, LDP equates
the data traffic according to the rules, allocates the data to LSP2 for forwarding, thus to
realize LDP load balancing.
To realize LDP load sharing, it is not necessary to configure LDP, but related routing
protocols must support LDP load sharing. For details, refer to ZXR10 M6000-S
Configuration Guide (MPLS).
Load sharing needs some conditions: CE2 respectively notifies PE2 and PE3 of the same
route. PE2 and PE3 forward the route to PE1 and connect the VRF bound with R1 on
PE1. Load sharing is configured under the VRF cluster of the corresponding BGP. On PE1,
load-shared routes also need some conditions: The routes are received from neighbors of
the same AS. The routes have the same origin attribute, local priority attribute, and as-path
attribute.
Steps
1. Configure the load sharing mode.
Step
Command
Function
ZXR10(config)#interface {<interface-name>|
byname <byname>}
mode.
ZXR10(config-if-interface-name)#ip
load-sharing [per-packet|per-destination]
3-69
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
tag<1~4294967295>]
PE.
Command
Function
<vrf-name>
ZXR10(config-rip-af)#maximum-paths
<1~32>
Command
Function
<vrf-name>
ZXR10(config-bgp-af-ipv4-vrf)#maximum-p
aths[ibgp]<1~32>
Function
ZXR10(config-isis-process-id)#maximum-paths
<1~32>
Function
ZXR10(config-ospf-process-id)#maximum-paths
<1~32>
Command
Function
End of Steps
Steps
1. Configure the load sharing mode.
Step
Command
Function
ZXR10(config)#interface {<interface-name>|
byname <byname>}
mode.
ZXR10(config-if-interface-name)#ip
Command
Function
<vrf-name>
3
ZXR10(config-bgp-af-ipv4-vrf)#maximum-path
s[ibgp]<1~32>
Function
Distinguisher><ip-address><mask>
End of Steps
3-71
SJ-20140731105308-013|2014-10-20 (R1.0)
Take OSPF route load sharing as an example. The configuration on two routers is as
follows:
Router
Loopback Interface
and Address
R1
gei-0/1/0/1 1.1.1.1/24
gei-0/1/0/3 2.2.2.2/24
loopback1 4.4.4.4
R2
gei-0/1/0/1 1.1.1.2/24
gei-0/1/0/3 2.2.2.3/24
loopback1 5.5.5.5
Configuration Flow
1. Configure the interface addresses on each LSR.
2. Configure the local OSPF rule on two LSRs.
3. Configure the MPLS LDP function, and add related interfaces to LDP.
Configuration Command
The configuration on R1 is as follows:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ip address 1.1.1.1 255.255.255.0
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface gei-0/1/0/3
R1(config-if-gei-0/1/0/3)#no shutdown
R1(config-if-gei-0/1/0/3)#ip address 2.2.2.2 255.255.255.0
R1(config-if-gei-0/1/0/3)#exit
R1(config)#interface loopback1
R1(config-if-loopback1)#ip address 4.4.4.4
255.255.255.255
R1(config-if-loopback1)#exit
R1(config)#router ospf 1
R1(config-ospf-1)#router-id 4.4.4.4
R1(config-ospf-1)#network 4.4.4.4
0.0.0.0 area 0
3-72
SJ-20140731105308-013|2014-10-20 (R1.0)
R2(config)#router ospf 1
R2(config-ospf-1)#router-id 5.5.5.5
R2(config-ospf-1)#network 1.1.1.0 0.0.0.255 area 0
R2(config-ospf-1)#network 2.2.2.0 0.0.0.255 area 0
R2(config-ospf-1)#network 5.5.5.5 0.0.0.0 area 0
R2(config-ospf-1)#exit
Now, route load balancing has been realized. Next, create evenly loaded LSP links for
LDP load balancing.
3-73
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
Check the route forwarding table on R1:
R1(config)#show ip forwarding route 5.5.5.5
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best
Dest
Gw
Interface
Owner
Pri Metric
*>5.5.5.5/32
2.2.2.3
gei-0/1/0/3
OSPF
110
*>5.5.5.5/32
1.1.1.2
gei-0/1/0/1
OSPF
110
At the end of the route forwarding table, it can be seen that there are two next hops for the
destination (destination address: 5.5.5.5, mask: 255.255.255.255):
l
l
Outgoing
Prefix or
Tunnel Id
Outgoing
Next Hop
M/S
label
label
16402
Poptag
5.5.5.5/32
gei-0/1/0/3
interface
2.2.2.3
16402
Poptag
5.5.5.5/32
gei-0/1/0/1
1.1.1.2
It can be seen that there are two next hops in the label forwarding table for the network
segment of the destination (destination address: 5.5.5.5, mask: 255.255.255.255). This
means that there are two sessions between the local and remote ends for the FEC of this
network segment. That is, there are two LSPs. These two LSPs are the two next hops
displayed with the show ip forwarding route command.
Now, load balancing has been realized. You can view the MPLS load sharing information
through interface traffic statistics.
3-74
SJ-20140731105308-013|2014-10-20 (R1.0)
The VRF named "zte" exists on PE1 and PE2. RD is 1:1, and RT is 1:1. The interfaces
gei-/1/0/2, gei-/1/0/4, and gei-/1/0/5 are all bound with VRF zte. The interface addresses
are configured as follows:
Router
Interface
Address
PE1
gei-0/1/0/2
10.1.1.2/24
gei-0/1/0/4
10.1.2.2/24
gei-0/1/0/1
10.1.1.1/24
gei-0/1/0/3
10.1.2.1/24
PE2
gei-0/1/0/5
10.1.3.1/24
CE2
gei-0/1/0/6
10.1.3.2/24
CE1
Configuration Flow
1. Bound the interfaces gei-0/1/0/2, gei-0/1/0/4, and gei-0/1/0/5 to VRF zte.
2. Establish IGP neighbor and LDP neighbor respectively between PE1 and P and
between P and PE2. Notify each other of the loopback address.
3. Establish MPBGP neighbor between PE1 and PE2 by using the loopback address.
4. Configure VRF load sharing on the interfaces gei-0/1/0/1, gei-0/1/0/2, gei-0/1/0/3, and
gei-0/1/0/4. Configure the load sharing commands in VRF mode.
Configuration Command
1. Establish OSPF neighbor between CE1 and PE1.
The configuration on CE1 is as follows:
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 20.1.1.1 255.255.255.255
CE1(config-if-loopback1)#exit
CE1(config)#router ospf 10
CE1(config-ospf-10)#network 10.1.1.0 0.0.0.255 area 0
CE1(config-ospf-10)#network 10.1.2.0 0.0.0.255 area 0
3-75
SJ-20140731105308-013|2014-10-20 (R1.0)
Re-allocate OSPF routes and directly-connected routes in IPv4 vrf mode of BGP on
PE1:
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#redistribute ospf-int 10
PE1(config-bgp-af-ipv4-vrf)#redistribute connect
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit
3-76
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
On PE1, run the show ip protocol routing vrf zte command to view the related information.
You can see two routes (IP address: 20.1.1.1; subnet mask: 255.255.255.255), of which
CE1 notifies PE1. Both routes are assigned with labels:
PE1#show ip protocol routing vrf zte
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
*>
20.1.1.1/32
10.1.1.1
163840
notag
110
OSPF
*>
20.1.1.1/32
10.1.2.1
163840
notag
110
OSPF
3-77
SJ-20140731105308-013|2014-10-20 (R1.0)
Figure 3-22 Network Structure of MPLS L3VPN MPBGP Load Sharing Configuration
Example
Configuration Flow
1. PE1 establishes L3VPN respectively with PE2 and PE3.
2. CE2 establishes OSPF neighbour respectively with the VRF access interfaces of PE2
and PE3. CE2 establishes OSPF neighbour with R2.
3. Re-distribute OSPF respectively under the VRF address clusters of PE2 and PE3.
4. Configure IBGP load sharing in the VRF of PE1.
Configuration Command
For the configuration of OSPF and LDP between PEs, refer to the following commands.
The configuration of PE1 is as follows:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 172.20.96.2 255.255.255.255
PE1(config-if-loopback1)#exit
3-78
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface gei-0/5/1/10
PE1(config-if-gei-0/5/1/10)#no shutdown
PE1(config-if-gei-0/5/1/10)#ip vrf forwarding zte
PE1(config-if-gei-0/5/1/10)#ip address 202.10.10.61 255.255.255.0
PE1(config-if-gei-0/5/1/10)#exit
PE2(config)#interface gei-0/5/0/3
PE2(config-if-gei-0/5/0/3)#no shutdown
PE2(config-if-gei-0/5/0/3)#ip vrf forwarding zte
PE2(config-if-gei-0/5/0/3)#ip address 200.1.1.60 255.255.255.0
PE2(config-if-gei-0/5/0/3)#exit
3-79
SJ-20140731105308-013|2014-10-20 (R1.0)
PE3(config)#router
bgp 18004
PE3(config)#interface gei-0/0/0/1
PE3(config-if-gei-0/0/0/1)#no shutdown
PE3(config-if-gei-0/0/0/1)#ip vrf forwarding zte
PE3(config-if-gei-0/0/0/1)#ip address 100.1.1.63 255.255.255.0
PE3(config-if-gei-0/0/0/1)#exit
3-80
SJ-20140731105308-013|2014-10-20 (R1.0)
CE2(config)#router ospf 1
CE2(config-ospf-1)#network 100.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#network 200.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#network 192.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#exit
Configuration Verification
On PE1, Run the show ip protocol routing vrf command to view the related information:
PE1(config)#show ip protocol routing vrf zte network 192.1.1.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
*>
192.1.1.0/24
172.20.108.2
213003
229125
200
BGP-INT
*>
192.1.1.0/24
172.20.96.1
213003
212998
200
BGP-INT
Gw
Interface
Owner
Pri Metric
192.1.1.0/24
172.20.108.2
gei-0/2/0/2
BGP
200 3
192.1.1.0/24
172.20.96.1
gei-0/2/0/3
BGP
200 3
Next Hop
Metric
Locprf
Path
3-81
SJ-20140731105308-013|2014-10-20 (R1.0)
192.1.1.0/24
172.20.108.2
100
200
*>i
192.1.1.0/24
172.20.96.1
100
200
MPBGP have learned the VPN routes to the two remote PEs. If the following attributes
are the same, an load-shared equivalent routes can be created:
l
l
l
l
AS ID
origin
local-pref
AS-path
3-82
SJ-20140731105308-013|2014-10-20 (R1.0)
l
l
Inter-AS VPN (Option A): The VPN crossing different ASs manages its own
VPN routes between ASBRs through a dedicated interface. This is also called
"VRF-to-VRF".
Inter-AS VPN (Option B): Label VPN-IPv4 routes are distributed between ASBRs
through MP-EBGP.
Inter-AS VPN (Option C): VPN-IPv4 routes are distributed between PEs through Multi-hop MP-EBGP.
Option A uses the VRF-to-VRF mode. There is no label encapsulation between CE and
PE, and only IP packets are transferred between them. Similar to the interface between a
regular PE and CE, the interconnection interface between ASBR and PE should be bound
to VRF.
Label Distribution
As shown in Figure 3-23, the upper part shows the route and label distribution flow, and
the lower part illustrates the data packet forwarding and encapsulating flow.
Figure 3-23 Principles of MPLS L3VPN Crossing Several ASs (Option A)
Loopback Address
PE1
100.100.100.1/32
3-83
SJ-20140731105308-013|2014-10-20 (R1.0)
Router
Loopback Address
P1
100.100.100.2/32
ASBR-PE1
100.100.100.3/32
ASBR-PE2
200.200.200.3/32
P2
200.200.200.2/32
PE2
200.200.200.1/32
Data Forwarding
According to the label distribution flow as shown in Figure 3-23, the data packet
encapsulating and forwarding flow from CE2 to CE1 is as follows:
l
l
l
l
3-84
SJ-20140731105308-013|2014-10-20 (R1.0)
network label is popped on the penultimate hop of P1, and the private network label
is terminated on PE1.
From PE1 to CE1, the private network label is popped, and the IP packet is forwarded
to CE1.
LSP of the public network is broken, but LSP of the private network is connected.
As private network LSP changes next hops, private network label swapping is
required.
Data packets encapsulated and transferred between ASBRs are "private network
labels + IP packets".
Label Distribution
As shown in Figure 3-24, the upper part shows the route and label distribution flow, and
the lower part illustrates the data packet forwarding and encapsulating flow.
Figure 3-24 Principles of MPLS L3VPN Crossing Several ASs (Option B)
Loopback Address
PE1
100.100.100.1/32
P1
100.100.100.2/32
3-85
SJ-20140731105308-013|2014-10-20 (R1.0)
Router
Loopback Address
ASBR-PE1
100.100.100.3/32
ASBR-PE2
200.200.200.3/32
P2
200.200.200.2/32
PE2
200.200.200.1/32
Data Forwarding
According to the label distribution flow as shown in Figure 3-24, the data packet
encapsulating and forwarding flow from CE2 to CE1 is as follows:
l
3-86
SJ-20140731105308-013|2014-10-20 (R1.0)
From PE2 to ASBR-PE2, the destination address 1.1.1.1 is looked up against the
private network label forwarding table of AS2, and it is found that the next hop is the
loopback address of ASBR-PE2. Therefore, a layer-2 label is encapsulated. The
public network label is popped on the penultimate hop of P2, and the private network
label assigned by ASBR-PE2 is terminated on ASBR-PE2.
From ASBR-PE2 to ASBR-PE1, ASBR-PE2 looks up the label forwarding table, and
then swaps private network labels according to the incoming and outgoing labels.
Therefore, on ASBR-PE2, the private network label assigned by ASBR-PE2 is popped
and the private network label assigned by ASBR-PE1 is pushed. The next hop is the
directly-connected ASBR-PE1, so there is no need to push any public network lable.
The IP packet with a layer-1 private network label is forwarded.
