Beruflich Dokumente
Kultur Dokumente
Carrier-Class Router
Configuration Guide (VPN)
Version: V1.00.30
ZTE CORPORATION
NO. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright © 2011 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
l L2TP Configuration
I
2.6 VPWS Heterogeneous Function Configuration ................................................... 2-56
2.6.1 VPWS Heterogeneous Function Overview ............................................... 2-56
2.6.2 VPWS Heterogeneous Function Principle ................................................ 2-57
2.6.3 Configuring the VPWS Heterogeneous Function ...................................... 2-57
2.6.4 VPWS Heterogeneous Function Maintenance .......................................... 2-58
2.6.5 VPWS Heterogeneous Function Configuration Example ........................... 2-59
2.6.6 VPWS Heterogeneouse Function Fault Handling...................................... 2-62
2.7 L2 VPN and L3 VPN Bridge Function Configuration............................................ 2-64
2.7.1 L2 VPN and L3 VPN Bridge Function Overview ....................................... 2-64
2.7.2 Configuring L2 VPN and L3 VPN Bridge Function .................................... 2-64
2.7.3 L2, L3VPN Bridge Configuration Example................................................ 2-65
2.7.4 L2 VPN and L3 VPN Bridge Fault Handling.............................................. 2-67
2.8 L2 VPN FRR Configuration ............................................................................... 2-69
2.8.1 Configuring L2 VPN FRR ........................................................................ 2-69
2.8.2 L2 VPN FRR Maintenance ...................................................................... 2-70
2.8.3 L2 VPN FRR Configuration Example ....................................................... 2-71
2.8.4 L2 VPN FRR Fault Handling ................................................................... 2-73
2.9 MAC Ping/MAC Trace Configuration.................................................................. 2-74
2.9.1 MAC Ping/MAC Trace Overview.............................................................. 2-74
2.9.2 MAC Ping/MAC Trace Principle............................................................... 2-75
2.9.3 Configuring MAC Ping/MAC Trace .......................................................... 2-76
2.9.4 MAC Ping/MAC Trace Configuration Example.......................................... 2-77
2.9.5 MAC Ping/MAC Trace Fault Handling ...................................................... 2-79
2.10 MC-ELAM Configuration ................................................................................. 2-82
2.10.1 MC-ELAM Overview ............................................................................. 2-82
2.10.2 MC-ELAM Principle .............................................................................. 2-82
2.10.3 Configuring MC-ELAM .......................................................................... 2-83
2.10.4 MC-ELAM Maintenance ........................................................................ 2-86
2.10.5 MC-ELAM Configuration Example ......................................................... 2-88
2.10.6 MC-ELAM Fault Handling ..................................................................... 2-91
II
3.2 MPLS VPN Route Aggregation Configuration..................................................... 3-37
3.2.1 MPLS VPN Route Aggregation Overview................................................. 3-37
3.2.2 Configuring MPLS VPN Route Aggregation.............................................. 3-37
3.2.3 MPLS VPN Route Aggregation Maintenance............................................ 3-38
3.2.4 MPLS VPN Route Aggregation Configuration Example ............................. 3-39
3.2.5 MPLS VPN Route Aggregation Fault Handling ......................................... 3-42
3.3 VPN Route Restriction and Alarm...................................................................... 3-46
3.3.1 VPN Route Restriction and Alarm Overview ............................................. 3-46
3.3.2 Configuring VPN Route Restriction and Alarm.......................................... 3-46
3.3.3 VPN Route Restriction and Alarm Maintenance........................................ 3-47
3.3.4 VPN Route Alarm Configuration Example ................................................ 3-49
3.3.5 VPN Route Restriction and Alarm Fault Handling ..................................... 3-52
3.4 L3 VPN FRR Configuration ............................................................................... 3-55
3.4.1 L3 VPN FRR Overview ........................................................................... 3-55
3.4.2 L3 VPN FRR Principle ............................................................................ 3-55
3.4.3 Configuring L3 VPN FRR ........................................................................ 3-56
3.4.4 L3 VPN FRR Maintenance ...................................................................... 3-56
3.4.5 L3 VPN FRR Configuration Example ....................................................... 3-56
3.4.6 L3 VPN FRR Fault Handling ................................................................... 3-60
3.5 MPLS VPN Load Balancing Configuration.......................................................... 3-62
3.5.1 MPLS VPN Load Balancing Overview...................................................... 3-62
3.5.2 LDP Load Balancing Configuration .......................................................... 3-63
3.5.3 VRF Load Balancing Configuration.......................................................... 3-70
III
5.2.1 L2TP Network Structure............................................................................ 5-2
5.2.2 L2TP Function Overview........................................................................... 5-3
5.2.3 L2TP Negotiation Procedure ..................................................................... 5-4
5.2.4 LTS Function Overview............................................................................. 5-7
5.3 Configuring L2TP ............................................................................................... 5-8
5.4 L2TP Maintenance ............................................................................................5-11
5.5 L2TP Configuration Examples ........................................................................... 5-14
5.5.1 Configuring an LNS ................................................................................ 5-14
5.5.2 Configuring an LTS................................................................................. 5-16
5.6 L2TP Fault Handling......................................................................................... 5-19
5.6.1 Network Topology................................................................................... 5-19
5.6.2 Fault Analysis ........................................................................................ 5-19
5.6.3 Handling Flow ........................................................................................ 5-19
5.6.4 Handling Procedure................................................................................ 5-21
Figures............................................................................................................. I
Tables .............................................................................................................V
Glossary .......................................................................................................VII
IV
About This Manual
Purpose
At first, thank you for choosing ZXR10 routers of ZTE Corporation!
This manual describes the principle, configuration commands, maintenance commands,
configuration examples and fault handling about VPN function of ZXR10 M6000.
Intended Audience
This manual is intended for the following engineers:
l Network planning engineer
l Commissioning engineer
l On-duty personnel
Chapter Summary
Chapter 1 Safety Instruction Introduces safety instruction and symbol description for device
installation, operation and maintenance.
Chapter 2 MPLS L2VPN Describes the MPLS L2VPN principle, configuration commands,
Configuration maintenance commands, configuration examples and fault
handling.
Chapter 3 MPLS L3VPN Describes the MPLS L3VPN principle, configuration commands,
Configuration maintenance commands, configuration examples and fault
handling.
Chapter 4 Multicast VPN Describes the Multicast VPN principle, configuration commands,
Configuration maintenance commands, configuration examples and fault
handling.
Conventions
ZTE documents employ the following typographical conventions.
I
Typeface Meaning
Italics Variables in commands. It may also refers to other related manuals and documents.
Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters and commands.
CAPS Keys on the keyboard and buttons on screens and company name.
Constant Text that you type, program codes, filenames, directory names, function names.
width
[] Optional parameters.
{} Mandatory parameters.
Danger: Indicates an imminently hazardous situation, which if not avoided, will result in
death or serious injury.
Warning: Indicates a hazard that, if not avoided, could result in serious injuries,
equipment damages or interruptions of major services.
Caution: Indicates a potential hazard that, if not avoided, could result in moderate
injuries, equipment damages or partial service interruption.
Tip: Indicates a suggestion or hint to make things easier or more productive for the
reader.
II
Chapter 1
Safety Instruction
Table of Contents
Safety Instruction .......................................................................................................1-1
Safety Signs ...............................................................................................................1-1
Warning!
Indicates the matters needing close attention. If this is ignored, serious injury accidents
may happen or devices may be damaged.
Caution!
Indicates the matters needing attention during configuration.
1-1
Note:
Indicates the description, hint, tip, and so on for configuration operations.
1-2
2-1
1. LSP establishment: A Label Switch Path (LSP) is established through MPLS network.
2. VC allocation: Local PE configures a VCID, allocates a VC label and interacts with the
remote PE.
3. PW establishment: Two PEs interact for negotiation through mapping messages to
establish a PW.
2-2
l TAG
TAG is added by service provider to distinguish users. It is called Service Delimiting
(SDT), also called PTAG.
2-3
l In Raw mode, the type of PW is Ethernet. The packets are transmitted in PW without
PTAG. PTAG will be removed if an AC packet containing PTAG is transmitted in PW.
The information of VLAN tag will not be changed in PW transmission if the AC packet
is transmitted without PTAG.
l In Tag mode, the type of PW is Ethernet-VLAN. The packets are transmitted in PW
with PTAG. PTAG will be kept with the AC packet to transmit to the peer PE if the AC
packet contains PTAG. A PTAG or a special PTAG-Vlan 0tag is encapsulated into the
AC packet if the AC packet is transmitted in PW without PTAG.
Caution!
In both of RAW and Tag modes, the user VLAN tags locating at frame headers are
transmitted transparently without any changing.
There are two modes for MAC address learning, qualified and unqualified modes.
2-4
l Qualified mode
PE learns MAC address according to the MAC address and VLAN tag containing in
user Ethernet packet. In qualified mode, every user VLAN has its own broadcast
domain and independent MAC address space.
l Unqualified mode
PE learns MAC address according to the MAC address containing in user Ethernet
packet. In unqualified mode, all user VLANs share a broadcast domain and a MAC
address space. The MAC address of user VLAN has to be unique. The MAC
addresses cannot be repeated.
PW has two transmission modes, Spoke and Hub modes. To solve the full-connection
broadcast loop and realize the hierarchical accessing, people define PW transmission
attributes Spoke and Hub modes and AC Server/Client mode. In VPLS working
mechanism, PE router broadcasts (flooding) broadcast, multicast and unknow frames to
other network members. The broadcast rules of different modes are described below.
l Broadcast the broadcast packets received from a Spoke mode PW to all ACs (Client
and Server), Hub mode PWs and other Spoke mode PWs.
l Broadcast the broadcast packets received from a Server (Server-AC) to other ACs
(Client and Server), all Spoke mode PWs and Hub mode PWs.
l Broadcast the broadcast packets received from a Hub mode PW to all Server-ACs
and Spoke mode PWs, but not broadcast to other Hub mode PWs and all Client-ACs.
l Broadcast the broadcast packets received from a Client (Client-AC) to all Server-ACs
and Spoke mode PWs, but not broadcast to Hub mode PWs and other Client-ACs.
2-5
7 ZXR10(config-vpls-sdu)#neighbour < A.B.C.D> [ < vcid value> ] This configures a PW and binds an
SDU (if the < vcid value> parameter
is not configured, it is necessary to
configure the default VCID in VPLS
configuration mode in advance).
ZXR10(config-vpls-sdu-pw)#tunnel-policy { auto| mpls-te < This modifies the outer tunnel policy
TE-interface> } of a PW.
ZXR10(config-vpls-sdu-pw)#signal { dynamic | static local < This sets the establishment mode of
16-4095> remote < 16-4096> } a PW to signal triggering.
2-6
Parameter Description
< vcid> VCID of VPLS service. The VCID set here becomes the default VCID.
2-7
Parameter Description
Parameter Description
Parameter Description
< vcid> The VCID used by the PW, in the range of 1-4294967295. if this
parameter is not configured, it is necessary to configure the default
VCID in VPLS configuration mode in advance.
Parameter Description
2-8
Parameter Description
dynamic Dynamic PW
static Static PW
Parameter Description
< vcid> The VCID used by the PW, in the range of 1-4294967295. if this
parameter is not configured, it is necessary to configure the default
vcid in VPLS configuration mode in advance.
Parameter Description
without-ip/udp-header BFD messages do not contain IP/UDP header (by default, the
messages contain IP/UDP header).
2-9
Parameter Description
dynamic Dynamic PW
static Static PW
Parameter Description
Command Function
ZXR10#show l2vpn summary < name> This shows the number of L2VPN
instances.
ZXR10#show l2vpn forwardinfo [ vpnname < vpn-name> | peer < A.B.C.D> This shows the valid PW list according
[ vcid < 1-4294967295> ] ] [ detail] to the instance name or peer ID.
ZXR10#show pwe3 signal [ [ peer < ip-address> ] [ vcid < vcid> ] [ pw-type This shows the information summary of
< pw-type> ] | local-label < value> | remote-label < value> | service-type PW.
{ vpls| vpws| mspw} [ id < value> | name < instance-name> ] | used-only|
unuse-only [ no-remote| no-config] ]
ZXR10#show pwe3 signal [ [ peer < ip-address> ] [ vcid < vcid> ] [ pw-type This shows the PW information in detail,
< pw-type> ] | local-label < value> | remote-label < value> | service-type and lists the reason that PW is down.
{ vpls| vpws| mspw} [ id < value> | name < instance-name> ] | used-only|
unuse-only [ no-remote| no-config] ] detail
2-10
2-11
VcID PW vcid
PWType PW type
State PW state
An example of the show l2vpn forwardinfo detail command output is shown below.
ZXR10#show l2vpn forwardinfo detail
Hearders : ALLOK - Pseudowire Forwarding
PWNF - Pseudowire Not Forwarding
AR - Local AC (ingress) Receive Fault
AT - Local AC (egress) Transmit Fault
PSNR - Local PSN-facing PW (ingress) Receive Fault
PSNT - Local PSN-facing PW (egress) Transmit Fault
PWFS - Pseudowire forwarding standby
RS - Request switchover to this PW
PWSA - Pseudowire Status All Fault
Codes : -unknown, *yes, .no
-------------------------------------------------------------------------------
2-12
VC status VC state
VC ID VCID value
Last status change time The time when the instance state is changed the last time
2-13
vcid PW vcid
pw-type PW type
owner PW vpnid
An example of the show pwe3 signal detail command output is shown below.
ZXR10#show pwe3 signal detail
The detailed signal information of dynamic PWs:
2-14
C-bits: remote Indicate whether the peer signalling message showing supports CWORD.
Sent Indicate whether local end sends mapping message to the peer
An example of the show pwe3 signal statistic command output is shown below.
2-15
Headers : APP - application instance of PW, C-bit - the PWs using control word,
ether - the ethernet raw PWs, vlan - the ethernet tagged PWs,
others - the non-ethernet PWs,
used - signal procedures succeeded and VC-LSPs or transit-LSPs formed
Codes : ?application instance not configured
----+-----+------------------+------------------------+------------------------
type|count| all dynamic PWs | the used dynamic PWs | the unused dynamic PWs
of | of +------------------+------------------------+------------------------
APPs|APPs |total used unused|C-bit ether vlan others|C-bit ether vlan others
----+-----+-----+-----+------+-----+-----+-----+------+-----+-----+-----+------
VPWS 0 0 0 0 0 0 0 0 0 0 0 0
VPLS 1 1 1 0 0 1 0 0 0 0 0 0
MSPW 0 0 0 0 0 0 0 0 0 0 0 0
???? 0 0 0 0 0 0 0 0 0 0 0 0
------------------------------------------------------------------------------
SUM 1 1 1 0 0 1 0 0 0 0 0 0
2-16
Configuration Thought
1. Configure necessary information on the interfaces of CE1 and CE2 connected to PEs.
The interfaces are on the same Ethernet.
2. Configure information on the interfaces of PE1 and PE2 connected to CEs. If the
sub-interfaces are used as ACs, it is necessary to configure VLAN/QinQ encapsulation
on the sub-interfaces.
3. Configure information on the interconnected interfaces between PE1 and PE2 to make
PE1 interconnect to PE2. Configure loopback interfaces on PE1 and PE2 and use
them as LDP router-IDs.
4. Configure routing information to advertise the loopback interface addresses. Make
sure that the next hop/egress of the routes are the LDP public network interfaces in
the next step.
5. Configure an LDP instance. Enable MPLS LDP function on the interconnected
interfaces between PE1 and PE2. Use the interfaces as LDP public network
interfaces. PE1 and PE2 are directly connected, so it is unnecessary to establish a
target-session.
6. Configure a VPLS instance. Make sure that the VPLS neighbors are consistent with
LDP neighbors.
Configuration Comamnds
Configuration on PE1:
Configure addresses on the direct-connected interface between PEs and the loopback
interface:
PE1(config)#interface gei-0/1/0/2
PE1(config-if)#ip address 100.10.1.1 255.255.255.0
PE1(config-if)#no shutdown
PE1(config-if)#exit
PE1(config)#interface loopback1
PE1(config-if)#ip address 100.10.10.1 255.255.255.255
2-17
PE1(config-if)#no shutdown
PE1(config-if)#exit
Configure LDP:
PE1(config)#mpls ldp instance 1
PE1(config-ldp)#router-id loopback1
PE1(config-ldp)#interface gei-0/1/0/2
PE1(config-ldp-if)#exit
PE1(config-ldp)#exit
Configuration on PE2:
Configure addresses on the direct-connected interface between PEs and the loopback
interface:
PE2(config)#interface gei-0/1/0/2
PE2(config-if)#ip address 100.10.10.2 255.255.255.0
PE2(config-if)#no shutdown
PE2(config-if)#exit
PE2(config)#interface loopback1
PE2(config-if)#ip addr 100.10.10.2 255.255.255.255
PE2(config-if)#no shutdown
PE2(config-if)#exit
2-18
Configure LDP:
PE2(config)#mpls ldp instance 1
PE2(config-ldp)#router-id loopback1
PE2(config-ldp)#interface gei-0/1/0/2
PE2(config-ldp-if)#exit
PE2(config-ldp)#exit
Configuration Verification
Check the configuration results. Take PE1 as an example. The procedure to check the
configurations on PE2 is the same as that to check the configurations on PE1.
1. Use the show running-config ospf command to check whether the route configuration
is correct, and use the show ip forwarding route command to view the configuration
result, as shown below.
PE1#show running-config ospf
! <OSPF>
router ospf 1
network 100.10.10.1 0.0.0.0 area 0.0.0.0
/*Advertise the address that will be used as the address of a PW neighbor in VPLS.
When configuring LDP, make sure that this address is used as the LDP router-id,
and use this address to establish an LDP session.*/
network 100.10.1.1 0.0.0.0 area 0.0.0.0
/*Advertise the address on the interface directly connected to the peer PE.
Use this address to establish a connection with the OSPF neighbor.*/
!
! /<OSPF>
PE1#show ip for route 100.10.10.2
IPv4 Routing Table:
status codes: *valid, >best
Dest Gw Interface Owner Pri Metric
*> 100.10.10.2/32 100.10.1.2 gei-0/1/0/2 ospf 110 1
2-19
After the route configuration, the route to the router-id of the VPLS PW neighbor and
also the LDP peer is generated. The local egress interface is gei-0/1/0/2, and the next
hop address is 100.10.1.2.
2. Use the show running-config ldp command to check whether the LDP configuration
is correct, and use the show mpls ldp neighbor instance command to check the
configuration result of LDP neighbor establishment, as shown below.
PE1#show running-config ldp
! <MPLS>
mpls ldp instance 1
router-id loopback1
interface gei-0/1/0/2
/*Do enable MPLS LDP on the egress interface of the route to the LDP neighbor.*/
$
! /<MPLS>
PE1#show mpls ldp neighbor instance 1
Peer LDP Ident: 100.10.10.2:0; Local LDP Ident: 100.10.10.1:0
/*Peer LDP Ident<——>Local LDP Ident, the possible LDP peer is 100.10.10.2:0.
Try to establish an LDP session for this peer.*/
TCP connection: 100.10.10.2.2278 - 100.10.10.1.646
/*The TCP connection to the possible peer is established successfully.
The transmission address to establish a connection is not configured
in this example, so the default router-id is used.*/
State: Oper; Msgs sent/rcvd: 80/72; Downstream
/*The TCP connection to the possible peer is established successfully.
LDP neighbor negotiation on the TCP connection suceeds. The LDP session
to the peer is established successfully (LDP session UP). The information
"ldp state:Oper" means that the LDP session is established successfully.*/
Up Time: 00:54:04
LDP discovery sources:
gei-0/1/0/2; Src IP addr: 100.10.1.2
/*Send LDP discovery packets to through gei-0/1/0/2. The session between
100.10.10.2:0 and 100.10.10.1:0 is maintained by this interface. If the
interface becomes down, the session will be closed.*/
Addresses bound to peer LDP Ident:
100.10.1.2 100.10.10.2 /*The addresses that can be used as LSP
public network interface addresses on the LDP peer*/
2-20
Note:
To establish a VPLS PW, it is necessary to check wether the LDP session to the
specified neighbor exists. This the session does not exist, signalling to establish PW
will not be sent, and the PW cannot be established.
3. Use the show mpls ldp bindings command on PE2 to check whether LDP distributes
the local label of public network for the PW neighbor. After the label is mapped to PE1,
check whether it is marked “inuse” as a remote label.
PE2#show mpls ldp bindings 100.10.10.2 32 detail instance 1
100.10.10.2/32
local binding: label: imp-null
advertised to:
100.10.10.1:0
remote binding: lsr: 100.10.10.1:0, label: 16484
PE1#show mpls ldp bindings 100.10.10.2 32 detail instance 1
100.10.10.2/32
local binding: label: 16484
advertised to:
100.10.10.2:0
remote binding: lsr: 100.10.10.2:0, label: imp-null(inuse)
PE2 distributes an explicit null label {3} for the local loopback address 100.10.10.2.
PE1 learns the label 3 distributed for 100.10.10.2 by PE2. The label is marked “inuse”.
4. Use the show mpls forwarding command to check whether the label distributed to
the PW neighbor is written to the label forwarding table, and use the ping mpls ipv4
command to check whether the public network tunnel to the specified PW neighbor is
established successfully.
PE1#show mpls forwarding-table
Local Outgoing Prefix or Outgoing Next Hop M/S
label label Tunnel Id interface
16484 Poptag 100.10.10.2/32 gei-0/5/0/8 100.10.1.2 M
PE1#ping mpls ipv4 100.10.10.2 32
sending 5,120-byte MPLS echos to 100.10.10.2,timeout is 2 seconds.
