You are on page 1of 410

H3C SR8800 10G Core Routers

MPLS Configuration Guide

Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: SR8800-CMW520-R3347
Document version: 6W103-20120224

Copyright © 2011-2012, Hangzhou H3C Technologies Co., Ltd. and its licensors

All rights reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
, TOP G,
, IRF, NetPilot, Neocean, NeoVTL,
H3C,
, Aolynk,
, H3Care,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface
The H3C SR8800 documentation set includes 13 configuration guides, which describe the software
features for the H3C SR8800 10G Core Routers and guide you through the software configuration
procedures. These configuration guides also provide configuration examples to help you apply software
features to different network scenarios.
The MPLS Configuration Guide describes fundamentals and configuration of MPLS basics, MPLS TE, VPLS,
MPLS L2VPN, and MPLS L3VPN.
This preface includes:

Audience

Conventions

About the H3C SR8800 documentation set

Obtaining documentation

Technical support

Documentation feedback

Audience
This documentation is intended for:

Network planners

Field technical support and servicing engineers

Network administrators working with the SR8800 series

Conventions
This section describes the conventions used in this documentation set.

Command conventions
Convention

Description

Boldface

Bold text represents commands and keywords that you enter literally as shown.

Italic

Italic text represents arguments that you replace with actual values.

[]

Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which
you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars, from
which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical
bars, from which you select at least one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical
bars, from which you select one choice, multiple choices, or none.

Convention

Description

&<1-n>

The argument or keyword and argument combination before the ampersand (&) sign can
be entered 1 to n times.

#

A line that starts with a pound (#) sign is comments.

GUI conventions
Convention

Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For
example, the New User window appears; click OK.

>

Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

Convention

Description

Symbols

WARNING

An alert that calls attention to important information that if not understood or followed can
result in personal injury.

CAUTION

An alert that calls attention to important information that if not understood or followed can
result in data loss, data corruption, or damage to hardware or software.

IMPORTANT

An alert that calls attention to essential information.
An alert that contains additional or supplementary information.

NOTE
TIP

An alert that provides helpful information.

Network topology icons
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.

Port numbering in examples
The port numbers in this document are for illustration only and might be unavailable on your router.

About the H3C SR8800 documentation set
The H3C SR8800 documentation set includes:
Category
Product description and
specifications

Documents

Purposes

Marketing brochures

Describe product specifications and benefits.

Technology white papers

Provide an in-depth description of software features
and technologies.

Card datasheets

Describe card specifications, features, and standards.

Category

Hardware specifications
and installation

Software configuration

Operations and
maintenance

Documents

Purposes

Compliance and safety
manual

Provides regulatory information and the safety
instructions that must be followed during installation.

Installation guide

Provides a complete guide to hardware installation
and hardware specifications.

H3C N68 Cabinet
Installation and Remodel
Introduction

Guides you through installing and remodeling H3C
N68 cabinets.

H3C Pluggable SFP
[SFP+][XFP] Transceiver
Modules Installation
Guide

Guides you through installing SFP/SFP+/XFP
transceiver modules.

H3C High-End Network
Products Hot-Swappable
Module Manual

Describes the hot-swappable modules available for
the H3C high-end network products, their external
views, and specifications.

Configuration guides

Describe software features and configuration
procedures.

Command references

Provide a quick reference to all available commands.

Release notes

Provide information about the product release,
including the version history, hardware and software
compatibility matrix, version upgrade information,
technical support information, and software
upgrading.

Obtaining documentation
You can access the most up-to-date H3C product documentation on the World Wide Web
at http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, software
upgrading, and software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with the
software version.

Technical support
service@h3c.com
http://www.h3c.com

Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.

Contents
Configuring basic MPLS ·············································································································································· 1 
MPLS overview ·································································································································································· 1 
Basic concepts ·························································································································································· 1 
Structure of the MPLS network································································································································· 3 
LSP establishment and label distribution ················································································································ 3 
MPLS forwarding ······················································································································································ 6 
LDP ············································································································································································· 8 
Protocols ···································································································································································· 9 
MPLS configuration task list··········································································································································· 10 
Enabling the MPLS function ··········································································································································· 11 
Configuration prerequisites ·································································································································· 11 
Configuration procedure ······································································································································ 11 
Configuring a static LSP ················································································································································ 11 
Configuration prerequisites ·································································································································· 11 
Configuration procedure ······································································································································ 12 
Establishing dynamic LSPs through LDP ······················································································································· 12 
Configuring MPLS LDP capability ························································································································ 12 
Configuring Local LDP session parameters ········································································································· 13 
Configuring remote LDP session parameters ······································································································ 14 
Configuring PHP ···················································································································································· 15 
Configuring the policy for triggering LSP establishment ··················································································· 16 
Configuring the label distribution control mode ································································································ 16 
Configuring LDP loop detection ··························································································································· 17 
Configuring LDP MD5 authentication ·················································································································· 18 
Configuring LDP label filtering ····························································································································· 18 
Maintaining LDP sessions ·············································································································································· 20 
Configuring BFD for MPLS LDP ···························································································································· 20 
Resetting LDP sessions ··········································································································································· 20 
Managing and optimizing MPLS forwarding ············································································································· 21 
Configuring MPLS MTU ········································································································································ 21 
Configuring TTL processing mode at ingress······································································································ 21 
Sending back ICMP TTL exceeded messages for MPLS TTL expired packets ················································· 23 
Configuring LDP GR ·············································································································································· 24 
Configuring MPLS statistics ··········································································································································· 26 
Setting the interval for reading statistics ············································································································· 26 
Inspecting LSPs ······························································································································································· 26 
MPLS LSP ping ······················································································································································· 26 
MPLS LSP tracert ···················································································································································· 27 
Configuring BFD for LSPs ······································································································································ 27 
Configuring periodic LSP tracert ·························································································································· 28 
Enabling MPLS trap························································································································································ 29 
Displaying and maintaining MPLS ······························································································································· 29 
Displaying MPLS operation ·································································································································· 29 
Displaying MPLS LDP operation ··························································································································· 30 
Clearing MPLS statistics ········································································································································ 31 
MPLS configuration examples ······································································································································· 32 
Configuring static LSPs ·········································································································································· 32 
Configuring LDP to establish LSPs dynamically ·································································································· 34 
Configuring BFD for LSP validity check ··············································································································· 38 
i

MPLS TE configuration ··············································································································································· 41 
MPLS TE overview ·························································································································································· 41 
Traffic engineering and MPLS TE ························································································································· 41 
Basic concepts of MPLS TE ··································································································································· 42 
MPLS TE implementation ······································································································································· 42 
CR-LSP ····································································································································································· 43 
CR-LDP ···································································································································································· 44 
RSVP-TE ··································································································································································· 44 
Traffic forwarding ·················································································································································· 48 
CR-LSP backup ······················································································································································· 50 
FRR ·········································································································································································· 50 
PS for an MPLS TE tunnel ······································································································································ 51 
DiffServ-aware TE ·················································································································································· 52 
MPLS LDP over MPLS TE ······································································································································· 54 
Protocols and standards ······································································································································· 55 
MPLS TE configuration task list ····································································································································· 55 
Configuring MPLS TE basic capabilities ······················································································································ 56 
Configuration prerequisites ·································································································································· 56 
Configuration procedure ······································································································································ 56 
Configuring DiffServ-aware TE ····································································································································· 57 
Creating MPLS TE tunnel over static CR-LSP ················································································································ 58 
Configuration prerequisites ·································································································································· 58 
Configuration procedure ······································································································································ 58 
Configuring MPLS TE tunnel with dynamic signaling protocol·················································································· 59 
Configuration prerequisites ·································································································································· 60 
Configuration procedure ······································································································································ 60 
Configuring RSVP-TE advanced features ····················································································································· 65 
Configuration prerequisites ·································································································································· 65 
Configuration procedure ······································································································································ 65 
Tuning CR-LSP setup ······················································································································································· 69 
Configuration prerequisites ·································································································································· 69 
Configuration procedure ······································································································································ 69 
Tuning MPLS TE tunnel setup ········································································································································· 71 
Configuration prerequisites ·································································································································· 72 
Configuration procedures ····································································································································· 72 
Configuring traffic forwarding ······································································································································ 73 
Configuration prerequisites ·································································································································· 73 
Configuration procedures ····································································································································· 73 
Configuring traffic forwarding tuning parameters ······································································································ 75 
Configuration prerequisites ·································································································································· 76 
Configuration procedure ······································································································································ 76 
Configuring CR-LSP backup ·········································································································································· 77 
Configuration prerequisites ·································································································································· 78 
Configuration procedure ······································································································································ 78 
Configuring FRR ····························································································································································· 78 
Configuration prerequisites ·································································································································· 79 
Configuration procedure ······································································································································ 79 
Inspecting an MPLS TE tunnel ······································································································································· 81 
Configuring MPLS LSP ping ·································································································································· 81 
Configuring MPLS LSP tracert ······························································································································· 81 
Configuring BFD for an MPLS TE tunnel·············································································································· 82 
Configuring periodic LSP tracert for an MPLS TE tunnel ··················································································· 83 
Configuring protection switching ································································································································· 84 
Configuration prerequisites ·································································································································· 84 
ii

Configuration procedure ······································································································································ 84 
Displaying and maintaining MPLS TE ·························································································································· 84 
MPLS TE configuration examples·································································································································· 87 
MPLS TE using static CR-LSP configuration example·························································································· 87 
MPLS TE tunnel using RSVP-TE configuration example ······················································································ 91 
Configuration example of inter-AS MPLS TE tunnel using RSVP-TE ·································································· 98 
RSVP-TE GR configuration example ··················································································································· 105 
MPLS RSVP-TE and BFD cooperation configuration example ········································································· 107 
MPLS TE using CR-LDP configuration example ································································································· 109 
CR-LSP backup configuration example ············································································································· 117 
FRR configuration example ································································································································· 120 
IETF DS-TE configuration example ····················································································································· 129 
MPLS LDP over MPLS TE configuration example ······························································································ 136 
MPLS TE in MPLS L3VPN configuration example ····························································································· 143 
Troubleshooting MPLS TE ············································································································································ 151 
No TE LSA generated ········································································································································· 151 
Swicthback fails to occur when the main tunnel resumes ··············································································· 151 

Configuring VPLS ···················································································································································· 153 
VPLS overview ······························································································································································ 153 
Operation of VPLS ··············································································································································· 153 
VPLS packet encapsulation ································································································································· 156 
H-VPLS implementation ······································································································································· 157 
Hub-spoke VPLS implementation ························································································································ 159 
Multi-hop PW ······················································································································································· 160 
VPLS configuration task list ·········································································································································· 161 
Configuring LDP VPLS ·················································································································································· 162 
Configuration prerequisites ································································································································ 162 
Enabling L2VPN and MPLS L2VPN ··················································································································· 162 
Configuring an LDP VPLS instance····················································································································· 162 
Configuring BGP VPLS ················································································································································· 164 
Configuration prerequisites ································································································································ 164 
Configuring the BGP extension ·························································································································· 164 
Enabling L2VPN and MPLS L2VPN ··················································································································· 164 
Configuring a BGP VPLS instance ····················································································································· 165 
Resetting VPLS BGP connections ························································································································ 165 
Binding a VPLS instance ·············································································································································· 165 
Configuring MAC address learning··························································································································· 167 
Configuring VPLS attributes ········································································································································· 168 
Displaying and maintaining VPLS ······························································································································ 168 
VPLS configuration examples ······································································································································ 169 
Configuring VPLS instances ································································································································ 169 
Configuring H-VPLS with LSP access ················································································································· 172 
Configuring hub-spoke VPLS ······························································································································ 175 
Configuring PW redundancy for H-VPLS access ······························································································ 179 
Implementing multi-AS VPN through multi-hop PW ························································································· 183 
Troubleshooting VPLS··················································································································································· 187 
Configuring MPLS L2VPN ······································································································································· 189 
MPLS L2VPN overview ················································································································································ 189 
Basic concepts of MPLS L2VPN ························································································································· 190 
Implementation of MPLS L2VPN························································································································· 190 
MPLS L2VPN configuration task list ···························································································································· 192 
Configuring MPLS L2VPN ··········································································································································· 193 
Configuring CCC MPLS L2VPN ·································································································································· 193 
iii

Configuration prerequisites ································································································································ 193  Configuration procedure ···································································································································· 193  Configuring SVC MPLS L2VPN ··································································································································· 195  Configuration prerequisites ································································································································ 195  Configuration procedure ···································································································································· 195  Configuring Martini MPLS L2VPN ······························································································································ 196  Creating a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface ······················ 196  Creating a Martini MPLS L2VPN for a service instance ·················································································· 197  Configuring Kompella MPLS L2VPN ·························································································································· 199  Configuration prerequisites ································································································································ 200  Configuration procedure ···································································································································· 200  Enabling the MPLS L2VPN mix function····················································································································· 202  Displaying and maintaining MPLS L2VPN ················································································································ 203  Displaying the operation of MPLS L2VPN ········································································································ 203  Resetting BGP L2VPN connections ···················································································································· 204  MPLS L2VPN configuration examples ························································································································ 204  Example for configuring a local CCC connection ··························································································· 204  Example for configuring a remote CCC connection ······················································································· 206  Example for configuring SVC MPLS L2VPN ····································································································· 209  Example for configuring Martini MPLS L2VPN ································································································ 213  Example for configuring Kompella MPLS L2VPN····························································································· 217  Example for configuring a Kompella local connection ··················································································· 219  Troubleshooting MPLS L2VPN····································································································································· 221  Configuring MPLS L3VPN ······································································································································· 222  MPLS L3VPN overview ················································································································································ 222  MPLS L3VPN concepts ········································································································································ 223  MPLS L3VPN packet forwarding························································································································ 225  MPLS L3VPN networking schemes ····················································································································· 226  MPLS L3VPN routing information advertisement ······························································································ 229  Inter-AS VPN ························································································································································ 230  Carrier’s carrier ··················································································································································· 233  Nested VPN ························································································································································· 235  Multi-role host······················································································································································· 237  HoVPN·································································································································································· 237  OSPF VPN extension ··········································································································································· 239  BGP AS number substitution ······························································································································· 242  Multi-VPN-instance CE ········································································································································ 243  MPLS L3VPN configuration task list ···························································································································· 244  Configuring basic MPLS L3VPN ································································································································· 245  Configuration prerequisites ································································································································ 245  Configuring VPN instances ································································································································ 245  Configuring routing between PE and CE ·········································································································· 248  Configuring routing between PEs ······················································································································ 254  Configuring routing features for BGP VPNv4 subaddress family ·································································· 254  Configuring inter-AS VPN ··········································································································································· 257  Configuration prerequisites ································································································································ 257  Configuring inter-AS option A···························································································································· 258  Configuring inter-AS option B ···························································································································· 258  Configuring inter-AS option C···························································································································· 259  Configuring nested VPN·············································································································································· 261  Configuration prerequisites ································································································································ 261  Configuring nested VPN ····································································································································· 261  Configuring multi-role host ·········································································································································· 262  Configuration prerequisites ································································································································ 262  iv .

Configuring and applying policy routing ········································································································· 262  Configuring a static route ··································································································································· 263  Configuring HoVPN ····················································································································································· 263  Configuration prerequisites ································································································································ 263  Configuring HoVPN ············································································································································ 263  Configuring an OSPF sham link ································································································································· 264  Configuration prerequisites ································································································································ 264  Configuring a loopback interface ····················································································································· 264  Redistributing the loopback interface route and OSPF routes into BGP ························································ 265  Creating a sham link ··········································································································································· 265  Configuring routing on an MCE ································································································································· 266  Configuration prerequisites ································································································································ 266  Configuring routing between MCE and VPN site ···························································································· 266  Configuring routing between MCE and PE ······································································································ 271  Specifying the VPN label processing mode ·············································································································· 275  Configuring BGP AS number substitution ·················································································································· 276  Configuration prerequisites ································································································································ 276  Configuration procedure ···································································································································· 276  Displaying and maintaining MPLS L3VPN ················································································································ 276  Resetting BGP connections ································································································································· 276  Displaying and maintaining MPLS L3VPN········································································································ 277  MPLS L3VPN configuration examples ························································································································ 280  Configuring MPLS L3VPNs using EBGP between PE and CE ········································································· 280  Configuring MPLS L3VPNs using IBGP between PE and CE ·········································································· 287  Configuring an MPLS L3VPN that uses a GRE tunnel······················································································ 295  Configuring inter-AS option A···························································································································· 300  Configuring inter-AS option B ···························································································································· 305  Configuring inter-AS option C···························································································································· 310  Configuring carrier’s carrier ······························································································································ 316  Configuring nested VPN ····································································································································· 324  Configuring HoVPN ············································································································································ 333  Configuring OSPF sham links ···························································································································· 340  Configuring BGP AS number substitution ········································································································· 345  Configuring IPv6 MPLS L3VPN ······························································································································ 349  IPv6 MPLS L3VPN overview ········································································································································ 349  IPv6 MPLS L3VPN packet forwarding ··············································································································· 350  IPv6 MPLS L3VPN routing information advertisement ····················································································· 350  IPv6 MPLS L3VPN networking schemes and functions ···················································································· 351  IPv6 MPLS L3VPN configuration task list ··················································································································· 351  Configuring basic IPv6 MPLS L3VPN ························································································································· 351  Basic IPv6 MPLS L3VPN configuration task list ································································································ 351  Configuration prerequisites ································································································································ 352  Configuring VPN instances ································································································································ 352  Configuring route related attributes for a VPN instance ················································································· 353  Configuring routing between PE and CE ·········································································································· 355  Configuring routing between PEs ······················································································································ 358  Configuring routing features for the BGP-VPNv6 subaddress family····························································· 359  Configuring inter-AS IPv6 VPN ··································································································································· 360  Configuration prerequisites ································································································································ 360  Configuring inter-AS IPv6 VPN option A ·········································································································· 361  Configuring inter-AS IPv6 VPN option C ·········································································································· 361  Configuring routing on an MCE ································································································································· 362  Configuration prerequisites ································································································································ 362  Configuring routing between MCE and VPN site ···························································································· 362  v .

Configuring routing between MCE and PE ······································································································ 366  Displaying and maintaining IPv6 MPLS L3VPN ········································································································ 369  Resetting BGP connections ································································································································· 369  Displaying information about IPv6 MPLS L3VPN ····························································································· 369  IPv6 MPLS L3VPN configuration examples ··············································································································· 371  Configuring IPv6 MPLS L3VPNs ························································································································· 371  Configuring inter-AS IPv6 VPN option A ·········································································································· 378  Configuring inter-AS IPv6 VPN option C ·········································································································· 383  Configuring carrier’s carrier ······························································································································ 390  Index ········································································································································································ 398  vi .

The device supports classifying FECs according to the network layer destination addresses of packets. devices forward packets according to short. and Ethernet). Basic concepts FEC As a forwarding technology based on classification. it is used in various services. Figure 1 Format of a label 1 . It introduces connection-oriented label switching into connectionless IP networks. and IPX).” MPLS overview Multiprotocol Label Switching (MPLS) is a new IP backbone technology.and fixed-length labels. IPv6. • Residing between the link layer and the network layer. and seamlessly integrates the flexibility of IP routing and the simplicity of Layer 2 switching. provide connection-oriented services for various network layer protocols (for example. This is a highly effective and fast data transmission method on backbone networks. ATM. frame relay. and QoS. MPLS can work on various link layer protocols (for example. fixed length identifier for identifying a single FEC.Configuring basic MPLS NOTE: • For information about VPN.” • For information about MPLS TE. PPP. MPLS is widely used on large-scale networks for it features the following advantages: • On an MPLS network. Label A label is a short. such as VPN. and work with mainstream network technologies. instead of doing Layer 3 header analysis and complicated routing table lookup independently. traffic engineering. see the chapter “Configuring MPLS TE. A label is locally significant and must be locally unique. MPLS groups packets with the same characteristics (such as packets with the same destination or service class) into a class. IPv4. see the chapters “Configuring MPLS L2VPN” and “Configuring MPLS L3VPN. called a “forwarding equivalence class (FEC)”. Packets of the same FEC are handled in the same way on an MPLS network. • As MPLS is connection-oriented and supports label stack.

In Figure 2. selects routes. Control plane and forwarding plane An MPLS node consists of two planes. Figure 2 Diagram for an LSP LFIB On an MPLS network. • S—One bit in length. LSR A label switching router (LSR) is a fundamental component on an MPLS network. usually used for CoS. Reserved field. control plane and forwarding plane. LSR B is the downstream LSR of LSR A. in the packet transfer direction. LSRs support label distribution and label swapping. Label value for identifying a FEC. MPLS supports multiple levels of labels. which is like the FIB for IP packet forwarding on an IP network. LER A label edge router (LER) is an LSR that resides at the edge of an MPLS network and is connected to another network. This field is used to indicate whether a label is at the bottom of the label stack. • Exp—Three bits in length. a label is encapsulated between the Layer 2 header and Layer 3 header of a packet. it is used to prevent loops. labeled packets are forwarded according to the Label Forwarding Information Base (LFIB). establishes the LFIB. Like the homonymous IP header field. On an LSP.As shown in Figure 1. 1 indicates that the label is at the bottom of the label stack. • Control plane—Assigns labels. A label is four bytes in length and consists of the following fields: • Label—20 bits in length. LSR A is the upstream LSR of LSR B. two neighboring LSRs are called the “upstream LSR” and “downstream LSR” respectively. establishes and removes LSPs • Forwarding plane—Forwards packets according to the LFIB 2 . LSP A label switched path (LSP) is the path along which packets of a FEC travel through an MPLS network. An LSP is a unidirectional path from the ingress of an MPLS network to the egress. • TTL—Eight bits in length.

static LSPs are suitable for small-scale networks with simple. or be established dynamically through label distribution protocols. Establishing a static LSP through manual configuration To establish a static LSP. Label distribution protocols include protocols designed specifically for label distribution. you need to assign a label to the FEC on each LSR along the packet forwarding path. However.Structure of the MPLS network Figure 3 Diagram for the MPLS network structure As shown in Figure 3. LSRs in the same routing or administrative domain form an MPLS domain.” 3 . In other words. transit LSRs perform MPLS forwarding based on labels of packets. Establishment of static LSPs consumes fewer resources than dynamic LSP establishment. For more information about LDP. and establish and maintain LSPs. They can classify FECs. LSP establishment and label distribution LSP establishment Establishing LSPs is to bind FECs with labels on each LSR involved and notify its adjacent LSRs of the bindings. so as to establish the LFIB on each LSR. such as BGP and RSVP-TE. stable topologies. and protocols extended to support label distribution. This document discusses LDP only. see “LDP. • Egress LSRs for removing labels from packets and IP forwarding the packets to their destination networks. Therefore. distribute labels. the element of an MPLS network is LSR. static LSPs cannot adapt to network topology changes. such as the Label Distribution Protocol (LDP). 1. An MPLS domain consists of the following types of LSRs: • Ingress LSRs for receiving and labeling packets coming into the MPLS domain. • Transit LSRs for forwarding packets along LSPs to their egress LERs according to the labels. 2. LSPs can be established through manual configuration. Establishing an LSP through a label distribution protocol Label distribution protocols are MPLS signaling protocols. and the ingress and egress LSRs deal with the switchover between MPLS and IP forwarding.

NOTE: In this document. According to the label distribution condition and order. MPLS has two label retention modes—liberal and conservative—to manage the received label bindings that are not useful at the moment. the label advertisement mode can be downstream unsolicited (DU) and downstream on demand (DoD). assigns a label to a FEC. the term label distribution protocols represents all protocols for label distribution. After all LSRs along the packet forwarding path establish a LFIB entry for the FEC. which then establishes an LFIB entry for the FEC according to the binding information. and the label distribution control mode can be independent or ordered. Label advertisement modes 4 . and distributes the FEC-label binding to its upstream LSR. Figure 4 Process of dynamic LSP establishment Label distribution and management An LSR informs its upstream LSRs of labels assigned to FECs through label advertisement. and the term LDP refers to the Label Distribution Protocol defined in RFC 5036. As shown in Figure 4. an LSP is established for packets of this FEC. a dynamic LSP is established in the following procedure: A downstream LSR classifies FECs according to destination addresses. 1.

NOTE: • The device supports only the DU mode. an LSR assigns a label to a FEC and distributes the FEC-label binding to its upstream LSR only when it receives a label request from the upstream LSR. Label distribution control modes Two label distribution control modes are available: independent and ordered. an LSR will assign labels to its upstream even if it has not obtained labels from its downstream. As shown in Figure 6. if the label advertisement mode is DoD. no LSP can be established normally. DU and DoD. an LSR assigns a label to a FEC and then distributes the FEC-label binding to its upstream LSR unsolicitedly. 2. an LSR can distribute label bindings upstream at anytime. otherwise. This means that an LSR may have distributed a label binding to its upstream LSR before it receives a binding from its downstream LSR. In independent mode. • In DoD mode. in independent label distribution control mode. if the label advertisement mode is DU. 5 .Figure 5 Label advertisement modes Figure 5 shows the two label advertisement modes. • In DU mode. • An upstream LSR and its downstream LSR for an FEC must use the same label advertisement mode. the LSR distributes a label to its upstream as long as it receives a label request from the upstream.

MPLS forwarding LFIB An LFIB comprises the following parts: • Next Hop Label Forwarding Entry (NHLFE)—Describes the label operation to be performed. an LSR keeps any received label binding regardless of whether the binding is from its next hop for the FEC or not. the packet needs to be forwarded through MPLS.Figure 6 Independent label distribution control mode 1) Distribute a label to the upstream unsolicitedly DU mode 2) Distribute a label to the upstream unsolicitedly Transit Ingress Egress 1) Request the downstream to assign a label DoD mode 2) Assign and distribute a label to the upstream upon receiving the request 3) Request the downstream to assign a label 4) Assign and distribute a label to the upstream upon receiving the request In ordered mode. NOTE: The router supports only the liberal mode. after an LSR (Transit in this example) receives a label request from its upstream (Ingress). an LSR keeps only label bindings that are from its next hops for the FECs. label distribution control is in ordered mode. The FTN map is used for forwarding unlabeled packets that need MPLS forwarding. if the label advertisement mode is DoD. an LSR will distribute a label upstream only when it receives a label binding for the FEC from its downstream. If the Token value of the FIB entry is not Invalid. In this case. Then. Label retention modes Two label retention modes are available: liberal and conservative. The LSR will then look for the 6 . It is used when forwarding MPLS packets. an LSR distributes its label binding for a FEC upstream only when it receives a label binding for the FEC from its downstream or it is the egress of the FEC. When an LSR receives an unlabeled packet. In conservative mode. This allows for quicker adaptation to route changes but will waste label resources as LSRs need to keep extra labels. it looks for the corresponding FIB entry. In Figure 5. if the label advertisement mode is DU. after the LSR (Transit) receives the label binding from its downstream (Egress). 3. This allows LSRs to maintain fewer labels but makes LSRs slower in adapting to route changes. • FEC to NHLFE (FTN) map—FTN maps each FEC to a set of NHLFEs at the ingress LSR. the LSR (Transit) sends a label request to its downstream (Egress). In liberal mode. it distributes a label binding to the upstream (Ingress).

If the Token value of the ILM entry is not null. 7 . Router D removes the label from the packet. :4 IP As shown in Figure 7. Upon receiving the labeled packet. Router C looks for the ILM entry according to the label (40) to get the Token value. IP :4 0. Upon receiving the labeled packet. 1. it looks for the corresponding ILM entry. 1. 1. According to the NHLFE entry. It is used when forwarding labeled packets. 2 0. When an LSR receives a labeled packet. MPLS data forwarding Figure 7 MPLS forwarding process diagram 2 1. and searches the FIB table for the Token value.corresponding NHLFE entry according to Token value to determine the label operation to be performed. • Incoming Label Map (ILM)—ILM maps each incoming label to a set of NHLFEs. As the Token value is not null. router D forwards the packet according to the IP header of the packet. Router D forwards the packet through the outgoing interface. and then forwards the labeled packet to the next hop LSR (Router C) through the outgoing interface (GE3/0/2). 3. Router D (the egress) looks for the ILM entry according to the label (50) to get the Token value. NOTE: FTN and ILM are associated with NHLFE through Token. if no outgoing interface is recorded. Router C swaps the original label with label 50. As the Token value is not Invalid. Router B pushes label 40 to the packet. in an MPLS domain. According to the NHLFE entry. The ingress (Router B) receives a packet carrying no label. and then forwards the labeled packet to the next hop LSR (Router D) through the outgoing interface (GE3/0/2). 2. Router B determines the FEC of the packet according to the destination address. If the ILM entry records the outgoing interface. a packet is forwarded in the following procedure: 1. Router C looks for the corresponding NHLFE entry of the Token value. Router B looks for the corresponding NHLFE entry of the Token value. the LSR will look for the corresponding NHLFE entry to determine the label operation to be performed. As the Token is null.

An egress assigns an IPv4 explicit null label to a FEC and advertises the FEC-label binding to the upstream LSR. • Advertisement messages—Create. Then. alter.PHP In an MPLS network. In this case. which carries a label of 0. and notification messages. rather than substitutes the implicit null label for the original label at the stack top. TCP is used for LDP session messages. LDP operation LDP goes through four phases in operation: 1. LSRs can map network layer routing information to data link layer switching paths. • A label value of 3 represents an implicit null label and never appears in the label stack. Basic concepts of LDP • LDP session LDP sessions are established between LSRs based on TCP connections and used to exchange messages for label binding. and error notification. it directly performs a pop operation. Using LDP. The egress thus can directly perform the next level forwarding upon receiving the packet. and then performs the next level label forwarding or performs IP forwarding. it forwards the packet to the egress. When forwarding an MPLS packet. relieving the egress of the label operation burden and improving the packet processing capability of the MPLS network. the upstream LSR substitutes the label at the stack top with the explicit null label and then sends the packet to the egress. maintain. PHP is configurable on the egress node. advertisement messages. • Session messages—Establish. Discovery 8 . it looks up the LFIB. or looks up the LFIB once and the FIB once. The label assigned by a PHP-capable egress node to the penultimate hop can be one of the following: • A label value of 0 represents an IPv4 explicit null label. or remove FEC-label bindings. When the egress receives the packet. When an LSR finds that it is assigned an implicit null label. LDP The LDP protocol is used to establish LSPs dynamically. An egress node needs to do forwarding table lookup twice to forward a packet: looks up the LFIB twice. LDP message type LDP messages fall into the following types: • Discovery messages—Declare and maintain the presence of LSRs on a network. it does not look up for the LFIB entry but pops the label stack directly and performs IPv4 forwarding. label releasing. and terminate sessions between LDP peers. • LDP peer Two LSRs with an LDP session established between them and using LDP to exchange FEC-label bindings are LDP peers. the penultimate hop popping (PHP) feature can pop the label at the penultimate node. pops the label of the packet. UDP is used only for discovery messages. For reliable transport of LDP messages. • Notification messages—Provide advisory information and to notify errors. when an egress node receives a labeled packet.

Loss of session connectivity An LSR determines the integrity of an LDP session according to the LDP PDU (which carries one or more LDP messages) transmitted on the session.0. Multiprotocol Label Switching Architecture • RFC 3032. MPLS Label Stack Encoding 9 . if two LDP peers have no information to exchange. If an LSR does not receive any Hello message from a peer before the Hello timer expires. LSRs directly connected at the link layer. the LSR will send a Notification message to terminate the LDP session. When the last Hello adjacency for the session is deleted. so that all LSRs directly connected at the link layer can discover this LSR. and Keepalive interval. it closes the TCP connection and terminates the LDP session. 2. 3. After a session is established between them.0. or. In this mechanism. Establish a TCP connection between them. Extended discovery mechanism—Discovers remote LDP peers. they can send Keepalive messages to each other to maintain the LDP session. Protocols MPLS related protocols include: • RFC 3031. LSP establishment and maintenance LDP sends label requests and label binding messages. the LSRs go through the following steps to establish a session: a. If an LSR does not receive any LDP PDU from its peer during a Keepalive interval. Receiving a shutdown message from the peer An LSR can also send a Shutdown message to its LDP peer to terminate the LDP session. an LSR periodically sends LDP link hello messages to multicast address 224. see “LSP establishment and label distribution. For the LSP establishment process. LDP provides the following discovery mechanisms: Basic discovery mechanism—Discovers local LDP peers. it deletes the Hello adjacency with this peer. An LDP session has one or more Hello adjacencies. Before the Keepalive timer times out. In this mechanism. or.Every LSR that wants to establish LDP sessions sends Hello messages periodically to notify neighboring LSRs of its presence. Therefore. or. Session establishment and maintenance After an LSR finds an LDP peer. In this way. LSRs not directly connected at the link layer. when receiving the Shutdown message from an LDP peer. the two LDP peers send Hello messages and Keepalive messages to maintain the session.” 4. an LSR periodically sends LDP targeted Hello messages to a given IP address so that the LSR with the IP address can discover the LDP peer. Session termination An LSR terminates its LDP session with an LDP peer in the following cases: All Hello adjacencies are deleted between the two peers LDP peers periodically send Hello messages to indicate that they intend to keep the Hello adjacency. b. an LSR will terminate the session with the LDP peer. label advertisement mode. Initialize negotiation of session parameters such as the LDP version. all routers on the subnet. so as to advertise label bindings between LDP peers and thereby establish LSPs. LSRs can automatically discover their LDP peers.2.

LDP Specification MPLS configuration task list Complete the following tasks to configure MPLS: Task Remarks Enabling the MPLS function Required Configuring a static LSP Required Establishing dynamic LSPs through LDP Maintaining LDP sessions Managing and optimizing MPLS forwarding Configuring MPLS statistics Inspecting LSPs Configuring MPLS LDP capability Required Configuring Local LDP session parameters Optional Configuring remote LDP session parameters Optional Configuring PHP Optional Configuring the policy for triggering LSP establishment Optional Configuring the label distribution control mode Optional Configuring LDP loop detection Optional Configuring LDP MD5 authentication Optional Configuring LDP label filtering Optional Configuring BFD for MPLS LDP Optional Resetting LDP sessions Optional Configuring MPLS MTU Optional Configuring TTL processing mode at ingress Optional Sending back ICMP TTL exceeded messages for MPLS TTL expired packets Optional Configuring LDP GR Optional Setting the interval for reading statistics Optional MPLS LSP ping Optional MPLS LSP tracert Optional Configuring BFD for LSPs Optional Configuring periodic LSP tracert Optional Enabling MPLS trap Optional 10 Use either the static or dynamic LSP configuration method .• RFC 5036.

system-view N/A 2. quit N/A 5. you need to enable MPLS on all routers for MPLS forwarding before you can configure other MPLS features. MFR interface. Configuration procedure To enable MPLS: Step Command Remarks 1. Configuration prerequisites Before you enable MPLS. complete the following tasks: 11 . Return to system view. mpls Not enabled by default 4. POS interface. interface interface-type interface-number N/A 6. mpls lsr-id lsr-id Not configured by default 3. Enable MPLS globally and enter MPLS view. • Configure static routes or an IGP protocol. Configuring a static LSP The principle of establishing a static LSP is that the outgoing label of an upstream LSR is the incoming label of its downstream LSR. Enter system view. Layer 3 aggregate interface. making all neighboring nodes reachable at the network layer. tunnel interface. Enabling the MPLS function In an MPLS domain. complete the following tasks: • Configure link layer protocols to ensure the connectivity at the link layer. Enter interface view. • Assign IP addresses to interfaces. Configure the MPLS LSR ID. H3C recommends using the IP address of a loopback interface on an LSR as the MPLS LSR ID. Configuration prerequisites Before you configure a static LSP. HDLC interface. ATM interface.NOTE: These types of interfaces support MPLS capability: Layer 3 Ethernet interface (GE interface and XGE interface). VLAN interface. Enable MPLS for the interface. and RPR logical interface. mpls Not enabled by default NOTE: An MPLS LSR ID is in the format of an IP address and must be unique within an MPLS domain. Mp-group interface. ensuring that LSRs can communicate with each other at the network layer.

12 . • For information about configuring a static IP route.• Determine the ingress LSR. This is not required on the transit LSRs and egress LSR. static-lsp ingress lsp-name destination dest-addr { mask | mask-length } { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label 3. Configure a static LSP taking the current LSR as the egress. such as a P2MP ATM subinterface or a P2MP frame relay subinterface. the static LSP cannot be up. Establishing dynamic LSPs through LDP Configuring MPLS LDP capability To configure MPLS LDP capability: Step Command Remarks 1. • Make sure that the ingress LSR has a route to the FEC destination. Configure a static LSP taking the current LSR as a transit LSR. Enter system view. • When you configure a static LSP on the ingress LSR. • Enable MPLS on all these LSRs. Configuration procedure To configure a static LSP: Step Command 1. Enter system view. be sure to specify the same next hop or outgoing interface for the static route and the static LSP. and egress LSR for the static LSP. If you configure a static IP route for the LSP. static-lsp transit lsp-name incoming-interface interface-type interface-number in-label in-label { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label 4. system-view N/A 2. see Layer 3—IP Routing Configuration Guide. static-lsp egress lsp-name incoming-interface interface-type interface-number in-label in-label NOTE: • If the outgoing interface specified for a static LSP is a P2MP interface. system-view 2. Configure a static LSP taking the current LSR as the ingress. • For an ingress or transit LSR. mpls ldp Not enabled by default. transit LSRs. the next hop or outgoing interface specified must be consistent with the next hop or outgoing interface of the optimal route in the routing table. Enable LDP capability globally and enter MPLS LDP view. do not specify the public address of an interface on the LSR as the next hop address.

the LDP sessions cannot be established. • If there are a many LDP sessions between the two LSRs or the CPU is occupied much. mpls ldp Not enabled by default. This is to establish the TCP connection. the specified IP address must be the IP address of an interface on the router. 5. Otherwise. CAUTION: If you configure an LDP transport address by specifying an IP address. Enter interface view. Return to system view. Enable LDP capability for the interface. 3. mpls ldp timer hello-hold value 4. which is the MPLS LSR ID. Otherwise. MPLS L3VPN). Configure the LDP LSR ID. mpls ldp transport-address { ip-address | interface } Optional. 13 . 45 seconds by default. lsr-id lsr-id 4. NOTE: • Disabling LDP on an interface terminates all LDP sessions on the interface. Configuring Local LDP session parameters LDP sessions established between local LDP peers are referred to as local LDP sessions. Set the link Hello timer.Step Command Remarks Optional. To configure local LDP session parameters: Step Command Remarks 1. interface interface-type interface-number N/A 3. To establish a local LDP session: • Determine the LDP transport addresses of the two peers and make sure that the LDP transport addresses are reachable to each other. however. all LSPs using the sessions will be deleted. 15 seconds by default. MPLS LSR ID of the LSR by default. quit N/A 5. Optional. Enter interface view. In some applications that use VPN instances (for example. Enter system view. you do not need to configure the LDP LSR ID but use the default. • Usually. mpls ldp timer keepalive-hold value Optional. As a result. Configure the LDP transport address. interface interface-type interface-number N/A 6. you need to make sure that different LDP instances have different LDP LSR IDs if the address spaces overlap. MPLS LSR ID of the LSR by default. you need to adjust timers to ensure the stability of the LDP sessions. Set the link Keepalive timer. the TCP connections cannot be established normally. system-view N/A 2.

mpls ldp timer keepalive-hold value Optional. 14 By default. This is to establish the TCP connection. remote-ip ip-address N/A 4. Set the targeted Keepalive timer. you need to adjust timers to ensure the stability of the LDP sessions. Configure LDP to advertise prefix-based labels through a remote session. MPLS LSR ID of the LSR by default. 7. mpls ldp remote-peer remote-peer-name N/A 3. 45 seconds by default. • If there are a many LDP sessions between the two LSRs or the CPU is occupied much. prefix-label advertise 5. Enter system view. Configure the LDP transport address. system-view N/A 2. For more information about remote session applications.Configuring remote LDP session parameters LDP sessions established between remote LDP peers are referred to as remote LDP sessions. see the chapters “Configuring MPLS L2VPN.” To establish a remote LDP session: • Determine the LDP transport addresses of the two peers and make sure that the LDP transport addresses are reachable to each other. Optional. mpls ldp transport-address ip-address Optional. Remote LDP sessions are mainly used in Martini MPLS L2VPN. Optional. Set the targeted Hello timer. 45 seconds by default.” “Configuring VPLS. LDP does not advertise prefix-based labels through a remote session. and MPLS LDP over MPLS TE. Create a remote peer entity and enter MPLS LDP remote peer view. To configure remote LDP session parameters: Step Command Remarks 1. Martini VPLS. . Configure the remote peer IP address. mpls ldp timer hello-hold value 6.” and “Configuring MPLS TE.

It can accept the explicit or implicit null label.” • Configuring LDP to advertise prefix-based labels through a remote session is for implementing MPLS LDP over MPLS TE. see the chapter “Configuring MPLS TE. H3C recommends using a device that supports PHP as the penultimate hop. if you use the label advertise command to change the type of label that the egress should distribute to the penultimate hop. mpls N/A 3. the local adjacency can be established only when the transport address and keepalive settings for the local peer and those for the remote peer match respectively. 15 . you need to restart the router for the configuration to take effect. • If a local adjacency exists between two peers. you can configure a local adjacency for them. see the Martini MPLS L2VPN configuration in the chapter “Configuring MPLS L2VPN. it does not support the non-null type). label advertise { explicit-null | implicit-null | non-null } Optional. and the local session takes precedence over the remote session. LDP does not advertise any prefix-based label mapping message through a remote session. and remote sessions are used only to transfer messages for L2VPNs. Specify the type of the label to be distributed by the egress to the penultimate hop. By default. • After sessions are established. the router cannot distribute a normal label to the penultimate hop (that is. you need to reset the LDP sessions by using the reset mpls ldp command for the PHP configuration to take effect. NOTE: • The router supports PHP when it works as a penultimate hop. However. system-view N/A 2. • The remote peer IP address to be configured must be different from all existing remote peer IP addresses. • When working as the egress. For information about MPLS LDP over MPLS TE.NOTE: • The IP address specified as the LDP transport address must be the IP address of an interface on the router. Enter system view. • For LDP sessions existing before the label advertise command is configured. only one remote session or local session can exist between two LSRs. no remote adjacency can be established between them. That is. in which case the remote adjacency will be removed. an egress distributes to the penultimate hop an implicit null label. • By default. If a remote adjacency exists between two peers.” Configuring PHP To configure PHP: Step Command Remarks 1. Enter MPLS view. For more information about remote session applications.

Configuring the label distribution control mode With the label re-advertisement function enabled. . Enter system view. • If the vpn-instance vpn-instance-name combination is specified. so that only routes matching the policy can trigger establishment of LSPs. system-view N/A 2. Enter MPLS LDP view. only host routes with 32-bit masks can trigger establishment of LSPs. Specify the label distribution control mode. For example.Configuring the policy for triggering LSP establishment You can configure an LSP triggering policy on an LSR. NOTE: • For an LSP to be established. An LSR supports two types of LSP triggering policies: • Allowing all routing entries to trigger establishment of LSPs. otherwise. an exactly matching routing entry must exist on the LSR. Configure the LSP establishment triggering policy. and advertises the label-FEC bindings. the command configures an LSP establishment triggering policy for the specified VPN. • Filtering routing entries by an IP prefix list. an LSR periodically looks for FECs not assigned with labels. 3. To configure the policy for triggering LSP establishment: Step Command Remarks 1. on an LSR. Ordered by default. assigns labels to them if any. you need to reset the LDP sessions for the specified label distribution control mode to take effect. the command configures an LSP establishment triggering policy for the public network routes. By default. to establish an LSP to a loopback address with a 32-bit mask. lsp-trigger [ vpn-instance vpn-instance-name ] { all | ip-prefix prefix-name } Optional. mpls ldp N/A Optional. For information about IP prefix list configuration. system-view N/A 2. you must create the IP prefix list. Enter system view. You can set the label re-advertisement interval as needed. label-distribution { independent | ordered } 16 For LDP sessions existing before the command is configured. see Layer 3—IP Routing Configuration Guide. mpls N/A 3. there must be an exactly matching host routing entry on the LSR. To configure the LDP label distribution control mode: Step Command Remarks 1. reducing the number of LSPs to be established on the LSR and avoiding instability of the LSR caused by excessive LSPs. so that static and IGP routes denied by the IP prefix list will not trigger LSP establishment. To use this policy. Enter MPLS view.

Enabled by default. reaches the specified limit. Set the maximum path vector length. du-readvertise timer value Remarks Optional. you also need to specify the maximum number of hops of an LSP. which increments by 1 for each hop. or the length of the path vector. 30 seconds by default. the LSR considers that a loop appears and terminates the establishment of the LSP. path-vectors pv-number 17 Optional. Optional 32 by default. Enable loop detection. 32 by default. . To configure LDP loop detection: Step Command Remarks 1. Optional. Path vector A label request message or label mapping message carries path information in the form of path vector list. system-view N/A 2. If not. Enter MPLS LDP view. When such a message reaches an LSR. du-readvertise Set the interval for label re-advertisement in DU mode. Configuring LDP loop detection LSPs established in an MPLS domain may be looping. The LDP loop detection mechanism can detect looping LSPs and prevent LDP messages from looping forever. the LSR checks the path vector list of the message to see whether its MPLS LSR ID is in the list. hops-count hop-number 5. 4. loop-detect Disabled by default. An LSR will also terminate the establishment of an LSP when the hop count of the path. if yes.Step 4. When this value reaches the specified limit. the LSR will add its LSR ID to the path vector list. mpls ldp N/A 3. In the path vector mode. Command Enable label re-advertisement for DU mode. Maximum hop count A label request message or label mapping message carries information about its hop count. Set the maximum hop count. 5. LDP considers that a loop is present and terminates the establishment of the LSP. 2. LDP loop detection can be in either of two modes: 1. Enter system view.

make sure that the LDP MD5 authentication configurations on the LDP peers are consistent. You can execute the reset mpls ldp command in user view. An upstream LSR filters the label bindings received from the specified downstream LSR and accepts only those permitted by the specified prefix list.NOTE: • The loop detection modes configured on two LDP peers must be the same. LDP label filtering can be used to control which LSPs are to be established dynamically and prevent routers from accepting and advertising excessive label bindings. label acceptance control for controlling which labels will be accepted and label advertisement control for controlling which labels will be advertised. Label acceptance control Label acceptance control is for filtering received label bindings. you can configure MD5 authentication for the underlying TCP connections. so that the loop detection configurations also take effect for existing LSPs. Enter system view. H3C recommends configuring the routing protocol’s loop detection mechanism. • You need to configure loop detection before enabling LDP capability on any interface. 18 . • To implement loop detection in an MPLS domain. Configuring LDP MD5 authentication LDP sessions are established based on TCP connections. In complicated MPLS network environments. does LSR A accept the label binding of the FEC from LSR B. • All loop detection configurations take effect for only the LSPs established after the configurations. LSR A does not filter label bindings received from downstream router LSR C. To configure LDP MD5 authentication: Step Command Remarks 1. Otherwise. you need to enable loop detection on every LSR in the MPLS domain. system-view N/A 2. Enter MPLS LDP view. Changing the loop detection configurations does not affect existing LSPs. md5-password { cipher | plain } peer-lsr-id password Disabled by default NOTE: To establish an LDP session successfully between two LDP peers. the LDP session cannot be established. To improve the security of LDP sessions. • LDP loop detection may result in LSP update. Enable LDP MD5 authentication and set the password. Configuring LDP label filtering The LDP label filtering feature provides two mechanisms. so that the TCP connections can be established only if the peers have the same authentication password. Only if the destination address of an FEC matches the specified prefix list. which will generate redundant information and consume many system resources. As shown in Figure 8. upstream router LSR A filters the label bindings received from downstream router LSR B. mpls ldp N/A 3.

see Layer 3—IP Routing Configuration Guide. Figure 9 Network diagram for label advertisement control Configuration prerequisites Before you configure LDP label filtering policies. As shown in Figure 9. Configuring LDP lable filtering To configure LDP label filtering policies: Step Command Remarks 1. system-view N/A 2. downstream router LSR A advertises to upstream router LSR B only label bindings with FEC destinations permitted by prefix list B. mpls ldp N/A 19 . Enter system view. For information about IP prefix list configuration. A downstream LSR advertises only the label bindings of the specified FECs to the specified upstream LSR. Enter MPLS LDP view. and advertises to upstream router LSR C only label bindings with FEC destinations permitted by prefix list C. you must create an IP prefix list.Figure 8 Network diagram for label acceptance control Drop label bindings Label bindings not permitted Downstream LSR B Upstream LSR A Label bindings permitted by the label filtering configuration Accept label bindings o D l be la er ilt s t f in g n o in d b Downstream LSR C Label advertisement control Label advertisement control is for filtering label bindings to be advertised.

mpls ldp remote-peer remote-peer-name N/A 3. Not configured by default. By cooperating with bidirectional forwarding detection (BFD). Configuring BFD for MPLS LDP MPLS itself cannot detect a neighbor failure or link failure in time. advertise-label ip-prefix ip-prefix-name [ peer peer-ip-prefix-name ] Not configured by default. For related configuration examples. Enter system view. To configure BFD for MPLS LDP: Step Command Remarks 1. Configure a label advertisement control policy.Step 3. MPLS LDP can be quickly aware of communication failures between remote LDP peers. see High Availability Configuration Guide. configuring a label acceptance control policy on the upstream LSR and configuring a label advertisement control policy on the downstream LSR can achieve the same effect. the LDP sessions will not be able to function normally. • An LSP can be bound to only one BFD session. To reduce the network load. In this case. H3C recommends configuring only label advertisement control policies. 20 . and as a result. improving performances of existing MPLS networks. 4. the LDP session will be down. remote-ip bfd Disabled by default NOTE: The cooperation of MPLS LDP and BFD can be used to detect communication failures between remote LDP peers only. If communication between two remote LDP peers fails. MPLS forwarding will fail. you need to reset the LDP session so that the LDP peers renegotiate parameters and establish new sessions. see the chapter “Configuring VPLS. Maintaining LDP sessions This section describes how to detect communication failures between remote LDP peers and reset LDP sessions. accept-label peer peer-id ip-prefix ip-prefix-name Optional. system-view N/A 2. Enter MPLS LDP remote peer view. Enable BFD for MPLS LDP. Command Remarks Configure a label acceptance control policy. NOTE: • For more information about BFD. NOTE: For two neighboring LSRs.” Resetting LDP sessions If you change LDP session parameters when some LDP sessions are up.

a packet. • If you do not configure the MPLS MTU of an interface. and the length of fragments does not take the MPLS labels into account. 21 . NOTE: • MPLS packets carrying L2VPN or IPv6 packets are always successfully forwarded. Then. Configure the MPLS MTU of the interface. may exceed the allowed length of the link layer and thus cannot be forwarded.Use the following command to reset LDP sessions: Task Command Remarks Reset LDP sessions. Thus. During MPLS forwarding. Whether the label TTL takes the IP TTL or not depends on whether IP TTL propagation is enabled. To address the issue. the LSR removes the label stack from the packet. Configuring TTL processing mode at ingress At the ingress of an LSP. you can configure the MPLS MTU on an interface of an LSR. fragmentation of MPLS packets will be based on the MTU of the interface. interface interface-type interface-number N/A 3. adds the label stack back into each fragment. after encapsulated with an MPLS label. data forwarding may fail on the interface. reset mpls ldp [ all | [ vpn-instance vpn-instance-name ] [ fec mask | peer peer-id ] ] Available in user view Managing and optimizing MPLS forwarding Configuring MPLS MTU An MPLS label stack is inserted between the link layer header and network layer header of a packet. and then forwards the fragments. Enter system view. the length of an MPLS fragment may be larger than the interface’s MTU. the LSR will compare the length of an MPLS packet against the configured MPLS MTU on the interface. the LSR drops the packet directly. • If fragmentation is not allowed. Enter interface view. system-view N/A 2. even if they are larger than the MPLS MTU. fragments the IP packet (the length of a fragment is the MPLS MTU minus the length of the label stack). When the packet is larger than the MPLS MTU: • If fragmentation is allowed. To configure the MPLS MTU of an interface: Step Command Remarks 1. • If the MPLS MTU of an interface is greater than the MTU of the interface. the MPLS MTU of an interface is not configured. a label stack encapsulated with a TTL field is added to each packet. mpls mtu value By default. although the network layer packet is smaller than the MTU of the interface.

Enter system view. Enter MPLS view. When an LSR forwards the labeled packet. it decrements the TTL value of the label at the stack top by 1. it decrements the TTL value of the label at the stack top by 1. system-view N/A 2. it copies the TTL value of the label at the stack top back to the TTL field of the IP packet. mpls N/A 3. In this case.With IP TTL propagation enabled: When the ingress labels a packet. the result of tracert will reflect the real path along which the packet has traveled. • Figure 10 Label TTL processing when IP TTL propagation is enabled With IP TTL propagation disabled: When the ingress labels a packet. as if the ingress and egress were connected directly. ttl propagate { public | vpn } 22 Enabled for only public network packets by default. Enable MPLS IP TTL propagation. and the label TTL is set to 255. it compares the IP TTL and the label TTL and uses the smaller value as the TTL of the IP packet. • Figure 11 Label TTL processing when IP TTL propagation is disabled To configure IP TTL propagation of MPLS: Step Command Remarks 1. When an LSR pops a label. Optional. When an LSR forwards the labeled packet. When an LSR pops a label. it copies the TTL value of the original IP packet to the TTL field of the label. it does not copy the TTL value of the original IP packet to the TTL field of the label. In this case. . the result of tracert does not show the hops within the MPLS backbone. the TTL value of a packet is decreased hop by hop when forwarded along the LSP. Therefore.

an LSR always copies the IP TTL value of the packet. Therefore. • If the LSR has no route to the packet sender. for an MPLS packet carrying only one level of label. the second method is used. This ensures that the local administrator can tracert for network diagnoses. which will send the message to the packet sender. the first method is not applicable. TTL is always copied between multiple levels of labels. • If you enable MPLS IP TTL propagation for VPN packets on one LSR. and send the message to the packet sender in one of the following ways: • If the LSR has a route to the packet sender. so you can get the same result when tracerting from those PEs. • For locally generated packets. mpls N/A 3. Enabled by default. see the chapter “Configuring MPLS L3VPN. The ttl propagate command affects only the propagation of the IP TTL to the TTL of an MPLS label. it forwards the ICMP TTL exceeded message along the LSP to the egress. . Usually. it sends the ICMP TTL exceeded message to the packet sender directly through the IP route.CAUTION: • Within an MPLS domain. ttl expiration enable 23 Optional. it will generate an ICMP TTL exceeded message. superstratum PEs or service provider-end PEs (SPEs) in Hierarchy of VPN (HoVPN) applications. for an MPLS packet carrying a multi-level label stack. and carrier backbone PEs in nested VPNs may receive MPLS VPN packets that carry only one level of label but these devices have no IP routes to the packet senders. when the LSR receives an MPLS packet that carries a label with TTL being 1. Enter system view. this command takes effect only when it is configured on the ingress. NOTE: For more information about HoVPN and nested VPN.” To configure the router to send back an ICMP TTL exceeded message for a received MPLS TTL expired packet: Step Command Remarks 1. Enter MPLS view. the first method is used. In this case. For more information about PE. Enable the device to send back an ICMP TTL exceeded message when it receives an MPLS TTL expired packet. regardless of whether IP TTL propagation is enabled or not. However. see the chapter “Configuring MPLS L3VPN. because autonomous system boundary routers (ASBRs). system-view N/A 2.” Sending back ICMP TTL exceeded messages for MPLS TTL expired packets After you enable an LSR to send back ICMP TTL exceeded messages for MPLS TTL expired packets. you can configure the undo ttl expiration pop command on these devices so that the devices use the second method. H3C recommends that you enable it on all related provider edge (PE) devices.

neighbor of the GR restarter. A router that participates in a GR process plays either of two roles: • GR restarter. Using this feature. ensuring continuous data transmission. This configuration does not take effect when the MPLS packets carry multiple levels of labels. A GR helper maintains the neighbor relationship with the GR restarter and helps the GR restarter restore its LFIB information. • (Approach 1) Use IP routes: ttl expiration pop • (Approach 2) Use LSP routes: undo ttl expiration pop By default. • GR helper. The working procedure of LDP GR is as follows: 24 . two LDP peers perform GR negotiation when establishing an LDP session. It must be GR-capable. Configuring LDP GR MPLS has two separate planes: the forwarding plane and the control plane.Step Command Remarks Optional. so that LSRs can still forward packets according to LFIB. an ICMP TTL exceeded message is sent back along an IP route when the TTL of an MPLS packet with a one-level label stack expires. Use either approach as required. Figure 12 LDP GR GR helper GR restarter GR helper GR helper LDP session with GR capability As shown in Figure 12. Configure the router to use IP routes or LSPs to send back the ICMP TTL exceeded messages for TTL-expired MPLS packets that have only one level of label. A GR helper must be GR-capable. The LDP session established is GR capable only when both peers support LDP GR. LDP Graceful Restart (GR) preserves the LFIB information when the signaling protocol or control plane fails. 4. ICMP TTL exceeded messages for such MPLS packets always travel along the LSPs. the router that gracefully restarts due to a manually configured command or a fault.