From ASBR-PE1 to PE1, the destination address 1.1.1.1 is looked up against
the private network label forwarding table of AS1, and then private network label
swapping is performed according to the incoming and outgoing labels. Therefore,
on ASBR-PE1, the private network label assigned by ASBR-PE1 is popped and
the private network label assigned by PE1 is pushed. Now, the next hop obtained
from the private network label forwarding table is the loopback address of PE1.
Therefore, a layer-2 label is encapsulated. The public network label is popped on the
penultimate hop of P1, and the private network label is terminated on PE1.
From PE1 to CE1, the private network label is popped. Then the IP packete is
forwarded to CE1.
l
l
l
LSPs of the public network are connected, and LSPs of the private network are also
connected. The private network transfers private network routes and labels through
MP-EBGP.
Due to end-to-end transfer, the next hop of a private network route does not change.
Therefore, private network labels are not swapped.
In the AS of the peer side, public network route information needs to be transferred
"between PEs that only transfers public network host route information".
Data packets encapsulated and transferred between ASBRs are "public network
labels + private network labels + IP packets".
Label Iteration
To transfer desired public network route information between specified routers, BGP4+ is
used. In addition, extended BGP is used to assign public network labels for this route, so
as to ensure the continuity of the public network LSP.
As shown in Figure 3-25, the next hop of the private network route within AS2 is PE1, which
is generated by BGP LSP. The next hop of BGP LSP is ASBR-PE2, which is considered
by PE2 as a non-directly connected route of BGP. Therefore, although ASBR-PE2 assigns
3-87
SJ-20140731105308-013|2014-10-20 (R1.0)
BGP LSP public network labels for the loopback address of PE1, route iteration is needed
for the non-directly connected route to find the reachable IGP route to the next hop. In
addition, label forwarding is needed throughout the network, so IGP routes also use LDP
label forwarding. As a result, an LDP LSP label is pushed outside the BGP LSP label. This
is label iteration caused by route iteration.
Figure 3-25 Label Iteration Principles of MPLS L3VPN Crossing Several ASs (Option C)
Label Distribution
As shown in Figure 3-26, the upper part shows the route and label distribution flow, and
the lower part illustrates the data packet forwarding and encapsulating flow.
Figure 3-26 Label Distribution Principles of MPLS L3VPN Crossing Several ASs
(Option C)
The private network label distribution flow is the same as the regular L3VPN label
distribution flow. The public network label distribution flow is as follows:
3-88
SJ-20140731105308-013|2014-10-20 (R1.0)
l
l
l
l
From CE1 to ASBR-PE1 along the private network route to the destination address
1.1.1.1, the private network route is pushed to MPLS L3VPN of AS1.
The private network route is announced by PE1 to PE2. The next hop is PE1, and the
label distribution protocol is MP-EBGP. PE1 transfers the private network route and
private network label to PE2. It is required to establish a public network LSP for the
loopback address of PE1 throughout the network.
For the loopback address of PE1, public network labels on the path from PE1 to
ASBR-PE1 are assigned for each hop through LDP.
From ASBR-PE1 to ASBR-PE2, ASBR-PE1 announces the loopback address of
PE1 in Network mode through EBGP, and the next hop is changed to ASBR-PE1.
As extended BGP is used, public network labels are assigned when the route
information is announced. MP-EBGP assigns "public network route + label", and
the label is distributed to the MPLS label forwarding table. On ASBR-PE1, for the
loopback address of PE1, the outgoing label is the lDP label assigned by P1, and the
incoming label is the BGP LSP label assigned by ASBR-PE1. Hence, LDP LSP and
BGP LSP are connected on ASBR-PE1.
From ASBR to PE2, ASBR-PE2 needs to change the next hop of the loopback
address of PE1 to this router. Then, ASBR-PE2 distributes the route information to
PE2 through IBGP. Meanwhile, ASBR-PE2 assigns a BGP LSP label "inter-AS to-PE
public network route + label".
The loopback address of ASBR-PE2 is in AS2. Therefore, a label is assigned to the
loopback address of ASBR-PE2 through LDP, using the IGP route.
Data Forwarding
As shown in Figure 3-26, the data forwarding flow is as follows:
l
l
SJ-20140731105308-013|2014-10-20 (R1.0)
The subsequent forwarding process is the same as the regular L3VPN forwarding
process.
Steps
1. Configure MPLS L3VPN Crossing Several ASs.
For details, refer to the "Configuring MPLS L3VPN" section.
2. Verify the configurations.
For details, refer to the "Configuring MPLS L3VPN" section.
End of Steps
Configuration Flow
1. PE1, PE2, PE3, and PE4 all have VPN1. Set RD and RT both to 1:1.
2. Establish LDP, IGP, and MP-IBGP neighbors between PE1 and PE2 and between PE3
and PE4. Announce loopback addresses through the IGP protocol.
3-90
SJ-20140731105308-013|2014-10-20 (R1.0)
3. There is a back-to-back vrf between two ASBRs. The EBGP is established through
the vrf interface.
Configuration Command
1. Add the interconnection interface between PE1 and CE1 into VPN1. Between PE1
and CE1, EBGP is used.
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#neighbor 100.1.1.2 remote-as 65000
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit
2. Between PE1 and PE2, establish MP-IBGP respectively with Loopback1 addresses
1.2.3.4 and 2.3.4.5.
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 2.3.4.5
remote-as 100
3. Add the interconnection interface between PE4 and CE2 into VPN1. Between PE4
and CE2, EBGP is used.
PE4(config)#router bgp 200
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#neighbor 200.1.1.2 remote-as 65000
PE4(config-bgp-af-ipv4-vrf)#exit
PE4(config-bgp)#exit
3-91
SJ-20140731105308-013|2014-10-20 (R1.0)
update-source loopback1
PE4(config-bgp)#address-family vpnv4
PE4(config-bgp-af-vpnv4)#neighbor 3.4.5.6
activate
PE4(config-bgp-af-vpnv4)#exit
PE4(config-bgp)#exit
5. In address-family ipv4 vrf vpn1 mode of BGP, PE2 specifies PE3 as EBGP neighbor.
Here, the address of MPEBGP is 150.3.2.3:
PE2(config)#router bgp 100
PE2(config-bgp)#address-family ipv4 vrf vpn1
PE2(config-bgp-af-ipv4-vrf)#neighbor 150.3.2.3 remote-as 200
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit
6. Add the interconnection interface between PE3 and PE2 into VPN1.
PE3(config)#interface gei-0/1/0/2
PE3(config-if-gei-0/1/0/2)#no shutdown
PE3(config-if-gei-0/1/0/2)#ip vrf forwarding vpn1
PE3(config-if-gei-0/1/0/2)#ip address 150.3.2.3 255.255.255.0
PE3(config-if-gei-0/1/0/2)#exit
7. Add the interconnection interface between PE3 and PE2 into VPN1:
PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#ip vrf forwarding vpn1
PE2(config-if-gei-0/1/0/1)#ip address 150.3.2.2 255.255.255.0
PE2(config-if-gei-0/1/0/1)#exit
8. In address-family ipv4 vrf vpn1 mode of BGP, PE3 specifies PE2 as EBGP neighbor.
Here, the address of gei-0/1/0/ is 150.3.2.2:
PE3(config)#router bgp 200
PE3(config-bgp)#address-family ipv4 vrf vpn1
PE3(config-bgp-af-ipv4-vrf)#neighbor 150.3.2.2 remote-as 100
PE3(config-bgp-af-ipv4-vrf)#exit
PE3(config-bgp)#exit
10. In address-family ipv4 vrf vpn1 mode, PE4 announces 200.1.1.0/24 network segment
route:
PE4(config)#router bgp 200
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#network 200.1.1.0 255.255.255.0
3-92
SJ-20140731105308-013|2014-10-20 (R1.0)
11. Between PE1 and PE2, enable LDP to establish LSP. Here, the interface on PE1 used
for connecting PE2 is gei-0/1/0/1:
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1)#exit
PE1(config-ldp-1)#exit
Between PE3 and PE4, enable LDP to establish LSP. The configuration is the same
as above.
Configuration Verification
On PE1, run the show bgp vpnv4 unicast vrf-summary vpn1 command to view the
establishment of EBGP neighbor with 100.1.1.2:
PE1#show bgp vpnv4 unicast vrf-summary vpn1
Neighbor
100.1.1.2 4
Ver
As MsgRcvd MsgSend
65000
Up/Down
State/PfxRcd
00:10:00
Show the protocol route table for a private network vrf on router PE1. The results are as
follows:
PE1#show ip protocol routing vrf vpn1 network 200.1.1.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
*>
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
200.1.1.0/24
2.3.4.5
213055
213012
200
BGP-INT
On PE2, run the show bgp vpnv4 unicast neighbor 1.2.3.4 command to view the following
information:
PE2#show bgp vpnv4 unicast neighbor 1.2.3.4
BGP neighbor is 1.2.3.4, remote AS 100, internal link
BGP version 4, remote router ID 1.2.3.4
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received
New ASN capability: advertised and received
Address family IPv4 Unicast: advertised and received
3-93
SJ-20140731105308-013|2014-10-20 (R1.0)
Show the protocol route table and forwarding table of a vrf private network on router PE2.
PE2#show ip protocol routing vrf vpn1 network 200.1.1.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
*>
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
200.1.1.0/24
150.3.2.3
213012
notag
20
bgp-ext
vpn1 200.1.1.0
Gw
*> 200.1.1.0/24
Interface
150.3.2.3
gei-0/1/0/1
Owner
Pri Metric
BGP
20
On PE4, run the show bgp vpnv4 unicast vrf-summary vpn1 command to view the
establishment of EBGP neighbor with 200.1.1.2:
PE4#show ip bgp summary
Neighbor
200.1.1.2
Ver
As MsgRcvd MsgSend
65000
Up/Down
State/PfxRcd
00:15:00
On PE2, run the show bgp vpnv4 unicast neighbor 4.5.6.7 command to view the following
information:
PE2#show bgp vpnv4 unicast neighbor 4.5.6.7
BGP version 4, remote router ID 4.5.6.7
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval is 30 seconds
capabilities:
Route refresh: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Restart Capability: advertised and received
3-94
SJ-20140731105308-013|2014-10-20 (R1.0)
On PE2, run the show bgp vpnv4 unicast vrf-summary vpn1 command to view the
establishment of neighbor with 150.3.2.3 (PE3):
PE2#show ip bgp summary
Neighbor
150.3.2.3
Ver
4
As MsgRcvd MsgSend
200
Up/Down
0
00:22:35
State/PfxRcd
2
Configuration Flow
1. Configure IP addresses for the following interfaces:
l PE1 left interface: gei-0/3/0/2, PE1 right interface: gei-0/1/0/1
l PE2 left interface: gei-0/6/1/4, PE2 right interface: gei-0/1/0/1
l PE3 left interface: gei-0/1/0/2, PE3 right interface: gei-0/6/1/3
l PE4 left interface: gei-0/4/0/4, PE4 right interface: gei-0/4/0/9
2. PE1, PE2, PE3, and PE4 all have VPN1. Set RD and RT both to 1:10.
3. Establish LDP, IGP, and MP-IBGP neighbors between PE1 and PE2 and between PE3
and PE4. Announce loopback addresses the IGP protocol.
4. Establish MP-EBGP neighbor between PE2 and PE3.
Configuration Command
1. Add the interconnection interface between PE1 and CE1 into VPN1. Between PE1
and CE1, directly-connected re-distribution is used.
2. Between PE1 and PE2, establish MP-IBGP respectively with Loopback1 addresses
1.2.3.1 and 1.2.3.2.