Codes: '!' - success, 'Q' - request not transmitted,
'.' - timeout, 'U' - unreachable,
'R' - downstream router but not target
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/1 ms.
5. Use the show pwe3 signal command to check whether the local device can send
signalling to establish a PW. In normal situations, if the LDP session to the specified
PW neighbor exists in the results of Step 2, PWE3 signalling can be sent.
PE1#show pwe3 signal detail
2-21
2-22
7. Use the ping mpls pseudowire command to check whether the PW is established
correctly.
PE1#ping mpls pseudowire 100.10.10.2 10 ether
sending 5,120-byte MPLS echos to 100.10.10.2,timeout is 2 seconds.
After the VPLS application, the two CE devices can ping each successfully.
CE1#ping 10.1.1.2
sending 5,100-byte ICMP echoes to 10.1.1.2,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.
CE2#ping 10.1.1.1
sending 5,100-byte ICMP echoes to 10.1.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.
2-23
2-24
the VPLS peer cannot be established (it is necessary to check whether a public network
label id redistributed to the VPLS peer, and whether the label is marked “inuse”).
Symptom: VPLS forwarding tunnel is up, but traffic cannot be forwarded properly.
The VC tunnel is up, so the inner and the outer labels are distributed correctly. It is
necessary to check the configurations from the PEs to the CEs, and check whether the
planned VPLS PW and AC attributes meet the requirement of forwarding. The procedure
is described below.
1. Check whether AC is configured on the PEs.
2. Check whether the configurations of CEs are correct. VPLS simulates a LAN, so the
CEs should be on the same network segment. If VLAN or QinQ interfaces are used,
make sure that the interface encapsulation modes are consistent.
3. VPLS forwarding complies with broadcast rules. Check whether the VPLS
configuration meets the requirement of forwarding.
2-25
Check whether the VPLS label forwarding tunnel (that is, the VC tunnel) is up.
2-26
Use the show l2vpn forwardinfo command to check whether the VPLS label forwarding
tunnel is up. If the tunnel is down, use the show l2vpn forwardinfo detail command to
check the detailed information. A VPLS label forwarding tunnel consists of a public network
tunnel and a private network PW. If the VC tunnel is down, there are two possible causes.
One is that the PW cannot be up. For this cause, perform Step 2 to Step 5. The other is
that the LSP cannot be established. It is necessary to check the configuration of the public
network tunnel, corresponding to Step 6.
1. Check whether the communications on the physical links to the peer PE are normal.
Use the show ip interface brief command to check whether the physical state is up.
Check the connections on the interfaces. Make sure that the connections are correct
and the direct-links can be pinged successfully.
2. Check whether a peer is configured in the VPLS instance. Check whether the
configurations of the PW parameters are consistent.
Use the show running-config l2vpn command to check whether the peer device is set
to the neighbor (that is, the VPLS peer) in SDU configuration mode on both PEs. If
there is no peer, PW cannot be established. In such a situation, the VPLS can only
be used for the communication between local ACs. On both PEs, check whether the
VCIDs and PW types of the PWs are the same respectively on both directions. During
PW establishment, it is necessary to negotiate these parameters. If the parameters
are not consistent, the negotiation will fail, and the PW cannot be up.
3. Check whether there is a route to the VPLS peer.
Check whether the configuration of Interior Gateway Protocol (IGP) (such as Open
Shortest Path First (OSPF)) is correct. Use the show running-config ospf command
to check whether the route of the 32–bit VPLS peer address is advertised. If the
configurations are correct, use the show ip ospf neighbor command to check the
establishment of OSPF neighbor relationship until the neighbor state is FULL. Use
the show ip forwarding route command to check whether the route is generated. Pay
attention to the egress interface and next hop of the route.
4. Check whether there an LDP session directing to the VPLS peer.
The signalling used by VPLS is an extended signalling of LDP. To establish a PW
between VPLS peers, both peers need to transmit the signalling. So the LDP session
directing to the VPLS peer is mandatory. If the session does not exist, the PW cannot
be up. Use the show running-config ldp command to check the following information.
c. Whether all the interfaces on which MPLS LDP is enabled use the default TCP
connection establishment transmission address.
Use the show mpls ldp neighbor command to check the establishment of LDP neighbor
relationship until the state is Oper.
2-27
2-28
3 ZXR10(config-vpls-mac-name)#filter { source | both | destination} < This filters data frames according to
mac-address> [ vlan < vlan-id> ] MAC addresses in VPLS instance.
Parameter Description
[ qualified] MAC learning policy. Learn MAC address in the specified VLAN.
Parameter Description
both Filter data frames according to the source or destination MAC addresses.
Command Function
ZXR10(config)#show vpls-mac vpls < name> This shows the configured MAC
address entries in VPLS instance.
2-29
VLAN VLAN ID
Configuration Thought
1. Establish VPLS connection between PE1 and PE2.
2. Enter VPLS MAC configuration mode on PE, configure MAC filter rule.
Configuration Commands
Configuration on PE1:
PE1(config)#mpls l2vpn enable
PE1(config)#sdu sdu1
PE1(config)#vpls vpls_a
PE1(config-vpls)#sdu sdu1
PE1(config-vpls-sdu)#neighbour 1.1.1.2 100
PE1(config-vpls-sdu)#exit
2-30
PE1(config)#interface loopback10
PE1(config-if)#ip address 1.1.1.1 255.255.255.255
PE1(config-if)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if)#ip address 2.2.2.1 255.255.255.0
PE1(config-if)#exit
PE1(config)#router ospf 1
PE1(config-ospfv2)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospfv2)#network 2.2.2.0 0.0.0.255 area 0.0.0.0
PE1(config-ospfv2)#exit
PE1(config)#mpls ldp instance 1
PE1(config-ldp)#router-id loopback10
PE1(config-ldp)#interface gei-0/1/0/1
Configuration on PE2:
PE2(config)#mpls l2vpn enable
PE2(config)#sdu sdu1
PE2(config)#vpls vpls_a
PE2(config-vpls)#sdu sdu1
PE2(config-vpls-sdu)#neighbour 1.1.1.1 100
PE2(config-vpls-sdu)#exit
PE2(config)#interface loopback10
PE2(config-if)#ip address 1.1.1.2 255.255.255.255
PE2(config-if)#exit
PE2(config)#interface gei-0/2/0/1
PE2(config-if)#ip address 2.2.2.2 255.255.255.0
PE2(config-if)#exit
PE2(config)#router ospf 1
PE2(config-ospfv2)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospfv2)#network 2.2.2.0 0.0.0.255 area 0.0.0.0
PE2(config-ospfv2)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp)#router-id loopback10
PE2(config-ldp)#interface gei-0/2/0/1
Configuration Verification
Check the configuration on PE1, as shown below.
/*View PW connection*/
PE1(config)#show l2vpn forwardinfo vpls_a
name:vpls_a type:VPLS unqualified PW count:1
description:
/*Here, the UP means that PW connection is successful.*/
PeerID VcID Type Mode CW State Local Remote linkto tunnelID
1.1.1.2 100 VLAN Hub UP 32768 32770 pw1 N-114
2-31
2-32
2-33
VPLS heterogeneouse applies the mode that POS interface is mapped to general Ethernet
interface. Therefore VPLS heterogeneouse mainly completes port mapping, the binding
between general logic Ethernet interface and VPLS instance. But general logic interface
2-34
has Ethernet attribute on the interface and support the binding of VPLS instance. The
main work of VPLS heterogeneouse is port mapping.
When a POS interface is enabled BCP bridge function, it needs to be bound to a logic
Ethernet interface to implement bridge function. At this time, configure Ethernet interface
service on this logic Ethernet interface. These services include layer 2 forwarding service.
For upper layer protocol, not POS physical port but logic Ethernet interface is seen. At this
time, this interface is taken as ordinary Ethernet interface.
For forwarding layer, after POS interface is enabled BCP bridge service, the service that
this interface supports and the resolution and encapsulation mode for packet are similar
with Ethernet interface.
2-35
7 ZXR10(config-vpls-zte)#interface sac ulei< ulei-number> This adds a VPLS instance into ulei
interface.
Configuration Thought
1. Create the routes among PE1, PE2 and PE3.
2. Establish LDP neighbor relationship between PE1 and PE2, between PE1 and PE3,
or between PE2 and PE3.
3. Enable MPLS L2VPN on PE1, PE2 and PE3. Establish a PW. Configure a VPLS
instance and configure the corresponding remote member.
4. Because GE interfaces and FE interfaces can be directly bould to a VPLS instance,
make a POS interface as a AC to connect to a VPLS instance by mapping it to a
physical GE or FE interface. Route-id of each device is shown below.
PE1 1.1.1.1
2-36
PE2 2.2.2.2
PE3 3.3.3.3
Configuration Commands
VPLS heterogeneouse configuration is mainly completed on PE2. For the configuration on
other PEs, please refer to VPLS configuration. The configuration of POS bridge interface
on PE2 and the configuration of the VPLS instance are as follows.
PE2(config)#ppp
PE2(config-ppp)#interface pos12-0/1/0/1
PE2(config-ppp-if)#no ppp ipcp enable
PE2(config-ppp-if)#ppp bcp enable
PE2(config-ppp-if)#exit
PE2(config-ppp)#exit
PE2(config)#request interface ulei-0/1/0/1
PE2(config-ulei-if)#exit
PE2(config)#interface pos12-0/1/0/1
PE2(config-if)#map-to ulei-0/1/0/1
PE2(config-if)#exit
PE2(config)#sdu sdu1
PE2(config)#sdu sdu2
PE2(config)#vpls zte
PE2(config-vpls)#sdu sdu1
PE2(config-vpls-sdu)#neighbour 1.1.1.1 10
PE2(config-vpls)#sdu sdu2
PE2(config-vpls-sdu)#neighbour 2.2.2.2 10
PE2(config-vpls-sdu-pw)#exit
PE2(config-vpls-sdu)#exit
PE2(config-vpls)#sac ulei-0/1/0/1
PE2(config-vpls-sac)#exit
PE2(config-vpls)#exit
PE2(config)#
Configuration Verification
Check the configuration result on PE2.
PE2(config)#show running-config-interface pos12-0/1/0/1
!<INTERFACE>
interface pos12-0/1/0/1
index 23
!
!</INTERFACE>
!<PMAP>
interface pos12-0/1/0/1
2-37
map-to ulei-0/1/0/1
!
!</PMAP>
!<PPP>
ppp
interface pos12-0/1/0/1
ppp bcp enable
no ppp ipcp enable
!</PPP>
PE2#show l2vpn forwardinfo vpnname zte
Hearders: PWType - Pseudowire type and Pseudowire connection mode
Local - Local label, Remote - Remote label
VPNowner - owner type and instance name
Codes: H - HUB mode, S - SPOKE mode, L - VPLS,
W - VPWS, M - MSPW PeerID
VCID PWType State Local Remote VPNowner
1.1.1.1 10 VLAN H UP 81920 81920 L: zte
3.3.3.3 10 VLAN H UP 81921 81920 L: zte
2-38
1. Check whether the peer is configured when VPLS instance is configured. Without the
peer configuration, the link fails to be established.
2. If the peer configuration is already configured, check whether the vcid is same to the
pwtype. Make sure that them are correct.
3. If the vcid and pwtype are the same, check whether LDP neighbor is established suc-
cessfully. PW cannot be created if the LDP neighborhood fails to be established.
Check whether IGP neighbor is established. Make sure that IGP neighbors can ping
the transmission address between each other. (By default, it is the Router-ID.)
4. If LDP link is established but PW is still in DOWN state, check whether LDP allocates
tag to the destination FEC and encapsulates inuse tag. Meanwhile, check LDP
label allocation and tag filtering policy. Make sure that LDP can allocate tag to the
destination FEC and encapsulates inuse tag.
5. Check if POS interface is encapsulated into ulei interface correctly and has correct
mapping relation.
2-39
2-40
2-41
When data packet enters PE router at the port of Layer 2 transparent transmission, PE
router finds the corresponding Tunnel Label and VC Label through matching VCID. PE
router will put two layers labels on the data packet. External layer is Tunnel Label indicating
the route from this PE router to destination PE router. Internal layer is VC Label indicating
which corresponding router port of VCID belongs to on destination PE router.
PE router should monitor Layer 2 protocol state at each port, such as FR Local
Management Interface (LMI) and ATM Interim Local Management Interface (ILMI). When
a fault occurs, users can cancel VC Label through LDP label distribution protocol process
so that Layer 2 transparent transmission is shut off avoiding producing unidirectional
unwanted data stream.
Such Layer 2 transparent transmission based on MPLS changes traditional confinement
that Layer 2 link should be implemented through network switch. It essentially forms a
pattern of One Net Multi-Service pattern and makes the operator provide Layer 2 and Layer
3 Services simultaneously in a MPLS net.
2-42
ZXR10(config-vpws-sdu-pw)#signal { dynamic | static local < This sets the establishment mode of
16-4095> remote < 16-4096> } a PW to signal triggering.
Parameter Description
Parameter Description
Parameter Description
push < 1-4094> Pushes a label. The range of the label is 1–4094.
2-43
Parameter Description
Parameter Description
Parameter Description
without-ip/udp-header BFD messages do not contain IP/UDP header (by default, the
messages contain IP/UDP header).
dynamic Dynamic PW
static Static PW
2-44
Command Function
ZXR10#show l2vpn forwordinfo vpnname [ < vpnname> | < detail> | < peer> ] This shows the valid PW list according
to the instance name.
ZXR10#show pwe3 signal [ { [ peer < A.B.C.D> ] [ vcid < value> ] [ This shows the information summary of
pw-type < pw-type> ] } | used-only | { unused-only [ no-remote | no-config PW.
] } | { service-type { vpws } [ id < value> ] } | { local-label < value> } | {
remote-label < value> } ]
ZXR10#show pwe3 signal detail[ { [ peer < A.B.C.D> ] [ vcid < value> ] [ This shows the PW information in detail,
pw-type < pw-type> ] } | used-only | { unused-only [ no-remote | no-config and lists the reason that PW is down.
] } | { service-type { vpws } [ id < value> ] } | { local-label < value> } | {
remote-label < value> } ]
2-45
VcID PW vcid
PWType PW type
State PW state
2-46
vcid PW vcid
pw-type PW type
owner PW vpnid
An example of the show pwe3 signal detail command output is shown below.
PW entity : < 10.10.10.32 , 100 , ethernet >
LSPs formed : NO ( remote mapping absent )
C-bits : local : NO , remote : --
negotiated : --
MTU : local : 1600 , remote : --
negotiated : --
labels : local : 81927 , remote : --
signal : Configured : YES , Received : NO
Negotiated : NO , Sent : YES
AC ready : YES
application : service-type : VPWS , instance-id: 1
local-VCCV : CC-type : NO , CV-type : NO
remote-VCCV : CC-type : -- , CV-type : --
actual-VCCV : CC-type : -- , CV-type : --
LDP session : The LDP session's state is UP.
attachment-circuit : gei-0/1/0/1
2-47
local-description : gei-0/1/0/1
remote-description : --
remote Indicate whether the peer signalling message showing supports CWORD.
Sent Indicate whether local end sends mapping message to the peer
2-48
Configuration Description
The network topology of an L2VPN VPWS ethernet PW configuration example is shown
in Figure 2-13.
Configuration Thought
1. Configure interface addresses so that PE1 interconnects to PE2.
2. Configure loopback interfaces as the LDP Router-IDs.
3. Configure OSPF to advertise the loopback interface addresses.
4. Configure an LDP instance. It is unnecessary to establish a target-session on the
direct-connected link.
5. Configure an L2VPN instance.
Configuration Commands
Configuration on PE1:
PE1(config)#interface fei-0/1/0/1
PE1(config-if)#ip address 1.1.1.1 255.255.255.0
PE1(config-if)#no shutdown
PE1(config-if)#exit
PE1(config)#interface loopback1
PE1(config-if)#ip address 100.100.1.1 255.255.255.255
PE1(config-if)#no shutdown
PE1(config-if)#exit
PE1(config)#router ospf 200
PE1(config-ospfv2)#interface fei-0/1/0/1
PE1(config-ospfv2-if)#exit
PE1(config-ospfv2)#network 1.1.1.0 0.0.0.255 area 0.0.0.0
PE1(config-ospfv2)#network 100.100.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospfv2)#exit
PE1(config)#mpls ldp instance 100
PE1(config-ldp)#router-id loopback1
PE1(config-ldp)#interface fei-0/1/0/1
PE1(config-ldp-if)#exit
PE1(config-ldp)#exit
2-49
PE1(config)#sdu sdu1
PE1(config)#vpws vpws_zte1
PE1(config-vpws)#sdu sdu1
PE1(config-vpws-sdu)#neighbour 100.100.1.2 20
PE1(config-vpws-sdu-pw)#control-word unused
PE1(config-vpws-sdu-pw)#signal dynamic
PE1(config-vpws-sdu-pw)#tunnel-policy auto
PE1(config-vpws-sdu-pw)#exit
PE1(config-vpws-sdu)#exit
PE1(config-vpws)#sac fei-0/1/0/2
PE1(config-vpws-sac)#service-define ethernet
PE1(config-vpws-sac-eth)#encapsulation raw
PE1(config-vpws-sac-eth)#exit
PE1(config-vpws-sac)#exit
PE1(config-vpws)#exit
Configuration on PE2:
PE2(config)#interface fei-0/1/0/1
PE2(config-if)#ip address 1.1.1.2 255.255.255.0
PE2(config-if)#no shutdown
PE2(config-if)#exit
PE2(config)#interface loopback1
PE2(config-if)#ip address 100.100.1.2 255.255.255.255
PE2(config-if)#no shutdown
PE2(config-if)#exit
PE2(config)#router ospf 200
PE2(config-ospfv2)#interface fei-0/1/0/1
PE2(config-ospfv2-if)#exit
PE2(config-ospfv2)#network 100.100.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospfv2)#network 1.1.1.0 0.0.0.255 area 0.0.0.0
PE2(config-ospfv2)#exit
PE2(config)#mpls ldp instance 100
PE2(config-ldp)#router-id loopback1
PE2(config-ldp)#interface fei-0/1/0/1
PE2(config-ldp-if)#exit
PE2(config-ldp)#exit
PE2(config)#sdu sdu1
PE2(config)#mpls l2vpn enable
PE2(config)#vpws vpws_zte1
PE2(config-vpws)#sdu sdu1
PE2(config-vpws-sdu)#neighbour 100.100.1.1 20
PE2(config-vpws-sdu-pw)#control-word unused
PE2(config-vpws-sdu-pw)#signal dynamic
2-50
PE2(config-vpws-sdu-pw)#tunnel-policy auto
PE2(config-vpws-sdu-pw)#exit
PE2(config-vpws-sdu)#exit
PE2(config-vpws)#sac fei-0/1/0/2
PE2(config-vpws-sac)#service-define ethernet
PE2(config-vpws-sac-eth)#encapsulation raw
PE2(config-vpws-sac-eth)#exit
PE2(config-vpws-sac)#exit
PE2(config-vpws)#exit
Configuration Verification
After the configuration, a VPWS PW can be established successfully. The following
information shows the result of configuration verification.
PE2(config)#show l2vpn forwardinfo detail
Local interface:[VPLS vpls_zte2]
MPLS VC type is ETH, Connection mode: HUB
Destination address: 100.100.1.1, VCID: 40, VC status: DOWN
Create time: 00:15:11 Last status change time: 00:15:11
Signaling protocol: LDP, peer 100.100.1.1:0,DOWN
MPLS VC labels: local -, remote -
Configuration Description
The network topology of an L2VPN VPWS IP heterogeneous PW configuration example
is shown in Figure 2-14.
2-51
Configuration Thought
1. Configure interface addresses so that PE1 interconnects to PE2.
2. Configure loopback interfaces as the LDP Router-IDs.
3. Configure OSPF to advertise the loopback interface addresses.
4. Configure an LDP instance. It is unnecessary to establish a target-session on the
direct-connected link.