6. if the LDP session fails to be re-established. The LDP recovery time is the smaller one between the recovery time configured locally and that configured on the peer GR restarter. 300 seconds by default 120 seconds by default 300 seconds by default Gracefully restarting MPLS LDP To test whether the MPLS LDP GR configuration has taken effect. Whenever restarting. Set the LDP neighbor liveness time. during the LDP recovery time. graceful-restart timer recovery timer Optional 6. system-view N/A 2. the GR helper will delete the FEC-label bindings marked stale. graceful-restart Disabled by default 4. During the LDP restart process. mpls ldp N/A 3. Set the FT reconnect time. 3. Enable MPLS LDP GR. and starts the MPLS forwarding state holding timer for them. marks them as stale. Configuration prerequisites Before you configure LDP GR. Configuring LDP GR To configure LDP GR: Step Command Remarks 1. graceful-restart timer reconnect timer Optional 5. The FT reconnect time is the smaller one between the reconnect time advertised from the peer GR restarter and the neighbor liveness time configured locally. During the FT reconnect time. 4. 5. configure MPLS LDP capability on each router that will act as the GR restarter or a GR helper. update the LFIB. When the MPLS forwarding state holding timer expires. it marks the FEC-label bindings learned from the session as stale and will keep these FEC-label bindings for a period of time defined by the fault tolerant (FT) reconnect time argument. NOTE: The router can act as a GR restarter or a GR helper as needed in the LDP GR process. If the session is re-established successfully. the GR restarter deletes the label forwarding entries that are still marked stale. the GR helper and the GR restarter will use the new LDP session to exchange the label mapping information. graceful-restart timer neighbor-liveness timer Optional Set the LDP recovery time. Enter MPLS LDP view. Enter system view. you can see whether the packet forwarding path is changed and whether packet forwarding is interrupted. After a GR helper detects that the LDP session with the GR restarter is down. To restart MPLS LDP gracefully: 25 . and delete the stale marks of the corresponding forwarding entries. you can perform graceful restart of MPLS LDP. 2. the GR restarter preserves all MPLS forwarding entries. the GR helper deletes the FEC-label bindings that are still marked stale.1. After the recovery time elapses.

To check the connectivity of an LSP: 26 . An MPLS echo reply carrying a success notification indicates that the lSP is normal. Enter system view.Task Command Remarks Restart MPLS LDP gracefully. it adds the label for the FEC to be inspected into an MPLS echo request. Do not perform this operation in other cases. Inspecting LSPs In MPLS. It does not perform active/standby switchover. meaning that the system does not read LSP statistics. mpls N/A 3. Set the interval for reading LSP statistics. At the ingress. However. To find LSP failures in time and locate the failed node. statistics interval interval-time 0 seconds by default. Setting the interval for reading statistics To set the interval for reading LSP statistics: Step Command Remarks 1. when an LSP fails to forward data. and an MPLS echo reply carrying an error code indicates that the LSP has failed. Enter MPLS view. the control plane cannot detect the LSP failure or cannot do so in time. the MPLS control plane is responsible for establishing LSPs. The egress processes the request packet and returns an MPLS echo reply to the ingress. the router provides the following mechanisms: • MPLS LSP ping • MPLS LSP tracert • BFD for LSPs • Periodic LSP tracert MPLS LSP ping MPLS LSP ping is for checking the connectivity of an LSP. Configuring MPLS statistics To view LSP statistics. you must set the interval for reading LSP statistics at first. system-view N/A 2. graceful-restart mpls ldp Available in user view NOTE: The graceful-restart mpls ldp command is only used to test MPLS LDP GR function. which then is forwarded along the LSP to the egress. This brings difficulty to network maintenance.

and the ingress will add the label for the FEC to into a BFD control packet. It consecutively sends the MPLS echo requests along the LSP to be inspected. each hop along the LSP will return an MPLS echo reply to the ingress due to TTL timeout. you need to configure an IP address for the loopback interface and configure the IP address as the MPLS LSR ID. BFD triggers a traffic switchover. such as the label allocated. tracert lsp [ -a source-ip | -exp exp-value | -h ttl-value | -r reply-mode |-t time-out ] * ipv4 dest-addr mask-length [ destination-ip-addr-header ] Available in any view Configuring BFD for LSPs You can configure BFD for an LSP to detect the connectivity of the LSP. You can also use MPLS LSP tracert to collect the important information of each hop along the LSP. Then. Such a BFD session is used for connectivity detection of an LSP from the local router to the remote router. Therefore. the MPLS LSP ping will be run automatically to negotiate the discriminator values and then the BFD session will be established based on the negotiated discriminator values. To locate errors of an LSP: Task Command Remarks Perform MPLS LSP tracert to locate an MPLS LSP error. • Static: If you specify the local and remote discriminator values by using the discriminator keyword when configuring the bfd enable command. forward the BFD control packet along the LSP to the egress. After the configuration. so as to locate the failed node.Task Command Remarks Use MPLS LSP ping to check the connectivity of an MPLS LSP. Upon detecting an LSP failure. Such a BFD session is used to detect the connectivity of a pair of LSPs in opposite directions (one from local to remote. You can also configure BFD session 27 . the BFD session will be established with the specified discriminator values. with the TTL increasing from 1 to a specific value. and determine the status of the LSP according to the reply received. the ingress can collect the information of each hop along the LSP. before enabling BFD for an LSP. Thus. Configuration prerequistes • The BFD session parameters are those configured on the loopback interface whose IP address is configured as the MPLS LSR ID. A BFD session for LSP connectivity detection can be static or dynamic. and the other from remote to local) between two routers. and the BFD packets will use the MPLS LSR ID as the source address. ping lsp [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m wait-time | -r reply-mode | -s packet-size | -t time-out | -v ] * ipv4 dest-addr mask-length [ destination-ip-addr-header ] Available in any view MPLS LSP tracert MPLS LSP tracert is for locating LSP errors. • Dynamic: If you do not specify the local and remote discriminator values when configuring the bfd enable command. a BFD session will be established between the ingress and egress of the LSP.

It detects the consistency of the forwarding plane and control plane and records detection results into logs. Configure BFD to check the connectivity of the LSPs to the specified FEC destination. • BFD for MPLS LDP is for detecting the IP connectivity between two remote LDP peers. For more information about BFD. the BFD session will still be established successfully. system-view N/A 2. If you configure BFD as well as periodic tracert for an LSP. Enter system view. Even if you configure the two nodes to both work in passive mode. Enter system view. • Configuring BFD for LSPs To configure BFD for LSPs: Step Command Remarks 1. once the periodic LSP tracert function detects an LSP fault or inconsistency of the forwarding plane and control plane. see High Availability Configuration Guide. bfd enable destination-address mask-length [ nexthop nexthop-address [ discriminator local local-id remote remote-id ] ] Not configured by default NOTE: • You cannot establish both a static BFD session and a dynamic BFD session for the same LSP. mpls lspv Disabled by default 3. make sure that there is already an LSP from the local router to the remote router and an LSP from the remote router to the local router. To configure the periodic LSP tracert function: Step Command Remarks 1. mpls lspv Disabled by default 28 . system-view N/A 2.parameters for the loopback interface as needed. You can know whether an LSP has failed by checking the logs. To establish a static BFD session. the ingress node always works in active mode and the egress node always works in passive mode. The bfd session init-mode command does not take effect on the ingress and egress nodes of such a BFD session. • After a static BFD session is established. • In a BFD session for detecting LSP connectivity. it is not allowed to modify the discriminator values of the BFD session. BFD for LSP is for detecting the connectivity of LSPs. Enable LSP verification and enter the MPLS LSPV view. Configuring periodic LSP tracert The periodic LSP tracert function is for locating faults of an LSP periodically. Enable LSP verification and enter the MPLS LSPV view. the BFD session for the LSP will be deleted and a new BFD session will be established according to the control plane.

see Network Management and Monitoring Command Reference. snmp-agent trap enable mpls Disabled by default NOTE: For more information about the snmp-agent trap enable mpls command. display mpls ilm [ label ] [ verbose ] [ slot slot-number ] [ include text | { | { begin | exclude | include } regular-expression } ] Available in any view Display the usage information of the specified or all labels. Configure periodic tracert for an LSP to the specified FEC destination. trap packets of the notifications level will be generated to report critical MPLS events. system-view N/A 2. Whether and where the packets will then be output depend on the configurations of the information center. Command Remarks periodic-tracert destination-address mask-length [ -a source-ip | -exp exp-value | -h ttl-value | -m wait-time | -t time-out | -u retry-attempt ] * Not configured by default Enabling MPLS trap If the MPLS trap function is enabled. To enable the MPLS trap function: Step Command Remarks 1. display mpls interface [ interface-type interface-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the ILM table. Enable the MPLS trap function. For more information about the information center. display mpls label { label-value1 [ to label-value2 ] | all } [ | { begin | exclude | include } regular-expression ] Available in any view 29 . Enter system view. Displaying and maintaining MPLS Displaying MPLS operation Task Command Remarks Display information about a specific or all interfaces with MPLS enabled. see Network Management and Monitoring Configuration Guide.Step 3. Such trap packets will be sent to the information center of the router.

Task Command Remarks Display information about LSPs. display mpls ldp fec [ vpn-instance vpn-instance-name ] dest-addr mask-length [ | { begin | exclude | include } regular-expression ] Available in any view 30 . display mpls ldp [ all [ verbose ] [ | { begin | exclude | include } regular-expression ] ] Available in any view Display the label advertisement information of the specified FEC. display mpls lsp statistics [ | { begin | exclude | include } regular-expression ] Available in any view Display the BFD detection information for an LSP. display mpls lsp bfd [ ipv4 destination-address mask-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the NHLFE table. display mpls static-lsp [ lsp-name lsp-name ] [ { include | exclude } dest-addr mask-length ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about LSPs over specified or all routes for the public or a specific private network. display mpls statistics interface { interface-type interface-number | all } [ | { begin | exclude | include } regular-expression ] Available in any view Displaying MPLS LDP operation Task Command Remarks Display information about LDP. display mpls route-state [ vpn-instance vpn-instance-name ] [ dest-addr mask-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display MPLS statistics for a specific or all LSPs. display mpls statistics lsp { index | all | name lsp-name } [ | { begin | exclude | include } regular-expression ] Available in any view Display MPLS statistics for a specific or all interfaces. display mpls nhlfe [ token ] [ verbose ] [ slot slot-number ] [ include text | { | { begin | exclude | include } regular-expression } ] Available in any view Display usage information about the NHLFE entries. display mpls nhlfe reflist token [ slot slot-number ] [ include text | { | { begin | exclude | include } regular-expression } ] Available in any view Display information about static LSPs. display mpls lsp [ incoming-interface interface-type interface-number ] [ outgoing-interface interface-type interface-number ] [ in-label in-label-value ] [ out-label out-label-value ] [ asbr | [ vpn-instance vpn-instance-name ] [ protocol { bgp | bgp-ipv6 | crldp | ldp | rsvp-te | static | static-cr } ] ] [ egress | ingress | transit ] [ { exclude | include } dest-addr mask-length ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display LSP statistics.

” Clearing MPLS statistics Task Command Remarks Clear MPLS statistics for a specific MPLS interface or all MPLS interfaces. reset mpls statistics lsp { index | all | name lsp-name } Available in user view 31 . display mpls ldp session [ all [ verbose] | [ vpn-instance vpn-instance-name ] [ peer-id | verbose ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display statistics information about all LSP sessions. display mpls ldp lsp [ all | [ vpn-instance vpn-instance-name ] [ dest-addr mask-length ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about CR-LSPs established by CR-LDP. vpn-instance vpn-instance-name specifies an LDP instance. reset mpls statistics interface { interface-type interface-number | all } Available in user view Clear MPLS statistics for a specific LSP or all LSPs. display mpls ldp session all statistics [ | { begin | exclude | include } regular-expression ] Available in any view Display information about LSPs established by LDP. display mpls ldp cr-lsp [ lspid lsr-id lsp-id ] [ | { begin | exclude | include } regular-expression ] Available in any view NOTE: In these display commands.Task Command Remarks Display information about LDP-enabled interfaces. display mpls ldp peer [ all [ verbose ] | [ vpn-instance vpn-instance-name ] [ peer-id | verbose ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about remote LDP peers. For information about LDP instances. display mpls ldp remote-peer [ remote-name remote-peer-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about LDP sessions between LDP peers. display mpls ldp interface [ all [ verbose ] | [ vpn-instance vpn-instance-name ] [ interface-type interface-number | verbose ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about LDP peers. see the chapter “Configuring MPLS L3VPN.

Configuration procedure 1.1. Figure 13 Network diagram Configuration considerations • On an LSP.1.0/24 and 21.1.1. # Configure MPLS on Router A.1.1. (Details not shown) 2.0/24 on Router C. Configure the IP addresses of the interfaces.255. Configure a static route to the destination address of the FEC on each ingress node. • Configure a static route to the destination address of the LSP on each ingress node.0/24 can access each other over MPLS.1. Configure the IP addresses and masks of the interfaces including the loopback interfaces as required in Figure 13.MPLS configuration examples Configuring static LSPs Network requirements Router A. • Configure an LSP for each direction on the forwarding path.1. [RouterA] mpls lsr-id 1. <RouterC> system-view [RouterC] ip route-static 11. Check the connectivity of the static LSPs.1.1. There is no need to configure such a static route on the transit and egress nodes and thus you do not need to configure any routing protocol on the routers.2 # Configure a static route to network 11.0 24 10.255. Router B.1.0/24 on Router A.1.1 3.1. Establish static LSPs between Router A and Router C so that subnets 10. the outgoing label of an upstream LSR must be identical with the incoming label of its downstream LSR.0 255.1.1. Enable MPLS. # Configure a static route to network 21.1.1. and Router C support MPLS. <RouterA> system-view [RouterA] ip route-static 21.0 20.9 [RouterA] mpls [RouterA-mpls] quit 32 .1.

1.1. Router B.1.1.1.9 [RouterC] mpls [RouterC-mpls] quit [RouterC] interface Pos 2/1/1 [RouterC-Pos2/1/1] mpls [RouterC-Pos2/1/1] quit 4. # Configure the LSP ingress. Verify the configuration. [RouterC] static-lsp ingress CtoA destination 11.0 24 nexthop 20. Router A.9 [RouterB] mpls [RouterB-mpls] quit [RouterB] interface Pos 2/1/1 [RouterB-Pos2/1/1] mpls [RouterB-Pos2/1/1] quit [RouterB] interface Pos 2/1/2 [RouterB-Pos2/1/2] mpls [RouterB-Pos2/1/2] quit # Configure MPLS on Router C.1.1.1.1.3.1. Router C.2 out-label 50 # Configure the LSP egress.2. Router A.3. [RouterB] static-lsp transit CtoA incoming-interface Pos 2/1/2 in-label 40 nexthop 10.0/24 NULL/30 -/Pos2/1/1 Up CtoA -/- 70/NULL Pos2/1/1/- Up 33 .2. [RouterA] static-lsp ingress AtoC destination 21.0 24 nexthop 10. [RouterB] static-lsp transit AtoC incoming-interface Pos 2/1/1 in-label 30 nexthop 20. Configure a static LSP from Router A to Router C. Create a static LSP from Router C to Router A. Router C.1 out-label 70 # Configure the LSP egress. Router B.1.1 out-label 40 # Configure the LSP transit node.2 out-label 30 # Configure the LSP transit node. [RouterA] static-lsp egress CtoA incoming-interface Pos 2/1/1 in-label 70 6. # Execute the display mpls static-lsp command on each router to view the static LSP information. [RouterC] mpls lsr-id 3.[RouterA] interface Pos 2/1/1 [RouterA-Pos2/1/1] mpls [RouterA-Pos2/1/1] quit # Configure MPLS on Router B.1.1. # Configure the LSP ingress.1. [RouterC] static-lsp egress AtoC incoming-interface Pos 2/1/1 in-label 50 5. [RouterB] mpls lsr-id 2. The following takes Router A as an example: [RouterA] display mpls static-lsp total statics-lsp : 2 Name FEC I/O Label I/O If State AtoC 21.

press CTRL_C to break Reply from 20.0/24 can reach each other over MPLS. and Router C support MPLS.1.0/24 and 21.2: bytes=100 Sequence=3 time = 1 ms Reply from 20.1. check the reachability of the LSP from Router A to Router C.1.1.1. Figure 14 Network diagram 34 . Router B.1.1.1. check the reachability of the LSP from Router C to Router A.1.00% packet loss round-trip min/avg/max = 1/1/2 ms # On Router C.1.0/24 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.1: bytes=100 Sequence=4 time = 2 ms Reply from 10.1.1.FEC: IPV4 PREFIX 11.2: bytes=100 Sequence=2 time = 2 ms Reply from 20.2: bytes=100 Sequence=1 time = 2 ms Reply from 20.1.1.2: bytes=100 Sequence=5 time = 2 ms --.1.1.1.1.1.2: bytes=100 Sequence=4 time = 2 ms Reply from 20.0/24 : 100 data bytes.1. [RouterC] ping lsp -a 21.1: bytes=100 Sequence=1 time = 3 ms Reply from 10.1.1. Configure LDP to establish LSPs between Router A and Router C so that subnets 11.FEC: IPV4 PREFIX 21.1.1.1.1: bytes=100 Sequence=3 time = 2 ms Reply from 10. [RouterA] ping lsp -a 11.1.1.1.1.0/24 : 100 data bytes. press CTRL_C to break Reply from 10.# On Router A.0 24 LSP Ping FEC: IPV4 PREFIX 11.1.1.1 ipv4 21.00% packet loss round-trip min/avg/max = 2/2/3 ms Configuring LDP to establish LSPs dynamically Network requirements Router A.1: bytes=100 Sequence=5 time = 2 ms --.0/24 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.1: bytes=100 Sequence=2 time = 2 ms Reply from 10.1.1 ipv4 11.1. Check the LSP connectivity.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 21.1.

1.1. LDP dynamically distributes labels and establishes LSPs and thus there is no need to manually configure labels for LSPs.0.9 0.0. Configure OSPF to ensure IP connectivity between the routers.0.0. Configure the IP addresses of the interfaces.2 Pos2/1/1 OSPF 10 2 10.Configuration considerations • Enable LDP on the LSRs.3.0 0.1.0.0.255 [RouterC-ospf-1-area-0.0] network 20.0] network 11.0.1 InLoop0 OSPF 10 1 10.0] quit [RouterA-ospf-1] quit # Configure OSPF on Router B.0.0.1.0.0 [RouterA-ospf-1-area-0.1.1.0] network 10.0] network 10. Take Router A as an example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 11 Destination/Mask Proto 1.0.255 [RouterC-ospf-1-area-0.0.255 [RouterB-ospf-1-area-0. Therefore.0.0.0] quit [RouterB-ospf-1] quit # Configure OSPF on Router C.0.1.1.0] network 2.1.0 0.1.0.0. You will see that each router has learned the routes to other routers.3. <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.9/32 2.0.0.2 Pos2/1/1 35 .0. • LDP uses routing information for label distribution.255 [RouterB-ospf-1-area-0.2.1.0.0.0.2.0. OSPF is used in this example.0 0.1.9 0.0 0.1.0.0.1.0.0.0] network 1.0.0.0 [RouterC-ospf-1-area-0.3.9/32 Routes : 11 Pre Cost NextHop Interface Direct 0 0 127. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.2.1. (Details not shown) 2.0.1. you need to configure a routing protocol to learn routing information. Configure the IP addresses and masks of the interfaces including the loopback interfaces as required in Figure 14.0] network 21.0] quit [RouterC-ospf-1] quit # Execute the display ip routing-table command on each router.1. # Configure OSPF on Router A.9 0.255 [RouterA-ospf-1-area-0.2.0.0 [RouterB-ospf-1-area-0.0.1.0. Configuration procedure 1.255 [RouterA-ospf-1-area-0.0 0.0.0.0.0] network 3.9/32 3.0.1.1.0. <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0.3.0 0.0] network 20.

1.0.1. Take Router A as an example: [RouterA] display mpls ldp session 36 . two local LDP sessions are established.1. [RouterC] mpls lsr-id 3.0.0.3.0.1 InLoop0 20.0.1 InLoop0 11. and execute the display mpls ldp peer command to view the LDP peer information.1.1 InLoop0 127.1.1/32 Direct 0 0 127.2. [RouterB] mpls lsr-id 2.1.1.1.1.2.0/8 Direct 0 0 127.1.0.1.1.1.1. # Configure MPLS and MPLS LDP on Router A.1. one between Router A and Router B and the other between Router B and Router C. 10.0.1.3.9 [RouterB] mpls [RouterB-mpls] quit [RouterB] mpls ldp [RouterB-mpls-ldp] quit [RouterB] interface Pos 2/1/1 [RouterB-Pos2/1/1] mpls [RouterB-Pos2/1/1] mpls ldp [RouterB-Pos2/1/1] quit [RouterB] interface Pos 2/1/2 [RouterB-Pos2/1/2] mpls [RouterB-Pos2/1/2] mpls ldp [RouterB-Pos2/1/2] quit # Configure MPLS and MPLS LDP on Router C.0.9 [RouterA] mpls [RouterA-mpls] quit [RouterA] mpls ldp [RouterA-mpls-ldp] quit [RouterA] interface Pos 2/1/1 [RouterA-Pos2/1/1] mpls [RouterA-Pos2/1/1] mpls ldp [RouterA-Pos2/1/1] quit # Configure MPLS and MPLS LDP on Router B.0/24 Direct 0 0 10.0/24 Direct 0 0 11.0.0.0/24 OSPF 10 3 10. [RouterA] mpls lsr-id 1.1.1 InLoop0 Enable MPLS and MPLS LDP.1/32 Direct 0 0 127.1/32 Direct 0 0 127.0.1.2 Pos2/1/1 21.9 [RouterC] mpls [RouterC-mpls] quit [RouterC] mpls ldp [RouterC-mpls-ldp] quit [RouterC] interface Pos 2/1/1 [RouterC-Pos2/1/1] mpls [RouterC-Pos2/1/1] mpls ldp [RouterC-Pos2/1/1] quit # After the configurations.1.1.1 Pos2/1/1 10.3.0/24 OSPF 10 2 10.1 GE3/1/1 11.0.1.2 Pos2/1/1 127.1. Execute the display mpls ldp session command on each router to view the LDP session information.

3.2 -------/Pos2/1/1 4 11.1.1.1.0/24. # Execute the display mpls ldp lsp command on each router to view the LDP LSP information.1. Take Router A as an example: [RouterA] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.0/24 3/NULL 0.1.9/32 NULL/1024 10.1. Allow all static routes and IGP routes to trigger establishment of LSPs. [RouterB] mpls [RouterB-mpls] lsp-trigger all [RouterB-mpls] quit # Configure the LSP establishment triggering policy on Router C.1.2.1.9 Pos2/1/1 ---------------------------------------------------------------- 4.2 -------/Pos2/1/1 6 21. [RouterA] mpls [RouterA-mpls] lsp-trigger all [RouterA-mpls] quit # Configure the LSP establishment triggering policy on Router B.1.2.2.1.3.1.2.1.2.2 -------/Pos2/1/1 ------------------------------------------------------------------A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale # On Router A.0/24 NULL/3 10.9:0 2.0.9/32 3/NULL 127.0 -------/GE3/1/1 5 20.0.2 -------/Pos2/1/1 3 3. 37 . check the connectivity of the LDP LSP from Router A to 21.9:0 Operational DU Passive Off Off 5/5 ---------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [RouterA] display mpls ldp peer LDP Peer Information in Public network Total number of peers: 1 ----------------------------------------------------------------Peer-ID Transport-Address Discovery-Source ---------------------------------------------------------------2. # Configure the LSP establishment triggering policy on Router A.LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ---------------------------------------------------------------2.1.1.1.0.1.1 -------/InLoop0 2 2.2.1. [RouterC] mpls [RouterC-mpls] lsp-trigger all [RouterC-mpls] quit 5.0/24 NULL/1027 10.9/32 NULL/3 10. Verify the configuration.2.0.1.2.

1.1.” 2.1.0/24 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.1. see Figure 13. Make sure that two LDP LSPs are established between Router A and Router C.1.FEC: IPV4 PREFIX 21.1.1.[RouterA] ping lsp ipv4 21.1. [RouterC] ping lsp ipv4 11.1: bytes=100 Sequence=4 time = 3 ms Reply from 10.1.1.1. <RouterC> system-view [RouterC] mpls lspv [RouterC-mpls-lspv] bfd enable 11.1.2: bytes=100 Sequence=2 time = 2 ms Reply from 20.1: bytes=100 Sequence=5 time = 2 ms --.2: bytes=100 Sequence=3 time = 1 ms Reply from 20.1. <RouterA> system-view [RouterA] mpls lspv [RouterA -mpls-lspv] bfd enable 21. Enable BFD for LSP validity check.1.1.0/24. For more information.FEC: IPV4 PREFIX 11.1. press CTRL_C to break Reply from 20. see “Configuring LDP to establish LSPs dynamically.0 24 38 .0 24 LSP Ping FEC: IPV4 PREFIX 21.1.1.1: bytes=100 Sequence=1 time = 2 ms Reply from 10.0 24 LSP Ping FEC: IPV4 PREFIX 11.1.0/24 : 100 data bytes.1.1.2: bytes=100 Sequence=5 time = 3 ms --.1: bytes=100 Sequence=2 time = 2 ms Reply from 10.1: bytes=100 Sequence=3 time = 2 ms Reply from 10.1.2: bytes=100 Sequence=4 time = 1 ms Reply from 20.00% packet loss round-trip min/avg/max = 1/2/3 ms # On Router C.0 24 [RouterA -mpls-lspv] quit # Configure Router C.1.1.2: bytes=100 Sequence=1 time = 3 ms Reply from 20. Configuration procedure 1.0/24 : 100 data bytes.1.1.1.1.1.1.00% packet loss round-trip min/avg/max = 2/2/3 ms Configuring BFD for LSP validity check Network requirements For the network diagram.1.1.1.0/24 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1. press CTRL_C to break Reply from 10. check the connectivity of the LDP LSP from Router C to 11. # Configure Router A. Configure LDP sessions.1. Use BFD to detect the connectivity of the LSPs.

1.9 : LSP Session State : Up : LSP Session Role : Passive FEC : 21.1.0/24. Take Router A as an example: [RouterA] display mpls lsp bfd MPLS BFD Session(s) Information ----------------------------------------------------------------------------FEC : 11.1.1.9 Destination IP: 127.1 Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Recv Pkt Num: 18 Send Pkt Num: 18 Hold Time: 1900ms Connect Type: Indirect Running Up for: 00:02:36 Auth mode: None Protocol: MFW/LSPV Diag Info: No Diagnostic Local Discr: 130 Remote Discr: 130 Source IP: 1.2 Source IP : 1.0/24 to 1.0/24 and 21.9 Destination IP: 3.3.[RouterC-mpls-lspv] quit 3.1.1.9 Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Recv Pkt Num: 18 Send Pkt Num: 18 39 .0.1.1. Execute the display mpls lsp bfd command on Router A and Router C to view information about BFD sessions established for LSPs.1.0.0/24 Type Local Discr : 129 Remote Discr : 129 Tunnel ID : 0x6040000 NextHop : 10.0/24 Type Local Discr : 130 Remote Discr : 130 Tunnel ID : --- NextHop : --- Source IP : 3.0/24.1.3.9 Session State : Up Session Role : Active Total Session Num: 2 The output indicates that two BFD sessions have been established between 11.3.0/24: one for detecting the connectivity of the LSP from 1.1.1.1.1. and the other for detecting the connectivity of the LSP from 21.1.1.0/24 to 21.1.1.1.3.1.1.1.1. Verify the configuration. Use the following command to view the verbose information of the BFD sessions: [RouterA] display bfd session verbose Total session number: 2 Up session number: 2 Init mode: Active IPv4 session working under Ctrl mode: Local Discr: 129 Remote Discr: 129 Source IP: 1.1.

Hold Time: 1900ms Connect Type: Indirect Running Up for: 00:02:28 Auth mode: None Protocol: MFW/LSPV Diag Info: No Diagnostic 40 .

Despite all the benefits. Because IGPs are topology-driven and consider only network connectivity. routing parameters and resources constraints. • LSP routing is easy to manage and maintain compared with traditional packet-by-packet IP forwarding. An overlay model provides a virtual topology above the physical network topology for a more scalable network design. 41 . It may occur either when network resources are inadequate or when load distribution is unbalanced. To implement TE.MPLS TE configuration MPLS TE overview Traffic engineering and MPLS TE Let us get familiar with traffic engineering (TE) before going on to MPLS-TE. Efficiently managing it is one major task of TE. It delivers these benefits: • Reserve resources by establishing LSP tunnels to specific destinations. MPLS TE combines the MPLS technology and traffic engineering. TE can make best utilization of network resources and avoid non-even load distribution by real-time monitoring traffic and traffic load on each network elements to dynamically tune traffic management attributes. This IGP disadvantage can be repaired by using an overlay model. overlay models are not suitable for implementing traffic engineering in large-sized backbones because of their inadequacy in extensibility. such as IP over ATM or IP over FR. minimization of delay. you can use interior gateway protocols (IGPs) or Multiprotocol Label Switching (MPLS). MPLS TE is a better traffic engineering solution for its extensibility and ease of implementation. These are performance objectives that enhance Quality of Service (QoS) of traffic streams. These are performance objectives that optimize resources utilization. maximization of throughput and enforcement of service level agreement (SLA). In this sense. • MPLS TE uses less system resources compared with other traffic engineering implementations. they fail to present some dynamic factors such as bandwidth and traffic characteristics. Bandwidth is a crucial resource on networks. It also provides better traffic and resources control support for implementing a variety of traffic engineering policies. The performance objectives associated with TE can be either of the following: • Traffic oriented. This allows traffic to bypass congested nodes to achieve appropriate load distribution. • Resource oriented. MPLS is better than IGPs in implementing traffic engineering for the following reasons: • MPLS supports explicit LSP routing. • Constraint-based Routed Label Distribution Protocol (CR-LDP) is suitable for implementing a variety of traffic engineering policies. Network congestion is one of the major problems that can degrade your network backbone performance. such as minimization of packet loss. TE is intended to avoid the latter situation where partial congestion may occur as the result of inefficient resource allocation.

It is derived from SPF and makes calculation based on two conditions: • Constraints on the LSP to be set up with respect to bandwidth. Special offline tools are also available for the traffic analysis performed when the number of LSPs is large. calculating paths. and forwarding packets. A set of such LSP tunnels is called a traffic engineered tunnel (TE tunnel). Basic concepts of MPLS TE LSP tunnel On an LSP. In MPLS TE. With MPLS TE. In this sense. The traffic thus is transparent to the transits nodes on the LSP. color. TE compliant path to a node. This is achieved by extending link state-based IGPs such as OSPF and IS-IS. MPLS TE can provide route backup and Fast Reroute (FRR). OSPF and IS-IS extensions add to link states such TE attributes as link bandwidth. Static CR-LSP processing is simple. Advertising TE attributes MPLS TE must be aware of dynamic TE attributes of each link on the network. They are configured at the LSP ingress. MPLS TE tunnel Reroute and transmission over multiple paths may involve multiple LSP tunnels. color. • TEDB 42 . MPLS TE implementation MPLS TE mainly accomplishes the following functions: • Static Constraint-based Routed LSP (CR-LSP) processing to create and remove static CR-LSPs. the Constraint-based Shortest Path First (CSPF) algorithm is used to calculate the shortest. a network administrator can eliminate network congestion simply by creating some LSPs and congestion bypass nodes. explicit path and other constraints. after packets are labeled at the ingress node. Calculating paths Link state-based routing protocols use Shortest Path First (SPF) to calculate the shortest path to each network node. • Dynamic CR-LSP processing to handle three types of CR-LSPs: basic CR-LSPs. while dynamic CR-LSP processing involves four phrases: advertising TE attributes. The bandwidth of a static CR-LSP must be configured manually. setup/holding priority. MPLS TE allows bandwidth-hungry LSPs or critical user traffic to occupy the bandwidth for lower priority LSP tunnels. establishing paths. an LSP can be regarded as a tunnel. among which maximum reservable link bandwidth and non-reserved bandwidth with a particular priority are most important. Each node collects the TE attributes of all links on all routers within the local area or at the same level to build up a TE database (TEDB). • In case an LSP tunnel fails or congestion occurs on a network node. backup CR-LSPs and fast rerouted CR-LSPs.• When network resources are insufficient. the packets are forwarded based on label.

and service granularity. The mechanism setting up and managing constraints is called Constraint-based Routing (CR). setup priority and holding priority. with a lower numerical number indicating a higher priority. CR-LSP Unlike ordinary LSPs established based on routing information. selected path. RSVP is a well-established technology in terms of its architecture. you may use two types of signaling: CR-LDP and RSVP-TE. while CR-LDP is an emerging technology with better scalability. Preemption CR-LDP signals the resources required by a path on each hop of the route. This is called path preemption. existing paths may be rerouted to reallocate resources to the new path. Traffic characteristics Traffic is described in terms of peak rate. Both can carry constraints such as LSP bandwidth. and color and deliver the same function. Two priorities. some explicit route information. The peak and committed rates describe the bandwidth constraints of a path while the service granularity specifies a constraint on the delay variation that the CR-LDP MPLS domain may introduce to a path's traffic. Both CR-LDP and RSVP-TE are supported on your router. committed rate. An LSP is called a loose explicit route if the downstream LSR selection conditions rather than LSRs are defined.CSPF first prunes TE attribute incompliant links from the TEDB and then performs SPF calculation to identify the shortest path to an LSP egress. Establishing paths When setting up LSP tunnels. protocol procedures and support to services. Both setup and holding priorities range from 0 to 7. 43 . are assigned to paths for making preemption decision. If a route with sufficient resources cannot be found. CR-LSPs are established based on criteria such as bandwidth. and QoS parameters in addition to routing information. Forwarding packets Packets are forwarded over established tunnels. They are different in that CR-LDP establishes LSPs using TCP while RSVP-TE using raw IP. CR-LSP involves these concepts: • Strict and loose explicit routes • Traffic characteristics • Preemption • Route pinning • Administrative group and affinity attribute • Reoptimization Strict and loose explicit routes An LSP is called a strict explicit route if all LSRs along the LSP are specified.

The following are features of RSVP: • Unidirectional • Receiver oriented. Together with the link administrative group. When initiating an LSP at the ingress. They can do this manually but CR-LSP measurement and tuning are required. two QoS models are available: Integrated Service (IntServ) and Differentiated Service (DiffServ). In this case. If this is undesirable. a new CR-LSP will be established to replace the old one. Route pinning Route pinning prevents an established CR-LSP from changing upon route changes. the network administrator will be unable to identify from which part of the network the required bandwidth should be obtained when setting up a CR-LSP. loose explicit route (ER-hop) with required resources is used. the network administrator can set up the CR-LSP using route underpinning to make it a permanent path. the setup priority of the new path must be greater than the holding priority of the existing path. It is an Internet control protocol similar to ICMP. may change when the route changes. CR-LDP Constraint-based Routed Label Distribution Protocol (CR-LDP) is an extension to LDP. when a better next hop becomes available. You may configure it to meet desired QoS. for example. Administrative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use. RSVP-TE Overview Currently. To avoid flapping caused by improper preemptions between CR-LSPs. The receiver initiates resource reservation requests and is responsible for maintaining the reservation information. Alternatively. It reserves resources on each node along a path. it decides which links the MPLS TE tunnel can use. To initiate a preemption. service providers use some mechanism to optimize CR-LSPs for best use of network resources. the Resv message of RSVP-TE is sent. If a better route is found for an existing CR-LSP. and services will be switched to the new CR-LSP. Reoptimization Traffic engineering is a process of allocating/reallocating network resources. Resource Reservation Protocol (RSVP) is designed for IntServ. 44 . It is used in MPLS TE to create an explicit path with resource reservation between the ingress node and the egress node. The CR-LSP thus established however. RSVP operates at the transport layer but does not participate in data transmission. the setup priority of a CR-LSP should not be set higher than its holding priority. they can use MPLS TE where CR-LSPs are dynamically optimized. Normally. Dynamic CR-LSP optimization involves periodic calculation of paths that traffic trunks should traverse. If a network does not run IGP TE extension. CR-LDP appends some constraints in the label request message.For a new path to preempt an existing path.

Resource reservation style Each LSP set up using RSVP-TE is assigned a resource reservation style. the receiver decides which reservation style can be used for this session and thus which LSPs can be used. A state is to be removed if no refresh messages are received for it in certain interval. The resource reservation state includes the path state and the reservation state. which is operating as a signaling protocol for LSP tunnel setup in MPLS TE. 2. and protocol type. The path state is generated and refreshed by the Path message. Soft state Soft state is a mechanism used in RSVP-TE to periodically refresh the resource reservation state on a node. the make-before-break mechanism does not take effect. priority. Make-before-break Make-before-break is a mechanism to change MPLS TE tunnel attributes with minimum data loss and without extra bandwidth. the router will delete the MPLS TE tunnel and then re-establish it. such as tunnel destination. This extended RSVP is called RSVP-TE. NOTE: SE is only used for make-before-break because multiple LSPs cannot be present on the same session. and the reservation state is generated and refreshed by the Resv message. NOTE: If you change key attributes of an MPLS TE tunnel. Shared-explicit style (SE) where resources are reserved for senders on the same session and shared among them. In this process. Extended RSVP can support MPLS label distribution and allow resource reservation information to be transmitted with label bindings.• Using soft state mechanism to maintain resource reservation information. Two reservation styles are available: Fixed-filter style (FF) where resources are reserved for individual senders and cannot be shared among senders on the same session. CT. Basic concepts of RSVP-TE 1. Figure 15 Diagram for make-before-break 45 . During an RSVP session.

These objects carry not only label bindings but also routing constraints. Router A → Router E → Router C → Router D. supporting CR-LSP and FRR. thus accomplishing label advertisement and transmission. • PathTear messages—Sent downstream immediately once created to remove the path state and related reservation state on each node along the path. The remaining bandwidth is then 30 Mbps. It allows the new path to share the bandwidth of the original path at the Router C → Router D link. RSVP-TE messages RSVP-TE uses RSVP messages with extensions. • New objects added to the Resv message include LABEL and RECORD_ROUTE The LABEL_REQUEST object in the Path message requests the label bindings for an LSP. If 40 Mbps path bandwidth is requested. EXPLICIT_ROUTE. and SESSION_ATTRIBUTE. The following are RSVP messages: • Path messages—Transmitted along the path of data transmission downstream by each RSVP sender to save path state information on each node along the path.Figure 15 presents a scenario where a path Router A → Router B → Router C → Router D is established with 30 Mbps reserved bandwidth between Router A and Router D. It is also saved in the path state block. Resv messages—Sent by each receiver upstream towards senders to request resource reservation and to create and maintain reservation state on each node along the reverse of data transmission path. They do not affect the state of the nodes along the path. • New objects added to the Path message include LABEL_REQUEST. Setting up an LSP tunnel Figure 16 shows how to set up a LSP tunnel with RSVP: 46 . To address the problem. because the bandwidth of the Router C → Router D link is inadequate. • ResvErr messages—Sent downstream to notify the downstream nodes that error occurs during Resv message processing or reservation error occurs as the result of preemption. • ResvTear messages—Sent upstream immediately once created to remove the reservation state on each node along the path. This helps avoid traffic interruption effectively. • PathErr messages—Sent upstream to report Path message processing errors to senders. traffic is switched to the new path and the previous path is torn down. The node receiving LABEL_REQUEST advertises the label binding using the LABEL object in the Resv message to the upstream node. you may use the make-before-break mechanism. The TE extension to RSVP adds new objects to the Path message and the Resv message. The problem cannot be addressed by selecting another path. the remaining bandwidth of the Router A → Router B → Router C → Router D path will be inadequate. RECORD_ROUTE. • Hello messages—Sent between any two directly connected RSVP neighbors to set up and maintain the neighbor relationship that has local significance on the link. Upon creation of the new path. • ResvConf messages—Sent to receivers to confirm Resv messages.

Summary refresh extension Send summary refreshes (Srefreshes) rather than retransmit standard Path or Resv messages to refresh related RSVP state. and BSB timeouts To create an LSP tunnel. thus improving transmission reliability. The LSRs that the Resv message traverses along the path reserve resources as required. In addition. the refreshing delay they must wait for recovering lost RSVP messages may be unbearable. This reduces refresh traffic and allows nodes to make faster processing. RSVP refresh mechanism RSVP maintains path and reservation state by periodically retransmitting two types of messages: Path and Resv. 2. After receiving the Path message. you must use the Message_ID extension. 2. 47 . you may configure RSVP message retransmission. If no ACK is received before the initial retransmission interval (Rf seconds for example) expires. When the ingress LSR receives the Resv message. They are sent along the path that the last Path or Resv message travels to synchronize state between RSVP neighbors and recover lost RSVP messages. Of them. the receiver assigns a label for the path and puts the label binding in the LABEL object in the returned Resv message. Only states advertised using MESSAGE_ID included Path and Resv messages can be refreshed using summary refreshes. periodically sent refresh messages become a network burden. the interface resends the message at an exponentially increased retransmission interval equivalent to (1 + Delta) × Rf seconds. On an interface enabled with the Message_ID mechanism. it waits for acknowledgement. The Message_ID extension mechanism defined in RFC 2961 adds objects that can be carried in RSVP messages. The ingress LSR sends a Path message that carries the label request information. the Message_ID object and the Message_ID_ACK object are used to acknowledge RSVP messages. services transmitted on the LSP are guaranteed. PSB. Message_ID extension RSVP itself uses Raw IP to send messages. As tuning refresh intervals is not adequate to address the two problems. the sender sends a Path message with a LABEL_REQUEST object. To use summary refresh. After receiving this Path message. After that.Figure 16 Set up an LSP tunnel The following is a simplified procedure for setting up an LSP tunnel with RSVP: 1. LSP is established. for some delay sensitive applications. the interface resends the message. These periodically retransmitted Path and Resv messages are called refresh messages. When many RSVP sessions are present. and then forwards the message along the path calculated by CSPF hop-by-hop towards the egress LSR. RSB. the egress generates a Resv message carrying the reservation information and label and then forwards the message towards the ingress along the reverse direction of the path along which the Path message travels. the refreshing mechanism was extended in RFC 2961 RSVP Refresh Overhead Reduction Extensions as follows to address the problems: 1. As resources are reserved on the LSRs along the path for the LSP established using RSVP-TE. 3. After the interface sends an RSVP message.

the router can act as a GR restarter and a GR helper at the same time. RSVP-TE GR RSVP-TE Graceful Restart (GR) preserves the soft state and label forwarding information when the signaling protocol or control plane fails. NOTE: If configured with RSVP-TE GR. This however should not prevent the resources reserved for the request from being used by other requests. traffic is still IP routed if you do not configure it to travel the tunnel. the recovery timer is started and signaling packet exchanging is triggered to restore the original soft state. so that LSRs can still forward packets according to forwarding entries. It must be GR-capable. the node transits to the blockade state and a blockade state block (BSB) is created on each downstream node. A GR helper must be GR-capable. To handle this situation. Traffic forwarding Even when an MPLS TE tunnel is available. or automatic route advertisement. You only need to manually create a route that reaches the destination through the tunnel interface. If a GR helper and the GR restarter reestablish a Hello session before the restart timer expires. you can use static routing. the GR helpers retain soft state information about the GR restarter and keep sending Hello packets periodically to the GR restarter until the restart timer expires. • GR helper. neighbor of the GR restarter. The RSVP-TE GR function depends on the extended hello capability of RSVP-TE. all RSVP soft state information and forwarding entries relevant to the neighbor will be removed. The state stored in the PSB or RSB object times out and is removed after the number of consecutive non-refreshing times exceeds the PSB or RSB timeout keep-multiplier. A device that participates in an RSVP-TE GR process plays either of the following two roles: • GR restarter. ensuring continuous data transmission. A GR helper maintains the neighbor relationship with the GR restarter and helps the GR restarter restore its LFIB information. Static routing Static routing is the easiest way to route traffic along an MPLS TE tunnel. Otherwise. allowing data to be forwarded without interruption when the GR restarter is rebooting. If the recovery timer expires. soft state information and forwarding entries that are not restored during the GR restarting process will be removed. If a device and all its neighbors have the RSVP GR capability and have exchanged GR parameters. You may sometimes want to store the resource reservation state for a reservation request that does not pass the admission control on some node. A GR-capable device advertises its GR capability and relevant time parameters to its neighbors by extended RSVP hello packets. each of them can function as the GR helper of another device. For traffic to be routed along an MPLS TE tunnel. When the number of non-refreshing times exceeds the blockade multiplier.The LABEL_REQUEST object is stored in the path state block (PSB) on the upstream nodes. A GR helper considers that a GR restarter is rebooting when it receives no Hello packets from the restarter in a specific period of time. while the LABEL object is stored in the reservation state block (RSB) on the downstream nodes. the router that gracefully restarts due to a manually configured command or a fault. policy-based routing. 48 . the state in the BSB is removed. When a GR restarter is rebooting.

also known as autoroute announce. see Layer 3—IP Routing Configuration Guide. considers a TE tunnel as a logical interface directly connected to the destination when computing IGP routes on the ingress of the TE tunnel. see Layer 3—IP Routing Configuration Guide. Automatic route advertisement You can use automatic route advertisement to advertise MPLS TE tunnel interface routes to IGPs. IGP shortcut. Router A cannot use this tunnel to reach Router C. Router A can known the presence of the TE tunnel and thus forward traffic to Router C to Router D though this tunnel. Two approaches are available to automatic route advertisement: IGP shortcut and forwarding adjacency. 49 . OSPF and IS-IS support both approaches where TE tunnels are considered point-to-point links and TE tunnel interfaces can be set as outgoing interfaces. the ingress node Router D can use this tunnel when calculating IGP routes. IGP shortcut and forwarding adjacency are different in that in the forwarding adjacency approach. a TE tunnel is present between Router D and Router C. With IGP shortcut enabled. is invisible to Router A. Policy-based routing You can also use policy-based routing to route traffic over an MPLS TE tunnel. therefore. NOTE: For more information about policy-based routing. routes with TE tunnel interfaces as outgoing interfaces are advertised to neighboring routers but not in the IGP shortcut approach. you need to create a policy that specifies the MPLS TE tunnel interface as the output interface for traffic that matches certain criteria defined in the referenced ACL. Therefore.NOTE: For more information about static routing. In this approach. This policy should be applied to the incoming interface. TE tunnels are visible to other routers in the forwarding adjacency approach but not in the IGP shortcut approach. This tunnel. allowing traffic to be routed down MPLS TE tunnels. With forwarding adjacency enabled. however. Figure 17 IGP shortcut and forwarding adjacency As shown in Figure 17.

In this approach. traffic is switched to the protection link and the headend of the LSP starts attempting to set up a new LSP. traffic is switched to the bypass LSP. In the same TE tunnel. switches traffic back. FRR Overview Fast Reroute (FRR) provides a quick per-link or per-node protection on an LSP. As shown in Figure 18. It must be located on the primary LSP but must not be the egress. Protection FRR provides link protection and node protection for an LSP as follows: • Link protection. This is how LSP path protection is achieved. the LSP used to back up a primary LSP is called a secondary LSP. and the bypass LSP is Router B → Router F → Router C. It must be located on the primary LSP but must not be the ingress. This is different from Fast Reroute (FRR) which provides quick but temporary per-link or per-node protection on an LSP. • Merge point (MP)—The egress of the bypass LSP. Two approaches are available for CR-LSP backup: • Hot backup where a secondary CR-LSP is created immediately after a primary CR-LSP is created. where the PLR and the MP are connected through a direct link and the primary LSP traverses this link.The configuration of IGP shortcut and forwarding adjacency is broken down into tunnel configuration and IGP configuration. Once a link or node on an LSP configured with FRR fails. When the ingress of a TE tunnel detects that the primary LSP is unavailable. • Bypass LSP—An LSP used to protect the primary LSP. This can happen as fast as 50 milliseconds thus minimizing data loss. 50 . FRR comes up to reroute the path to a new link or node to bypass the failed link or node. • The tunnel destination address should be reachable through intra-area routing. MPLS TE switches traffic to the secondary CR-LSP after the primary CR-LSP fails. When making tunnel configuration on a TE tunnel interface. When the link fails. once a link or node fails on a path. the primary LSP is Router A → Router B → Router C → Router D. CR-LSP backup CR-LSP backup provides end-to-end path protection for the entire LSP without time limitation. it switches traffic to the secondary LSP and after the primary LSP becomes available. • Point of local repair (PLR)—The ingress of the bypass LSP. Basic concepts The following are concepts that FRR involves throughout this document: • Primary LSP—The protected LSP. • Standard backup where a secondary CR-LSP is created to take over after the primary CR-LSP fails. consider the following: • The tunnel destination address should be in the same area where the tunnel interface is located.

As shown in Figure 19. Protection switching may be command triggered or signal triggered. A main tunnel and its protection tunnels form a protection group. Because bypass LSPs are pre-established. the router supports only 1:1 protection switching. use FRR for crucial interfaces or links only. When the main tunnel fails. one protection tunnel is used to service one main tunnel. FRR requires extra bandwidth. one main and one backup. Normally. Command switching refers to a PS triggered by an externally configured switching command. 1. data can be switched back to the main tunnel. greatly improving the reliability of the network. data is switched to a protection tunnel immediately. the primary LSP is Router A → Router B → Router C → Router D → Router E. When the main tunnel recovers. it will switch data to the protection tunnel. lock (lockout of protection)—Always uses the main LSP to transfer data. traffic is switched to the bypass LSP. make sure the protected link or node is not on the bypass LSP. user data travels along the main tunnel. Between the ingress and egress. When the router fails. 51 . At present. there are two tunnels.Figure 18 FRR link protection • Node protection. which can define the following switching actions (in the descending order of priority): clear—Clears all configured switching actions. Router C is the protected router. and the bypass LSP is Router B → Router F→ Router D. that is. When network bandwidth is insufficient. If the ingress finds a defect of the main tunnel by using a probing mechanism. where the PLR and the MP are connected through a router and the primary LSP traverses this router. Figure 19 FRR node protection Deploying FRR When configuring the bypass LSP. PS for an MPLS TE tunnel Protection switching (PS) refers to establishing one or more protection tunnels (backup tunnels) for a main tunnel.

force (forced switch)—Forces data to travel on the backup LSP. DiffServ-aware TE (DS-TE) combines them to optimize network resources allocation at a per-service class level. In practice. and RFC 4127. The setup priority or holding priority of an LSP transporting a traffic trunk from that CT must be the preemption priority for the CT. The router supports the following DS-TE modes: • Prestandard mode—Implemented by using H3C proprietary mechanisms • IETF mode—Implemented according to RFC 4124. MPLS TE is a traffic engineering solution that focuses on optimizing network resources allocation. • Bandwidth Constraint (BC): Restricts the bandwidth for one or more class types. this means varied bandwidth constraints. DS-TE allocates link bandwidth. in the descending order: Clear Lockout of protection Forced switch Signal fail Manual switch DiffServ-aware TE Overview Diff-Serv is a model that provides differentiated QoS guarantees based on class of service. and performs admission control for a traffic trunk according to the traffic trunk’s CT. Examples include a PS that occurs during BFD detection for MPLS-TE tunnels. For traffic trunks which are distinguished by class of service. Signal switching (Signal Fail) refers to a PS automatically triggered by a signal fail declaration. 52 . manual (manual switch)—Switches data from the main LSP to the backup LSP or vice versa. a switching command takes effect only when its priority is higher than that of a signal fail declaration. DS-TE supports two BC models. RFC 4125. the maximum number of Bandwidth Constraints (MaxBC) and the mappings between BCs and CTs. 2. Russian Dolls Model (RDM) and Maximum Allocation Model (MAM). A given traffic trunk belongs to the same CT on all links. implements constraint-based routing. making each traffic trunk traverse the constraints-compliant path. • TE class: A pair consisting of a CT and a preemption priority for the CT. Essentially. The following shows the priority of the externally configured switching actions and the signal fail switching. A BC model comprises two factors. Basic concepts • Class Type (CT): A set of traffic trunks crossing a link that is governed by a specific set of bandwidth constraints. • Bandwidth constraints model: Algorithm for implementing bandwidth constraints on different CTs. what DS-TE does is to map traffic trunks with LSPs.