3-95
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface gei-0/3/0/2
PE1(config-if-gei-0/3/0/2)#no shutdown
PE1(config-if-gei-0/3/0/2)#ip vrf forwarding vpn1
PE1(config-if-gei-0/3/0/2)#ip address 32.1.1.1 255.255.255.0
PE1(config-if-gei-0/3/0/2)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip address 37.64.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.2.3.1 255.255.255.255
PE1(config-if-loopback1)#exit
0.0.0.0
area 0
PE1(config-ospf-1)#exit
Configure LDP:
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1)#exit
PE1(config-ldp-1)#exit
3-96
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.2.3.2
PE2(config-ospf-1)#network 37.64.1.0 0.0.0.255 area 0
PE2(config-ospf-1)#network 1.2.3.2 0.0.0.0 area 0
PE2(config-ospf-1)#exit
Configure LDP:
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface gei-0/6/1/4
PE2(config-ldp-1-if-gei-0/6/1/4)#exit
PE2(config-ldp-1)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.2.3.1 activate
PE2(config-bgp-af-vpnv4)#neighbor 1.2.3.1 next-hop-self
/*Set the next hop to itself*/
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#no bgp default route-target filte
PE2(config-bgp)#exit
3-97
SJ-20140731105308-013|2014-10-20 (R1.0)
PE3(config)#router ospf 1
PE3(config-ospf-1)#router-id 1.2.3.3
PE3(config-ospf-1)#network 63.44.1.0 0.0.0.255 area 0
PE3(config-ospf-1)#network 1.2.3.3 0.0.0.0 area 0
PE3(config-ospf-1)#exit
PE4(config)#interface gei-0/4/0/9
PE4(config-if-gei-0/4/0/9)#no shutdown
PE4(config-if-gei-0/4/0/9)#ip vrf forwarding vpn1
PE4(config-if-gei-0/4/0/9)#ip address 44.1.1.1 255.255.255.0
PE4(config-if-gei-0/4/0/9)#exit
PE4(config)#interface gei-0/4/0/4
PE4(config-if-gei-0/4/0/4)#no shutdown
PE4(config-if-gei-0/4/0/4)#ip address 63.44. 1.2 255.255.255.0
PE4(config-if-gei-0/4/0/4)#exit
PE4(config)#interface loopback1
PE4(config-if-loopack1)#ip address 1.2.3.4 255.255.255.255
PE4(config-if-loopback1)#exit
PE4(config)#router ospf 1
PE4(config-ospf-1)#router-id 1.2.3.4
PE4(config-ospf-1)#network 63.44.1.0 0.0.0.255 area 0
PE4(config-ospf-1)#network 1.2.3.4
0.0.0.0
area 0
PE4(config-ospf-1)#exit
PE4(config-ldp-1)#router-id loopback1
PE4(config-ldp-1)#interface gei-0/4/0/4
PE4(config-ldp-1-if-gei-0/4/0/4)#exit
PE4(config-ldp-1)#exit
/*Enable MP-BGP*/
3-99
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
Check the protocol route table of a private network and the label information of a public
network on PE1:
PE1(config)#show ip protocol routing vrf vpn1
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
*>
32.1.1.0/24
32.1.1.1
213002
notag
Direct
*>
32.1.1.1/32
32.1.1.1
213001
notag
Address
*>
44.1.1 .0/24
1.2.3.2
213003
213019
200
BGP-INT
Outgoing
Prefix or
Outgoing
label
label
Tunnel Id
interface
16408
1.2.3.2/32
Next Hop
gei-0/1/0/1
37.64.1.2
M/S
On PE1, run the show bgp vpnv4 unicast neighbor 1.2.3.2 command to view the following
information:
PE1#show bgp vpnv4 unicast neighbor 1.2.3.2
BGP neighbor is 1.2.3.2, remote AS 100, internal link
BGP version 4, remote router ID 1.2.3.2
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval
is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received
New ASN capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and receivedRestart Capability:
advertised and received
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
*>
32.1.1.0/24
1.2.3.1
213020
213002
200
BGP-INT
*>
44.1.1.0/24
109.65.1.2
213019
213006
20
BGP-EXT
On PE2, run the show bgp vpnv4 unicast neighbor 1.2.3.1 command to view the following
information:
PE2#show bgp vpnv4 unicast neighbor 1.2.3.1
BGP neighbor is 1.2.3.1, remote AS 100, internal link
BGP version 4, remote router ID 1.2.3.1
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval
is 30 seconds
capabilities:
Route refresh: advertised and received
New ASN capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and receivedRestart Capability:
advertised and received
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
*>
32.1.1.0/24
109.65.1.1
213007
213020
20
BGP-EXT
*>
44.1.1.0/24
1.2.3.4
213006
213017
200
BGP-INT
On PE3, run the show bgp vpnv4 unicast neighbor 1.2.3.4 command to view the following
information:
PE3#show bgp vpnv4 unicast neighbor 1.2.3.4
BGP neighbor is 1.2.3.4, remote AS 200, internal link
3-101
SJ-20140731105308-013|2014-10-20 (R1.0)
On PE1, use the show bgp vpnv4 unicast label command to view the prefix 44.1.1.0 and
VPN outgoing label.
On PE4, run the show bgp vpnv4 unicast label command to view the prefix 44.1.1.0 and
VPN incoming label.
3.7.3.3 Configuration Instance of MPLS L3VPN Crossing Several ASs (Option C, Using
IBGP Between PE and ASBR)
Configuration Description
As shown in Figure 3-29, a customer has two sites: site 1 and site 2. They need to be
connected through VPN. However, site 1 connects AS100, and site 2 connects AS200.
Both sites provide MPLS VPN. To realize the MPLS VPN connectivity between the two
sites, we can use VPLS crossing several domains (Option C, using IBGP between PE and
ASBR).
Figure 3-29 Configuration Instance MPLS L3VPN Crossing Several ASs (Option C,
Using IBGP Between PE and ASBR)
Configuration Flow
1. Build the network according to Figure 3-29.
addresses:
Configuration Command
The configuration on PE1 is as follows:
PE1(config)#ip vrf vpn1
PE1(config-vrf-vpn1)#rd 100:1
PE1(config-vrf-vpn1)address-family ipv4
PE1(config-vrf-vpn1-af-ipv4)#route-target 100:1
PE1(config-vrf-vpn1-af-ipv4)#exit
PE1(config-vrf-vpn1)#exit
PE1(config)#interface gei-0/2/0/1
PE1(config-if-gei-0/2/0/1)#no shutdown
PE1(config-if-gei-0/2/0/1)#ip vrf forwarding vpn1
PE1(config-if-gei-0/2/0/1)#ip address 20.1.1.1 255.255.255.0
PE1(config-if-gei-0/2/0/1)#exit
PE1(config)#interface loopback10
PE1(config-if-loopback10)#ip address 100.1.5.1
255.255.255.255
PE1(config-if-loopback10)#exit
PE1(config)#router ospf 10
PE1(config-ospf-10)#router-id 100.1.5.1
PE1(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE1(config-ospf-10)#exit
PE2(config)#router ospf 10
PE2(config-ospf-10)#router-id 100.1.5.2
PE2(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE2(config-ospf-10)#exit
PE2(config)#ipv4-access-list zte
PE2(config-ipv4-acl)#rule 1 permit 100.1.5.1 0.0.0.0
PE2(config-ipv4-acl)#exit
PE2(config)#route-map zte
3-104
SJ-20140731105308-013|2014-10-20 (R1.0)
255.255.255.255
PE3(config-if-loopback10)#exit
PE3(config)#router ospf 10
PE3(config-ospf-10)#router-id 100.1.5.3
PE3(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE3(config-ospf-10)#exit
PE3(config)#ipv4-access-list zte
PE3(config-ipv4-acl)#rule 1 permit 100.1.5.4 0.0.0.0
PE3(config-ipv4-acl)#exit
PE3(config)#route-map zte
PE3(config-route-map)#match ip address zte
PE3(config-route-map)#set mpls-label
PE3(config-route-map)#exit
3-105
SJ-20140731105308-013|2014-10-20 (R1.0)
PE4(config)#interface gei-0/2/0/2
PE4(config-if-gei-0/2/0/2)#no shutdown
PE4(config-if-gei-0/2/0/2)#ip vrf forwarding vpn1
PE4(config-if-gei-0/2/0/2)#ip address 30.1.1.1 255.255.255.0
PE4(config-if-gei-0/2/0/2)#exit
PE4(config)#interface loopback10
PE4(config-if-loopback10)#ip address 100.1.5.4
255.255.255.255
PE4(config-if-loopback10)#exit
PE4(config)#router ospf 10
PE4(config-ospf-10)#router-id 100.1.5.4
PE4(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE4(config-ospf-10)#exit
3-106
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verifications
On PE1, run the show bgp vpnv4 unicast summary command to check the VPNv4 neighbour
between router PE1 and router PE4.
PE1(config)#show bgp vpnv4 unicast summary
Neighbor
Ver
As
MsgRcvd
MsgSend
Up/Down
100.1.5.4
200
48
47
00:23:27
State/PfxRcd
2
Outgoing
Prefix or
Outgoing
label
label
Tunnel Id
interface
16389
100.1.5.2/32
gei-0/1/0/1
Next Hop
M/S
100.1.12.2
Next Hop
In Label/Out Label
100.1.5.1/32
100.1.5.2
notag/notag
100.1.5.2/32
100.1.5.2
213006/213024
100.1.5.3/32
100.1.5.2
213007/213025
100.1.5.4/32
100.1.5.2
notag/notag
On PE1, run the show bgp vpnv4 unicast label command to check the information with the
prefix 20.1.1.0/30.1.1.0.
PE1(config)#show bgp vpnv4 unicast labels
Network
Next Hop
In Label/Out Label
20.1.1.1
213003/notag
30.1.1.0/24
100.1.5.4
213008/213013
On PE4, run the show bgp vpnv4 unicast label command to check the information with the
prefix 20.1.1.0/30.1.1.0.
PE4#show bgp vpnv4 unicast labels
Network
Next Hop
In Label/Out Label
3-107
SJ-20140731105308-013|2014-10-20 (R1.0)
1.1.1.64
213018/213003
30.1.1.0/24
31.1.1.1
213013/notag
3.7.3.4 Configuration Instance of MPLS L3VPN Crossing Several ASs (Option C, Using
IGP Between PE and ASBR)
Configuration Description
As shown in Figure 3-30, a customer has two sites: site 1 and site 2. They need to be
connected through VPN. However, site 1 connects AS100, and site 2 connects AS200.
Both sites provide MPLS VPN. To realize the MPLS VPN connectivity between the two
sites, we can use MPLS L3VPN crossing several ASs (Option C, using IGP between PE
and ASBR). This is the simplest way to realize inter-AS VPN.
Figure 3-30 Configuration Instance MPLS L3VPN Crossing Several ASs (Option C,
Using IGP Between PE and ASBR)
Configuration Flow
1. Build the network according to Figure 3-30.
addresses:
Configuration Command
For the configuration of OSPF and LDP between PEs, refer to section "Configuring MPLS
L3VPN Public Network LDP Load Sharing".
The configuration on PE1 is as follows:
PE1(config)#ip vrf vpn1
PE1(config-vrf-vpn1)#rd 100:1
PE1(config-vrf-vpn1)address-family ipv4
PE1(config-vrf-vpn1-af-ipv4)#route-target 100:1
PE1(config-vrf-vpn1-af-ipv4)#exit
PE1(config-vrf-vpn1)#exit
PE1(config)#interface gei-0/2/0/1
PE1(config-if-gei-0/2/0/1)#no shutdown
PE1(config-if-gei-0/2/0/1)#ip vrf forwarding vpn1
PE1(config-if-gei-0/2/0/1)#ip address 20.1.1.1 255.255.255.0
PE1(config-if-gei-0/2/0/1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 100.1.5.1
255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#router ospf 10
PE1(config-ospf-10)#router-id 100.1.5.1
PE1(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE1(config-ospf-10)#exit
Establish MPEBGP neighbor between PE1 and PE4 to announce the VPNv4 route. In
addition, do not activate the IPv4 neighbor.
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 100.1.5.4 remote-as 200
PE1(config-bgp)#no neighbor 100.1.5.4 activate
PE1(config-bgp)#neighbor 100.1.5.4 update-source loopback1
PE1(config-bgp)#neighbor 100.1.5.4 ebgp-multihop
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
3-109
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 100.1.5.2
255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#router ospf 10
PE2(config-ospf-10)#router-id 100.1.5.2
PE2(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE2(config-ospf-10)#redistribute bgp-ext
PE2(config-ospf-10)#exit
3-110
SJ-20140731105308-013|2014-10-20 (R1.0)
255.255.255.255
PE3(config-if-loopback1)#exit
PE3(config)#router ospf 10
PE3(config-ospf-10)#router-id 100.1.5.3
PE3(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE3(config-ospf-10)#redistribute bgp-ext
PE3(config-ospf-10)#exit
PE3(config)#ipv4-access-list zte
PE3(config-ipv4-acl)#rule 1 permit 100.1.5.4 0.0.0.0
PE3(config-ipv4-acl)#exit
PE3(config)#route-map zte
PE3(config-route-map)#match ip address zte
PE3(config-route-map)#set mpls-label
PE3(config-route-map)#exit
PE4(config)#interface loopback1
PE4(config-if-loopback1)#ip address 100.1.5.4
255.255.255.255
PE4(config-if-loopback1)#exit
3-111
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
On PE1, run the show bgp vpnv4 unicast summary command to check the VPNv4 neighbor
between router PE1 and router PE4.
PE1#show bgp vpnv4 unicast summary
Neighbor
Ver
As
MsgRcvd
100.1.5.4
200
MsgSend
18
Up/Down
State/PfxRcd
00:03:24
*>
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
30.1.1.0/24
100.1.5.4
214007
213011
20
BGP-EXT
Outgoing
Prefix or
Outgoing
label
label
Tunnel Id
interface
16396
16389
100.1.5.4/32
gei-0/1/0/1
Next Hop
M/S
100.1.12.2
Next Hop
M/S
100.1.23.3
Next Hop
M/S
Outgoing
Prefix or
Outgoing
label
label
Tunnel Id
interface
16389
Untagged
100.1.5.4/32
gei-0/1/0/3
Next Hop
In Label/Out Label
100.1.5.1/32
100.1.12.1
notag/notag
100.1.5.2/32
100.1.5.2
100.1.5.4/32
100.1.23.3
213005/213072
100.1.5.3/32
100.1.23.3
213006/213076
notag/notag
Outgoing
Prefix or
Outgoing
label
label
Tunnel Id
interface
16446
Poptag
100.1.5.4/32
gei-0/1/0/5
100.1.34.4
Per prefix
It means that a private network label is assigned to each prefix.
Per VRF
It means that all the prefixes belonging to the same VRF can use one private
network label. In addition, configuration commands can be used to specify the label
assignment mode for one VRF or for all VRFs at a time.
A PE router saves all VPN routes, including local VPN routes and those received from
remote devices. In addition, each route's prefix carries a private network label, which
consumes some memory. If labels are assigned in per-prefix mode, a lot memory may be
consumed by the prefixes when there are numerous VRFs and routes on PE.
To solve this problem, the per-VRF label feature is introduced. The per-VRF label feature
allows all the local routes under the same VRF to use the same private network label. This
new label is used to decide to which interface of PE or CE a packet is to be forwarded.
3-113
SJ-20140731105308-013|2014-10-20 (R1.0)
It should be noted that the carrier supporting carrier (CSC) feature must be enabled before
using the per-VRF label feature.
Steps
1. Configure label distribution per VRF for MPLS L3VPN.
Command
Function
| per-vrf}
labels.
Function
[<vrf-name>]
instance.
vrf <vrf-name>
routing table.
End of Steps
3-114
SJ-20140731105308-013|2014-10-20 (R1.0)
Figure 3-31 Network Structure of VPN Per Label for MPLS L3VPN Configuration
Example
Configuration Flow
1. As shown in Figure 3-31, establish L3VPN for PE1 and PE2.
2. On the access interface between CE1 and PE1, create IS-IS neighbor, and announce
1000 IS-IS routes.
3. Under vrf zte of PE1, configure the VPN per label feature.
Configuration Command
For the configuration of IS-IS and LDP between PEs, refer to section "Configuring MPLS
L3VPN Public Network LDP Load Sharing".