5. Configure an L2VPN instance.
Configuration Commands
Configuration on PE1:
PE1(config)#interface fei-0/1/0/1
PE1(config-if)#ip address 1.1.1.1 255.255.255.0
PE1(config-if)#no shutdown
PE1(config-if)#exit
PE1(config)#interface loopback1
PE1(config-if)#ip address 100.100.1.1 255.255.255.255
PE1(config-if)#no shutdown
PE1(config-if)#exit
PE1(config)#router ospf 200
PE1(config-ospfv2)#interface fei-0/1/0/1
PE1(config-ospfv2-if)#exit
PE1(config-ospfv2)#network 1.1.1.0 0.0.0.255 area 0.0.0.0
PE1(config-ospfv2)#network 100.100.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospfv2)#exit
PE1(config)#mpls ldp instance 100
PE1(config-ldp)#router-id loopback1
PE1(config-ldp)#interface fei-0/1/0/1
PE1(config-ldp-if)#exit
PE1(config-ldp)#exit
PE1(config)#sdu sdu2
PE1(config)#mpls l2vpn enable
PE1(config)#vpws vpws_zte2
PE1(config-vpws)#sdu sdu2
PE1(config-vpws-sdu)#neighbour 100.100.1.2 30
PE1(config-vpws-sdu-pw)#control-word unused
PE1(config-vpws-sdu-pw)#signal dynamic
PE1(config-vpws-sdu-pw)#tunnel-policy auto
2-52
PE1(config-vpws-sdu-pw)#exit
PE1(config-vpws-sdu)#exit
PE1(config-vpws)#sac fei-0/1/0/2
PE1(config-vpws-sac)#inter-networking ip
PE1(config-vpws-sac-iwf-ip)#exit
PE1(config-vpws-sac)#exit
PE1(config-vpws)#exit
Configuration on PE2:
PE2(config)#interface fei-0/1/0/1
PE2(config-if)#ip address 1.1.1.2 255.255.255.0
PE2(config-if)#no shutdown
PE2(config-if)#exit
PE2(config)#interface loopback1
PE2(config-if)#ip address 100.100.1.2 255.255.255.255
PE2(config-if)#no shutdown
PE2(config-if)#exit
PE2(config)#router ospf 200
PE2(config-ospfv2)#interface fei-0/1/0/1
PE2(config-ospfv2-if)#exit
PE2(config-ospfv2)#network 100.100.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospfv2)#network 1.1.1.0 0.0.0.255 area 0.0.0.0
PE2(config-ospfv2)#exit
PE2(config)#mpls ldp instance 100
PE2(config-ldp)#router-id loopback1
PE2(config-ldp)#interface fei-0/1/0/1
PE2(config-ldp-if)#exit
PE2(config-ldp)#exit
PE2(config)#sdu sdu2
PE2(config)#mpls l2vpn enable
PE2(config)#vpws vpws_zte2
PE2(config-vpws)#sdu sdu2
PE2(config-vpws-sdu)#neighbour 100.100.1.1 30
PE2(config-vpws-sdu-pw)#control-word unused
PE2(config-vpws-sdu-pw)#signal dynamic
PE2(config-vpws-sdu-pw)#tunnel-policy auto
PE2(config-vpws-sdu-pw)#exit
PE2(config-vpws-sdu)#exit
PE2(config-vpws)#sac fei-0/1/0/2
PE2(config-vpws-sac)#inter-networking ip
PE2(config-vpws-sac-iwf-ip)#exit
PE2(config-vpws-sac)#exit
PE2(config-vpws)#exit
2-53
Configuration Verification
After the configuration, a VPWS PW can be established successfully. The following
information shows the result of configuration verification.
PE2(config)#show l2vpn forwardinfo detail
Local interface:[VPLS vpls_zte2]
MPLS VC type is ETH, Connection mode: HUB
Destination address: 100.100.1.1, VCID: 40, VC status: DOWN
Create time: 00:15:11 Last status change time: 00:15:11
Signaling protocol: LDP, peer 100.100.1.1:0,DOWN
MPLS VC labels: local -, remote -
2-54
2-55
If the fault cannot be solved according to the steps above, please ask for technical support.
2-56
2-57
Parameter Description
Parameter Description
Command Function
ZXR10#show pwe3 signal vcid < vcid> detail This shows the states of the PWs.
An example of the show pwe3 signal vcid 3 detail command output is shown below.
ZXR10#show pwe3 signal vcid 3 detail
The detailed signal information of dynamic PWs:
Some signal information are referred to as follows :
NON - the LDP session is absent,
UP - the LDP session is OPERATIONAL,
GR1 - the LDP session is reconnecting,
GR2 - the LDP session's remote mappings are recovering,
DOWN - not UP(or NON,or GR1,or GR2).
PW entity : <192.168.1.100> , 10 , ethernet
LSPs formed : NO ( LDP session absent )
C-bits : local : NO , remote : ??
negotiated : ??
MTU : local : 1500 , remote : ??
negotiated : ??
labels : local : 81920 , remote : ??
signal : Configured : YES , Received : NO
Negotiated : NO , Sent : NO
AC ready : YES
application : service-type : MSPW , instance-id: 1
local-VCCV : CC-type : NO , CV-type : NO
remote-VCCV : CC-type : ?? , CV-type : ??
actual-VCCV : CC-type : ?? , CV-type : ??
LDP session : The LDP session's state is NON, please check it.
attachment-circuit : ??
local-description : ??
2-58
remote-description : ??
Configuration Thought
1. Configure routes between PE1 and PE2.
2. Establish LDP neighbor relationship between PE1 and PE2.
3. Enable MPLS L2 VPN on PE1 and PE2. Create a PW. Configure a VPLS instance
and configure the related remote member.
4. On PE1, the POS interface works as an AC to connect to the VPLS instance. The GE
interface on the PE is connected to a VPLS instance.
Configuration Commands
The configuration of CE1:
ZXR10(config)#interface pos3-0/5/0/1
ZXR10(config-if)#ip address 100.1.1.1 255.255.255.0
ZXR10(config-if)#exit
2-59
ZXR10(config-ldp-if)#exit
ZXR10(config-ldp)#exit
ZXR10(config)#mpls l2vpn enable
ZXR10(config)#sdu sdu1
ZXR10(config)#vpws yigou
ZXR10(config-vpws)#sac pos3-0/7/1/1
ZXR10(config-vpws-sac)#inter-networking ip
ZXR10(config-vpws-sac-iwf-ip)#exit
ZXR10(config-vpws-sac)#exit
ZXR10(config-vpws)#sdu sdu1
ZXR10(config-vpws-sdu)#neighbour 1.1.1.50 100
ZXR10(config-vpws-sdu-pw)#exit
ZXR10(config-vpws-sdu)#exit
ZXR10(config-vpws)#exit
ZXR10(config)#interface pos3-0/7/1/1
ZXR10(config-if)#no shut
ZXR10(config-if)#exit
ZXR10(config)#ppp
ZXR10(config-ppp)#interface pos3-0/7/1/1
ZXR10(config-ppp-if)#ppp ipcp proxy-address 100.1.1.2
/*Configure PPP proxy so that PPP routes will be generated on CE1*/
ZXR10(config-ppp-if)#end
ZXR10(config)#interface loopback1
ZXR10(config-if)#ip address 1.1.1.50 255.255.255.255
ZXR10(config-if)#exit
ZXR10(config)#interface gei-0/5/0/3
ZXR10(config-if)#ip address 172.20.130.214 255.255.255.252
ZXR10(config-if)#exit
ZXR10(config)#router isis
ZXR10(config-isis)#area 49.0172
ZXR10(config-isis)#system-id 0020.0096.0002
ZXR10(config-isis)#interface gei-0/5/0/3
ZXR10(config-isis-if)#ip router isis
ZXR10(config-isis-if)#end
ZXR10(config)#mpls ldp instance 1
ZXR10(config-ldp)#router-id loopback1
ZXR10(config-ldp)#interface gei-0/5/0/3
ZXR10(config-ldp-if)#exit
ZXR10(config-ldp)#exit
ZXR10(config)#mpls l2vpn enable
ZXR10(config)#sdu sdu1
ZXR10(config)#vpws yigou
ZXR10(config-vpws)#sac gei-0/1/1/8
2-60
ZXR10(config-vpws-sac)#inter-networking ip
ZXR10(config-vpws-sac-iwf-ip)#local-ce mac 0000.2dd4.4aeb
/*This MAC address is the one of CE2*/
ZXR10(config-vpws-sac-iwf-ip)#exit
ZXR10(config-vpws-sac)#exit
ZXR10(config-vpws)#sdu sdu1
ZXR10(config-vpws-sdu)#neighbour 1.1.1.46 100
ZXR10(config-vpws-sdu-pw)#exit
ZXR10(config-vpws-sdu)#exit
ZXR10(config-vpws)#exit
ZXR10(config)#interface gei-0/1/1/5
ZXR10(config-if)#ip address 100.1.1.2 255.255.255.0
ZXR10(config-if)#exit
Configuration Verification
After the configuration, the VPWS PW is Up. CE1 can ping CE2 (100.1.1.2) successfully.
CE1#show ip for rout ppp
IPv4 Routing Table:
status codes: *valid, >best
Dest Gw Interface Owner Pri Metric
*> 1100.1.1.2/32 100.1.1.1 pos3-0/5/0/1 ppp 0 0
2-61
CE1#ping 100.1.1.2
sending 5,100-byte ICMP echoes to 100.1.1.2,timeout is 2 seconds.
!!!!!
2-62
2-63
4. Execute the show mpls ldp bindings command to check whether labels are distributed
correctly and whether inuse tags are made. If not, execute the show running-config ldp
command to check whether label distribution or a label filtering policy is configured.
If it is configured, check whether the rules affect label distribution. If the rules affect
label distribution, delete the rules or modify the LDP policy.
5. Execute the show running-config l2vpn command to check whether MPLS L2 VPN is
enabled, and whether related instance is configured. To ensure that two sites can ping
each other successfully, it is necessary to configure the same VCIDs and the same
PW types in the instance. After that, execute the show l2vpn forwarding vpnname
command to check whether the PW is Up.
6. Check whether the POS interface that works as a VPWS AC is an IP heterogeneouse
interface, and whether PPP proxy is configured on the POS interface.
7. Check whether the AC interface on PE2 is an IP heterogeneouse interface, and
whether the MAC address of CE2 is configured.
If the fault cannot be solved according to the steps above, please ask for technical support.
2-64
Configuration Thought
1. Configure IGP route between PE1 and PE2, PE2 and PE3 to make them interconnect.
2. Establish LDP neighbor relationship between loopback interfaces of PE1 and PE2,
and between loopback interfaces of PE2 and PE3.
3. Create a VPLS instance zte1 between PE1 and PE2, meanwhile CE1 is taken as an
AC accessing PE1.
4. Configure L3 VPN on PE2 and PE3. The Virtual Route Forwarding (VRF) instance
name is zte2.
5. Establish and configure L2 and L3 bridge interfaces on PE2: establish vlan, access
vrf zte2, access VPLS instance zte1, configure IP address.
2-65
Configuration Commands
Configuration on PE2:
ZXR10(config)#request interface ulei-0/1/0/1
ZXR10(config-if)#exit
ZXR10(config)#request interface ulei-0/1/0/2
ZXR10(config-if)#exit
ZXR10(config)#service-bridging virtual-links
ZXR10(config-bridge)#virtual-link ulei-0/1/0/1 ulei-0/1/0/2
ZXR10(config)#interface ulei-0/1/0/2
ZXR10(config-if)#ip vrf forwarding zte2
ZXR10(config-if)#exit
ZXR10(config)#vpls zte1
ZXR10(config-vpls)#sac interface ulei-0/1/0/1
ZXR10(config-vpls-sac)#exit
ZXR10(config-vpls)#exit
ZXR10(config)#interface ulei-0/1/0/2
ZXR10(config-if)#ip address 10.10.10.1 255.255.255.0
ZXR10(config-if)#exit
Configuration Verification
Check the configuration result on PE2.
ZXR10(config)#show running-config-interface ulei-0/1/0/1
!<INTERFACE>
interface Ulei-0/1/0/2
index 570
ip vrf forwarding zte2
ip address 10.10.10.1 255.255.255.0
!
!</INTERFACE>
!<L2VPN>
mpls l2vpn enable
vpls zte1
!</L2VPN>
ZXR10(config)#show arp interface ulei-0/1/0/1
IP Hardware Exter Inter Sub
Address Age Address Interface VlanID VlanID Interface
-----------------------------------------------------------------
10.10.10.1 - 1010.1111.1135 ulei-0/1/0/1 1 N/A N/A
10.10.10.2 01:31:09 00e0.e1d0.5533 ulei-0/1/0/1 1 N/A gei-0/1/0/1
2-66
2-67
2-68
5. Use the show ip bgp summary command to check BGP neighbor state.
6. Use the show arp interface command to check whether bridge interface learns the ARP
address of the peer.
If the fault cannot be solved according to the steps above, please ask for technical support.
2-69
Parameter Description
< value> The number of the SDU or PW redundancy management group, in the
range of 1-55968
Parameter Description
Parameter Description
2-70
Configuration Thought
1. Configure IGP routes on UPE1, NPE2, NPE3 and NPE4 to make them ping each other
successfully. The router-ids are listed below.
Device Route-id
UPE1 1.1.1.1
NPE2 2.2.2.2
NPE3 3.3.3.3
NPE4 4.4.4.4
2. Establish LDP neighbor relationship between the four devices (UPE1, NPE2, NPE3
and NPE4).
3. Create a VPLS instance named zte among NPE2, NPE3 and NPE4. The VCID is 100,
and the PW type is ethernet-vlan. The access mode among them is hub. Meanwhile,
CE2 connects to NPE4 as an AC.
4. Associate the VPLS FRR function. Enter VPLS instance configuration mode on
UPE1 to configure the information related to the VPLS instance zte, and configure
the addresses of the active PW and the standby PW. The link between UPE1 and
2-71
NPE2 is the active PW. The link between UPE1 and NPE3 is the standby PW. CE1
connects to UPE1 as an AC.
Configuration Commands
The VPLS FRR configuration on UPE1:
UPE1(config)#mpls l2vpn enable
UPE1(config)#sdu sdu1
UPE1(config)#pw-redundancy-manager pw_redundancy1
UPE1(config)#vpls zte
UPE1(config-vpls)#spoke-sdu sdu1
UPE1(config-vpls-spoke-sdu)#redundency-manager pw_redundancy
UPE1(config-vpls-spoke-sdu-rm)#exit
UPE1(config-vpls-spoke-sdu)#neighbour 2.2.2.2 100
UPE1(config-vpls-spoke-sdu)#neighbour 3.3.3.3 100 backup
UPE1(config-vpls-spoke-sdu)#exit
UPE1(config-vpls)#mac-withdraw
UPE1(config-vpls)#exit
Configuration Verification
Check the result of the configuration on UPE1, as shown below.
UPE1#show running-config l2vpn
! <L2VPN>
mpls l2vpn enable
vpls zte
mac-withdraw
spoke-sdu sdu1
redundancy-manager pw_redundancy1
pfs-bits unused
2-72
$
neighbour 3.3.3.3 100
encapsulation raw
$
neighbour 2.2.2.2 100 backup
encapsulation raw
$
$
!
! </L2VPN>
2-73
Fault analysis: When the handover is not successful, check whether the standby link is
UP.
If the fault cannot be solved according to the steps above, please ask for technical support.
2-74
EOAM function is defined in 802.3ah Draft. The EOAM function can test information at
Ethernet link layer defined by Institute of Electrical and Electronics Engineers (IEEE) 802.3.
With this function, MAC Ping and MAC Trace provides the Ping mechanism at data link
layer used to check the connectivity of L2 VPN layer. A local device sends a request
message which contains the destination MAC address. The Operation, Administration
and Maintenance (OAM) sub-layer sends out this ping request as an OAM Protocol Data
Unit (PDU). When the receiver receives this request, it will generate an OAM PDU as the
response.
At present, MAC Ping supports CE1 ping CE2, PE1 ping PE2 and PE1 ping CE2 The
parameters of ping command used on CE devices and PE devices are different.
Take the examples of CE1 pinging CE2 and PE1 pinging PE2 to explain the procedure.
l CE1 pinging CE2
CE1 sends a ping request of MAC layer. The request contains the out-interface and
destination MAC of the ping request message. When CE2 receives this request
message, it will send a reply message. If CE1 can receive the reply message within
a period, the link layer is through.
l PE1 pinging PE2
PE1 sends a ping request of MAC layer. The request contains the destination MAC of
the ping request message, VPLS name and peer ID. When PE2 receives this request
message, it will send a reply message. If CE1 can receive the reply message within
a period, the link layer is through.
2-75
At present, MAC Trace supports track from CE1 to CE2, from PE1 to PE2 and from PE1
to CE2.
l CE1 to CE2
CE1 sends a trace request of MAC layer. If the link is through, corresponding MAC
addresses on interfaces of CE1, PE1, PE2 and CE2 will be recorded.
l PE1 to PE2
PE1 sends a trace request of MAC layer. If the link is through, corresponding MAC
addresses on interfaces of PE1 and PE2 will be recorded.
l PE1 to CE2
PE1 sends a trace request of MAC layer. If the link is through, corresponding MAC
addresses on interfaces of PE1, PE2 and CE2 will be recorded.
Command Function
ZXR10#mac-ping < destination-mac> { interface < out-port> | vpls < This uses a private protocol to test the
vpls-name> peer < peer-address> | vpws < vpws-name> peer < peer-address> connectivity to the destination on an
} { summary | detail} [ external-vlan < external-vlan-id> internal-vlan < Ethernet link.
internal-vlan id> | vlan < vlan-id> ] [ repeat < repeat-count> ] [ timeout
< timeout-seconds> ]
Parameter descriptions:
Parameter Description
repeat < repeat-count> Repeating times, in the range of 1–65535, with the default value 5
timeout < timeout seconds> The interval of time-out, in the range of 1–20, with the default value 2
seconds
2-76
Command Function
ZXR10#l2trace < destination-mac> { interface < out-port> | vpls < This uses a private protocol to trace the
vpls-name> peer < peer-address> | vpws < vpws-name> peer < peer-address> path to the destination on an Ethernet
} [ external-vlan < external-vlan-id> internal-vlan < internal-vlan-id> | link.
vlan < vlan-id> ]
Parameter descriptions:
Parameter Description
2-77
Figure 2-27 MAC PING and MAC PING TRACE Configuration Example
Configuration Commands
1. Use MAC Ping on CE1 to test the connectivity of the link to CE2, as shown below.
CE1#mac-ping 00d0.d0c2.7d81 interface gei-0/1/0/1 detail
sending 5,100-byte EOAM echos to 00d0.d0c2.7d81,timeout is
2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/8/20 ms.
Or:
CE1#mac-ping 00d0.d0c2.7d81 interface gei-0/1/0/1 summary
sending 5,100-byte EOAM echos to 00d0.d0c2.7d81,timeout is
2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/8/40 ms.
2. Use MAC Ping on PE1 to test the connectivity of the link to CE2, as shown below.
PE1#mac-ping 00d0.d0c2.7d81 vpls zte peer 10.9.9.9 detail
sending 5,100-byte EOAM echos to 00d0.d0c2.7d81,timeout is
2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/0/0 ms.
2-78
Or:
PE1#mac-ping 00d0.d0c2.7d81 vpls zte peer 10.9.9.9 summary
sending 5,100-byte EOAM echos to 00d0.d0c2.7d81,timeout is
2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/0/0 ms.
3. Use MAC Trace on CE1 to test the connectivity of the link to CE2, as shown below.
CE1#l2trace 00d0.d0c2.7d81 interface gei_3/8
Starting L2 Trace to 00d0.d0c2.7d81
Codes: '!' - success, 'Q' - request not transmitted,
'*' - timeout, 'U' - unreachable,
'R' - downstream router but not target
2-79
2-80
2-81
Figure 2-30 Typical Network Structure of Connecting Two CEs to Two PEs
When AC1 has a fault, NPE2 can be aware of the fault quickly and starts to negotiate
with CE1 to make AC2 be active. So the traffic from CE1 to CE2 is changed over from
AC1 to AC2 directly. Meanwhile, NPE1 or NPE2 needs to send MAC WITHDRAW
messages to other NPE devices in the same Virtual Forwarding Instance (VFI) on the
VPLS network to inform other PEs to age the invalid MAC addresses. In this way, the
traffic from CE2 to CE1 can be learnt through broadcast and be forwarded through
NPE2 correctly.
2-82
In the same way, when NPE1 has a fault, NPE2 can detect the fault through other
detection mechanisms and trigger AC link negotiation, and then it sends MAC
WITHDRAW messages to other NPE devices in the same VFI.
l Connecting two CEs to two PEs in PWE3 application
As shown in Figure 2-31, the Time Division Multiplexing (TDM) service of a Base
Transceiver Station (BTS) is connected to a Base Station Controller (BSC). The
network overlays on the MPLS L2 VPN at the core layer. The BSC is connected to
two devices. Assume that the link between the BSC a device is in Active status, and
the link between the BSC and the other device is in the Standby status. The traffic
from the BTS to the BSC and the traffic from the BSC back to BTS is carried over the
on the Active link. When a fault occurs to the Active link, the service packets from
the BSC to the BTS are changed over to the Standby link. Meanwhile, changeovers
of active and standby PWs at the access layer, the aggregation layer and the core
layer are also executed on the base of the linkage mechanism. When the active PE
has a fault, the PW changeover is executed on the base of PW FRR.