CT 1. eight priorities. BC 0 is for CT 2. Determine the CT of traffic flows. • The prestandard mode is proprietary. 2. The total bandwidth of the traffic of CT 2 and CT 1 cannot exceed BC 1. The IETF mode supports four CTs (CT 0 through CT 3). CT 1. a BC constrains the total bandwidth of multiple CTs. and CT 0. In cooperation with priority preemption. You can use the mpls te max-reservable-bandwidth command on an MPLS TE tunnel interface to configure the bandwidth constraints of the tunnel interface. MAM is suitable for networks where traffic of each CT is stable. A router classifies traffic flows according to your configuration. the RDM model can also implement the isolation across CTs. Figure 20 RDM bandwidth constraints model In MAM model. BC 1 is for CT 2 and CT 1. When configuring a static MPLS TE tunnel. RDM is suitable for networks where traffic is unstable and traffic bursts may occur. The IETF mode is a standard mode implemented according to relative RFCs. as shown in Figure 20: BC 2 is for CT 2. The relation between BCs and CTs varies in different BC models: In RDM model.NOTE: • The prestandard mode supports two CTs (CT 0 and CT 1). ensuring each CT its share of bandwidth. and up to eight TE classes. The router determines whether there is enough bandwidth to establish an MPLS TE tunnel for a traffic trunk according to the traffic trunk’s CT and the tunnel interface’s BCs. a router needs to: 1. Compared with RDM. and therefore a device working in prestandard mode cannot communicate with devices of some other vendors. This ensures isolation across CTs no matter whether preemption is used or not. you can use the mpls te bandwidth command on the tunnel interface to specify a CT for the traffic flows to be forwarded by the tunnel. you can use the bandwidth keyword to specify a CT for the traffic flows to be forwarded along the tunnel. and CT 0 cannot exceed BC 0. a BC constrains the bandwidth of only one CT on an interface. eight priorities. The total bandwidth of the traffic of CT 2 cannot exceed BC 2. A device working in IETF mode can communicate with devices of other vendors. Figure 21 shows an example: 53 . BC 0 equals the maximum reservable bandwidth of the tunnel. MAM is easy to understand and configure. Working process To establish MPLS TE tunnels according to CTs of traffic trunks. and up to 16 TE classes. When configuring a dynamic MPLS TE tunnel. The total bandwidth of the traffic of CT 2. In this model. Check whether there is enough bandwidth available for the CT.

while the IETF mode allows for TE class configuration. The router checks whether the CT and the LSP setup/holding priority of the traffic trunk matches an existing TE class. Every node along the tunnel has a TE class that matches the traffic trunk’s CT and the LSP holding priority. NOTE: The prestandard mode does not allow you to configure TE classes. BC 1 is for CT 1. and CT 2 cannot exceed the maximum reservable bandwidth. An MPLS TE tunnel can be established for the traffic trunk only when the following conditions are satisfied: Every node along the tunnel has a TE class that matches the traffic trunk’s CT and the LSP setup priority. The bandwidth occupied by the traffic of CT 2 cannot exceed BC 2. MPLS LDP over MPLS TE Figure 22 Establish an LDP LSP across the network core layer 54 . Check whether the traffic trunk matches an existing TE class. The bandwidth occupied by the traffic of CT 0 cannot exceed BC 0.BC 0 is for CT 0. BC 2 is for CT 2. The bandwidth occupied by the traffic of CT 1 cannot exceed BC 1. Figure 21 MAM bandwidth constraints model 3. CT 1. The total bandwidth occupied by CT 0.

when using the MPLS TE tunnel to establish the LDP LSP. see MPLS Command Reference. Then. RSVP-TE: Extensions to RSVP for LSP Tunnels • RFC 2961. label bindings can be exchanged and an LDP LSP can be established between the MPLS TE tunnel headend and tailend. and MPLS networks in the distribution layer usually use LDP as the label distribution signaling. you can use the MPLS TE tunnel that is already established in the core layer. Requirements for Traffic Engineering Over MPLS • RFC 3212. To set up an LDP LSP tunnel across the core layer. The LDP LSP is carried on the MPLS TE tunnel. To enable LDP to advertise prefix-based labels through a remote session. Constraint-Based LSP Setup using LDP • RFC 2205. For more information about the prefix-label advertise command. MPLS TE is usually deployed only in the core layer. in layered networks. All you have to do is to establish a remote session between the headend and tailend of the MPLS TE tunnel. Protocols and standards • RFC 2702. To simplify the configuration. Figure 23 Configure an LDP LSP over an MPLS TE LSP NOTE: By default. Protection switching for MPLS networks MPLS TE configuration task list Complete the following tasks to configure MPLS TE: 55 . you need to configure the prefix-label advertise command. Requirements for Support of Differentiated Service-aware MPLS Traffic Engineering • ITU-T Recommendation Y. As shown in Figure 23. In this way. Resource ReSerVation Protocol • RFC 3209. LDP does not advertise any prefix-based label mapping message through a remote session. a hierarchical LSP is formed. when setting up an LDP LSP across the core layer. you need to establish a local LDP session between each pair of neighboring LSRs in the core layer. RSVP Refresh Overhead Reduction Extensions • RFC 3564.As the figure shows. you do not need to establish local LDP sessions between neighboring LSRs in the core layer.1720.

After configuring the basic capabilities.Task Remarks Configuring MPLS TE basic capabilities Required Configuring DiffServ-aware TE Optional Configuring an MPLS TE tunnel Creating MPLS TE tunnel over static CR-LSP Required Configuring MPLS TE tunnel with dynamic signaling protocol Use either approach Configuring RSVP-TE advanced features Optional Tuning CR-LSP setup Optional Tuning MPLS TE tunnel setup Optional Forwarding traffic along MPLS TE tunnels using static routes Configuring traffic forwarding Forwarding traffic along MPLS TE tunnels through automatic route advertisement Required Use either approach Configuring traffic forwarding tuning parameters Optional Configuring CR-LSP backup Optional Configuring FRR Optional Inspecting an MPLS TE tunnel Optional Configuring protection switching Optional Configuring MPLS TE basic capabilities MPLS TE basic capabilities are essential to MPLS TE feature configurations. NOTE: For configuration information about MPLS basic capability. you need to make other configurations in order to use MPLS TE depending on the actual requirements. mpls N/A 3. system-view N/A 2. Configuration prerequisites Before the configuration. do the following: • Configure static routing or IGPs to make sure all LSRs are reachable. Configuration procedure To configure MPLS TE basic capabilities: Step Command Remarks 1. • Configure MPLS basic capabilities. Enter MPLS view. Enter system view. see MPLS Configuration Guide. mpls te Disabled by default 56 . Enable global MPLS TE.

quit N/A 5. 5. Enter system view. mpls te tunnel-id tunnel-id N/A 13. mpls N/A 3. By default. ip address ip-address netmask Optional 10. Optional. see Layer 3—IP Services Configuration Guide. quit –– 8. By default. Configure the destination address of the tunnel. Configure the TE class mapping in IETF DS-TE mode. the BC model of IETF DS-TE is RDM. Return to system view. mpls te ds-te ietf bc-mode mam By default.Step Command Remarks 4. mpls te ds-te mode ietf 4. the TE class mappings in IETF mode are shown as Table 1. Enable interface MPLS TE. interface interface-type interface-number N/A 6. the DS-TE mode is prestandard. system-view N/A 2. Table 1 Default TE class mappings in IETF mode TE Class CT Priority 0 0 7 57 . Create a tunnel interface and enter its view. Configuring DiffServ-aware TE To configure DS-TE: Step Command Remarks 1. Enter the interface view of an MPLS TE link. Return to system view. Assign an IP address to the tunnel interface. mpls te Disabled by default 7. Submit the current tunnel configuration. interface tunnel tunnel-number N/A 9. tunnel-protocol mpls te N/A 11. Configure the tunnel ID of the tunnel. Set the tunnel protocol to MPLS TE. that is. mpls te commit N/A NOTE: For more information about tunnel interfaces. Configure the DS-TE mode as IETF. the TE class-CT-priority association. Optional. destination ip-address N/A 12. mpls te ds-te ietf te-class te-class-index class-type class-type-number priority pri-number Optional. Enter MPLS view. Configure the BC model of IETF DS-TE as MAM.

Static CR-LSPs are special static LSPs. Configuration procedure To create an MPLS TE tunnel over a CR-LSP: Step Command Remarks 1. mpls te commit N/A 5. do the following: • Configure static routing or an IGP protocol to make sure that all LSRs are reachable. • Configure MPLS basic capabilities. Enter system view. mpls te signal-protocol static N/A 4. Despite its ease of configuration.TE Class CT Priority 1 1 7 2 2 7 3 3 7 4 0 0 5 1 0 6 2 0 7 3 0 Creating MPLS TE tunnel over static CR-LSP Creating MPLS TE tunnels over static CR-LSPs does not involve configuration of tunnel constraints or the issue of IGP TE extension or CSPF. system-view N/A 2. Exit to system view. • Configure MPLS TE basic capabilities. What you need to do is to create a static CR-LSP and a TE tunnel using static signaling and then associate them. They share the same constraints and use the same label space. Configure the tunnel to use static CR-LSP. Enter the interface view of an MPLS TE tunnel. Submit the current tunnel configuration. Configuration prerequisites Before making the configuration. the application of MPLS TE tunnels over static CR-LSPs is restricted because they cannot dynamically adapt to network changes. quit N/A 58 . interface tunnel tunnel-number N/A 3.

Suppose you create a tunnel interface with the interface tunnel 2 command. • Configure tunnel constraints. and other advanced features. 59 . Create a static CR-LSP on your router depending on its location in the network. your tunnel establishment attempt will fail. static-cr-lsp transit tunnel-name incoming-interface interface-type interface-number in-label in-label-value { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label-value [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] Use any of the commands depending on the location of your router in the network. This restriction however does not apply to transit and egress nodes. To specify it for the tunnel-name in the static-cr-lsp ingress command. Otherwise. • At the egress: static-cr-lsp egress tunnel-name incoming-interface interface-type interface-number in-label in-label-value [ lsrid ingress-lsr-id tunnel-id tunnel-id ] [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] NOTE: • The tunnel-name argument specifies the name of the MPLS TE tunnel carried over the static CR-LSP. The following describes how to create an MPLS TE tunnel with a dynamic signaling protocol: • Configure MPLS TE properties for links and advertise them through IGP TE extension to form a TEDB. Configuring MPLS TE tunnel with dynamic signaling protocol Dynamic signaling protocol can adapt the path of a TE tunnel to network changes and implement redundancy. • Use the CSPF algorithm to calculate a preferred path based on the TEDB and tunnel constraints.Step Command Remarks • At the ingress: static-cr-lsp ingress tunnel-name destination dest-addr { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label-value [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] • On the transit node: 6. you must input its name in the form of Tunnel2. FRR. • Establish the path by using the signaling protocol RSVP-TE or CR-LDP. • The next hop address cannot be a local public address when configuring the static CR-LSP on the ingress or a transit node. • The tunnel-name argument in the static-cr-lsp ingress command is case-sensitive.

• Configure MPLS TE basic capabilities. do the following: • Configure static routing or an IGP protocol to make sure that all LSRs are reachable. interface interface-type interface-number N/A 3. Configuration prerequisites Before making the configuration. Configuring MPLS TE properties for a link To configure MPLS TE properties for a link: Step Command Remarks 1. • Configure MPLS basic capabilities. Establishing an MPLS TE tunnel with RSVP-TE By default. Establishing an MPLS TE tunnel with CR-LDP Optional.NOTE: To form a TEDB. the CR-LSP is created based on IGP routing rather than computed by CSPF. Configuring IS-IS TE Choose one depending on the IGP protocol used. mpls te max-link-bandwidth bandwidth-value 60 Optional. system-view N/A 2. you must configure the IGP TE extension for the nodes on the network to send TE LSAs. RSVP-TE is used for establishing an MPLS TE tunnel. Enter system view. Configuration procedure Complete the following tasks to configure an MPLS TE tunnel using a dynamic signaling protocol: Task Remarks Configuring MPLS TE properties for a link Optional. Use either approach. . Configuring an MPLS TE explicit path Optional. Configuring MPLS TE tunnel constraints Optional. Configure maximum link bandwidth. Enter interface view of MPLS TE link. Configuring CSPF Optional. Configuring OSPF TE Required when CSPF is configured. 0 by default. If the IGP TE extension is not configured.

By default. Configuring CSPF To configure CSPF: Step 1. Enter OSPF area view. opaque-capability enable Disabled by default 4. mpls te max-reservable-bandwidth rdm bandwidth-value [ bc1 bc1-bandwidth ] [ bc2 bc2-bandwidth ] [ bc3 bc3-bandwidth ] Command Remarks 0 for both BC 0 and BC 1 by default. mpls N/A 3. Enable the opaque LSA capability. area area-id N/A 5. In RDM model. you need to enable the opaque capability of OSPF. mpls te max-reservable-bandwidth bandwidth-value [ bc1 bc1-bandwidth ] Configure maximum reservable bandwidth and BCs of the MPLS TE link in the MAM model of the IETF DS-TE. for TE LSAs to be generated. 5. ospf [ process-id ] N/A 3. and BC 0 through BC 3 are all 0. mpls te max-reservable-bandwidth mam bandwidth-value { bc0 bc0-bandwidth | bc1 bc1-bandwidth | bc2 bc2-bandwidth | bc3 bc3-bandwidth } * Optional. BC 0 is the maximum reservable bandwidth of a link. at least one neighbor must be in full state. 4. To configure OSPF TE: Step Command Remarks 1. BC 0 is the maximum reservable bandwidth of a link. system-view N/A 2. Enter system view.Step Command Remarks Optional. Configure BC 0 and BC 1 of the MPLS TE link in the RDM model of the prestandard DS-TE. The OSPF TE extension uses Opaque Type 10 LSAs to carry TE attributes of links. 0 for BC 0 through BC 3 by default In RDM model. Enable MPLS TE in the OSPF area. the maximum bandwidth. system-view N/A 2. Before configuring OSPF TE. Enter MPLS view. 6. mpls-te enable Disabled by default 61 . mpls te cspf Disabled by default Configuring OSPF TE Configure OSPF TE if the routing protocol is OSPF and a dynamic signaling protocol is used for MPLS TE tunnel setup. Configure the BCs of the MPLS TE link in the RDM model of the IETF DS-TE. Enable CSPF on your router. Optional. In addition. Enter OSPF view. Enter system view.

H3C recommends that you set the MTU of any interface with IS-IS enabled be equal to or greater than 512 octets to guarantee that IS-IS LSPs can be flooded on the network. system-view –– 2. the bw-constraint parameter is carried in sub-TLV 252. IS-IS uses narrow metric style. 4. 5.Step 6. the minimum MTU needs to be recalculated according to the packet structure. the length of the IS reachability TLV (type 22) may reach the maximum of 255 octets in some cases. Command Remarks quit N/A NOTE: • For more information about OSPF opaque LSA. cannot be less than 284 octets. or wide-compatible. the MTU of any IS-IS enabled interface. Return to OSPF view. te-set-subtlv { bw-constraint value | lo-multiplier value | unreserved-bw-sub-pool value } 62 By default. the lo-multiplier parameter in sub-TLV 253. MPLS TE cannot establish an LSP tunnel through an OSPF virtual link. Enter system view. • MPLS TE cannot reserve resources and distribute labels on OSPF virtual links. compatible. In case both OSPF TE and IS-IS TE are available. Optional. and the unreserved-bw-sub-pool parameter in sub-TLV 251. The IS-IS TE extension uses the sub-TLV of IS reachability TLV (type 22) to carry TE attributes. you need to configure the IS-IS wide metric style. Enter IS-IS view. traffic-eng [ level-1 | level-2 | level-1-2 ] Disabled by default. CAUTION: • According to RFC 3784. OSPF TE takes priority. When TE is configured. Configuring IS-IS TE Configure IS-IS TE if the routing protocol is IS-IS and a dynamic signaling protocol is used for MPLS TE tunnel setup. cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] } By default. isis [ process-id ] –– 3. Make sure no virtual links exist in the OSPF routing domain when configuring OSPF TE. see Layer 3—IP Routing Configuration Guide. Enable IS-IS TE. If an LSP must also carry the authentication information. To configure IS-IS TE: Step Command Remarks 1. • For an IS-IS LSP to carry this type of TLV and to be flooded normally on all interfaces with IS-IS enabled. Configure the wide metric attribute of IS-IS. Before configuring IS-IS TE. including 27 octets of LSP header and two octets of TLV header. . which can be wide. Configure the TLV type of the sub-TLV carrying DS-TE parameters.

modify hop ip-address1 ip-address2 [ [ include [ loose | strict ] | exclude ] By default. • IS-IS TE does not support secondary IP address advertisement. In other words. With IS-IS TE enabled on an interface configured with multiple IP addresses. Specify a next hop IP address on the explicit path. Enter system view. explicit-path path-name [ disable | enable ] N/A Optional. IS-IS TE advertises only the primary IP address of the interface through the sub-TLV of IS reachability TLV (type 22). system-view N/A 2. 63 . The relationship between any two neighboring nodes on an explicit path can be either of the following: • Strict: where the two nodes are directly connected. Optional. list hop [ ip-address ] Optional. the explicit path traverses the specified node and the next node is a strict node. the explicit path traverses the specified node and the next node is a strict node. Configuring an MPLS TE explicit path An explicit path is a set of nodes. 3. In other words. see Layer 3—IP Routing Configuration Guide. 5. delete hop ip-address Optional. the include keyword and the strict keyword apply. The next hop is a strict node by default. Repeat this step to define a sequential set of the hops that the explicit path traverses. Display information about the specified or all nodes on the explicit path. add hop ip-address1 [ include [ loose | strict ] | exclude ] { after | before } ip-address2 next hop ip-address [ include [ loose | strict ] | exclude ] By default. • Loose: where the two nodes have routers in between. you may configure the include keyword to have the established LSP traverse the specified nodes or the exclude keyword to have the established LSP bypass the specified nodes. 4. 6. 7. Create an explicit path for MPLS TE tunneling and enter its view. When inserting nodes to an explicit path or modifying nodes on it.NOTE: • For more information about IS-IS. Remove a node from the explicit path. the include keyword and the strict keyword apply. To configure an MPLS TE explicit path: Step Command Remarks 1. H3C does not recommend enabling IS-IS TE on an interface configured with secondary IP addresses. Modify the IP address of current node on the explicit path. Add a node to the explicit path.

Establishing an MPLS TE tunnel with CR-LDP To establish an MPLS TE tunnel with CR-LDP: Step Command Remarks 1. system-view N/A 2. mpls te signal-protocol crldp RSVP-TE applies by default. Assign bandwidth to the MPLS TE tunnel. mpls te commit N/A 4. Set the signaling protocol for setting up MPLS TE tunnels to CR-LDP. you cannot use the mpls te bandwidth command to configure bandwidth for the tunnel. 4. mpls te path { dynamic | explicit-path pathname } preference value Optional. Enter system view. Submit current tunnel configuration. Enter MPLS TE tunnel interface view. specify the area border router (ABR) or autonomous system boundary router (ASBR) as the next hop of the route. system-view N/A 2. mpls te commit N/A 5. and specify a CT for the tunnel’s traffic. interface tunnel tunnel-number N/A 3. mpls N/A 64 . mpls te bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth By default. Establishing an MPLS TE tunnel with RSVP-TE To establish an MPLS TE tunnel with RSVP-TE: Step Command Remarks 1. interface tunnel tunnel-number N/A 3. Configuring MPLS TE tunnel constraints To configure MPLS TE tunnel constraints: Step Command Remarks 1. Submit current tunnel configuration.NOTE: When establishing an MPLS TE tunnel between areas or Autonomous Systems (ASs). Enter MPLS TE tunnel interface view. no bandwidth is assigned and traffic of the tunnel belongs to CT 0. and make sure that the ABR or ASBR is reachable. Specify a path for the tunnel to use and set the preference of the path. NOTE: When establishing an MPLS TE tunnel with CR-LDP. a tunnel uses the dynamically calculated path. Optional. By default. system-view N/A 2. Enter system view. you must use a loose explicit route. Enter MPLS view. Enter system view.

mpls rsvp-te Disabled by default. mpls te signal-protocol rsvp-te Submit current tunnel configuration. Exit to system view. Configuring RSVP-TE advanced features RSVP-TE adds new objects in Path and Resv messages to support CR-LSP setup. interface tunnel tunnel-number N/A 8. 65 . During an RSVP session. and other advanced features of MPLS TE. mpls te commit 9. network resources. RSVP-TE applies by default. Enable RSVP-TE on your router.Step Command Remarks 3. you must enable both MPLS TE and RSVP-TE on the interfaces for the tunnel to use. do the following: • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Establish an MPLS TE tunnel with RSVP-TE Configuration procedure Configuring RSVP reservation style Each LSP set up using RSVP-TE is assigned a resource reservation style. mpls rsvp-te Disabled by default. Enable RSVP-TE on the interface. N/A CAUTION: To use RSVP-TE as the signaling protocol for setting up the MPLS TE tunnel. Optional. • Shared-explicit style (SE) where resources are reserved for senders on the same session and shared among them. RSVP-TE provides many configurable options with respect to reliability. two reservation styles are available: • Fixed-filter style (FF) where resources are reserved for individual senders and cannot be shared among senders on the same session. 4. Currently. Before performing the configuration tasks in this section. Enter interface view of MPLS TE link. quit N/A 5. the receiver decides which reservation style can be used for this session and thus which LSPs can be used. be aware of each configuration objective and its impact on your network. Set the signaling protocol for setting up the MPLS TE tunnel to RSVP-TE. interface interface-type interface-number N/A 6. Enter MPLS TE tunnel interface view. 7. Configuration prerequisites Before configuring RSVP-TE advanced features.

4. The default is 3. Configuring RSVP state timers To configure RSVP state timers: Step Command Remarks 1. Enter system view.To configure RSVP reservation style: Step Command Remarks 1. Enter system view. mpls rsvp-te blockade-multiplier number 4. system-view N/A 2. Configuring the RSVP refreshing mechanism To enhance reliability of RSVP message transmission. mpls rsvp-te timer refresh timevalue Configure the keep multiplier for PSB and RSB. Enter interface view of MPLS TE link. Configure the resources reservation style for the tunnel. mpls te commit N/A Optional. you must use the Message_ID extension. system-view N/A 2. interface tunnel tunnel-number N/A 3. Configure the path/reservation state refresh interval of the node. NOTE: In current MPLS TE applications. The default path/reservation state refresh interval is 30 seconds. Optional. 5. system-view N/A 2. Enter MPLS view. mpls N/A 3. Optional. Enter MPLS TE tunnel interface view. interface interface-type interface-number N/A 66 . Submit current tunnel configuration. the SE style is mainly used for make-before-break. you may enable retransmission. To configure RSVP refreshing mechanism: Step Command Remarks 1. Only states advertised using MESSAGE_ID included Path and Resv messages can be refreshed using summary refreshes. To use summary refresh (Srefresh). The default blockade timeout multiplier is 4. while the FF style is rarely used. the Message_ID extension mechanism is used to acknowledge RSVP messages. The Message_ID extension mechanism is also referred to as the reliability mechanism throughout this document. Optional. Enter system view. mpls te resv-style { ff | se } The default resource reservation style is SE. After you enable RSVP message acknowledgement on an interface. mpls rsvp-te keep-multiplier number Configure the blockade timeout multiplier.

By default.Step Command Remarks 3. Configuring RSVP-TE resource reservation confirmation To configure RSVP-TE resource reservation confirmation: Step Command Remarks 1. 4. mpls rsvp-te hello Disabled by default. mpls rsvp-te timer retransmission { increment-value [ increment-value ] | retransmit-value [ retrans-timer-value ] } * Optional 5. mpls N/A 3. Exit to system view. quit N/A 7. Optional. Configure the maximum number of consecutive hellos that should be lost before the link is considered failed. Enable resource reservation confirmation.. Enter MPLS view. Enter interface view of MPLS TE link. mpls rsvp-te resvconfirm Disabled by default 67 . mpls rsvp-te hello-lost times 5. Optional. the link is considered failed if three consecutive hellos are lost. system-view N/A 2. mpls rsvp-te timer hello timevalue 6. Enable summary refresh. Enable global RSVP hello extension. Enable the reliability mechanism of RSVP-TE. mpls rsvp-te hello Disabled by default. mpls rsvp-te srefresh Disabled by default Optional Disabled by default Configuring the RSVP hello extension To configure the RSVP hello extension: Step Command Remarks 1. It is defined in RFC 3209. interface interface-type interface-number N/A 8. The default is 3 seconds. Enable retransmission. NOTE: RSVP hello extension detects the reachability of RSVP neighboring nodes. system-view N/A 2. mpls N/A 3. Enable interface RSVP hello extension. Enter system view. mpls rsvp-te reliability Optional 4. Enter MPLS view. Configure the hello interval. Enter system view.

Configuring RSVP authentication RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources. • Receiving the ResvConf message does not mean resource reservation is established. Enable RSVP hello extension for the interface. mpls rsvp-te timer graceful-restart restart restart-time Optional Set the RSVP-TE GR recovery timer. interface interface-type interface-number 3. It only indicates that resources are reserved on the farthest upstream node where the Resv message arrived and the resources can be preempted. mpls rsvp-te authentication { cipher | plain } auth-key NOTE: FRR and RSVP authentication cannot run at the same time. Enter system view. Enter system view. mpls rsvp-te hello Disabled by default 4. mpls rsvp-te hello Disabled by default 6. It requires that the interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages. Enable global RSVP hello extension. system-view 2. Set the RSVP-TE GR restart timer. Enter interface view of MPLS TE link. To configure RSVP-TE GR on each router to act as the GR restarter or a GR helper: Step Command Remarks 1. Configuring RSVP-TE GR The RSVP-TE GR function depends on the extended hello capability of RSVP-TE.NOTE: • Reservation confirmation is initiated by the receiver. mpls N/A 3. Enable MPLS RSVP-TE GR. Enter interface view of MPLS TE link. mpls rsvp-te timer graceful-restart recovery recovery-time Optional 7. Be sure to enable the extended hello capability of RSVP-TE before configuring RSVP-TE GR. mpls rsvp-te graceful-restart Disabled by default 5. 68 120 seconds by default 300 seconds by default . system-view N/A 2. which sends the Resv message with an object requesting reservation confirmation. Enter MPLS view. To configure RSVP authentication: Step Command 1. Enable RSVP authentication. interface interface-type interface-number N/A 8.

Configuring Cooperation of RSVP-TE and BFD On an MPLS TE network. you can enable Bidirectional Forwarding Detection (BFD) for RSVP-TE on the two peers of an RSVP-TE tunnel. mpls N/A 3. selecting a path with the highest bandwidth usage ratio (the used bandwidth to the maximum reserved link bandwidth). To address this issue. system-view N/A 2. Before performing them. To configure BFD for an RSVP-TE-enabled interface: Step Command Remarks 1. MPLS TE can be quickly aware of link failures between the peers. Enable BFD on the RSVP-TE enabled interface. MPLS TE can affect CSPF calculation in many ways to determine the path that a CR-LSP can traverse. include: selecting a path with the lowest bandwidth usage ratio (the used bandwidth to the maximum reservable link bandwidth). be aware of each configuration objective and its impact on your system. Enter system view. mpls te tie-breaking { least-fill | most-fill | random } 69 Optional. If multiple paths are present with the same metric. . Then. Configuration procedure Configuring the tie breaker in CSPF CSPF only calculates the shortest path to the end of a tunnel. only one of them is selected. Tie-breaking methods. MPLS TE itself cannot detect a link failure in time. ensuring that data can be switched from the main path to the backup path. Configuration prerequisites The configuration tasks described in this section are about CSPF of MPLS TE. interface interface-type tunnel-number N/A 3. if a link between neighboring LSRs fails. the corresponding MPLS TE tunnel will fail to forward packets. in the descending order of selection priority. and selecting a path randomly. Enter the view of an MPLS RSVP-TE enabled interface. mpls rsvp-te bfd enable Disabled by default Tuning CR-LSP setup A CR-LSP is established through the signaling protocol based on the path calculated by CSPF using TEDB and constraints. system-view N/A 2. To configure the CSPF tie-breaking method: Step Command Remarks 1. Specify the tie breaker that a tunnel uses to select a path when multiple paths with the same metric are present on the current node. They must be used in conjunction with CSPF and the dynamic signal protocol (CR-LDP or RSVP-TE). Enter system view. Enter MPLS view. The random keyword applies by default.

NOTE: The associations between administrative groups and affinities may vary by vendor. NOTE: • A tunnel prefers the tie breaker specified in the tunnel interface view. it decides which links the MPLS TE tunnel can use. interface tunnel tunnel-number N/A 3. Enter MPLS TE tunnel interface view. mpls te tie-breaking { least-fill | most-fill | random } By default. To ensure the successful establishment of a tunnel between two devices of different vendors. If no tie breaker is specified in tunnel interface view. For a link to be used by a TE tunnel. When doing that. but at least one of the rest bits must be 1. Submit current tunnel configuration. Suppose the affinity of an MPLS TE tunnel is 0xFFFFFFFF and the mask is 0x0000FFFF. a 32-bit mask is used. • The IETF DS-TE mode supports only random path selection. Submit current tunnel configuration. Enter MPLS TE tunnel interface view. Together with the link administrative group. Configuring route pinning Route pinning cannot be used together with reoptimization or automatic bandwidth adjustment. mpls te commit N/A Configuring administrative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use. For a link to be used by the tunnel. 5.Step Command Remarks interface tunnel tunnel-number N/A 4. a tunnel has no specific tie breaker specified and uses the tie breaker specified in MPLS view. mpls te commit N/A 6. The affinity of an MPLS TE tunnel is configured at the first node on the tunnel and then signaled to the rest nodes through CR-LDP or RSVP-TE. the leftmost 16 bits of its administrative group attribute can be 0s or 1s. at least one considered affinity bit and its corresponding administrative group bit must be set to 1. This is done by ANDing the 32-bit affinity attribute with the 32-bit link administrative group attribute. system-view N/A 2. 70 . Enable route pinning. Specify the tie breaker for the current tunnel to select a path when multiple paths with the same metric are present. the tunnel uses the tie breaker specified in MPLS view to select a path. mpls te route-pinning Disabled by default 4. To configure route pinning: Step Command Remarks 1. The affinity bits corresponding to the 1s in the mask are “do care” bits which must be considered while those corresponding to the 0s in the mask are “don’t care” bits. Enter system view. correctly configure their respective administrative groups and affinities. Optional.

mpls te affinity property properties [ mask mask-value ] The default affinity attribute is 0x00000000. return N/A 6. system-view N/A 2. interface tunnel tunnel-number N/A 3. and services will be switched to the new CR-LSP. Optional. system-view N/A 2. and the default mask is 0x00000000. mpls te reoptimization Optional Tuning MPLS TE tunnel setup This section only covers the configuration tasks for tuning MPLS TE tunnel setup. a new CR-LSP will be established to replace the old one. 7. interface interface-type interface-number N/A 3. Enter system view. 71 . Perform reoptimization on all MPLS TE tunnels with reoptimization enabled. mpls te commit N/A 5. interface tunnel tunnel-number N/A 6. Assign the link to a link administrative group. Enter interface view of MPLS TE link. Submit current tunnel configuration. Enter MPLS TE tunnel interface view. If a better route is found for an existing CR-LSP. mpls te reoptimization [ frequency seconds ] Disabled by default 4. Enter MPLS TE tunnel interface view. Configuring CR-LSP reoptimization Dynamic CR-LSP optimization involves periodic calculation of paths that traffic trunks should traverse. Enter system view. quit N/A 5. Enable reoptimization for the MPLS TE tunnel. Exit to system view. mpls te commit N/A The default is 0x00000000. Exit to user view.To configure the administrative group and affinity attribute: Step Command Remarks 1. 4. To configure CR-LSP reoptimization: Step Command Remarks 1. Configure the affinity attribute of the MPLS TE tunnel. mpls te link administrative group value Optional. Submit current tunnel configuration.

system-view N/A 2. Before performing them. system-view N/A 2. Configuration procedures Configuring loop detection To configure loop detection: Step Command Remarks 1. Enter system view. Configuring tunnel setup retry You may configure the system to attempt setting up a tunnel multiple times until it is established successfully or until the number of attempts reaches the upper limit. interface tunnel tunnel-number N/A 3. Enable the system to record routes or label bindings when setting up the tunnel. mpls te commit Record routes and label bindings bindings: mpls te record-route label NOTE: The mpls te record-route label command is not supported when the signaling protocol is CR-LDP. • To record routes: mpls te record-route Use either command. mpls te commit N/A 4. Enter system view. Enter MPLS TE tunnel interface view. interface tunnel tunnel-number N/A 3. Enable the system to perform loop detection when setting up a tunnel. Enter MPLS TE tunnel interface view.Configuration prerequisites The configurations described in this section need to be used together with the dynamic signaling protocol CR-LDP or RSVP-TE. 4. • To record routes and label Both route recording and label binding recording are disabled by default. Submit current tunnel configuration. Configuring route and label recording To configure route and label recording: Step Command Remarks 1. be aware of each configuration objective and its impact on your system. To configure tunnel setup retry: 72 . mpls te loop-detection Disabled by default Submit current tunnel configuration.

mpls te timer retry seconds Submit current tunnel configuration. Configure maximum number of tunnel setup retries. Optional. setup priority and holding priority. Submit current tunnel configuration. N/A Assigning priorities to a tunnel Two priorities. Assign priorities to the tunnel. interface tunnel tunnel-number N/A 3. Enter system view. Optional. Enter system view. the setup priority of a CR-LSP should not be set higher than its holding priority. complete the following tasks: • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Configure MPLS TE tunnels Configuration procedures Forwarding traffic along MPLS TE tunnels using static routes To create static routes for routing traffic along an MPLS TE tunnel: 73 Optional. mpls te priority setup-priority [ hold-priority ] 4. mpls te retry times Configure the tunnel setup retry interval. mpls te commit Configuring traffic forwarding Configuration prerequisites Before configuring traffic forwarding. Enter MPLS TE tunnel interface view. The default is 2 seconds. To assign priorities to a tunnel: Step Command Remarks 1. The default setup and holding priorities are 7. system-view N/A 2. For a new path to preempt an existing path. 5. interface tunnel tunnel-number N/A 3. system-view N/A 2. are assigned to paths for MPLS TE to make preemption decision. mpls te commit 4. Enter MPLS TE tunnel interface view. To avoid flapping caused by improper preemptions between CR-LSPs. the setup priority of the new path must be greater than the holding priority of the existing path. N/A .Step Command Remarks 1. The default is 10.

If it is relative. • For more information about the static routing configuration command. ip route-static dest-address { mask | mask-length } { next-hop-address [ track track-entry-number ] | interface-type interface-number next-hop-address [ bfd { control-packet | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] NOTE: • The interface-type argument in the ip route-static command must be tunnel. In addition. mpls te igp shortcut [ isis | ospf ] 74 MPLS TE tunnels are not considered in the enhanced SPF calculation of IGP. Command Enter system view. • To use automatic route advertisement. Enter MPLS TE tunnel interface view. the cost of the corresponding IGP path must be added to the metric before it can be used for path calculation. enable OSPF or ISIS on the MPLS TE tunnel interface. Before configuring automatic route advertisement. Configure IGP shortcut To configure IGP shortcut: Step Command Remarks 1. Forwarding traffic along MPLS TE tunnels through automatic route advertisement NOTE: • Automatic route advertisement is supported when the IGP is OSPF or ISIS. Configure the IGP to take the MPLS TE tunnels in up state into account when performing enhanced SPF calculation. either absolute or relative. If no IGP type is specified. interface tunnel tunnel-number N/A 3. system-view N/A 2. Two approaches. IGP shortcut and forwarding adjacency. You may assign a metric. 2. Enter system view. see Layer 3—IP Routing Command Reference. are available to automatic route advertisement to advertise MPLS TE tunnel interface routes to IGPs. system-view Create a static route for forwarding traffic along an MPLS TE tunnel. the preference value must be set. the metric is directly used for path calculation. you must specify the destination address of the TE tunnel as the LSR ID of the peer and advertise the tunnel interface address to IGPs. to TE tunnels for the purpose of path calculation in either approach. . such as OSPF and ISIS. the configuration applies to both OSPF and ISIS by default. allowing traffic to be routed down MPLS TE tunnels. 1. If it is absolute.Step 1.

4. Enable forwarding adjacency. 4. Configuring traffic forwarding tuning parameters In MPLS TE. Enter system view. quit N/A 7. Enter OSPF view. Enable IGP to advertise the route of the MPLS TE tunnel to IGP neighbors. NOTE: If you use automatic route advertisement. Enable the IGP shortcut function. 75 . Exit to system view. create a bi-directional MPLS TE tunnel and enable forwarding adjacency at both ends of the tunnel. mpls te igp metric { absolute | relative } value The metrics of TE tunnels equal the metrics of their corresponding IGP routes by default. Submit current tunnel configuration. ospf [ process-id ] N/A 8. enable traffic-adjustment Disabled by default. mpls te igp advertise [ hold-time value ] Routes of MPLS TE tunnels are not advertised to IGP neighbors by default. mpls te commit N/A 6. Enter OSPF view. mpls te igp metric { absolute | relative } value The metrics of TE tunnels equal the metrics of their corresponding IGP routes by default. 5. Configure forwarding adjacency To make forwarding adjacency take effect. you may configure traffic forwarding tuning parameters such as the failed link timer and flooding thresholds to change paths that IP or MPLS traffic flows traverse or to define type of traffic that may travel down a TE tunnel. 5. interface tunnel tunnel-number N/A 3. Submit current tunnel configuration. 2. quit N/A 7. system-view N/A 2. enable traffic-adjustment advertise Disabled by default. Enter MPLS TE tunnel interface view. ospf [ process-id ] N/A 8. Assign a metric to the MPLS TE tunnel. mpls te commit N/A 6. Optional.Step Command Remarks Optional. To configure forwarding adjacency: Step Command Remarks 1.. Assign a metric to the MPLS TE tunnel. you must specify the destination address of the TE tunnel as the LSR ID of the peer and advertise the tunnel interface address to OSPF or ISIS. Exit to system view.

CSPF will update information about the link in TEDB and stops the timer.Configuration prerequisites The configurations described in this section are used in conjunction with CSPF and the dynamic signaling protocol CR-LDP or RSVP-TE. Configure the up/down thresholds for IGP to flood bandwidth changes. the change is flooded. CSPF may need to recalculate paths. system-view N/A 2. This tends to be resource consuming as recalculation involves IGP flooding. system-view N/A 2. you may configure the following two IGP flooding thresholds in percentages: • Up threshold. To configure flooding thresholds: Step Command Remarks 1. When the percentage of available-bandwidth increase to the maximum reservable bandwidth exceeds the threshold. Configure the CSPF failed link timer. Specifying the link metric type for tunnel path calculation To specify the metric type for tunnel path calculation: Step Command Remarks 1. the state of the link in TEDB will change to up. Configuring flooding thresholds After the bandwidth of links regulated by MPLS TE changes. The default is 10 seconds. Enter system view. mpls N/A 76 . mpls te cspf timer failed-link timer-interval Optional. • Down threshold. the change is flooded. Enter MPLS TE tunnel interface view. To configure failed link timer: Step Command Remarks 1. Both up and down flooding thresholds are 10 by default. To reduce recalculations and flood only significant changes. Enter MPLS view. Enter system view. Configuration procedure Configuring the failed link timer A CSPF failed link timer starts once a link goes down. When the percentage of available-bandwidth decrease to the maximum reservable bandwidth exceeds the threshold. If IGP removes or modifies the link before the timer expires. Enter MPLS view. system-view N/A 2. Enter system view. If IGP does not remove or modify the link before the timer expires. interface interface-type interface-number N/A 3. mpls te bandwidth change thresholds { down | up } percent Optional. mpls N/A 3.

77 . mpls te commit Optional. NOTE: If you do not configure the mpls te path metric-type command in MPLS TE tunnel interface view. 10. By default. Optional. Submit current tunnel configuration. system-view N/A 2.Step Command Remarks Specify the metric type to use when no metric type is explicitly configured for a tunnel. Specify the metric type to use for path calculation of the current tunnel. the metric type specified in MPLS view takes effect. interface interface-type interface-number N/A 3. Configuring CR-LSP backup CR-LSP backup provides end-to-end path protection to protect the entire LSP. mpls te vpn-binding { acl acl-number | vpn-instance vpn-instance-name } Optional. Exit to system view. Optional. quit N/A 5. mpls te commit N/A Traffic flow types of TE tunnels are not restricted by default. Enter MPLS TE tunnel interface view. 4. 4. Enter interface view of MPLS TE link. Optional. 8. mpls te path metric-type { igp | te } TE metrics of links are used by default. interface tunnel tunnel-number N/A 6. Submit current tunnel configuration. mpls te path metric-type { igp | te } 7. mpls te metric value If no TE metric is assigned to the link. Configuring the traffic flow type of a tunnel To configure the traffic flow type of a tunnel: Step Command Remarks 1. Enter system view. IGP metric is used as the TE metric by default. Assign a TE metric to the link. quit N/A 9. Enter MPLS TE tunnel interface view. Configure the traffic flow type of the TE tunnel. interface tunnel tunnel-number N/A 3. Return to system view. no specific link metric type is specified for the tunnel interface and the one specified in MPLS view is used.

bypass tunnels only forward data traffic when protected primary tunnels fail. Submit current tunnel configuration. make sure that the bandwidth assigned to the bypass LSP is not less than the total bandwidth needed by all protected LSPs. Enter system view of the ingress node. 4. mpls te commit N/A NOTE: CR-LSP backup should be configured at the ingress node of a tunnel. As bypass tunnels are pre-established. The bandwidth of a bypass LSP is to protect its primary LSPs. interface tunnel tunnel-number N/A 3. you need to make sure that bypass tunnels are available with adequate bandwidth. You do not need to configure them. mpls te backup { hot-standby | ordinary } Tunnel backup is disabled by default. they require extra bandwidth and are usually used to protect crucial interfaces or links only. To guarantee that a primary LSP can always bind with the bypass LSP successfully. complete the following tasks: • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Configure MPLS TE tunnels Configuration procedure To configure CR-LSP backup: Step Command Remarks 1. Configure the backup mode used by the TE tunnel. To allow a bypass tunnel to forward data traffic while protecting the primary tunnel. 78 .Configuration prerequisites Before you configure CR-LSP backup. and whether a bypass LSP provides bandwidth protection as well as the sum of protected bandwidth. Normally. Configuring FRR NOTE: The FRR feature is not supported when the signaling protocol is CR-LDP. Fast Reroute (FRR) provides quick but temporary per-link or per-node local protection on an LSP. The system routes the primary LSP and backup LSP automatically. A bypass tunnel cannot be used for services like VPN at the same time. As mentioned earlier. FRR uses bypass tunnels to protect primary tunnels. You can define which type of LSP can use bypass LSPs. Enter MPLS TE tunnel interface view. system-view N/A 2.

That is. mpls te commit N/A Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface. a bypass LSP cannot act as a primary LSP to be protected by another LSP at the same time. system-view N/A 2. system-view N/A 2. When specifying a bypass tunnel for an interface. Enter system view. interface tunnel tunnel-number N/A 79 . To configure a bypass tunnel on its PLR: Step Command Remarks 1. make sure that: • The bypass tunnel is up. Up to three bypass tunnels can be specified for a protected interface. Enter interface view of the bypass tunnel. Submit current tunnel configuration. The configuration of a bypass LSP is similar to that of a common LSP. However. • The protected interface is not the outgoing interface of the bypass tunnel. The setup of a bypass LSP must be manually performed on the PLR. its corresponding LSP becomes a bypass LSP. mpls te fast-reroute Disabled by default 4. Enter tunnel interface view of the primary LSP. Enter system view. The best-fit algorithm is used to determine which of them should be used in case failure occurs. Your router has restriction on links that use the same bypass tunnel so that their total bandwidth does not exceeds a specific value.Configuration prerequisites Before you configure FRR. interface tunnel tunnel-number N/A 3. complete the following tasks: • Configure IGP. a bypass LSP cannot be configured with FRR. ensuring that all LSRs are reachable • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Establish an MPLS TE tunnel with RSVP-TE • Set up primary LSPs Configuration procedure Enabling FRR on the headend of a primary LSP To enable FRR on the headend of a primary LSP: Step Command Remarks 1. Enable FRR.

mpls rsvp-te hello Disabled by default 4.Step Command Remarks • For node protection. quit N/A 7. This can defeat your attempts to binding a primary LSP to a bypass tunnel. mpls te backup bandwidth { bandwidth | { ct0 | ct1 | ct2 | ct3 } { bandwidth | un-limited } } Bandwidth is not protected by default. Enter the view of the interface directly connected to the protected node or PLR. Configuring node protection To use FRR for node protection. Exit to system view. mpls te commit N/A 6. 5. Therefore. Enter interface view of the outgoing interface of the protected LSP. mpls N/A 3. interface interface-type interface-number N/A Bind the bypass tunnel with the protected interface. To configure node protection: Step Command Remarks 1. Specify the destination address of the bypass tunnel. 4. 80 . mpls rsvp-te hello Disabled by default 6. CAUTION: Bypass tunnels do not protect bandwidth by default. NOTE: RSVP hello extension is configured to detect node failures caused by problems such as signaling error other than failures caused by link failures. Enter MPLS view. you need to perform the tasks in this section on the PLR and the protected node. Configure the bandwidth and type of LSP that the bypass tunnel can protect. skip this section. Enable RSVP hello extension on current node. If you only need to protect links. quit N/A 5. mpls te fast-reroute bypass-tunnel tunnel tunnel-number N/A 8. you must configure the bandwidth that it is intended to protect with the mpls te backup bandwidth command. Exit to system view. Enter system view. destination ip-address LSR ID of the next hop router of PLR. Submit current tunnel configuration. this is the LSR ID of the next hop router of PLR. • For link protection. when configuring a bypass tunnel. system-view N/A 2. this is the 3. interface interface-type interface-number N/A Enable RSVP hello extension on the interface.

Enter MPLS view. After this switchover. the ingress can collect the information of each hop along the MPLS TE tunnel. To check the connectivity of an MPLS TE tunnel: Task Command Use MPLS LSP ping to check the connectivity of an MPLS TE tunnel. when an MPLS TE tunnel fails. To detect MPLS TE tunnel failures in time and locate the failed node. system-view N/A 2. Each node along the MPLS TE tunnel will return an MPLS echo reply to the ingress due to TTL timeout.Configuring the FRR polling timer The protection provided by FRR is temporary. At the ingress. You can also use MPLS LSP tracert to collect important information of each hop along the MPLS TE tunnel. ping lsp [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m wait-time | -r reply-mode | -s packet-size | -t time-out | -v ] * te interface-type interface-number Configuring MPLS LSP tracert MPLS LSP tracert can be used to locate errors of an MPLS TE tunnel. Enter system view of the PLR node. such as the label allocated. Inspecting an MPLS TE tunnel On an MPLS TE network. the PLR polls available bypass tunnels for the best one at the regular interval specified by the FRR polling timer: To configure the FRR polling timer: Step Command Remarks 1. Once a protected LSP becomes available again or a new LSP is established. it adds the label for the MPLS TE tunnel to be inspected into an MPLS echo request. with the TTL increasing from 1 to a specific value. mpls N/A 3. It sends MPLS echo requests to the nodes along the MPLS TE tunnel to be inspected. the control plane cannot detect the failure or cannot do so in time. which then is forwarded along the MPLS TE tunnel to the egress. the router provides the following mechanisms: • MPLS LSP ping • MPLS LSP tracert • BFD for an MPLS TE tunnel • Periodic tracert of an MPLS TE tunnel Configuring MPLS LSP ping MPLS LSP ping can be used to check the connectivity of an MPLS TE tunnel. mpls te timer fast-reroute [ second ] Optional. 81 . Thus. This brings difficulty to network maintenance. The FRR polling timer is 300 seconds by default. Configure the FRR polling timer. traffic will be switched to the protected or new LSP. so as to locate the failed node. The ingress determines whether the MPLS TE tunnel is normal according to whether it can receive a reply from the egress.

BFD triggers protection switching to switch traffic to another tunnel. 6. quit N/A 4. forward the BFD control packet along the tunnel. Enter the tunnel interface view of an MPLS TE tunnel. After you enable BFD and configure the mpls te failure-action teardown command for an MPLS TE tunnel. the BFD session will be established with the specified discriminator values. and the other from remote to local) between two routers. Such a BFD session can detect the connectivity of a unidirectional (from the local router to the remote router) MPLS TE tunnel between two routers. a BFD session will be established between the ingress and egress of the tunnel. mpls te bfd enable [ discriminator local local-id remote remote-id ] By default. mpls te failure-action teardown 82 Optional. the MPLS LSP ping will be run automatically to negotiate the discriminator values and then the BFD session will be established based on the negotiated discriminator values. Enter system view. Return to system view. interface tunnel tunnel-number N/A 5. BFD can detect the failure. Upon detecting an MPLS TE tunnel failure. and if RSVP does not re-establish the tunnel within a specific period of time. system-view N/A 2. Enable LSP verification and enter MPLS LSPV view. 3. After you configure BFD for an MPLS TE tunnel. MPLS TE will remove the failed RSVP-TE tunnel and then re-establish it. • Static: If you specify the local and remote discriminator values by using the discriminator keyword when configuring the mpls te bfd enable command. A BFD session for MPLS TE tunnel detection can be static or dynamic. • Dynamic: If you do not specify the local and remote discriminator values when configuring the mpls te bfd enable command. and determine the status of the tunnel according to the BFD control packet received from the egress. Configure MPLS TE to tear down a failed RSVP TE tunnel and reestablish it. and the ingress will add the label for the tunnel into a BFD control packet. LSP verification is disabled. once an RSVP-TE tunnel failure occurs. To configure BFD for an MPLS TE tunnel: Step Command Remarks 1. mpls lspv By default. Not configured by default.To locate errors of an MPLS TE tunnel: Task Command Use MPLS LSP tracert to locate errors of an MPLS TE tunnel. Such a BFD session can detect the connectivity of a pair of MPLS TE tunnels in opposite directions (one from local to remote. Configure BFD to check the connectivity of the MPLS TE tunnel. BFD is not configured to check connectivity of MPLS TE tunnels. tracert lsp [ -a source-ip | -exp exp-value | -h ttl-value | -r reply-mode |-t time-out ] * te interface-type interface-number Configuring BFD for an MPLS TE tunnel You can configure BFD for an MPLS TE tunnel to implement fast detection of the connectivity of the tunnel. .

• Before establishing a static BFD session. once the periodical LSP tracert function detects a fault or inconsistency of the forwarding plane and control plane of the MPLS TE tunnel. see High Availability Configuration Guide. Return to system view. Configuring periodic LSP tracert for an MPLS TE tunnel The periodic LSP tracert function for an MPLS TE tunnel is for locating faults of the MPLS TE tunnel periodically. Even if you configure the two nodes to both work in passive mode. before configuring BFD to inspect an MPLS TE tunnel. • You cannot establish both a static BFD session and a dynamic BFD session for the same MPLS TE tunnel. If you configure BFD as well as periodical tracert for an MPLS TE tunnel. the BFD session for the tunnel will be deleted and a new BFD session will be established according to the control plane. to make sure that the BFD session will not be down during an FRR switching. For more information about BFD parameter configuration. The bfd session init-mode command does not take effect on the ingress and egress nodes of such a BFD session. LSP verification is disabled. After you configure periodic LSP tracert and the mpls te failure-action teardown command for an MPLS TE tunnel.NOTE: • For more information about the mpls lspv command. Enter system view. system-view N/A 2. The source address of the BFD session is the MPLS LSR ID. make sure that there is a route on the peer router to the MPLS LSR ID. make sure that there is already an MPLS TE tunnel from the local router to the remote router and an MPLS TE tunnel from the remote router to the local router. quit N/A 4. It detects the consistency of the forwarding and control plane and records detection results into logs. • After establishing a static BFD session for an MPLS TE tunnel. • The BFD session parameters are those configured on the MPLS TE tunnel interface. To configure periodic LSP tracert for an MPLS TE tunnel: Step Command Remarks 1. the ingress node always works in active mode and the egress node always works in passive mode. interface tunnel tunnel-number N/A 83 . the BFD session will still be established successfully. and you can also configure the BFD session parameters on the tunnel interface as needed. you need to give the BFD detection interval a greater value than the FRR detection interval. once an RSVP-TE tunnel failure occurs. You can know whether an MPLS TE tunnel has failed by checking the logs. • If you enable both FRR and BFD for an MPLS TE tunnel. Enter the tunnel interface view of an MPLS TE tunnel. • In a BFD session for detecting an MPLS TE tunnel’s connectivity. the periodic LSP tracert function can detect the failure. and if RSVP does not re-establish the RSVP-TE tunnel within a specific period of time. Enable LSP verification and enter MPLS LSPV view. Therefore. 3. MPLS TE will remove the failed RSVP-TE tunnel and then re-establish it. see MPLS Command Reference. you cannot modify the discriminator values of the BFD session. mpls lspv By default.