The configuration on PE1 is as follows:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 100.1.1.2 255.255.255.255
PE1(config-if-loopback1)#exit
3-115
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface gei-0/3/0/4
PE1(config-if-gei-0/3/0/4)#no shutdown
PE1(config-if-gei-0/3/0/4)#ip vrf
forwarding zte
update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 100.1.1.2 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#address-family ipv4 vrf zte
PE2(config-bgp-af-ipv4-vrf)#redistribute connect
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit
PE2(config)#interface gei-0/5/0/3
3-116
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
The verification on PE1 is as follows:
PE1(config)#show ip protocol routing vrf zte
/*PE1 assigns a label "212994" only for these 1000 private network routes*/
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
*>
80.80.80.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.81.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.82.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.83.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.84.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.85.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.86.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.87.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.88.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.89.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.90.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.91.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.92.0/24
192.1.1.2
212994
notag
115
ISIS-L2
*>
80.80.93.0/24
192.1.1.2
212994
notag
115
ISIS-L2
......
l
l
Enabling the GR function and LDP-GR function on the routing protocol used for an
LDP Router-ID
Enabling the GR function and BGP-GR function on the routing protocol used for an
MPBGP link address
An LDP Router-ID can use IS-IS or OSPF for advertisement, so the GR function must be
enabled for the IS-IS or OSPF protocol. It must also be enabled for the LDP protocol.
MPBGP uses an LDP Router-ID as the link address, so its GR function is enabled during
the LDP-GR configuration. In addition, the BGP-GR function needs to be configured.
Steps
1. Configure IS-IS GR.
a. Enable the IS-IS GR function.
Step
Command
Function
ZXR10(config-isis-id)#restart enable
function.
Function
ZXR10(config-isis-id)#restart t2-timer
<t2-interval>[level-1 | level-2]
| manual <t3-interval>}
ZXR10(config-isis-id-if-interface)#hello-mult
ZXR10(config-isis-id-if-interface)#restart
3-118
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
ZXR10(config-isis-id-if-interface)#restart
Command
Function
ZXR10(config)#router ospf<process-id>
ZXR10(config-ospf-id)#nsf
Function
ZXR10(config-ospf-id)#grace-period <time>
ZXR10(config-ospf-id-if-interface)#dead-inte
rval <time>
is long.
Command
Function
ZXR10(config)#router bgp<as-number>
ZXR10(config-bgp)#bgp graceful-restart
Command
Function
ZXR10(config-bgp)#bgp graceful-restart
restart-time <time>
ZXR10(config-bgp)#bgp graceful-restart
stalepath-time <time>
Command
Function
ZXR10(config)#graceful-restart
Function
ZXR10(config)#graceful-restart timers
neighbor-liveness <time>
<time>
Function
<instance-id>
information.
Command
Function
End of Steps
Configuration Flow
1. Establish an L3VPN environment between PE1 and PE2 through OSPF.
2. Establish OSPF neighbor relationships between CE1 and PE1, and between CE2 and
PE2.
3. Enable OSPF GR on CE1 and CE2, enable OSPF GR, LDP GR, and BGP GR on PE1
and PE2, and enable OSPF GR and LDP GR on P.
Configuration Commands
For the OSPF, LDP, and BGP configurations between PEs, refer to the MPLS L3VPN
Basic Function Configuration section.
Configure GR on CE1 as follows:
CE1(config)#router ospf 2
CE1(config-ospf-2)#nsf
3-121
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#router bgp 1
PE1(config-bgp)#bgp graceful-restart
PE1(config-bgp)#exit
Configure GR on P as follows:
P(config)#router ospf 1
P(config-ospf-1)#nsf
P(config-ospf-1)#exit
PE2(config)#router bgp 1
PE2(config-bgp)#bgp graceful-restart
PE2(config-bgp)#exit
Configuration Verification
Check the PE1 configuration as follows:
R1(config-ldp)#show bgp all summary
Neighbor
Ver
As
MsgRcvd
1.1.1.2
681
MsgSend
680
Up/Down
State
05:40:18
Established
Gw
Interface
Owner
Pri Metric
*> 10.11.1.2/24
1.1.1.2
gei-0/1/0/3
BGP
200 0
*> 10.11.2.2/24
1.1.1.2
gei-0/1/0/3
BGP
200 0
*> 10.11.3.2/24
1.1.1.2
gei-0/1/0/3
BGP
200 0
*> 10.11.4.2/24
1.1.1.2
gei-0/1/0/3
BGP
200 0
2.1.1.1
2.1.1.3
2.1.1.4
104.110.111.2
3-123
SJ-20140731105308-013|2014-10-20 (R1.0)
3-124
SJ-20140731105308-013|2014-10-20 (R1.0)
The PE devices that are directly connected to CE devices are called Underlayer PE
or User-end PE (UPE).
The PE devices that are connected to UPE are called Superstratum PE or Service
provider-end PE (SPE).
Multiple UPE devices and one SPE device make up the layered PE architecture and
provide the functions of one traditional PE device. For the HoPE architecture, see Figure
3-33.
3-125
SJ-20140731105308-013|2014-10-20 (R1.0)
UPE is used for user access to the MPLS network. It maintains only the routes of the
VPN sites that are directly connected to it, and does not maintain the specific routes of
remote VPN sites. UPE distributes VPN labels to the routes of the directly-connected
VPN sites, and advertises the VPN labels to SPE together with the VPN routes through
MPBGP.
SPE maintains and spreads VPN routes. It maintains the routes of all the VPNs
attached to the SPE or the UPEs connected to the SPE, including the routes of local
and remote sites. SPE advertises the default routes to UPE together with MPLS
labels.
The functions of SPE and UPE depend on their features. SPE has a large routing table
(thus providing a high forwarding capability) but with a small number of interfaces. UPE
has a low routing and forwarding capability, but provides a high access capability through
a large number of UPE devices. HoPE leverages the high forwarding capability of SPE
and high access capability of UPE.
UPE and SPE are relative terms. In a multilevel HoPE architecture, a higher-layer PE can
be defined as an SPE, and a lower-layer PE can be defined as a UPE.
Layered PE and traditional PE can coexist in an MPLS network.
The MPBGP protocol used between SPE and UPE can be MPIBGP or MPEBGP,
depending on whether SPE and UPE are in the same AS.
Single-level HoPE
Figure 3-34 shows the typical network architecture of a single-level HoPE application.
3-126
SJ-20140731105308-013|2014-10-20 (R1.0)
In Figure 3-34, the left part shows a traditional flat network structure, where an MPLS
backbone network is used to provide the MPLS L3VPN service. PE of a backbone
network is located in a central city, and CE devices converge at the PE node. The right
part shows a HoPE architecture, where UPE nodes are deployed in common cities
to make up a layered structure. Nearby VPN users can access an MPLS backbone
network through UPE easily, and thus the network coverage is expanded.
l
Multilevel HoPE
Figure 3-35 shows a typical network architecture of a multilevel HoPE application.
Figure 3-35 Network Architecture of a Multilevel HoPE Application
In Figure 3-35, an MPE is the SPE for the county-level UPE, and is also the UPE for the
province-level SPE. SPE advertises default routes to MPE, and MPE advertises the
3-127
SJ-20140731105308-013|2014-10-20 (R1.0)
default routes to UPE. UPE maintains only the local routes and default routes, and
MPE maintains only the specific routes, local routes, and default routes of multiple
UPE devices attached to the MPE.
Prerequisite
VRF instances are configured.
Steps
1. Configure MPLS L3VPN HoPE.
Step
Command
Function
ZXR10(config-bgp)#address-family vpnv4
ZXR10(config-bgp-af-vpnv4)#neighbor
| vrf <vrf-name>]
ZXR10(config-bgp-af-vpnv4)#neighbor
{<ipv4-address>|<peer-group-name>} virtual-spoke
[reflect-next-hop-self]
(spoke-PE).
After a neighbor or neighbor peer group is set to UPE (spoke-PE), VPN routes from
the UPE will be automatically reflected to non-UPE devices.
2. Verify the configurations.
Command
Function
h}]]|[<Protocol name>]}
ZXR10#show ip protocol routing vrf <vrf-name>
3-128
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
>:<0-4294967295>|<1-65535>.<0-65535>:<0-65535>|
A.B.C.D:<0-65535>}<ipv4-address><ipv4-mask>
Displays BGP route updates.
End of Steps
Configuration Flow
1.
2.
3.
4.
Configuration Commands
For the OSPF and LDP configurations between PEs, refer to the MPLS L3VPN Basic
Function Configuration section.
Configure UPE1 as follows:
UPE1(config)#ip vrf hpe
UPE1(config-vrf-hpe)#rd 4:4
UPE1(config-vrf-hpe)#address-family ipv4
UPE1(config-vrf-hpe-af-ipv4)#route-target 4:4
UPE1(config-vrf-hpe-af-ipv4)#exit
3-129
SJ-20140731105308-013|2014-10-20 (R1.0)
UPE1(config)#vlan-configuration
UPE1(config-vlan)#interface gei-0/0/1/3.1
UPE1(config-vlan-if-gei-0/0/1/3.1)#encapsulation-dot1q 1
UPE1(config-vlan-if-gei-0/0/1/3.1)#exit
UPE1(config-vlan)#exit
SPE1(config)#interface gei-0/0/1/1.100
SPE1(config-if-gei-0/0/1/1.100)#ip vrf forwarding hpe
SPE1(config-if-gei-0/0/1/1.100)#ip address 51.0.1.1 255.255.255.0
SPE1(config-if-gei-0/0/1/1.100)#exit
SPE1(config)#vlan-configuration
SPE1(config-vlan)#interface gei-0/0/1/1.100
SPE1(config-vlan-if-gei-0/0/1/1.100)#encapsulation-dot1q 100
SPE1(config-vlan-if-gei-0/0/1/1.100)#exit
SPE1(config-vlan)#exit
3-130
SJ-20140731105308-013|2014-10-20 (R1.0)
SPE2(config)#interface gei-0/4/0/7.1
SPE2(config-if-gei-0/4/0/7.1)#ip vrf forwarding hpe
SPE2(config-if-gei-0/4/0/7.1)#ip address 52.0.1.1 255.255.255.0
SPE2(config-if-gei-0/4/0/7.1)#exit
SPE2(config)#vlan-configuration
SPE2(config-vlan)#interface gei-0/4/0/7.1
SPE2(config-vlan-if-gei-0/4/0/7.1)#encapsulation-dot1q 1
SPE2(config-vlan-if-gei-0/4/0/7.1)#exit
SPE2(config-vlan)#exit
3-131
SJ-20140731105308-013|2014-10-20 (R1.0)
UPE2(config)#interface gei-0/2/0/11.1
UPE2(config-if-gei-0/2/0/11.1)#ip vrf forwarding hpe
UPE2(config-if-gei-0/2/0/11.1)#ip address 53.0.1.1 255.255.255.0
UPE2(config-if-gei-0/2/0/11.1)#exit
UPE2(config)#vlan-configuration
UPE2(config-vlan)#interface gei-0/2/0/11.1
UPE2(config-vlan-if-gei-0/2/0/11.1)#encapsulation-dot1q 1
UPE2(config-vlan-if-gei-0/2/0/11.1)#exit
UPE2(config-vlan)#exit
Configuration Verification
Check the UPE1 configuration result as follows:
3-132
SJ-20140731105308-013|2014-10-20 (R1.0)
Gw
Interface
Owner
Pri Metric
*> 0.0.0.0/0
11.11.11.51
smartgroup60
BGP
200 0
*> 37.0.1.0/24
37.0.1.1
gei-0/0/1/3.1
Direct
*> 37.0.1.1/32
37.0.1.1
gei-0/0/1/3.1
Address
Ver
As
MsgRcvd
MsgSend
Up/Down
11.11.11.51
200
16
00:04:27
State/PfxRcd
1
157472
notag
3-133
SJ-20140731105308-013|2014-10-20 (R1.0)
213005
Gw
Interface
Owner
Pri Met
*> 37.0.1.0/24
11.11.11.37
smartgroup60
BGP
200 0
*> 51.0.1.0/24
51.0.1.1
gei-0/0/1/1.100
Direct
*> 51.0.1.1/32
51.0.1.1
gei-0/0/1/1.100
Address
*> 52.0.1.0/24
11.11.11.52
gei-0/3/1/3
BGP
20
3-134
SJ-20140731105308-013|2014-10-20 (R1.0)
11.11.11.52
gei-0/3/1/3
BGP
20
Ver
As
MsgRcvd
MsgSend
Up/Down
State/PfxRcd
11.11.11.37
200
19
13
00:05:34
11.11.11.52
65002
14
26
00:05:34
157472
213005
157625
3-135
SJ-20140731105308-013|2014-10-20 (R1.0)
notag
157528
213013
213129
3-136
SJ-20140731105308-013|2014-10-20 (R1.0)
Gw
Interface
Owner
Pri Metric
*> 37.0.1.0/24
11.11.11.51
gei-0/4/0/4
BGP
20
*> 51.0.1.0/24
11.11.11.51
gei-0/4/0/4
BGP
20
*> 52.0.1.0/24
52.0.1.1
gei-0/4/0/3.1
Direct
*> 52.0.1.1/32
52.0.1.1
gei-0/4/0/3.1
Address
*> 53.0.1.0/24
11.11.11.53
smartgroup44.100
BGP
200 0
Ver
As
MsgRcvd
MsgSend
Up/Down
State/PfxRcd
11.11.11.51
200
35
28
00:10:11
22
11.11.11.53
200
391
330
02:41:48
113
212993
3-137
SJ-20140731105308-013|2014-10-20 (R1.0)
157625
157528
notag
213013
120025
3-138
SJ-20140731105308-013|2014-10-20 (R1.0)
213129
Gw
Interface
Owner
Pri Metric
*> 0.0.0.0/0
11.11.11.52
smartgroup44.100
BGP
200 0
*> 5.5.5.53/32
5.5.5.53
loopback55
Address
*> 53.0.1.0/24
53.0.1.1
gei-0/2/0/11.1
Direct
*> 53.0.1.1/32
53.0.1.1
gei-0/2/0/11.1
Address
3-139
SJ-20140731105308-013|2014-10-20 (R1.0)
Ver
As
MsgRcvd
MsgSend
Up/Down
11.11.11.52
200
337
398
02:45:00
State/PfxRcd
2
212993
notag
120025
3-140
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1.