2-83
2-84
Parameter Description
< id> MC-ELAM instance ID, in the range of 1-64, such as mc-elam 1
Parameter Description
Parameter Description
Parameter Description
Parameter Description
Parameter Description
< advertise-interval> The interval of sending protocol packets in an MC-ELAM instance, in the
range of 5-100, defaulting to 10, in the unit of 100 ms
2-85
Parameter Description
< multiplier> The multiplier of protocol packet time-out interval in an MC-ELAM instance,
in the range of 3-180, defaulting to 5
Parameter Description
< holdoff-time> Hold-off time, in the range of 1-120, in the unit of second
Parameter Description
Parameter Description
< id> The ID of a smartgroup interface to be bound to, in the range of 1-64
Command Function
Parameter descriptions:
Parameter Description
2-86
Parameter Description
brief Only shows Master and Slave status of MC-ELAM and bound smartgroup
interface
destination_ip :1.1.1.2
source_ip :0.0.0.0
system_priority :32768
system_mac :00e3.d021.0203
virtual_mcelam_priority :0
virtual_mcelam_smac :0000.0000.0000
sm_state :MCELAM_LOGICAL_NODE
smartgroup_id :1
bind_mode :MCELAM_AUTO_MODE
actor_mcelam_role :SLAVE
actor_lacp_role :SLAVE
actor_sg_admin_state :UP
actor_sg_protocol_state :DOWN
actor_revertive_mode :MCELAM_IMMEDIATELY_MODE
revertive_time :0
actor_adver_int :10
actor_detect_multiplier :5
actor_pwfault :0
partner_mcelam_role :SLAVE
partner_lacp_role :SLAVE
partner_sg_protocol_state:DOWN
partner_adver_int :0
partner_detect_multiplier:0
partner_pwfault :0
Output descriptions
2-87
bind_mode The mode to bind the MC-ELAM instance to the smartgroup interface
actor_lacp_role The role of the smartgroup interface bound to the local MC-ELAM instance
actor_sg_admin_state The administration state of the smartgroup interface bound to the local
MC-ELAM instance
actor_sg_protocol_state The protocol state of the smartgroup interface bound to the local MC-ELAM
instance
actor_detect_multiplier The multiplier of the packet time-out interval in the local MC-ELAM instance
partner_lacp_role The role of the smartgroup interface bound to the peer MC-ELAM instance
partner_sg_protocol_state The protocol state of the smartgroup interface bound to the peer MC-ELAM
instance
partner_detect_multiplier The multiplier of the packet time-out interval in the peer MC-ELAM instance
2-88
Configuration Thought
1. Configure an MC-ELAM instance.
2. Configure the source and the destination IP addresses of the MC-ELAM instance.
3. Configure the MC-ELAM instance to bind to a smmartgroup interface in automatic
mode.
4. Configure the reverting mode of the MC-ELAM instance
Configuration Commands
The configuration of the CE:
CE(config)#mc-elam-configuration
CE(config-mc-elam-configuration)#mc-elam 1
CE(config-mc-elam-instance)#bind smartgroup 1 mode auto
CE(config-mc-elam-instance)#restore immediately
PE1(config)#mc-elam-configuration
PE1(config-mc-elam-configuration)#mc-elam 1
PE1(config-mc-elam-instance)#bind smartgroup 1 mode auto
PE1(config-mc-elam-instance)#restore immediately
PE2(config)#mc-elam-configuration
PE2(config-mc-elam-configuration)#mc-elam 1
PE2(config-mc-elam-instance)#bind smartgroup 1 mode auto
PE2(config-mc-elam-instance)#restore immediately
2-89
Configuration Verification
Execute the show mc-elam 1 command to check the configuration result on the CE, as
shown below.
CE(config-mc-elam-instance)#show mc-elam 1
------------------------------------------------------
mcelam-instance-id :1
destination_ip :0.0.0.0
source_ip :0.0.0.0
system_priority :32768
system_mac :0009.9100.0106
virtual_mcelam_priority
virtual_mcelam_smac :0000.0000.0000
sm_state :MCELAM_LOGICAL_NODE
smartgroup_id :1
bind_mode :MCELAM_AUTO_MODE
actor_mcelam_role :SLAVE
actor_lacp_role :SLAVE
actor_sg_admin_state :UP
actor_sg_protocol_state :UP
actor_revertive_mode :MCELAM_IMMEDIATELY_MODE
revertive_time :0
actor_adver_int :10
actor_detect_multiplier :5
actor_pwfault :0
partner_mcelam_role :SLAVE
partner_lacp_role :SLAVE
partner_sg_protocol_state:DOWN
partner_adver_int :0
partner_detect_multiplier:0
partner_pwfault :0
Use the show mc-elam 1 command to check the configuration result on PE1, as shown
below.
PE1(config-mc-elam-instance)#show mc-elam 1
------------------------------------------------------
mcelam-instance-id :1
destination_ip :0.0.0.0
source_ip :0.0.0.0
system_priority :32768
system_mac :0000.0100.9902
2-90
virtual_mcelam_priority :0
virtual_mcelam_smac :0000.0000.0000
sm_state :MCELAM_LOGICAL_NODE
smartgroup_id :1
bind_mode :MCELAM_AUTO_MODE
actor_mcelam_role :SLAVE
actor_lacp_role :SLAVE
actor_sg_admin_state :UP
actor_sg_protocol_state :UP
actor_revertive_mode :MCELAM_IMMEDIATELY_MODE
revertive_time :0
actor_adver_int :10
actor_detect_multiplier :5
actor_pwfault :0
partner_mcelam_role :SLAVE
partner_lacp_role :SLAVE
partner_sg_protocol_state :DOWN
partner_adver_int :0
partner_detect_multiplier :0
partner_pwfault :0
2-91
2-92
2. Execute the show running-config mc-elam command to check whether the mode to
bind smartgroup interfaces are correct.
CE(config)#show running-config mc-elam
! <MC_ELAM>
mc-elam-configuration
mc-elam 1
timeradvertise 100
system-priority 144
restore revertive 120
destination 1.1.1.2
system-mac 0000.0000.0006
bind smartgroup 1 mode auto
$
! </MC_ELAM>
3. Execute the show running-config mc-elam command to check whether the source and
the destination IP addresses are correct, as shown below.
CE(config-mc-elam-instance)#show running-config mc-elam
! <MC_ELAM>
mc-elam-configuration
mc-elam 1
timeradvertise 100
system-priority 144
restore revertive 120
source 1.1.1.1
destination 1.1.1.2
system-mac 0000.0000.0006
bind smartgroup 1 mode auto
$
! </MC_ELAM>
If the fault cannot be solved according to the steps above, please ask for technical support.
2-93
2-94
3-1
Since MPLS uses AnyToAny connection, the network flexibility and expansibility are
improved. With respect to the flexibility, special control policy can be customized to
meet special requirements of different users to realize value-added services. The
expansibility covers the following two points:
l More VPNs are contained by a network.
l Easy user expansion in the same VPN.
5. Convenience
MPLS is widely used in operator networks. It bring more convenience to enterprise
users establish global VPN.
The related standards and drafts drawn by Internet Engineering Task Force (IETF) for
Border Gateway Protocol (BGP)/MPLS VPN:
l Request For Comments (RFC) 4364BGP/MPLS IP Virtual Private Networks
l RFC 4760 Multiprotocol Extensions for BGP-4
l RFC 2547, BGP/MPLS VPN
l Draft RFC 2547bis, BGP/MPLS VPN
l RFC 2283, multi-protocol extension BGP4
l PE
A PE refers to a router connected to a CE in a customer site in an operator network.
The PE router supports VPN and labeling function (the labeling function can be
provided by RSVP, LDP or Constraint based Routing Label Distribution Protocol
(CRLDP)).
In a single VPN, PE routers are connected by tunnel. The tunnel can be a MPLS LSP
tunnel or a LDP tunnel.
l Provider (P)
Here, “P” refers a router in the core of an operator network, which does not connect
to any router in any customer site, but is a part of MPLS L3 VPN tunnel. “P” supports
MPLS LSP or LDP function, but it does not need to support VPN.
l CE
3-2
The RD is only used between PEs and CEs to differentiate IPv4 addresses of different
VPNs. The ingress generates an RD and converts the received IPv4 route of the CE into
a VPN-IPv4 address. Before advertising the route to the CE, the egress PE converts the
VPN-IPv4 route into an IPv4 route.
3-3
The conventional IGP is used between PE and P to learn the routing information, and the
LDP is used to bind the routing information to label (a label on the backbone network,
called outer label hereinafter).
In this way, the basic network topology and routing information among CE, PE and P are
already formed. Thus, the PE router has the routing information of backbone network and
every VPN.
When CE user data belonging to some VPN enters the network, the system can identify to
which VPN the CE belongs on the interface of CE that connects to PE, and will further read
the next-hop address information in the routing table of the VPN. In addition, the forwarded
3-4
packets will be marked with a VPN label (inner label). In this case, the obtained next-hop
address is the address of a PE that is the peer of this PE.
To reach the destination PE, routing information of backbone network is read from the
source PE , thus to obtain the address of the next P router. Meanwhile, the forwarded user
packets are marked with a backbone network label (outer label).
On backbone network, all the P routers locating behind the source PE read the outer label
to determine the next hop. Therefore, the simple label switching is performed in backbone
network only.
When the packet reaches the last P router before arriving at the destination PE, the outer
label will be removed. After the packet reaches the destination PE, the PE will read the
inner label, find the next-hop CE in the corresponding VPN routing table and send the
packet to the related interface, and then transmit the packet to the CE network of the VPN.
7 ZXR10(config-if)#ip address < ip-address> < netmask> This configures interface address.
Parameter Description
< vrf-name> VRF name, 1 - 32 characters. The name is only valid locally, which is used
for binding an interface to the VPN.
3-5
Parameter Description
export Export the VRF route with route-target extension community attribute
1 ZXR10(config)#ip route vrf < vrf-name> < prefix of destination This configures a static route pointing
ipaddress> < net-mask> { < forwarding-router's-address> [ globle] | < to CE on PE.
interface-name> [ < forwarding-router's-address> ] } [ < distance-metric> It is required to specify a VRF to
] [ metric < metric-number> ] [ bfd enable] which this static route belongs.
3 ZXR10(config)#address-family ipv4 vrf < vrf-name> This enters VRF address family
configuration mode.
Example
As shown in Figure 3-1, static routes run between CE1 and PE1.
3-6
Configure addresses in the same segment on the direct-connected interfaces of CE1 and
PE1. Configure a static route on PE1.
Configuration on CE1:
CE1(config)#interface fei-0/1/0/1
CE1(config-if)#ip address 10.1.0.1 255.255.255.252
CE1(config-if)#exit
CE1(config)#interface fei-0/1/0/2
CE1(config-if)#ip address 10.1.1.254 255.255.255.0
CE1(config-if)#exit
CE1(config)#ip route 10.2.0.0 255.255.0.0 10.1.0.2
Configuration on PE1:
3-7
3 ZXR10(config-rip)#address-family ipv4 vrf < vrf-name> This enters VRF address family
configuration mode.
5 ZXR10(config)#address-family ipv4 vrf < vrf- name> This enters VRF address family
configuration mode.
Example
As shown in Figure 3-2, RIP runs between CE1 and PE1.
Run RIP protocol on CE1 and PE1 respectively. Distribute routing information to each
other in rip vrf and bgp vrfon PE1.
Configuration on CE1:
CE1(config)#router rip
CE1(config)#no auto-summary
CE1(config-rip)#version 2
CE1(config-rip)#network 10.1.0.0 0.0.0.3
3-8
CE1(config-rip)#redistribute connected
CE1(config-rip)#exit
Configuration on PE1:
PE1(config)#router rip
PE1(config-rip)#version 2
PE1(config-rip)#address-family ipv4 vrf vpn_a
PE1(config-rip-vrf)#no auto-summary
PE1(config-rip-vrf)#version 2
PE1(config-rip-vrf)#network 10.1.0.0 0.0.0.3
PE1(config-rip-vrf)#redistribute bgp-int
PE1(config-rip-vrf)#exit
PE1(config-rip)#exit
PE1(config)#router bgp 100
PE1(config)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af)#redistribute rip
PE1(config-bgp-af)#redistribute connected
PE1(config-bgp-af)#exit
1 ZXR10(config)#router ospf < process-id> [ vrf < vrf-name> ] This enters OSPF VRF configuration
mode.
2 ZXR10(config)#network< network-number> < wild-card> area < This designates the interfaces to run
area-id> OSPF and defines area-ID to these
interfaces.
5 ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name> This enters VRF address family
configuration mode.
Example
As shown in Figure 3-3, OSPF runs between CE1 and PE1.
3-9
Configuration on CE1:
CE1(config)#router ospf 1
CE1(config-ospfv2)#network 10.1.0.0 0.0.0.3 area 0.0.0.0
CE1(config-ospfv2)#network 10.1.1.0 0.0.0.255 area 0.0.0.0
Configuration on PE1:
PE1(config)#router ospf 2 vrf vpn_a
PE1(config-ospfv2)#network 10.1.0.0 0.0.0.3 area 0.0.0.0
PE1(config-ospfv2)#redistribute bgp-int
PE1(config-ospfv2)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af)#redistribute ospf-int
PE1(config-bgp-af)#redistribute connected
Example
As shown in Figure 3-4, EBGP runs between CE1 and PE1.
3-10
Configure BGP on CE1 and PE1 respectively. Make sure that CE1 and PE1 can distribute
route to each other.
Configuration on CE1:
CE1(config)#router bgp 65001
CE1(config-bgp)#neighbor 10.1.0.2 remote-as 100
CE1(config-bgp)#neighbor 10.1.0.2 activate
CE1(config-bgp)#redistribute connected
CE1(config-bgp)#exit
Configuration on PE1:
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af)#neighbor 10.1.0.1 remote-as 65001
PE1(config-bgp-af)#neighbor 10.1.0.1 activate
PE1(config-bgp-af)#redistribute connected
PE1(config-bgp-af)#end
2 ZXR10(config)#neighbor < ip-address> remote-as < as-number> This configures BGP neighbor.
3-11
Example
As shown in Figure 3-5, MPBGP runs between PE1 and PE2.
Caution!
Before perform the following configurations, make sure that PE1 and PE2 can ping each
other by using their loopback addresses.
Configuration on PE1:
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.3 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.3 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af)#neighbor 1.1.1.3 activate
PE1(config-bgp-af)#end
Configuration on PE2:
3-12
Configuring AS Override
When BGP runs between PE and CE, users want to reuse AS number in different sites. To
provide the connective between CE1 and CE2, a new method called AS override is used.
After AS override is configured on PE, but before PE sends route update packets to CE,
PE will replace the AS number of each direct-connectd CE device in the entity AS_PATH
by its own AS number. The length of AS_PATH is still kept when AS override is configured.
To configure AS override on ZXR10 M6000, perform the following steps.
2 ZXR10(config)#address-family ipv4 vrf < vrf-name> This enters IPv4 VRF address family
configuration mode.
3-13
Example
As shown in Figure 3-6. P acts as a Router Reflector (RR), the loopback1 address of PE1
is 61.139.36.34/32, the loopback1 address of PE2 is 61.139.36.35/32, and the loopback1
address of P is 61.139.36.31/32.
l Configuration Requirements
à Make sure that PE1 and PE2 can learn loopback addresses between each other.
PE1 and PE2 establish LDP neighborhood with RR respectively.
à RR establishes MP-Interior Border Gateway Protocol (IBGP) neighborhood
with PE1 and PE2 respectively. PE1 and PE2 are RR clients, their Loopback
addresses are used to set up BGP connection.
à A VRF called ok is configured on PE1 and PE2. Configure the same RDs and
RTs.
RR establishes MP-IBGP neighborhood with PE1 and PE2 respectively. PE1 and PE2
are RR clients. PE1 and PE2 advertise a direct-connected route formed by loopback
interface on the private network respectively. As a result, the local PE can learn the
private network loopback route from the peer PE. The next hop of the this route is the
direct-connected address that is used to establish IGP neighborhood with the RR by
the peer PE.
l Configuration Procedure
Configuration on RR (P):
P(config)#router bgp 65190
P(config)#no bgp default route-target filter
P(config-bgp)#neighbor 61.139.36.34 remote-as 65190
P(config-bgp)#neighbor 61.139.36.34 update-source loopback1
P(config-bgp)#neighbor 61.139.36.35 remote-as 65190
3-14
Configuration on PE1:
PE1(config)#ip vrf ok
PE1(config-vrf)#rd 1:1
PE1(config-vrf)#address-family ipv4
PE1(config-vrf-af)#route-target 1:1
PE1(config-vrf-af)#exit
PE1(config-vrf)#exit
PE1(config)#router bgp 65190
PE1(config-bgp)#neighbor 61.139.36.31 remote-as 65190
PE1(config-bgp)#neighbor 61.139.36.31 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af)#neighbor 61.139.36.31 active
PE1(config-bgp-af)#exit
PE1(config-bgp)#exit
PE1(config)#interface loopback10
PE1(config-if)#ip vrf forwarding ok
PE1(config-if)#ip address 10.10.10.10 255.255.0.0
PE1(config-if)#exit
PE1(config)#router bgp 65190
PE1(config-bgp)#address-family ipv4 vrf ok
PE1(config-bgp-af)#redistribute connected
Configuration on PE2:
PE2(config)#ip vrf ok
PE2(config-vrf)#rd 1:1
PE2(config-vrf)#address-family ipv4
PE2(config-vrf-af)#route-target 1:1
PE2(config-vrf-af)#exit
PE2(config-vrf)#exit
PE2(config)#router bgp 65190
PE2(config-bgp)#neighbor 61.139.36.31 remote-as 65190
PE2(config-bgp)#neighbor 61.139.36.31 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af)#neighbor 61.139.36.31 active
PE2(config-bgp-af)#exit
PE2(config-bgp)#exit
PE2(config)#interface loopback20
PE2(config-if)#ip vrf forwarding ok
3-15
Command Function
ZXR10#ping vrf < vrf-name> < ip-address> This inspects network connectivity.
ZXR10#show ip vrf [ brief [ < vrf-name> ] | detail [ < vrf-name> ] | summary] This shows VRF information.
ZXR10#show ip protocol routing vrf < vrf-name> [ network < ip-address> [ This shows VRF protocol routing table.
mask < net-mask> ] ]
ZXR10#show ip route vrf < vrf-name> This shows the VRF forwarding table.
ZXR10#show bgp vpnv4 unicast summary This shows the summary information of
MPBGP neighbors.
Example
l An example of the ping vrf < vrf-name> < ip-address> command output is shown below.
ZXR10#ping vrf test1 10.1.1.2
sending 5,100-byte ICMP echos to 10.1.1.2,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/4/20 ms.
ZXR10#
l An example of the show ip vrf [ brief [ < vrf-name> ] | detail [ < vrf-name> ] | summary]
command output is shown below.
3-16
ZXR10#show ip vrf
* Being deleted
Name Default RD Protocols Interfaces
vpn_a <not set>
jixi 10:10
kk 1:1689 ipv6 gei-0/5/0/1
1234567890abcdefghij 1:1 ipv4
fenix 100:100 ipv4
mng <not set> ipv4,ipv6 mgmt_eth-0/20/0/1
ZXR10#
l An example of the show ip protocol routing vrf < vrf-name> [ network < ip-address> [
mask < net-mask> ] ] command output is shown below.
ZXR10#show ip protocol routing vrf test1
Routes of vpn:
status codes: *valid, >best
Dest NextHop Intag Outtag RtPrf Protocol
*> 10.1.1.0/24 10.1.1.0 153 notag 0 connected
*> 10.1.1.1/32 10.1.1.1 152 notag 0 connected
*> 10.10.10.0/24 10.10.3.3 22 17 200 bgp_int
*> 100.1.1.0/24 10.1.1.2 20 notag 20 bgp_ext
*> 200.1.1.0/24 10.10.3.3 21 27 200 bgp_int
3-17
Configuration Description
As shown in Figure 3-7, CE1 and CE2 belong to the same VPN. The loopback address of
CE1 is 100.1.1.1/24, and that of CE2 is 200.1.1.1/24.
Make sure that CE1 and CE2 can learn the loopback routes between each other by using
OSPF. The BGP runs between CE1 and PE1, while the OSPF runs between CE2 and PE2.
CE1 and CE2 can learn the routes from each other, and the ping is successful between
them.
gei-0/1/0/3 10.10.12.1/24
P gei-0/1/0/4 10.10.12.2/24
gei-0/1/0/5 10.10.23.2/24
gei-0/1/0/7.10 10.10.10.1/24
Configuration Thought
1. Configure the IP addresses of loopback1 and physical interface on CE1. Establish
EBGP neighborhood between CE1 and PE1. Advertise the loopback address in BGP.
3-18
Configuration Commands
Configuration on CE1:
CE1(config)#interface loopback1
CE1(config-if)#ip address 100.1.1.1 255.255.255.0
CE1(config-if)#exit
CE1(config)#interface gei-0/1/1/1
CE1(config-if)#ip address 10.1.1.2 255.255.255.0
CE1(config-if)#exit
CE1(config)#router bgp 200
CE1(config-bgp)#network 100.1.1.0 255.255.255.0
CE1(config-bgp)#neighbor 10.1.1.1 remote-as 100
Configuration on PE1:
PE1(config)#ip vrf test1
PE1(config-vrf)#rd 100:1
PE1(config-vrf)#address-family ipv4
PE1(config-vrf-af)#route-target import 100:1
PE1(config-vrf-af)#route-target export 100:1
PE1(config-vrf-af)#exit
PE1(config-vrf)#exit
PE1(config)#interface loopback1
PE1(config-if)#ip address 10.10.1.1 255.255.255.255
PE1(config-if)#exit
PE1(config)#interface gei-0/1/0/3
PE1(config-if)#ip address 10.10.12.1 255.255.255.0
PE1(config-if)#mpls ldp
3-19
PE1(config-ldp)#route-id loopback1
PE1(config-ldp)#interface gei-0/1/0/3
PE1(config-ldp-if)#exit
PE1(config-ldp)#exit
PE1(config)#interface gei-0/1/0/2
PE1(config-if)#ip vrf forwarding test1
PE1(config-if)#ip address 10.1.1.1 255.255.255.0
PE1(config-if)#exit
PE1(config)#router ospf 1
PE1(config-ospfv2)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE1(config-ospfv2)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 10.10.3.3 remote-as 200
PE1(config-bgp)#neighbor 10.10.3.3 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af)#redistribute connected
PE1(config-bgp-af)#neighbor 10.1.1.2 remote-as 200
PE1(config-bgp-af)#exit-address-family
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af)#neighbor 10.10.3.3 activate
PE1(config-bgp-af)#exit-address-family
PE1(config-bgp)#exit
Configuration on P:
P(config)#interface gei-0/1/0/4
P(config-if)#ip address 10.10.12.2 255.255.255.0
P(config-if)#exit
P(config)#mpls ldp
P(config-ldp)#interface gei-0/1/0/4
P(config-ldp-if)#exit
P(config-ldp)#exit
P(config)#interface gei-0/1/0/5
P(config-if)#ip address 10.10.23.2 255.255.255.0
P(config-if)#exit
P(config)#mpls ldp
P(config-ldp)#interface gei-0/1/0/5
P(config-ldp-if)#exit
P(config-ldp)#exit
P(config)#interface loopback1
P(config-if)#ip address 10.10.2.2 255.255.255.255
P(config-if)#exit
P(config)#router ospf 1
P(config)#mpls ldp
P(config-ldp)#router-id loopback1
P(config-ldp)#exit
3-20
3-21
PE2(config-bgp-af)#redistribute connected
PE2(config-bgp-af)#exit-address-family
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af)#neighbor 10.10.1.1 activate
PE2(config-bgp-af)#exit-address-family
PE2(config-bgp)#exit
Configuration on CE2:
CE2(config)#interface loopback1
CE2(config-if)#ip address 200.1.1.1 255.255.255.0
CE2(config-if)#exit
CE2(config)#interface gei-0/1/0/8.10
CE2(config-if)#exit
CE2(config)#vlan-configuration
CE2(vlan-config)#interface gei-0/2/0/8.10
CE2(subvlan-if-config)#encapsulation-dot1q 10
CE2(subvlan-if-config)#exit
CE2(vlan-config)#exit
CE2(config)#interface gei-0/2/0/8.10
CE2(config-subif)#ip address 10.10.10.2 255.255.255.0
CE2(config)#router ospf 1
CE2(config-ospf)#network 10.10.10.2 0.0.0.0 area 0
CE2(config-ospf)#network 200.1.1.1 0.0.0.0 area 0
Configuration Verification
View the EBGP connection running between CE1 and PE1, as shown below.