5. interface tunnel tunnel-number N/A 3. mpls te failure-action teardown Optional. Configure a protection tunnel for the main tunnel. N/A Displaying and maintaining MPLS TE 84 . mpls te periodic-tracert [ -a source-ip | -exp exp-value | -h ttl-value | -m wait-time | -t time-out | -u retry-attempt ] * 6. Configure MPLS TE to tear down a failed RSVP TE tunnel and reestablish it. do the following: • Configure MPLS basic capabilities • Enable MPLS TE and create an MPLS TE tunnel • Configure BFD for the MPLS TE tunnel. system-view N/A 2. Enable periodic LSP tracert for the MPLS TE tunnel. mpls te protection tunnel tunnel-id [ holdoff holdoff-time | mode { non-revertive | revertive [ wtr wtr-time ] } ] * N/A Configure an external protection switching action. NOTE: For more information about the mpls lspv command. no switching action is configured. see MPLS Command Reference.Step Command Remarks By default. Enter system view. prepare the following data: • Interface number of the main tunnel in the protection group • ID of the protection tunnel in the protection group Configuration procedure To configure protection switching: Step Command Remarks 1. Before configuring a protection tunnel. mpls te protect-switch { clear | force | lock | manual { protect-lsp | work-lsp } } Commit the current configuration of the tunnel. Not configured by default. By default. mpls te commit 4. Configuring protection switching Configuration prerequisites Before configuring protection switching. Enter tunnel interface view. 5. Optional. periodic LSP tracert is disabled for MPLS TE tunnels.

display mpls te cspf tedb { all | area area-id | interface ip-address | network-lsa | node [ mpls-lsr-id ] } [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the CR-LSPs carried on the specified or all links. display mpls rsvp-te reservation [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about RSVP-TE PSB. display mpls rsvp-te sender [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display statistics about RSVP-TE. display explicit-path [ pathname ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about static CR-LSPs. display mpls static-cr-lsp [ lsp-name lsp-name ] [ { include | exclude } ip-address prefix-length ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display RSVP-TE configuration. display mpls rsvp-te psb-content ingress-lsr-id lspid tunnel-id egress-lsr-id [ | { begin | include | exclude } regular-expression ] Available in any view Display information about RSVP-TE RSB. display mpls rsvp-te rsb-content ingress-lsr-id Ispid tunnel-id egress-lsr-id nexthop-address [ | { begin | exclude | include } regular-expression ] Available in any view Display information about RSVP sender messages. display mpls rsvp-te request [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about RSVP resource reservation. display mpls te link-administration admission-control [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the bandwidth allocated to the specified or all MPLS TE-enabled interfaces. display mpls rsvp-te established [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display RSVP-TE neighbors.Task Command Remarks Display information about explicit paths. display mpls te link-administration bandwidth-allocation [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view 85 . display mpls rsvp-te [ interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] ] Available in any view Display the RSVP-TE tunnel information. display mpls rsvp-te peer [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about RSVP requests. display mpls rsvp-te statistics { global | interface [ interface-type interface-number ] } [ | { begin | exclude | include } regular-expression ] Available in any view Display criteria-compliant information about CSPF-based TEDB.

display tunnel-info { tunnel-id | all | statistics } [ | { begin | exclude | include } regular-expression ] Available in any view Display the BFD information for an MPLS TE tunnel. display ospf [ process-id ] traffic-adjustment [ | { begin | exclude | include } regular-expression ] Available in any view Display information about OSPF TE. display isis traffic-eng statistics [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about sub-TLVs for the IS-IS TE extension. display ospf [ process-id ] mpls-te [ area area-id ] [ self-originated ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the latest TE information advertised by IS-IS TE. display mpls te tunnel path [ lsp-id lsr-id lsp-id | tunnel-name tunnel-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display statistics about MPLS TE tunnels. display isis traffic-eng network [ level-1 | level-1-2 | level-2 ] [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display statistics about TE for IS-IS. display isis traffic-eng advertisements [ [ level-1 | level-1-2 | level-2 ] | [ lsp-id lsp-id | local ] ] * [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about TE links for IS-IS.Task Command Remarks Display information about MPLS TE tunnels. display isis traffic-eng sub-tlvs [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about tunnels. display mpls te tunnel [ destination dest-addr ] [ lsp-id lsr-id lsp-id ] [ lsr-role { all | egress | ingress | remote | transit } ] [ name name ] [ { incoming-interface | outgoing-interface | interface } interface-type interface-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the path attributes of MPLS TE tunnels on this node. display isis traffic-eng link [ [ level-1 | level-1-2 | level-2 ] | verbose ] * [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about TE networks for IS-IS. display mpls te tunnel-interface tunnel number [ | { begin | exclude | include } regular-expression ] Available in any view Display the information of the specified or all OSPF processes about traffic tuning.. display mpls te tunnel statistics [ | { begin | exclude | include } regular-expression ] Available in any view Display information about MPLS TE tunnel interfaces. display mpls lsp bfd [ te tunnel tunnel-number ] [ | { begin | exclude | include } regular-expression ] Available in any view 86 .

0001. Enable IS-IS to advertise host routes with LSR IDs as destinations # Configure Router A.00 [RouterA-isis-1] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] isis enable 1 [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface loopback 0 87 . display mpls te ds-te [ | { begin | exclude | include } regular-expression ] Available in any view Clear the statistics about RSVP-TE.0000. and Router C run IS-IS.0000. Figure 24 Network diagram Configuration procedure 1. reset mpls rsvp-te statistics { global | interface [ interface-type interface-number ] Available in user view MPLS TE configuration examples MPLS TE using static CR-LSP configuration example Network requirements Router A. display mpls te protection tunnel { tunnel-id | all } [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about DS-TE.Task Command Remarks Display information about the specified tunnels and their protection tunnels. Establish a TE tunnel using a static CR-LSP between Router A and Router C. (Details not shown) 2. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0005. Assign IP addresses and masks to interfaces (see Figure 24). Router B.

0/24 Direct 0 0 2.0000. [RouterA] mpls lsr-id 1.1.0003.2.0000.0.1.0.2.1.1.1 InLoop0 127.0. Routes : 8 Destination/Mask Proto Cost NextHop Interface 1.3/32 ISIS 15 20 2.[RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] quit # Configure Router B.3.00 [RouterC-isis-1] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] isis enable 1 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit Perform the display ip routing-table command on each router.0.2 GE3/1/1 3.0.1 GE3/1/1 2.0. <RouterB> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 00.0.1.0.0.1 InLoop0 2.1. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.1/32 Direct 0 0 127.2 GE3/1/1 3.0.2 GE3/1/1 127.3.1 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] quit 88 .0.1.1.1. Take Router A for example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 8 3.1.2/32 ISIS 15 10 2.0005.0002.1.0005.0.2.00 [RouterB-isis-1] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] isis enable 1 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] isis enable 1 [RouterB-GigabitEthernet3/1/2] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] quit # Configure Router C.1.0/8 Direct 0 0 127.1/32 Direct 0 Pre 0 127.0000.0000.1.1/32 Direct 0 0 127.1 InLoop0 2. You can see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.1 InLoop0 Configure MPLS TE basic capabilities # Configure Router A.1.0/24 ISIS 15 20 2.1.1.1.

Verify the configuration 89 .3. [RouterB] mpls lsr-id 2. Create a static CR-LSP # Configure Router A as the ingress node of the static CR-LSP.3.3.3 [RouterA-Tunnel3] mpls te tunnel-id 10 [RouterA-Tunnel3] mpls te signal-protocol static [RouterA-Tunnel3] mpls te commit [RouterA-Tunnel3] quit 5.3 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] quit 4.2.2.3. Configure an MPLS TE tunnel # Configure an MPLS TE tunnel on Router A.2 out-label 20 # Configure Router B as the transit node on the static CR-LSP.1.1.2.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] quit # Configure Router C. [RouterB] static-cr-lsp transit tunnel3 incoming-interface GigabitEthernet 3/1/1 in-label 20 nexthop 3. [RouterA] interface tunnel 3 [RouterA-Tunnel3] ip address 6. [RouterC] mpls lsr-id 3.0 [RouterA-Tunnel3] tunnel-protocol mpls te [RouterA-Tunnel3] destination 3.1.255.2 out-label 30 # Configure Router C as the egress node of the static CR-LSP.3 nexthop 2.[RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.3.1 255.255.3.1. [RouterA] static-cr-lsp ingress tunnel3 destination 3.1. [RouterC] static-cr-lsp egress tunnel3 incoming-interface GigabitEthernet 3/1/1 in-label 30 6.

3.3 -/GE3/1/1 Name Tunnel3 [RouterB] display mpls te tunnel LSP-Id Destination In/Out-If - - GE3/1/1/GE3/1/2 Name Tunnel3 [RouterC] display mpls te tunnel LSP-Id Destination In/Out-If - - GE3/1/1/- Name Tunnel3 Perform the display mpls lsp command or the display mpls static-cr-lsp command on each router to verify information about the static CR-LSP. destination 3. 0/500/0 0/75/0 0 bytes/sec. 0 packets/sec Last 300 seconds output: 0 packets input. [RouterA] display mpls lsp ------------------------------------------------------------------LSP Information: STATIC CRLSP ------------------------------------------------------------------FEC In/Out Label In/Out IF 3. [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If 1.1/24 Primary Encapsulation is TUNNEL.1:1 3.3 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0 bytes/sec.3.3. [RouterA] display interface tunnel Tunnel3 current state: UP Line protocol current state: UP Description: Tunnel3 Interface The Maximum Transmit Unit is 1500 Internet Address is 6.1.Perform the display interface tunnel command on Router A.1. service-loopback-group ID not set Tunnel source unknown.1.1.3.3/32 NULL/20 -/GE3/1/1 Vrf Name [RouterB] display mpls lsp -----------------------------------------------------------------LSP Information: STATIC CRLSP -----------------------------------------------------------------FEC In/Out Label In/Out IF -/- 20/30 GE3/1/1/GE3/1/2 Vrf Name [RouterC] display mpls lsp -----------------------------------------------------------------LSP Information: STATIC CRLSP 90 . You can find that the tunnel interface is up.3. 0 packets/sec 0 bytes 0 input error 0 packets output. 0 bytes 0 output error Perform the display mpls te tunnel command on each router to verify information about the MPLS TE tunnel.3.

and Router D are running IS-IS and all of them are Level-2 routers. Use RSVP-TE to create a TE tunnel with 2000 kbps of bandwidth from Router A to Router D. Create a static route for routing MPLS TE tunnel traffic.2.-----------------------------------------------------------------FEC In/Out Label In/Out IF -/- 30/NULL GE3/1/1/- Vrf Name [RouterA] display mpls static-cr-lsp total static-cr-lsp : 1 Name FEC I/O Label I/O If State Tunnel3 3. Router C. Figure 25 Network diagram Device Interface IP address Device 91 Interface IP address . Router B. You can find a static route entry with interface Tunnel3 as the outgoing interface. traffic is forwarded directly based on label at the transit nodes and egress node. [RouterA] ip route-static 3.1.2 24 tunnel 3 preference 1 Perform the display ip routing-table command on Router A. MPLS TE tunnel using RSVP-TE configuration example Network requirements Router A.3. 7. it is normal that the FEC field in the sample output is empty on Router B and Router C. ensuring that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth is 5000 kbps.3.3/32 NULL/20 -/GE3/1/1 Up [RouterB] display mpls static-cr-lsp total static-cr-lsp : 1 Name FEC I/O Label I/O If State Tunnel3 -/- 20/30 GE3/1/1/GE3/1/2 Up [RouterC] display mpls static-cr-lsp total static-cr-lsp : 1 Name FEC I/O Label I/O If State Tunnel3 -/- 30/NULL GE3/1/1/- Up NOTE: On an MPLS TE tunnel configured using a static CR-LSP. Therefore.

0002. <RouterC> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 00.00 [RouterC-isis-1] quit 92 .0005.2/24 Loop0 4.9/32 GE 3/1/1 30.1.0005.1.2.2/24 Router D Configuration procedure 1.1. Assign IP addresses and masks to interfaces (see Figure 25) Details not shown 2.0000. Enable IS-IS to advertise host routes with LSR IDs as destinations # Configure Router A.9/32 GE 3/1/1 30.1. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.1.9/32 GE 3/1/1 10.2.4.1.1.1.0000.3.0000.1.1.00 [RouterB-isis-1] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] isis enable 1 [RouterB-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] clock master [RouterB-POS2/1/1] isis enable 1 [RouterB-POS2/1/1] isis circuit-level level-2 [RouterB-POS2/1/1] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] isis circuit-level level-2 [RouterB-LoopBack0] quit # Configure Router C.9/32 GE 3/1/1 10.1.00 [RouterA-isis-1] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] isis enable 1 [RouterA-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface loopback 0 [RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] isis circuit-level level-2 [RouterA-LoopBack0] quit # Configure Router B.1.1/24 Loop0 2.0000.0000.1.0001.1/24 Router C Loop0 3.0003.1.1/24 POS 2/1/1 20.Router A Router B Loop0 1.4.0000.3.0005.2/24 POS 2/1/1 20.

9/32 ISIS 15 10 10.1.0/8 Direct 0 0 127.1.0/24 ISIS 15 20 10.0.1.1.1.9/32 Direct 0 0 127.0.1 InLoop0 2.0000.1.4.0.3. and enable RSVP-TE and CSPF # Configure Router A.1/32 Direct 0 0 127.1 InLoop0 20.0.4.1.1/32 Direct 0 0 127.[RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] isis enable 1 [RouterC-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface pos 2/1/1 [RouterC-POS2/1/1] isis enable 1 [RouterC-POS2/1/1] isis circuit-level level-2 [RouterC-POS2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configure Router D.1. You can see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.0.1. Proto Pre Routes : 10 Cost NextHop Interface 1.1.1.0/24 ISIS 15 30 10.0.0.1.1.2 GE3/1/1 30.0/24 Direct 0 0 10.1 InLoop0 Configure MPLS TE basic capabilities.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf 93 . [RouterA] mpls lsr-id 1.1. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] network-entity 00.0. Take Router A for example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 Destination/Mask 3.0005.2 GE3/1/1 4.2 GE3/1/1 3.1 GE3/1/1 10.0000.1.00 [RouterD-isis-1] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] isis enable 1 [RouterD-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterD-GigabitEthernet3/1/1] quit [RouterD] interface loopback 0 [RouterD-LoopBack0] isis enable 1 [RouterD-LoopBack0] isis circuit-level level-2 [RouterD-LoopBack0] quit Perform the display ip routing-table command on each router.1.1.2.0.1.0.1.1.0004.1.3.1.0.2 GE3/1/1 127.0.1 InLoop0 127.1.1.9/32 ISIS 15 30 10.2.2 GE3/1/1 10.9/32 ISIS 15 20 10.

3.4.2.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface pos 2/1/1 [RouterC-POS2/1/1] mpls [RouterC-POS2/1/1] mpls te [RouterC-POS2/1/1] mpls rsvp-te [RouterC-POS2/1/1] quit # Configure Router D. [RouterB] mpls lsr-id 2. [RouterC] mpls lsr-id 3. [RouterD] mpls lsr-id 4.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls rsvp-te [RouterD-mpls] mpls te cspf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 94 .2.4.[RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.3.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit # Configure Router C.

[RouterC] isis 1 [RouterC-isis-1] cost-style wide [RouterC-isis-1] traffic-eng level-2 [RouterC-isis-1] quit # Configure Router D. Configure MPLS TE attributes of links # Configure maximum link bandwidth and maximum reservable bandwidth on Router A. [RouterA] isis 1 [RouterA-isis-1] cost-style wide [RouterA-isis-1] traffic-eng level-2 [RouterA-isis-1] quit # Configure Router B. Configure IS-IS TE # Configure Router A. [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface pos 2/1/1 95 . [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit 5. [RouterB] isis 1 [RouterB-isis-1] cost-style wide [RouterB-isis-1] traffic-eng level-2 [RouterB-isis-1] quit # Configure Router C. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterB-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-POS2/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router C.[RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] mpls rsvp-te [RouterD-GigabitEthernet3/1/1] quit 4. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet3/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router B.

1 255. Verify the configuration Perform the display interface tunnel command on Router A.4.1. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : 96 .255. 0 packets/sec Last 300 seconds output: 0 packets input.1. 0/500/0 0 bytes/sec.4.255.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0/75/0 0 bytes/sec. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel4 Interface The Maximum Transmit Unit is 1500 Internet Address is 7.9 [RouterA-Tunnel4] mpls te tunnel-id 10 [RouterA-Tunnel4] mpls te signal-protocol rsvp-te [RouterA-Tunnel4] mpls te bandwidth 2000 [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit 7. destination 4. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterD-GigabitEthernet3/1/1] quit 6. You can find that the tunnel interface is up.4.1/24 Primary Encapsulation is TUNNEL.[RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-POS2/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router D.1.4. service-loopback-group ID not set Tunnel source unknown. [RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 7.1. Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A. 0 packets/sec 0 bytes 0 input error 0 packets output.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 4. 0 bytes 0 output error Perform the display mpls te tunnel-interface command on Router A to verify information about the MPLS TE tunnel.

9:3 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1.3. 97 .9 ISIS 1 Level-2 1 4 1. You can find a static route entry with interface Tunnel4 as the outgoing interface.9 ISIS 1 Level-2 2 3 4.4.9 Egress LSR ID: 4.LSP ID : 1.1.9 ISIS 1 Level-2 1 Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 30.1.1.4.4.4. [RouterA] display mpls te cspf tedb all 8. Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 Id MPLS LSR-Id IGP Process-Id Area Link-Count 1 3.3.2.2 24 tunnel 4 preference 1 Perform the display ip routing-table command on Router A.1.1.1.9 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 2000 kbps Reserved BW : 2000 kbps Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : - : Hold Priority: UP 7 Tie-Breaking Policy : None Metric Type : None Record Route : Disabled Record Label : Disabled FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : 10 sec : - Disabled Auto BW Freq : - - Max BW - : Perform the display mpls te cspf tedb all command on Router A to view information about links in TEDB.1.2.1.9 ISIS 1 Level-2 2 2 2.

3.0.0 0.1.0. Along the tunnel.1. and they run OSPF as the IGP.1.2/24 Loop0 4.1.4.0. with the bandwidth being 2000 kbps.9/32 Loop0 3. the maximum link bandwidth is 10000 kbps and maximum reservable bandwidth is 5000 kbps.0] quit [RouterA-ospf-1] quit 98 .9/32 GE3/1/1 10. Figure 26 Network diagram Device Router A Router B Interface IP address Device Router C Interface IP address Loop0 1.0.1.1.0.9 0.1. Establish an EBGP connection between ASBRs Router B and Router C. Configure OSPF to advertise routes within the ASs # Configure OSPF on Router A.1.Configuration example of inter-AS MPLS TE tunnel using RSVP-TE Network requirements Router A and Router B are in AS 100. <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.2.1.9/32 GE3/1/1 30. Redistribute BGP routes into OSPF and OSPF routes into BGP.1.1/24 Router D Configuration procedure 1.1/24 GE3/1/1 30.1.0.0.1.0. Router C and Router D are in AS 200.1. and they run OSPF as the IGP.0.2/24 POS2/1/1 20.2/24 GE3/1/1 10.1.1. Establish an MPLS TE tunnel between Router A and Router D by using RSVP-TE.1. Assign IP addresses and masks to interfaces (see Figure 26) 2.0] network 1.1. so that a route is available between AS 100 and AS 200.0.255 [RouterA-ospf-1-area-0.2.0] network 10.0 [RouterA-ospf-1-area-0.3.4.9/32 POS2/1/1 20.1/24 Loop0 2.1.

<RouterD> system-view [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.1.1. <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] import-route direct [RouterC-ospf-1] import-route bgp [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.1.0.1.0.9 0.1.1.2.1. Destination/Mask Proto 1.0.0/24 Direct 0 0 10.0.0.0.1 GE3/1/1 10.0 0. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] import-route direct [RouterB-ospf-1] import-route bgp [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.2.255 [RouterC-ospf-1-area-0.0] network 10. [RouterB] bgp 100 99 .2.1 InLoop0 2.3.0 [RouterB-ospf-1-area-0.0 0.2.0.0.1.0.0.0.0 0.0.9 0.9 0.1/32 Direct 0 0 127.1 InLoop0 127.0] network 3.1.0. # Configure Router B.0] network 4.0] quit [RouterD-ospf-1] quit After the configurations.4.0/8 Direct 0 0 127.0.4.1/32 Direct 0 0 127.0.2 GE3/1/1 10.0.# Configure OSPF on Router B.0. execute the display ip routing-table command on each device.255 [RouterB-ospf-1-area-0.1.0.0.0.1. Take Router A as an example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 6 3.0.0.0.0.1 InLoop0 127.0] quit [RouterC-ospf-1] quit # Configure OSPF on Router D.0.3.0. ensuring that the ASs can communicate with each other.0] network 30.0.0.1.0] quit [RouterB-ospf-1] quit # Configure OSPF on Router C.0.0.0] network 2. The output shows that each device has learned the route to the LSR ID of the other device in the same AS.1.9/32 OSPF 1 10.0.0.0] network 30.0.0.1.0.0.0 [RouterC-ospf-1-area-0.9/32 Routes : 6 Pre Cost NextHop Interface Direct 0 0 127.255 [RouterD-ospf-1-area-0.1.0.0.1.0.1 InLoop0 10 Configure BGP on Router B and Router C and redistribute routes.0.0.0 [RouterD-ospf-1-area-0.

0/24 Direct 0 0 10.1.0.1.1.1. [RouterC] bgp 200 [RouterC-bgp] peer 20.0.[RouterB-bgp] peer 20.0.1.0.1.4.2 GE3/1/1 10.1.1 InLoop0 2.1/32 Direct 0 0 127.1.2 as-number 200 [RouterB-bgp] import-route ospf [RouterB-bgp] import-route direct [RouterB-bgp] quit # Configure Router C.2.1.1.1 InLoop0 127. The output shows that each device has learned the routes to the outside of the AS.2.0/24 O_ASE 150 1 10.9/32 OSPF 10 1 10.9/32 O_ASE 150 1 10.1.0/24 O_ASE 150 1 10.1. [RouterA] mpls lsr-id 1.9/32 O_ASE 150 1 10. [RouterB] mpls lsr-id 2.1.2.0.3.1. Destination/Mask Proto 1.0.0.9/32 Routes : 10 Pre Cost NextHop Interface Direct 0 0 127.1. Take Router A as an example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 4.0.1 as-number 100 [RouterC-bgp] import-route ospf [RouterC-bgp] import-route direct [RouterC-bgp] quit After the configuration.1.1.3.2.1.1. execute the display ip routing-table command on each device. and enable RSVP-TE and CSPF # Configure Router A.2 GE3/1/1 4.0.1/32 Direct 0 0 127.1.1 InLoop0 Configure MPLS TE basic capabilities.1.1.1 GE3/1/1 10.0.0/8 Direct 0 0 127.2 GE3/1/1 3.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.1 InLoop0 20.1.1.1.0.2 GE3/1/1 30.1.4.2 GE3/1/1 127.1.1.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te 100 .0.

0] quit 101 .4.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls rsvp-te [RouterD-mpls] mpls te cspf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] mpls rsvp-te [RouterD-GigabitEthernet3/1/1] quit 5.0.0.3. Configure OSPF TE # Configure Router A. [RouterD] mpls lsr-id 4. [RouterC] mpls lsr-id 3.0. [RouterA] ospf [RouterA-ospf-1] opaque-capability enable [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0] mpls-te enable [RouterA-ospf-1-area-0.[RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit # Configure Router C.4.3.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls [RouterC-POS2/1/1] mpls te [RouterC-POS2/1/1] mpls rsvp-te [RouterC-POS2/1/1] quit # Configure Router D.

1.0.1.2 include loose [RouterA-explicit-path-atod] quit 7.2 include loose [RouterA-explicit-path-atod] next hop 30. Configure MPLS TE attributes of links # Configure the maximum link bandwidth and maximum reservable bandwidth on Router A.0] quit [RouterD-ospf-1] quit 6.1.1.1.0. [RouterD] ospf [RouterD-ospf-1] opaque-capability enable [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0. [RouterB] ospf [RouterB-ospf-1] opaque-capability enable [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet3/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router B. [RouterC] interface GigabitEthernet 3/1/1 102 . [RouterA] explicit-path atod enable [RouterA-explicit-path-atod] next hop 10.0] mpls-te enable [RouterC-ospf-1-area-0.0.0.0. Configure a loose explicit route # Configure a loose explicit route on Router A.0. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterB-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-POS2/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router C.0.0.0.0.0] mpls-te enable [RouterB-ospf-1-area-0.1.0] mpls-te enable [RouterD-ospf-1-area-0.0] quit [RouterB-ospf-1] quit # Configure Router C.[RouterA-ospf-1] quit # Configure Router B.0.2 include loose [RouterA-explicit-path-atod] next hop 20.0] quit [RouterC-ospf-1] quit # Configure Router D. [RouterC] ospf [RouterC-ospf-1] opaque-capability enable [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.

0 packets/sec 0 bytes 0 input error 0 packets output. [RouterA] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7. Verify the configuration Perform the display interface tunnel command on Router A. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterD-GigabitEthernet3/1/1] quit 8. 0 bytes/sec.255.4.255.4. destination 4. service-loopback-group ID not set.0 [RouterA-Tunnel1] tunnel-protocol mpls te [RouterA-Tunnel1] destination 4.1.9 [RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] mpls te path explicit-path atod preference 5 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit 9.4.1 255.1. 0 packets/sec Last 300 seconds output: 0 packets input. [RouterA] interface tunnel 1 [RouterA-Tunnel1] ip address 7.1.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last clearing of counters: Never Last 300 seconds input: 0 bytes/sec.[RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-POS2/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router D.1/24 Primary Encapsulation is TUNNEL. Tunnel source unknown.1. The output shows that the tunnel interface is up.4. 0 bytes 0 output error 103 0/500/0 0/75/0 . Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A.

4.9:2 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1.1. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel1 Tunnel Desc : Tunnel1 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.9 OSPF 1 0 1 104 .1.1.1.9 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 2000 kbps Reserved BW : 2000 kbps Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : atod Tie-Breaking Policy : None Metric Type : None Loop Detection : Disabled Record Route : FRR Flag BackUpBW Type : UP Hold Priority: 7 Disabled Record Label : Disabled : Disabled BackUpBW Flag: Not Supported : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : 2 sec : - Disabled Auto BW Freq : - Max BW - : - Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : Perform the display mpls te cspf tedb all command on Router A to view information about links in TEDB.1. [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 2 Current Total Link Number: 2 Id MPLS LSR-Id IGP Process-Id Area Link-Count 1 1.4.Perform the display mpls te tunnel-interface command on Router A to view the detailed information of the MPLS TE tunnel.1.9 Egress LSR ID: 4.

1.1 GE3/1/1 10.3.0. Router A.0/24 Static 1 0 7. With GR capability.1 Tun1 127.4.1.1.1.1/32 Direct 0 0 127.1. The output shows a static route entry with interface Tunnel 1 as the outgoing interface.2 GE3/1/1 30.0.2.1 InLoop0 127. 2.1.0/24 Direct 0 0 10.1.2 24 tunnel 1 preference 1 Perform the display ip routing-table command on Router A.2 GE3/1/1 3.2 10. [RouterA] display ip routing-table Routing Tables: Public Destinations : 14 Destination/Mask Proto 1.1.1.1.2 GE3/1/1 7.1.9/32 Routes : 14 Pre Cost NextHop Interface Direct 0 0 127.1.0.1.0.0.1 InLoop0 2. All of them are Level-2 routers and support RSVP hello extension.1. Assign IP addresses and masks to interfaces (see Figure 27) Details not shown 2.1.0/24 Direct 0 0 7.1.0.9/32 O_ASE 150 1 10.1.1 InLoop0 10.0.0.2 GE3/1/1 4.0.9/32 OSPF 10 1 10.2.1.4.1 Tun1 7.0.1.3.9/32 O_ASE 150 1 10. Router B and Router C are RSVP-TE neighbors. Router B and Router C are running IS-IS.1.1. Use RSVP-TE to create a TE tunnel from Router A to Router C.1. Figure 27 Network diagram Configuration procedure 1.1/32 Direct 0 0 127.1 InLoop0 150 RSVP-TE GR configuration example Network requirements Router A.1.0.2.1.0.0.0/24 O_ASE 1 10.1.1.0/8 Direct 0 0 127.1.2.0.1/32 Direct 0 0 127. Enable IS-IS to advertise host routes with LSR IDs as destinations Details not shown 105 .1.1. each of them can provide GR helper support when another is GR restarting.1 InLoop0 20.1.9 OSPF 1 0 1 Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 30.

<RouterB> system-view [RouterB] mpls lsr-id 2.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls rsvp-te hello [RouterB-mpls] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te hello [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] mpls rsvp-te [RouterB-GigabitEthernet3/1/2] mpls rsvp-te hello [RouterB-GigabitEthernet3/1/2] quit # Configure Router C.3.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls rsvp-te hello [RouterA-mpls] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te hello [RouterA-GigabitEthernet3/1/1] quit # Configure Router B. Configure MPLS TE basic capabilities. <RouterA> system-view [RouterA] mpls lsr-id 1. <RouterC> system-view [RouterC] mpls lsr-id 3. Configure IS-IS TE 106 .3.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls rsvp-te hello [RouterC-mpls] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te hello [RouterC-GigabitEthernet3/1/1] quit 4.3.1.1. and enable RSVP-TE and RSVP hello extension # Configure Router A.2.2.

2 SrcInstance: 880 NbrSrcInstance: 5017 PSB Count: 0 RSB Count: 1 Hello Type Sent: REQ Neighbor Hello Extension: ENABLE SRefresh Enable: NO Graceful Restart State: Ready Restart Time: 120 Sec Recovery Time: 300 Sec MPLS RSVP-TE and BFD cooperation configuration example Network requirements Router A and Router B are connected directly. <RouterB> system-view [RouterB] mpls [RouterB-mpls] mpls rsvp-te graceful-restart # Configure Router C.1. <RouterC> system-view [RouterC] mpls [RouterC-mpls] mpls rsvp-te graceful-restart 7. a tunnel is created between Router A and Router C.Details not shown 5. Enable MPLS RSVP-TE BFD on the interfaces connecting the two routers. Configure RSVP-TE GR # Configure Router A. If the physical link between Router A and Router B fails. <RouterA> display mpls rsvp-te peer Interface GigabitEthernet3/1/1 Neighbor Addr: 10. you will see that the neighbor’s GR status is Ready. <RouterA> system-view [RouterA] mpls [RouterA-mpls] mpls rsvp-te graceful-restart # Configure Router B. Configure the MPLS TE tunnel Details not shown 6. BFD can detect the failure quickly and inform MPLS RSVP-TE of the failure. Issuing the following command. Figure 28 Network diagram 107 . and run OSPF on the routers to ensure reachability at the network layer.1. Verify the configuration After previous configurations.

Configure IP addresses for the interfaces 108 .2.0. Configure OSPF # Configure Router A.2.0.0.1 0.0.1.2. <RouterB> system-view [RouterB] mpls lsr-id 2.0.0] network 12.255 [RouterB-ospf-1-area-0.0] quit [Router-A-ospf-1] quit # Configure Router B.0] network 12.2.0.0 [Router-A-ospf-1-area-0.0] quit [RouterB-ospf-1] quit 3. <RouterA> system-view [RouterA] ospf [Router-A-ospf-1] area 0 [Router-A-ospf-1-area-0.0.0.0. Configure MPLS RSVP-TE basic capabilities # Configure Router A.1 0.0.1.0. <RouterB>system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0 [RouterB-ospf-1-area-0.12.0] network 2.12.12.0.0.0.0] network 1.0.12.1.Configuration procedure 1.2 0.0.0.0. <RouterA> system-view [RouterA] mpls lsr-id 1.1.255 [Router-A-ospf-1-area-0.0.2 0.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te bfd enable [RouterB-GigabitEthernet3/1/1] quit 2.1 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te bfd enable [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.

10.1 24 [RouterA-GigabitEthernet3/1/1] quit # Configure Router B. 109 .2.12.2.2 [RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] return 5.12.1 Destination IP: 12. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] ip address 12.12.# Configure Router A.12. Router C and Router D are running OSPF and all of them are in area 0. Verify the configuration Display the detailed information of the BFD session between Router A and Router B.1 24 [RouterA-Tunnel1] tunnel-protocol mpls te [RouterA-Tunnel1] destination 2.12. Configure the MPLS TE tunnel # Configure an RSVP-TE tunnel between Router A and Router B. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] ip address 12.12. <RouterA> display bfd session verbose Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: Local Discr: 19 Remote Discr: 18 Source IP: 12.12. Use CR-LDP to create a TE tunnel from Router A to Router D. [RouterA] interface tunnel 1 [RouterA-Tunnel1] ip address 10.2 Session State: Up Interface: GigabitEthernet3/1/1 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Running Up for: 00:00:01 Auth mode: None Connect Type: Direct Board Num: 6 Protocol: RSVP Diag Info: No Diagnostic MPLS TE using CR-LDP configuration example Network requirements Router A.12.10. ensuring that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth is 5000 kbps.2 24 4. Router B.

9/32 Loop0 3. Configure MPLS TE basic capabilities.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls 110 .2. and enable CSPF # Configure Router A. [RouterB] mpls lsr-id 2.1.2/24 Loop0 2.2.1.1. 3.9/32 GE 3/1/1 10.1.1.3.1.4.1.1.1.1.1.1.1/24 GE 3/1/2 20.4.2.3. Assign IP addresses and masks to interfaces (see Figure 29) Details not shown 2.9/32 Router D Loop0 4. you can perform the display ip routing-table command on each router. You can see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.2.1.1/24 GE 3/1/2 20.1/24 GE 3/1/1 30.9/32 GE 3/1/1 10. [RouterA] mpls lsr-id 1.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls te cspf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.Figure 29 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.2/24 Router B Router C Configuration procedure 1.1.1. Enable OSPF to advertise host routes with LSR IDs as destinations Details not shown After configuration.2/24 GE 3/1/1 30.

3.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface GigabitEthernet 3/1/2 [RouterC-GigabitEthernet3/1/2] mpls [RouterC-GigabitEthernet3/1/2] mpls te [RouterC-GigabitEthernet3/1/2] quit # Configure Router D.0] quit [RouterB-ospf-1] quit # Configure Router C. [RouterB] ospf [RouterB-ospf-1] opaque-capability enable [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.[RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] quit # Configure Router C.0. [RouterD] mpls lsr-id 4. [RouterA] ospf [RouterA-ospf-1] opaque-capability enable [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls te cspf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] quit 4.0.0] mpls-te enable [RouterB-ospf-1-area-0.0.4. [RouterC] ospf 111 .0. [RouterC] mpls lsr-id 3.0] quit [RouterA-ospf-1] quit # Configure Router B.4.3.0.0.0] mpls-te enable [RouterA-ospf-1-area-0.0.0. Configure OSPF TE # Configure Router A.

0. [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface GigabitEthernet 3/1/2 [RouterC-GigabitEthernet3/1/2] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/2] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/2] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router D.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D.0] quit [RouterD-ospf-1] quit 5.0. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterD-GigabitEthernet3/1/1] quit Perform the display mpls te cspf tedb all command on each router to view information about links in TEDB.0. [RouterD] ospf [RouterD-ospf-1] opaque-capability enable [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0] mpls-te enable [RouterD-ospf-1-area-0. Configure MPLS TE attributes of links # Configure maximum link bandwidth and maximum reservable bandwidth on Router A.0. Take Router A for example: [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 Id MPLS LSR-Id IGP Process-Id 112 Area Link-Count .0.[RouterC-ospf-1] opaque-capability enable [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0] mpls-te enable [RouterC-ospf-1-area-0. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet3/1/2] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router C. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet3/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router B.

[RouterA] mpls ldp [RouterA-mpls-ldp] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls ldp [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.9 OSPF 1 0 2 2 3.9:0 Operational DU Passive Off Off 11/11 ----------------------------------------------------------------LAM : Label Advertisement Mode 7.9 OSPF 1 0 1 Configure LDP # Configure Router A.2. 1 2.6.4. [RouterC] mpls ldp [RouterC-mpls-ldp] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls ldp [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface GigabitEthernet 3/1/2 [RouterC-GigabitEthernet3/1/2] mpls ldp [RouterC-GigabitEthernet3/1/2] quit # Configure Router D.1. You can find that an LDP session has been established and its state is operational.1.2. FT Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A.2.3.4.9 OSPF 1 0 1 4 1.9 OSPF 1 0 2 3 4.3. [RouterD] mpls ldp [RouterD-mpls-ldp] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls ldp [RouterD-GigabitEthernet3/1/1] quit Perform the display mpls ldp session command on each router. 113 : Fault Tolerance . [RouterB] mpls ldp [RouterB-mpls-ldp] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls ldp [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls ldp [RouterB-GigabitEthernet3/1/2] quit # Configure Router C.2. Take Router A for example: [RouterA] display mpls ldp session LDP Session(s) in Public Network ----------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ----------------------------------------------------------------2.

9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0/75/0 0 bytes/sec.9 Egress LSR ID: 4. 0 bytes 0 output error # Perform the display mpls te tunnel-interface command on Router A to view information about the tunnel.1. service-loopback-group ID not set Tunnel source unknown.4.1/24 Primary Encapsulation is TUNNEL. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 4.1.4.9 [RouterA-Tunnel4] mpls te tunnel-id 10 [RouterA-Tunnel4] mpls te signal-protocol crldp [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit # Perform the display interface tunnel command on Router A.4.1.9 Signaling Prot : CR LDP Resv Style : - Class Type : CT0 Tunnel BW : 2000 kbps Reserved BW : 2000 kbps Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : - 10 : Hold Priority: Tie-Breaking Policy : None Metric Type : None Record Route : Disabled 114 Record Label : UP 7 Disabled .1. 0/500/0 0 bytes/sec.4.4.[RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 8.255. destination 4.255.1.1.4. You can find that the tunnel interface is up.9:2 Session ID : Admin State : UP Oper State Ingress LSR ID : 1.1.1. 0 packets/sec Last 300 seconds output: 0 packets input.1 255. 0 packets/sec 0 bytes 0 input error 0 packets output. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel4 Interface The Maximum Transmit Unit is 1500 Internet Address is 8.

0.1.1.0.0 Traffic Engineering LSA's of the database ------------------------------------------------ LSA [ 1 ] -----------------------------------------------LSA Type : Opq-Area Opaque Type : 1 Opaque ID : 1 Advertising Router ID : 1.0 TE Metric : 1 115 .FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Disabled Auto BW Freq : - Min BW Max BW - : - Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : : : 10 sec - # Perform the display ospf mpls-te command on Router A to view LSAs of OSPF TE.1.1.1.0.9 Area ID : 0.0.1.1.2 Local Interface Address : 10.1 Remote Interface Address : 0.9 LSA : 811 Age Length : 200 LSA : E O Options LS Seq Number : 8000000D CheckSum : B1C4 Link Type : MultiAccess Link ID : 10.1. [RouterA] display ospf mpls-te area 0 self-originated OSPF Process 100 with Router ID 1.

You can find a static route entry with Tunnel 4 as the outgoing interface.1.1.9 Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 30.1.9 LSA : 1118 Age Length : 28 LSA : E O Options LS Seq Number : 8000000B CheckSum : ECBF MPLS TE Router ID : 1.1. 116 . Type : Opq-Area Opaque Type : 1 Opaque ID : 0 Advertising Router ID : 1.1.Maximum Bandwidth : 1250000 bytes/sec Maximum Reservable BW : 625000 bytes/sec Admin Group : 0X0 Unreserved Bandwidth for each TE Class: Unreserved BW [ 0] =625000 bytes/sec Unreserved BW [ 1] =625000 bytes/sec Unreserved BW [ 2] =625000 bytes/sec Unreserved BW [ 3] =625000 bytes/sec Unreserved BW [ 4] =625000 bytes/sec Unreserved BW [ 5] =625000 bytes/sec Unreserved BW [ 6] =625000 bytes/sec Unreserved BW [ 7] =625000 bytes/sec Unreserved BW [ 8] = 0 bytes/sec Unreserved BW [ 9] = 0 bytes/sec Unreserved BW [10] = 0 bytes/sec Unreserved BW [11] = 0 bytes/sec Unreserved BW [12] = 0 bytes/sec Unreserved BW [13] = 0 bytes/sec Unreserved BW [14] = 0 bytes/sec Unreserved BW [15] = 0 bytes/sec Bandwidth Constraints: BC [ 0] =625000 bytes/sec BC [ 1] = 0 bytes/sec ------------------------------------------------ LSA [ 2 ] -----------------------------------------------LSA 8.2 24 tunnel 4 preference 1 Perform the display ip routing-table command on Router A.1.

1.1/24 Loop0 2.9/32 Router B GE 3/1/1 10.1/24 POS 2/1/2 40.4. Assign IP addresses and masks to interfaces (see Figure 30) Details not shown 2. Configure MPLS TE basic capabilities. (Details not shown) Perform the display ip routing-table command on each router.2/24 POS 2/1/2 30.1/24 POS 2/1/1 30.1.9/32 Router D Loop0 4.1.1.9/32 Loop0 3.1.1.3.1.2/24 Router C Configuration procedure 1.1.4.2.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 117 .1.3.2. and enable RSVP-TE and CSPF <RouterA> system-view [RouterA] mpls lsr-id 1.1/24 POS 2/1/2 40.1.1.1.1. 3.1.2/24 GE 3/1/1 20. You should see that all nodes learnt the host routes of other nodes with LSR IDs as destinations. Configure the IGP protocol # Enable IS-IS to advertise host routes with LSR IDs as destinations on each node.1.CR-LSP backup configuration example Network requirements Set up an MPLS TE tunnel from Router A to Router C. Use CR-LSP hot backup for it.1. Figure 30 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.2/24 GE 3/1/2 20.9/32 GE 3/1/1 10.1.1.1.

3. 0 bytes 0 output error 5.255. You can find that Tunnel 4 is up. [RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 9. 4.1 255.3. Router C. and Router D. 0 packets/sec Last 300 seconds output: 0 packets input. [RouterA-Tunnel4] mpls te backup hot-standby [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit # Perform the display interface tunnel command on Router A. Create an MPLS TE tunnel on Router A # Configure the MPLS TE tunnel carried on the primary LSP.1.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 3. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel4 Interface The Maximum Transmit Unit is 1500 Internet Address is 9.1/24 Primary Encapsulation is TUNNEL. 0 bytes/sec.255.1.[RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface pos 2/1/2 [RouterA-POS2/1/2] mpls [RouterA-POS2/1/2] mpls te [RouterA-POS2/1/2] mpls rsvp-te [RouterA-POS2/1/2] quit NOTE: • Follow the same steps to configure Router B. destination 3. service-loopback-group ID not set Tunnel source unknown.3. 0 packets/sec 0 bytes 0 input error 0 packets output.1.9 [RouterA-Tunnel4] mpls te tunnel-id 10 # Enable hot LSP backup.3.1. Verify the configuration 118 0/500/0 0/75/0 . • You need to configure the clock mode of the POS interface on Router D as master clock.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0 bytes/sec.

# Perform the display mpls te tunnel command on Router A.3.1.1.3.4.1.1.1.1 Hop 1 30.1.2 Hop 5 3.3.1.9 Hop 3 20.1. You can see that the LSP is re-routed to traverse Router D: [RouterA] tracert –a 1.9 :2054 Hop Information Hop 0 30.9 Hop 3 40.2.1 Hop 4 40.1.9 -/POS2/1/2 Tunnel4 119 .9 Tunnel Interface Name : Tunnel4 Lsp ID : 1.1.1.1.2.1 Hop 1 10.3.2 Hop 2 2.1.9 -/POS2/1/2 Tunnel4 # Perform the display mpls te tunnel path command on Router A to identify the paths that the two tunnels traverse: [RouterA] display mpls te tunnel path Tunnel Interface Name : Tunnel4 Lsp ID : 1.1.1.2 25 ms 30.1.1.1.3.1.3.3. You can find that two tunnels are present with the outgoing interface being GigabitEthernet 3/1/1 and POS 2/1/2 respectively. Perform the tracert command on Router A to draw the path to the tunnel destination.1.1.3.1 Hop 4 20.1.40 bytes packet 1 30.9(3.3.9:6 3.1.1.1.1.3.3.1.9 3.3.2 45 ms 20.3.1.9 :6 Hop Information Hop 0 10.3.1.3.9 -/GE3/1/1 Tunnel4 1.3.1. [RouterA] tracert –a 1.2 28 ms 27 ms 23 ms 2 40. [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.9 traceroute to 3.9) 30 hops max.9) 30 hops max.4.40 bytes packet 1 10.9:2054 3.1.1.9 # Perform the tracert command to draw the picture of the path that a packet must travel to reach the tunnel destination.3.1.3.1.1.1.9 3.3. You can find that only the tunnel traversing Router D is present: [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.3.1.1.1.2 54 ms The sample output shows that the current LSP traverses Route B but not Router D.2 50 ms 50 ms 49 ms # Perform the display mpls te tunnel command on Router A.1.1.1. # Shut down interface GigabitEthernet 3/1/2 on Router B.2 25 ms 10.3.9:2054 3.1. This indicates that a backup CR-LSP was created upon creation of the primary CR-LSP.2 25 ms 2 40.9 traceroute to 3.2 Hop 5 3.2 29 ms 40.1.2 Hop 2 4.3.9(3.

5.4/32 POS 2/1/1 3.1.4.2. • Explicitly route the primary TE tunnel and the bypass TE tunnel with the signaling protocol being RSVP-TE. You can find a static route entry with interface Tunnel4 as the outgoing interface.1.2 24 tunnel 4 preference 1 Perform the display ip routing-table command on Router A.2/24 POS 2/1/2 3. use FRR to protect the link Router B → Router C.NOTE: Configuring ordinary CR-LSP backup is almost the same as configuring hot CR-LSP backup except that you need to replace the mpls te backup hot-standby command with the mpls te backup ordinary command. 6.1.3/32 3. Unlike in hot CR-LSP backup where a secondary tunnel is created immediately upon creation of a primary tunnel.2/24 Router C 120 .2/24 GE 3/1/2 Interface IP address Loop0 5.1/24 Loop0 3.5/32 POS 2/1/1 3.1/24 Loop0 2. a secondary CR-LSP is created only after the primary LSP goes down.2/24 Loop0 4.3.1/32 GE 3/1/1 2.1.1/24 GE 3/1/1 4.1. Figure 31 Network diagram Device Router A Router B Router D Interface IP address Device Router E Loop0 1.1.2/32 GE 3/1/1 2.1.1/24 GE 3/1/2 3.1.5.1/24 POS 2/1/1 3.1.1.1.2.3.1.4.1.3. Router B is the PLR and Router C is the MP.1.1.1.2.1.1. FRR configuration example Network requirements On a primary LSP Router A → Router B → Router C → Router D.1. in ordinary CR-LSP backup.3.1.2. Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 20. Do the following: • Create a bypass LSP that traverses the path Router B → Router E → Router C.2/24 GE 3/1/1 4.

3.0. Take Router A for example: <RouterA> display ip routing-table Routing Tables: Public Destinations : 13 Destination/Mask 3.1.0. <RouterA> system-view [RouterA] mpls lsr-id 1.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf 121 .1.5.2.0/24 ISIS 15 20 2.1.1.1 InLoop0 2.4/32 ISIS 15 30 2. <RouterB> system-view [RouterB] mpls lsr-id 2.0/24 ISIS 15 30 2.1.1.0.0.1 InLoop0 Configure MPLS TE basic capabilities.2.1.1. Assign IP addresses and masks to interfaces (see Figure 31) Details not shown 2.1.2.0. You should see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.0.2 GE3/1/1 4.0.1 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.1.1.1/32 Direct 0 0 127.0.1.0.2 GE3/1/1 4.1.1 GE3/1/1 2. Proto Pre Routes : 13 Cost NextHop Interface 1.1.2 GE3/1/1 127.3/32 ISIS 15 20 2.2.0/8 Direct 0 0 127.2 GE3/1/1 5.0.1/32 Direct 0 0 127.2 GE3/1/1 3.5.1/32 Direct 0 0 127.1.2/32 ISIS 15 10 2.1.Configuration procedure 1.2 GE3/1/1 3.1.1.1 InLoop0 127.2 GE3/1/1 3.0/24 ISIS 15 30 2.5/32 ISIS 15 20 2. Configure the IGP protocol # Enable IS-IS to advertise host routes with LSR IDs as destinations on each node.0/24 Direct 0 0 2.1. and enable RSVP-TE and CSPF # Configure Router A.4.3.1.1.0.2.1.0.4.1.2 GE3/1/1 3.0/24 ISIS 15 20 2.1.1.3.1.1 InLoop0 2.1.1.1.1. (Details not shown) # Perform the display ip routing-table command on each router.1.1.

[RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] mpls rsvp-te [RouterB-GigabitEthernet3/1/2] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit NOTE: • Follow the same steps to configure Router C. [RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 10.255. [RouterA-Tunnel4] mpls te fast-reroute [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit # Perform the display interface tunnel command on Router A.4. the headend of the primary LSP # Create an explicit path for the primary LSP. Create an MPLS TE tunnel on Router A. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel4 Interface The Maximum Transmit Unit is 1500 Internet Address is 10. and Router E.1.4.1.255.1 255. 4. Router D.1.4 [RouterA-Tunnel4] mpls te tunnel-id 10 [RouterA-Tunnel4] mpls te path explicit-path pri-path preference 1 # Enabel FRR.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 4.2 [RouterA-explicit-path-pri-path] next hop 3.1.1/24 Primary 122 .2 [RouterA-explicit-path-pri-path] next hop 4.4.1.1.1. • You need to configure the clock mode of the POS interface on Router E as master clock.2 [RouterA-explicit-path-pri-path] next hop 4.1. [RouterA] explicit-path pri-path [RouterA-explicit-path-pri-path] next hop 2.4.1.1.4 [RouterA-explicit-path-pri-path] quit # Configure the MPLS TE tunnel carried on the primary LSP. You can find that Tunnel4 is up.

4.4.4 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0 bytes/sec. 0 bytes 0 output error # Perform the display mpls te tunnel-interface command on Router A to verify the configuration of the tunnel interface.1 Egress LSR ID: 4.1.1.4.1.4 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 0 kbps Reserved BW : 0 kbps Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : pri-path : Hold Priority: UP 7 Tie-Breaking Policy : None Metric Type : None Record Route : Enabled Record Label : Enabled FRR Flag : Enabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - : 10 sec : - Disabled Auto BW Freq : - - Max BW - 123 : .1.Encapsulation is TUNNEL. service-loopback-group ID not set Tunnel source unknown.4. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1. 0 packets/sec Last 300 seconds output: 0 packets input. 0/500/0 0/75/0 0 bytes/sec. 0 packets/sec 0 bytes 0 input error 0 packets output.1:1 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1. destination 4.

# Perform the display mpls lsp command on each router.4. You can find that Tunnel5 is up.5.3.3.2.4/32 1024/1024 GE3/1/1/GE3/1/2 3.4.1.3. [RouterB-Tunnel5] mpls te backup bandwidth 10000 [RouterB-Tunnel5] mpls te commit [RouterB-Tunnel5] quit # Bind the bypass tunnel with the protected interface.255.2 [RouterB-explicit-path-by-path] next hop 3. [RouterB] interface tunnel 5 [RouterB-Tunnel5] ip address 11. [RouterB] explicit-path by-path [RouterB-explicit-path-by-path] next hop 3.3.2 [RouterB-explicit-path-by-path] next hop 3.3.255.4.1.0 [RouterB-Tunnel5] tunnel-protocol mpls te [RouterB-Tunnel5] destination 3.4.4.3 [RouterB-Tunnel5] mpls te tunnel-id 15 [RouterB-Tunnel5] mpls te path explicit-path by-path preference 1 # Configure the bandwidth that the bypass tunnel protects.3.3 [RouterB-explicit-path-by-path] quit # Create the bypass tunnel. [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls te fast-reroute bypass-tunnel tunnel 5 [RouterB-GigabitEthernet3/1/2] quit # Perform the display interface tunnel command on Router B.1. [RouterA] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4.4/32 NULL/1024 -/GE3/1/1 Vrf Name [RouterB] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4.1.3. Backup Tunnel : - Group Status : - Oam Status : - Configure a bypass tunnel on Router B (the PLR) # Create an explicit path for the bypass LSP.1 255.4/32 1024/3 GE3/1/2/GE3/1/1 124 Vrf Name . You can find that two LSPs are traversing Router B and Router C.4.3/32 NULL/1024 -/POS2/1/1 Vrf Name [RouterC] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4.

1:1 4.2.2.4.4/32 Nexthop : 3.2.4.1:1 4.4 -/GE3/1/1 Name Tunnel4 [RouterB] display mpls te tunnel LSP-Id Destination In/Out-If 1.2:1 3.4 GE3/1/2/GE3/1/1 Name Tunnel4 2.1 LocalLspID : 1 Tunnel-Interface : Tunnel4 Fec : 4.4.4.4.4. You can find that the bypass tunnel is bound with the protected interface GigabitEthernet 3/1/2 and is currently unused.2.4 GE3/1/1/GE3/1/2 Name Tunnel4 2. You can find that two MPLS TE tunnels are traversing Router B and Router C.1.4/32 3/NULL GE3/1/1/- Vrf Name [RouterE] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 3.1.2.1.2:1 3.4 GE3/1/1/- Name Tunnel4 [RouterE] display mpls te tunnel LSP-Id Destination In/Out-If 2.2 In-Label : 1024 Out-Label : 1024 In-Interface : GigabitEthernet3/1/1 Out-Interface : GigabitEthernet3/1/2 125 .1:1 4.3/32 1024/3 POS2/1/1/POS2/1/2 Vrf Name # Perform the display mpls te tunnel command on each router.3 POS2/1/1/POS2/1/2 Name Tunnel5 # Perform the display mpls lsp verbose command on Router B.4.4.1.3.2.3.4.4. [RouterB] display mpls lsp verbose ------------------------------------------------------------------LSP Information: RSVP LSP ------------------------------------------------------------------No : 1 IngressLsrID : 1.4.3.1.1.1.3.2:1 3.3.4.3.3.3.1.1:1 4.3 POS2/1/1/- Tunnel5 [RouterD] display mpls te tunnel LSP-Id Destination In/Out-If 1.3 -/POS2/1/1 Tunnel5 [RouterC] display mpls te tunnel LSP-Id Destination In/Out-If 1.3/32 3/NULL POS2/1/1/- [RouterD] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4.1.3.3.1.1. [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If 1.1.3.

2 In-Label : NULL Out-Label : 1024 In-Interface : ---------- Out-Interface : POS2/1/1 LspIndex : 4098 Tunnel ID : 0x22002 LsrType : Ingress Bypass In Use : Not Exists BypassTunnel : Tunnel Index[---] Mpls-Mtu : 1500 Verify the FRR function # Shut down the protected outgoing interface on PLR.1:1 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1.1. You can find that the tunnel interface is still up. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : Modifying CR-LSP is setting up Tunnel Attributes : LSP ID : 1.3.4.1 Egress LSR ID: 4.1. LspIndex : 4097 Tunnel ID : 0x22001 LsrType : Transit Bypass In Use : Not Used BypassTunnel : Tunnel Index[Tunnel5]. [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] shutdown %Sep 7 08:53:34 2004 RouterB IFNET/5/UPDOWN:Line protocol on the interface GigabitEthernet3/1/2 turns into DOWN state # Perform the display interface tunnel 4 command on Router A to identify the state of the primary LSP.2.1.2. # Perform the display mpls te tunnel-interface command on Router A to verify the configuration of the tunnel interface.2.6.4 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 0 kbps Reserved BW : 0 kbps Setup Priority : 7 Affinity Prop/Mask : 0/0 Explicit Path Name : pri-path : Hold Priority: 126 UP 7 .3.2 LocalLspID : 1 Tunnel-Interface : Tunnel5 Fec : 3.1.1.3/32 Nexthop : 3.4. InnerLabel[1024] Mpls-Mtu : 1500 No : 2 IngressLsrID : 2.

Tie-Breaking Policy : None Metric Type : None Record Route : Enabled Record Label : Enabled FRR Flag : Enabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Disabled Auto BW Freq : - Min BW : - Max BW - Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : Modifying CR-LSP is setting up Tunnel Attributes : : 10 sec - : LSP ID : 1.1.4.4 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 0 kbps Reserved BW : 0 kbps Setup Priority : 7 Affinity Prop/Mask : 0/0 Explicit Path Name : pri-path Oper State : Hold Priority: Modified 7 Tie-Breaking Policy : None Metric Type : None Record Route : Enabled Record Label : Enabled FRR Flag : Enabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Disabled 127 : 10 sec : - Auto BW Freq : - .4.1.1.1:1025 Session ID : 10 Admin State : Ingress LSR ID : 1.1.1 Egress LSR ID: 4.