2.
3.
4.
3-141
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Commands
For the OSPF, LDP, and VRF configurations between PEs, refer to the MPLS L3VPN
Basic Function Configuration section.
Configure MPE in BGP vpnv4 address family configuration mode as follows:
MPE(config-bgp-af)#neighbor 11.11.11.37 active
MPE(config-bgp-af)#neighbor 11.11.11.37 default-originate vrf hpe
MPE(config-bgp-af)#neighbor 11.11.11.37 virtual-spoke reflect-next-hop-self
MPE(config-bgp-af)#neighbor 11.11.11.37 route-reflector-client
MPE(config-bgp-af)#neighbor 11.11.11.47 active
Configuration Verification
Check the UPE1 configuration result as follows:
UPE1#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table. UPE maintains only the local routes and
default routes. The default next hop is SPE2.
The default routes are reflected by RR, where the next hop information is not changed.*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Gw
Interface
Owner
Pri Metric
*> 0.0.0.0/0
Dest
11.11.11.47
smartgroup60
BGP
200 0
*> 37.0.1.0/24
37.0.1.1
gei-0/1/0/1.1
Direct
*> 37.0.1.1/32
37.0.1.1
gei-0/1/0/1.1
Address
Ver
As
MsgRcvd
MsgSend
Up/Down
11.11.11.51
200
518
527
04:17:30
State/PfxRcd
1
3-142
SJ-20140731105308-013|2014-10-20 (R1.0)
950819
Interface
Owner
Pri Metric
*> 0.0.0.0/0
Dest
11.11.11.47
gei-0/4/1/1
BGP
200 0
*> 37.0.1.0/24
11.11.11.37
smartgroup60
BGP
200 0
*> 51.0.1.0/24
51.0.1.1
gei-0/0/1/1.100
Direct
3-143
SJ-20140731105308-013|2014-10-20 (R1.0)
51.0.1.1
gei-0/0/1/1.100
Address
Ver
As
MsgRcvd
MsgSend
Up/Down
State/PfxRcd
11.11.11.37
200
528
521
04:18:27
11.11.11.47
200
12
00:01:12
950819
950819
213005
3-144
SJ-20140731105308-013|2014-10-20 (R1.0)
157621
notag
157528
3-145
SJ-20140731105308-013|2014-10-20 (R1.0)
Gw
Interface
Owner
Pri Metric
*> 32.0.1.0/24
11.11.11.32
gei-0/7/0/12
BGP
200
*> 32.0.1.1/32
11.11.11.32
gei-0/7/0/12
BGP
200
*> 37.0.1.0/24
11.11.11.51
gei-0/2/0/14
BGP
100 0
*> 47.0.1.0/24
47.0.1.1
gei-0/2/0/48.1
Direct
*> 47.0.1.1/32
47.0.1.1
gei-0/2/0/48.1
Address
*> 51.0.1.0/24
11.11.11.51
gei-0/2/0/14
BGP
100 0
Ver
As
MsgRcvd
MsgSend
Up/Down
State/PfxRcd
11.11.11.32
200
149
179
01:05:54
10
11.11.11.51
200
14
00:02:23
950819
3-146
SJ-20140731105308-013|2014-10-20 (R1.0)
157621
951026
157528
951060
217113
3-147
SJ-20140731105308-013|2014-10-20 (R1.0)
Gw
Interface
Owner
Pri Metric
*> 32.0.1.0/24
32.0.1.1
gei-0/2/0/12.1
Direct
*> 32.0.1.1/32
32.0.1.1
gei-0/2/0/12.1
Address
*> 37.0.1.0/24
11.11.11.47
gei-0/0/0/12
BGP
20
*> 47.0.1.0/24
11.11.11.47
gei-0/0/0/12
BGP
20
*> 51.0.1.0/24
11.11.11.47
gei-0/0/0/12
BGP
20
Ver
As
MsgRcvd
MsgSend
Up/Down
11.11.11.47
200
182
152
01:07:11
State/PfxRcd
28
3-148
SJ-20140731105308-013|2014-10-20 (R1.0)
951026
951060
950829
notag
217113
3-149
SJ-20140731105308-013|2014-10-20 (R1.0)
Accelerating the route advertisement to neighbors while reducing the CPU usage
If the BGP update group function is not used, a route update packet needs to
be constructed for each neighbor, which consumes much time during the packet
forwarding process.
3-150
SJ-20140731105308-013|2014-10-20 (R1.0)
If the BGP update group function is used, a route update packet needs to be
constructed for each update group instead of each neighbor. The same route update
packet can be used for neighbors in an update group. If an update group has a large
number of neighbors, the packet forwarding performance would be largely improved.
Context
The BGP update group function is enabled by default.
Steps
1. Configure BGP update group.
Step
Command
Function
ZXR10(config-bgp)#neighbor {<ipv4-address>|<ipv6-add
ress>|<peer-group-name>} split-update-group
Function
ess>|<index>]
pv6-address>|<index>]
update-group [<ipv4-address>|<ipv6-address>|<index>]
<vrf-name>][<ipv4-address>|<ipv6-address>|<index>]
3-151
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
<vrf-name>][<ipv4-address>|<ipv6-address>|<index>]
[<ipv4-address>|<ipv6-address>|<index>]
[<ipv4-address>|<ipv6-address>|<index>]
Function
ess>|<index>]
update-group [<ipv4-address>|<ipv6-address>|<index>]
[<ipv4-address>|<ipv6-address>|<index>]
[<ipv4-address>|<ipv6-address>|<index>]
[<ipv4-address>|<ipv6-address>|<index>]
[<ipv4-address>|<ipv6-address>|<index>]
[<ipv4-address>|<ipv6-address>|<index>]
3-152
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
[<ipv4-address>|<ipv6-address>|<index>]
[<ipv4-address>|<ipv6-address>|<index>]
End of Steps
Configuration Flow
1. Establish a BGP neighbor relationship between R1 and R2 through the gei-0/1/0/1
interfaces.
2. Establish new neighbor relationships through the gei-0/1/0/1 and gei-0/1/0/2 interfaces
of R1 and R2.
3. To enable a new neighbor relationship to be in an exclusive update group, run the
split-update-group command.
Configuration Commands
1. Establish a BGP neighbor relationship between R1 and R2 through the gei-0/1/0/1
interfaces.
Configure R1 as follows:
R1(config)#router bgp 65530
R1(config-bgp)#neighbor 10.1.1.3 remote-as 1
R1(config-bgp)#exit
Configure R2 as follows:
R2(config)#router bgp 1
R2(config-bgp)#neighbor 10.1.1.1
remote-as 65530
3-153
SJ-20140731105308-013|2014-10-20 (R1.0)
Run the show ip bgp summary command on R1. The BGP neighbor relationship is
established.
R1(config-bgp)#show ip bgp summary
Neighbor
Ver
As
MsgRcvd
MsgSend
Up/Down
10.1.1.3
00:08:22
State/PfxRcd
1
Run the show ip bgp update-group command on R1. An update group is established,
and the neighbor is added into the BGP update group.
R1(config-bgp)#show ip bgp update-group
Index: 1
Number of static caches: 10 use 0
Has 1 members:
Normal peer:
10.1.1.3
2. Establish a BGP neighbor relationship between R1 and R2 through the gei-0/1/0/1 and
gei-0/1/0/2 interfaces.
Configure R1 as follows:
R1(config)#router bgp 65530
R1(config-bgp)#neighbor 10.1.1.3 remote-as 1
R1(config-bgp)#neighbor 20.1.1.3 remote-as 1
R1(config-bgp)#exit
Configure R2 as follows:
R2(config)#router bgp 1
R2(config-bgp)#neighbor 10.1.1.1 remote-as 65530
R2(config-bgp)#neighbor 20.1.1.1 remote-as 65530
R2(config-bgp)#exit
Run the show ip bgp summary command on R1. The BGP neighbor relationship is
established.
R1(config-bgp)#show ip bgp summary
Neighbor
Ver
As
MsgRcvd
MsgSend
Up/Down
10.1.1.3
00:04:55
State/PfxRcd
1
20.1.1.3
00:01:59
Run the show ip bgp update-group command on R1. The neighbor 20.1.1.3 is added
into the BGP update group.
R1(config-bgp)#show ip bgp update-group
Index: 1
Number of static caches: 10 use 0
Has 2 members:
Normal peer:
10.1.1.3
20.1.1.3
3-154
SJ-20140731105308-013|2014-10-20 (R1.0)
Configure R2 as follows:
R2(config)#router bgp 1
R2(config-bgp)#neighbor 10.1.1.1 remote-as 65530
R2(config-bgp)#neighbor 20.1.1.1 remote-as 65530
R2(config-bgp)#neighbor 10.1.1.1 activate
R2(config-bgp)#neighbor 20.1.1.1 activate
R2(config-bgp)#exit
After the neighbor relationship output policies are modified, verify on R1 that the BGP
neighbor relationships are normal.
R1(config-bgp)#show ip bgp summary
Neighbor
Ver
As
MsgRcvd
MsgSend
Up/Down
State/PfxRcd
10.1.1.3
00:28:45
20.1.1.3
00:25:49
Run the show ip bgp update-group command on R1. The devices with the IP addresses
10.1.1.3 and 20.1.1.3 are in different BGP update groups.
R1(config-bgp)#show ip bgp update-group
Index: 1
Number of static caches: 10 use 0
Has 1 members:
Normal peer: 20.1.1.3
Index: 2
Number of static caches: 10 use 0
Has 1 members:
Normal peer:
10.1.1.3
Run the no neighbor 20.1.1.3 split-update-group command on R1, and then run the
show ip bgp update-group command. The devices with the IP addresses 10.1.1.3 and
20.1.1.3 are in the same BGP update group.
R1(config-bgp)#show ip bgp update-group
Index: 1
3-155
SJ-20140731105308-013|2014-10-20 (R1.0)
20.1.1.3
Specifying a TE tunnel
Specifying a preferred TE tunnel
Selecting a TE tunnel or LDP tunnel by iterative routing
Selecting a TE tunnel or LDP tunnel based on priorities
Steps
1. Create a tunnel policy.
Command
Function
ZXR10(config)#tunnel-policy {<policy-name>}
3-156
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-tunnel-policy-policy-name)#tunnel
ZXR10(config-tunnel-policy-policy-name)#tunnel
ZXR10(config-tunnel-policy-policy-name)#tunnel
Function
End of Steps
Example
Run the following commands to create the tunnel policy zte_1:
ZXR10(config)#tunnel-policy zte_1
ZXR10(config-tunnel-policy-zte_1)#exit
Run the following commands to set the type of the tunnel policy zte_1 to tunnel preferring,
set the egress interface of the preferred tunnel to te_tunnel1, and disable the fallback
function:
3-157
SJ-20140731105308-013|2014-10-20 (R1.0)
Run the following commands to set the type of the tunnel policy zte_2 to tunnel preferring,
and set the egress interface of the preferred tunnel to te_tunnel1 (the fallback function is
enabled by default):
ZXR10(config)#tunnel-policy zte_2
ZXR10(config-tunnel-policy-zte_2)#tunnel preferring mpls-te te_tunnel1
ZXR10(config-tunnel-policy-zte_2)#exit
Run the following commands to set the type of the tunnel policy zte_4 to automatic:
ZXR10(config)#tunnel-policy zte_4
ZXR10(config-tunnel-policy-zte_4)#tunnel selecting auto
ZXR10(config-tunnel-policy-zte_4)#exit
Run the following commands to set the type of the tunnel policy zte_5 to tunnel specifying,
and set the tunnel egress interface to te_tunnel1:
ZXR10(config)#tunnel-policy zte_5
ZXR10(config-tunnel-policy-zte_5)#tunnel selecting mpls-te te_tunnel1
ZXR10(config-tunnel-policy-zte_5)#exit
Run the following commands to set the LSP selecting sequence of the tunnel policy zte_1
to LDP preferred:
ZXR10(config)#tunnel-policy zte_1
ZXR10(config-tunnel-policy-zte_1)#tunnel select-seq ldp-lsp te-lsp
ZXR10(config-tunnel-policy-zte_1)#exit
3-158
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure IP addresses and loopback addresses of interfaces. Establish an OSPF
neighbor relationship between PE1 and PE2 through the gei-0/0/1/9 interfaces, and
establish an LDP neighbor relationship through the directly connected interfaces.
2. Configure a BGP VPNv4 neighbor relationship between PE1 and PE2.
3. Bind the loopback interfaces of PE1 and PE2 to a VRF respectively, and redistributes
the directly connected routes to the VRF to BGP.
4. Set the tunnel policy so that LDP tunnels are preferred. Set exterior tunnels as static
TE tunnels.