View the routing table of CE1. Here, the BGP route is the VPN route learnt by CE1.
ZXR10#show ip forwarding route
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
10.1.1.0/24 10.1.1.2 gei-0/1/0/1 DIRECT 0 0
10.1.1.0/32 10.1.1.0 gei-0/1/0/1 MARTIAN 0 0
10.1.1.2/32 10.1.1.2 gei-0/1/0/1 ADDRESS 0 0
10.1.1.255/32 10.1.1.255 gei-0/1/0/1 BROADCAST 0 0
100.1.1.0/24 100.1.1.1 loopback1 DIRECT 0 0
100.1.1.0/32 100.1.1.0 loopback1 MARTIAN 0 0
100.1.1.1/32 100.1.1.1 loopback1 ADDRESS 0 0
100.1.1.255/32 100.1.1.255 loopback1 BROADCAST 0 0
200.1.1.1/32 10.1.1.1 gei-0/1/0/1 BGP 20 0
3-22
Configuration Description
As shown in Figure 3-8, CE1 and CE2 belong to the same VPN. The loopback address of
CE1 is 100.1.1.1/24, and that of CE2 is 200.1.1.1/24.
Make sure that CE1 and CE2 can learn the loopback routes from each other through the
sham-link running between PE1 and PE2. CE1 and PE1 run OSPF VRF. CE2 and PE2
run OSPF VRF.
gei-0/1/0/9 20.1.1.2/24
gei-0/1/0/3 10.10.12.1/24
P gei-0/1/0/4 10.10.12.2/24
gei-0/1/0/5 10.10.23.2/24
gei-0/1/0/7.10 10.10.10.1/24
gei-0/1/0/10 20.1.1.1/24
Configuration Thought
1. Configure the IP addresses of loopback and physical interfaces on CE1. Configure
OSPF route.
2. Advertise the loopback interface IP address and the direct-connected network
segment in OSPF.
3-23
3. Set up SHAM-LINK.
Configuration Commands
Configuration on CE1:
CE1(config)#interface loopback1
CE1(config-if)#ip address 100.1.1.1 255.255.255.0
CE1(config-if)#exit
CE1(config)#interface gei-0/1/0/1
CE1(config-if)#ip address 10.1.1.2 255.255.255.0
CE1(config-if)#exit
CE1(config)#interface gei-0/1/0/9
CE1(config-if)#ip address 20.1.1.2 255.255.255.0
CE1(config-if)#exit
CE1(config)#router ospf 1
CE1(config-ospfv2)#network 10.1.1.0 0.0.0.255 area 0
CE1(config-ospfv2)#network 20.1.1.0 0.0.0.255 area 0
CE1(config-ospfv2)#network 100.1.1.1 0.0.0.0 area 0
Configuration on PE1:
PE1(config)#ip vrf test1
PE1(config-vrf)#rd 100:1
PE1(config-vrf)#address-family ipv4
PE1(config-vrf-af)#route-target import 100:1
PE1(config-vrf-af)#route-target export 100:1
PE1(config-vrf-af)#exit
PE1(config-vrf)#exit
PE1(config)#interface loopback1
PE1(config-if)#ip address 10.10.1.1 255.255.255.255
PE1(config-if)#exit
PE1(config)#interface gei-0/1/0/3
PE1(config-if)#ip address 10.10.12.1 255.255.255.0
PE1(config-if)#exit
PE1(config)#interface loopback64
PE1(config-if)#ip vrf forwarding test1
PE1(config-if)#ip address 64.64.64.1 255.255.255.255
PE1(config-if)#exit
PE1(config)#mpls ldp
PE1(config-ldp)#interface gei-0/1/0/3
PE1(config-ldp-if)#exit
PE1(config-ldp)#exit
PE1(config)#interface gei-0/1/0/2
PE1(config-if)#ip vrf forwarding test1
PE1(config-if)#ip address 10.1.1.1 255.255.255.0
PE1(config-if)#exit
3-24
PE1(config)#router ospf 1
PE1(config-ospfv2)#router-id 10.10.1.1
PE1(config-ospfv2)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE1(config-ospfv2)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 10.10.3.3 remote-as 100
PE1(config-bgp)#neighbor 10.10.3.3 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af)#redistribute connected
PE1(config-bgp-af)#redistribute ospf-int
PE1(config-bgp-af)#exit-address-family
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af)#neighbor 10.10.3.3 activate
PE1(config-bgp-af)#exit-address-family
PE1(config-bgp)#exit
PE1(config)#router ospf 100 vrf test1
PE1(config-ospfv2)#network 10.1.1.0 0.0.0.255 area 0
PE1(config-ospfv2)#redistribute bgp-int
PE1(config-ospfv2)#area 0 sham-link 64.64.64.1 64.64.64.2
PE1(config-ospfv2)#exit
PE1(config)#mpls ldp
PE1(config-ldp)#router-id loopback1
PE1(config-ldp)#exit
Configuration on P:
P(config)#interface gei-0/1/0/4
P(config-if)#ip address 10.10.12.2 255.255.255.0
P(config)#mpls ldp
P(config-ldp)#interface gei-0/1/0/4
P(config-ldp-if)#exit
P(config-ldp)#exit
P(config)#interface gei-0/1/0/5
P(config-if)#ip address 10.10.23.2 255.255.255.0
P(config-if)#exit
P(config)#mpls ldp
P(config-ldp)#interface gei-0/1/0/5
P(config-ldp-if)#exit
P(config-ldp)#exit
P(config)#interface loopback1
P(config-if)#ip address 10.10.2.2 255.255.255.255
P(config-if)#exit
P(config)#router ospf 1
P(config-ospfv2)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
P(config-ospfv2)#exit
P(config)#mpls ldp
3-25
P(config-ldp)#router-id loopback1
P(config-ldp)#exit
3-26
Configuration on CE2:
CE2(config)#interface loopback1
CE2(config-if)#ip address 200.1.1.1 255.255.255.0
CE2(config-if)#exit
CE2(config)#interface gei-0/1/0/8.10
CE2(config-subif)#exit
CE2(config)#vlan-configuration
CE2(vlan-config)#interface gei-0/1/0/8.10
CE2(subvlan-if-config)#encapsulation-dot1q 10
CE2(subvlan-if-config)#exit
CE2(vlan-config)#exit
CE2(config)#interface gei-0/1/0/8.10
CE2(config-subif)#ip address 10.10.10.2 255.255.255.0
CE2(config-subif)#exit
CE2(config)#interface gei-0/1/0/10
CE2(config-subif)#ip address 20.1.1.1 255.255.255.0
CE2(config-subif)#exit
CE2(config)#router ospf 1
CE2(config-ospfv2)#network 10.10.10.2 0.0.0.0 area 0
CE2(config-ospfv2)#network 200.1.1.1 0.0.0.0 area 0
CE2(config-ospfv2)#network 20.1.1.1 0.0.0.0 area 0
CE2(config-ospfv2)#exit
Configuration Description
As shown in Figure 3-9, custom has two sites, site 1 and 2, and they need VPN connection.
Site 1 connects to AS100, and site 2 connects to AS200. Both site 1 and site 2 provide
MPLS VPN. To set up MPLS VPN connection between site 1 and site 2, back-to-back
(VRF-VRF) is used. This is the simplest mode to realize VPN between ASs.
3-27
Configuration Thought
1. All of PE1, PE2 and PE3, PE4 have VPN1. The RD is 1:1, and the RT is 1:1.
2. Establish LDP, IGP and MPIGP neighborhoods between PE1 and PE2. Establish LDP,
IGP and MP-IBGP neighborhoods between PE3 and PE4. Advertise the loopback
addresses by IGP.
Configuration Commands
1. Bind vpn1 to PE1. Establish EBGP connection between PE1 and CE1.
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af)#neighbor 100.1.1.2 remote-as 65000
2. Establish MP-IBGP neighborhood between PE1 and PE2 by using the loopback
interfaces 1.2.3.4 and 2.3.4.5.
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.2.3.4 remote-as 100
PE1(config-bgp)#neighbor 1.2.3.4 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af)#neighbor 1.2.3.4 active
3-28
Configuration Verification
Use the show ip bgp summary command on PE1 to view the EBGP neighborhood
established with 100.1.1.2.
3-29
Use the show bgp vpnv4 unicast neighbor 1.2.3.4 command on PE2 to view the
configuration, as shown below
PE2# show bgp vpnv4 unicast neighbor 1.2.3.4
Neighbor capabilities:
Route refresh: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Graceful Restart Capability: advertised and received
Use the show ip bgp summary command on PE4 to view the EBGP neighborhood
establishing with 200.1.1.2.
PE4#show ip bgp summary
Neighbor Ver As MsgRcvd MsgSend Up/Down(s) State/PfxRcd
200.1.1.2 4 65000 0 0 00:15:00
Use the show bgp vpnv4 unicast neighbor 4.5.6.7 command on PE3, as shown below.
Use the show ip bgp summary command on PE2 to view the MP-EBGP neighborhood
established with 150.3.2.3 (PE3).
PE2#show ip bgp summary
Neighbor Ver As MsgRcvd MsgSend Up/Down(s) State/PfxRcd
150.3.2.3 4 200 0 0 00:22:35
3-30
In the information displayed, check whether there is a VRF route that is advertised
by the peer PE in the Dest column (in this example, it is the route to the 2.2.2.0/24
segment), whether the NextHop is correct (the peer MPBGP neighbor address, in this
example, it is 100.10.1.1), whether there are Intag and Outtag, whether the tags are
correct, and whether the corresponding RtPrf and Protocol are correct.
2. Use the show bgp vpnv4 unicast summary comamnd to view BGP neighborhood.
PE2#show bgp vpnv4 unicast summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
9.4.7.1 4 1 0 0 00:00:00 Connect
100.10.1.1 4 1 5189 5185 1d19h 6
PE2#
In this example, the State/PfxRcd of the 9.4.7.1 neighbor is Connet. This means that
it is in TCP connection stage and the MPBGP neighborhood has not be established
successfully yet. The state of the 100.10.1.1 neighbor is 6. This means that the router
learns 6 routes from the peer PE.
3-31
The “*> 100.10.1.1/32 100.2.1.1gei-0/0/0/8 ospf 110 1” route is the route to the MPBGP
neighbor learnt through IGP.
Meanwhile, the “*> 100.10.2.2/32 100.10.2.2 loopback1 address 0 0” route is needed
to be redistributed in MPBGP and learnt by the peer PE.
4. Use the show mpls forwarding table command to check whether public network
labels are distributed for the 32–bit address of the MPBGP neighbor. If no label is
distributed, use the show mpls ldp neighbor instance command to check whether LDP
neighborhood is established. If the neighborhood is normal and there is no label,
check whether label filter is used in LDP. An example of the show mpls forwarding
table command output is shown below.
PE2#show mpls forwarding-table
Local Outgoing Prefix or Outgoing Next Hop M/S
label label Tunnel Id interface
16384 Untagged 100.10.1.1/32 gei-0/0/0/8 100.2.1.1 M
PE2#
The information shows that public network labels are distributed for the 32–bit address
of the MPBGP neighbor. The outgoing label is distributed by the peer, because
3-32
100.10.1.1 is the loopback address of the peer. As the last hop of the LSP, the peer
distributes the Untagged label for the neighbor. The label distributed by the local
device is 16384. This label is used by the upstream LSR.
3-33
3-34
Inspect whether the value of Outtag (163544) is the same to the Intag value of the
peer PE. If it is, the private label is correct. Otherwise, the private label is incorrect.
Inspect whether the neighbor configuration is correct. Inspect whether the value
behind remote-as is correct. Inspect whether the direct-connected route is
redistributed in VRF address family configuration mode. Inspect whether activate the
neighbor in VPNv4 address family configuration mode.
4. Check whether there are routes to the LDP router IDs of all devices along the
LSP in the public network routes, and whether there are routes to the connection
3-35
establishment address of the MPBGP neighbor. Use the show ip forwarding route
command command to inspect public network route.
ZXR10#show ip forwarding route
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
1.1.1.38/32 170.1.1.38 gei-0/3/0/10 OSPF 110 2
5. Use the show running-config bgp command to view BGP configuration.
ZXR10#show running-config bgp
!
!
router bgp 200
neighbor 200.1.1.35 remote-as 200
neighbor 200.1.1.35 activate
neighbor 200.1.1.35 update-source loopback40
3-36
Here, the content of State: Oper shows that LDP is established correctly.
9. Use the show running--config ldp command to view MPLS configuration. Inspect
whether mpls ldp router-id is configured correctly. Inspect whether LDP is enabled
on related interfaces.
ZXR10#show running-config ldp
! <MPLS>
mpls ldp instance 1
router-id loopback1
interface gei-0/3/0/10
$
! /<MPLS>
If the fault cannot be solved according to the steps above, please ask for technical support.
2 ZXR10(config-bgp)#address-family ipv4 vrf < vpn-name> This enters IPv4 VRF address family
configuration mode.
Parameter Description
3-37
Parameter Description
strict According to RFC1771, the routes which MED and NEXT_HOP attributes
are the same can be aggregated only. MED and NEXT_HOP attributes will
not be used if the command is used without the strict keyword.
< route-map name> The name of suppress map, the length is 1-32 characters.
Command Function
An example of the show ip route vpn command output is shown below. Here, the
informations about route aggregation can be viewed.
ZXR10#show ip route vpn
Routes of vpn:
Type RD type
3-38
gei-0/1/0/4 30.0.0.1/24
gei-0/1/0/5 10.0.0.1/24
gei-0/1/0/3 10.10.12.1/24
P gei-0/1/0/4 10.10.12.2/24
gei-0/1/0/5 10.10.23.2/24
3-39
gei-0/1/0/7 10.10.10.1/24
Configuration Thought
1. Establish MP-BGP neighborhood between PE1 and PE2. The loopback address of
PE1 is 1.1.1.1/32, and that of PE2 is 1.1.1.2/32.
2. Configure the same vpn1 on PE1 and PE2. Bind gei-0/1/0/2 and gei-0/1/0/4 to VPN1.
3. Establish EBGP neighborhood between CE2 and PE1, CE1 and PE1 respectively.
Configuration Commands
Configuration on CE1:
CE1(config)#interface gei-0/1/0/1
CE1(config-if)#ip address 20.0.0.2 255.255.255.0
CE1(config-if)#exit
CE1(config)#router bgp 200
CE1(config-bgp)#network 150.1.0.0 255.255.0.0
CE1(config-bgp)#neighbor 20.0.0.1 remote-as 100
Configuration on CE2:
CE2(config)#interface gei-0/1/0/3
CE2(config-if)#ip address 30.0.0.2 255.255.255.0
CE2(config-if)#exit
CE2(config)#router bgp 300
CE2(config-bgp)#network 150.2.0.0 255.255.0.0
CE2(config-bgp)#neighbor 30.0.0.1 remote-as 100
Configuration on PE1:
3-40
PE1(config-ldp)#interface gei-0/1/0/5
PE1(config-ldp-if)#exit
PE1(config-ldp)#exit
PE1(config)#interface gei-0/1/0/2
PE1(config-if)#ip vrf forwarding test1
PE1(config-if)#ip address 20.0.0.1 255.255.255.0
PE1(config-if)#exit
PE1(config)#interface gei-0/1/0/4
PE1(config-if)#ip vrf forwarding test1
PE1(config-if)#ip address 30.0.0.1 255.255.255.0
PE1(config-if)#exit
PE1(config)#router ospf 1
PE1(config-ospfv2)#router-id 1.1.1.1
PE1(config-ospfv2)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospfv2)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE1(config)#mpls ldp
PE1(config-ldp)#router-id loopback1
PE1(config-ldp)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.2 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.2 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp)#aggregate-address 150.0.0.0 255.0.0.0 summary-only
PE1(config-bgp-af)#neighbor 20.0.0.2 remote-as 200
PE1(config-bgp-af)#neighbor 30.0.0.2 remote-as 300
PE1(config-bgp-af)#exit-address-family
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af)#neighbor 1.1.1.2 activate
PE1(config-bgp-af)#exit-address-family
Configuration on PE2:
PE2(config)#ip vrf test1
PE2(config-vrf)#rd 100:1
PE2(config-vrf)#address-family ipv4
PE2(config-vrf-af)#route-target import 100:1
PE2(config-vrf-af)#route-target export 100:1
PE2(config-vrf-af)#exit
PE2(config-vrf)#exit
PE2(config)#interface loopback1
PE2(config-if)#ip address 1.1.1.2 255.255.255.255
PE2(config-if)#exit
PE2(config)#interface gei-0/1/0/6
PE2(config-if)#ip address 10.0.0.2 255.255.255.0
PE2(config-if)#exit
PE2(config)#mpls ldp
3-41
PE2(config-ldp)#interface gei-0/1/0/6
PE2(config-ldp-if)#exit
PE2(config-ldp)#exit
PE2(config)#router ospf 1
PE2(config-ospfv2)#router-id 1.1.1.2
PE2(config-ospfv2)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospfv2)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE2(config-ospfv2)#exit
PE2(config)#mpls ldp
PE2(config-ldp)#router-id loopback1
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.1.1.1 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.1 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af)#neighbor 1.1.1.1 activate
PE2(config-bgp-af)#exit-address-family
Configuration Verification
View VRF routing table on PE1. Here, both the sub-routes and the aggregated route can
be viewed.
PE1(config)#show ip protocol routing vrf test1
Routes of vpn:
status codes: *valid, >best, s-stale
Dest NextHop Intag Outtag RtPrf Protocol
*> 150.0.0.0/8 0.0.0.0 87 notag 254 bgp-aggr-discard
*> 150.1.0.0/16 20.0.0.2 86 notag 20 bgp-ext
*> 150.2.0.0/16 30.0.0.2 85 notag 20 bgp-ext
View PE2 routing table. Here, only the aggregated route can be viewed.
PE2(config)#show ip protocol routing vrf test1
Routes of vpn:
status codes: *valid, >best, s-stale
Dest NextHop Intag Outtag RtPrf Protocol
*> 150.0.0.0/8 1.1.1.1 165366 87 200 bgp-int
3-42
c. Check whether there is any policy that makes the PE fails to generate an
aggregation route. Check whether limit of the number of routes is configured.
3. Check whether the aggregation route can be advertised to the peer. Check whether
there is any policy that may affect the advertisement of the aggregation route.
4. Check whether the peer can learn the aggregation route. Check whether there is any
policy that may affect the learning of the aggregation route. Check whether limit of the
number of routes is configured.
5. If the fault persists after the checks above, it is necessary to check whether the MPLS
VPN basic configurations are correct.
3-43
3-44
redistribute static
$
address-family vpnv4
neighbor 100.10.1.2 activate
$
! /<BGP>
ZXR10#
In the VRF named test, there are two aggregation routes, “aggregate-address
159.1.0.0 255.255.0.0 summary-only” and “aggregate-address 147.0.0.0 255.0.0.0
summary-only”.
2. Check whether there is an aggregation route and the sub-routes on the PE on which
route aggregation is configured. If there is no sub-routes to be aggregated, the
aggregation route will not be generated.
ZXR10(config)#show ip protocol routing vrf test
vpn route limit warning!
Routes of vpn:
status codes: *valid, >best, s-stale
Dest NextHop Intag Outtag RtPrf Protocol
*> 100.10.4.0/24 100.10.4.1 212996 notag 0 direct
*> 100.10.4.1/32 100.10.4.1 212995 notag 0 address
*> 147.0.0.0/8 0.0.0.0 212998 notag 254 bgp-aggr-discard
*> 147.1.1.1/32 100.10.4.2 212997 notag 1 static
3-45
Check whether a route import policy (import map) is configured in IP VRF address
family on the PE that needs to learn the aggregation route. If the policy is configured,
make sure that the aggregation route is allowed to be imported by the policy.