3/32 Nexthop : 3.2.3.2 In-Label : 1024 Out-Label : 1024 In-Interface : GigabitEthernet3/1/1 Out-Interface : GigabitEthernet3/1/2 LspIndex : 4097 Tunnel ID : 0x22001 LsrType : Transit Bypass In Use : In Use BypassTunnel : Tunnel Index[Tunnel5].2 In-Label : NULL Out-Label : 1024 In-Interface : ---------- Out-Interface : POS2/1/1 128 . This is normal because the make-before-break mechanism of FRR introduces a delay before removing the old LSP after a new LSP is created.1.2.4.4/32 Nexthop : 3.1. You can find that the bypass tunnel is in use.4. you are likely to see two CR-LSPs in up state are present. [RouterB] display mpls lsp verbose -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------No : 1 IngressLsrID : 1. # Perform the display mpls lsp verbose command on Router B.Min BW : - Current Collected BW: - Max BW Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : - NOTE: If you perform the display mpls te tunnel-interface command immediately after an FRR protection switch.1.1.1.3.2.2 LocalLspID : 1 Tunnel-Interface : Tunnel5 Fec : 3.1 LocalLspID : 1 Tunnel-Interface : Tunnel4 Fec : 4. InnerLabel[1024] No : 2 IngressLsrID : 2.

You can find a static route entry with interface Tunnel4 as the outgoing interface. You can find that Tunnel5 is still bound with interface GigabitEthernet 3/1/2 and is unused. You can find that the tunnel interface is up. [RouterB] mpls [RouterB-mpls] mpls te timer fast-reroute 5 [RouterB-mpls] quit # Bring the protected outgoing interface up on PLR. For each link that the tunnel traverses. Use RSVP-TE to create a TE tunnel from Router A to Router D.1. 5000 kbps.LspIndex : 4098 Tunnel ID : 0x22002 LsrType : Ingress Bypass In Use : Not Exists BypassTunnel : Tunnel Index[---] # Set the FRR polling timer to five seconds on PLR. the maximum reservable bandwidth is 10000 kbps. Figure 32 Network diagram Device Interface IP address Device 129 Interface IP address . and BC 1. Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 4. [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] undo shutdown %Sep 7 09:01:31 2004 RouterB IFNET/5/UPDOWN:Line protocol on the interface GigabitEthernet3/1/2 turns into UP state # Perform the display interface tunnel command on Router A to identify the state of the primary LSP.2 24 tunnel 4 preference 1 Perform the display ip routing-table command on Router A. Traffic of the tunnel belongs to CT 2. BC 2. 7. perform the display mpls lsp verbose command on Router B. # About 5 seconds later. Router B. IETF DS-TE configuration example Network requirements Router A. and the tunnel needs a bandwidth of 4000 kbps. Router C.1. and 3000 kbps respectively. and BC 3 are 8000 kbps. the maximum bandwidth is 10000 kbps. and Router D are running IS-IS and all of them are Level-2 routers.

2/24 Loop0 4.1.1.0000. Configure IP addresses for interfaces.0005.1.0005.00 [RouterC-isis-1] quit [RouterC] interface GigabitEthernet 3/1/1 130 .0000.1. # Configurations on Router A.1/24 POS2/1/1 20.0000. Configure IS-IS.1.1.0005.3. and advertise host routes with LSR IDs as destinations.1.1/24 Loop0 2.1.00 [RouterB-isis-1] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] isis enable 1 [RouterB-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] isis enable 1 [RouterB-POS2/1/1] isis circuit-level level-2 [RouterB-POS2/1/1] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] isis circuit-level level-2 [RouterB-LoopBack0] quit # Configurations on Router C.9/32 GE3/1/1 10.0003.Router A Router B Loop0 1.1. 2. Assign IP addresses and masks to interfaces (see Figure 32. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.2/24 POS2/1/1 20.1/24 Router C Router D Loop0 3.4.0000.1. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.1.2/24 Configuration procedure 1.4.1.0001.2.9/32 GE3/1/1 10.1.0000.9/32 GE3/1/1 30.0000.2.9/32 GE3/1/1 30.3.00 [RouterA-isis-1] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] isis enable 1 [RouterA-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface loopback 0 [RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] isis circuit-level level-2 [RouterA-LoopBack0] quit # Configurations on Router B. details not shown).0002. <RouterC> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 00.1.

0.0.3.1/32 Direct 0 0 127.1.1.2 GE3/1/1 127.0.1.0.1.1.1.0.9/32 ISIS 15 30 10.1 InLoop0 127.9/32 Direct 0 0 127.0.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf 131 .2.1.2. Take Router A for example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 Destination/Mask 3. Proto Pre Routes : 10 Cost NextHop Interface 1.9/32 ISIS 15 10 10.0/24 ISIS 15 20 10.1.1. and configure the DS-TE mode as IETF.0004.1.0000.1.00 [RouterD-isis-1] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] isis enable 1 [RouterD-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterD-GigabitEthernet3/1/1] quit [RouterD] interface loopback 0 [RouterD-LoopBack0] isis enable 1 [RouterD-LoopBack0] isis circuit-level level-2 [RouterD-LoopBack0] quit # Execute the display ip routing-table command on each router.1.0005.2 GE3/1/1 3.1.4.1.0.1.1.1/32 Direct 0 0 127.1.1.0.0/8 Direct 0 0 127. [RouterA] mpls lsr-id 1.1 InLoop0 Configure MPLS TE basic capabilities.4. You see that each router has learnt the routes to the LSR IDs of the other routers. enable RSVP-TE and CSPF.1.0.9/32 ISIS 15 20 10.0.0.1.0/24 Direct 0 0 10.0/24 ISIS 15 30 10.2 GE3/1/1 10.1.1.1 GE3/1/1 10. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] network-entity 00.1 InLoop0 20.2 GE3/1/1 4.1.2 GE3/1/1 30.[RouterC-GigabitEthernet3/1/1] isis enable 1 [RouterC-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] isis enable 1 [RouterC-POS2/1/1] isis circuit-level level-2 [RouterC-POS2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configurations on Router D.1.3.0.0000. # Configure Router A.1 InLoop0 2.

[RouterB] mpls lsr-id 2.4.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] mpls te ds-te mode ietf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit # Configure Router C. [RouterC] mpls lsr-id 3.2. [RouterD] mpls lsr-id 4.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls rsvp-te 132 .[RouterA-mpls] mpls te ds-te mode ietf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.3.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] mpls te ds-te mode ietf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls [RouterC-POS2/1/1] mpls te [RouterC-POS2/1/1] mpls rsvp-te [RouterC-POS2/1/1] quit # Configure Router D.2.4.3.

[RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterA-GigabitEthernet3/1/1] quit # Configure the maximum bandwidth and bandwidth constraints on Router B. [RouterB] isis 1 [RouterB-isis-1] cost-style wide [RouterB-isis-1] traffic-eng level-2 [RouterB-isis-1] quit # Configure Router C. [RouterC] isis 1 [RouterC-isis-1] cost-style wide [RouterC-isis-1] traffic-eng level-2 [RouterC-isis-1] quit # Configure Router D. Configure MPLS TE attributes of links # Configure the maximum bandwidth and bandwidth constraints on Router A. [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit 5.[RouterD-mpls] mpls te cspf [RouterD-mpls] mpls te ds-te mode ietf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] mpls rsvp-te [RouterD-GigabitEthernet3/1/1] quit 4. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterB-POS2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterB-POS2/1/1] quit 133 . [RouterA] isis 1 [RouterA-isis-1] cost-style wide [RouterA-isis-1] traffic-eng level-2 [RouterA-isis-1] quit # Configure Router B. Configure IS-IS TE # Configure Router A.

255.4. Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A. service-loopback-group ID not set Tunnel source unknown. destination 4.1 255.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0 packets input. [RouterA] interface tunnel 1 [RouterA-Tunnel1] ip address 7.4. 0 packets/sec 0 bytes 0 input error 134 0/500/0 . 0 packets/sec Last 300 seconds output: 0 bytes/sec.4.1.# Configure the maximum bandwidth and bandwidth constraints on Router C.255.1. [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterC-POS2/1/1] quit # Configure the maximum bandwidth and bandwidth constraints on Router D. [RouterA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.0 [RouterA-Tunnel1] tunnel-protocol mpls te [RouterA-Tunnel1] destination 4. 0/75/0 0 bytes/sec.1. You see that the tunnel interface is up. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterD-GigabitEthernet3/1/1] quit 6. Verify the configuration # Execute the display interface tunnel command on Router A.4.9 [RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth ct2 4000 [RouterA-Tunnel1] mpls te priority 0 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit 7.1/24 Primary Encapsulation is TUNNEL.1.

[RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel1 Tunnel Desc : Tunnel1 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.1. 0 bytes 0 output error # Execute the display mpls te tunnel-interface command on Router A to view the detailed information of the tunnel.4. [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 Id MPLS LSR-Id IGP Process-Id Area Link-Count 1 3.1.9 ISIS 1 Level-2 2 135 .9:3 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1.9 Signaling Prot : RSVP Resv Style : SE Class Type : CT2 Tunnel BW : 4000 kbps Reserved BW : 4000 kbps Setup Priority : 0 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : - : Hold Priority: UP 0 Tie-Breaking Policy : None Metric Type : None Record Route : Disabled Record Label : Disabled FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : 10 sec : - Disabled Auto BW Freq : - - Max BW - : # Execute the display mpls te cspf tedb all command on Router A to view the link information in the TEDB.3.3.1.0 packets output.1.4.9 Egress LSR ID: 4.

2 2. Router B uses the SPE card to process MPLS L2VPN services. [RouterA] display mpls GigabitEthernet 3/1/1 Link ID: te link-administration interface GigabitEthernet 3/1/1 Max Link Bandwidth 8. bandwidth-allocation : 10000 kbits/sec Max Reservable Bandwidth PreStandard RDM : 0 kbits/sec Max Reservable Bandwidth IETF RDM : 10000 kbits/sec Max Reservable Bandwidth IETF MAM : 0 kbits/sec Downstream LSP Count : 1 UpStream LSP Count : 1 Downstream Bandwidth : 4000 kbits/sec Upstream Bandwidth : 0 kbits/sec IPUpdown Link Status : UP PhysicalUpdown Link Status : UP BC PreStandard Mode RDM(kbps) IETF Mode RDM(kbps) IETF Mode MAM(kbps) 0 0 10000 0 1 0 8000 0 2 0 5000 0 3 0 2000 0 TE CLASS CLASS TYPE PRIORITY BW RESERVED(kbps) BW AVAILABLE(kbps) 0 0 7 0 6000 1 1 7 0 4000 2 2 7 0 1000 3 3 7 0 1000 4 0 0 0 6000 5 1 0 0 4000 6 2 0 4000 1000 7 3 0 0 1000 Create a static route to import traffic into the MPLS TE tunnel [RouterA] ip route-static 30.2 24 tunnel 1 preference 1 Execute the display ip routing-table command on Router A.4.1.1. There is a static route entry with interface Tunnel1 as the outgoing interface. 136 . as well as between Router C and Router D. MPLS LDP over MPLS TE configuration example Network requirements Router A through Router E all support MPLS and run OSPF as the IGP.9 ISIS 1 Level-2 1 4 1.9 ISIS 1 Level-2 2 3 4.1.2. A remote LDP session is established between Router B and Router C.9 ISIS 1 Level-2 1 # Execute the display mpls te link-administration bandwidth-allocation command on Router A to view interface bandwidth information.1.2. A local LDP session is established between Router A and Router B. An MPLS TE tunnel is established along Router B → Router E → Router C by using RSVP-TE.4.

5.3/32 3. Configure MPLS TE basic capabilities and enable RSVP-TE and CSPF on Router B.1/24 GE3/1/1 4.2.1/24 GE3/1/2 3. (Details not shown) 3.1.1.1.2/24 GE3/1/2 Router B Router D GE2/1/2 3.1.2.5/32 GE3/1/1 2. Configure the IGP protocol Enable OSPF on each router to advertise subnets to which interfaces belong and the host routes with LSR IDs as destinations.2.3.1.2.2/24 Loop0 2. Assign IP addresses and masks to interfaces (see Figure 33) Details not shown 2.2.3. Configure MPLS LDP basic capabilities on Router A and Router D Details not shown 4.1.1/24 Router C GE2/1/1 3.1/24 GE2/1/1 3.1.5. Router C and Router E # Configure Router B.1.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls [RouterB-GigabitEthernet2/1/1] mpls te [RouterB-GigabitEthernet2/1/1] mpls rsvp-te 137 .2/24 GE3/1/1 4.3.4/32 GE2/1/1 3.1.2/24 Configuration procedure 1.1.1.1.1. <RouterB> system-view [RouterB] mpls lsr-id 2.2/24 Loop0 4.1.1.1.Figure 33 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.3.4.2/32 GE3/1/1 2.1/32 Router E Loop0 5.2.1/24 Loop0 3.1.4.

[RouterB-GigabitEthernet2/1/1] quit

# Configure Router E.
<RouterE> system-view
[RouterE] mpls lsr-id 5.5.5.5
[RouterE] mpls
[RouterE-mpls] mpls te
[RouterE-mpls] mpls rsvp-te
[RouterE-mpls] mpls te cspf
[RouterE-mpls] quit
[RouterE] interface GigabitEthernet 2/1/1
[RouterE-GigabitEthernet2/1/1] mpls
[RouterE-GigabitEthernet2/1/1] mpls te
[RouterE-GigabitEthernet2/1/1] mpls rsvp-te
[RouterE-GigabitEthernet2/1/1] quit
[RouterE] interface GigabitEthernet 2/1/2
[RouterE-GigabitEthernet2/1/2] mpls
[RouterE-GigabitEthernet2/1/2] mpls te
[RouterE-GigabitEthernet2/1/2] mpls rsvp-te
[RouterE-GigabitEthernet2/1/2] quit

# Configure Router C.
<RouterC> system-view
[RouterC] mpls lsr-id 3.3.3.3
[RouterC] mpls
[RouterC-mpls] mpls te
[RouterC-mpls] mpls rsvp-te
[RouterC-mpls] mpls te cspf
[RouterC-mpls] quit
[RouterC] interface GigabitEthernet 2/1/1
[RouterC-GigabitEthernet2/1/1] mpls
[RouterC-GigabitEthernet2/1/1] mpls te
[RouterC-GigabitEthernet2/1/1] mpls rsvp-te
[RouterC-GigabitEthernet2/1/1] quit

5.

Create an MPLS TE tunnel on Router B
# Configure an MPLS TE tunnel.
[RouterB] interface tunnel 3
[RouterB-Tunnel3] ip address 10.1.1.1 255.255.255.0
[RouterB-Tunnel3] tunnel-protocol mpls te
[RouterB-Tunnel3] destination 3.3.3.3
[RouterB-Tunnel3] mpls te tunnel-id 10

# Configure IGP shortcut.
[RouterB-Tunnel3] mpls te igp shortcut
[RouterB-Tunnel3] mpls te igp metric relative -1
[RouterB-Tunnel3] mpls te commit

# Enable MPLS.
[RouterB-Tunnel3] mpls
[RouterB-Tunnel3] quit

# Configure OSPF TE.
138

[RouterB] ospf
[RouterB-ospf-1] opaque-capability enable
[RouterB-ospf-1] enable traffic-adjustment
[RouterB-ospf-1] area 0.0.0.0
[RouterB-ospf-1-area-0.0.0.0] mpls-te enable
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit

After previous configurations, execute the display interface tunnel command on Router B. You can
see that tunnel interface Tunnel 3 is up.
[RouterB] display interface tunnel
Tunnel3 current state: UP
Line protocol current state: UP
Description: Tunnel3 Interface
The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/24 Primary
Encapsulation is TUNNEL, service-loopback-group ID not set.
Tunnel source unknown, destination 3.3.3.3
Tunnel protocol/transport CR_LSP
Output queue : (Urgent queuing : Size/Length/Discards)

0/100/0

Output queue : (Protocol queuing : Size/Length/Discards)
Output queue : (FIFO queuing : Size/Length/Discards)
Last 300 seconds input:

0 bytes/sec, 0 packets/sec

Last 300 seconds output:
0 packets input,

0/500/0

0/75/0

8 bytes/sec, 0 packets/sec

0 bytes

0 input error
47 packets output,

2740 bytes

0 output error

Execute the display ip routing-table command on Router B. You can see that the outgoing interface
to Router C is the tunnel interface Tunnel 3.
[RouterB] display ip routing-table
Routing Tables: Public
Destinations : 12

Routes : 12

Destination/Mask

Proto

Pre

Cost

NextHop

Interface

1.1.1.1/32

OSPF

10

1

2.1.1.1

GE3/1/1

2.1.1.0/24

Direct 0

0

2.1.1.2

GE3/1/1

2.1.1.2/32

Direct 0

0

127.0.0.1

InLoop0

2.2.2.2/32

Direct 0

0

127.0.0.1

InLoop0

3.1.1.0/24

Direct 0

0

3.1.1.1

GE3/1/2

3.1.1.1/32

Direct 0

0

127.0.0.1

InLoop0

3.3.3.3/32

OSPF

10

1

10.1.1.1

Tunnel3

4.1.1.0/24

OSPF

10

2

10.1.1.1

Tunmel3

127.0.0.0/8

Direct 0

0

127.0.0.1

InLoop0

127.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

139

CAUTION:
• You must configure IGP shortcut or a static route for the MPLS TE tunnel, so that IP routing prefers the
MPLS TE tunnel interface as the outgoing interface.
• You must configure the tunnel tailend LSR ID as the tunnel destination.
6.

Configure LDP on Router B and Router C
# Configure Router B.
[RouterB] mpls
[RouterB-mpls] mpls ldp
[RouterB-mpls] quit
[RouterB] interface GigabitEthernet 3/1/1
[RouterB-GigabitEthernet3/1/1] mpls
[RouterB-GigabitEthernet3/1/1] mpls ldp
[RouterB-GigabitEthernet3/1/1] quit
[RouterB] mpls ldp remote-peer C
[RouterB-mpls-ldp-remote-c] remote-ip 3.3.3.3
[RouterB-mpls-ldp-remote-c] prefix-label advertise
[RouterB-mpls-ldp-remote-c] quit

# Configure Router C.
[RouterC] mpls
[RouterC-mpls] mpls ldp
[RouterC-mpls] quit
[RouterC] interface GigabitEthernet 3/1/1
[RouterC-GigabitEthernet3/1/1] mpls
[RouterC-GigabitEthernet3/1/1] mpls ldp
[RouterC-GigabitEthernet3/1/1] quit
[RouterC] mpls ldp remote-peer b
[RouterC-mpls-ldp-remote-b] remote-ip 2.2.2.2
[RouterC-mpls-ldp-remote-b] prefix-label advertise
[RouterC-mpls-ldp-remote-b] quit

# Execute the display mpls ldp session command on Router B. You can see that a remote session
is established between Router B and Router C.
[RouterB] display mpls ldp session verbose

LDP Session(s) in Public Network
---------------------------------------------------------------------Peer LDP ID

: 1.1.1.1:0

Local LDP ID

: 2.2.2.2:0

TCP Connection

: 2.2.2.2 -> 1.1.1.1

Session State

: Operational

Session Role

: Active

Session FT Flag : Off

MD5 Flag

: Off

Reconnect Timer : ---

Recovery Timer : ---

Negotiated Keepalive Timer

: 45 Sec

Keepalive Message Sent/Rcvd

: 437/437 (Message Count)

Label Advertisement Mode

: Downstream Unsolicited

Label Resource Status(Peer/Local) : Available/Available
Peer Discovery Mechanism

: Basic

140

Session existed time

: 000:01:48

LDP Basic Discovery Source

: GigabitEthernet3/1/1

(DDD:HH:MM)

Addresses received from peer: (Count: 2)
2.1.1.1

1.1.1.1

---------------------------------------------------------------------Peer LDP ID

: 3.3.3.3:0

Local LDP ID

: 2.2.2.2:0

TCP Connection

: 2.2.2.2 <- 3.3.3.3

Session State

: Operational

Session Role

: Passive

Session FT Flag : Off

MD5 Flag

: Off

Reconnect Timer : ---

Recovery Timer : ---

Negotiated Keepalive Timer

: 45 Sec

Keepalive Message Sent/Rcvd

: 411/411 (Message Count)

Label Advertisement Mode

: Downstream Unsolicited

Label Resource Status(Peer/Local) : Available/Available
Peer Discovery Mechanism

: Extended

Session existed time

: 000:01:42

LDP Extended Discovery Source

: Remote peer: 1

(DDD:HH:MM)

Addresses received from peer: (Count: 2)
4.1.1.1

3.3.3.3

----------------------------------------------------------------------

# Execute the display mpls ldp lsp command on Router B. You can see that Router C sent label
mapping messages to Router B and established an LDP LSP.
[RouterB] display mpls ldp lsp

LDP LSP Information
---------------------------------------------------------------------SN

DestAddress/Mask

In/OutLabel

Next-Hop

In/Out-Interface

---------------------------------------------------------------------1

1.1.1.1/32

NULL/3

2.1.1.1

-------/GE3/1/1

2

2.2.2.2/32

3/NULL

127.0.0.1

-------/InLoop0

3

3.3.3.3/32

NULL/3

10.1.1.1

-------/Tunnel3

4

3.3.3.3/32

1024/3

10.1.1.1

-------/Tunnel3

---------------------------------------------------------------------A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale

CAUTION:
The IP address of the LDP remote peer must be configured as the LSR ID of the MPLS TE tunnel tailend.
7.

Verify the configuration
Execute the display mpls lsp command on Rotuer B. You can see that the LDP LSP from Router B to
Rotuer C is nested within the MPLS TE tunnel, that is, the outgoing interface of the LDP LSP is the
MPLS TE tunnel interface.
141

[RouterB] display mpls lsp include 3.3.3.3 32 verbose
---------------------------------------------------------------------LSP Information: RSVP LSP
---------------------------------------------------------------------No

:

1

IngressLsrID

:

2.2.2.2

LocalLspID

:

1

Tunnel-Interface

:

Tunnel3

Fec

:

3.3.3.3/32

Nexthop

:

3.2.1.2

In-Label

:

NULL

Out-Label

:

1024

In-Interface

:

----------

Out-Interface

:

GigabitEthernet 2/1/1

LspIndex

:

3073

Tunnel ID

:

0x11000c

LsrType

:

Ingress

Bypass In Use

:

Not Exists

BypassTunnel

:

Tunnel Index[---]

---------------------------------------------------------------------LSP Information: LDP LSP
---------------------------------------------------------------------No

:

2

VrfIndex

:

Fec

:

3.3.3.3/32

Nexthop

:

10.1.1.1

In-Label

:

NULL

Out-Label

:

3

In-Interface

:

----------

Out-Interface

:

Tunnel3

LspIndex

:

6147

Tunnel ID

:

0x11000e

LsrType

:

Ingress

Outgoing Tunnel ID

:

0x15000d

Label Operation

:

PUSH

No

:

3

VrfIndex

:

Fec

:

3.3.3.3/32

Nexthop

:

10.1.1.1

In-Label

:

1024

Out-Label

:

3

In-Interface

:

----------

Out-Interface

:

Tunnel3

LspIndex

:

6148

Tunnel ID

:

0x11000f

LsrType

:

Transit

142

Outgoing Tunnel ID

:

0x15000d

Label Operation

:

SWAP

MPLS TE in MPLS L3VPN configuration example
Network requirements
CE 1 and CE 2 belong to VPN 1. They are connected to the MPLS backbone respectively through PE 1
and PE 2. The IGP protocol running on the MPLS backbone is OSPF.
Do the following:

Set up an MPLS TE tunnel to forward traffic of VPN 1 from PE 1 to PE 2.

To allow the MPLS L3VPN traffic to travel the TE tunnel, configure a tunneling policy to use a CR-LSP
as the VPN tunnel when creating the VPN.

Figure 34 Network diagram

Configuration procedure
1.

Configure OSPF, ensuring that PE 1 and PE 2 can learn routes from each other.
# Configure PE 1.
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.2 255.255.255.255
[PE1-LoopBack0] quit
[PE1] interface pos 2/1/2
[PE1-POS2/1/2] clock master
[PE1-POS2/1/2] ip address 10.0.0.1 255.255.255.0
[PE1-POS2/1/2] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure PE 2.
<PE2> system-view

143

[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.3 255.255.255.255
[PE2-LoopBack0] quit
[PE2] interface pos 2/1/2
[PE2-POS2/1/2] ip address 10.0.0.2 255.255.255.0
[PE2-POS2/1/2] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

After you complete the configuration, the PEs should be able to establish the OSPF neighborship.
Perform the display ospf peer command; you should see that the neighborship state is FULL.
Perform the display ip routing-table command; you should see that the PEs learnt the routes to the
loopback interfaces of each other. Take PE 1 for example:
[PE1] display ospf peer
OSPF Process 1 with Router ID 2.2.2.2
Neighbors
Area 0.0.0.0 interface 10.0.0.1(POS2/1/2)'s neighbors
Router ID: 3.3.3.3
State: Full
DR: None

Address: 10.0.0.2

Mode:Nbr is

Master

GR State: Normal

Priority: 1

BDR: None

Dead timer due in 30

sec

Neighbor is up for 00:01:00
Authentication Sequence: [ 0 ]
[PE1] display ip routing-table
Routing Tables: Public
Destinations : 7
Destination/Mask

2.

Proto

Pre

Routes : 7
Cost

NextHop

Interface

2.2.2.2/32

Direct 0

0

127.0.0.1

InLoop0

3.3.3.3/32

OSPF

1563

10.0.0.2

POS2/1/2

10

10.0.0.0/24

Direct 0

0

10.0.0.1

POS2/1/2

10.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

10.0.0.2/32

Direct 0

0

10.0.0.2

POS2/1/2

127.0.0.0/8

Direct 0

0

127.0.0.1

InLoop0

127.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

Configure MPLS basic capabilities and LDP.
# Configure PE 1.
[PE1] mpls lsr-id 2.2.2.2
[PE1] mpls
[PE1-mpls] lsp-trigger all
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/1/2
[PE1-POS2/1/2] mpls
[PE1-POS2/1/2] mpls ldp

144

[PE1-POS2/1/2] quit

# Configure PE 2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] lsp-trigger all
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 2/1/2
[PE2-POS2/1/2] mpls
[PE2-POS2/1/2] mpls ldp
[PE2-POS2/1/2] quit

After you complete the configuration, PEs should be able to set up LDP sessions. Perform the
display mpls ldp session command; you should be able to see that the session state is operational.
Take PE 1 for example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
-----------------------------------------------------------------Peer-ID

Status

LAM

SsnRole

FT

MD5

KA-Sent/Rcv

-----------------------------------------------------------------3.3.3.3:0

Operational

DU

Passive

Off

Off

2/2

-----------------------------------------------------------------LAM : Label Advertisement Mode

3.

FT

Enable MPLS TE, CSPF and OSPF TE
# Configure PE 1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] mpls te cspf
[PE1-mpls] quit
[PE1] interface pos 2/1/2
[PE1-POS2/1/2] mpls te
[PE1-POS2/1/2] quit
[PE1] ospf
[PE1-ospf-1] opaque-capability enable
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] mpls-te enable
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure PE 2.
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] mpls te cspf
[PE2-mpls] quit
[PE2] interface pos 2/1/2
[PE2-POS2/1/2] mpls te
[PE2-POS2/1/2] quit
[PE2] ospf

145

: Fault Tolerance

5.0.3. Configure an MPLS TE tunnel # Create a TE tunnel with PE 1 as the headend and PE 2 as the tail. The signaling protocol is CR-LDP. [PE1] interface tunnel 4 [PE1-Tunnel4] ip address 12.255.0] mpls-te enable [PE2-ospf-1-area-0.255. <CE1> system-view [CE1] interface GigabitEthernet 3/1/1 [CE1-GigabitEthernet3/1/1] ip address 192.168. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 100:1 both 146 . Bind the VPN instance with the interface connected to CE 1.3. and bind it to the interface connected to the CE # Configure on CE 1.255.0 [CE2-GigabitEthernet3/1/1] quit # Configure the VPN instance on PE 2.0. Configure the VPN instance on each PE.1. You can see that the tunnel interface is up.1 255. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy policy1 [PE1-vpn-instance-vpn1] quit [PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [PE1-tunnel-policy-policy1] quit [PE1] interface GigabitEthernet 3/1/1 [PE1-GigabitEthernet3/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet3/1/1] ip address 192.0 [CE1-GigabitEthernet3/1/1] quit # Configure the VPN instance on PE 1. and use CR-LSP for VPN setup.255.2 255.[PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.168.255.0.0 [PE1-GigabitEthernet3/1/1] quit # Configure on CE 2.2.1 255.2 255.3 [PE1-Tunnel4] mpls te tunnel-id 10 [PE1-Tunnel4] mpls te signal-protocol crldp [PE1-Tunnel4] mpls te commit [PE1-Tunnel4] quit # Perform the display interface tunnel command on PE 1.0] quit [PE2-ospf-1] quit 4.255. <CE2> system-view [CE2] interface GigabitEthernet 3/1/1 [CE2-GigabitEthernet3/1/1] ip address 192.1.0.255.255. and bind it with the interface connected to CE 2.1.0 [PE1-Tunnel4] tunnel-protocol mpls te [PE1-Tunnel4] destination 3.1.168.

2: bytes=56 Sequence=2 ttl=255 time=26 ms Reply from 192.1.2 PING 192.2 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] peer 3.3.168.1. 00 hours.2: bytes=56 Sequence=1 ttl=255 time=47 ms Reply from 192. 6.168.168.2: 56 data bytes. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 192.168.1 as-number 100 [CE1-bgp] quit # Configure PE 1 to establish the EBGP peer relationship with CE 1. 03 minutes and 09 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Tunnel Policy : policy1 Interfaces : GigabitEthernet3/1/1 # Ping connected CEs on PEs to test connectivity. and the IBGP peer relationship with PE 2.1.1. 1 Create time : 2006/09/27 15:10:29 Up time : 0 days.255.168.168. Configure BGP # Configure CE 1.168.168.168.168.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 192. press CTRL_C to break Reply from 192.3. Take PE 1 for example: [PE1] display ip vpn-instance instance-name vpn1 VPN-Instance Name and ID : vpn1.1.3.3.1.0 [PE2-GigabitEthernet3/1/1] quit # Perform the display ip vpn-instance command on the PEs to verify the configuration of the VPN instance.2: bytes=56 Sequence=5 ttl=255 time=26 ms --. For example.1.168.3 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 192.255. [CE1] bgp 65001 [CE1-bgp] peer 192.00% packet loss round-trip min/avg/max = 26/30/47 ms The output shows that PE 1 can reach CE 1.2.3 as-number 100 [PE1-bgp] peer 3.192.1 255. ping CE 1 on PE 1: [PE1] ping -vpn-instance vpn1 192.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.3.[PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 3/1/1 [PE2-GigabitEthernet3/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet3/1/1] ip address 192.3 enable [PE1-bgp-af-vpnv4] quit 147 .1.

2: 56 data bytes.2 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 2.3.168.2.2.2.168. Take PE 1 for example: [PE1-bgp] display bgp peer BGP local router ID : 2.2.168.2.192.2.2 as-number 100 [PE2-bgp] peer 2. [CE2] bgp 65002 [CE2-bgp] peer 192.168.2.168.2.168.2.2 PING 192.00% packet loss round-trip min/avg/max = 36/52/61 ms [CE2] ping 192.168.168.1.2.1.2 as-number 65002 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] peer 2.2.2 4 65001 4 5 OutQ Up/Down 0 00:02:13 Established State # Ping CE 2 on CE 1 and vice versa to test connectivity.168.2.2 Local AS number : 100 Total number of peers : 1 Peer V AS Peers in established state : 1 MsgRcvd MsgSent 192.2: bytes=56 Sequence=5 ttl=253 time=36 ms --.2.1 as-number 100 [CE2-bgp] quit # Configure PE 2 to establish the EBGP peer relationship with CE 2 and the IBGP relationship with PE 1. press CTRL_C to break 148 PrefRcv 0 . [CE1] ping 192.2. press CTRL_C to break Reply from 192.168. You can see that the BGP peer relationships have been formed between PEs and between PEs and CEs and have reached the established state.1.2: bytes=56 Sequence=1 ttl=253 time=61 ms Reply from 192.2 PING 192.2 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Perform the display bgp peer command and the display bgp vpn-instance peer command on PEs.2: bytes=56 Sequence=2 ttl=253 time=54 ms Reply from 192.3 4 100 Peers in established state : 1 MsgRcvd MsgSent OutQ 3 3 0 Up/Down State 00:00:11 Established PrefRcv 0 [PE1-bgp] display bgp vpn-instance vpn1 peer BGP local router ID : 2.2.2.2: bytes=56 Sequence=3 ttl=253 time=53 ms Reply from 192.2 Local AS number : 100 Total number of peers : 1 Peer V AS 3.2.168.3.2.2.168.168.2: bytes=56 Sequence=4 ttl=253 time=57 ms Reply from 192.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.[PE1-bgp] quit # Configure CE 2.2: 56 data bytes. [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 192.

2: bytes=56 Sequence=5 ttl=253 time=35 ms --.3/32 Nexthop : 10.0.3.1. Verify the configuration # Perform the display mpls lsp verbose command on PE 1. This is the LSP.Reply from 192.2 LocalLspID : 1 Tunnel-Interface : Tunnel4 Fec : 3.168. established using CR-LDP.2.1. [PE1] display mpls lsp verbose -----------------------------------------------------------------LSP Information: CRLDP LSP -----------------------------------------------------------------No : 1 IngressLsrID : 2.0.168.168.168.1.168. the MPLS TE tunnel.2 In-Label : NULL Out-Label : 1024 In-Interface : ---------- Out-Interface : POS2/1/2 LspIndex : 2050 Tunnel ID : 0x22004 LsrType : Ingress Bypass In Use : Not Exists BypassTunnel : Tunnel Index[---] Mpls-Mtu : 1500 -----------------------------------------------------------------LSP Information: BGP LSP -----------------------------------------------------------------No : 2 VrfIndex : vpn1 Fec : 192.168.3.1. that is.1.00% packet loss round-trip min/avg/max = 35/48/74 ms The output shows that CE 1 and CE 2 can reach each other.168.1. You can find an LSP with LspIndex 2050.1.0/24 Nexthop : 192.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.2: bytes=56 Sequence=2 ttl=253 time=61 ms Reply from 192.1.192. 7.2: bytes=56 Sequence=1 ttl=253 time=38 ms Reply from 192.2: bytes=56 Sequence=3 ttl=253 time=74 ms Reply from 192.1 In-Label : 1024 Out-Label : NULL In-Interface : ---------- Out-Interface : ---------- LspIndex : 8193 Tunnel ID : 0x0 LsrType : Egress 149 .2.168.2: bytes=56 Sequence=4 ttl=253 time=36 ms Reply from 192.

Outgoing Tunnel ID : 0x0 Label Operation : POP -----------------------------------------------------------------LSP Information: LDP LSP -----------------------------------------------------------------No : 3 VrfIndex : Fec : 2. 0 packets/sec 150 0/500/0 . destination 3.2 In-Label : NULL Out-Label : 3 In-Interface : ---------- Out-Interface : POS2/1/2 LspIndex : 10242 Tunnel ID : 0x22000 LsrType : Ingress Outgoing Tunnel ID : 0x0 Label Operation : PUSH # Perform the display interface tunnel command on PE 1.0.2/32 Nexthop : 127.1 In-Label : 3 Out-Label : NULL In-Interface : POS2/1/2 Out-Interface : ---------- LspIndex : 10241 Tunnel ID : 0x0 LsrType : Egress Outgoing Tunnel ID : 0x0 Label Operation : POP No : 4 VrfIndex : Fec : 3.3 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: Last 300 seconds output: 0/75/0 5 bytes/sec. 0 packets/sec 5 bytes/sec. The output shows that traffic is being forwarded along the CR-LSP of the TE tunnel.1.3/32 Nexthop : 10.1. [PE1] display interface tunnel 4 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1500 Internet Address is 12.3. service-loopback-group ID not set Tunnel source unknown.2.0.3.3.1/24 Primary Encapsulation is TUNNEL.3.0.2.0.

Perform the display current-configuration command to check that MPLS TE is configured on involved interfaces. Perform the debugging ospf mpls-te command to observe whether OSPF can receive the TE LINK establishment message. Perform the display ospf peer command to check that OSPF neighbors are established correctly. • A switching command with higher priority forces data to travel along the protection tunnel. the configuration defines that reverting should not occur. 1. the Switch Result field has a value of Protect-tunnel and the Work-tunnel defect state field has a value of No-defect. If the Mode field in the output is Non-revertive. • The reverting delay period is relatively long. 3. you can configure the mpls te protection tunnel command in the main tunnel interface view to set the reverting mode as revertive. In the output of the display mpls te protection tunnel command. If the Mode field is revertive and the WTR field is a non-zero value. 2. If you expect that protection switching will be triggered when the main tunnel recovers. the reverting delay timer has expired. data will be switched back to the main tunnel. 2856 bytes 0 output error Troubleshooting MPLS TE No TE LSA generated Symptom OSPF TE is configured but no TE LSAs can be generated to describe MPLS TE attributes. Swicthback fails to occur when the main tunnel resumes Symptom When data is transmitted along the protection tunnel. Execute the display mpls te protection tunnel command. at least one OSPF neighbor must reach the FULL state. the main tunnel becomes normal but data still travels along the protection tunnel. Analysis For TE LSAs to be generated. When the timer expires. 2856 bytes 0 input error 34 packets output.34 packets input. If you hope the switchover occurs immediately when the main tunnel recovers. you can use the mpls te protection tunnel command to change the reverting delay time to 0. if the main tunnel still has no defect. Solution 151 . 2. Analysis Possible reasons include: • The reverting mode is non-revertive. Solution 1.

152 . you can use the mpls te protect-switch clear command to clear all configured switching actions. a switching action with a higher priority than the signal switching is configured. If your case is neither 1) nor 2). check the The current switch command field in the output of the display mpls te protection tunnel command. If its value is Force. If you expect that signaling can trigger switchover when the main tunnel recovers.3.

153 . Once a PE receives a packet from an AC. With QinQ. a tunneling protocol based on 802. A PW consists of two unidirectional MPLS virtual circuits (VCs).1Q in 802. service providers can create on the PEs a series of virtual switches for customers. • VSI—Virtual switch instance that maps actual access links to virtual links. Operation of VPLS Basic VPLS concepts • CE—Customer edge device that is directly connected to the service provider network. • Encapsulation—Packets transmitted over a PW use the standard PW encapsulation formats and technologies: Ethernet and VLAN. allowing customers to build their LANs across the Metropolitan Area Network (MAN) or Wide Area Network (WAN). • QinQ—802. the forwarder selects a PW for forwarding the packet. geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN. must be forwarded to the peer site without being changed. It can use physical interfaces or virtual interfaces. This provides a simpler Layer 2 VPN tunneling service. Usually.1Q. With VPLS. it supports multipoint services. • UPE—User facing provider edge device that functions as the user access convergence device. An NPE resides at the edge of a VPLS network core domain and provides transparent VPLS transport services between core networks. A PE can be a UPE or NPE. • NPE—Network provider edge device that functions as the network core PE. including Layer 2 and Layer 3 protocol messages. usually an MPLS tunnel. allowing packets to be transmitted with two layers of tags across the service provider network. can deliver a point-to-multipoint L2VPN service over public networks. also called Transparent LAN Service (TLS) or virtual private switched network service. • PE—Provider edge device that connects one or more CEs to the service provider network.1Q. • Tunnel—A tunnel. • AC—Attachment circuit that connects the CE to the PE. However. is a direct channel between a local PE and the peer PE for transparent data transmission in-between. With VPLS. rather than the point-to-point services that traditional VPN supports.Configuring VPLS VPLS overview Virtual Private LAN Service (VPLS). It is used to carry PWs. VPLS provides Layer 2 VPN services. • Forwarder—A forwarder functions as the VPLS forwarding table. all user packets on an AC. • PW—Pseudo wire that is the bidirectional virtual connection between VSIs. A tunnel can carry multiple PWs. It offers a point-to-multipoint L2VPN service mechanism. A PE maps and forwards packets between private networks and public network tunnels. the private network VLAN tags of packets are encapsulated into the public network VLAN tags.

Figure 35 shows a typical VPLS networking scenario. Figure 36 shows the procedure of MAC address learning and flooding on PEs. the PW needs to map the MAC address to the outbound VC LSP. Each PE maintains a MAC address table. It is used for creating and maintaining PWs and automatically discovering VSI peer PE.• PW signaling—The PW signaling protocol is the fundament of VPLS. Local MAC address learning of interfaces directly connected to users This refers to learning source MAC addresses from Layer 2 packets originated by CEs. 154 . This occurs on the corresponding VSI interfaces. Currently. When the inbound VC LSP learns a new MAC address. A PW is up only when both of the VC LSPs are up. Source MAC address learning MAC address learning includes two parts: Remote MAC address learning associated with PWs A PW consists of two unidirectional VC LSPs. 1. Figure 35 Network diagram for VPLS Site 1 Tunnel VPN 1 PW AC CE 1 VPN 2 Site 2 MPLS backbone CE 2 Forwarder P CE 3 VPN 1 PE 1 CE 4 PE 2 PWSignaling VPN 2 Site 3 MAC address learning and flooding VPLS provides reachability by MAC address learning. there are two PW signaling protocols: LDP and BGP.

VPLS loop avoidance In general. which carries MAC TLV. except for those learned from the PW that sent the message. the PE resets the aging timer. a PE updates the corresponding MAC entries in the FIB table of the VPLS instance and sends the message to other PEs that are directly connected through LDP sessions. The aging mechanism used here is the aging timer corresponding to the MAC address.Figure 36 MAC learning and flooding on PEs 2. After a backup link becomes active and a message with the instruction of relearning MAC entries arrives. If NULL is specified. If the message contains a null MAC address TLV list. MAC address aging Remote MAC addresses learned by a PE that are related to VC labels but no more in use need to be aged out by an aging mechanism. The address reclaim message is very useful when the network topology changes and it is required to remove the learned MAC addresses quickly. When receiving a packet whose source MAC address has an aging timer started. the router removes all MAC addresses of the VSI except for those learned from the PW that received the address reclaim message. these PEs remove all MAC addresses from the specified VSI. Therefore. MAC address reclaim Dynamic address learning must support refreshing and relearning. full mesh and split horizon forwarding are used to avoid use of STP at the private network side. This is not applicable for VPLS networks because the users cannot sense the service provider network. In VPLS. Two methods for VPLS loop avoidance are supported: 155 . Layer 2 networks use the Spanning Tree Protocol (STP) to avoid loops. Upon receiving such a message. enabling STP in the private networks means nothing to the service provider network. There are two types of address reclaim messages: those with MAC address lists and those without MAC address lists. a router removes MAC addresses or relearns them according to the specified parameters in the TLV. The VPLS draft defines a dynamic address learning method that uses the address reclaim message. 3.

LDP and BGP are used to automatically discover VSI peer PEs. In addition. • Ethernet access: The Ethernet header of a packet upstream from the CE or downstream from the PE does not contain any service delimiter. they can only be forwarded to the private network side. the PE removes the service delimiter and adds a PW label and a tunnel label into the packet before forwarding the packet. • VLAN access: The Ethernet header of a packet sent by a CE to a PE or sent by a PE to a CE includes a VLAN tag that is added in the header as a service delimiter for the service provider network to identify the user. You can specify the VSI access mode to be used. If a header contains a VLAN tag. P-TAG is not transferred on the PW. The tag is called a P-Tag. • In Ethernet mode. LDP and BGP can be used as PW signaling protocols. which can be VLAN or Ethernet. Packet encapsulation on a PW The packet encapsulation type of a PW. With the PW signaling protocol. For a packet to be sent downstream. the PW signaling protocol advertises VPLS system parameters such as PW ID. In other words. it is the internal VLAN tag of the user and means nothing to the PE. and interface parameters. This kind of internal VLAN tag of the user is called a U-Tag.” VPLS packet encapsulation Packet encapsulation on an AC The packet encapsulation type of an AC depends on the user VSI access mode. that is. control word. because all the PEs of a VSI are directly connected. can be either Ethernet or VLAN. 156 . each PE must create for each VPLS forwarding instance a tree to all the other PEs of the instance. Otherwise. VPLS can be one of the following based on the PW signaling protocol used: • LDP VPLS—Uses LDP as the signaling protocol. NOTE: For more information about the Martini mode and Kompella mode. • Each PE must support horizontal split to avoid loops. packets from PWs on the public network side cannot be forwarded to other PWs. also called the PW transport mode. the PE directly adds a PW label and a tunnel label into the packet and then forwards the packet. rewriting and removing of existing tags are not allowed. Peer PE discovery and PW signaling protocol For PEs in the same VSI. This mode is also called the Martini mode. VC label) and advertise the assigned VC flag to the peer. This mode is also called the Kompella mode. a PW signaling protocol is needed to assign a multiplex distinguishing flag (that is. For a PW to be created. whether the PE adds the service delimiter into the packet depends on your configuration. PWs can be established between PEs to form a fully meshed network to provide VPLS services. a PE cannot forward packets via PWs of the same VSI. you can configure the peer PE addresses or use an automatic discovery mechanism. that is. However. For a packet from a CE. • BGP VPLS—Uses BGP extension as the signaling protocol. see the chapter “Configuring MPLS L2VPN. Currently.• PEs are logically fully meshed (so are PWs). if it contains the service delimiter.

UPE tags the packet with the MPLS label for the U-PW. the PE keeps the P-Tag unchanged or changes the P-Tag to the VLAN tag expected by the peer PE or to a null tag (the tag value is 0). • Upon receiving the packet from the N-PW. the PE adds the VLAN tag expected by the peer PE or a null tag. H-VPLS implementation Hierarchy of VPLS (H-VPLS) can extend the VPLS access range of a service provider and reduce costs. NPE 1 determines which VSI the packet belongs to by the label and. For the first packet with an unknown destination MAC address or a broadcast packet. which forwards the packet to the CE. Data forwarding in H-VPLS with LSP access is as follows: • Upon receiving a packet from a CE. removes.• In VLAN mode. H-VPLS with LSP access Figure 37 H-VPLS with LSP access As shown in Figure 37. UPE can forward them directly without NPE 1 because it holds the bridging function by itself. packets transmitted over the PW must carry a P-Tag. and forwards the packet. • H-VPLS reduces the logical complexity of the fully meshed network consisting of PEs and the configuration complexity. the packet encapsulation type of a PW is VLAN by default. 157 . at the same time. which replicates the packet and sends a copy to each peer CE. or retains the service delimiter depending on your configuration. and then sends the packet to NPE 1. Advantages of H-VPLS access • H-VPLS has lower requirements on the multi-tenant unit switch (MTU-s). It does not establish virtual links with any other peers. namely the multiplex distinguishing flag. UPE broadcasts the packet to CE 2 through the bridging function and. It has distinct hierarchies which fulfill definite tasks. UPE functions as the convergence device MTU-s and establishes only a virtual link U-PW with NPE 1. If the packet contains no service delimiter. and then a PW label and a tunnel label into the packet before sending the packet out. based on the destination MAC address of the packet. and then adds a PW label and a tunnel label into the packet before sending the packet out. • When receiving the packet. For a packet to be sent downstream. For a packet from a CE. forwards it through U-PW to NPE 1. tags the packet with the multiplex distinguishing flag for the N-PW. if it contains the service delimiter. According to the protocol. NPE 1 tags the packet with the multiplex distinguishing flag for the U-PW and sends the packet to UPE. For packets to be exchanged between CE 1 and CE 2. the PE rewrites.

For the first data packet with an unknown destination MAC address or a broadcast packet. and transparently sends the packet to PE 1 through the QinQ tunnel. • Upon receiving the packet from the PW. it forwards the packet. PE 1 determines which VSI the packet belongs to by the VLAN tag and. MTU labels the packet with a VLAN tag as the multiplex distinguishing flag. MTU broadcasts the packet to CE 2 through the bridging function and. For packets to be exchanged between CE 1 and CE 2. based on the destination MAC address of the packet. based on the destination MAC address of the packet. PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag (MPLS label) and. MTU is a standard bridging device and QinQ is enabled on its interfaces connected to CEs. forwards it through the QinQ tunnel to PE 1. which replicates the packet and sends a copy to each peer CE. labels the packet with the VLAN tag. at the same time.H-VPLS with QinQ access Figure 38 H-VPLS with QinQ access As shown in Figure 38. MTU can forward them directly without PE 1 because it holds the bridging function by itself. Then. which in turn forwards the packet to the CE. Data forwarding in H-VPLS with QinQ access is as follows: • Upon receiving a packet from a CE. • When receiving the packet. Then. it forwards the packet through the QinQ tunnel to MTU. 158 . tags the packet with the multiplex distinguishing flag (MPLS label) for the PW.

PW redundancy The network design with a single PW between a UPE and an NPE has a distinct drawback: once the PW experiences a failure. all traffic between spoke sites must go through the hub site. The H-VPLS with LSP access provides redundant links for PW backup. Normally. one of the VPLS networking modes.” The PEs connecting the spoke sites are called “spoke-PEs. 159 . causing the PW to go down. and the PW is deleted as a result. there is one hub site and multiple spoke sites. The PE connecting the hub site is called the “hub-PE.” Advantages of hub-spoke networking In hub-spoke networking. facilitating centralized management of traffic. When the main link fails. all VPNs connected to the aggregate device will lose connectivity. • BFD detects a primary link failure. only the primary PW link is used. Figure 39 Backup link for H-VPLS with LSP access CE 1 NPE 1 N-PW NPE 3 U-PW UPE CE 3 N-PW CE 2 N-PW U-PW (Backup link) NPE 2 The H-VPLS with LSP access activates the backup link when: • The tunnel over which the primary PW is established is deleted. Hub-spoke VPLS implementation In hub-spoke networking. data transmission between them depends on the hub site (the hub-CE). the backup link takes over the VPN services. The spoke sites (the spoke-CEs) are not permitted to communicate with each other directly. • The LDP session between the peers of the primary PW goes down.

3. Receiving the packet from the AC. you can establish multiple continuous PW segments that function as a single PW. • The two PEs use different PW signaling protocols. the following describes only the data forwarding procedure: 1.Hub-Spoke networking Figure 40 Hub-spoke networking Hub-CE Hub-PE Spoke-PE 1 Spoke-CE 1 Spoke-PE 2 Spoke-CE 2 Figure 40 shows a typical hub-spoke networking application. In such cases. Upon receiving a packet from Spoke-CE 1. Multi-hop PW A PW cannot be setup directly between two PEs when: • The two PEs are in different Autonomous Systems (ASs). Hub-CE has Layer 2 forwarding function. called a “multi-hop PW. Hub-PE determines by the MPLS label the VSI that the packet is for and forwards the packet to Hub-CE directly. When Spoke-PE 2 receives the packet from the PW. As the MAC address learning in a hub-spoke network is the same as that in a common network.” a virtual connection between the two PEs. 160 . Receiving the packet from the PW. and forwards the packet to Spoke-PE 2. 5. Hub-PE determines by the VLAN tag the VSI that the packet is for. Spoke-PE 1 inserts an MPLS label into the packet according to the VSI to which Spoke-CE 1 belongs and then forwards the packet to Hub-PE. inserts an MPLS label to which the PW corresponds based on the destination MAC address. and then forwards the packet to Spoke-CE 2. It processes the packet and then forwards the packet back to Hub-PE. where they cannot establish a singling connection. 4. it determines by the MPLS label the VSI that the packet is for. 2.

and PW 3 between ASBR 2 between PE 2. PE 1 and PE 2 are in different ASs. Then. PW 2.Figure 41 Diagram for multi-hop PW MPLS backbone MPLS backbone ASBR 2 ASBR 1 AS 100 AS 200 PE 1 PE 2 PW 2 PW 1 PW 3 CE 1 CE 2 As shown in Figure 41. Then. upon receiving a packet from PW 2 (or PW 3). Thus. • Associate PW 2 and PW 3 on ASBR 2. • Associate PW 1 and PW 2 on ASBR 1. when receiving a packet from PW 1 (or PW 2). PW 1. and PW 3 are put end to end and a multi-hop PW is formed across the ASs. To set up a multi-hop PW between PE 1 and PE 2. PW 2 between ASBR 1 and ASBR 2. NOTE: Only LDP VPLS connections can form a multi-hop PW. VPLS configuration task list Complete the following tasks to configure VPLS: Task Configuring LDP VPLS Configuring BGP VPLS Remarks Enabling L2VPN and MPLS L2VPN Required Configuring an LDP VPLS instance Required Configuring the BGP extension Required Enabling L2VPN and MPLS L2VPN Required Configuring a BGP VPLS instance Required Binding a VPLS instance Required Configuring MAC address learning Optional Configuring VPLS attributes Optional 161 Configure either type of VPLS as needed . you need to: • Establish three PWs: PW 1 between PE 1 and ASBR 1. ASBR 1 removes the existing inner and outer labels of the packet and adds the inner and outer labels of PW 2 (or PW 1) to the packet. ASBR 2 removes the existing inner and outer labels of the packet and then adds the inner and outer labels of PW 3 (or PW 2) to the packet.

mpls l2vpn NOTE: For more information about the l2vpn command and the mpls l2vpn command. In L2VPN implementation. Use the peer command to create the VPLS peer PE for the instance. For configuration information. the Martini mode uses extended LDP (remote LDP sessions) as the signaling for transferring PW information. When configuring a VPLS instance in LDP mode. Enable MPLS L2VPN. Enter system view. Therefore. you must configure LDP as the signaling protocol to be used.Configuring LDP VPLS Configuration prerequisites • Configure IGP on the MPLS backbone devices (PEs and P devices) to guarantee the IP connectivity of the MPLS backbone. Configuring an LDP VPLS instance Configuration prerequisites • Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone • Configuring basic MPLS for the MPLS backbone on the PEs and P devices • Configuring MPLS L2VPN Configuration procedure When creating an LDP VPLS instance. you need to perform the following configurations: 1. Specify the ID of the VPLS instance. 3. To enable L2VPN and MPLS L2VPN: Step Command 1. system-view 2. 4. see Layer 3—IP Routing Configuration Guide. specifying: • IP address of the peer PE. see the chapter “Configuring basic MPLS. For configuration information. 162 . see the chapter “Configuring basic MPLS. • Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels on the backbone network. see MPLS Command Reference. Specify a globally unique name for the VPLS instance and set the peer discovery mechanism to manual configuration. the LDP mode is also called the Martini mode. l2vpn 3.” • Configure LDP remote peers on PEs to establish remote LDP sessions. For configuration details.” Enabling L2VPN and MPLS L2VPN You need to enable L2VPN and MPLS L2VPN before you can perform VPLS related configurations. 2. Enable L2VPN and enter L2VPN view.