Configuration Commands
Configure PE1 as follows:
PE1(config)#interface gei-0/0/1/9
PE1(config-if-gei-0/0/1/9)#ip address 190.1.1.1 255.255.255.0
PE1(config-if-gei-0/0/1/9)#no shutdown
PE1(config-if-gei-0/0/1/9)#exit
PE1(config)#interface loopback11
PE1(config-if-loopback11)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback11)#exit
PE1(config)#router ospf 11
PE1(config-ospf-11)#network 190.1.1.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-11)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-11)#router-id 190.1.1.1
PE1(config-ospf-11)#exit
PE1(config)#tunnel-policy abc
PE1(config-tunnel-policy-abc)#tunnel select-seq ldp-lsp te-lsp
PE1(config-tunnel-policy-abc)#exit
3-159
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface Loopback1
PE1(config-if-loopback1)#ip vrf forwarding test
PE1(config-if-loopback1)#ip address 11.1.1.1 255.255.255.255
PE1(config-if-loopback1)exit
PE1(config)#interface te_tunnel1
PE1(config-if-te_tunnel1)#exit
PE1(config)#mpls traffic-eng
PE1(config-mpls-te)#router-id 1.1.1.1
PE1(config-mpls-te)#interface loopback11
PE1(config-mpls-te-if-loopback11)#exit
PE1(config-mpls-te)#interface gei-0/0/1/9
PE1(config-mpls-te-if-gei-0/0/1/9)#exit
PE1(config-mpls-te)#static te_tunnel1
PE1(config-mpls-te-static-te_tunnel1)#role ingress type unidirectional
PE1(config-mpls-te-static-te_tunnel1)#ingress-tunnel-id 1 ingress 1.1.1.1
egress 2.2.2.2
PE1(config-mpls-te-static-te_tunnel1)#lsp 1
PE1(config-mpls-te-static-te_tunnel1-lsp)#out-seg-info out-port gei-0/0/1/9
out-label 3 next-hop 190.1.1.2
PE1(config-mpls-te-static-te_tunnel1-lsp)#exit
PE1(config-mpls-te-static-te_tunnel1)#exit
PE1(config-mpls-te)#exit
3-160
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#router ospf 11
PE2(config-ospf-11)#network 190.1.1.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-11)#network 2.2.2.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-11)#router-id 190.1.1.2
PE2(config-ospf-11)#exit
PE2(config)#interface Loopback1
PE2(config-if-loopback1)#ip vrf forwarding test
PE2(config-if-loopback1)#ip address 22.1.1.1 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface te_tunnel32775
PE2(config-if-te_tunnel32775)#exit
3-161
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#mpls traffic-eng
PE2(config-mpls-te)#router-id 2.2.2.2
PE2(config-mpls-te)#interface loopback12
PE2(config-mpls-te-if-loopback12)#exit
PE2(config-mpls-te)#interface gei-0/0/1/9
PE2(config-mpls-te-if-gei-0/0/1/9)#exit
PE2(config-mpls-te)#static te_tunnel32775
PE2(config-mpls-te-static-te_tunnel32775)#role egress type unidirectional
PE2(config-mpls-te-static-te_tunnel32775)#ingress-tunnel-id 1 ingress 1.1.1.1
egress 2.2.2.2
PE2(config-mpls-te-static-te_tunnel32775)#lsp 1
PE2(config-mpls-te-static-te_tunnel32775-lsp)#in-seg-info in-port gei-0/0/1/9
in-label 3
PE2(config-mpls-te-static-te_tunnel32775-lsp)#exit
PE2(config-mpls-te-static-te_tunnel32775)#exit
PE2(config-mpls-te)#exit
Configuration Verification
Check the TE tunnel as follows:
PE1(config-mpls-te)#show mpls traffic-eng static
Name: tunnel_1
Status:
Admin Status: up
Protocol Status: up
IngressID:1.1.1.1
EgressID:2.2.2.2
Role: Ingress
Policy Class:
Perf Switch: off
Binded LSP 1
Positive Forward Info:
in-port:
in-label:
out-port: gei-0/0/1/9
out-label:3
next-hop: 190.1.1.2
bandwidth: 0
burst: 0
peak: 0
excess-burst: 0
3-162
SJ-20140731105308-013|2014-10-20 (R1.0)
Code
--------------------------------------------------------------------------------Type
InstanceName
PWName/Peer
F ResultTE
Bandwidth
TunnelPolicyNa
test
2.2.2.2
t te_tunnel1
abc
me
VRF
*>
Dest
NextHop
Intag
Outtag
RtPrf
Protocol
11.1.1.1/32
11.1.1.1
212995
notag
Address
11.1.1.1/32
11.1.1.1
212995
notag
Direct
*>
22.1.1.1/32
2.2.2.2
notag
212992
200
BGP-INT
Interface
Owner
*> 11.1.1.1/32
Dest
11.1.1.1
loopback1
Address
*> 22.1.1.1/32
2.2.2.2
te_tunnel1
BGP
Pri Metric
0
200 0
3-163
SJ-20140731105308-013|2014-10-20 (R1.0)
Therefore, the BGP RT constrained route distribution is introduced in RFC to solve this
problem. The main idea of the BGP RT constrained route distribution is that the route
distribution is constrained on the outbound direction, thus saving the router resources of
PE-3 and PE-4.
To implement this function, PE-3 advertises the RT membership information generated
on PE-3 to the corresponding neighbor (RR-1), which stores the information in the
corresponding filter table. Before advertising routing information to PE-3, RR-1 matches
the RT carried by the routing information with the RT in the filter table from PE-3. If they
are matched successfully, RR-1 advertises routing information to PE-3.
3-164
SJ-20140731105308-013|2014-10-20 (R1.0)
Operation Procedure
l
3-165
SJ-20140731105308-013|2014-10-20 (R1.0)
Steps
1. Configure a BGP route-target route.
Step
Command
Function
ZXR10(config-bgp)#neighbor<ipv4-address> remote-as
<as-number>
ZXR10(config-bgp)#address-family route-target
ZXR10(config-bgp-af-rt)#neighbor<ipv4-address>ac
tivate
of route-target routing
information with a neighbor.
Function
ZXR10(config-bgp-af-rt)#timers wait-for-end-of-rib
<wait-time>
ZXR10(config-bgp-af-rt)#constrain-rt-filter disable
3-166
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
ZXR10(config-bgp-af-rt)#maximum-paths<path-number>
<wait-time>: maximum duration of the local router waiting for a neighbor to send
an end-of-rib packet under the Route-Target address family before the local router
advertises the VPNv4 route, after establishment of a BGP Route-Target link. Unit:
seconds, default: 60 seconds.
disable: After the RT filter is disabled, the VPNv4 and VPNv6 routes will not be filtered
based on the import RT of the peer end. By default, the RT filter is enabled.
<path-number>: maximum number of external paths. Default: 1.
3. Verify the configurations.
Command
Function
>{<0-65535>:<0-4294967295>|<1-65535>.<0-65535>:<0-65535
>|A.B.C.D:<0-65535>}
ZXR10#show bgp ipv4 route-target neighbor [<ip-address>]
out]<ip-address>
[{<ipv4-address>|<update-group-number>}]
Configuration Flow
1. Establish the IBGP neighbor relationship between R1 and R2.
2. Activate the neighbor relationship in the Route-Target address family of R1 and R2
separately.
Configuration Commands
Configuration on R1:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ip address 1.1.1.1 255.255.255.0
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface loopback1
R1(config-if-loopback1)#ip address 4.4.4.4 255.255.255.255
R1(config-if-loopback1)#exit
R1(config)#router ospf 1
R1(config-ospf-1)#router-id 4.4.4.4
R1(config-ospf-1)#network 4.4.4.4 0.0.0.0 area 0
R1(config-ospf-1)#network 1.1.1.0 0.0.0.255 area 0
R1(config-ospf-1)#exit
R1(config)#router bgp 2
R1(config-bgp)#neighbor 5.5.5.5 remote-as 2
R1(config-bgp)#neighbor 5.5.5.5 update-source loopback1
R1(config-bgp)#address-family route-target
3-168
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration on R2:
R2(config)#interface gei-0/1/0/1
R2(config-if-gei-0/1/0/1)#no shutdown
R2(config-if-gei-0/1/0/1)#ip address 1.1.1.2 255.255.255.0
R2(config-if-gei-0/1/0/1)#exit
R2(config)#interface loopback1
R2(config-if-loopback1)#ip address 5.5.5.5 255.255.255.255
R2(config-if-loopback1)#exit
R2(config)#router ospf 1
R2(config-ospf-1)#router-id 5.5.5.5
R2(config-ospf-1)#network 1.1.1.0 0.0.0.255 area 0
R2(config-ospf-1)#network 5.5.5.5 0.0.0.0 area 0
R2(config-ospf-1)#exit
R2(config)#mpls ldp instance 1
R2(config-ldp-1)#interface gei-0/1/0/1
R2(config-ldp-1-if-gei-0/1/0/1)#exit
R2(config-ldp-1)#router-id loopback1
R2(config-ldp-1)#exit
R2(config)#router bgp 2
R2(config-bgp)#neighbor 4.4.4.4 remote-as 2
R2(config-bgp)#neighbor 4.4.4.4 update-source loopback1
R2(config-bgp)#address-family route-target
R2(config-bgp-af-rt)#neighbor 4.4.4.4 activate
R2(config-bgp-af-rt)#exit
R2(config-bgp)#exit
R2(config)#interface loopback21
R2(config-if-loopback21)#ip vrf forwarding vrf1
R2(config-if-loopback21)#ip address 21.1.1.5 255.255.255.0
R2(config-if-loopback21)#exit
Configuration Verification
Check information about the BGP route-target routes on R1:
3-169
SJ-20140731105308-013|2014-10-20 (R1.0)
227
25
00:21:08 1
3-170
SJ-20140731105308-013|2014-10-20 (R1.0)
3-171
SJ-20140731105308-013|2014-10-20 (R1.0)
Connections established 1
Last error code is 6, last error subcode is 5
Local host: 4.4.4.4, Local port: 179
Foreign host: 5.5.5.5, Foreign port: 20427
3-172
SJ-20140731105308-013|2014-10-20 (R1.0)
Next Hop
*>i 2:1:11
5.5.5.5
Metric LocPrf
100
RtPrf Path
200 i
Next Hop
2:100:1
4.4.4.4
100
2:1:100
4.4.4.4
100
3-173
SJ-20140731105308-013|2014-10-20 (R1.0)
3-174
SJ-20140731105308-013|2014-10-20 (R1.0)
Chapter 4
Steps
1. Enable pimsm mode.
Step
Command
Function
ZXR10(config)#ip multicast-routing
ZXR10(config-mcast)#router pim
ZXR10(config-mcast-pim)#exit
Step
Command
Function
ZXR10(config-mcast)#vrf <vrf-name>
ZXR10(config-mcast-vrf-vrf-name)#mtunnel
<interface-name>
an mtunnel interface.
ZXR10(config-mcast-vrf-vrf-name)#mdt default
<group-address>
ZXR10(config-mcast-vrf-vrf-name)#mdt data
<group-address><group-mask>[<acl-name>]
of multicast instance.
Command
Function
ZXR10(config-mcast-vrf-vrf-name)#provider-tunnel
{mldp-p2mp | rsvp-te}
2
ZXR10(config-mcast-vrf-vrf-name)#forwarding-p
<acl-name>]
user.
Command
Function
ZXR10(config-mcast-vrf-vrf-name)#router pim
ZXR10(configmcast-vrf-vrf-name-pim)#static-rp
Configures a static
<ip-address>[group-list <prefix-list-name>][priority
<priority>]
Configures a candidate
ZXR10(config-mcast-vrf-vrf-name-pim)#bsr
-candidate <interface-name>[hash-mask-length
<hash-mask-length>][priority <priority>]
ZXR10(config-mcast-vrf-vrf-name-pim)#rp-candid
ority <priority>]
4-2
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-mcast-vrf-vrf-name-pim)#interface
Configures a multicast
<interface-name>
Protocol Independent
Multicast - Sparse Mode
(PIM-SM) interface.
ZXR10(config-mcast-vrf-vrf-name-pim-if-
interface-name)#pimsm
Function
ZXR10(config-mcast-vrf-vrf-name)#multipath
ZXR10(config-mcast-vrf-vrf-name)#multipath
s-g-hash basic
ZXR10(config-mcast-vrf-vrf-name)#multipath
s-g-hash next-hop-based
Function
<group-address>][source <source-address>]
Shows RP information.
ame>]
ZXR10#show ip pim neighbor vrf <vrf-name>[<interface-n
ame>]
interface.
ress <dest-address>]
Command
Function
<group-address>][source-address <source-address>]
End of Steps
Configuration Flow
1.
2.
3.
4.
Configuration Command
1. Configure MPLS VPN enviroment.
Configuration on PE1:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.17 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip address 100.101.102.17 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit
4-4
SJ-20140731105308-013|2014-10-20 (R1.0)
PE1(config)#interface gei-0/1/0/3
PE1(config-if-gei-0/1/0/3)#no shutdown
PE1(config-if-gei-0/1/0/3)#ip vrf forwarding test
PE1(config-if-gei-0/1/0/3)#ip address 100.105.102.17 255.255.255.0
PE1(config-if-gei-0/1/0/3)#exit
PE1(config)#router bgp 1
/*Note: The loopback interface must be used to establish a BGP neighbor
relationship.*/
PE1(config-bgp)#neighbor 1.1.1.19 remote-as 1
PE1(config-bgp)#neighbor 1.1.1.19 activate
PE1(config-bgp)#neighbor 1.1.1.19 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.19 activate
PE1(config-bgp-af-vpnv4)#exit
Configuration on P:
P(config)#interface loopback1
P(config-if-loopback1)#ip address 1.1.1.18 255.255.255.255
P(config-if-loopback1)#exit
P(config)#interface gei-0/1/0/1
P(config-if-gei-0/1/0/1)#no shutdown
P(config-if-gei-0/1/0/1)#ip address 100.101.102.18 255.255.255.0
4-5
SJ-20140731105308-013|2014-10-20 (R1.0)
P(config)#router ospf 1
P(config-ospf-1)#router-id 1.1.1.18
P(config-ospf-1)#network 1.1.1.18 0.0.0.0 area 0
P(config-ospf-1)#network 100.101.102.0 0.0.0.255 area 0
P(config-ospf-1)#network 100.103.102.0 0.0.0.255 area 0
P(config-ospf-1)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.1.1.19
PE2(config-ospf-1)#network 1.1.1.19 0.0.0.0 area 0
PE2(config-ospf-1)#network 100.103.102.0 0.0.0.255 area 0
PE2(config-ospf-1)#exit
4-6
SJ-20140731105308-013|2014-10-20 (R1.0)
PE2(config)#interface gei-0/1/0/3
PE2(config-if-gei-0/1/0/3)#no shutdown
PE2(config-if-gei-0/1/0/3)#ip vrf forwarding test
PE2(config-if-gei-0/1/0/3)#ip address 100.106.102.19 255.255.255.0
PE2(config-if-gei-0/1/0/3)#exit
PE2(config)#router bgp 1
PE2(config-bgp)#neighbor 1.1.1.17 remote-as 1
PE2(config-bgp)#neighbor 1.1.1.17 activate
PE2(config-bgp)#neighbor 1.1.1.17 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.17 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit
4-7
SJ-20140731105308-013|2014-10-20 (R1.0)