6. Use the show ip vrf detail < vrf name> command and the show ip protocol routing vr
f-summary < vrf name> command to check whether the limit of the number of VPN
routes is configured on the PE advertising the aggregation route and the PE learning
the aggregation route. Check whether the number of the VPN routes reaches the limit.
7. Use the show running-config bgp command and the show running-config route-map
command to check whether an enhanced route filter is configured in MPBGP. Check
whether the filter for exporting routes is configured on the device advertising the
aggregation route. Check whether filter for importing routes is configured on the
device needing to learn the aggregation route.
If the fault cannot be solved according to the steps above, please check whether the MPLS
VPN basic configuration is correct. If the basic configuration is also correct, please ask for
technical support.
3-46
3 ZXR10(config-vrf)#maximum routes < number> { < thresholdvalue> This controls the number of routes
| warning-only} to enter into VRF and gives the
corresponding alarm.
Parameter Description
< thresholdvalue> Route alarm threshold, it is a percentage value. The range is 1–100.
warning-only When the total number of VRF routes exceeds the threshold value, give
an alarm but not restrict the routes.
Command Function
An example of the show ip vrf detail command output is shown below. By showing VRF
configuration in detail, the information of route restriction and alarm can be viewed.
PE1(config)#show ip vrf detail zte
VRF zte (VRF Id = 1); default RD 1:1
VRF label allocation mode: per-prefix
Ttl-mode:<not set>
Ds-mode: <not set>
Interfaces:
fei-0/1/0/1.1
fei-0/1/0/5
Address family ipv4:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Route warning limit 100, current count 50
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
3-47
No export route-map
Export VPN route-target communities The exported VPN route contains RT attribute.
Import VPN route-target communities The imported VPN route needs to contain RT attribute.
Route warning limit 10000 , current VPN route alarm threshold value is 10000, and there are 11 route entries.
count 11
The following example shows the configuration of limit and alarm threshold.
VRF fenix (VRF Id = 1); default RD 100:100
Description: this vrf is create for test
VRF label allocation mode: per-prefix
Ttl-mode: not set
Interfaces:
fei-0/0/1/1
Address family ipv4:
Export VPN route-target communities
100:100
Import VPN route-target communities
100:100
No import route-map
No export route-map
Route limit 5 , warning limit 80% (4)
Address family ipv6 not active.
VRF mng (VRF Id = 8193); default RD <not set>
VRF label allocation mode: per-prefix
Ttl-mode: <not set>
Ds-mode: <not set>
Interfaces:
mgmt_eth-0/11/0/1
Address family ipv4:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
3-48
Export VPN route-target communities The exported VPN route contains RT attribute.
Import VPN route-target communities The imported VPN route needs to contain RT attribute.
Route limit 300 , warning limit 50% VPN limit of the number of routes is 300. When there is 150 routes (50%),
(150) the system sends alarms.
Configuration Commands
1. To establish EBGP neighborhood between PE1 and CE1, configure PE1 as follows,
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af)#neighbor 10.1.1.2 remote-as 200
Use show ip vrf detail zte to view the configuration result of maximum routes.
Enable alarm and terminal monitor functions on PE1 to view the alarm if the number
of routes exceeds the threshold.
3-49
PE1#terminal monitor
PE1#configure terminal
PE1#(config)#logging on
3. CE1 advertises 50 EBGP route entries to PE1 (it does not exceed the 60% of alarm
threshold value). Use the show ip protocol routing vrf zte command to view the 50 VRF
EBGP route entries on PE1. PE1 does not give any alarm.
4. CE1 continues to advertise 20 EBGP route entries to PE1. There are 70 EBGP route
entries now (It exceeds 60% of alarm threshold value). Use the show ip protocol rout
ing vrf-summary zte command on PE1 to view the 70 VRF EBGP route entries. PE1
gives an alarm.
PE1(config)#show ip protocol routing vrf-summary zz
The total route of this vpn is 70
The alarm that the number of VRF routes exceeds the threshold value is displayed by
PE1.
An alarm 200310 level 3 occurred at 00:00:00 01-01-2000
sent by MPU-0/20/0
%COURIER% Routes limit is exceeded! err data:
The routes limit of zte is exceeded
6. CE1 cancels the route entries that it advertised to PE1 before, and it advertises another
50 EBGP route entries to PE1. Use the show ip protocol routing vrf-summary zte
command on PE1 to view the 50 VRF EBGP routes. PE1 does not give any alarm.
7. Modify the route alarm threshold of VRF zte to 40% on PE1. The upper limitation of
route is still 100 entries.
PE1(config)#ip vrf zte
PE1(config-vrf)#address-family ipv4
PE1(config-vrf-af)#maximum routes 100 40
Use the show ip vrf detail zte command to view the configuration result of the maximum
routes command. It shows that there are 50 route entries and PE1 does not give any
alarm.
8. CE1 cancels the 50 EBGP route entries that it advertised to PE1 before, and it
advertises to PE1 again. PE1 gives an alarm to prompt that the route alarm threshold
is exceeded.
An alarm 200311 level 4 occurred at 00:00:00 01-01-2000
3-50
sent by MPU-0/20/0
%COURIER% Routes warning limit is exceeded! warning data:
The routes warning limit of zte is exceeded
9. Configure warning-only function of VPN route restriction alarm on vrf zte on PE1.
PE1(config)#ip vrf zte
PE1(config-vrf)#address-family ipv4
PE1(config-vrf-af)#maximum routes 100 warning-only
PE1(config-vrf-af)#exit
10. View the current route number, route restriction value and alarm threshold value of vrf
zte on PE1. The route number is 50, the route threshold value is not exceeded. There
is no alarm appears.
PE1(config)#show ip vrf detail zte
VRF zte (VRF Id = 1); default RD 1:1
VRF label allocation mode: per-prefix
Ttl-mode:<not set>
Ds-mode: <not set>
Interfaces:
fei-0/1/0/1.1
fei-0/1/0/5
Address family ipv4:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Route warning limit 100, current count 50
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
11. Advertise 60 routes from CE1. The route number exceeds the threshold value. PE1
displays the corresponding alarm. VRF zte of PE1 does not restrict the routes if the
number of routes exceeds 100.
An alarm 200310 level 3 occurred at 00:00:00 01-01-2000
sent by MPU-0/20/0
%COURIER% Routes limit is exceeded!
err data:The routes limit of zte is exceeded
3-51
fei-0/1/0/1.1
fei-0/1/0/5
Address family ipv4:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Route warning limit 100, current count 110
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
3-52
Figure 3-17 Flow to Handle a VPN Route Restriction and Alarm Fault
3-53
If the number of VPN routes is not in the defined range, VPN route restriction function does
not take effect.
The procedure to handle a VPN route restriction fault is described below.
1. Use the show bgp vpnv4 unicast summary command to view BGP neighborhood.
ZXR10#show ip bgp summary
Neighbor Ver As MsgRcvd MsgSend Up/Down(s) State/PfxRcd
15.1.1.8 4 500 31 43 00:14:55 20
Inspect whether the content shown in State/PfxRcd is a number. The number means
that the BGP neighborhood is established already. Here, the number is 20, that is to
say, 20 route entries are transmitted to neighbor.
2. Use the show ip vrf detail command to view VPN route restriction configuration. Inspect
whether the correct restriction number is configured.
ZXR10(config)#show ip vrf detail ok
VPN ok; default RD 512:512
No interfaces
Connected addresses are not in global routing table
Export VPN route-target communities
0.0.0.0:0
Import VPN route-target communities
0.0.0.0:0
No import route-map
No export route-map
Route limit 1000 , warning limit 60% (600) ,
current count 200
The route restriction threshold value is 1000 and the route alarm threshold is 60%.
There are 200 VRF routes.
3. Check the configuration of VPN route restriction and alarm and check whether the
warning-only keyword is configured. If the keyword is configured, delete it. The warn
ing-only keyword means that when the number of routes in a VRF exceeds the limit,
the system only sends alarm information but does not restricts the routes.
4. Use the show running-config alarm command to check the alarm levels. The alarm
level of an error is 4, and the alarm level of a warning is 5. If the alarm level is 4–8,
the alarm will be printed. Alarms will not be generated for the route restriction when
the alarm level is higher than 4.
If the fault cannot be solved according to the steps above, please ask for technical support.
3-54
3-55
Command Function
Command Function
ZXR10#show ip forwarding backup route vrf This shows the standby private network
route.
Configuration Thought
1. According to the network topology, construct an MP-BGP network for PE1, PE2 and
PE3.
3-56
2. Establish OSPF neighbor relationship with the VRF access interfaces of PE2 and PE3
on CE2. Establish OSPF neighbor relationship between CE2 and R1.
3. Redistribute OSPF in VRF address family configuration mode on PE2 and PE3.
4. Configure IBGP FRR in the VRF instance on PE1.
Configuration Commands
The configuration of PE1:
PE1(config)#interface loopback1
PE1(config-if)#ip address 172.20.96.2 255.255.255.255
PE1(config-if)#exit
PE1(config)#interface xgei-0/2/0/3
PE1(config-if)#ip address 172.20.130.18 255.255.255.252
PE1(config-if)#exit
PE1(config)#interface xgei-0/2/0/2
PE1(config-if)#ip address 172.20.130.221 255.255.255.252
PE1(config-if)#exit
PE1(config)#router ospf 1
PE1(config-ospfv2)#network 172.20.130.0 0.0.0.255 area 0.0.0.0
PE1(config-ospfv2)#network 172.20.96.2 0.0.0.0area 0.0.0.0
PE1(config-ospfv2)#exit
PE1(config)#mpls ldp
PE1(config-ldp)#router-id loopback1
PE1(config-ldp)#interface xgei-0/2/0/3
PE1(config-ldp-if)#exit
PE1(config-ldp)#interface xgei-0/2/0/2
PE1(config-ldp-if)#exit
PE1(config)#ip vrf zte
PE1(config-vrf)#rd 1:50
PE1(config-vrf)#route-target both 1:50
PE1(config-vrf)#exit
PE1(config)#router bgp 18004
PE1(config-bgp)#neighbor 172.20.96.1 remote-as 18004
PE1(config-bgp)#neighbor 172.20.96.1 update-source loopback1
PE1(config-bgp)#neighbor 172.20.108.2 remote-as 18004
PE1(config-bgp)#neighbor 172.20.108.2 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af)#neighbor 172.20.96.1 activate
PE1(config-bgp-af)#neighbor 172.20.108.2 activate
PE1(config-bgp-af)#exit
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af)#redistribute connected
PE1(config-bgp-af)#bgp frr
PE1(config-bgp-af)#exit
PE1(config-bgp)#exit
3-57
PE1(config)#interface gei-0/5/1/10
PE1(config-if)#ip vrf forwarding zte
PE1(config-if)#ip address 202.10.10.61 255.255.255.0
PE3(config)#interface loopback1
3-58
3-59
Configuration Verification
Verify the configuration on PE1.
PE1#show ip protocol routing vrf liuhui network 192.1.1.0 mask 255.255.255.0
Routes of vpn:
status codes: *valid, >best, s-stale
Dest NextHop Intag Outtag RtPrf Protocol
*> 192.1.1.0/24 172.20.108.2 213015 213400 200 bgp-int
*> 192.1.1.0/24 172.20.96.1 213015 213008 200 bgp-int
ZXR10(config)#sho ip forwarding route vrf liuhui 192.1.1.0
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
192.1.1.0/24 172.20.108.2 xgei-0/2/0/2 bgp 200 3
ZXR10 (config)#sho ip forwarding backup route vrf liuhui 192.1.1.0
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
192.1.1.0/24 172.20.96.1 xgei-0/2/0/3 bgp 200 3
ZXR10(config)#sho bgp vpnv4 unicast detail 1:50 192.1.1.0 255.255.255.0
BGP routing table entry for 1:50:192.1.1.0/24
1d7h received from 172.20.108.2 (5.5.5.63)
origin ?,nexthop 172.20.108.2,metric 3,localpref 100,
as path
as4 path
extended Community:RT:1:50 ,OSPF domain id :0x0005:000000640200 ,
OSPF router id :100.1.1.63,OSPF route type :0:2:0
received label 213400
1d7h received from 172.20.96.1 (172.20.96.1)
origin ?,nexthop 172.20.96.1,metric 3,localpref 100,
as path
as4 path
extended Community:RT:1:50 ,OSPF domain id :0x0005:000000640200 ,
OSPF router id :172.20.130.21,OSPF route type :0:2:0
received label 213008
According to the information, VPN FRR relationship is formed on PE1. When the active
link between PE1 and PE2 is down, VPN FRR on PE1 will change the traffic over to the
standby link from the active link, thus accomplishing fast changeover.
3-60
1. Enter BGP private network configuration mode to check whether FRR is enabled.
2. Check whether VPN routing information is received from PE2 and PE3 on PE1.
3. If VPN routing information is not received, check whether MP-BGP neighbor
relationship is established successfully.
3-61
3-62
replaced and popped directly. As the data flow becomes larger and larger, and the
requirement for bandwidth and time delay becomes more and more higher, the data
transmission on single link cannot satisfy the requirement. Therefore, multiple LSPs are
built, data is allocated to different links to be transmitted according to the size, and MPLS
load balancing is implemented.
MPLS VPN load balancing is divided into three parts,
l LDP
l MP-BGP
l VRF
By means of the three configurations above, the multiple routes formed load balancing in
MPLS VPN outer layer, inner layer and CE side to perform the load balancing of multiple
links in private and public networks.
According to the two policies, flow-based and destination-based, load equation, directional
and link backup.
There are two possible transmission paths between PE1 and PE2.
3-63
l LSP1: PE1→P1→PE2
l LSP2: PE1→P2→PE2
Usually, the data is only transmitted along one LSP, supposing it is LSP1. However, in
some special cases, such as bandwidth restriction, congestion and so on, LDP equates
the data traffic according to the rules, allocates the data to LSP2 for forwarding, thus to
realize LDP load balancing.
Command Function
ZXR10# show ip forwarding route This shows the route in forwarding table
and the next-hop.
ZXR10#show mpls ldp bindings [ < ip-address> { < net-mask> | < length> } [ This inspects the label binding learnt
longer-prefixes] ] [ local-label < label> [ < label> ] ] [ remote-label < label> by LDP.
[ < label> ] ] [ neighbor [ < ip-address> ] ] [ detail] instance< instance-id>
Parameter descriptions:
Parameter Description
longer-prefixes It shows the label binding of the network with the longest matching mask
among the networks matching designated network.
local-label < label> [ < label> ] The entries matched with the local label. Use local-label designate the
range of labels, in the range of 0–1048575.
remote-label < label> [ < label> The entries that match with the label allocated by neighbor. Use
remote-label to designate the range of labels, in the range of 0–1048575.
3-64
An example of the show mpls ldp bindings command output is shown below.
ZXR10(config-ldp)#show mpls ldp bindings detail instance 1
1.1.1.0/24 (no route)
remote binding: lsr: 10.10.10.2:0, label: imp-null
10.10.10.0/24
local binding: label: imp-null
advertised to:
10.10.10.2:0
remote binding: lsr: 10.10.10.2:0, label: imp-null
no route It shows that there is no route at local, but the peer has the route and the
label is allocated. If no this command output, it shows that local route exists.
remote binding It shows that the labels of route bound by other routers and the peer LDR.
local binding It shows that the labels of route bound by local router.
advertised to It shows the label binding information can be advertised to the LSRs of
which network segments.
Configuration Description
As shown in Figure 3-23, there are two links between R1 and R2.
Take the case of OSPF route load balancing, the configurations of two routers are listed
below.
3-65
Configuration Thought
1. Configure the IP addresses of interface on both of LSRs according to the table above.
2. Configure local OSPF rules on both of LSRs.
3. Configure mpls ldp function, and add the relevant interfaces into the LDP.
Configuration Commands
Configuration on R1:
R1(config)#interface fei-0/1/0/1
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface fei-0/1/0/3
R1(config-if)#ip address 2.2.2.2 255.255.255.0
R1(config-if)#exit
R1(config)#interface loopback1
R1(config-if)#ip address 4.4.4.4 255.255.255.255
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-ospfv2)#network 1.1.1.1 0.0.0.255 area 0
R1(config-ospfv2)#network 2.2.2.2 0.0.0.255 area 0
R1(config-ospfv2)#maximum-paths 2
R1(config-ospfv2)#exit
R1(config)#mpls ldp instance 1
R1(config-ldp)#interface fei-0/1/0/1
R1(config-ldp-if)#exit
R1(config-ldp)#interface fei-0/1/0/3
R1(config-ldp-if)#exit
Configuration on R2:
R2(config)#interface fei-0/1/0/1
R2(config-if)#ip address 1.1.1.2 255.255.255.0
R2(config-if)#exit
R2(config)#interface fei-0/1/0/3
R2(config-if)#ip address 2.2.2.3 255.255.255.0
R2(config-if)#exit
R2(config)#interface loopback1
R2(config-if)#ip address 5.5.5.5 255.255.255.255
R2(config-if)#exit
R2(config)#router ospf 1
R2(config-ospfv2)#network 1.1.1.2 0.0.0.255 area 0
3-66
Here, the route load balancing is realized. The followed is create load equation LSP links
to realize LDP load balancing.
Configuration Verification
View route forwarding table on R1, as shown below.
ZXR10(config)#show ip forwarding route
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
1.1.1.0/24 1.1.1.1 fei-0/1/0/1 DIRECT 0 0
1.1.1.0/32 1.1.1.0 fei-0/1/0/1 MARTIAN 0 0
1.1.1.1/32 1.1.1.1 fei-0/1/0/1 ADDRESS 0 0
1.1.1.255/32 1.1.1.255 fei-0/1/0/1 BROADCAST 0 0
2.2.2.0/24 2.2.2.2 fei-0/1/0/3 DIRECT 0 0
2.2.2.0/32 2.2.2.0 fei-0/1/0/3 MARTIAN 0 0
2.2.2.2/32 2.2.2.2 fei-0/1/0/3 ADDRESS 0 0
2.2.2.255/32 2.2.2.255 fei-0/1/0/3 BROADCAST 0 0
5.5.5.5/32 2.2.2.3 fei-0/1/0/3 OSPF 110 2
5.5.5.5/32 1.1.1.2 fei-0/1/0/1 OSPF 110 2
The forwarding table shows that the network segment which destination address is
5.5.5.5/32 has two next-hops, one route pointing to 2.2.2.3 from the interface fei-0/1/0/3
and another route pointing to 1.1.1.2 from the interface fei-0/1/0/1.
Execute the show mpls ldp bindings command on R1, as shown below.
Here, there are two tags (inuse) are encapsulated into the label pointing to 5.5.5.0/24. It
indicates that there are two session between the local and remote ends for the FEC of
5.5.5.0/24 network segment, these are two LSPs. These two LSPs are formed by the two
next-hops showing in the command output of the show ip forwarding route command.
Here, load balancing is realized. View the condition of MPLS load balancing by using
interface traffic statistic.
3-67
Take the topology shown in Figure 3-24 as an example to describe how to handle an LDP
load balancing fault.
There are two links between PE1 and PE2. Here, it is BGP route load balancing.
MPLS/VPN packet forwarding is LSP-based, and LSP depends on route. Therefore, the
thought of fault location is that inspect load balancing route and then inspect the labels.
1. Use the show running-config ldp command and the show running-config ospf/bgp/isis/
rip command to view the configuration of LDP load balancing.
2. Use the ping command to inspect whether the two links can be pinged.
3. Use the show ip interface brief command to inspect whether the interface is in up state.
4. Use the show ip forwarding route command to inspect whether there is a route and
whether the same IP address has two next-hops.
5. Use the show mpls forwarding-table command to inspect whether the labels exist and
whether the same IP address has two labels.
The flow to handle an LDP load balancing fault is shown in Figure 3-25.
3-68
3-69
If the fault cannot be solved according to the steps above, please ask for technical support.
3-70
1 ZXR10(config)#interface { < interface-name> | byname < byname> } This enters interface configuration
mode.
2 ZXR10(config)#ip route vrf < word> < ip-address > < net-mask> < This configures the VRF static routes
next-hop address> [ < 1-255> | global | tag] < 150-255> with different tags on PE globally.
ZXR10(config-rip)address-family ipv4 vrf < vpn-name> This enters RIP IPv4 vrf address
family mode on PE.
ZXR10(config-bgp)#address-family ipv4 vrf < vpn-name> This enters BGP IPv4 vrf address
family mode on PE.
Parameter Description
< 1-255> The metric value of the destination route, in the range of 1-255
3-71
Command Function
ZXR10#show ip forwarding route vrf< vrf-name> This shows the specified VPN route.
An example of the show ip forwarding route vrf command output is shown below.
ZXR10# show ip forwarding route vrf zte
IPv4 Routing Table:
Dest Gw Interface Owner pri metric
4.4.4.4/32 4.1.1.2 fei-0/1/0/3 STATIC 1 0
4.4.4.4/32 4.1.1.3 fei-0/1/0/3 STATIC 1 0
Mask Mask
Gw Gateway
Interface Interface
pri Priority
4.4.4.4/32 4.1.1.2 There are different routes pointing to 4.4.4.4/32. That is, VRF load
4.4.4.4/32 4.1.1.3 balancing is realized.