2. On a UPE. Return to system view. Configure the PW transport mode. vsi-id vsi-id N/A Create a peer PE for the VPLS instance.• ID of the PW to the peer PE. pw-class pw-class-name 3. vsi vsi-name static [ hub-spoke | p2p ] N/A 7. trans-mode { ethernet | vlan } Optional. NOTE: For information about Martini mode. Specify LDP as the PW signaling protocol and enter VSI LDP view. Enter system view. the peer is a user access convergence device in the H-VPLS model. the local PE is a UPE and you create a primary NPE and a secondary NPE on it. quit N/A 6. while it is not necessary for a UPE to connect with all the NPEs. no PW class template is created. 4. Enable the PW switchback function and set the switchback delay time. A PW class template defines the PW transport mode and tunneling policy to be used. the tunneling policy specified through the tnl-policy command in VSI view is used. Optional. you can configure only one pair of primary and secondary NPEs. Create an LDP VPLS instance and enter VSI view. pw-tunnel-policy policy-name By default. dual-npe revertive [ wtr-time wtr-time ] 163 Optional. Disabled by default. which must be consistent with that specified on the peer PE. 5. see the chapter “Configuring MPLS L2VPN. The specified remote NPE peers must be fully meshed. • Type of the peer PE. 10. Create a PW class template and enter its view.” To configure an LDP VPLS instance: Step Command Remarks system-view N/A 1. Specify a tunneling policy. If you specify a peer as a UPE. peer ip-address [ { hub | spoke } | pw-class class-name | [ pw-id pw-id ] [ upe | backup-peer ip-address [ backup-pw-id pw-id ] ] ] * N/A 8. . Optional. VLAN by default. pwsignal ldp N/A Specify an ID for the VPLS instance. 9. By default. • PW class template to be referenced. If you specify the backup-peer keyword when creating the peer.

NOTE: • To configure a multi-hop PW. you need to configure BGP parameters on the PEs. To configure BGP extension: Step Command Remarks 1. see Layer 3—IP Routing Configuration Guide. see Layer 3—IP Routing Configuration Guide. see the chapter “Configuring basic MPLS. specify the p2p keyword when you create a VPLS instance to enable the PW to PW (P2P) capability. mpls lsr-id 3. mpls 164 . Activate a peer. and specify the two peer PEs by using the peer command in the VPLS instance view to associate two PWs. For configuration information. Enter VPLS address family view. system-view N/A 2. Enter system view.” Enabling L2VPN and MPLS L2VPN Enable L2VPN and MPLS L2VPN before you configure VPLS related configurations. • A P2P enabled VPLS instance cannot be bound with a Layer 3 interface or a service instance. Enable MPLS capability and enter MPLS view. NOTE: For configurations in VPLS address family view. • Up to two peer PEs can be specified for a P2P enabled VPLS instance. Enter system view. Configuring BGP VPLS Configuration prerequisites • Configure IGP on the MPLS backbone devices (PEs and P devices) to guarantee the IP connectivity of the MPLS backbone. system-view 2. Enter BGP view. see the chapter “Configuring MPLS L3VPN. vpls-family N/A 4. To enable L2VPN and MPLS L2VPN: Step Command 1. For configuration details. • Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels on the backbone network. Configure the LSR ID. peer peer-address enable No peer is activated by default. For configuration details. and one of them must be specified as a UPE.” Configuring the BGP extension Before configuring BGP VPLS. bgp as-number N/A 3.

Configure an RD for the VPLS instance. route-distinguisher route-distinguisher 5. reset bgp vpls { as-number | ip-address | all | external | internal } Available in user view Binding a VPLS instance You can establish the association between packets and a VPLS instance in either of the following methods: 165 . mpls l2vpn NOTE: For more information about the l2vpn command the mpls l2vpn command. Create a site for the VPLS instance. where extended BGP is used as the signaling protocol. To configure a BGP VPLS instance: Step Command 1. you must specify a globally unique name for the VPLS instance and set the peer discovery mechanism to automatic configuration. When configuring a VPLS instance in BGP mode. pwsignal bgp 4. site site-id [ range site-range ] [ default-offset { 0 | 1 } ] Resetting VPLS BGP connections When the BGP routing policy or protocol is changed. l2vpn 6. The BGP mode is also called the Kompella mode. vpn-target vpn-target&<1-16> [ both | import-extcommunity | export-extcommunity ] 6. Configuring a BGP VPLS instance When creating a BGP VPLS instance. Return to system view. you must reset the BGP connections in a VPLS to make the new configurations take effect to all connections. system-view 2. quit 5. vsi vsi-name auto 3. Configure VPN targets for the VPLS instance. Task Command Remarks Reset VPLS BGP connections. Specify BGP as the PW signaling protocol and enter VSI BGP view. Enter system view. see MPLS Command Reference. Enable L2VPN and enter L2VPN view.Step Command 4. you must configure BGP as the signaling protocol to be used. Create a BGP VPLS instance and enter VSI view. Enable MPLS L2VPN.

• Binding a Layer 3 interface (other than VLAN interface) with the VPLS instance. After you remove the binding. do not enable the MPLS function. • Bind the service instance with the VPLS instance. you need to: • Create a service instance on the Layer 2 Ethernet port. To bind a Layer 3 interface with a VPLS instance: Step Command Remarks 1. one VLAN interface can be bound to only one VPLS instance and all packets carrying the VLAN tag will be forwarded through the VPLS instance. system-view N/A 2. • Specify a packet matching VLAN ID for the service instance. This not only wastes the Layer 2 Ethernet interface and VLAN resources. After you configure such a binding. interface interface-type interface-number N/A 3. a routing interface or a routing sub-interface. for example. • Binding a Layer 2 port and a VLAN ID with the VPLS instance. • If you bind a Layer 3 interface with a VPLS instance. the IP related functions on the sub-interfaces recover. Binding a Layer 2 port and a VLAN ID with the VPLS instance To bind a Layer 2 port and a VLAN ID with the VPLS instance. CAUTION: • On the interface that is bound with a VPLS instance. but also cannot differentiate users and services connected to different Layer 2 Ethernet ports. the sub-interfaces cannot receive ARP or IGMP packets. packets that arrive at the Layer 2 Ethernet port and match the specified VLAN ID will be forwarded through the bound VPLS instance. With the first binding method. For example. you need to remove both the VPLS service and the MPLS service and then reconfigure the service. IP related functions on the sub-interfaces of the Layer 3 interface will fail. To bind a Layer 2 port and a VLAN ID with the VPLS instance: 166 . regardless of which Layer 2 Ethernet ports the packets arrive at. Bind the interface with a VPLS instance. Enter interface view. packets arriving at the Layer 2 port and carrying the specified VLAN tag will be forwarded through the VPLS instance. Binding a Layer 3 interface with a VPLS instance NOTE: The router does not support binding a VLAN interface with a VPLS instance in this method. neither VPLS nor MPLS can work normally and to use either service. After these configurations. if you bind VLAN interfaces. they cannot forward unicast or multicast packets. Enter system view. Otherwise. l2 binding vsi vsi-name [ access-mode { ethernet | vlan } | { hub | spoke } ] * By default. an interface is not bound with any VPLS instance. After you configure such a binding. all packets arriving at the Layer 3 interface will be forwarded through the VPLS instance. The second binding method can solve these problems.

Add the Layer 2 port that connects the CE to the VLAN. Specify a packet matching VLAN ID for the service instance. Enter system view.Step Command Remarks 1. . mac-learning { enable | disable } 4. service-instance service-instance-id By default. 5. see the chapter “Configuring MPLS L2VPN. 65535 by default. quit N/A 5. port interface N/A 4. Create the VLAN to be used by the service instance to match packets.” • Only when the VPLS instance is enabled with the hub-spoke capability. mac-learn-style { qualify | unqualify } Set the maximum number of MAC addresses that the device can learn for the VPLS instance. Enter VSI view. Specify a MAC address learning mode for the VPLS instance. system-view N/A 2. vlan vlan-id N/A 3. Return to system view. 8. NOTE: • You can configure up to 4094 service instances on a Layer 2 Ethernet port. Enter system view. Configuring MAC address learning To configure the MAC address learning function: Step Command Remarks 1. • The xconnect vsi command is only available for service instances with the ID in the range of 1 to 4094. encapsulation s-vid vlan-id By default. Associate the service instance with a VPLS instance. The default is spoke. vsi vsi-name N/A 3. a service instance is not associated with any VPLS instance. can you further specify the access mode as hub or spoke. mac-table limit mac-limit-number 167 unqualify by default. Optional. Optional. Enable/disable MAC address learning for the VPLS instance. 7. xconnect vsi vsi-name [ access-mode { ethernet | vlan } | { hub | spoke } ] * By default. no service instance is created. Create the service instance and enter its view. The router only supports the unqualify mode. interface interface-type interface-number N/A 6. Enter the view of the port connecting the CE. • For the access mode configuration of a service instance. Enabled by default. Optional. system-view N/A 2. no packet matching VLAN ID is specified for a service instance.

CR-LSP tunnel. display bgp vpls { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher route-distinguisher [ site-id site-id [ label-offset label-offset ] ] } [ | { begin | exclude | include } regular-expression ] Available in any view 168 . see Fundamentals Configuration Guide. no tunneling policy is specified for a VPLS instance and a VPLS instance uses the default tunneling policy. shutdown 4. Optional. The default tunneling policy selects only one tunnel (no load balancing) in this order: LSP tunnel. which corresponds to the VSI PW encapsulation type of tagged. bandwidth vpn-speed Set the broadcast suppression percentage of the VPLS instance. 9.400 kbps by default. vsi vsi-name N/A 3. Specify a tunneling policy for the VPLS instance. mtu mtu Set the description of the VPLS instance. encapsulation { ethernet | vlan | bgp-vpls } 6. Optional. 8. Enter system view. No description set by default.Configuring VPLS attributes To configure VPLS attributes: Step Command Remarks 1. Optional. Optional. 102. 7. 1. Displaying and maintaining VPLS Task Command Remarks Display the VPLS information in the BGP routing table. Enter VSI view. Set the MTU of the VPLS instance. For more information about system working modes. description text Shut down the VPLS service of the VPLS instance. NOTE: The router supports limiting traffic speed and suppressing broadcast traffic for VPLS instances only when the system working mode is SPE.500 bytes by default. Set the upper speed limit of the VPLS instance. vlan by default. Enabled by default. Optional. Optional. Optional. 5 by default. tnl-policy tunnel-policy-name By default. Specify the encapsulation type of the VPLS instance. system-view N/A 2. broadcast-restrain ratio 5.

the Martini mode. reset mac-address vsi [ vsi-name ] Available in user view VPLS configuration examples Configuring VPLS instances Network requirements CE 1 and CE 2 reside in different sites but both belong to VPN 1. display vsi remote { bgp | ldp } [ | { begin | exclude | include } regular-expression ] Available in any view Display information about one or all PW class templates. the Kompella mode. Figure 42 Network diagram 169 . display vsi [ vsi-name ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about remote VPLS connections. that is. The AS number is 100. display pw-class [ pw-class-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about one or all fast switching groups. while bbb uses BGP. display mpls l2vpn fib pw vpls [ vsi vsi-name [ link link-id ] ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about one or all VPLS instances. display l2vpn fast-switch-group [ group-index ] [ | { begin | exclude | include } regular-expression ] Available in any view Clear the MAC address table of one or all VPLS instances. VPLS instance aaa uses LDP.Task Command Remarks Display the MAC address table information of one or all VPLS instances. that is. display vpls connection [ bgp | ldp | vsi vsi-name ] [ block | down | up ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the AC information of one or all VPLS instances. display mac-address vsi [ vsi-name ] [ blackhole | dynamic | static ] [ count ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about VPLS connections. display mpls l2vpn fib ac vpls [ vsi vsi-name | interface interface-type interface-number [ service-instance service-instanceid ] ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the PW information of one or all VPLS instances.

2. [PE1] vsi aaa static [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500 [PE1-vsi-aaa-ldp] peer 2. [PE1] bgp 100 [PE1-bgp] peer 2.2. [PE1-GigabitEthernet3/1/1] mpls [PE1-GigabitEthernet3/1/1] mpls ldp [PE1-GigabitEthernet3/1/1] quit # Configure the remote LDP session.1. which is OSPF in this example.2.9 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # Configure the VPLS instance bbb that uses BGP signaling. Configure PE 1.9 enable [PE1-bgp-af-vpls] quit [PE1-bgp] quit # Enable L2VPN and MPLS L2VPN.10.1.Configuration procedure 1.9 as-number 100 [PE1-bgp] peer 2.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1. (Details not shown) # Configure basic MPLS.2.9 connect-interface loopback 0 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 2. # Configure the IGP protocol.1.10 24 # Configure basic MPLS on the interface.2.2. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling.9 [PE1-mpls-remote-1] quit # Configure BGP extension.2.2. [PE1] vsi bbb auto 170 . [PE1] mpls ldp remote-peer 1 [PE1-mpls-remote-1] remote-ip 2. [PE1] interface GigabitEthernet 3/1/1 [PE1-GigabitEthernet3/1/1] ip address 10.10.2.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface GigabitEthernet 3/1/1.2.1. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.

[PE2-GigabitEthernet3/1/1] mpls [PE2-GigabitEthernet3/1/1] mpls ldp [PE2-GigabitEthernet3/1/1] quit # Configure the remote LDP session. # Configure the IGP protocol.2.1.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.1. (Details not shown) # Configure basic MPLS. [PE2] mpls ldp remote-peer 2 [PE2-mpls-remote-2] remote-ip 1. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2. 171 .9 enable [PE2-bgp-af-vpls] quit [PE2-bgp] quit # Enable L2VPN and MPLS L2VPN.1.2. [PE1] interface GigabitEthernet3/1/2 // To bind VPLS instance aaa to interface GigabitEthernet 3/1/2: [PE1-GigabitEthernet3/1/2] l2 binding vsi aaa // To bind VPLS instance bbb to interface GigabitEthernet 3/1/2: [PE1-GigabitEthernet3/1/2] l2 binding vsi bbb [PE1-GigabitEthernet3/1/2] quit 2.1. such as OSPF.11 24 # Configure basic MPLS on the interface.1.2.9 connect-interface loopback 0 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer 1.9 [PE2-mpls-remote-2] quit # Configure BGP extensions.1.10. [PE2] interface GigabitEthernet 3/1/1 [PE2-GigabitEthernet3/1/1] ip address 10.1. [PE2] bgp 100 [PE2-bgp] peer 1. Configure PE 2.2.[PE1-vsi-bbb] pwsignal bgp [PE1-vsi-bbb-bgp] route-distinguisher 100:1 [PE1-vsi-bbb-bgp] vpn-target 111:1 [PE1-vsi-bbb-bgp] site 1 range 10 [PE1-vsi-bbb-bgp] quit [PE1-vsi-bbb] quit # Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa or bbb to the interface.10.1.9 [PE2] mpls [PE1-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface GigabitEthernet 3/1/1.9 as-number 100 [PE2-bgp] peer 1.

[PE2] l2vpn
[PE2-l2vpn] mpls l2vpn
[PE2-l2vpn] quit

# Configure the VPLS instance aaa that uses LDP signaling.
[PE2] vsi aaa static
[PE2-vsi-aaa] pwsignal ldp
[PE2-vsi-aaa-ldp] vsi-id 500
[PE2-vsi-aaa-ldp] peer 1.1.1.9
[PE2-vsi-aaa-ldp] quit
[PE2-vsi-aaa] quit

# Configure the VPLS instance bbb that uses BGP signaling.
[PE2] vsi bbb auto
[PE2-vsi-bbb] pwsignal bgp
[PE2-vsi-bbb-bgp] route-distinguisher 100:1
[PE2-vsi-bbb-bgp] vpn-target 111:1
[PE2-vsi-bbb-bgp] site 2 range 10
[PE2-vsi-bbb-bgp] quit
[PE2-vsi-bbb] quit

# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa or bbb to the interface.
[PE2] interface GigabitEthernet 3/1/2

// To bind VPLS instance aaa to interface GigabitEthernet 3/1/2:
[PE2-GigabitEthernet3/1/2] l2 binding vsi aaa

// To bind VPLS instance bbb to interface GigabitEthernet 3/1/2:
[PE2-GigabitEthernet3/1/2] l2 binding vsi bbb
[PE2-GigabitEthernet3/1/2] quit

After completing previous configurations, issue the display vpls connection command on the PEs. You will
see that a PW connection in up state has been established.

Configuring H-VPLS with LSP access
Network requirements
Create a U-PW between UPE and NPE 1 and an N-PW between NPE 1 and NPE 3. Create an LDP VPLS
instance aaa.
Figure 43 Network diagram

172

Configuration procedure
1.

Configure the IGP protocol (such as OSPF) on the MPLS backbone. (Details not shown)

2.

Configure UPE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname UPE
[UPE] interface loopback 0
[UPE-LoopBack0] ip address 1.1.1.9 32
[UPE-LoopBack0] quit
[UPE] mpls lsr-id 1.1.1.9
[UPE] mpls
[UPE-mpls] quit
[UPE] mpls ldp
[UPE-mpls-ldp] quit

# Configure basic MPLS on the interface connected to NPE 1.
[UPE] interface GigabitEthernet 3/1/1
[UPE-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[UPE-GigabitEthernet3/1/1] mpls
[UPE-GigabitEthernet3/1/1] mpls ldp
[UPE-GigabitEthernet3/1/1] quit

# Configure the remote LDP session.
[UPE] mpls ldp remote-peer 1
[UPE-mpls-remote-1] remote-ip 2.2.2.9
[UPE-mpls-remote-1] quit

# Enable L2VPN and MPLS L2VPN.
[UPE] l2vpn
[UPE-l2vpn] mpls l2vpn
[UPE-l2vpn] quit

# Configure the VPLS instance aaa that uses LDP signaling.
[UPE] vsi aaa static
[UPE-vsi-aaa] pwsignal ldp
[UPE-vsi-aaa-ldp] vsi-id 500
[UPE-vsi-aaa-ldp] peer 2.2.2.9
[UPE-vsi-aaa-ldp] quit
[UPE-vsi-aaa] quit

# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa to the interface.
[UPE] interface GigabitEthernet 3/1/2
[UPE-GigabitEthernet3/1/2] l2 binding vsi aaa
[UPE-GigabitEthernet3/1/2] quit

3.

Configure NPE 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname NPE1
[NPE1] interface loopback 0
[NPE1-LoopBack0] ip address 2.2.2.9 32
[NPE1-LoopBack0] quit

173

[NPE1] mpls lsr-id 2.2.2.9
[NPE1] mpls
[NPE1–mpls] quit
[NPE1] mpls ldp
[NPE1–mpls-ldp] quit

# Configure basic MPLS on the interface connected to UPE.
[NPE1] interface GigabitEthernet3/1/1
[NPE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[NPE1-GigabitEthernet3/1/1] mpls
[NPE1-GigabitEthernet3/1/1] mpls ldp
[NPE1-GigabitEthernet3/1/1] quit

# Configure basic MPLS on the interface connected to NPE 3.
[NPE1] interface GigabitEthernet3/1/2
[NPE1-GigabitEthernet3/1/2] ip address 11.1.1.1 24
[NPE1-GigabitEthernet3/1/2] mpls
[NPE1-GigabitEthernet3/1/2] mpls ldp
[NPE1-GigabitEthernet3/1/2] quit

# Configure the remote LDP session with UPE.
[NPE1] mpls ldp remote-peer 2
[NPE1-mpls-remote-2] remote-ip 1.1.1.9
[NPE1-mpls-remote-2] quit

# Configure the remote LDP session with NPE 3.
[NPE1] mpls ldp remote-peer 3
[NPE1-mpls-remote-3] remote-ip 3.3.3.9
[NPE1-mpls-remote-3] quit

# Enable L2VPN and MPLS L2VPN.
[NPE1] l2vpn
[NPE1-l2vpn] mpls l2vpn
[NPE1-l2vpn] quit

# Configure the VPLS instance aaa that uses LDP signaling.
[NPE1] vsi aaa static
[NPE1-vsi-aaa] pwsignal ldp
[NPE1-vsi-aaa-ldp] vsi-id 500
[NPE1-vsi-aaa-ldp] peer 1.1.1.9 upe
[NPE1-vsi-aaa-ldp] peer 3.3.3.9
[NPE1-vsi-aaa-ldp] quit
[NPE1-vsi-aaa] quit

4.

Configure NPE 3.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname NPE3
[NPE3] interface loopback 0
[NPE3-LoopBack0] ip address 3.3.3.9 32
[NPE3-LoopBack0] quit
[NPE3] mpls lsr-id 3.3.3.9
[NPE3] mpls
[NPE3–mpls] quit

174

[NPE3] mpls ldp
[NPE3–mpls-ldp] quit

# Configure basic MPLS on the interface connected to NPE 1.
[NPE3] interface GigabitEthernet3/1/1
[NPE3-GigabitEthernet3/1/1] ip address 11.1.1.2 24
[NPE3-GigabitEthernet3/1/1] mpls
[NPE3-GigabitEthernet3/1/1] mpls ldp
[NPE3-GigabitEthernet3/1/1] quit

# Configure the remote LDP session.
[NPE3] mpls ldp remote-peer 1
[NPE3-mpls-remote-1] remote-ip 2.2.2.9
[NPE3-mpls-remote-1] quit

# Enable L2VPN and MPLS L2VPN.
[NPE3] l2vpn
[NPE3-l2vpn] mpls l2vpn
[NPE3-l2vpn] quit

# Configure the VPLS instance aaa that uses LDP signaling.
[NPE3] vsi aaa static
[NPE3-vsi-aaa] pwsignal ldp
[NPE3-vsi-aaa-ldp] vsi-id 500
[NPE3-vsi-aaa-ldp] peer 2.2.2.9
[NPE3-vsi-aaa-ldp] quit
[NPE3-vsi-aaa] quit

# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa to the interface.
[NPE3] interface GigabitEthernet 3/1/2
[NPE3-GigabitEthernet3/1/2] l2 binding vsi aaa
[NPE3-GigabitEthernet3/1/2] quit

After completing previous configurations, issue the display vpls connection command on the PEs. You will
see that a PW connection in up state has been established.

Configuring hub-spoke VPLS
Network requirements
Create a PW between Spoke-PE 1 and Hub-PE and another PW between Spoke-PE 2 and Hub-PE.
Create VPLS instance aaa and configure it to support hub-spoke networking.

175

Figure 44 Network diagram

Configuration procedure
1.

Configure an IGP (such as OSPF) on the MPLS backbone. (Details not shown)

2.

Configure Spoke-PE 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Spoke-PE1
[Spoke-PE1] interface loopback 0
[Spoke-PE1-LoopBack0] ip address 1.1.1.9 32
[Spoke-PE1-LoopBack0] quit
[Spoke-PE1] mpls lsr-id 1.1.1.9
[Spoke-PE1] mpls
[Spoke-PE1–mpls] quit
[Spoke-PE1] mpls ldp
[Spoke-PE1-mpls-ldp] quit

# Configure basic MPLS on the interface connected to Hub-PE.
[Spoke-PE1] interface GigabitEthernet 3/1/1
[Spoke-PE1-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[Spoke-PE1-GigabitEthernet3/1/1] mpls
[Spoke-PE1-GigabitEthernet3/1/1] mpls ldp
[Spoke-PE1-GigabitEthernet3/1/1] quit

# Configure the remote LDP session with Hub-PE.
[Spoke-PE1] mpls ldp remote-peer 1
[Spoke-PE1-mpls-remote-1] remote-ip 3.3.3.9
[Spoke-PE1-mpls-remote-1] quit

# Enable L2VPN and MPLS L2VPN.
[Spoke-PE1] l2vpn
[Spoke-PE1-l2vpn] mpls l2vpn
[Spoke-PE1-l2vpn] quit

176

# Configure LDP VPLS instance aaa that supports the hub-spoke model, and configure the peer as
the hub.
[Spoke-PE1] vsi aaa static hub-spoke
[Spoke-PE1-vsi-aaa] pwsignal ldp
[Spoke-PE1-vsi-aaa-ldp] vsi-id 500
[Spoke-PE1-vsi-aaa-ldp] peer 3.3.3.9 hub
[Spoke-PE1-vsi-aaa-ldp] quit
[Spoke-PE1-vsi-aaa] quit

# Configure interface GigabitEthernet 3/1/2, bind VPLS instance aaa to the interface, and
specify the attached CE as a spoke-CE.
[Spoke-PE1] interface GigabitEthernet 3/1/2
[Spoke-PE1-GigabitEthernet3/1/2] l2 binding vsi aaa spoke
[Spoke-PE1-GigabitEthernet3/1/2] quit

3.

Configure Spoke-PE 2.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Spoke-PE2
[Spoke-PE2] interface loopback 0
[Spoke-PE2-LoopBack0] ip address 2.2.2.9 32
[Spoke-PE2-LoopBack0] quit
[Spoke-PE2] mpls lsr-id 2.2.2.9
[Spoke-PE2] mpls
[Spoke-PE2–mpls] quit
[Spoke-PE2] mpls ldp
[Spoke-PE2–mpls-ldp] quit

# Configure basic MPLS on the interface connected to Hub-PE.
[Spoke-PE2] interface GigabitEthernet3/1/1
[Spoke-PE2-GigabitEthernet3/1/1] ip address 20.1.1.1 24
[Spoke-PE2-GigabitEthernet3/1/1] mpls
[Spoke-PE2-GigabitEthernet3/1/1] mpls ldp
[Spoke-PE2-GigabitEthernet3/1/1] quit

# Configure the remote LDP session with Hub-PE.
[Spoke-PE2] mpls ldp remote-peer 2
[Spoke-PE2-mpls-remote-2] remote-ip 3.3.3.9
[Spoke-PE2-mpls-remote-2] quit

# Enable L2VPN and MPLS L2VPN.
[Spoke-PE2] l2vpn
[Spoke-PE2-l2vpn] mpls l2vpn
[Spoke-PE2-l2vpn] quit

# Configure the LDP VPLS instance aaa that supports the hub-spoke model, and configure the peer
as the hub.
[Spoke-PE2] vsi aaa static hub-spoke
[Spoke-PE2-vsi-aaa] pwsignal ldp
[Spoke-PE2-vsi-aaa-ldp] vsi-id 500
[Spoke-PE2-vsi-aaa-ldp] peer 3.3.3.9 hub
[Spoke-PE2-vsi-aaa-ldp] quit
[Spoke-PE2-vsi-aaa] quit

177

# Configure interface GigabitEthernet 3/1/2, bind VPLS instance aaa to the interface, and
specify the attached CE as a spoke-CE.
[Spoke-PE2] interface GigabitEthernet 3/1/2
[Spoke-PE2-GigabitEthernet3/1/2] l2 binding vsi aaa spoke
[Spoke-PE2-GigabitEthernet3/1/2] quit

4.

Configure Hub-PE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Hub-PE
[Hub-PE] interface loopback 0
[Hub-PE-LoopBack0] ip address 3.3.3.9 32
[Hub-PE-LoopBack0] quit
[Hub-PE] mpls lsr-id 3.3.3.9
[Hub-PE] mpls
[Hub-PE–mpls] quit
[Hub-PE] mpls ldp
[Hub-PE–mpls-ldp] quit

# Configure basic MPLS on the interface connected to Spoke-PE 1.
[Hub-PE] interface GigabitEthernet 3/1/1
[Hub-PE-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[Hub-PE-GigabitEthernet3/1/1] mpls
[Hub-PE-GigabitEthernet3/1/1] mpls ldp
[Hub-PE-GigabitEthernet3/1/1] quit

# Configure basic MPLS on the interface connected to Spoke-PE 2.
[Hub-PE] interface GigabitEthernet 3/1/2
[Hub-PE-GigabitEthernet3/1/2] ip address 20.1.1.2 24
[Hub-PE-GigabitEthernet3/1/2] mpls
[Hub-PE-GigabitEthernet3/1/2] mpls ldp
[Hub-PE-GigabitEthernet3/1/2] quit

# Configure the remote LDP sessions.
[Hub-PE] mpls ldp remote-peer 1
[Hub-PE-mpls-remote-1] remote-ip 1.1.1.9
[Hub-PE-mpls-remote-1] quit
[Hub-PE] mpls ldp remote-peer 2
[Hub-PE-mpls-remote-2] remote-ip 2.2.2.9
[Hub-PE-mpls-remote-2] quit

# Enable L2VPN and MPLS L2VPN.
[Hub-PE] l2vpn
[Hub-PE-l2vpn] mpls l2vpn
[Hub-PE-l2vpn] quit

# Configure the LDP VPLS instance aaa that supports the hub-spoke model, and configure the peers
as spokes.
[Hub-PE] vsi aaa static hub-spoke
[Hub-PE-vsi-aaa] pwsignal ldp
[Hub-PE-vsi-aaa-ldp] vsi-id 500
[Hub-PE-vsi-aaa-ldp] peer 1.1.1.9 spoke
[Hub-PE-vsi-aaa-ldp] peer 2.2.2.9 spoke

178

[Hub-PE-vsi-aaa-ldp] quit
[Hub-PE-vsi-aaa] quit

# Configure interface GigabitEthernet 3/1/3, bind VPLS instance aaa to the interface, and
specifying the attached CE as the hub-CE.
[Hub-PE] interface GigabitEthernet 3/1/3
[Hub-PE-GigabitEthernet3/1/3] l2 binding vsi aaa hub
[Hub-PE-GigabitEthernet3/1/3] quit

After completing previous configurations, issue the display vpls connection command on the PEs. You will
see that a PW connection in up state has been established.

Configuring PW redundancy for H-VPLS access
Network requirements
As shown in Figure 45, UPE establishes a PW connection (U-PW) with NPE 1 and NPE 2, with the NPE
2 link as the backup. NPE 1 and NPE 2 each establish a PW connection (N-PW) with NPE 3. CE 3 is
connected to the network through NPE 3.
UPE is connected to NPE 1 through GigabitEthernet 3/1/2 and is connected to NPE 2 through
GigabitEthernet 3/1/3. NPE 1 is connected to NPE 3 through GigabitEthernet 3/1/5, and NPE 2 is
connected to NPE 3 through GigabitEthernet 3/1/6.
Configure a VPLS instance and configure it to support H-VPLS networking.
Figure 45 Network diagram

Configuration procedure
1.

Configure the IGP protocol (such as OSPF) on the MPLS backbone. (Details not shown)

2.

Configure UPE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname UPE
[UPE] interface loopback 0
[UPE-LoopBack0] ip address 1.1.1.1 32
[UPE-LoopBack0] quit

179

1 255.1.3.255.255.255.1.1.0 [UPE-GigabitEthernet3/1/3]mpls [UPE-GigabitEthernet3/1/3]mpls ldp [UPE-GigabitEthernet3/1/3]quit # Configure the remote LDP session with NPE 1.1.1. [UPE] mpls ldp remote-peer 2 [UPE-mpls-remote-1] remote-ip 3.3.0 [UPE-GigabitEthernet3/1/2]mpls [UPE-GigabitEthernet3/1/2]mpls ldp [UPE-GigabitEthernet3/1/2]quit # Configure basic MPLS on the interface connected to NPE 2. [UPE] interface GigabitEthernet 3/1/4 180 .2.[UPE] mpls lsr-id 1. GigabitEthernet 3/1/4 create a service instance and bind the VSI. that is GigabitEthernet 3/1/1. [UPE] interface GigabitEthernet 3/1/1 [UPE-GigabitEthernet3/1/1] service-instance 1000 [UPE-GigabitEthernet3/1/1-srv1000] encapsulation s-vid 10 [UPE-GigabitEthernet3/1/1-srv1000] xconnect vsi aaa [UPE-GigabitEthernet3/1/1-srv1000] quit # On the interface connected to CE 2.2 backup-peer 3.1.255.3. create a service instance and bind the VSI.2. [UPE] vsi aaa static [UPE-vsi-aaa] pwsignal ldp [UPE-vsi-aaa-ldp] vsi-id 500 [UPE-vsi-aaa-ldp] peer 2. [UPE] l2vpn [UPE-l2vpn] mpls l2vpn [UPE-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling.3 [UPE-vsi-aaa-ldp] dual-npe revertive wtr-time 1 [UPE-vsi-aaa-ldp] quit [UPE-vsi-aaa] quit # On the interface connected to CE 1.3.2. that is. [UPE]interface GigabitEthernet 3/1/3 [UPE-GigabitEthernet3/1/3] ip address 13.2.3 [UPE-mpls-remote-1] quit # Enable L2VPN and MPLS L2VPN. [UPE] mpls ldp remote-peer 1 [UPE-mpls-remote-1] remote-ip 2.1 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit # Configure basic MPLS on the interface connected to NPE 1. [UPE] interface GigabitEthernet 3/1/2 [UPE-GigabitEthernet3/1/2] ip address 12.1 255.2 [UPE-mpls-remote-1] quit # Configure the remote LDP session with NPE 2.

[NPE1] mpls ldp remote-peer 2 [NPE1-mpls-remote-2] remote-ip 1. <Sysname> system-view [Sysname] sysname NPE1 [NPE1] interface loopback 0 [NPE1-LoopBack0] ip address 2.1 [NPE1-mpls-remote-2] quit # Configure the remote LDP session with NPE 3.0 [NPE1-GigabitEthernet3/1/2]mpls [NPE1-GigabitEthernet3/1/2]mpls ldp [NPE1-GigabitEthernet3/1/2]quit # Configure an IP address for the interface connected to NPE 3.255.2.1.4.1.2.2 32 [NPE1-LoopBack0] quit [NPE1] mpls lsr-id 2.1 255.4.[UPE-GigabitEthernet3/1/4] service-instance 1000 [UPE-GigabitEthernet3/1/4-srv1000] encapsulation s-vid 11 [UPE-GigabitEthernet3/1/4-srv1000] xconnect vsi aaa [UPE-GigabitEthernet3/1/4-srv1000] quit 3.1.1 upe 181 . Configure NPE 1. [NPE1] vsi aaa static [NPE1-vsi-aaa] pwsignal ldp [NPE1-vsi-aaa-ldp] vsi-id 500 [NPE1-vsi-aaa-ldp] peer 1. # Configure basic MPLS.1.1. [NPE1] mpls ldp remote-peer 3 [NPE1-mpls-remote-3] remote-ip 4.2.1.2 255.255. [NPE1]interface GigabitEthernet 3/1/2 [NPE1-GigabitEthernet3/1/2] ip address 12.255.255.4 [NPE1-mpls-remote-3] quit # Enable L2VPN and MPLS L2VPN.1. [NPE1]interface GigabitEthernet 3/1/5 [NPE1-GigabitEthernet3/1/5] ip address 15.2.0 [NPE1-GigabitEthernet3/1/5]mpls [NPE1-GigabitEthernet3/1/5]mpls ldp [NPE1-GigabitEthernet3/1/5]quit # Configure the remote LDP session with UPE. and then enable MPLS and MPLS LDP. and then enable MPLS and MPLS LDP.2 [NPE1] mpls [NPE1–mpls] quit [NPE1] mpls ldp [NPE1–mpls-ldp] quit # Configure an IP address for the interface connected to UPE. [NPE1] l2vpn [NPE1-l2vpn] mpls l2vpn [NPE1-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling.1.

4 32 [NPE3-LoopBack0] quit [NPE3] mpls lsr-id 4.2.1.0 [NPE3-GigabitEthernet3/1/6]mpls [NPE3-GigabitEthernet3/1/61]mpls ldp [NPE3-GigabitEthernet3/1/6]quit # Configure the remote LDP session. <Sysname> system-view [Sysname] sysname NPE3 [NPE3] interface loopback 0 [NPE3-LoopBack0] ip address 4.255. and then enable MPLS and MPLS LDP.4.2 [NPE3-vsi-aaa-ldp] peer 3.3. [NPE3] l2vpn [NPE3-l2vpn] mpls l2vpn [NPE3-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling [NPE3] vsi aaa static [NPE3-vsi-aaa] pwsignal ldp [NPE3-vsi-aaa-ldp] vsi-id 500 [NPE3-vsi-aaa-ldp] peer 2.3.3 [NPE3-mpls-remote-2] quit # Enable L2VPN and MPLS L2VPN.2 [NPE3-mpls-remote-1] quit [NPE3] mpls ldp remote-peer 2 [NPE3-mpls-remote-2] remote-ip 3.2 255. [NPE3]interface GigabitEthernet 3/1/5 [NPE3-GigabitEthernet3/1/5] ip address 15.4.4.1. (Details not shown) 4.1.2.3.3 182 . Configure NPE 3.2 255.4 [NPE1-vsi-aaa-ldp] quit [NPE1-vsi-aaa] quit The configuration procedure on NPE 2 is similar to that on NPE 1.2.3.4. [NPE3]interface GigabitEthernet 3/1/6 [NPE3-GigabitEthernet3/1/6] ip address 16.[NPE1-vsi-aaa-ldp] peer 4.4. and then enable MPLS and MPLS LDP.2.255. [NPE3] mpls ldp remote-peer 1 [NPE3-mpls-remote-1] remote-ip 2. # Configure basic MPLS.4.255.4 [NPE3] mpls [NPE3–mpls] quit [NPE3] mpls ldp [NPE3–mpls-ldp] quit # Configure an IP address for the interface connected to NPE 1.255.1.0 [NPE3-GigabitEthernet3/1/5]mpls [NPE3-GigabitEthernet3/1/5]mpls ldp [NPE3-GigabitEthernet3/1/5]quit # Configure an IP address for the interface connected to NPE 2.

so as to set up a multi-hop PW between PE 1 and PE 2.1. and bind the VPLS instance. Figure 46 Network diagram Configuration procedure 1.1.1. # Configure basic MPLS.1. [NPE3] interface GigabitEthernet 3/1/1 [NPE3-GigabitEthernet3/1/1] service-instance 1000 [NPE3-GigabitEthernet3/1/1-srv1000] encapsulation s-vid 10 [NPE3-GigabitEthernet3/1/1-srv1000] xconnect vsi aaa [NPE3-GigabitEthernet3/1/1-srv1000] quit After completing the configurations.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1. Configurations on PE 1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure basic MPLS for the interface connecting ASBR 1. Create a VPLS instance that supports P2P on ASBR 1 and ASBR 2. [PE1] interface GigabitEthernet 3/1/2 [PE1-GigabitEthernet3/1/2] ip address 10.1 24 [PE1-GigabitEthernet3/1/2] mpls 183 .1. You will see that a PW connection in up state has been established. Implementing multi-AS VPN through multi-hop PW Network requirements Each CE is connected to a PE through an Ethernet. execute the display vpls connection command on the PEs.[NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Create service instance on interface GigabitEthernet 3/1/1 connected to CE 3.

2 [ASBR1] mpls [ASBR1–mpls] quit [ASBR1] mpls ldp [ASBR1–mpls-ldp] quit # Create a remote LDP peer.0] network 10.2.255 [ASBR1-ospf-1-area-0. [ASBR1] mpls ldp remote-peer 1 [ASBR1-mpls-ldp-remote-1] remote-ip 3.2 32 [ASBR1-LoopBack0] quit [ASBR1] mpls lsr-id 2. <Sysname> system-view [Sysname] sysname ASBR1 [ASBR1] interface loopback 0 [ASBR1-LoopBack0] ip address 2.2.2.0.0.2.2 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # Bind the VPLS instance aaa to GigabitEthernet 3/1/1.0 [ASBR1-ospf-1-area-0.0. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Create VPLS instance aaa that uses LDP signaling. Configurations on ASBR 1.[PE1-GigabitEthernet3/1/2] mpls ldp [PE1-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN. [PE1] interface GigabitEthernet 3/1/1 [PE1-GigabitEthernet3/1/1] l2 binding vsi aaa [PE1-GigabitEthernet3/1/1] quit 2. [PE1] vsi aaa static [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500 [PE1-vsi-aaa-ldp] peer 2.2 24 [ASBR1-GigabitEthernet3/1/1] mpls [ASBR1-GigabitEthernet3/1/1] mpls ldp [ASBR1-GigabitEthernet3/1/1] quit 184 .0. the interface connected to PE 1.3.2.2.0] network 2. [ASBR1] ospf [ASBR1-ospf-1] area 0 [ASBR1-ospf-1-area-0.3.0 0. [ASBR1] interface GigabitEthernet 3/1/1 [ASBR1-GigabitEthernet3/1/1] ip address 10.0.1.1.3 [ASBR1-mpls-ldp-remote-1] quit # Configure OSPF.1.0] quit [ASBR1-ospf-1] quit # Configure basic MPLS for GigabitEthernet 3/1/1.0.0. # Configure basic MPLS.0. the interface connected to CE 1.1.2.0.2 0.2.0.

[ASBR1] bgp 100 [ASBR1-bgp] import-route direct [ASBR1-bgp] peer 11.1.3.3 route-policy map export [ASBR1-bgp] peer 11.3 32 [ASBR2-LoopBack0] quit [ASBR2] mpls lsr-id 3. <Sysname> system-view [Sysname] sysname ASBR2 [ASBR2] interface loopback 0 [ASBR2-LoopBack0] ip address 3.# Configure basic MPLS for GigabitEthernet 3/1/2.3 [ASBR1-vsi-aaa-ldp] quit [ASBR1-vsi-aaa] quit # Configure BGP to advertise labeled unicast routes.0 185 .3. # Configure basic MPLS. Configurations on ASBR 2.1.3.1.0.2 [ASBR2-mpls-ldp-remote-2] quit # Configure OSPF.3 as-number 200 [ASBR1-bgp] peer 11.1.2 24 [ASBR1-GigabitEthernet3/1/2] mpls [ASBR1-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN.3 [ASBR2] mpls [ASBR2–mpls] quit [ASBR2] mpls ldp [ASBR2–mpls-ldp] quit # Create a remote LDP peer. [ASBR2] mpls ldp remote-peer 2 [ASBR2-mpls-ldp-remote-2] remote-ip 2. [ASBR1] vsi aaa static p2p [ASBR1-vsi-aaa] pwsignal ldp [ASBR1-vsi-aaa-ldp] vsi-id 500 [ASBR1-vsi-aaa-ldp] peer 1. [ASBR1] interface GigabitEthernet 3/1/2 [ASBR1-GigabitEthernet3/1/2] ip address 11.1.3.0.2.1.1.1. the interface connected to ASBR 2.1 upe [ASBR1-vsi-aaa-ldp] peer 3.1. [ASBR1] l2vpn [ASBR1-l2vpn] mpls l2vpn [ASBR1-l2vpn] quit # Configure a P2P-capable VPLS instance aaa that uses LDP signaling.0] network 3.3.3.3.3 0. [ASBR2] ospf [ASBR2-ospf-1] area 0 [ASBR2-ospf-1-area-0.2.3.3 label-route-capability [ASBR1-bgp] quit [ASBR1] route-policy map permit node 10 [ASBR1-route-policy] apply mpls-label [ASBR1-route-policy] quit 3.0.0.1.

0.4 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 4.2 route-policy map export [ASBR2-bgp] peer 11. [ASBR2] interface GigabitEthernet 3/1/1 [ASBR2-GigabitEthernet3/1/1] ip address 11. [ASBR2] bgp 200 [ASBR2-bgp] import-route direct [ASBR2-bgp] peer 11.1.1. [ASBR2] vsi aaa static p2p [ASBR2-vsi-aaa] pwsignal ldp [ASBR2-vsi-aaa-ldp] vsi-id 500 [ASBR2-vsi-aaa-ldp] peer 4.0.1. [ASBR2] l2vpn [ASBR2-l2vpn] mpls l2vpn [ASBR2-l2vpn] quit # Configure a P2P-capable VPLS instance aaa that uses LDP signaling.4 upe [ASBR2-vsi-aaa-ldp] peer 2. [ASBR2] interface GigabitEthernet 3/1/2 [ASBR2-GigabitEthernet3/1/2] ip address 12.1.0.4.4.2 [ASBR2-vsi-aaa-ldp] quit [ASBR2-vsi-aaa] quit # Configure BGP to advertise labeled unicast routes.1. # Configure basic MPLS.4 [PE2] mpls [PE2–mpls] quit [PE2] mpls ldp 186 .0 0.1. the interface connecting PE 2.2 label-route-capability [ASBR2-bgp] quit [ASBR2] route-policy map permit node 10 [ASBR2-route-policy] apply mpls-label [ASBR2-route-policy] quit 4.4.3 24 [ASBR2-GigabitEthernet3/1/1] mpls [ASBR2-GigabitEthernet3/1/1] quit # Configure basic MPLS for GigabitEthernet 3/1/2.0] quit [ASBR2-ospf-1] quit # Configure basic MPLS for GigabitEthernet 3/1/1.1.2.255 [ASBR2-ospf-1-area-0.0] network 12.1.1.2 as-number 100 [ASBR2-bgp] peer 11.4. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 4.1. Configurations on PE 2.4.0.1. the interface connecting ASBR 1.[ASBR2-ospf-1-area-0.1.2.4.0.0.3 24 [ASBR2-GigabitEthernet3/1/2] mpls [ASBR2-GigabitEthernet3/1/2] mpls ldp [ASBR2-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN.

[PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure VPLS instance aaa that uses LDP signaling. if the corresponding VPLS instances on the two peers have different MTU settings.1. [PE2] vsi aaa static [PE2-vsi-aaa] pwsignal ldp [PE2-vsi-aaa-ldp] vsi-id 500 [PE2-vsi-aaa-ldp] peer 3. Check whether each router can ping the loopback interface of the peer and whether the LDP session is normal.1. the PW cannot come up.4 24 [PE2-GigabitEthernet3/1/2] mpls [PE2-GigabitEthernet3/1/2] mpls ldp [PE2-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN. Solution 187 .[PE2–mpls-ldp] quit # Configure basic MPLS for GigabitEthernet 3/1/2. [PE2] interface GigabitEthernet 3/1/2 [PE2-GigabitEthernet3/1/2] ip address 12. • The extended session is not working normally.3 [PE2-vsi-aaa-ldp] quit [PE2-vsi-aaa] quit # Bind VPLS instance aaa to GigabitEthernet 3/1/1.3. Analysis • The public network LSP tunnel is not established. the interface connected to ASBR 2. • Check the routing tables of the PEs to see whether a route is available between the two PEs. Troubleshooting VPLS Symptom The VPLS link PW is not up.3. • When LDP is used as the PW signaling protocol. • Check whether the PW ID and transport mode are the same on the two peers. Execute the display vpls connection command on each device. • Check whether any extended session configuration command is missing at either side. • Check whether the private network interfaces are up or whether the PW to the UPE is up. Verify the configuration. the interface connected to CE 2. You will see that a PW in up state has been established between the devices. • A private VLAN virtual interface is not bound with the corresponding VPLS instance and is not up. [PE2] interface GigabitEthernet 3/1/1 [PE2-GigabitEthernet3/1/1] l2 binding vsi aaa [PE2-GigabitEthernet3/1/1] quit 5.

• Check whether the VPLS instances on the two peers are configured with the same MTU value. 188 .

Consider ATM as an example. enabling carriers to support more VPNs and to service more users. MPLS L2VPN transfers Layer 2 user data transparently on the MPLS network. guaranteeing the security of the user VPN routing information. Ethernet and PPP. MPLS L2VPN neither tries to obtain nor processes the routing information of users. It allows carriers to establish L2VPNs on different data link layer protocols. for example. As no routing information of users is involved. Each customer edge (CE) device can connect to the MPLS network through an ATM virtual circuit (VC) to communicate with another CE. the MPLS network is a Layer 2 switched network and they can establish Layer 2 connections over the network. Figure 47 Network diagram for MPLS L2VPN Comparison with MPLS L3VPN Compared with MPLS L3VPN. This greatly reduces the load of the PEs and even the load of the whole service provider network. 189 . SPE-1020-E-II. This is similar to that of an ATM network. MPLS L2VPN establishes only Layer 2 connections. • SPC cards do not support CCC. including ATM. and SNA. such as IP. • Support for multiple network layer protocols. MPLS L2VPN has the following advantages: • High scalability. for example. SPC-GT48L. SPC cards refer to the cards prefixed with SPC. They do not support binding a Layer 3 Ethernet interface with an L2VPN. SVC. • SPC cards only support binding a Layer 2 Ethernet port with an L2VPN. and SPE cards refer to the cards prefixed with SPE. • Guaranteed reliability and private routing information security. It does not involve the routing information of users. or Kompella MPLS L2VPNs. VLAN. MPLS L2VPN overview MPLS L2VPN provides Layer 2 VPN services on the MPLS network. For users.Configuring MPLS L2VPN NOTE: • In this documentation. IPX.

also called tunnel label. It can neither “sense” the presence of any VPN nor does it need to support MPLS. all VPN services are processed on the PEs. It can be a router.Basic concepts of MPLS L2VPN In MPLS L2VPN. is used to transfer packets from one PE to another. a PE determines to which CE the packets are to be forwarded according to the VC labels. a switch. is used to identify different connections between VPNs. It uses extended BGP as the signaling protocol to advertise Layer 2 reachability information and VC labels. the concepts and principles of CE. Implementation of MPLS L2VPN MPLS L2VPN can be implemented in one of the following methods: • Circuit Cross Connect (CCC) and Static Virtual Circuit (SVC)—Two methods of implementing MPLS L2VPN by configuring VC labels statically. On an MPLS network. V represents VC label. Figure 48 illustrates how the label stack changes in the MPLS L2VPN forwarding process. • Provider edge (PE) device—A PE resides at the edge of a service provider network and connects one or more CEs. It has only basic MPLS forwarding capability. • Martini—A method for establishing PPP links to implement MPLS L2VPN. T’ represents swapped tunnel label. • Outer label. The following sections describe these implementation methods for MPLS L2VPN in detail. • Provider (P) device—A P device is a core device on a service provider network. Figure 48 MPLS L2VPN label stack processing 1) L2 PDU: Layer 2 protocol data unit 2) T represents tunnel label. MPLS L2VPN uses label stacks to implement the transparent transmission of user packets in the MPLS network. also called VC label. PE and P are the same as those in MPLS L3VPN: • Customer edge (CE) device—A CE resides on a customer network and has one or more interfaces directly connected to service provider networks. • Kompella—A CE-to-CE mode for implementing MPLS L2VPN on the MPLS network. It uses Label Distribution Protocol (LDP) as a signaling protocol to transfer VC labels. or a host. It is not directly connected to any CE. • Upon receiving packets. 190 . • Inner label.

In addition. as the two PEs exchanging VC labels may not be connected directly. 191 . To allow the exchange of VC labels between PEs.CCC MPLS L2VPN Unlike common MPLS L2VPN. The PEs connecting the two CEs of a VC exchange VC labels through LDP. There are two types of CCC connections: • Local connection—A local connection is established between two local CEs that are connected to the same PE. You only need to configure VC label information. and bind their respective CE by the VC ID. Martini MPLS L2VPN employs VC type and VC ID to identify a VC. NOTE: You must configure for each remote CCC connection two LSPs. this method works perfectly. the Martini method extended LDP by adding the forwarding equivalence class (FEC) type of VC FEC. to add a new VC. With Martini MPLS L2VPN. only PEs need to maintain a small amount of VC labels and LSP mappings and no P router contains Layer 2 VPN information. it uses label switched paths (LSPs) exclusively. SVC MPLS L2VPN SVC also implements MPLS L2VPN by static configuration. The most significant advantage of this method is that no label signaling is required for transferring Layer 2 VPN information. since LSPs are dedicated. In addition. a remote LDP session must be set up to transfer the VC FEC and VC labels. It transfers L2VPN information without using any signaling protocol. Your configuration will not affect the operation of the network. CCC employs just one level of label to transfer user data. • Remote connection—A remote connection is established between a local CE and a remote CE. NOTE: The labels for CCC and SVC range from 16 to 1023. which are connected to different PEs. Once LDP establishes an LSP between the two PEs and the label exchange and the binding to CE are finished. The VC type indicates the encapsulation type of the VC. Moreover. which are reserved for static LSPs. on the P router along the remote connection. it can neither be used for other MPLS L2VPN connections. The difference is that it does not use LDP to transfer Layer 2 VC and link information. Therefore. As long as MPLS forwarding is supported and service provider networks are interconnected. nor for MPLS L3VPN or common IP packets. Therefore. The SVC method resembles the Martini method closely and is in fact a static implementation of the Martini method. A CCC LSP can transfer only the data of the CCC connection. VLAN. this method supports QoS services. one for inbound and the other for outbound. or PPP. it has high scalability. which can be ATM. The PE functions like a Layer 2 switch and can directly switch packets between the CEs without any static LSP. The VC ID uniquely identifies the VC among the VCs of the same type on a PE. you only need to configure a one-way VC for each of the PEs. a VC is set up and ready to transfer Layer 2 data. Martini MPLS L2VPN The key of the Martini method is to set up VCs between CEs.

when you need to add a CE to the VPN later. the IP related functions on the sub-interfaces recover. Kompella MPLS L2VPN Kompella MPLS L2VPN is different from Martini MPLS L2VPN in that it does not operate on the connections between CEs directly. 192 . After you remove the MPLS L2VPN connection. For example. It organizes different VPNs in the whole service provider network and encodes each CE in a VPN. In this way. No change is required for the other PEs. such as the VPI/VCI with ATM. you only need to perform these tasks on the PEs: • Configuring CE IDs of the local and remote CEs respectively • Specifying the circuit ID that the local CE assigns to the connection. you can specify the CE range of a VPN to indicate how many CEs can be connected to the VPN. Kompella MPLS L2VPN also uses VPN targets to identify VPNs. you can reserve some labels for the VPN for future use. With Kompella MPLS L2VPN. you only need to modify the configurations of the PE to which the new CE is connected. they cannot forward unicast or multicast packets. MPLS L2VPN configuration task list Complete the following tasks to configure MPLS L2VPN: Task Remarks Configuring MPLS L2VPN Required Configuring CCC MPLS L2VPN Configuring SVC MPLS L2VPN Use one of the approaches according to the MPLS L2VPN implementation method Configuring Martini MPLS L2VPN Configuring Kompella MPLS L2VPN Enabling the MPLS L2VPN mix function Optional NOTE: After you create an MPLS L2VPN connection on a Layer 3 interface. such as a scenario with a star topology. Then. This wastes some label resources in a short term. IP related functions on the sub-interfaces of the Layer 3 interface will fail. the system assigns a label block of a size equal to the CE range for the CE.The Martini method applies to scenarios with sparse Layer 2 connections. Kompella supports local connections. For a connection to be established between two CEs. Its label block mode allows it to assign labels to multiple connections at a time. Kompella MPLS L2VPN uses extended BGP as the signaling protocol to distribute VC labels. Similar to MPLS L3VPN. In addition. This makes VPN expansion extremely simple. Imagine that an enterprise VPN contains 10 CEs and the number may increase to 20 in future service expansion. but can reduce the VPN deployment and configuration workload in the case of expansion. This brings excellent VPN networking flexibility. the sub-interfaces cannot receive ARP or IGMP packets. you can set the CE range of each CE to 20. In this case. Thus.