3. Configure multicast on P.
P(config)#ip multicast-routing
P(config-mcast)#router pim
P(config-mcast-pim)#interface gei-0/1/0/1
P(config-mcast-pim-if-gei-0/1/0/1)#pimsm
P(config-mcast-pim-if-gei-0/1/0/1)#exit
P(config-mcast-pim)#interface gei-0/1/0/2
P(config-mcast-pim-if-gei-0/1/0/2)#pimsm
P(config-mcast-pim-if-gei-0/1/0/2)#exit
P(config-mcast-pim)#exit
4-8
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
When MPLS VPN is established, execute the show ip forwarding route vrf test command
on PE1 and PE2, as shown in the following:
PE1(config)#show ip forwarding route vrf test
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >bes
Dest
Gw
Interface
Owner
Pri
100.106.102.0/24
1.1.1.19
gei-0/1/0/1
BGP
200
Metric
0
100.105.102.0/24
100.105.102.17
gei-0/1/0/1
DIRECT
100.105.102.17/32
100.105.102.17
gei-0/1/0/1
ADDRESS
DR Priority Uptime
Expires
100.101.102.18
00:01:20
gei-0/1/0/1
00:06:48
Ver
V2
mvpn_tunnel1
DR Priority Uptime
1
00:03:28
Expires
Ver
00:01:17
V2
loopback1
100.101.102.17 gei-0/1/0/1
Up
30
1.1.1.17
Disabled
Up
30
100.101.102.18 Disabled
mvpn_tunnel1 Up
100.105.102.17 gei-0/1/0/3
Up
30
1.1.1.19
Disabled
30
100.105.102.17 Disabled
Group(s): 0.0.0.0/0(NOUSED)
4-10
SJ-20140731105308-013|2014-10-20 (R1.0)
9. View public route. Check whether public network and private network routes are
generated correctly.
PE2#show ip mroute
IP Multicast Routing Table
Flags:NS:SPT upsend, RT:Reg upsend, MT:Tunnel, F:Forward, S:Syn mrt,
NTP:NTP join, FLT:Flt add, FD:Flt del, DPU:Damping enable, DPD:Damping del,
(*, 235.1.1.1), RP: 1.1.1.17, TYPE: DYNAMIC, FLAGS: NS/MT
Incoming interface: gei-0/1/0/1, flags: NS
Outgoing interface list:
loopback1, mvrf: test, flags: NS/MT/S
(1.1.1.17, 235.1.1.1), TYPE: DYNAMIC, FLAGS: MT
Incoming interface: gei-0/1/0/1, flags: NS
Outgoing interface list:
loopback1, mvrf: test, flags: MT/S
(1.1.1.19, 235.1.1.1),
LocalIn
ImoXG
4-11
SJ-20140731105308-013|2014-10-20 (R1.0)
InheritedFromXG
JoinsSG
InoSGRpt
InoSG
InoSG
InheritedFromXG
InoSGRpt
InoSG
4-12
SJ-20140731105308-013|2014-10-20 (R1.0)
Chapter 5
GRE Configuration
Table of Contents
GRE Overview ...........................................................................................................5-1
Configuring a GRE Over IPv4 Tunnel .........................................................................5-3
Configuring a GRE Over IPv6 Tunnel .........................................................................5-5
Configuring a GRE DS-Lite Static Tunnel ...................................................................5-7
Configuring a GRE DS-Lite Dynamic Tunnel ..............................................................5-8
Configuring GRE Keep-Alive ......................................................................................5-9
GRE Configuration Examples...................................................................................5-11
5-1
SJ-20140731105308-013|2014-10-20 (R1.0)
GRE tunnels can be divided into GRE over IPv4 tunnels and GRE over IPv6 tunnels. The
source and destination addresses of the two types of GRE tunnels are obtained through
GRE tunnel configurations.
GRE tunnels can also be divided into DS-Lite static tunnels and DS-Lite dynamic tunnels,
which are deployed in CGN. For a DS-Lite static tunnel, the source IP address and
destination IP address need to be manually configured, and for a DS-Lite dynamic tunnel,
only the source IP address needs to be configured.
GRE tunnel can be established on host-host, host-device, device-host and device-device.
The terminal of tunnel is the final destination of message or the message needs to be
forwarded.
Encapsulation procedure
1. When host or router is sending IPv4 flow, if message outgoing interface is tunnel
interface, verify tunnel type first. If it is GRE tunnel, do the encapsulation of IPv4
header, of which IPv4 header source address and destination address are got by
user manual configuration.
2. After encapsulation, the message will be sent by the IPv4 message sending flow.
De-encapsulation procedure
1. It is the reversed process of encapsulation. Router receives IPv4 data packet.
If IPv4 header protocol number is 47, apply process function of each protocol
of IPv4 registration, enter into GRE de-encapsulation flow, search for matched
tunnel entry according to source address and destination address of message. If
it is found the IPv4 header and GRE header encapsulated by tunnel are removed.
2. The remaining message is handled by IPv4 packet receiving flow.
5-2
SJ-20140731105308-013|2014-10-20 (R1.0)
Encapsulation procedure
1. When host or router is sending IPv6 flow, if message outgoing interface is tunnel
interface, verify tunnel type first. If it is GRE tunnel, do the encapsulation of IPv4
header, of which IPv4 header source address and destination address are got by
user manual configuration.
2. After encapsulation, the message will be sent by the IPv4 message sending flow.
De-encapsulation procedure
1. It is the reversed process of encapsulation. Router receives IPv4 data packet.
If IPv4 header protocol number is 47, apply process function of each protocol
of IPv4 registration, enter into GRE de-encapsulation flow, search for matched
tunnel entry according to source address and destination address of message. If
it is found the IPv4 header and GRE header encapsulated by tunnel are removed.
2. The remaining IPv6 message is handled by IPv6 packet receiving flow.
Steps
1. Create GRE tunnel interface.
Step
Command
Function
ZXR10(config)#interface gre_tunnel<tunnel-nu
mber>
2
ZXR10(config-if-gre_tunnel-number)#ip
address <ip-address><net-mask>
5-3
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config)#gre-config
ZXR10(config-gre)#interface gre_tunnel<tunn
el-number>
configuration mode.
ZXR10(config-gre-if-gre_tunnel-number)#t
unnel mode ip
ZXR10(config-gre-if-gre_tunnel-number)#tu
ZXR10(config-gre-if-gre_tunnel-number)#tu
ZXR10(config-gre-if-gre_tunnel-number)#tu
address.
Command
Function
ZXR10(config-gre-if-gre_tunnel-number)#tu
ZXR10(config-gre-if-gre_tunnel-number)#tu
nnel checksum
3
ZXR10(config-gre-if-gre_tunnel-number)#tu
ZXR10(config-gre-if-gre_tunnel-number)#tu
nnel clear-dont-fragment-bit
message.
ZXR10(config-gre-if-gre_tunnel-number)#tu
function.
ZXR10(config-gre-if-gre_tunnel-number)#tu
nnel bfd
tunnel.
Function
ZXR10#show running-config-interface
gre_tunnel<tunnel-number>
GRE tunnel.
5-4
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
Function
ZXR10#debug gre-tunnel
enabled.
End of Steps
Steps
1. Create GRE tunnel interface.
Step
Command
Function
ZXR10(config)#interface gre_tunnel<tunnel-nu
mber>
2
ZXR10(config-if-gre_tunnel-number)#ip
address <ip-address><net-mask>
Command
Function
ZXR10(config)#gre-config
ZXR10(config-gre)#interface gre_tunnel<tunn
el-number>
configuration mode.
ZXR10(config-gre-if-gre_tunnel-number)#tu
ZXR10(config-gre-if-gre_tunnel-number)#tu
5-5
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-gre-if-gre_tunnel-number)#tu
address.
Command
Function
ZXR10(config-gre-if-gre_tunnel-number)#tu
ZXR10(config-gre-if-gre_tunnel-number)#tu
nnel checksum
3
ZXR10(config-gre-if-gre_tunnel-number)#tu
ZXR10(config-gre-if-gre_tunnel-number)#tu
nnel clear-dont-fragment-bit
message.
ZXR10(config-gre-if-gre_tunnel-number)#tu
function.
The keepalive period of the message
is 10 seconds, and the maximum
retry times is 3.
ZXR10(config-gre-if-gre_tunnel-number)#tu
nnel bfd
tunnel.
Function
ZXR10#show running-config-interface
gre_tunnel<tunnel-number>
GRE.
Function
ZXR10#debug gre-tunnel
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
End of Steps
Steps
1. Create GRE tunnel interface.
Step
Command
Function
ZXR10(config)#interface gre_tunnel<tunnel-number>
ZXR10(config-if-gre_tunnel-number)#ip address
<ip-address><net-mask>
Command
Function
ZXR10(config)#gre-config
ZXR10(config-gre)#interface gre_tunnel<tunnel-nu
mber>
configuration mode.
ZXR10(config-gre-if-gre_tunnel-number)#tun
ZXR10(config-gre-if-gre_tunnel-number)#tun
(IPv6 address).
ZXR10(config-gre-if-gre_tunnel-number)#tun
ZXR10(config-gre-if-gre_tunnel-number)#tun
Function
ZXR10#show running-config-interface
gre_tunnel<tunnel-number>
GRE tunnel.
5-7
SJ-20140731105308-013|2014-10-20 (R1.0)
Command
Function
Function
ZXR10#debug gre-tunnel
enabled.
End of Steps
Steps
1. Create GRE tunnel interface.
Step
Command
Function
ZXR10(config)#interface gre_tunnel<tunnel-number>
ZXR10(config-if-gre_tunnel-number)#ip address
<ip-address><net-mask>
Command
Function
ZXR10(config)#gre-config
ZXR10(config-gre)#interface gre_tunnel<tunnel-nu
mber>
configuration mode.
ZXR10(config-gre-if-gre_tunnel-number)#tun
ZXR10(config-gre-if-gre_tunnel-number)#tun
(IPv6 address).
ZXR10(config-gre-if-gre_tunnel-number)#tun
5-8
SJ-20140731105308-013|2014-10-20 (R1.0)
Function
ZXR10#show running-config-interface
gre_tunnel<tunnel-number>
GRE tunnel.
Function
ZXR10#debug gre-tunnel
enabled.
End of Steps
Steps
1. Create a GRE tunnel interface.
Step
Command
Function
ZXR10(config)#interface gre_tunnel<tunnel-number>
ZXR10(config-if-gre_tunnel-number)#ip address
<ip-address><net-mask>
Command
Function
ZXR10(config)#gre-config
5-9
SJ-20140731105308-013|2014-10-20 (R1.0)
Step
Command
Function
ZXR10(config-gre)#tunnel keepalive-mode {
centralized | distributed}
ZXR10(config-gre)#interface gre_tunnel<tunnel-nu
mber>
configuration mode.
ZXR10(config-gre-if-gre_tunnel-number)#tun
nel mode ip
IPv4.
ZXR10(config-gre-if-gre_tunnel-number)#tun
tunnel.
ZXR10(config-gre-if-gre_tunnel-number)#tun
ZXR10(config-gre-if-gre_tunnel-number)#tun
the tunnel.
ZXR10(config-gre-if-gre_tunnel-number)#tun
function.
Command
Function
ZXR10(config-gre-if-gre_tunnel-number)#tun
ZXR10(config-gre-if-gre_tunnel-number)#tun
nel checksum
ZXR10(config-gre-if-gre_tunnel-number)#tun
ZXR10(config-gre-if-gre_tunnel-number)#tun
nel clear-dont-fragment-bit
5
ZXR10(config-gre-if-gre_tunnel-number)#tun
nel bfd
tunnel.
5-10
SJ-20140731105308-013|2014-10-20 (R1.0)
Function
number>
Function
End of Steps
5-11
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure the interface IP addresses on R1 and R2, create route to make the two
routers interconnected.
2. Create gre_tunnel interface on global mode and allocate the corresponding IP address.
3. Enter into GRE configuration mode at global configuration mode and enter into the
GRE interface to be configured.
4. Configure GRE on R1 and R2 respectively. Set GRE working mode and bound source
and destination interface addresses.
Configuration Command
Configuration on R1:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ip adderss 100.0.0.1 255.255.255.0
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface gre_tunnel1
R1(config-if-gre_tunnel1)#ip address 11.0.0.1 255.255.255.0
R1(config-if-gre_tunnel1)#exit
R1(config)#gre-config
R1(config-gre)#interface gre_tunnel1
R1(config-gre-if-gre_tunnel1)#tunnel mode ip
R1(config-gre-if-gre_tunnel1)#tunnel source ipv4 100.0.0.1
R1(config-gre-if-gre_tunnel1)#tunnel destination ipv4 200.0.0.1
R1(config-gre-if-gre_tunnel1)#exit
R1(config-gre)#exit
Configuration on R2:
R2(config)#interface gei-0/2/0/1
R2(config-if-gei-0/2/0/1)#no shutdown
R2(config-if-gei-0/2/0/1)#ip address 200.0.0.1 255.255.255.0
R2(config-if-gei-0/2/0/1)#exit
R2(config)#interface gre_tunnel1
R2(config-if-gre_tunnel1)#ip address 11.0.0.2 255.255.255.0
R2(config-if-gre_tunnel1)#exit
R2(config)#gre-config
R2(config-gre)#interface gre_tunnel1
R2(config-gre-if-gre_tunnel1)#tunnel mode ip
R2(config-gre-if-gre_tunnel1)#tunnel source ipv4 200.0.0.1
R2(config-gre-if-gre_tunnel1)#tunnel destination ipv4 100.0.0.1
R2(config-gre-if-gre_tunnel1)#exit
R2(config-gre)#exit
5-12
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Verification
Check the GRE configuration on R1 and R2, as shown in the following:
R1(config)#show running-config-interface gre_tunnel1
!<if-intf>
interface gre_tunnel1
ip address 11.0.0.1 255.255.255.0
!</if-intf>
!<gre-tunnel >
gre-config
interface gre_tunnel1
tunnel mode ip
tunnel source ipv4 100.0.0.1
tunnel destination ipv4 200.0.0.1
$
$
!</gre-tunnel >
R2(config)#show running-config-interface
gre_tunnel1
!<if-intf>
interface gre_tunnel1
ip address 11.0.0.2 255.255.255.0
!