Configuration Description
As shown in Figure 3-26, there are VRFs exist on both PE1 and PE2. The name of VRF
is zte, the RD is 1:1, the RT is 1:1. Bind the interfaces gei-/1/0/2, gei-/1/0/4 and gei-/1/0/5
to the VRF. The IP addresses of interfaces are configured as follows.
Interface IP Address
gei-/1/0/110 1.1.1/24
gei-/1/0/2 10.1.1.2/24
gei-/1/0/3 10.1.2.1/24
gei-/1/0/4 10.1.2.2/24
gei-/1/0/5 10.1.3.1/24
3-72
Interface IP Address
gei-/1/0/6 10.1.3.2/24
Configuration Thought
1. Bind the interfaces gei-/1/0/2, gei-/1/0/4 and gei-/1/0/5 to the VRF.
2. Establish IGP and LDP neighborhood between PE1 and P, and between P and PE2
respectively. Advertise loopback addresses among them.
3. Configure VRF load balancing on the interfaces gei-/1/0/1, gei-/1/0/2 and gei-/1/0/3,
gei-/1/0/4 respectively. Configure load balancing in VRF mode.
Configuration Commands
1. Establish OSPF neighborhood between CE1 and PE1.
Configuration on CE1:
CE1(config)#interface loopback1
CE1(config-if)#ip address 20.1.1.1 255.255.255.0
CE1(config-if)#exit
CE1(config)#router ospf 10
CE1(config-ospfv2)#network 10.1.1.0 0.0.0.255 area 0
CE1(config-ospfv2)#network 10.1.2.0 0.0.0.255 area 0
CE1(config-ospfv2)#network 20.1.1.0 0.0.0.255 area 0
Configuration on PE1:
PE1(config)#router ospf 10 vrf zte
PE1(config-ospfv2)#network 10.1.1.0 0.0.0.255 area 0
PE1(config-ospfv2)#network 10.1.2.0 0.0.0.255 area 0
PE1(config-ospfv2)#redistribute bgp-int
Allocate OSPF routes and direct-connected routes in BGP IPv4 vrf address family
mode on PE1.
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af)#redistribute ospf-int
3-73
PE1(config-bgp-af)#redistribute connect
PE2 configuration,
Allocate direct-connected routes in BGP IPv4 vrf address family mode on PE2.
Configuration Verification
Use the show ip protocol routing vrf zte command to view that there are two routes
announced by CE1 to PE1 and the labels are already allocated to the routes.
ZXR10#show ip protocol routing vrf zte
Routes of vpn:
status codes: *valid, >best, s-stale
Take the topology shown in Figure 3-27 as an example to describe how to handle a VRF
load balancing fault.
3-74
The forwarding of VRF load balancing packets is route-based, so the thought of fault
location is that inspect the load balancing route.
l Use the show ip forwarding route vrf command to inspect load balancing route.
l Use the show ip protocol routing vrf command to inspect private network label.
l Use the show bgp vpnv4 unicast summary command to view MPBGP neighborhood.
View public network route. Inspect whether all the devices along the LSP path in public
network have the accurate routes pointing to the loopback addresses of the peer PEs.
View the configuration of public network IGP. Inspect whether the routes of loopback
address of PEs are allocated by IGP.
The flow to handle a VRF load balancing fault is shown in Figure 3-28.
3-75
3-76
3. Use the show ip interface biref command to check whether the states of related L3
interfaces are up. Make sure that the interfaces works properly.
4. Insect the BGP configuration to view whether BGP neighbors are configured.
5. View public network labels. Use the show mpls forwarding table command to inspect
whether all the devices in the entity LSP already distribute public network labels to the
loopback addresses of the two PEs. Inspect whether the ingress label is the egress
label of the next-hop.
6. View private network labels. Use the show ip protocol routing vrf command to inspect
whether the private network label of the local PE router is distributed by the peer PE.
7. If labels are not distributed correctly, view LDP neighborhood. Use the show mpls ldp
neighbor command to inspect whether LDP neighborhood is established between two
adjacent PEs or P routers. The information State: Oper means that LDP neighborhood
is established between the adjacent routers successfully.
8. Inspect MBGP configuration and the route protocol configuration between PE and
CE. In each VRF, inspect whether the VRF route is distributed to BGP. It is necessary
to configure the address-family ipv4 vrf command and the redistribute connected
command. For a common neighbor, check whether it can forwards vpnv4 routes.
9. View MPLS configuration. Use the show running-config ldp command to inspect
whether MPLS is enabled globally and on the related interfaces.
If the fault cannot be solved according to the steps above, please ask for technical support.
3-77
3-78
4-1
7 ZXR10(config-mcast-vrf)#mdt data < group-address> < This configures MDT data group of
group-mask> [ < acl-name> ] multicast instance.
8 ZXR10#clear ip mroute [ < vrf-name> ] [ group-address < This clears multicast route.
group-address> ] [ source-address < source-address> ]
Parameter Description
Parameter Description
4-2
Parameters Description
< group-mask> MDT data group mask of VRF instance (inverse mask)
Parameters Description
Parameter Description
Parameters Description
< priority> Priority, in the range of 0-255, with the default value 0
Parameters Description
< priority> Priority, in the range of 0-255, with the default value 192
Command Function
ZXR10#show ip mroute summary [ < vrf-name> ] This views the detailed number of IP
multicast route table.
4-3
Command Function
ZXR10#show ip pimsm mroute [ < vrf-name> ] [ group < group-address> ] [ This views the content of multicast
source < source-address> ] PIM-SM route table.
ZXR10#show ip pimsm rp hash [ < vrf-name> ] < group-address> This views the RP information selected
by specified multicast group.
ZXR10#show ip pimsm interface [ < vrf-name> ] [ < interface-name> This views interface state of PIM-SM.
ZXR10#show ip pimsm neighbor [ < vrf-name> ] [ < interface-name> ] This views neighbor state of PIM-SM
interface.
ZXR10#show ip pimsm rpf [ < vrf-name> ] < source-address> This views multicast PIM-SM Reverse
Path Forwarding (RPF) information.
Parameter descriptions:
Parameter Description
l An example of the show ip mroute [ < vrf-name> ] [ group < group-address> ] [ source
< source-address> ] command output is shown below.
ZXR10#show ip mroute vrf test
IP Multicast Routing Table
(*, 225.1.1.1), RP: 1.1.1.1, TYPE: DYNAMIC, FLAGS: MT
Incoming interface: NULL, flags:
Outgoing interface list:
loopback1, flags: MT
(1.1.1.1, 225.1.1.1), RP: 1.1.1.1, TYPE: DYNAMIC, FLAGS:
Incoming interface: loopback1, flags:
Outgoing interface list:
l An example of the show ip rpf[ < vrf-name> ] < source-address> command output is
shown below.
ZXR10#show ip rpf vrf test 1.1.1.1
pimsm RPF information:
RPF interface is loopback1 (pimsm)
RPF neighbor is 1.1.1.1 (local)
RPF metric preference is 0
RPF metric value is 0
RPF type is unicast
l An example of the show ip mdt command output is shown below.
ZXR10#show ip mdt
4-4
4-5
Register flag It indicates this entry can send Register message from directly connected
multicast source.
SPT-bit set It indicates the route entry receives a multicast packet sent from SPT
l An example of the show ip pimsm rp mapping [ < vrf-name> ] command output is shown
below.
ZXR10#show ip pimsm rp mapping
Group(s): 224.0.0.0/4(SM)
RP: 1.1.1.1, v2, Priority:192
BSR: 1.1.1.1, via bootstrap
Uptime: 00:13:18, expires: 00:01:02
Group(s): 0.0.0.0/0(NOUSED)
static It indicates that this candidate RP is not BSR advertisement but local
static configuration.
l An example of the show ip pimsm bsr [ < vrf-name> ] command output is shown below.
ZXR10#show ip pimsm bsr vrf test
4-6
Expires:00:00:04
Expires BSR expired time or the expired time of sending BSR message.
l An example of the show ip pimsm rp hash [ < vrf-name> ] < group-address> command
output is shown below.
ZXR10(config-pimsm)#show ip pimsm rp hash 224.0.1.40 vrf test
rp address: 1.1.1.10
l This example describes what will be output after show ip pimsm interface [ < vrf-name>
] [ < interface-name> ] is implemented.
ZXR10(config-pimsm)#show ip pimsm interface vrf test
Address Interface State Nbr Hello DR DR
Count Period Priority
1.1.1.10 fei-0/1/0/1 Up 1 30 1 1.1.1.10
2.2.2.10 fei-0/1/0/2 Up 0 30 1 2.2.2.10
4-7
DR DR of this interface
l This example describes what will be output after show ip pimsm neighbor [ < vrf-name>
] [ < interface-name> ] is implemented.
ZXR10(config)#show ip pimsm neighbor vrf test
Neighbor Address Interface DR Priority Uptime Expires Ver
1.1.1.1 fei-0/1/0/1 1 00:15:08 00:01:24 V2
l This example describes what will be output after show ip pimsm rpf [ < vrf-name> ] <
source-address> is implemented.
ZXR10(config)#show ip pimsm rpf vrf test 1.1.1.10
RPF information:
RPF interface is fei-0/1/0/1(pimsm)
RPF neighbor is 1.1.1.10(local)
RPF metric preference is 0
RPF metric value is 0
4-8
Configuration Thought
1. Configure MPLS VPN enviroment.
2. Configure public network multicast and private network multicast on PE1.
3. Configure public network multicast on P.
4. Configure public network multicast and private network multicast on PE2.
Configuration Commands
1. Configure MPLS VPN enviroment.
l Configuration on PE1:
PE1(config)#interface loopback1
PE1(config-if)#ip address 1.1.1.17 255.255.255.255
PE1(config-if)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if)#ip address 100.101.102.17 255.255.255.0
PE1(config-if)#exit
PE1(config)#router ospf 1
PE1(config-ospfv2)#network 1.1.1.17 0.0.0.0 area 0
PE1(config-ospfv2)#network 100.101.102.0 0.0.0.255 area 0
PE1(config-ospfv2)#exit
PE1(config)#mpls ldp
PE1(config-ldp)#router-id loopback1
PE1(config-ldp)#interface gei-0/1/0/1
PE1(config-ldp-if)#exit
4-9
PE1(config-ldp)#exit
PE1(config)#ip vrf test
PE1(config-vrf)#rd 10:10
PE1(config-vrf)#route-target 10:10
PE1(config-vrf)#exit
PE1(config)#interface fei-0/1/0/3
PE1(config-if)#ip vrf forwarding test
PE1(config-if)#ip address 100.105.102.17 255.255.255.0
PE1(config-if)#exit
PE1(config)#router bgp 1
/*Here loopback interface is used to establish BGP neighbor relationship.*/
PE1(config-bgp)#neighbor 1.1.1.19 remote-as 1
PE1(config-bgp)#neighbor 1.1.1.19 activate
PE1(config-bgp)#neighbor 1.1.1.19 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test
PE1(config-bgp-af)#redistribute connected
PE1(config-bgp-af)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af)#neighbor 1.1.1.19 activate
PE1(config-bgp-af)#exit
l Configuration on P:
P (config)#interface loopback1
P(config-if)#ip address 1.1.1.18 255.255.255.255
P(config-if)#exit
P(config)#interface gei-0/1/0/1
P(config-if)#ip address 100.102.102.17 255.255.255.0
P(config-if)#exit
P(config)#interface gei-0/1/0/2
P(config-if)#ip address 100.103.102.17 255.255.255.0
P(config-if)#exit
P(config)#router ospf 1
P(config-ospfv2)#network 1.1.1.18 0.0.0.0 area 0
P(config-ospfv2)#network 100.102.102.0 0.0.0.255 area 0
P(config-ospfv2)#network 100.103.102.0 0.0.0.255 area 0
P(config)#mpls ldp
P(config-ldp)#router-id loopback1
P(config-ldp)#interface gei-0/1/0/1
P(config-ldp-if)#exit
P(config-ldp)#interface gei-0/1/0/2
P(config-ldp-if)#exit
P(config-ldp)#exit
l Configuration on PE1 (the same as that on PE1):
PE2(config)#interface loopback1
PE2(config-if)#ip address 1.1.1.19 255.255.255.255
PE2(config-if)#exit
4-10
PE2(config)#interface gei-0/1/0/1
PE2(config-if)#ip address 100.104.102.17 255.255.255.0
PE2(config-if)#exit
PE2(config)#router ospf 1
PE2(config-ospfv2)#network 1.1.1.19 0.0.0.0 area 0
PE2(config-ospfv2)#network 100.104.102.0 0.0.0.255 area 0
PE2(config)#mpls ldp
PE2(config-ldp)#router-id loopback1
PE2(config-ldp)#interface gei-0/1/0/1
PE2(config-ldp-if)#exit
PE2(config-ldp)#exit
PE2(config)#ip vrf test
PE2(config-vrf)#rd 10:10
PE2(config-vrf)#route-target 10:10
PE2(config-vrf)#exit
PE2(config)#interface fei-0/1/0/3
PE2(config-if)#ip vrf forwarding test
PE2(config-if)#ip address 100.106.102.17 255.255.255.0
PE2(config-if)#exit
PE2(config)#router bgp 1
PE2(config-bgp)#neighbor 1.1.1.17 remote-as 1
PE2(config-bgp)#neighbor 1.1.1.17 activate
PE2(config-bgp)#neighbor 1.1.1.17 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test
PE2(config-bgp-af)#redistribute connected
PE2(config-bgp-af)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af)#neighbor 1.1.1.17 activate
PE2(config-bgp-af)#exit
2. Configure multicast on PE1.
l Configure public network multicast.
PE1(config)#ip multicast-routing
PE1(config-mcast)#router pimsm
PE1(config-pimsm)#interface loopback1
PE1(config-pimsm-if)#pimsm
PE1(config-pimsm-if)#exit
PE1(config-pimsm)#interface gei-0/1/0/1
PE1(config-pimsm-if)#pimsm
PE1(config-pimsm-if)#exit
PE1(config-pimsm)#rp-candidate loopback1
/*Public network must have one RP and can have many for election.*/
PE1(config-pimsm)#bsr-candidate loopback1
PE1(config-pimsm)#exit
l Configure private network multicast.
PE1(config-mcast)#vrf test
4-11
PE1(config-mcast-vrf)#router pimsm
PE1(config-pimsm-vrf)#interface fei-0/1/0/3
PE1(config-pimsm-vrf-if)#pimsm
PE1(config-pimsm-vrf-if)#exit
PE1(config-pimsm-vrf)#rp-candidate fei-0/1/0/3
/*Private network must have RP*/
PE1(config-pimsm-vrf)#bsr-candidate fei-0/1/0/3
PE1(config-pimsm-vrf)#exit
PE1(config-mcast-vrf)#mdt default 235.1.1.1
/*The configurations of mdt on PE1 and PE2 must be same.*/
PE1(config-mcast-vrf)#mdt data 239.1.1.1 0.0.0.0
PE1(config-mcast-vrf)#mtunnel loopback1
/*mtunnel interface must be loopback interface and must be BGP link setup
interface.*/
PE1(config-mcast-vrf)#exit
PE1(config-mcast)#exit
PE1(config)#
3. Configure multicast on P.
P(config)#ip multicast-routing
P(config-mcast)#router pimsm
P(config-pimsm)#interface gei-0/1/0/1
P(config-pimsm-if)#pimsm
P(config-pimsm-if)#exit
P(config-pimsm)#interface gei-0/1/0/2
P(config-pimsm-if)#pimsm
P(config-pimsm-if)#exit
4. Configure multicast on PE2.
l Configure public network multicast.
PE2(config)#ip multicast-routing
PE2(config-mcast)#router pimsm
PE2(config-pimsm)#interface loopback1
PE2(config-pimsm-if)#pimsm
PE2(config-pimsm-if)#exit
PE2(config-pimsm)#interface gei-0/1/0/1
PE2(config-pimsm-if)#pimsm
PE2(config-pimsm-if)#exit
PE2(config-pimsm)#exit
l Configure private network multicast.
PE2(config-mcast)#vrf test
PE2(config-mcast-vrf)#router pimsm
PE2(config-pimsm-vrf)#interface fei-0/1/0/3
PE2(config-pimsm-vrf-if)#pimsm
PE2(config-pimsm-vrf-if)#exit
PE2(config-pimsm-vrf)#exit
PE2(config-mcast-vrf)#mdt default 235.1.1.1
4-12
Configuration Verification
When MPLS VPN is established, execute the show ip forwarding route vrf test command
on PE1 and PE2, as shown below.
PE1(config)#show ip forwarding route vrf test
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
100.106.102.0/24 1.1.1.19 gei-0/1/0/1 BGP 200 0
100.105.102.0/24 100.105.102.17 fei-0/1/0/1 DIRECT 0 0
100.105.102.0/32 100.105.102.0 fei-0/1/0/1 MARTIAN 0 0
100.105.102.17/32 100.105.102.17 fei-0/1/0/1 ADDRESS 0 0
100.105.102.17/32 100.105.102.17 fei-0/1/0/1 BROADCAST 0 0
224.0.0.0/4 224.0.0.0 NULL MULTICAST 0 0
224.0.0.0/24 224.0.0.0 NULL MULTICAST 0 0
4-13
Group(s): 0.0.0.0/0(NOUSED)
7. View public network BSR, as shown below.
PE1#show ip pimsm bsr
4-14
4-15
4-16
4-17
4-18
The NAS connects a PPP connection of a user to the VPDN gateway of the
enterprise through a VPDN tunneling protocol, thus establishing a tunnel with the
VPDN gateway. This is invisible for the user. The user only needs to log in once to
access the enterprise network. The enterprise network authenticates the user and
allocates a private address instead of a public address. In this mode, the NAS needs
to support VPDN and the authentication system needs to support the VPDN attribute.
l A user starts establishing a VPDN connection.
The client of the user establishes a tunnel with the VPDN gateway. In this mode, the
client establishes a connection with the Internet first, and then the client establishes
a tunnel with the VPDN gateway through a special program (such as the L2TP client
supported by Windows 2000). The method which the user uses to connect to the
5-1
Internet and the place where the user connects to the Internet are not restricted. No
ISP is involved. However, the user needs to install a special program (generally on
the Windows 2000 platform), which restricts the platform the user uses.
Generally, the VPDN gateway is a router or a VPDN private server.
There are three VPDN tunneling protocols.
l PPP Tunnel Protocol (PPTP)
l Layer 2 Forwarding (L2F)
l L2TP
At present, L2TP is the most widely used.
L2TP was drafted by IETF. Corporations including Microsoft, Ascend, Cisco and 3COM
instituted the protocol. L2TP integrates the advantages of PPTP and L2F. It is accepted by
many corporations, and it has become the L2 tunneling protocol-related industrial standard
of IETF.
L2TP has the following features.
5-2
This figure shows three common construction modes of L2TP. It also shows the three
essentials to construct an L2TP network: an L2TP Network Server (LNS), an LAC and a
client.
l LNS: It is the VPN server at the L2TP enterprise side. The server is responsible for
final authorization and authentication for users, receiving the tunnel and connection
requests from an LAC, and establishing PPP tunnels connecting the LNS and users.
l LAC: It is an L2TP access device. It provides AAA service for different types
of user accesses, starts the connection establishment of a tunnel or a session,
and accomplishes the proxy authentication for VPN users. It is an access device
providing VPN service at the ISP side. In physical, it can be a router on which L2TP
is configured, an access server or a special VPN server.
5-3
Take the transmission procedure of an IP packet at the user side as an example to describe
the VPN working principle. The IP marked yellow is user data that a user wants to send.
At the LAC side, the LAC adds a PPP header to the user packet at the link layer and then
sends it to L2TP. Then the LAC encapsulates the L2TP packet into a UDP packet and
then encapsulates it into an IP packet that can be transmitted on the Internet. The result is
that there is one more IP address in the IP packet, and the two IP addresses are different.
Generally, the IP address of a user packet is a private address, and the IP address on the
LAC is a public address. The encapsulation of VPN private data is finished.
At the LNS side, after receiving an L2TP/VPN IP packet, the LNS removes the IP header,
the UDP header and the L2TP header and then restores the user PPP packet. The LNS
removes the PPP header and obtains an IP packet. In this way, the IP data is transmitted
through a tunnel transparently. The PPP header/packet is unchanged during the whole
transmission procedure. This verifies that L2TP is an L2 VPN tunneling protocol.
5-4
L2TP tunnel establishment is a three-way procedure. First, the LAC sends an SCCRQ.
After receiving the request, the LNS replies with an SCCRP. At last, the LAC sends an
SCCCN after receiving the reply. A tunnel is established.
The procedure to establish a session is similar to the procedure to establish a tunnel. First,
the LAC sends an ICRQ. After receiving the request, the LNS replies with an ICRP. The
LAC sends an ICCN after receiving the replay. A session is established.
5-5
After a tunnel is established, it will be torn down until all sessions on this tunnel are offline.
To confirm that the tunnel structure a the remote end still exists, it is necessary to send
maintenance packets to the remote end periodically. The flow is: The LAC (or the LNS)
sends a Hello packet, and the LNS (or the LAC) sends an acknowledgement packet.
5-6
The tunnel backout flow is simpler than the tunnel establishment flow. Either end of a tunnel
sends a StopCCN, and the other end sends an acknowledgement. The session backout
flow is: Either end sends a session CDN, and the other end sends an acknowledgement.
5-7
Parameter Description
< group-name> The group name of the default VPDN group, 1-31 characters
To configure an L2TP VPDN group on ZXR10 M6000, perform the following steps.