Enable L2VPN and enter L2VPN view. quit N/A 5. complete the following tasks: • Configure basic MPLS on the PEs and P routers. • Enable MPLS L2VPN on the PEs of the MPLS backbone. mpls N/A 4. the address of the next hop or the type and number of the outgoing interface. you need the following data: • Name for the CCC connection • Connection type: local or remote • For a local CCC connection: the types and numbers of the incoming and outgoing interfaces • For a remote CCC connection: the type and number of the incoming interface. mpls l2vpn Disabled by default Configuring CCC MPLS L2VPN Configuration prerequisites Before configuring CCC L2VPN. However.Configuring MPLS L2VPN You can select any of the implementation methods for MPLS L2VPN as needed. To configure CCC MPLS L2VPN. system-view N/A 2. Configure the LSR ID. Enter system view. You do not need to enable MPLS L2VPN on the P routers. mpls l2vpn reserve vlan vlan-id Optional 7. l2vpn Disabled by default 6. mpls lsr-id lsr-id N/A 3. no matter what method you select. Enable MPLS L2VPN. Specify the reserved VLAN for MPLS L2VPN. Configure basic MPLS and enter MPLS view. Return to system view. you must complete the following tasks: • Configure basic MPLS • Enable L2VPN • Enable MPLS L2VPN To perform basic MPLS L2VPN configurations: Step Command Remarks 1. and the incoming and outgoing labels of the LSRs along the CCC connection Configuration procedure Configuring the local CCC connection To create a local CCC connection on a PE: 193 .

Create a local CCC connection between two CEs connected to the same PE. Command Enter system view. where the incoming label must be exclusively for the CCC connection. If the link is not a point-to-point link but. for example. or Layer 3 aggregate interface. Configure the P routers To configure a P router: Step 1. 2. static-lsp transit lsp-name incoming-interface interface-type interface-number in-label in-label { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label 194 . The labels function as static LSPs. ccc ccc-connection-name interface interface-type interface-number in-label in-label-value out-label out-label-value { nexthop ip-address | out-interface interface-type interface-number } [ control-word | no-control-word ] CAUTION: • You do not need to configure two static LSPs for each remote CCC connection. system-view Configure a transit static LSP. Enter system view. 2. you must use the nexthop keyword to specify the IP address of the next hop. ccc ccc-connection-name interface interface-type interface-number out-interface interface-type interface-number Configuring the remote CCC connection 1. 2. VLAN interface. Instead. system-view 2. • Only when the link that the outgoing interface connects is a point-to-point link. Configure the PEs To configure a PE: Step 1. can you use the out-interface keyword to specify the outgoing interface.Step Command 1. system-view Create a remote CCC connection between CEs connected to different PEs. you only need to configure the incoming and outgoing labels. a link connecting to Layer 3 Ethernet interface. Command Enter system view.

• You cannot enable both VLL and MPLS on an interface of the router. see MPLS Command Reference. Enter interface view for the interface connecting the CE. If a Layer 3 Ethernet sub-interface is bound with an L2VPN. • If a Layer 3 Ethernet interface is bound with an L2VPN. for example. Otherwise. • For static LSP configuration commands. complete these tasks: • Configuring IGP on the PEs and P routers to guarantee the IP connectivity of the MPLS backbone • Configuring basic MPLS and MPLS LDP for the MPLS backbone on the PEs and P routers to establish LDP LSPs • Enabling MPLS L2VPN on the PEs • Establishing the tunnels between PEs according to the tunneling policy. Configuring SVC MPLS L2VPN SVC MPLS L2VPN does not use any signaling protocol to transfer L2VPN information.CAUTION: • With CCC. system-view 2. Enter system view. neither the MPLS service nor the MPLS L2VPN service can work normally and you must remove both of the two services first for further service configuration. LDP LSP tunnels are used. the Layer 3 Ethernet sub-interfaces of the Layer 3 Ethernet interface cannot be bound with any L2VPN or VPLS instance. Instead. interface interface-type interface-number 195 . you need the following data: • Types and numbers of the interfaces connecting the CEs • Destination LSR ID of SVC • Incoming and outgoing labels of the L2VPN connection • SVC tunneling policy Configuration procedure To configure SVC MPLS L2VPN on the PE: Step Command 1. a routing interface or routing sub-interface. and CR-LSP. Configuration prerequisites Before configuring SVC MPLS L2VPN. no static LSPs are required on the PEs but dedicated bidirectional static LSPs are required on all the P routers between the PEs for transmitting the data of the CCC connection. the Layer 3 Ethernet interface of the sub-interface cannot be bound with any L2VPN or VPLS instance. SVC supports these tunnel types: LDP LSP. it uses tunnels to transport data between PEs. By default. To configure SVC MPLS L2VPN.

neither the MPLS service nor the MPLS L2VPN service can work normally and you must remove both of the two services first for further service configuration. so that VC FECs and VC labels can be transferred through the session. Because two PEs may not be connected to each other directly. If a Layer 3 Ethernet sub-interface is bound with an L2VPN. the Layer 3 Ethernet sub-interfaces of the Layer 3 Ethernet interface cannot be bound with any L2VPN or VPLS instance. the Layer 3 Ethernet interface of the sub-interface cannot be bound with any L2VPN or VPLS instance. • You cannot enable both VLL and MPLS on an interface of the router. • Configuring it in a service instance (see “Creating a Martini MPLS L2VPN for a service instance”). Creating a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface Martini MPLS L2VPN uses extended LDP to transfer Layer 2 information and VC labels. • Configure the remote peer In Martini MPLS L2VPN implementation. VC labels need to be exchanged between PEs. a routing interface or routing sub-interface. To configure Martini MPLS L2VPN. packets arriving at the interface are forwarded through the MPLS L2VPN connection. complete the following tasks: • Configure an IGP on the PEs and P routers to ensure IP connectivity within the MPLS backbone • Configure basic MPLS and MPLS LDP on the PEs and P routers to establish LDP LSPs • Enable MPLS L2VPN on the PEs • Establish remote LDP sessions between PEs To configure Martini MPLS L2VPN. Configuration prerequisites Before you configure Martini MPLS L2VPN. prepare the following data: 196 . • If a Layer 3 Ethernet interface is bound with an L2VPN. Configuring Martini MPLS L2VPN You can create a Martini MPLS L2VPN connection in either of the following ways: • Configuring it on a Layer 3 interface that is not a VLAN interface (see “Creating a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface”).Step Command 3. for example. you need to: • Create a Martini MPLS L2VPN connection After a Martini MPLS L2VPN connection is created on a Layer 3 Ethernet interface/sub-interface. Otherwise. you need to establish a remote LDP session between the two PEs. mpls static-l2vc destination destination-router-id transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ { control-word | ethernet | no-control-word | vlan } | tunnel-policy tunnel-policy-name ] * Create an SVC MPLS L2VPN connection. CAUTION: • You need to ensure the validity of incoming labels and outgoing labels in an SVC L2VPN.

neither MPLS nor MPLS L2VPN service can work normally. interface interface-type interface-number The interface must be a Layer 3 Ethernet interface/sub-interface. 3. see the chapter “Configuring basic MPLS configuration. mpls l2vc destination vcid [ { control-word | ethernet | no-control-word | vlan } | tunnel-policy tunnel-policy-name ] * N/A 4. and VC ID. Otherwise. • If a Layer 3 Ethernet interface is bound with an L2VPN. Enter system view. Return to system view. NOTE: For remote peer configuration information. Configure an MPLS LDP remote peer entity and enter its view. the Layer 3 Ethernet interface of the sub-interface cannot be bound with any L2VPN or VPLS instance. remote-ip ip-address N/A 6. and you must remove both services first for further service configuration. Creating a Martini MPLS L2VPN for a service instance 197 . Otherwise. you must configure the PW encapsulation mode as VLAN. • Do not configure both MPLS and Martini MPLS L2VPN on a Layer 3 Ethernet interface/sub-interface. packets may not be forwarded correctly. see Layer 2—WAN Configuration Guide. Enter interface view for the interface connecting the CE. • When configuring a Martini MPLS L2VPN connection on a Layer 3 Ethernet sub-interface on an SPC card.• Types and numbers of the interfaces connecting the CEs • Destination address of the L2VPN connection and the PW ID (VC ID) • PW class template Configuration procedure To configure a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface of the PE: Step Command Remarks 1. Create a Martini MPLS L2VPN connection. system-view N/A 2. the Layer 3 Ethernet sub-interfaces of the Layer 3 Ethernet interface cannot be bound with any L2VPN or VPLS instance. quit N/A 5. mpls ldp remote-peer remote-peer-name N/A Specify an IP address for the remote peer. For more information about PVC and MAP configuration.” CAUTION: • A Martini connection has two main parameters: IP address of the peer PE. • You must configure the PVC and MAP for an ATM interface before using the mpls l2vc destination vcid [ tunnel-policy tunnel-policy-name ] [ control-word | no-control-word ] [ ethernet | vlan ] command on the ATM interface. If a Layer 3 Ethernet sub-interface is bound with an L2VPN.

no PW class template is created. That is. Create a Martini MPLS L2VPN connection in the service instance view. GVRP. Configuration prerequisites Before you configure Martini MPLS L2VPN. trans-mode { ethernet | vlan } 3. This not only wastes the Layer 2 Ethernet port and VLAN resources but also mixes the users and services of different Layer 2 Ethernet ports. do not use a trunk port to connect the private network side. system-view 2. DLDP. you can create a Martini MPLS L2VPN connection in a service instance. if the access mode of the service instance is Ethernet.NOTE: • Do not configure services other than L2VPN for the VLAN that is bound to the private network side of the MPLS L2VPN.1X. You can add this port to the access VLAN as an access port. and LACP on a port enabled with MPLS L2VPN. Create a PW class template and enter PW class template view. More specifically: 1. • For an MPLS L2VPN connection created for a service instance. VLAN by default. Specify a packet matching VLAN ID for the service instance. LLDP. 2. Optional. 3. Enter system view. Create a service instance on a Layer 2 Ethernet port. Optional. 198 By default. Then. Ethernet OAM. complete the following tasks: • Configure an IGP on the PEs and P routers to ensure IP connectivity within the MPLS backbone • Configure basic MPLS and MPLS LDP on the PEs and P routers to establish LDP LSPs • Enable MPLS L2VPN on the PEs To configure Martini MPLS L2VPN. . 802. all packets carrying the tag of the VLAN will be forwarded through the MPLS L2VPN connection. prepare the following data: • Types and numbers of the interfaces connecting the CEs • Destination address of the L2VPN connection and the PW ID • PW class template Configuration procedure To create a Martini MPLS L2VPN connection in a service instance: Step Command Remarks N/A 1. If you create a Martini MPLS L2VPN connection on a VLAN interface. no matter from which Layer 2 Ethernet ports the packets are received. pw-class pw-class-name Specify the PW transport mode. To solve the problem. the router chooses an MPLS L2VPN connection for a received packet according to only the VLAN tag carried in the packet. packets arriving at the Layer 2 Ethernet port and carrying the specified VLAN ID will be forwarded by the MPLS L2VPN connection. or configure the port as a hybrid port that permits packets from the access VLAN to pass with the VLAN tag stripped. • Do not enable port-based protocols such as STP.

Create the VLAN to be used by the service instance to match packets. The default tunneling policy selects only one tunnel (no load balancing) in this order: LSP tunnel. vlan vlan-id N/A Add the Layer 2 port connecting the CE to the VLAN. NOTE: • You can configure up to 4094 service instances on a Layer 2 Ethernet port. Specify a packet matching VLAN ID for the service instance. port interface N/A 8. the default tunneling policy is used. interface interface-type interface-number N/A 12. Configure an MPLS LDP remote peer entity and enter its view. Enter the configuration view of the Layer 2 port that connects with the CE. 7. and MTU configured for the service instance cannot be changed. Configuring Kompella MPLS L2VPN Kompella MPLS L2VPN uses extended BGP as the signaling protocol to transfer L2VPN information between PEs. quit N/A 9. encapsulation s-vid vlan-id By default. mpls ldp remote-peer remote-peer-name N/A 10. you must use the undo xconnect peer command to remove the L2VPN connection first. access mode. Create a Martini MPLS L2VPN connection in the service instance. CR-LSP tunnel. no packet matching VLAN ID is specified for the service instance. xconnect peer peer-ip-address pw-id pw-id [ access-mode { ethernet | vlan } | mtu mtu-value | [ pw-class class-name ] ] * After this command is executed. the VLAN ID. 4. Return to system view. 13.Step Command Remarks Optional. Create a service instance and enter service instance view. Specify the tunneling policy. 14. remote-ip ip-address N/A 11. no service instance is created. pw-tunnel-policy policy-name 5. Specify an IP address for the remote peer. quit N/A 6. To modify these parameters. By default. service-instance instance-id By default. Return to system view. 199 . • The xconnect peer command is available for service instances with the ID in the range of 1 to 4094.

complete the following tasks: • Configure an IGP on the PEs and P routers to ensure IP connectivity within the MPLS backbone • Configure basic MPLS and MPLS LDP on the PEs and P routers to establish LDP LSPs • Enable MPLS L2VPN on the PEs To configure Kompella MPLS L2VPN. and CE range • CE offset Configuration procedure Configuring BGP L2VPN capability To configure BGP L2VPN capability: Step Command Remarks 1. you only need to configure the VPN and CE connection on the PE. see the chapter “Configuring MPLS L3VPN. CE ID. Specify the interface for the TCP connection. Establish the peer relationship with the peer PE. and VPN Target attributes of the L2VPN connection • CE name. Enter BGP L2VPN address family view. l2vpn-family N/A 6.To create a Kompella local connection. policy vpn-target Enable the specified peer or peers to exchange BGP routing information of the BGP-L2VPN address family. peer { group-name | ip-address } as-number as-number N/A 4. Enable the filtering by the VPN target extended community attributes for the received routing information. Optional Enabled by default N/A NOTE: For information about the configuration of BGP-L2VPN address family. Enter system view. peer { group-name | ip-address } connect-interface interface-type interface-number N/A 5. system-view N/A 2. bgp as-number N/A 3. Neither IGP nor BGP L2VPN capability is required. Enter BGP view. peer { group-name | ip-address } enable 7. prepare the following data: • AS numbers of the local PE and the peer PE • Name.” Configuring VPN To configure VPN: 200 . Configuration prerequisites Before configuring Kompella MPLS L2VPN. RD.

but cannot reduce it to 5. Once configured. vpn-target vpn-target&<1-16> [ both | export-extcommunity | import-extcommunity ] N/A 5. Enter system view. You can configure a CE range greater than what is required based on your estimate of the future VPN expansion if the label resources are abundant (they are usually abundant). Instead. To facilitate the configuration. To create a CE connection: 201 . • When configuring a Kompella MPLS L2VPN connection on a Layer 3 Ethernet sub-interface on an SPC card. This ensures that the existing services will not be interrupted. system-view N/A 2. For example. It does not affect data forwarding. H3C recommends encoding CE IDs in incremental sequence starting from 1 and then configuring connections in the sequence of the CE IDs. the system does not release the original label block and then re-apply for a new label block of the size of 20. route-distinguisher route-distinguisher N/A 4. When creating an L2VPN. you must configure the VPN encapsulation mode as VLAN. When creating a CE connection.Step Command Remarks 1. You can only increase the CE range. The only way to reduce the CE range is to delete the CE and re-create it. you must specify an encapsulation type matching that of the CE side interface. mpls l2vpn vpn-name [ encapsulation { atm-aal5 | ethernet | fr | hdlc | ppp | vlan } [ control-word | no-control-word ] ] N/A 3. • With Kompella MPLS L2VPN. encode the CE IDs in continuous natural numbers starting from 1. When you increase the CE range. an RD cannot be changed. Configure an RD for the L2VPN. • For any other connection of the CE. the CE offset is that of the former connection plus 1. • The configuration of the VPN targets and RD are the same as that for MPLS L3VPN. from 10 to 20. Associate a particular VPN with one or more VPN targets. It affects only possible parameter negotiations. if the original CE range is 10. Otherwise. unless you delete the L2VPN and then re-create it. Creating a CE Connection CE ID is used for identifying a CE uniquely in a VPN. Set the Layer 2 MTU for the VPN. mtu mtu Optional CAUTION: • H3C does not recommend configuring the mtu command. the CE offset is the value specified by the default-offset parameter in the ce command. For Kompella MPLS L2VPN. for example. Create a VPN and enter MPLS L2VPN view. The CE range of a VPN indicates the maximum number of CEs that can be connected to the VPN. you can increase it to 20. if you do not specify the CE offset: • For the first connection of the CE. packets may not be forwarded correctly. you must create on the PE an L2VPN instance for each VPN where a directly connected CE resides. the system applies for a supplementary label block of the size of 10. • When you plan a VPN. the RD is required. This can reduce the configuration modification required when CEs are added in the VPN in future. in which case you can omit the ce-offset keyword (use the default setting) for most of connections.

Command Remarks system-view N/A Optional. Otherwise.Step Command 1. the MPLS L2VPN mix function is enabled when both the SPC card and the SPE card are working.” 202 . Enabling the MPLS L2VPN mix function If you configure MPLS L2VPN services (including VLL and VPLS) on both the SPC card and the SPE card of a router. if you want to configure the HoVPN function on the SPC card. • When both the SPC card and the SPE card of a router are working. Enter MPLS L2VPN view. NOTE: • With the MPLS L2VPN mix function enabled. ce ce-name [ id ce-id [ range ce-range ] [ default-offset ce-offset ] ] 4. connection [ ce-offset id ] interface interface-type interface-number [ tunnel-policy tunnel-policy-name ] CAUTION: • You cannot enable both VLL and MPLS on an interface of the router. To configure the MPLS L2VPN mix function: Step 1. do not configure the MPLS L2VPN mix function. Enter system view. If a Layer 3 Ethernet sub-interface is bound with an L2VPN. CAUTION: When only the SPC card is working. the HoVPN function on the SPC card cannot take effect. see the chapter “Configuring MPLS L3VPN. the Layer 3 Ethernet sub-interfaces of the Layer 3 Ethernet interface cannot be bound with any L2VPN or VPLS instance. Create a Kompella connection. the Layer 3 Ethernet interface of the sub-interface cannot be bound with any L2VPN or VPLS instance. 2. system-view 2. • For configuration information of HoVPN. vpn l2vpn mix By default. first use the undo vpn l2vpn mix command to disable the MPLS L2VPN mix function. With the HoVPN function enabled. the MPLS L2VPN mix function cannot take effect. Enter system view. Otherwise. you need to enable the MPLS L2VPN mix function. a routing interface or routing sub-interface. for example. neither the MPLS service nor the MPLS L2VPN service can work normally and you must remove both of the two services first for further service configuration. mpls l2vpn vpn-name 3. the HoVPN function cannot take effect. Enable the MPLS L2VPN mix function. so that the SPC card and the SPE card can work together to forward L2VPN traffic normally. • If a Layer 3 Ethernet interface is bound with an L2VPN. Create a CE for a VPN and enter MPLS L2VPN CE view.

display mpls l2vpn [ export-route-target-list | import-route-target-list | vpn-name vpn-name [ local-ce | remote-ce ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the MPLS L2VPN AC information. display service-instance interface interface-type interface-number [ service-instance instance-id ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about one or all PW class templates. display pw-class [ pw-class-name ] [ | { begin | exclude | include } regular-expression ] Available in any view 203 . display mpls l2vpn fib pw vpws [ interface interface-type interface-number [ service-instance service-instanceid ] ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the service instance information on an interface. display ccc [ ccc-name ccc-name | type { local | remote } ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about specified L2VPN VC interfaces. display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher rd [ ce-id ce-id [ label-offset label-offset ] ] } [ | { begin | exclude | include } regular-expression ] Available in any view Display L2VPN information on a PE. display mpls l2vc[ interface interface-type interface-number [ service-instance instance-id ] | remote-info] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about Kompella L2VPN connections. display l2vpn ccc-interface vc-type { all | bgp-vc | ccc | ldp-vc | static-vc } [ up | down ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about static VCs configured on the router. display mpls l2vpn connection [ vpn-name vpn-name [ remote-ce ce-id | down | up | verbose ] | summary | interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about L2VPN in the BGP routing table.Displaying and maintaining MPLS L2VPN Displaying the operation of MPLS L2VPN Task Command Remarks Display information about CCC connections. display mpls l2vpn fib ac vpws [ interface interface-type interface-number [ service-instance service-instanceid ] ] [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the MPLS L2VPN PW information. display mpls static-l2vc [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about Martini VCs configured on the router.

reset bgp l2vpn { as-number | ip-address | all | external | internal } Available in user view MPLS L2VPN configuration examples Example for configuring a local CCC connection Network requirements As shown in Figure 49.1 24 2. Configure the PE.1. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 100. Create a local CCC connection between CE 1 and CE 2. Figure 49 Network diagram Configuration procedure 1. NOTE: • Because a local CCC connection is bidirectional. # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE 204 .1.Resetting BGP L2VPN connections Task Command Remarks Reset BGP L2VPN connections. one is enough. • The PE interfaces connecting the CEs require no IP addresses. Configure CE 1. the CEs are connected to the PE through GigabitEthernet interfaces.

1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.1.00% packet loss 205 .1. 1 up Remote ccc vc : 0. Verify your configuration. Configure CE 2.1.100.1. The output shows that CE 1 and CE 2 can ping each other. [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit # Configure interface GigabitEthernet 4/1/1. [PE] ccc ce1-ce2 interface GigabitEthernet 4/1/1 out-interface GigabitEthernet 4/1/2 3.1. [CE1] ping 100. [PE] display ccc Total ccc vc : 1 Local ccc vc : 1.1.1.2 24 4. [PE] interface GigabitEthernet 4/1/2 [PE-GigabitEthernet 4/1/2] quit # Create a local connection between CE 1 and CE 2.[PE] interface loopback 0 [PE-LoopBack0] ip address 172.1. 0 up ***Name : ce1-ce2 Type : local State : up Intf1 : GigabitEthernet4/1/1 (up) Intf2 : GigabitEthernet4/1/2 (up) # Ping CE 2 from CE 1. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 100.1.1 32 [PE-LoopBack0] quit [PE] mpls lsr-id 172.1 [PE] mpls [PE-mpls] quit # Enable L2VPN and MPLS L2VPN. # Display CCC connection information on the PE.1.2 PING 100.1.1. The output shows that a local CCC connection has been established.2: 56 data bytes.1.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms --. [PE] interface GigabitEthernet 4/1/1 [PE-GigabitEthernet4/1/1] quit # Configure interface GigabitEthernet 4/1/2.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1. press CTRL_C to break Reply from 100.1.

Configure two static LSPs on the P router for packets to be transferred in both directions.2/24 GE4/1/2 10.1.1.3/32 GE4/1/1 10.2.0.1/32 GE4/1/1 10. The main steps for configuring a CCC remote connection are: 1. the CEs are connected to the PEs through GigabitEthernet interfaces.2/24 GE4/1/1 100.1.2. Create a remote CCC connection on the PEs.1/24 GE4/1/2 10.0.1.round-trip min/avg/max = 10/76/180 ms Example for configuring a remote CCC connection Network requirements As shown in Figure 50.0. You do not need to enable MPLS L2VPN on the P router.1. Create a remote CCC connection between CE 1 and CE 2. Configure CE 1. No static LSP is required on the PEs.1 [PE1] mpls [PE1-mpls] quit 206 .1. Figure 50 Network diagram Device Interface IP address Device Interface IP address CE 1 GE4/1/1 100.1. Enable MPLS L2VPN on the PEs.1 24 2.1. 3. Configure PE 1.2/24 Loop0 10.0.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 10.0.2. 2.1/24 CE 2 PE 2 Configuration procedure 1.0.2.0.1/24 P Loop0 10.1.2/32 PE 1 Loop0 10.1. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 10. # Configure the LSR ID and enable MPLS globally.0.0. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 100.0.

using the interface connecting CE 1 as the incoming interface and the interface connecting the P router as the outgoing interface. <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 10. and enable MPLS. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Configure interface GigabitEthernet 4/1/1.1.1.0.1. [P] static-lsp transit pe2_pe1 incoming-interface GigabitEthernet 4/1/1 in-label 101 nexthop 10.1.1.1.1.2. [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip address 10.1.1 out-label 100 4. [PE1] ccc ce1-ce2 interface GigabitEthernet 4/1/1 in-label 100 out-label 200 nexthop 10.0. # Configure the LSR ID and enable MPLS globally. and enable MPLS. <Sysname> system-view 207 .0.2 24 [P-GigabitEthernet4/1/1] mpls [P-GigabitEthernet4/1/1] quit # Create a static LSP for forwarding packets from PE 1 to PE 2.2 32 [P-LoopBack0] quit [P] mpls lsr-id 10.1 24 [PE1-GigabitEthernet4/1/2] mpls [PE1-GigabitEthernet4/1/2] quit # Create a remote connection from CE 1 to CE 2.# Enable L2VPN and MPLS L2VPN. Configure the P router. [P] static-lsp transit pe1_pe2 incoming-interface GigabitEthernet 4/1/2 in-label 200 nexthop 10.2. and enable MPLS.2 24 [P-GigabitEthernet4/1/2] mpls [P-GigabitEthernet4/1/2] quit # Configure interface GigabitEthernet 4/1/1. # Configure the LSR ID and enable MPLS globally. [P] interface GigabitEthernet 4/1/1 [P-GigabitEthernet4/1/1] ip address 10.2.0. setting the incoming label to 100 and the outgoing label to 200.2 3. [P] interface GigabitEthernet 4/1/2 [P-GigabitEthernet4/1/2] ip address 10. Configure PE 2.1 out-label 201 # Create a static LSP for forwarding packets from PE 2 to PE 1.2 [P] mpls [P-mpls] quit # Configure interface GigabitEthernet 4/1/2.2. [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] quit # Configure interface GigabitEthernet 4/1/2.

2 (up) # Ping CE 2 from CE 1.2: bytes=56 Sequence=1 ttl=255 time=180 ms 208 .2. setting the incoming label to 201 and the outgoing label to 101.2.1.1.0.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 10.0. Configure CE 2.1.1. [PE2] ccc ce2-ce1 interface GigabitEthernet 4/1/2 in-label 201 out-label 101 nexthop 10.1 24 [PE2-GigabitEthernet4/1/1] mpls [PE2-GigabitEthernet4/1/1] quit # Create a remote connection from CE 2 to CE 1. The output shows that CE 1 and CE 2 can ping each other.3 [PE2] mpls [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN.0.[Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 10.2. [CE1] ping 100. [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip address 10. 0 up Remote ccc vc : 1. Verify your configuration. The output shows that a remote CCC connection has been established.2 5.1.2. # Display CCC connection information on PE 1.0.1. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 100.2. 1 up ***Name : ce1-ce2 Type : remote State : up Intf : GigabitEthernet4/1/2 (up) In-label : 201 Out-label : 101 nexthop : 10.1. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure interface GigabitEthernet 4/1/2.2 PING 100.1.2 24 6. [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] quit # Configure interface GigabitEthernet 4/1/1 and enable MPLS. [PE] display ccc Total ccc vc : 1 Local ccc vc : 0. press CTRL_C to break Reply from 100. using the interface connecting CE 2 as the incoming interface and the interface connecting the P router as the outgoing interface.2.2: 56 data bytes.

1.1/24 PE 1 Loop0 192. The detailed configuration procedure is as follows: 1.100.1.1. Establish an SVC MPLS L2VPN between CE 1 and CE 2. and running IGP (OSPF in this example) between PE 1.1. Figure 51 Network diagram Device Interface IP address Device P CE 1 GE4/1/1 100.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. the CEs are connected to PEs through GigabitEthernet interfaces.1. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface GigabitEthernet 4/1/1 209 .1.2.00% packet loss round-trip min/avg/max = 10/76/180 ms Example for configuring SVC MPLS L2VPN Network requirements As shown in Figure 51.2.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.3/32 GE4/1/1 10.2. This includes enabling MPLS L2VPN on PE 1 and PE 2 and establishing an SVC connection and specifying the VC labels.3.4.Reply from 100.1.2/24 CE 2 PE 2 Interface IP address Loop0 192.2/24 Loop0 192.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1. the P router.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms --.2.1.4/32 GE4/1/1 10. This includes configuring the LSR ID.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.4.1. and PE 2 to establish LSPs. enabling MPLS and LDP.1.1. • Establish an SVC MPLS L2VPN connection.1/24 GE4/1/1 100.1/24 Configuration procedure The main steps are the following two: • Configure MPLS basic forwarding capability on the PEs and P router.3.1.2/24 GE4/1/2 10.2.1.1.2/32 GE4/1/2 10. Configure CE 1.

0] quit [PE1-ospf-1] quit # On the interface connecting CE 1.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.1 0.2. [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] mpls static-l2vc transmit-vpn-label 100 receive-vpn-label 200 [PE1-GigabitEthernet4/1/1] quit 3. namely GigabitEthernet 4/1/1.0. [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip address 10. [PE1-mpls] lsp-trigger all [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. namely GigabitEthernet 4/1/2.2 [PE1] mpls # Configure the LSP establishment triggering policy.4. Configure the P router.1.0.2.3 .1 24 2.2.0] network 192.0. and enable LDP on the interface. create an SVC MPLS L2VPN connection.3.2.0. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.4. # Configure the LSR ID and enable MPLS globally.2. Configure PE 1.1.0.1.0 [PE1-ospf-1-area-0.0.4 32 210 destination 192.[CE1-GigabitEthernet4/1/1] ip address 100.0. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.255 [PE1-ospf-1-area-0.0.0.3. <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.1.0] network 10.2 0.2. The interface requires no IP address.1 24 [PE1-GigabitEthernet4/1/2] mpls [PE1-GigabitEthernet4/1/2] mpls ldp [PE1-GigabitEthernet4/1/2] quit # Configure OSPF on PE 1 for establishing LSPs.1. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure the interface for connecting to the P router. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. # Configure the LSR ID and enable MPLS globally.1.

1. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.0. and enable LDP on the interface.0 [P-ospf-1-area-0.4. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Enable LDP globally.0] network 192.2 24 [P-GigabitEthernet4/1/1] mpls [P-GigabitEthernet4/1/1] mpls ldp [P-GigabitEthernet4/1/1] quit # Configure OSPF on the P router for establishing LSPs. namely GigabitEthernet 4/1/1.0] quit [P-ospf-1] quit 4.0.4 0.2.255 [P-ospf-1-area-0.255 [P-ospf-1-area-0.3.2 0.0.3.2.0.2 24 [P-GigabitEthernet4/1/2] mpls [P-GigabitEthernet4/1/2] mpls ldp [P-GigabitEthernet4/1/2] quit # Configure the interface connected with PE 2.4.[P-LoopBack0] quit [P] mpls lsr-id 192.2.0.0.4.0.1.0. [PE2-mpls] lsp-trigger all [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE2] mpls ldp [PE2-mpls-ldp] quit 211 . # Configure the LSR ID and enable MPLS globally.0. and enable LDP on the interface.0.3 [PE2] mpls # Configure the LSP establishment triggering policy.0.0] network 10. Configure PE 2.0.2.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192. [P] interface GigabitEthernet 4/1/1 [P-GigabitEthernet4/1/1] ip address 10. [P] interface GigabitEthernet 4/1/2 [P-GigabitEthernet4/1/2] ip address 10.0] network 10.0. namely GigabitEthernet 4/1/2.1.2 0.0.3.1.3.4. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1.4 [P] mpls # Enable LDP globally.

1. [CE1] ping 100. 0 down state destination up 192.1.2 ping statistics --- 212 .1.0.1 24 [PE2-GigabitEthernet4/1/1] mpls [PE2-GigabitEthernet4/1/1] mpls ldp [PE2-GigabitEthernet4/1/1] quit # Configure OSPF on PE 2 for establishing LSPs.0] network 10.2 PING 100. and enable LDP on the interface.2. Verify your configuration.3.0.2 [PE2-GigabitEthernet4/1/2] quit 5.2 tr-label 200 rcv-label tnl-policy 100 default # Ping CE 2 from CE 1.0.1.0.2: bytes=56 Sequence=5 ttl=255 time=80 ms --.0] network 192. namely GigabitEthernet4/1/1.# Configure the interface connected with the P router.100. press CTRL_C to break Reply from 100.0. The output shows that an L2VPN connection has been established.255 [PE2-ospf-1-area-0.2. Display SVC L2VPN connection information on PE 1: [PE1] display mpls static-l2vc Total connections: 1.1.3. ce-intf GigabitEthernet4/1/2 1 up.1.2.2: bytes=56 Sequence=1 ttl=255 time=150 ms Reply from 100.0. The output shows that CE 1 and CE 2 can ping each other.1.1. [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip address 10.1. ce-intf 1 up.1.2.2: bytes=56 Sequence=4 ttl=255 time=140 ms Reply from 100.1. # Display SVC L2VPN connection information on PE 1 or PE 2.2 24 6. [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] mpls static-l2vc transmit-vpn-label 200 receive-vpn-label 100 destination 192.2.3 tr-label 100 rcv-label tnl-policy 200 default Display SVC L2VPN connection information on PE 2: [PE2] display mpls static-l2vc Total connections: 1.0] quit [PE2-ospf-1] quit # On the interface connecting CE 2.1.2. Configure CE 2.2: 56 data bytes.0. namely GigabitEthernet 4/1/2.2. create an SVC MPLS L2VPN connection.0.3.0.1. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=130 ms Reply from 100.1.3.3 0. The interface requires no IP address.1.2: bytes=56 Sequence=2 ttl=255 time=130 ms Reply from 100.0.0 [PE2-ospf-1-area-0.1 0.1. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0. 0 down state destination GigabitEthernet4/1/1 up 192.2.

1.2.2.1 24 2. Figure 52 Network diagram Device Interface IP address Device Interface IP address CE 1 GE4/1/1 100.2.2.3.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface GigabitEthernet4/1/1 [CE1-GigabitEthernet4/1/1] ip address 100.2/24 GE4/1/2 10.1.1.3/32 GE4/1/2 10.1.1. Configure PE 1.2/32 GE4/1/1 10.2.1.1.3.4.5 packet(s) transmitted 5 packet(s) received 0.2.1.2/24 Loop0 192. # Configure the LSR ID and enable MPLS globally.2.1.4/32 PE 1 Loop0 192.2/24 GE4/1/1 100.1/24 GE4/1/2 10.2 [PE1] mpls # Configure the LSP establishment triggering policy. the CEs are connected to PEs through GigabitEthernet interfaces. Configure CE 1.2. Establish a Martini MPLS L2VPN between CE 1 and CE 2.1. [PE1-mpls] lsp-trigger all [PE1-mpls] quit 213 .4.1/24 P Loop0 192.00% packet loss round-trip min/avg/max = 80/126/150 ms Example for configuring Martini MPLS L2VPN Network requirements As shown in Figure 52.1/24 CE 2 PE 2 Configuration procedure 1.2.2. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.

3.0. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1. [PE1] interface GigabitEthernet4/1/1 [PE1-GigabitEthernet4/1/1] mpls l2vc 192.0.1 0. Configure the P router.2 24 214 .4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.0 [PE1-ospf-1-area-0.# Enable L2VPN and MPLS L2VPN.3 101 [PE1-GigabitEthernet4/1/1] quit 3. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. and enable LDP on the interface.4.4 [P] mpls # Enable LDP globally. create a Martini MPLS L2VPN connection.4. namely GigabitEthernet 4/1/1. [P] interface GigabitEthernet4/1/1 [P-GigabitEthernet4/1/1] ip address 10. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure the peer relationship with PE 2 so that the LDP remote session can be established between them.1.3.0] quit [PE1-ospf-1] quit # On the interface connecting CE 1. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0. namely GigabitEthernet 4/1/1.0.0.2 0. namely GigabitEthernet 4/1/2.1.3 [PE1-mpls-ldp-remote-1] quit # Configure the interface connected with the P router. and enable LDP on the interface.0] network 10.2.0. [PE1] interface GigabitEthernet4/1/2 [PE1-GigabitEthernet4/1/2] ip address 10.1.1.3.0.0.4. The interface requires no IP address.255 [PE1-ospf-1-area-0. <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.3.0.1. # Configure the LSR ID and enable MPLS globally.0.4.2.0] network 192. [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 192.0.1 24 [PE1-GigabitEthernet4/1/2] mpls [PE1-GigabitEthernet4/1/2] mpls ldp [PE1-GigabitEthernet4/1/2] quit # Configure OSPF on PE 1 for establishing LSPs.1.

0.[P-GigabitEthernet4/1/1] mpls [P-GigabitEthernet4/1/1] mpls ldp [P-GigabitEthernet4/1/1] quit # Configure the interface connected with PE 2.1.0.3.3.4 0.2. namely GigabitEthernet 4/1/2. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.2.2.4.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192. # Configure the LSR ID and enable MPLS globally.2 24 [P-GigabitEthernet4/1/2] mpls [P-GigabitEthernet4/1/2] mpls ldp [P-GigabitEthernet4/1/2] quit # Configure OSPF on the P router for establishing LSPs.0] network 10.0.1 24 [PE2-GigabitEthernet4/1/2] mpls 215 .0. and enable LDP on the interface.2. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Enable LDP globally.0] network 192.0.0.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected with the P router.0] network 10. [PE2-mpls] lsp-trigger all [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN.0.3.2 0.0 [P-ospf-1-area-0. [P] interface GigabitEthernet4/1/2 [P-GigabitEthernet4/1/2] ip address 10.0.2.1.3 [PE2] mpls # Configure the LSP establishment triggering policy.2. and enable LDP on the interface.255 [P-ospf-1-area-0. [PE2] interface GigabitEthernet4/1/2 [PE2-GigabitEthernet4/1/2] ip address 10. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.0.2.0.2 0. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure the peer relationship with PE 1 so that the LDP remote session can be established between them.0.2.3.0.255 [P-ospf-1-area-0.0] quit [P-ospf-1] quit 4. Configure PE 2.0.0.4. namely GigabitEthernet 4/1/2.

2.2: bytes=56 Sequence=5 ttl=255 time=70 ms --.1.1. Configure CE 2. Verify your configuration.2: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 100.0.0 0.1.1.0.0] network 10. [PE2] interface GigabitEthernet4/1/1 [PE2-GigabitEthernet4/1/1] mpls l2vc 192.2.1.0 [PE2-ospf-1-area-0. press CTRL_C to break Reply from 100.2: 56 data bytes.3.2.1.1. The output shows that an L2VPN connection is established.2 24 6.3.0.3 0.1.255 [PE2-ospf-1-area-0. [PE2] display mpls l2vc Total ldp vc : 1 1 up 0 down 0 blocked Transport Client VC Local Remote VC ID Intf State VC Label VC Label 101 GE4/1/1 up 1025 1024 # Ping CE 2 from CE 1.0] network 192.0.[PE2-GigabitEthernet4/1/2] mpls ldp [PE2-GigabitEthernet4/1/2] quit # Configure OSPF on PE 2 for establishing LSPs.2: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 100. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0. The output shows that an L2VPN connection is established on PE 2.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.0] quit [PE2-ospf-1] quit # On the interface connecting CE 2. # Display L2VPN connection information on PE 1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 216 .0.1. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface GigabitEthernet4/1/1 [CE2-GigabitEthernet4/1/1] ip address 100.100. The interface requires no IP address.0.1.1.1. [PE1] display mpls l2vc Total ldp vc : 1 1 up 0 down 0 blocked Transport Client VC Local Remote VC ID Intf State VC Label VC Label 101 GE4/1/1 up 1024 1025 # Display the L2VPN connection information on PE 2. The operation succeeds. create a Martini MPLS L2VPN connection.2 PING 100.1.1.2. [CE1] ping 100.1.0. namely GigabitEthernet 4/1/1.1.0.0.2 101 [PE2-GigabitEthernet4/1/1] quit 5.1.1.2: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.

1. 2.2/24 CE 2 PE 2 Interface IP address Loop0 3.00% packet loss round-trip min/avg/max = 30/50/70 ms Example for configuring Kompella MPLS L2VPN Network requirements As shown in Figure 53.1.1/24 GE4/1/2 169. you can issue the display mpls ldp session and display mpls ldp peer commands to view the LDP sessions and peer relationship established.9/32 GE4/1/1 168. Configure BGP L2VPN capability.9/32 PE 1 Loop0 1. (Details not shown) After configuration.1. # Configure PE 1.3.2. issuing the display ip routing-table command on each LSR.3.9/32 GE4/1/1 169.1. Issuing the display ospf peer command.9 as-number 100 217 .1/24 GE4/1/1 30. you should see that it has learned the routes to the LSR IDs of the other LSRs.1/24 P Loop0 2.2/24 Configuration procedure 1.1.2/24 GE4/1/2 168.1. the CEs are connected to PEs through GigabitEthernet interfaces.1.1.1.1. you should see that OSPF adjacencies have been established and reached the state of Full. 3. <Sysname> system-view [Sysname] sysname PE1 [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit [PE1] bgp 100 [PE1-bgp] peer 3. or the display mpls lsp command to view the LSPs established. Configure an IGP on the MPLS backbone.0. Figure 53 Network diagram Device Interface IP address Device CE 1 GE4/1/1 30.1.3. Establish a Kompella MPLS L2VPN between CE 1 and CE 2.1.1. (Details not shown) After configuration.3.2. This example uses OSPF. Configure basic MPLS and LDP to establish LDP LSPs.1.

9 connect-interface loopback 0 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] policy vpn-target [PE2-bgp-af-l2vpn] peer 1.3. The peer state should be Established. <Sysname> system-view [Sysname] sysname PE2 [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.3. Peer V AS 3.3.9 4 100 Peers in established state : 1 MsgRcvd MsgSent 2 5 OutQ PrefRcv Up/Down 0 0 State 00:01:07 Established Configure the L2VPN and the CE connection.9 enable [PE1-bgp-af-l2vpn] quit [PE1-bgp] quit # Configure PE 2. # Configure PE 1. Verify your configuration.1.9 connect-interface loopback 0 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] policy vpn-target [PE1-bgp-af-l2vpn] peer 3.9 as-number 100 [PE2-bgp] peer 1.3.1.1.9 Local AS number : 100 Total number of peers : 1 4.[PE1-bgp] peer 3.9 enable [PE2-bgp-af-l2vpn] quit [PE2-bgp] quit After completing the configurations.1. issue the display bgp l2vpn peer command on PE 1 and PE 2 to view the peer relationship established between the PEs.1.3. [PE2] mpls l2vpn vpn1 encapsulation ethernet [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface GigabitEthernet4/1/2 [PE2-mpls-l2vpn-ce-vpn1-ce2] quit [PE2-mpls-l2vpn-vpn1] quit 5. [PE1] mpls l2vpn vpn1 encapsulation ethernet [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface GigabitEthernet4/1/1 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit # Configure PE 2. Take PE 1 as an example: [PE1] display bgp l2vpn peer BGP local router ID : 1. 218 .1.1.3.

0 local. connections: 1 up. 1 remote.30.9 # Ping CE 2 from CE 1.1. Take PE 1 as an example: [PE1] display mpls l2vpn connection 1 total connections. 0 down. id: 1.2: 56 data bytes.2: bytes=56 Sequence=3 ttl=255 time=34 ms Reply from 30. Configure the PE. 0 unknown CE name: ce1. Rid type status peer-id route-distinguisher intf 2 100:1 GigabitEthernet4/1/2 rmt up 3.1.2 PING 30.1. Figure 54 Network diagram Configuration procedure 1.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 30. [CE1] ping 30.2: bytes=56 Sequence=5 ttl=255 time=94 ms --.1.1.1.1. The output shows that CE 1 and CE 2 can ping each other.1. 1 total connections.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1. connections: 1 up.3. 1 remote. # Configure basic MPLS.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms Reply from 30.1. press CTRL_C to break Reply from 30.00% packet loss round-trip min/avg/max = 34/68/94 ms Example for configuring a Kompella local connection Network requirements As shown in Figure 54.1.1.Issue the display mpls l2vpn connection command on the PEs. 0 unknown VPN name: vpn1. 219 . The output shows that an L2VPN connection is established between the PEs and the connection is up.2: bytes=56 Sequence=2 ttl=255 time=77 ms Reply from 30. (Details not shown) # Configure the L2VPN and the CE connection. create a Kompella local connection between CE 1 and CE 2. 0 down. 0 local.3.

2: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 30. The output shows that two local L2VPN connections are established and in up state. 0 down.<Sysname> system-view [Sysname] sysname PE [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit [PE] mpls l2vpn vpn1 encapsulation ethernet [PE-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE-mpls-l2vpn-vpn1] vpn-target 111:1 [PE-mpls-l2vpn-vpn1] ce ce1 id 1 [PE-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface GigabitEthernet4/1/1 [PE-mpls-l2vpn-ce-vpn1-ce1] quit [PE-mpls-l2vpn-vpn1] ce ce2 id 2 [PE-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface GigabitEthernet4/1/2 [PE-mpls-l2vpn-vpn1] quit 2. [PE] display mpls l2vpn connection 2 total connections.1. [CE1] ping 30. connections: 2 up. The output shows that CE 1 and CE 2 can ping each other.2: bytes=56 Sequence=5 ttl=255 time=94 ms --.1.2 PING 30.1. 2 total connections.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms Reply from 30.2: bytes=56 Sequence=4 ttl=255 time=46 ms Reply from 30. 0 remote. 2 local. connections: 2 up.1. Verify your configuration. id: 2.1. Rid type status peer-id route-distinguisher intf 2 --- GigabitEthernet4/1/1 Rid type status peer-id route-distinguisher intf 1 --- GigabitEthernet4/1/2 loc up --- CE name: ce2.1.1.1. 2 local. loc up --- # Ping CE 2 from CE 1. id: 1. # Issue the display mpls l2vpn connection command on the PE.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1. 0 remote. 0 unknown VPN name: vpn1.30.2: 56 data bytes.00% packet loss round-trip min/avg/max = 34/68/94 ms 220 . 0 down.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms Reply from 30.1. 0 unknown CE name: ce1. press CTRL_C to break Reply from 30.1.1.1.

Solution • Check whether the local PE and the peer PE are configured with the same encapsulation type. If not. the connection is destined to fail. • Check whether the PEs are configured with the Remote argument and whether the peer addresses are correctly configured. 221 . Analysis The reason the VC is down may be that the PEs are configured with different encapsulation types. The output of the display mpls l2vc command shows that the VC is down and the remote VC label is invalid.Troubleshooting MPLS L2VPN Symptom After the L2VPN configuration. the peer PEs cannot ping each other.

MPLS L3VPN comprises the following types of devices: • Customer edge (CE) device—A CE resides on a customer network and has one or more interfaces directly connected to service provider networks. It can neither “sense” the presence of any VPN nor does it need to support MPLS. MPLS L3VPN provides flexible networking modes. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over service provider backbones.Configuring MPLS L3VPN NOTE: This chapter covers only introduction to and configuration of MPLS L3VPN. • Provider (P) device—A P device is a core device on a service provider network. On an MPLS network. 222 . Figure 55 Network diagram for MPLS L3VPN model VPN 1 Site 1 VPN 2 Site 3 P P CE CE PE PE CE P P PE CE Site 2 VPN 2 Site 4 VPN 1 CEs and PEs mark the boundary between the service providers and the customers. see the chapter “Configuring basic MPLS. MPLS L3VPN overview MPLS L3VPN is a PE-based L3VPN technology.” For information about BGP. a switch. excellent scalability. It has only basic MPLS forwarding capability. It is not directly connected to any CE. all VPN services are processed on the PEs. see Layer 3—IP Routing Configuration Guide. or a host. For information about MPLS basics. and convenient support for MPLS QoS and MPLS TE. It can be a router. • Provider edge (PE) device—A PE resides at the edge of a service provider network and connects one or more CEs.

A PE creates and maintains a VPN instance for each directly connected site. A site can contain many CEs. the VPN instance of the site contains information about all the VPNs. • A site is connected to a provider network through one or more CEs. though the devices at a site are adjacent to each other geographically in most cases. VPN-IPv4 address Traditional BGP cannot process VPN routes which have overlapping address spaces. Sites connected to the same provider network can be classified into different sets by policies. it uses BGP to exchange VPN routing information with other PEs.10. but a CE can belong to only one site. Each VPN instance contains the VPN membership and routing rules of the corresponding site. Address space overlapping Each VPN independently manages the addresses that it uses. address space overlapping occurs.0/24. VPN instance In MPLS VPN. A P router only maintains routes to PEs and does not deal with VPN routing information. For independence and security of VPN data. rather than the geographical positions. BGP selects only one of them. and the administration information of the VPN instance. For example. The address spaces of VPNs may overlap. if both VPN 1 and VPN 2 use the addresses on network segment 10. A CE and a PE use BGP/IGP to exchange routing information. route filtering policy. After a CE establishes adjacency with a directly connected PE. Only the sites in the same set can access each other through the provider network. routes of different VPNs are identified by VPN instances. A PE maintains routing information about only VPNs that are directly connected. • The devices at a site can belong to multiple VPNs. A site has the following features: • A site is a group of IP systems with IP connectivity that does not rely on any service provider network to implement. • The classification of a site depends on the topology relationship of the devices. The administration information of a VPN instance includes the route distinguisher (RD). rather than all VPN routing information on the provider network.10.110. which results in loss of the other route. for example. Such a set is called a VPN. each VPN instance on a PE maintains a relatively independent routing table and a separate label forwarding information base (LFIB). it advertises its VPN routes to the PE and learns remote VPN routes from the PE.0/24 and each advertise a route to the segment. If a user at a site belongs to multiple VPNs at the same time. The assembly of such addresses for a VPN is called an address space. If. the egress PE functions as the egress LSR. the ingress PE functions as the ingress LSR. After a PE learns the VPN routing information of a CE. VPN instance information includes the LFIB. both VPN 1 and VPN 2 use addresses on the segment 10.110. the IP routing table. When VPN traffic travels over the MPLS backbone. and P routers function as the transit LSRs. the interfaces bound to the VPN instance. 223 .A CE is usually a router. and member interface list. MPLS L3VPN concepts Site Sites are often mentioned in the VPN. You can also configure static routes between them.

and the RD format is 16-bit AS number:32-bit user-defined number. you get a globally unique VPN IPv4 address prefix. 65536:1. followed by a 4-byte IPv4 address prefix. • When the value of the Type field is 1. or it can be related to an IP address. and use VPN-IPv4 address family to solve the problem with traditional BGP. An RD can be in one of the following three formats distinguished by the Type field: • When the value of the Type field is 0. For example. as shown in Figure 56. it must advertise the VPN route to the peer PE. 172. • Import target attribute: A PE checks the export target attribute of VPN-IPv4 routes advertised by other PEs. the Administrator subfield occupies four bytes. do not set the Administrator subfield to any private AS number or private IP address. By prefixing a distinct RD to a specific IPv4 address prefix. A VPN-IPv4 address consists of 12 bytes. Figure 56 VPN-IPv4 address structure When a PE receives an ordinary IPv4 route from a CE. the Administrator subfield occupies four bytes. If the export target attribute matches the import target attribute of the VPN instance.1. so that routes to the same CE use the same RD. VPN target attributes MPLS L3VPN uses the BGP extended community attributes called VPN target attributes. where the minimum value of the AS number is 65536. 100:1. the Assigned number subfield occupies two bytes.1:1. Thus. An RD can be related to an autonomous system (AS) number. To guarantee global uniqueness for RDs. For example. in which case it is the combination of the IP address and a discretionary number. or route target attributes. the Assigned number subfield occupies two bytes. Configure a distinct RD for each VPN instance on a PE. the Administrator subfield occupies two bytes. the Assigned number subfield occupies four bytes.1. in which case it is the combination of the AS number and a discretionary number. the PE adds the routes to the VPN routing table. 224 . to control the advertisement of VPN routing information. • When the value of the Type field is 2. The VPN-IPv4 address with an RD of 0 is in fact a globally unique IPv4 address. and the RD format is 32-bit IPv4 address:16-bit user-defined number. and the RD format is 32-bit AS number:16-bit user-defined number. The first eight bytes represent the RD. a PE can advertise different routes to VPNs even if the VPNs are from different service providers and are using the same IPv4 address space. A VPN instance on a PE supports two types of VPN target attributes: • Export target attribute: A local PE sets this type of VPN target attribute for VPN-IPv4 routes learned from directly connected sites before advertising them to other PEs. A service provider can independently assign RDs provided the assigned RDs are unique.PEs use MP-BGP to advertise VPN routes. The uniqueness of a VPN route is implemented by adding an RD to the route. For example.

172. used for label switching inside the backbone. 65536:1. where the minimum value of the AS number is 65536. By default. and from which sites that a PE can receive routes. • 32-bit IPv4 address:16-bit user-defined number. VPN packets can be label switched along the LSPs to the remote PEs. only one tunnel is selected (no load balancing) in this order: LSP tunnel.1:1. For example. An export routing policy can reject the routes selected by the communities in the export target attribute.In other words. Using MP-BGP can guarantee that private routes of a VPN are advertised only in the VPN and implement communications between MPLS VPN members. For example. or more precisely. After a VPN instance is created. each CE only needs to know how to reach the other CE. or both as needed. you can optionally configure a tunneling policy for the VPN instance. Based on layer 1 labels. you can also configure import and export routing policies to control the redistribution and advertisement of VPN routes more precisely. It can reject the routes selected by the communities in the import target attribute. 100:1. For example. MP-BGP Multiprotocol extensions for BGP-4 (MP-BGP) advertises VPN composition information and routes between PEs. to which CE the packet should be sent. It is backward compatible and supports both traditional IPv4 address family and other address families. • Layer 2 labels—Inner labels. Tunneling policy A tunneling policy is used to select the tunnel for the packets of a specific VPN instance to use. A tunneling policy takes effect only within the local AS. VPN target attributes define which sites can receive VPN-IPv4 routes. an export routing policy. such as VPN-IPv4 address family. VPN target attributes can be of three formats: • 16-bit AS number:32-bit user-defined number. VPN packets are forwarded with the following layers of labels: • Layer 1 labels—Outer labels.1. The following takes Figure 57 as an example to illustrate the VPN packet forwarding procedure. Like RDs.1. you can configure an import routing policy. A PE finds the interface for forwarding a packet according to the inner label. An import routing policy can further filter the routes that can be advertised to a VPN instance by using the VPN target attribute of import target attribute. MPLS L3VPN packet forwarding For basic MPLS L3VPN applications in a single AS. Routing policy In addition to the import and export extended communities for controlling VPN route advertisement. They indicate LSPs from the local PEs to the remote PEs. • 32-bit AS number:16-bit user-defined number. CR-LSP tunnel. After a VPN instance is created. An inner label indicates to which site. used for forwarding packets from the remote PEs to the CEs. If two sites (CEs) belong to the same VPN and are connected to the same PE. 225 .