!</if-intf>
!< gre-tunnel >
gre-config
interface gre_tunnel1
tunnel mode ip
tunnel source ipv4 200.0.0.1
tunnel destination ipv4 100.0.0.1
$
$
!</ gre-tunnel >
5-13
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure the interface IP addresses on R1 and R2, create route to make the two
routers interconnected.
2. Create gre_tunnel interface on global mode and allocate the corresponding IPv6
address.
3. Enter into GRE configuration mode at global configuration mode and enter into the
GRE interface to be configured.
4. Configure GRE on R1 and R2 respectively. Set GRE working mode and bound source
and destination interface addresses.
Configuration Command
Configuration on R1:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ip adderss 100.0.0.1 255.255.255.0
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface gre_tunnel1
5-14
SJ-20140731105308-013|2014-10-20 (R1.0)
R1(config)#gre-config
R1(config-gre)#interface gre_tunnel1
R1(config-gre-if-gre_tunnel1)#tunnel mode ip
R1(config-gre-if-gre_tunnel1)#tunnel source ipv4 100.0.0.1
R1(config-gre-if-gre_tunnel1)#tunnel destination ipv4 200.0.0.1
R1(config-gre-if-gre_tunnel1)#tunnel key 1
R1(config-gre-if-gre_tunnel1)#exit
R1(config-gre)#exit
Configuration on R2:
R2(config)#interface gei-0/2/0/1
R2(config-if-gei-0/2/0/1)#no shutdown
R2(config-if-gei-0/2/0/1)#ip address 200.0.0.1 255.255.255.0
R2(config-if-gei-0/2/0/1)#exit
R2(config)#interface gre_tunnel1
R2(config-if-gre_tunnel1)#ipv6 enable
R2(config-if-gre_tunnel1)#ipv6 address 2010::22/64
R2(config-if-gre_tunnel1)#exit
R2(config)#gre-config
R2(config-gre)#interface gre_tunnel1
R2(config-gre-if-gre_tunnel1)#tunnel mode ip
R2(config-gre-if-gre_tunnel1)#tunnel source ipv4 200.0.0.1
R2(config-gre-if-gre_tunnel1)#tunnel destination ipv4 100.0.0.1
R2(config-gre-if-gre_tunnel1)#tunnel key 1
R2(config-gre-if-gre_tunnel1)#exit
R2(config-gre)#exit
Configuration Verification
Check the GRE configuration on R1 and R2, as shown in the following:
R1(config)#show running-config-interface gre_tunnel1
! <if-intf>
interface gre_tunnel1
ipv6 enable
ipv6 address 2010::11/64
$
! </if-intf>
! <gre-tunnel>
gre-config
interface gre_tunnel1
5-15
SJ-20140731105308-013|2014-10-20 (R1.0)
Index 17
Bandwidth 100000 Kbps
IPv6 MTU is 1452 bytes
inet6 fe80::2d0:12ff:fe34:561f/10
inet6 2010::11/64
Index 17
Bandwidth 100000 Kbps
IPv6 MTU is 1452 bytes
5-16
SJ-20140731105308-013|2014-10-20 (R1.0)
Configuration Flow
1. Configure IPv6 interface addresses of R1 and R2 and save the addresses in the routes
to make them accessible.
2. In global configuration mode, create the gre_tunnel interface and distribute an IPv6
address to the interface.
3. In global configuration mode, enter GRE configuration mode and the GRE interface to
be configured.
4. Configure GRE tunnels for R1 and R2, set the GRE tunnel mode, and set the source
and destination addresses.
Configuration Commands
Configure R1 as follows:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ipv6 enable
R1(config-if-gei-0/1/0/1)# ipv6 address 100::1/64
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface gre_tunnel1
5-17
SJ-20140731105308-013|2014-10-20 (R1.0)
R1(config)#gre-config
R1(config-gre)#interface gre_tunnel1
R1(config-gre-if-gre_tunnel1)#tunnel mode ipv6
R1(config-gre-if-gre_tunnel1)#tunnel source ipv6 100::1
R1(config-gre-if-gre_tunnel1)#tunnel destination ipv6 200::1
R1(config-gre-if-gre_tunnel1)#exit
R1(config-gre)#exit
Configure R2 as follows:
R2(config)#interface gei-0/2/0/1
R2(config-if-gei-0/2/0/1)#no shutdown
R2(config-if-gei-0/2/0/1)# ipv6 enable
R2(config-if-gei-0/2/0/1)# ipv6 address 200::1/64
R2(config-if-gei-0/2/0/1)#exit
R2(config)#interface gre_tunnel1
R2(config-if-gre_tunnel1)#ipv6 enable
R2(config-if-gre_tunnel1)# ipv6 address 11::2/64
R2(config-if-gre_tunnel1)#exit
R2(config)#gre-config
R2(config-gre)#interface gre_tunnel1
R2(config-gre-if-gre_tunnel1)#tunnel mode ipv6
R2(config-gre-if-gre_tunnel1)#tunnel source ipv6 200::1
R2(config-gre-if-gre_tunnel1)#tunnel destination ipv6 100::1
R2(config-gre-if-gre_tunnel1)#exit
R2(config-gre)#exit
Configuration Verification
Check the GRE tunnel configurations on R1 and R2 as follows:
R1(config)#show running-config-interface gre_tunnel1
!<if-intf>
interface gre_tunnel1
ipv6 enable
ipv6 address 11::1/64
$
!</if-intf>
!<gre-tunnel>
gre-config
interface gre_tunnel1
tunnel mode ipv6
5-18
SJ-20140731105308-013|2014-10-20 (R1.0)
Index 17288
Bandwidth 100000 Kbits
IPv6 MTU is 1452 bytes
inet6 fe80::2d0:12ff:fe34:561f/10
inet6 11::1/64
ND DAD is enabled,number of DAD attemps:3
ND reachable time is 30000 millisecon
Index 17225
Bandwidth 100000 Kbits
IPv6 MTU is 1452 bytes
inet6 fe80::201:12ff:feac:121a/10
inet6 11::2/64
ND DAD is enabled,number of DAD attemps:3
5-19
SJ-20140731105308-013|2014-10-20 (R1.0)
5-20
SJ-20140731105308-013|2014-10-20 (R1.0)
Figures
Figure 2-1 VPWS Working Principle.......................................................................... 2-2
Figure 2-2 VPLS Working Principle ........................................................................... 2-3
Figure 2-3 VPLS Working Principle ........................................................................... 2-4
Figure 2-4 Network Structure of L2VPN VPLS Un-Qualified Configuration .............. 2-13
Figure 2-5 VPLS-MAC Filter Configuration Instance ............................................... 2-23
Figure 2-6 L2VPN VPWS ethernet PW Configuration ............................................. 2-34
Figure 2-7 VPWS BFD Configuration ...................................................................... 2-37
Figure 2-8 VPWS Heterogeneous Function Configuration Instance ........................ 2-41
Figure 2-9 Typical Network Structure of Connecting Two CEs to Two PEs .............. 2-45
Figure 2-10
I
SJ-20140731105308-013|2014-10-20 (R1.0)
II
SJ-20140731105308-013|2014-10-20 (R1.0)
Figures
Figure 3-20 Configuration Instance of MPLS L3VPN Public Network LDP Load
Sharing ................................................................................................. 3-72
Figure 3-21 Configuration Instance of MPLS L3VPN VRF Load Sharing ................. 3-75
Figure 3-22 Network Structure of MPLS L3VPN MPBGP Load Sharing
Configuration Example.......................................................................... 3-78
Figure 3-23 Principles of MPLS L3VPN Crossing Several ASs (Option A)............... 3-83
Figure 3-24 Principles of MPLS L3VPN Crossing Several ASs (Option B)............... 3-85
Figure 3-25 Label Iteration Principles of MPLS L3VPN Crossing Several ASs
(Option C) ............................................................................................. 3-88
Figure 3-26 Label Distribution Principles of MPLS L3VPN Crossing Several ASs
(Option C) ............................................................................................. 3-88
Figure 3-27 Configuration Instance MPLS L3VPN Crossing Several ASs (Option
A).......................................................................................................... 3-90
Figure 3-28 Configuration Instance MPLS L3VPN Crossing Several ASs (Option
B).......................................................................................................... 3-95
Figure 3-29 Configuration Instance MPLS L3VPN Crossing Several ASs (Option
C, Using IBGP Between PE and ASBR).............................................. 3-102
Figure 3-30 Configuration Instance MPLS L3VPN Crossing Several ASs (Option
C, Using IGP Between PE and ASBR) ................................................ 3-108
Figure 3-31 Network Structure of VPN Per Label for MPLS L3VPN Configuration
Example ............................................................................................. 3-115
Figure 3-32 MPLS L3VPN GR Network Structure ................................................. 3-121
Figure 3-33 HoPE Architecture ............................................................................. 3-126
Figure 3-34 Network Architecture of a Single-Level HoPE Application .................. 3-127
Figure 3-35 Network Architecture of a Multilevel HoPE Application ....................... 3-127
Figure 3-36 Single-Level HoPE Network Structure................................................ 3-129
Figure 3-37 Multilevel HoPE Configuration Example ............................................. 3-141
Figure 3-38 Network Structure for BGP Update Group Configuration .................... 3-153
Figure 3-39 Network Structure for L3VPN Tunnel Policy Configuration ................. 3-158
Figure 3-40 Route Redistribution in a Network ...................................................... 3-164
Figure 3-41 VPN Operation Procedure in an AS ................................................... 3-165
Figure 3-42 VPN Operation Procedure Among ASs .............................................. 3-166
Figure 3-43 BGP Route-Target Route Configuration Example............................... 3-168
Figure 4-1 Multicast VPN Configuration Instance ...................................................... 4-4
Figure 5-1 GRE Encapsulation.................................................................................. 5-2
Figure 5-2 Basic IPv4 GRE Configuration Instance ................................................. 5-11
Figure 5-3 GRE 6in4 Configuration Instance ........................................................... 5-14
III
SJ-20140731105308-013|2014-10-20 (R1.0)
Figure 5-4 Network Structure for Basic IPv6 GRE Configuration ............................. 5-17
IV
SJ-20140731105308-013|2014-10-20 (R1.0)
Tables
Table 3-1
Table 3-2 MPLS L3VPN OSPF SHAM-LINK Address Table .................................... 3-28
Table 3-3 MPLS VPN Interface Address Table ........................................................ 3-36
V
SJ-20140731105308-013|2014-10-20 (R1.0)
Tables
VI
SJ-20140731105308-013|2014-10-20 (R1.0)
Glossary
AC
- Access Circuit
ATM
- Asynchronous Transfer Mode
BGP
- Border Gateway Protocol
BSC
- Base Station Controller
BSR
- Bootstrap Router
BTS
- Base Transceiver Station
CAS
- Channel Associated Signaling
CE
- Customer Edge
CPU
- Central Processing Unit
FR
- Frame Relay
FRR
- Fast Reroute
FTN
- Forwarded-To Number
GR
- Graceful Restart
GRE
- General Routing Encapsulation
HDLC
- High-level Data Link Control
IBGP
- Interior Border Gateway Protocol
ICCP
- Inter-Control Center Communications Protocol
VII
SJ-20140731105308-013|2014-10-20 (R1.0)
ILMI
- Interim Local Management Interface
IP
- Internet Protocol
IS-IS
- Intermediate System-to-Intermediate System
ISP
- Internet Service Provider
IT
- Information Technology
LAN
- Local Area Network
LDP
- Label Distribution Protocol
LMI
- Local Management Interface
LSP
- Label Switched Path
LSP
- Link State Packet
LSR
- Label Switch Router
MAC
- Media Access Control
MAN
- Metropolitan Area Network
MC-APS
- Multi-Chassis Automatic Protection Switching
MC-ELAM
- Multi-Chassis Ethernet Link Aggregation Manager
MPBGP
- Multi-Protocol Border Gateway Protocol
MPLS
- Multiprotocol Label Switching
MTU
- Maximum Transmission Unit
NSP
- Network Service Provider
VIII
SJ-20140731105308-013|2014-10-20 (R1.0)
Glossary
OAM
- Operation, Administration and Maintenance
OSPF
- Open Shortest Path First
PDU
- Protocol Data Unit
PE
- Provider Edge
PIM-SM
- Protocol Independent Multicast - Sparse Mode
PPP
- Point to Point Protocol
PW
- Pseudo Wire
PWE3
- Pseudo Wire Emulation Edge-to-Edge
RAN
- Radio Access Network
RD
- Route Distinguisher
RP
- Rendezvous Point
RR
- Router Reflector
SDH
- Synchronous Digital Hierarchy
TDM
- Time Division Multiplexing
TLV
- Type/Length/Value
UNI
- User Network Interface
VC
- Virtual Connection
VC
- Virtual Circuit
VCC
- Virtual Channel Connection
IX
SJ-20140731105308-013|2014-10-20 (R1.0)
VCCV
- Virtual Circuit Connectivity Verification
VFI
- Virtual Forwarding Instance
VLAN
- Virtual Local Area Network
VPLS
- Virtual Private LAN Service
VPN
- Virtual Private Network
VPWS
- Virtual Private Wire Service
WAN
- Wide Area Network
X
SJ-20140731105308-013|2014-10-20 (R1.0)