ZXR10(config-vpdn-group)#l2tp tunnel hello < hello-time> This configures the keep-alive time
of a tunnel.
5-8
ZXR10(config-vpdn-group)#l2tp tunnel receive-window < size> This configures the size of the
window where to receive the tunnel
control packets.
ZXR10(config-vpdn-group)#l2tp tunnel retransmit retries < times> This configures the maximum times
of retransmission retries of tunnel
control packets.
ZXR10(config-vpdn-group)#l2tp tunnel retransmit timeout < time> This configures the retransmission
time-out time of tunnel control
packets.
ZXR10(config-vpdn-group)#l2tp tunnel timeout setup < time> This configures the setup time-out
time of a tunnel.
ZXR10(config-vpdn-group)#l2tp tunnel timeout no-session < time> This configures the time-out time of
deleting a tunnel when there is no
session on the tunnel.
5-9
ZXR10(config-vpdn-group)#terminate-from hostname < hostname> This configures the local name of the
peer-end of a tunnel.
Parameter Description
< group-name> The group name of the default VPDN group, 1-31 characters
Parameter Description
< size> The number of tunnel control packets that can be received on the receiving
window, range: 4-10
< times> The maximum number of retransmission retries of tunnel control packets,
range: 1-10
< time> The retransmission time-out time of tunnel control packets, range: 1-8
seconds
< time> The time for how long to wait for a response when a tunnel is started to be
established, range: 5-60 seconds
< time> The time-out time of deleting a tunnel when there is no session on the
tunnel, range: 1-65535 seconds
< priority> The priority of the peer-end address of a tunnel, range: 0-65535. The
smaller value, the higher priority.
< num> The maximum number of L2TP sessions that are allowed in a VPDN group
or a tunnel, range: 1-16000
< hostname> The local name of the peer-end of the tunnel, 1-31 characters
5-10
Command Function
ZXR10#show vpdn tunnel { brief | local-tunnel-id < tunnel-id> [ This shows information of a tunnel.
local-session < session-id> ] | remote-name < remote-name> }
ZXR10#show vpdn session [ local-tunnel-id < tunnel-id> [ local-session < This shows information of a session.
session-id> ]
ZXR10#debug l2tp { all | data | error | event | packet} This shows L2TP debugging
information.
5-11
An example of the show vpdn tunnel brief command output is shown below.
ZXR10#show vpdn tunnel brief
L2TP Tunnel Infomation [Total tunnels :1] [Total sessions :1]
5-12
5-13
Configuration Thought
1. Configure an address pool that allocates addresses to users.
2. Create a virtual template in global configuration mode and enter virtual template
configuration mode. Set the mode to PPP and bind the template to an interface.
3. Enter user configuration mode. Configure a domain name, a username and a
password. The domain name is L2TP, the username is lac1, and the password is 123.
4. Enter virtual template configuration mode from PPP configuration mode. Set the user
authentication mode to PAP. Configure a username and a password. Bind the address
pool.
5. Configure an IP address on the interface connected to the LAC.
5-14
Configuration Commands
The configuration of LNS:
R2(config)#ip pool zte
R2(config-ip-pool)#range 135.1.0.1 135.1.255.254 255.255.0.0
R2(config-ip-pool)#exit
R2(config)#interface gei-0/2/0/2
R2(config-if)#ip address 102.1.1.1 255.255.255.0
R2(config-if)#exit
R2(config)#interface virtual_template20
R2(config-if)#mode ppp
R2(config-if)#ip unnumbered gei-0/2/0/2
R2(config-if)#exit
R2(config)#ppp
R2(config-ppp)#interface virtual_template20
R2(config-ppp-if)#keepalive 20
R2(config-ppp-if)#ppp authentication pap
R2(config-ppp-if)#bind-ip-pool zte
R2(config-ppp-if)#exit
R2(config-ppp)#exit
R2(config)#system-user
R2(config-system-user)#user-group special l2tp lac1 123
R2(config-system-user)#exit
R2(config)#vpdn-group zte
R2(config-vpdn-group)#service-type lns
R2(config-vpdn-group)#local name ztelns
R2(config-vpdn-group)#terminate-from hostname ztelac
R2(config-vpdn-group)#virtual-template 20
R2(config-vpdn-group)#exit
Configuration Verification
Use the show ip interface command to view the virtual access interfaces of online users.
R2(config)#show ip interface brief
Interface IP-Address Mask AdminStatus PhyStatus Protocol
gei-0/2/0/1 unassigned unassigned down down down
gei-0/2/0/2 102.1.1.1 255.255.255.0 up up up
gei-0/2/0/3 unassigned unassigned down down down
gei-0/2/0/4 unassigned unassigned down down down
gei-0/2/0/5 unassigned unassigned down down down
5-15
Use the show ip local pool command to view the address pool configuration.
R2(config)#show ip local pool
PoolName Begin End Mask Bind
b 40.40.1.2 40.40.10.254 16 PPP
20 202.119.22.10 202.119.22.255 16 DHCP
Use the show logicinterface summary command to view summary information of the virtual
access interfaces.
R2(config)#show logicinterface summary
ACCESS NA NA NA 3
5-16
Configuration Thought
1. The basic characteristics of an LTS are: On the one hand, an LTS works as an LNS to
respond the tunnel connection request of the LAC at the user side. On the other hand,
the LTS works as an LAC to send a tunnel connection request to the LNS (or another
LTS) at the server side. Therefore, to configure an LTS, it is necessary to create two
L2TP groups. One group works as an LNS to receive the tunnel connection request
sent by the LAC. The other group works as an LAC to send the tunnel connection
request to the LNS.
2. Configure addresses on the interfaces connected to the LAC and the LNS.
3. Create a virtual template in global configuration mode and enter virtual template
configuration mode. Set the mode to PPP and bind the template to an interface.
4. Configure domains of the L2TP users.
5. Configure an LAC. For details, please refer to LAC configuration.
6. Configure an LNS. For details, please refer to LNS configuration.
Configuration Commands
The configuration of LTS:
R2(config)#interface gei-0/2/0/1
R2(config-if)#no shutdown
R2(config-if)#ip address 101.1.1.2 255.255.255.0
R2(config-if)#exit
R2(config)#interface gei-0/2/0/2
R2(config-if)#no shutdown
R2(config-if)#ip address 102.1.1.2 255.255.255.0
R2(config-if)#exit
R2(config)#interface virtual_template20
R2(config-if)#mode ppp
R2(config-if)#ip unnumbered gei-0/2/0/2
R2(config-if)#exit
R2(config)#ppp
R2(config-ppp)#interface virtual_template20
R2(config-ppp-if)#keepalive 20
R2(config-ppp-if)#ppp authentication pap
R2(config-ppp-if)#ppp pap sent-username bras@zte password 123
R2(config-ppp-if)#bind-ip-pool zte
R2(config-ppp-if)#exit
R2(config-ppp)#exit
5-17
R2(config)#vpdn
R2(config-vpdn)#enable
R2(config-vpdn)#multihop
R2(config-vpdn)#tsa-id lts
R2(config-vpdn)#exit
R2(config)#vpdn-group lns
R2(config-vpdn-group)#service-type lns
R2(config-vpdn-group)#local name lns
R2(config-vpdn-group)#terminate-from hostname lac
R2(config-vpdn-group)#virtual-template 20
R2(config-vpdn-group)#l2tp tunnel authentication
R2(config-vpdn-group)#l2tp tunnel password zte
R2(config-vpdn-group)#exit
R2(config)#vpdn-group lac
R2(config-vpdn-group)#domain zte
R2(config-vpdn-group)#local name lac
R2(config-vpdn-group)#terminate-from hostname lns
R2(config-vpdn-group)#proxy-authentication
R2(config-vpdn-group)#source-ip-addr 102.1.1.2
R2(config-vpdn-group)#initiate-to-ip-addr 102.1.1.1
R2(config-vpdn-group)#exit
Configuration Verification
Use the show vpdn tunnel command to check the tunnel state. The tunnel has been
established. When a user is online, the system generates two tunnels automatically. One
tunnel is between the LAC and the LTS. The other tunnel is between the LTS and the LNS.
Use the show running-config ppp all command to view the PPP configuration.
5-18
Take the topology shown in Figure 5-11 as an example to describe how to handle an LTS
fault.
l Check the Management Process Units (MPUs), the line cards, the interface cards
and the network cables (check whether the direct connected interfaces can be pinged
successfully from each other).
l If there is no problem about the hardware, check the configurations of the interfaces,
the VPDN groups and the address pool.
5-19
5-20
5-21
username and the password for authentication are configured in global configuration
mode.
6. Check the configuration of the address pool. Make sure that an invalid address pool
is configured and there are addresses in the address pool to allocate to the users.
If the fault cannot be solved according to the steps above, please ask for technical support.
If the fault cannot be solved according to the steps above, please ask for technical support.
5-22
6-1
According to the type of payload packet before GRE encapsulation is IPv4 or IPv6, GRE
tunnel can be divided into GRE over IPv4 and GRE over IPv6. The source address and
destination address of the transmission protocol are got by GRE tunnel.
GRE tunnel can be established on host-host, host-device, device-host and device-device.
The terminal of tunnel is the final destination of message or the message needs to be
forwarded.
l Encapsulation principle: When IPv6 host or router is sending IPv6 flow, if message
outgoing interface is tunnel interface, verify tunnel type first. If it is GRE tunnel, do the
encapsulation of IPv4 header, of which IPv4 header source address and destination
address are got by user manual configuration. After encapsulation, the message will
be sent by the IPv4 message sending flow.
l De-encapsulation principle: It is the reversed process of encapsulation. Router
receives IPv4 data packet. If IPv4 header protocol number is 47, apply process
function of each protocol of IPv4 registration, enter into GRE de-encapsulation flow,
search for matched tunnel entry according to source address and destination address
of message. If it is found the IPv4 header and GRE header encapsulated by tunnel
are removed. The remaining IPv6 message is handled by IPv6 packet receiving flow.
6-2
1 ZXR10(config)#interface gre_tunnel < tunnel no> This creates GRE tunnel interface.
Use the corresponding no command
to delete tunnel interface.
3 ZXR10(config-gre)#interface gre_tunnel < tunnel no> This enters into GRE tunnel interface
configuration mode.
5 ZXR10(config-gre-if)#tunnel source ipv4 < src addr> This configures tunnel source
address. Use the corresponding no
command to delete tunnel source
address configuration. Only IPv4
needs to be specified and the
detailed source address does not
need to be specified.
6 ZXR10(config-gre-if)#tunnel destination ipv4 < dst addr> This configures tunnel destination
address. Use the corresponding
no command to delete tunnel
destination address configuration.
Only IPv4 needs to be specified
and the detailed destination address
does not need to be specified.
7 ZXR10(config-gre-if)# tunnel key < key value> This configures tunnel key option.
Use the corresponding no command
to delete tunnel key option
configuration. Only key needs to be
specified and the detailed key value
does not need to be specified.
6-3
10 ZXR10(config-gre-if)# tunnel vrfname < vpn name> This configures across VRF instance
name after tunnel encapsulation.
Use the corresponding no command
to delete across VRF instance
configuration. Only vrfname needs
to be specified and the detailed
instance name does not need to be
specified.
Parameter Description
< tunnel no> Tunnel number, it means the nubmer of tunnel can be established is from 1
to 4000.
Parameter Description
< src addr> It means the address of local interface used by tunnel.
Parameter Description
< dst addr> It means the address of local interface used by tunnel.
Parameter Description
< key value> It means key value used for tunnel security. The range of the key is
0–4294967295.
Parameter Description
< vpn name> It means across VPN instance name after tunnel encapsulation.
6-4
1 ZXR10(config)#interface gre_tunnel < tunnel no> This creates GRE tunnel interface.
Use the corresponding no command
to delete tunnel interface.
3 ZXR10(config-gre)#interface gre_tunnel < tunnel no> This enters into GRE tunnel interface
configuration mode.
5 ZXR10(config-gre-if)#tunnel source ipv4 < src addr> This configures tunnel source
address. Use the corresponding no
command to delete tunnel source
address configuration. Only IPv4
needs to be specified and the
detailed source address does not
need to be specified.
6 ZXR10(config-gre-if)#tunnel destination ipv4 < dst addr> This configures tunnel destination
address. Use the corresponding
no command to delete tunnel
destination address configuration.
Only IPv4 needs to be specified
and the detailed destination address
does not need to be specified.
7 ZXR10(config-gre-if)# tunnel key < key value> This configures tunnel key option.
Use the corresponding no command
to delete tunnel key option
configuration. Only key needs to be
specified and the detailed key value
does not need to be specified.
6-5
Parameter Description
< tunnel no> Tunnel number, it means the number of tunnel can be established is from 1
to 4000.
Parameter Description
< src addr> It means the address of local interface used by tunnel.
Parameter Description
< dst addr> It means the address of destination interface used by tunnel.
Parameter Description
< key value> It means key value used for tunnel security.
Command Function
6-6
GRE/IPv4 At present, the message protocol that GRE tunnel is processing is IPv4.
If it is IPv6 GRE/IPv6 is displayed.
ttl lifecycle
6-7
Configuration Thought
1. Configure the interface IP addresses on R1 and R2, create route to make the two
routers interconnected.
2. Create gre_tunnel interface on global mode and allocate the corresponding IP address.
3. Enter into GRE configuration mode at global configuration mode and enter into the
GRE interface to be configured.
4. Configure GRE on R1 and R2 respectively. Set GRE working mode and bound source
and destination interface addresses.
Configuration Commands
Configuration on R1:
R1(config)#interface fei-0/1/0/1
R1(config-if)#ip adderss 100.0.0.1 255.255.255.0
R1(config-if)exit
R1(config)#interface gre_tunnel1
R1(config-if)#ip address 11.0.0.1 255.255.255.0
R1(config-if)#exit
R1(config)#gre-config
R1(config-gre)#interface gre_tunnel1
R1(config-gre-if)#tunnel mode ip
6-8
Configuration on R2:
R2(config)#interface fei-0/2/0/1
R2(config-if)#ip address 200.0.0.1 255.255.255.0
R2(config-if)exit
R2(config)#interface gre_tunnel1
R2(config-if)#ip address 11.0.0.2 255.255.255.0
R2(config-if)#exit
R2(config)#gre-config
R2(config-gre)#interface gre_tunnel1
R2(config-gre-if)#tunnel mode ip
R2(config-gre-if)#tunnel source ipv4 200.0.0.1
R2(config-gre-if)#tunnel destination ipv4 100.0.0.1
R2(config-gre-if)#
Configuration Verification
Check the GRE configuration on R1 and R2, as shown below.
R1(config)#show running-config gre-tunnel1
! <GRE>
gre-config
interface gre_tunnel1
tunnel mode ip
tunnel source ipv4 100.0.0.1
tunnel destination ipv4 200.0.0.1
! </GRE>
! <INTERFACE>
interface gre_tunnel1
index 17
ip address 11.0.0.1 255.255.255.0
! </INTERFACE>
!
R1(config)#show ip interface gre_tunnel1
gre_tunnel1 AdminStatus is up, PhyStatus is up, line protocol is up
Internet address is 11.0.0.1/24 /*all are up, tunnel is valid.*/
Broadcast address is 255.255.255.255
IP MTU is 1476 bytes
6-9
tunnel mode ip
tunnel source ipv4 200.0.0.1
tunnel destination ipv4 100.0.0.1
!</GRE>
!<INTERFACE>
interface gre_tunnel1
index 11
ip address 11.0.0.2 255.255.255.0
!</INTERFACE>
!
R2(config)#show ip interface gre_tunnel1
gre_tunnel1 AdminStatus is up, PhyStatus is up, line protocol is up
Internet address is 11.0.0.2/24 /*all are up, tunnel is valid.*/
Broadcast address is 255.255.255.255
IP MTU is 1476 bytes
Configuration Thought
1. Configure the interface IP addresses on R1 and R2, create route to make the two
routers interconnected.
2. Create gre_tunnel interface on global mode and allocate the corresponding IPv6
address.
3. Enter into GRE configuration mode at global configuration mode and enter into the
GRE interface to be configured.
6-10
4. Configure GRE on R1 and R2 respectively. Set GRE working mode and bound source
and destination interface addresses.
Configuration Commands
Configuration on R1:
R1(config)#interface fei-0/1/0/1
R1(config-if)#ip adderss 100.0.0.1 255.255.255.0
R1(config-if)exit
R1(config)#interface gre_tunnel1
R1(config-if)#ipv6 address 2010::11/64
R1(config-if)#exit
R1(config)#gre-config
R1(config-gre)#interface gre_tunnel1
R1(config-gre-if)#tunnel mode ipv6
R1(config-gre-if)#tunnel source ipv4 100.0.0.1
R1(config-gre-if)#tunnel destination ipv4 200.0.0.1
R1(config-gre-if)#tunnel key 1
Configuration on R2:
R2(config)#interface fei-0/2/0/1
R2(config-if)#ip address 200.0.0.1 255.255.255.0
R2(config-if)exit
R2(config)#interface gre_tunnel1
R2(config-if)#ipv6 address 2010::22/64
R2(config-if)#exit
R2(config)#gre-config
R2(config-gre)#interface gre_tunnel1
R2(config-gre-if)#tunnel mode ipv6
R2(config-gre-if)#tunnel source ipv4 200.0.0.1
R2(config-gre-if)#tunnel destination ipv4 100.0.0.1
R2(config-gre-if)#tunnel key 1
Configuration Verification
Check the GRE configuration on R1 and R2, as shown below.
R1(config)#show running-config-interface gre-tun gre_tunnel1
! <GRE>
gre-config
interface gre_tunnel1
tunnel mode ipv6
tunnel source ipv4 100.0.0.1
tunnel destination ipv4 200.0.0.1
tunnel key 1
! </GRE>
! <INTERFACE>
6-11
interface gre_tunnel1
index 17
ipv6 enable
ipv6 address 2010::11/64
! </INTERFACE>
6-12
6-13
6-14
If the fault cannot be solved according to the steps above, please ask for technical support.
6-15
6-16
I
ZXR10 M6000 Configuration Guide (VPN)
II
Figures
III
Figures
V
Tables
BSC
- Base Station Controller
BSR
- Bootstrap Router
BTS
- Base Transceiver Station
CC
- Connection Confirmation
CE
- Customer Edge
CIP
- Customer Interface Point
EBGP
- External Border Gateway Protocol
FEC
- Forwarding Equivalence Class
FR
- Frame Relay
VII
ZXR10 M6000 Configuration Guide (VPN)
FRR
- Fast Reroute
GRE
- General Routing Encapsulation
HDLC
- High-level Data Link Control
IANA
- Internet Assigned Number Authority
IBGP
- Interior Border Gateway Protocol
IEEE
- Institute of Electrical and Electronics Engineers
IETF
- Internet Engineering Task Force
IGMP
- Internet Group Management Protocol
IGP
- Interior Gateway Protocol
ILMI
- Interim Local Management Interface
IP
- Internet Protocol
IPCP
- IP Control Protocol
IPSec
- IP Security Protocol
IS-IS
- Intermediate System-to-Intermediate System
ISDN
- Integrated Services Digital Network
ISP
- Internet Service Provider
L2TP
- Layer2 Tunneling Protocol
LAC
- L2TP Access Concentrator
LAN
- Local Area Network
VIII
Glossary
LDP
- Label Distribution Protocol
LMI
- Local Management Interface
LNS
- L2TP Network Server
LSP
- Label Switched Path
LSP
- Link State Packet
LSR
- Label Switch Router
MAC
- Medium Access Control
MAN
- Metropolitan Area Network
MC-ELAM
- Multi-Chassis Ethernet Link Aggregation Manager
MP-BGP
- Multiprotocol BGP
MPLS
- Multi Protocol Label Switching
MPU
- Management Process Unit
MTU
- Maximum Transmission Unit
NAS
- Network Access Server
NAT
- Network Address Translation
OAM
- Operation, Administration and Maintenance
OSPF
- Open Shortest Path First
PDU
- Protocol Data Unit
PE
- Provider Edge
IX
ZXR10 M6000 Configuration Guide (VPN)
PIM-SM
- Protocol Independent Multicast - Sparse Mode
POS
- Packet Over SONET/SDH
PPP
- Point to Point Protocol
PPTP
- PPP Tunnel Protocol
PSTN
- Public Switched Telephone Network
PW
- Pseudo Wire
PWE3
- Pseudo Wire Emulation Edge-to-Edge
RAN
- Radio Access Network
RD
- Route Distinguisher
RFC
- Request For Comments
RIP
- Routing Information Protocol
RP
- Rendezvous Point
RPF
- Reverse Path Forwarding
RR
- Router Reflector
RSVP-TE
- Resource ReSerVation Protocol - Traffic Engineering
RT
- Route Target
SDH
- Synchronous Digital Hierarchy
SDU
- Service Data Unit
SP
- Service Provider
X
Glossary
STP
- Spanning Tree Protocol
TCP/IP
- Transfer Control Protocol/Internet Protocol
TDM
- Time Division Multiplexing
TTL
- Time To Live
UDP
- User Datagram Protocol
VC
- Virtual Connection
VC
- Virtual Circuit
VCC
- Virtual Channel Connection
VCCV
- Virtual Circuit Connectivity Verification
VFI
- Virtual Forwarding Instance
VLAN
- Virtual Local Area Network
VPLS
- Virtual Private LAN Service
VPN
- Virtual Private Network
VPWS
- Virtual Private Wire Service
VRF
- Virtual Route Forwarding
WAN
- Wide Area Network
XI