VPN target attributes are used to control the advertisement and reception of VPN routes between sites. PE 1 labels the packet with both inner and outer labels and forwards the packet out. Moreover. 5. They can forward traffic to each other but cannot communicate with any user outside the VPN. this VPN target cannot be used by any other VPNs. 3. The outer label is removed from the packet at the penultimate hop.Figure 57 VPN packet forwarding 1.1. 226 . CE 2 transmits the packet to the destination by IP forwarding. 2. 4. Site 1 sends an IP packet with the destination address of 1. you need to assign a VPN target to each VPN for identifying the export target attribute and import target attribute of the VPN. For this networking scheme. Once finding a matching entry. Basic VPN networking scheme In the simplest case. all users in a VPN form a closed user group.2. the basic VPN networking scheme. MPLS L3VPN networking schemes In MPLS L3VPNs. The MPLS backbone transmits the packet to PE 2 by outer label. PE 2 searches VPN instance entries according to the inner label and destination address of the packet to determine the outbound interface and then forwards the packet out the interface to CE 2.1. They work independently and can be configured with multiple values to support flexible VPN access control and implement multiple types of VPN networking schemes. CE 1 transmits the packet to PE 1. PE 1 searches VPN instance entries based on the inbound interface and destination address of the packet.

and the export target attribute of the VPN instance for the latter to Hub. the PEs connected with spoke sites). for example. specify two interfaces or subinterfaces. This networking scheme requires two VPN targets: one for the hub and the other for the spoke. • On the hub PE (that is. Hub and spoke networking scheme For a VPN where a central access control device is required and all users must communicate with each other through the access control device. set the export target attribute to Spoke and the import target attribute to Hub. while that for VPN 2 is 200:1. However. the hub and spoke networking scheme can be used to implement the monitoring and filtering of user communications. The two VPN 1 sites can communicate with each other. the PE connected to the hub site). and the two VPN 2 sites can communicate with each other.Figure 58 Network diagram for basic VPN networking scheme In Figure 58. The VPN target setting rules for VPN instances of all sites on PEs are as follows: • On spoke PEs (that is. the VPN target for VPN 1 is 100:1 on the PEs. Set the import target attribute of the VPN instance for the former to Spoke. one for receiving routes from spoke PEs. the VPN 1 sites cannot communicate with the VPN 2 sites. 227 . and the other for advertising routes to spoke PEs.

the spoke sites communicate with each other through the hub site. if a VPN needs to access a shared site. • The hub PE advertises the routes learned from a spoke PE to the other spoke PEs. • All spoke PEs can receive the VPN-IPv4 routes advertised by the hub PE.Figure 59 Network diagram for hub and spoke networking scheme In Figure 59. In this kind of networking scheme. Extranet networking scheme The extranet networking scheme can be used when some resources in a VPN are to be accessed by users that are not in the VPN. 228 . the spoke sites can communicate with each other through the hub site. the export target attribute and the import target attribute of the VPN must be contained respectively in the import target attribute and the export target attribute of the VPN instance of the shared site. any two spoke PEs can neither directly advertise VPN-IPv4 routes to each other nor directly access each other. The arrows in the figure indicate the advertising path of routes from Site 2 to Site 1: • The hub PE can receive all the VPN-IPv4 routes advertised by spoke PEs. Thus. Therefore. • The import target attribute of any spoke PE is distinct from the export VPN targets of the other spoke PEs.

MPLS L3VPN has excellent scalability. Therefore. 3. Site 1 of VPN 1 and Site 2 of VPN 2 cannot communicate with each other. 2. 229 . MPLS L3VPN routing information advertisement In basic MPLS L3VPN networking. a route is available between the local CE and the remote CE. • Based on the above. rather than that of all VPNs. Advertised from the local CE to the ingress PE. the advertisement of VPN routing information involves CEs and PEs. Site 1 and Site 3 of VPN 1 can communicate with each other. Then.Figure 60 Network diagram for extranet networking scheme In Figure 60. and Site 2 of VPN 2 and Site 3 of VPN 1 can communicate with each other. A PE maintains only the routing information of the VPNs directly connected to it. • PE 3 can receive the VPN-IPv4 routes advertised by PE 1 and PE 2. VPN 1 and VPN 2 can access Site 3 of VPN 1. and the VPN routing information can be advertised on the backbone. PE 3 advertises neither the VPN-IPv4 routes received from PE 1 to PE 2. a CE advertises its VPN routing information to the PE. • PE 1 and PE 2 can receive the VPN-IPv4 routes advertised by PE 3. routes learned from an IBGP neighbor will not be advertised to any other IBGP neighbor). Advertised from the ingress PE to the egress PE. A P router maintains only the routes of the backbone and does not need to know any VPN routing information. The following describes these phases in detail. nor the VPN-IPv4 routes received from PE 2 to PE 1 (that is. Advertised from the egress PE to the remote CE. The VPN routing information of a local CE is advertised in three phases: 1. Therefore. Routing information exchange from the local CE to the ingress PE After establishing an adjacency with the directly connected PE.

packets are forwarded using two-level label forwarding as VPN packets. • Multihop EBGP redistribution of labeled VPN-IPv4 routes—PEs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. Inter-AS VPN In some networking scenarios. the ingress PE advertises the VPN-IPv4 routes to the egress PE through MP-BGP. OSPF routes. or IBGP route. No matter which routing protocol is used. Such an application is called inter-AS VPN. PEs use IGP to ensure the connectivity between them. Within an AS. the CE always advertises standard IPv4 routes to the PE. each inter-AS has a pair of subinterfaces to exchange VPN routing information. EBGP routes. Routing information exchange from the egress PE to the remote CE A remote CE can learn VPN routes from the egress PE in a number of ways. PEs of two ASs are directly connected and each PE is also the ASBR of its AS. multiple sites of a VPN may be connected to multiple ISPs in different ASs. The PEs acting as ASBRs are connected through multiple subinterfaces. the ingress PE adds RDs and VPN targets for these standard IPv4 routes to create VPN-IPv4 routes. • EBGP redistribution of labeled VPN-IPv4 routes—ASBRs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. OSPF route. Then. IS-IS routes. EBGP route. RIP route. and IBGP routes. conventional IP forwarding is used. This solution is also called inter-AS option C. 230 . Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE. save them to the routing table of the VPN instance that is created for the CE. Finally.The route between the CE and the PE can be a static route. Each of them treats the other as a CE of its own and advertises IPv4 routes through conventional EBGP. This solution is also called inter-AS option B. Between ASBRs. or to multiple ASs of an ISP. This solution is also called inter-AS option A. Inter-AS option A In this solution. and then trigger MPLS to assign VPN labels for them. RFC 2547bis presents the following inter-AS VPN solutions: • VRF-to-VRF—ASBRs manage VPN routes between them through subinterfaces. Ideally. The routes can be static routes. the egress PE compares the export target attribute of the VPN-IPv4 routes with the import target attribute that it maintains for the VPN instance and determines whether to add the routes to the routing table of the VPN instance. The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE. RIP routes. IS-IS route.

3. it has limited scalability because the PEs acting as the ASBRs have to manage all the VPN routes and create VPN instances on a per-VPN basis. The ASBR PE advertises labeled VPN-IPv4 routes to the ASBR PE of AS 200 through MP-EBGP. also called ASBR extension method. The ASBR PE of AS 200 advertises labeled VPN-IPv4 routes to PEs in AS 200 or to the RR for the PEs through MP-IBGP. The ASBRs must perform the special processing on the labeled VPN-IPv4 routes. PEs in AS 100 advertise labeled VPN-IPv4 routes to the ASBR PE of AS 100 or the route reflector (RR) for the ASBR PE through MP-IBGP.Figure 61 Network diagram for inter-AS option A This kind of solution is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. 2. This leads to excessive VPN-IPv4 routes on the PEs. Inter-AS option B In this kind of solution. As shown in Figure 62. Moreover. the requirement to create a separate subinterface for each VPN also calls for higher performance of the PEs. 231 . two ASBRs use MP-EBGP to exchange labeled VPN-IPv4 routes that they have obtained from the PEs in their respective ASs. the routes are advertised through the following steps: 1. However.

Thus. the ASBRs may become bottlenecks hindering network extension. When every AS needs to exchange a great amount of VPN routes. • VPN-IPv4 routes are exchanged only between VPN peers. A VPN user can exchange VPN-IPv4 routes neither with the public network nor with MP-EBGP peers with whom it has not reached agreement on the route exchange. The ASBR of another AS also advertises labeled IPv4 routes. they require that the ASBRs maintain and advertise VPN-IPv4 routes. However. One way to solve the above problem is to make PEs directly exchange VPN-IPv4 routes without the participation of ASBRs: • Two ASBRs advertise labeled IPv4 routes to PEs in their respective ASs through MP-IBGP. • The ASBRs neither maintain VPN-IPv4 routes nor advertise VPN-IPv4 routes to each other. Inter-AS option C The inter-AS option A and B solutions can satisfy the needs for inter-AS VPNs. When adopting MP-EBGP method. note the following issues: • ASBRs perform no VPN target filtering on VPN-IPv4 routes that they receive from each other. Therefore. 232 . the ISPs in different ASs that exchange VPN-IPv4 routes need to agree on the route exchange. inter-AS option B is better than option A. an LSP is established between the ingress PE and egress PE. • An ASBR maintains labeled IPv4 routes of the PEs in the AS and advertises them to the peers in the other ASs. • Between PEs of different ASs. Multi-hop EBGP connections are established to exchange VPN-IPv4 routes.Figure 62 Network diagram for inter-AS option B M IB PG P M G IB PP In terms of scalability.

making it maintain all VPN-IPv4 routes and exchange VPN-IPv4 routes with PEs in the AS. For good scalability. while the customer is called the customer carrier or the Level 2 carrier. as shown in Figure 64.Figure 63 Network diagram for inter-AS option C To improve the scalability. you can specify an RR in each AS. In this case. it only redistributes the routes for delivering packets between different sites 233 . The RRs in two ASs establish an inter-AS VPNv4 connection to advertise VPN-IPv4 routes. In this model. This networking model is referred to as carrier’s carrier. the MPLS L3VPN service provider is called the provider carrier or the Level 1 carrier. Figure 64 Network diagram for inter-AS option C using RRs Carrier’s carrier Introduction to carrier's carrier It is possible that a customer of the MPLS L3VPN service provider is also a service provider. the Level 2 service provider serves as a CE of the Level 1 service provider. the Level 1 carrier does not redistribute the routes of the customer network connected to a Level 2 carrier.

its PEs need to run IGP and LDP to communicate with CEs. rather than MPLS. PE 3 and PE 4 exchange VPN routes of the Level 2 carrier through MP-IBGP sessions. the CE holds the VPN routes of the Level 2 carrier. When the Level 2 carrier is an ordinary ISP. • If the PE and the CE are not in the same AS. Implementation of carrier’s carrier Compared with the common MPLS L3VPN. but it does not advertise the routes to the PE of the Level 1 carrier. PE 3 and PE 4 exchange VPN routes of the Level 2 carrier through IBGP sessions. Routes of the customer networks connected to a Level 2 carrier are exchanged through the BGP session established between the routers of the Level 2 carrier. its PEs run IGP to communicate with the CEs. you need to enable MPLS on the CE of the Level 1 carrier. Figure 65 Scenario where the Level 2 carrier is an ISP When the Level 2 carrier is an MPLS L3VPN service provider. accesses a PE of the Level 1 carrier: • If the PE and the CE are in a same AS. Moreover. that is. you need to configure MP-EBGP to label the routes exchanged between them. 234 . it only exchanges the routes with other PEs of the Level 2 carrier. A Level 2 carrier can be an ordinary ISP or an MPLS L3VPN service provider. a Level 2 carrier. In either case. This can greatly reduce the number of routes maintained by the Level 1 carrier network. As shown in Figure 66.of the Level 2 carrier. the carrier’s carrier is different because of the way in which a CE of a Level 1 carrier. As shown in Figure 65. you need to configure IGP and LDP between them.

Figure 67 depicts a nested VPN network. The traditional solution to this request is to implement internal VPN configuration on the service provider’s PEs. VPN A-1 and VPN A-2. implementing the propagation of the sub-VPN routing information throughout the customer network. • Any modification of an internal VPN must be done through the service provider. The service provider PEs treat the customer’s network as a common VPN user and do not join any sub-VPNs. H3C recommends establishing equal cost LSPs between them. but it increases the network operation cost and brings issues on management and security because: • The number of VPNs that PEs must support will increase sharply.Figure 66 Scenario where the Level 2 carrier is an MPLS L3VPN service provider PE 1 PE 2 MP-IBGP Level 1 carrier CE 1 Level 2 carrier IGP/LDP/Labeled BGP IGP/LDP IGP/LDP CE 2 Level 2 carrier MP-IBGP PE 3 PE 4 CAUTION: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier. CE 7 and CE 8) exchange VPNv4 routes that carry the sub-VPN routing information with the service provider PEs. The customer VPN contains two sub-VPNs. However. in actual applications. Nested VPN Background In an MPLS L3VPN network. This solution is easy to deploy. there is a customer VPN named VPN A. The nested VPN technology offers a better solution. The customer’s CE devices (CE 1. generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs. customer networks can be dramatically different in form and complexity. It exchanges VPNv4 routes between PEs and CEs of the ISP MPLS L3VPN and allows a customer to manage its own internal VPNs. and a customer network may need to use VPNs to further group its users. CE 2. 235 . In this scenario. Different sites of a VPN customer are connected to the PEs through CEs to implement communication. a customer’s networks are ordinary IP networks and cannot be further divided into sub-VPNs. On the service provider’s MPLS VPN network.

and appends the user’s MPLS VPN attributes on the service provider network. Sites of the same VPN can have the same number or different numbers of internal VPNs. 2. If a CE is connected to a provider PE through an IPv4 connection.Figure 67 Network diagram for nested VPN P CE 8 Provider PE Provider MPLS VPN backbone Provider PE VPN 1 Customer MPLS VPN network Customer MPLS VPN network Customer PE Customer PE VPN 1 VPN 2 CE 2 CE 1 CE 3 CE 7 CE 5 CE 4 VPN 1 VPN 2 CE 6 VPN 2 Propagation of routing information In a nested VPN network. 4. routing information is propagated in the following process: 1. • Support for both symmetric networking and asymmetric networking. it replaces the RD of the VPNv4 route with the RD of the user’s MPLS VPN on the service provider network and adds the export route-target (ERT) attribute of the user’s MPLS VPN on the service provider network to the extended community attribute list of the route. If a CE is connected to a provider PE through a VPNv4 connection (a user MPLS VPN network). 236 . • Support for multiple levels of nesting of internal VPNs. or CE 5 and CE 6 in Figure 67). The provider PE advertises VPNv4 routes which carry the comprehensive VPN information to the other PEs of the service provider. it matches the VPNv4 routes based on its local VPNs. a provider PE keeps the user’s internal VPN information. That is. Each local VPN accepts routes of its own and advertises them to its connected sub-VPN CEs (such as CE 3 and CE 4. which carry information about users’ internal VPNs. the PE advertises VPNv4 routes to the CE. 3. After receiving a VPNv4 route. A provider PE and its CEs exchange VPNv4 routes. Benefits The nested VPN technology features the following main benefits: • Support for VPN aggregation. It can aggregate a customer’s internal VPNs into one VPN on the service provider’s MPLS VPN network. the PE advertises IPv4 routes to the CE. After another provider PE receives the VPNv4 routes. The internal VPN information of the user is maintained on the provider PE.

In MPLS L3VPN. PEs are the key devices. the MAN architecture contains typically three layers. the core layer. is a plane model where performance requirements are the same for all PEs. you are faced with the scalability problem when deploying PEs at any of the three layers. • VPN route managing and advertising. In a real networking environment. 237 . Due to the specified difference. distribution layer. H3C recommends centralizing the addresses of each VPN to improve the forwarding efficiency. the performance or scalability of the whole network is influenced. This means that the PEs must have a large amount of interfaces. the performance requirements on the devices decrease while the network expands. NOTE: All IP addresses associated with the PE must be unique to implement the multi-role host feature. you can configure policy routing on the PE to allow packets from the CE to access multiple VPNs. Therefore. Therefore. If a certain PE has limited performance or scalability. Multi-role host The VPN attributes of the packets forwarded from a CE to a PE depend on the VPN instance bound to the inbound interface. To solve the scalability problem of the plane model. To allow information from other VPNs to reach the CE from the PE.Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs to pay for one MPLS VPN to have multiple internal VPNs connected. MPLS L3VPN. From the core layer to the access layer. however. the plane model is not applicable to the large-scale VPN deployment. For example. But this needs extra configurations and brings limitations to the application. With HoVPN. and access layer. the PE functions can be distributed among multiple PEs. Using multi-role host. HoVPN Why HoVPN? In MPLS L3VPN solutions. These require that a PE must have a large-capacity memory and high forwarding capability. hierarchy of VPN (HoVPN) was proposed to meet that requirement. you can set multiple logical interfaces to satisfy the requirement. a CE may need to access multiple VPNs through a single physical interface. namely. Most of the current network schemes use the typical hierarchical architecture. Nested VPN provides diversified VPN networking methods for a customer. In this case. you must configure static routes on other VPNs that take the interface connected to the CE as the next hop. They provide the following functions: • User access. on the contrary. and allows for multi-level hierarchical access control over the internal VPNs. all CEs whose packets are forwarded through the same inbound interface of a PE must belong to the same VPN. which take different roles for the same functions and form a hierarchical architecture. and user packet processing. In practice. MPLS L3VPN must transition to the hierarchical model.

NOTE: With the HoVPN solution. you can control which nodes in a VPN can communicate with each other. It does not maintain the routes of the remote sites in the VPN. the solution is also called hierarchy of PE (HoPE). and advertises the labels to the SPE along with VPN routes through MP-BGP. but higher access capability. low forwarding performance. Implementation of HoVPN Figure 68 Basic architecture of HoVPN As shown in Figure 68. A UPE assigns inner labels to the routes of its directly connected sites. HoVPN has different requirements on the devices at different layers of the hierarchy. HoVPN takes full use of both the high performance of SPEs and the high access capability of UPEs. Hence. 238 . PE functions are implemented hierarchically. including the default routes of VPN instances or summary routes and the routes permitted by the routing policy. including the routes of both the local and remote sites. • A UPE is required to have small-capacity routing table. whereas devices that are connected with UPEs and are in the internal network are called superstratum PEs (SPE) or service provider-end PEs. and fewer interface resources. It maintains all the routes of the VPNs connected through UPEs. Different roles mean different requirements: • An SPE is required to have large-capacity routing table. high forwarding performance. It maintains the routes of the VPN sites that are directly connected with it. • An SPE manages and advertises VPN routes. devices directly connected to CEs are called underlayer PEs (UPEs) or user-end PEs. By using routing policies. or only maintains their summary routes.As in the typical hierarchical network model. which function together as a traditional PE. UPEs and SPEs play different roles: • A UPE allows user access. The hierarchical PE consists of multiple UPEs and SPEs. An SPE advertises routes along with labels to UPEs.

MP-BGP runs between SPE and MPE. Recursion and extension of HoVPN HoVPN supports HoPE recursion: • A HoPE can act as a UPE to form a new HoPE with an SPE. OSPF VPN extension 239 . However. in order to advertise routes between IBGP peers. and advertises the default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs.The concepts of SPE and UPE are relative. With MP-IBGP. Figure 69 Recursion of HoPEs Figure 69 shows a three-level HoPE. It is used here just for the convenience of description. Which one to use depends on whether the UPE and SPE belong to a same AS. a PE may be the SPE of its underlayer PEs and a UPE of its SPE at the same time. NOTE: The term of MPE does not really exist in a HoVPN model. it does not act as the RR of the other PEs. as well as between MPE and UPE. The PE in the middle is called the middle-level PE (MPE). • A HoPE can act as an SPE to form a new HoPE with multiple UPEs. Each UPE maintains only VPN routes of its directly connected sites. The SPE maintains the VPN routes of all sites in the HoVPN. In the hierarchical PE architecture. the SPE acts as the RR and advertises routes from IBGP peer UPE to IBGP peer SPE. MP-BGP advertises all the VPN routes of the UPEs to the SPEs. a VPN can be extended infinitely in theory. SPE-UPE The MP-BGP running between SPE and UPE can be either MP-IBGP or MP-EBGP. The number of routes maintained by the MPE is between SPE and UPE. • HoVPN supports multi-level recursion. With recursion of HoPEs. The HoPE and common PEs can coexist in an MPLS network.

CE 21. Properly configured. It often runs between PE and CE to simplify CE configuration and management because the CEs only need to support OSPF. Each OSPF process must correspond to a VPN instance and have its own interface and routing table. OSPF for VPNs on a PE OSPF is a prevalent IGP protocol. the routes that one site learns are advertised to the other as external routes. • Configuration of OSPF areas between PE and CE The OSPF area between a PE and a CE can be either a non-backbone area or a backbone area. and PEs can exchange OSPF routing information as they are using dedicated lines. PE 1 advertises the VPN routes to PE 2 through BGP. This results in more OSPF traffic and network management problems. • BGP/OSPF interaction PEs advertise VPN routes to each other through BGP and to CEs through OSPF. and CE 22 belong to the same OSPF domain. As shown in Figure 70. see Layer 3—IP Routing Configuration Guide. PE 2 redistributes the BGP VPN routes into OSPF and advertises them to CE 21 and CE 22. Assumes that CE 11. The extended OSPF protocol supports multiple instances to address the previous problems. OSPF sites are considered directly connected. using OSPF between PE and CE can simplify the transition. 240 . PEs advertise VPN 1 routes in the following procedure: a. the MPLS VPN backbone is considered the backbone area (area 0). c. the PE must support multiple OSPF processes. For more information about OSPF.NOTE: This section focuses on the OSPF VPN extension. CE 11. Therefore. the connected PE must be connected to the backbone area of the VPN site through area 0. PE 1 redistributes OSPF routes from CE 11 into BGP. if the customers require MPLS L3VPN services through conventional OSPF backbone. PE 1 and PE 2 are connected through the MPLS backbone. In addition. If a VPN site contains an OSPF area 0. The following describes details of OSPF configuration between PE and CE. Conventional OSPF considers two sites to be in different ASs even if they belong to the same VPN. For OSPF to run between CE and PE. b. You can configure a logical connection by using a virtual link. The area 0 of each VPN site must be connected to the MPLS VPN backbone because OSPF requires that the backbone area be contiguous. and CE 22 belong to VPN 1. CE 21. This improves network management and makes OSPF applications more effective. In the OSPF VPN extension application.

the OSPF process of the PE ignores the Type 3 LSAs whose DN bit is set. • Routing loop detection If OSPF runs between CEs and PEs and a VPN site is connected to multiple PEs. PE 2 advertises the BGP VPN routes to CE 21 and CE 22 through Type 5 LSAs (ASE LSAs). when a PE advertises the BGP VPN routes learned from MPLS/BGP to the VPN site through LSAs. The OSPF that runs on the remote PE can use the information to create Type 3 summary LSAs to be transmitted to the CEs. In this case.Figure 70 Application of OSPF in VPN With the standard BGP/OSPF interaction. 241 . and CE 22 belong to the same OSPF domain. Sham link Generally. It is not preferred by OSPF because its preference is lower than that of the intra-area route across the backdoor link. There is an intra-area OSPF link called backdoor link between them. The process requires that extended BGP community attributes carry the information for identifying the OSPF attributes. CE 21. resulting in a routing loop. so the system can know that all VPN routes with the same domain ID are from the same VPN. When performing route calculation. To avoid routing loops. the PE always sets the flag bit DN for BGP VPN routes learned from MPLS/BGP. the PE uses an extended BGP/OSPF interaction process called BGP/OSPF interoperability to advertise routes from one site to another. Each OSPF domain must have a configurable domain ID. PE 1 and PE 2. If the PE needs to advertise to a CE the routes from other OSPF domains. and the route advertisement between them should use Type 3 LSAs (inter-AS routes). CE 11. To solve the problem. BGP peers carry routing information on the MPLS VPN backbone through the BGP extended community attributes. They are connected to different PEs. when creating Type 3 LSAs. the LSAs may be received by another PE. differentiating the routes from real AS-External routes. it must indicate that it is the ASBR. both site 1 and site 2 belong to VPN 1 and OSPF area1. regardless of whether the PE and the CEs are connected through the OSPF backbone. and advertise the routes using Type 5 LSAs. However. the route connecting the two sites through PEs is an inter-area route. H3C recommends that you configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN. As shown in Figure 71.

The function is a BGP outbound policy and functions on routes to be advertised. it will be replaced with that of the PE. redistribute OSPF VPN routes to BGP. if EBGP runs between PEs and CEs. BGP AS number substitution Since BGP detects routing loops by AS number.Figure 71 Network diagram for sham link To solve the problem. NOTE: After you enable the BGP AS number substitution function. but do not redistribute BGP routes to OSPF to avoid route loops. the PE re-advertises all routing information to the connected CEs in the peer group. you must assign different AS numbers to geographically different sites to ensure correct transmission of the routing information. You need to configure it manually. The sham link acts as an intra-area point-to-point link and is advertised through the Type 1 LSA. The BGP AS number substitution function allows physically dispersed CEs to use the same AS number. NOTE: When configuring an OSPF sham link. A sham link can be configured in any area. the local VPN instance must have a route to the destination of the sham link. In addition. A route across the sham link cannot be redistributed into BGP as a VPN-IPv4 route. if an AS number identical to that of the CE exist in the AS_PATH of the route. BGP advertises the endpoint addresses of sham links as VPN-IPv4 addresses. but that of different OSPF processes cannot. With the BGP AS number substitution function. The sham link is considered the link between the two VPN instances with one endpoint address in each VPN instance. when a PE advertises a route to a CE of the specified peer. you can establish a sham link between the two PEs so that the routes between them over the MPLS VPN backbone become an intra-area route. You can select a route between the sham link and backdoor link by adjusting the metric. 242 . Different sham links of the same OSPF process can share an endpoint address. performing BGP AS number substitution based on the above principle. The endpoint address is a loopback interface address with a 32-bit mask in the VPN address space on the PE.

can correctly advertise the routes of each VPN to the peer PE. which cannot ensure the data security. both CE 1 and CE 2 use the AS number of 800. the BGP AS number substitution function must be used in combination with the site-of-origin (SOO) function. in conjunction with the PE. which connects CE 2 and CE 3. you can configure multiple VPNs to use the same CE and the same routing table. The MCE creates and maintains a separate routing table for each VPN. MCE allows you to bind each VPN to a VLAN interface. which. However. In this way. Using the Multi-VPN-Instance CE (MCE) function. Multi-VPN-instance CE Background BGP/MPLS VPN transmits private network data through MPLS tunnels over the public network. Otherwise. PE 2 finds that an AS number in the AS_PATH is the same as that of CE 2 and hence substitutes its own AS number 100 for the AS number.Figure 72 Application of BGP AS number substitution In Figure 72. To meet these requirements. How MCE works The following uses Figure 73 to describe how an MCE maintains the routing entries for multiple VPNs and exchanges VPN routes with PEs. you can configure a CE for each VPN. For better services and higher security. Or. will increase users’ device expense and maintenance costs. This separates the forwarding paths of packets of different VPNs and. routing loops may appear. apparently. Before advertising updates received from CE 1 to CE 2. you can remove the contradiction of low cost and high security in multi-VPN networks. ensuring the normal transmission of VPN packets over the public network. 243 . a CE connected with multiple PEs. CE 2 can normally receive the routing information from CE 1. such as PE 2 in Figure 72. AS number substitution is enabled on PE 2 for CE 2. a private network is usually divided into multiple VPNs to isolate services. that is. NOTE: For a multi-homed CE. as shown in Figure 55. the traditional MPLS L3VPN architecture requires that each VPN instance exclusively use a CE to connect with a PE. AS number substitution also applies to a PE connecting multiple CEs through different interfaces.

you also need to perform some specific configurations in addition to the basic MPLS L3VPN configuration. When receiving a route. Configuring HoVPN Configuring an OSPF sham link Configuring routing on an MCE Specifying the VPN label processing mode 244 .Figure 73 Network diagram for the MCE function Establish a tunnel between the two sites of each VPN. RIP. OSPF. and adds it to the corresponding routing table. EBGP. The MCE connects to PE 1 through a trunk link. which permits packets of VLAN 2 and VLAN 3 with VLAN tags carried. the MCE device can determine the source of the routing information according to the number of the receiving interface. In this way. The IP address spaces for different private networks cannot overlap. and multi-role host. Configuring nested VPN Configuring multi-role host To deploy special MPLS L3VPN networks. You can configure static routes. You must also bind PE 1’s interfaces/subinterfaces connected to the MCE to the VPNs in the same way. such as inter-AS VPN. you can construct simple VPN networks over an MPLS backbone. PE 1 can determine the VPN a received packet belongs to according to the VLAN tag of the packet and sends the packet through the corresponding tunnel. IS-IS. you can configure DHCP server or DHCP relay agent on the MCE. and bind VLAN-interface 2 to VPN 1 and VLAN-interface 3 to VPN 2. or IBGP between MCE and VPN site and between MCE and PE. Create a routing table for VPN 1 and VPN 2 respectively on the MCE device. NOTE: To implement dynamic IP assignment for DHCP clients in private networks. nested VPN. MPLS L3VPN configuration task list Complete the following tasks to configure MPLS L3VPN: Task Remarks Configuring basic MPLS L3VPN Configuring inter-AS VPN By configuring basic MPLS L3VPN.

You can configure a description for a VPN instance to record its related information. A VPN instance takes effect only after you configure an RD for it. you can isolate not only VPN routes from public network routes. All VPN instance configurations are performed on PEs or MCEs. such as its relationship with a certain VPN. including PE-CE route exchange and PE-PE route exchange. It is a collection of the VPN membership and routing rules of its associated site. but also routes of a VPN from those of another VPN.Task Remarks Configuring BGP AS number substitution Configuring basic MPLS L3VPN The key task in MPLS L3VPN configuration is to manage the advertisement of VPN routes on the MPLS backbone. complete the following tasks: • Configure an IGP for the MPLS backbone (on the PEs and Ps) to achieve IP connectivity • Configure basic MPLS for the MPLS backbone • Configure MPLS LDP for the MPLS backbone so that LDP LSPs can be established Configuring VPN instances By configuring VPN instances on a PE. This feature allows VPN instances to be used in networking scenarios besides MPLS L3VPNs. To create and configure a VPN instance: 245 . Creating a VPN instance A VPN instance is associated with a site. Complete the following tasks to configure basic MPLS L3VPN: Task Configuring VPN instances Remarks Creating a VPN instance Required Associating a VPN instance with an interface Required Configuring route related attributes for a VPN instance Optional Configuring a tunneling policy for a VPN instance Optional Configuring an LDP instance Optional Configuring routing between PE and CE Required Configuring routing between PEs Required Configuring routing features for BGP VPNv4 subaddress family Optional Configuration prerequisites Before you configure basic MPLS L3VPN. A VPN instance does not necessarily correspond to one VPN.

Configure VPN targets. Enter IPv4 VPN view. vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] N/A 246 . Enter system view. 4. ipv4-family Optional. system-view N/A 2.” To associate a VPN instance with an interface: Step Command Remarks 1. Configure an RD for the VPN instance. • The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the VPN target. Enter VPN instance view. Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows: • When a VPN route learned from a CE gets redistributed into BGP. NOTE: The ip binding vpn-instance command clears the IP address of the interface on which it is configured. • The VPN instance determines how to change the VPN targets attributes for routes to be advertised according to the export-extcommunity in the VPN target. interface interface-type interface-number N/A 3. you need to associate the VPN instance with the interface for connecting the CE. BGP associates it with a VPN target extended community attribute list. system-view N/A 2. Enter interface view. Configure a description for the VPN instance. ip vpn-instance vpn-instance-name N/A 3. Enter system view.Step Command Remarks 1. ip binding vpn-instance vpn-instance-name No VPN instance is associated with an interface by default. route-distinguisher route-distinguisher N/A 4. Enter system view. For information about LDP-capable interfaces. which is usually the export target attribute of the VPN instance associated with the CE. see the chapter “Configuring basic MPLS. system-view N/A 2. ip vpn-instance vpn-instance-name N/A 3. Be sure to re-configure an IP address for the interface after configuring the command. Create a VPN instance and enter VPN instance view. To configure route related attributes for a VPN instance: Step Command Remarks 1. description text Optional Associating a VPN instance with an interface After creating and configuring a VPN instance. Associate a VPN instance with the interface. Any LDP-capable interface can be associated with a VPN instance.

Otherwise. Apply an export routing policy.Step 5. Command Remarks routing-table limit number { warn-threshold | simply-alert } Optional. Optional. system-view N/A 2. routes to be advertised are not filtered. 4. • Create a routing policy before associating it with a VPN instance. • A single vpn-target command can configure up to eight VPN targets. tunnel select-seq { cr-lsp | lsp } * load-balance-number number By default. Specify the tunnel selection preference order and the number of tunnels for load balancing. 7. Enter VPN instance view. Apply the tunnel policy to the VPN instance. all routes matching the import target attribute are accepted. Optional. Configuring a tunneling policy for a VPN instance To configure a tunneling policy for a VPN instance: Step Command Remarks 1. Create a tunneling policy and enter tunneling policy view. 247 . Set the maximum number of routes allowed. ipv4-family Optional. • You can define the maximum number of routes for a VPN instance to support. quit N/A 5. 6. only one tunnel is selected (no load balancing) in this order: LSP tunnel. CR-LSP tunnel. CR-LSP tunnel. Those configured in IPv4 VPN view take precedence. only one tunnel is selected (no load balancing) in this order: LSP tunnel. Enter system view. NOTE: • Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 VPNs. 7. tnl-policy tunnel-policy-name By default. Apply an import routing policy. Return to system view. ip vpn-instance vpn-instance-name N/A 6. You can configure up to 64 VPN targets for a VPN instance. import route-policy route-policy By default. preventing too many routes from being redistributed into the PE. tunnel-policy tunnel-policy-name N/A 3. the router cannot filter the routes to be received and advertised. • You can configure route related attributes for IPv4 VPNs in both VPN instance view and IPv4 VPN view. Enter IPv4 VPN view. export route-policy route-policy By default.

the VPN uses the LSP tunnel instead. • You can configure a tunneling policy for IPv4 VPNs in both VPN instance view and IPv4 VPN view. a tunnel type closer to the select-seq keyword has a higher priority. Enter system view. CR-LSP tunnel. LDP adjacencies on a private network are established by using addresses of the LDP-enabled interfaces. create an LDP instance for the VPN instance. After an LSP is created. the default tunneling policy is used. OSPF. you need to use the IP address of the interface bound to the VPN instance. see the chapter “Configuring basic MPLS. For configuration information. with the tunnel select-seq lsp cr-lsp load-balance-number 1 command configured.” Optional 3. while configurations in MPLS LDP view do not affect interfaces bound to VPN instances. The default tunneling policy selects only one tunnel (no load balancing) in this order: LSP tunnel. or IBGP between PE and CE. • By default. tunnels of different types may be used. IS-IS.” • Configurations in MPLS LDP VPN instance view affect only the LDP-enabled interface bound to the VPN instance. • When you configure the tunnel selection preference order by using the tunnel select-seq command. Configuring an LDP instance LDP instances are for carrier’s carrier networking applications. When configuring the transport address of an LDP instance. Otherwise. Configuring routing between PE and CE You can configure static routing. To configure an LDP instance: Step Command Remarks 1. create an LDP instance. NOTE: • Except the command for LDP GR. • Create a tunneling policy before associating it with a VPN instance. EBGP. and configure LDP parameters for the LDP instance. For example. system-view N/A 2. and enter MPLS LDP VPN instance view. A tunneling policy configured in IPv4 VPN view takes precedence. 248 . while those on the public network are established by using the LDP LSR ID. For more information about MPLS LDP. VPN uses a CR-LSP tunnel when no LSP exists. RIP. all commands available in MPLS LDP view can be configured in MPLS LDP VPN instance view. This task is to configure the LDP capability for an existing VPN instance. Enable LDP for a VPN instance. • A tunneling policy configured in VPN instance view is applicable to both IPv4 VPNs and IPv6 VPNs. mpls ldp vpn-instance vpn-instance-name Disabled by default Configure LDP parameters except LDP GR for the instance. see the chapter “Configuring basic MPLS.NOTE: • If you specify more than one tunnel type and the number of tunnels of a type is less than the specified number of tunnels for load balancing.

create a normal RIP process. RIP is disabled on an interface. If you create a RIP process without binding it to a VPN instance. rip [ process-id ] vpn-instance vpn-instance-name Perform this configuration on PEs. Configuring static routing between PE and CE To configure static routing between PE and CE: Step 1. On CEs. configure normal static routes. On CEs. To configure RIP between PE and CE: Step Command Remarks 1. Perform this configuration on PEs. • Assigning an IP address to the PE-CE interface of the PE. Create a RIP process for a VPN instance and enter RIP view. Enable RIP on the interface attached to the specified network. network network-address By default. NOTE: For information about static routing. Command Remarks system-view N/A • ip route-static dest-address { mask | 2. Enter system view. mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] • ip route-static vpn-instance s-vpn-instance-name&<1-5> dest-address { mask | mask-length } { gateway-address [ public ] | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Use either command. the process belongs to the public network. Configuring RIP between PE and CE A RIP process belongs to the public network or a single VPN instance. 3. see Layer 3—IP Routing Configuration Guide. Configure a static route for a VPN instance. Enter system view. 249 .Configuration prerequisites Before you configure routing between PE and CE. see Layer 3—IP Routing Configuration Guide. NOTE: For more information about RIP. complete the following tasks: • Assigning an IP address to the CE-PE interface of the CE. system-view N/A 2.

To configure OSPF between PE and CE: Step Command Remarks 1. 0x0107 for Router ID. The defaults are as follows: ext-community-type { domain-id type-code1 | router-id type-code2 | route-type type-code3 } 0x0005 for Domain ID. and 0x0306 for Route Type. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * Perform the configurations on PEs. 250 . If you create an OSPF process without binding it to a VPN instance. On CEs. area area-id By default. while OSPF processes on PEs in different VPNs can be configured with domain IDs as desired. When an OSPF route is redistributed into BGP. Optional. Perform this configuration on PEs. 6. Domain IDs of different OSPF processes are independent of each other. the OSPF domain ID is included in the BGP VPN route and delivered as a BGP extended community attribute.Configuring OSPF between PE and CE An OSPF process that is bound to a VPN instance does not use the public network router ID configured in system view. 0 by default. system-view N/A 2. An OSPF process belongs to the public network or a single VPN instance. Create an OSPF area and enter area view. Create an OSPF process for a VPN instance and enter the OSPF view. NOTE: Deleting a VPN instance also deletes all the associated OSPF processes. An OSPF process can be configured with only one domain ID. domain-id domain-id [ secondary ] Optional. no OSPF area is created. Configure the OSPF domain ID. The domain ID of an OSPF process is included in the routes generated by the process. Enter system view. create a normal OSPF process. 5. an interface neither belongs to any area nor runs OSPF. the process belongs to the public network. Therefore. All OSPF processes of a VPN must be configured with the same domain ID for routes to be correctly advertised. Enable OSPF on the interface attached to the specified network in the area. 4. network ip-address wildcard-mask By default. you need to specify the router ID when starting a process or to configure the IP address for at least one interface of the VPN instance. Configure the type codes of OSPF extended community attributes. 3.

see Layer 3—IP Routing Configuration Guide. system-view N/A 2. interface interface-type interface-number N/A 6. Create an IS-IS process for a VPN instance and enter IS-IS view. system-view N/A 2. Configuring IS-IS between PE and CE An IS-IS process belongs to the public network or a single VPN instance. Enter system view. The configuration procedure is the same as that for a normal OSPF process. see Layer 3—IP Routing Configuration Guide. you must enable OSPF. bgp as-number N/A 3. Redistribute the routes of the local CEs. peer { group-name | ip-address } as-number as-number N/A 5. To configure IS-IS between PE and CE: Step Command Remarks 1. isis enable [ process-id ] Disabled by default NOTE: For more information about IS-IS. the configuration will not take effect until you execute the reset ospf command. the process belongs to the public network. 251 . Configuring PE-CE route exchange through EBGP 1. ipv4-family vpn-instance vpn-instance-name N/A 4. Configure a network entity title for the IS-IS process. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * A PE needs to redistribute the routes of the local CEs into its VPN routing table so that it can advertise them to the peer PE. Enter system view.NOTE: • After configuring an OSPF process for a VPN instance. network-entity net Not configured by default 4. quit N/A 5. Configure the CE as the VPN EBGP peer. isis [ process-id ] vpn-instance vpn-instance-name N/A 3. • For more information about OSPF. Configurations on a PE To configure EBGP between PE and CE: Step Command Remarks 1. Return to system view. If you create an IS-IS process without binding it to a VPN instance. Enable BGP and enter BGP view. • After you configure the domain-id domain-id [ secondary ] command. Enter BGP VPN instance view. Enable the IS-IS process on the interface. Enter interface view.

Enter BGP view. A CE needs to advertise its routes to the connected PE so that the PE can advertise them to the peer CE. For more information. This causes the PE unable to receive the route updates. Configure BGP to filter received routes. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Optional. filter-policy { acl-number | ip-prefix ip-prefix-name } import 8. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] 7. For the hub and spoke networking scheme NOTE: Normally. In the hub and spoke networking scheme. the routing information the PE advertises to a CE carries the number of the AS where the PE resides. • For information about BGP peer and peer group configuration. Configuring IBGP between PE and CE 252 . see Layer 3—IP Routing Configuration Guide. see Layer 3—IP Routing Configuration Guide. • The BGP configuration task in BGP-VPN instance view is the same as that in BGP view. NOTE: • Exchange of BGP routes for a VPN instance is the same as that of ordinary BGP routes. peer { group-name | ip-address } allow-as-loop [ number ] By default. the route updates that the PE receives from the CE also include the number of the AS where the PE resides. system-view N/A 2. Allow the local AS number to appear in the AS_PATH attribute of a received route and set the maximum number of repetitions. BGP detects routing loops by AS number. Therefore. In this case. Enter system view. bgp as-number N/A 3. Configure the route redistribution and advertisement behavior. BGP does not filter routes to be advertised. peer { group-name | ip-address } as-number as-number N/A 4. Configure the PE as the EBGP peer. however. 6. Configurations on a CE To configure EBGP between PE and CE: Step Command Remarks 1. 2. Optional. This chapter does not differentiate between peer and peer group. routing loops must be allowed. BGP does not filter received routes. Configure BGP to filter routes to be advertised.Step Command Remarks Optional. By default. Optional. with EBGP running between PE and CE.

Router ID of an RR in the cluster by default. The two commands take effect for only the RR in the view where they are executed. 1. By default. Configure the CE as the VPN IBGP peer. Configurations a PE To configure IBGP between PE and CE: Step Command Remarks 1. and HoVPN networking. To change the next hop of a route. system-view N/A 2. filter-policy { acl-number | ip-prefix ip-prefix-name } import 6. Enter system view. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] 9. Optional. • You can execute the reflect between-clients command and the reflector cluster-id command in multiple views. reflector cluster-id { cluster-id | ip-address } 8. carrier’s carrier. In Extranet. • Configuring an RR does not change the next hop of a route. Enter BGP view. BGP does not filter routes to be advertised. you cannot use IBGP between PE and CE devices. configure an inbound policy on the receiving side of the route. Optional. Only when you configure an IBGP peer CE as a client of the RR. bgp as-number N/A 3. Configurations a CE To configure IBGP between PE and CE: 253 . no RR or RR client is configured. peer { group-name | ip-address } reflect-client Enable route reflection between clients. nested VPN. Enabled by default. they do not take effect. such as BGP-VPN instance view and BGP-VPNv4 subaddress family view. reflect between-clients 7. Optional. By default. Configure the cluster ID for the RR. By default. ipv4-family vpn-instance vpn-instance-name N/A 4. BGP does not filter received routes. 2. NOTE: • By default. including VPNv4 IBGP peers. Configure the system to be the RR and specify the CE as the client of the RR. peer { group-name | ip-address } as-number as-number N/A 5. inter-AS VPN. Configure BGP to filter received routes. does the PE advertise routes learned from it to other IBGP peers. Configure BGP to filter routes to be advertised. For RRs in other views. Optional. a PE does not advertise routes learned from IBGP peer CEs to IBGP peers. Enter BGP VPN instance view. Optional.NOTE: IBGP can be used between PE and CE devices in only common MPLS L3VPN networking.

see Layer 3—IP Routing Configuration Guide. This chapter does not differentiate between peer and peer group. peer { group-name | ip-address } connect-interface interface-type interface-number By default. Configure the route redistribution and advertisement behavior. • For information about BGP peer and BGP peer group configuration. bgp as-number N/A 3. bgp as-number N/A 3. Configure the remote PE as the peer. Every command in the following table has the same function on BGP 254 . peer { group-name | ip-address } as-number as-number N/A 4. Enter system view. Configuring routing features for BGP VPNv4 subaddress family With BGP VPNv4 subaddress family. For more information. Enable the exchange of BGP-VPNv4 routing information with the specified peer. • The BGP configuration task in BGP VPN instance view is the same as that in BGP view. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Optional. and VPLS address family. Configure the PE as the IBGP peer. You can select any of the features as required. system-view N/A 2. BGP-L2VPN address family. Configuring routing between PEs To configure routing between PEs: Step Command Remarks 1. ipv4-family vpnv4 N/A 6. A CE needs to advertise its routes to the connected PE so that the PE can advertise them to the peer CE. system-view N/A 2. Specify the source interface for route updates. BGP uses the source interface of the optimal route update packet. Enter system view. Enter BGP-VPNv4 subaddress family view.Step Command Remarks 1. peer { group-name | ip-address } as-number as-number N/A 4. BGP peers exchange IPv4 routing information only. BGP address families include BGP VPN-IPv4 address family. 5. NOTE: • Exchange of BGP routes of a VPN instance is the same as that of ordinary BGP routes. Configuring common routing features for all types of subaddress families For VPN applications. peer { group-name | ip-address } enable By default. Enter BGP view. Enter BGP view. there are a variety of routing features that are the same as those for BGP IPv4 unicast routing. see Layer 3—IP Routing Configuration Guide.

bgp as-number N/A 3. Enable VPN target filtering for received VPNv4 routes. peer { group-name | ip-address } enable By default. only IPv4 routing information is exchanged between BGP peers. 9. Allow the local AS number to appear in the AS_PATH attribute of a received route and set the maximum number of repetitions. you need to configure the peer { group-name | ip-address } next-hop-invariable command on the RR for multi-hop EBGP neighbors and reflector clients to make sure that the next hop of a VPN route will not be changed. Optional. . Enter system view. 6. peer { group-name | ip-address } allow-as-loop [ number ] Optional. Configure the system to be the RR and set a peer or peer group as the client of the RR. Configure the remote PE as the peer. Configure the system to use the local address as the next hop of a route to be advertised to a specific peer or peer group. peer { group-name | ip-address } capability-advertise orf ip-prefix { both | receive | send } 12. 7. Specify the interface for TCP connection. To configure common routing features for all types of subaddress families: Step Command Remarks 1. peer ip-address group group-name Optional. Optional. By default. peer { group-name | ip-address } next-hop-local 10. In the inter-AS option C solution. peer ip-address as-number as-number N/A 4. Enabled by default. no RR or RR client is configured. Enable a peer or peer group for an address family and enable the exchange of BGP routing information of the address family. Optional. the system uses the local address as the next hop of a route to be advertised to an EBGP peer.routes for each type of the address families and only takes effect for the BGP routes in the address family view where the command is executed. By default. 8. Enter BGP view. Add a peer into an existing peer group. peer ip-address connect-interface interface-type interface-number N/A 5. Enter address family view. Enable the Outbound Route Filtering (ORF) capability for a BGP peer/peer group. policy vpn-target 255 By default. system-view N/A 2. • ipv4-family vpnv4 • l2vpn-family • vpls-family Use one of the commands as needed. Optional. the ORF capability is disabled on a BGP peer or peer group. peer { group-name | ip-address } reflect-client 11.

By default. Optional. Optional. peer { group-name | ip-address } advertise-community By default. 100 by default. the default value of the system MED is 0. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Optional. peer ip-address connect-interface interface-type interface-number N/A 5. Enter BGP-VPNv4 subaddress family view. Configure the remote PE as the peer. Filter routes received from or to be advertised to a peer or peer group based on an AS_PATH list. Optional. 9. 8. NOTE: For information about BGP-L2VPN address family and VPLS address family. reflector cluster-id { cluster-id | ip-address } 15.Step Command 13. Enable route reflection between clients. Filter all or certain types of routes to be advertised. no AS filtering list is applied to a peer or peer group. Optional. BGP does not filter received routes. bgp as-number N/A 3. Filter received routes. Enter BGP view. filter-policy { acl-number | ip-prefix ip-prefix-name } import 10. Specify the cluster ID of the RR. Enter system view. reflect between-clients 14. no community attributes are advertised to any peer or peer group. Set the default value of the local preference. default local-preference value Optional. By default. Optional. peer { group-name | ip-address } as-path-acl as-path-filter-number { import | export } Optional. 7. 11. . rr-filter extended-community-list-number Remarks Optional. Create an RR reflection policy. Router ID of an RR in the cluster by default. 256 By default. Specify the interface for TCP connection. Configuring specific routing features for BGP-VPNv4 subaddress family To configure specific routing features for BGP-VPNv4 subaddress family: Step Command Remarks 1. default med med-value By default. Set the default value for the system MED. BGP does not filter routes to be advertised. peer ip-address as-number as-number N/A 4. system-view N/A 2. Enabled by default. Advertise community attributes to a peer or peer group. ipv4-family vpnv4 N/A 6. see MPLS Command Reference.

Optional. peer { group-name | ip-address } default-route-advertise vpn-instance vpn-instance-name Optional. you need to configure inter-AS VPN. peer { group-name | ip-address } ip-prefix prefix-name { export | import } By default. By default. no filtering policy is applied to a peer or peer group. By default. Optional. no routing policy is applied to a peer or peer group. a device uses its address as the next hop when advertising a route to its EBGP peer. a BGP update carries private AS numbers. 14. Three inter-AS VPN solutions are available. complete the following tasks: • Configure an IGP for the MPLS backbones in each AS to implement IP connectivity of the backbones in the AS • Configure basic MPLS capabilities for the MPLS backbones of each AS • Configure MPLS LDP for the MPLS backbones so that LDP LSPs can be established • Configure basic MPLS L3VPN for each AS 257 . Advertise a default route destined for a VPN instance to a peer or peer group. see Layer 3—IP Routing Configuration Guide. Apply a route filtering policy based on IP prefix list to a peer or peer group. no route filtering policy based on IP prefix list is applied to a peer or peer group. peer { group-name | ip-address } route-policy route-policy-name { export | import } 0 by default. Optional. no default route is advertised to a peer or peer group. Apply a filtering policy to a peer or peer group. By default. Configuring inter-AS VPN If the MPLS backbone on which the VPN routes rely spans multiple ASs. By default. Specify the preference value for the routes received from the peer/peer group. 16. 17. peer { group-name | ip-address } filter-policy acl-number { export | import } Optional. 13.Step Command Remarks 12. Apply a routing policy to a peer or peer group. Optional. Make BGP updates to be sent carry no private AS numbers. Configuration prerequisites Before you configure inter-AS VPN. 15. NOTE: For information about BGP routing. Specify not to change the next hop of a route when advertising it to an EBGP peer. peer { group-name | ip-address } public-as-only 18. peer { group-name | ip-address } next-hop-invariable By default. You can choose them as required. peer { group-name | ip-address } preferred-value value Optional.

Enter interface view for the interface connecting to the remote ASBR-PE.” NOTE: In the inter-AS option A solution. It is simple to implement. taking the peer ASBR-PE as its CE. • Configure each ASBR-PE. quit N/A 5. system-view N/A 2. ip address ip-address { mask | mask-length } N/A 4. for the same VPN. PE performs VPN target filtering of the received VPNv4 routes. bgp as-number N/A 6. Return to system view. interface interface-type interface-number N/A 3. In other words. This depends on the inter-AS VPN solution selected. Enter system view. . For more information. To configure inter-AS option A. configure VPN instances on PEs and ASBR PEs respectively.NOTE: When configuring basic MPLS L3VPN for each AS. and the others are discarded. VPN targets configured on the PEs in different ASs do not have such requirements. Enter BGP view. ipv4-family vpnv4 N/A 7. Configuring inter-AS option B To configure inter-AS option B on ASBR PEs: Step Command Remarks 1. Configure the IP address of the interface. you only need to: • Configure basic MPLS L3VPN on each AS. The VPN instances on PEs are used to allow CEs to access the network. The routes surviving the filtering will be added to the routing table. and those on ASBR PEs are used to access the peer ASBR PEs. Disable VPN target filtering for VPNv4 routes. undo policy vpn-target 258 By default. see “Configuring basic MPLS L3VPN. Enter BGP-VPNv4 subaddress family view. Configuring inter-AS option A Inter-AS option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. the VPN targets configured on the PEs must match those configured on the ASBR-PEs in the same AS to make sure that VPN routes sent by the PEs (or ASBR-PEs) can be received by the ASBR-PEs (or PEs). specific configurations may be required on PEs or ASBR PEs.

Configure the PE of another AS as the EBGP peer. use the peer { ip-address | group-name } next-hop-local command. 5. Therefore. MPLS LDP is not required between ASBRs. bgp as-number N/A 3. • Change the next hop on an ASBR. NOTE: For inter-AS option B. Configuring inter-AS option C Configuring the PEs You need to establish ordinary IBGP peer relationship between PEs and ASBR PEs in an AS and MP-EBGP peer relationship between PEs of different ASs. In the inter-AS option B solution. Configure the ASBR PE in the same AS as the IBGP peer. With this method. normal EBGP routes to be advertised to IBGP do not have their next hops changed by default. To configure a PE for inter-AS option C: Step Command Remarks 1. With this method. In this case. peer { group-name | ip-address } as-number as-number N/A 4.In the inter-AS option B solution. peer { group-name | ip-address } enable N/A 259 . MP-EBGP routes will get their next hops changed by default before being redistributed to MP-IBGP. two configuration methods are available: • Do not change the next hop on an ASBR. see Layer 3—IP Routing Configuration Guide. The router supports only the second method. peer { group-name | ip-address } as-number as-number N/A 6. The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes. Enter BGP view. For information about the command. for the same VPN. However. the device does not advertise labeled routes to the IPv4 peer/peer group. you still need to configure MPLS LDP between ASBRs. peer { group-name | ip-address } label-route-capability By default. Enter BGP-VPNv4 subaddress family view. Enable the PE to exchange BGP VPNv4 routing information with the EBGP peer. ipv4-family vpnv4 N/A 7. the ASBR PEs must receive all VPNv4 routing information without performing VPN target filtering. the VPN targets for the VPN instances on the PEs in different ASs must match. To change the next hop to a local address. Enter system view. system-view N/A 2. Enable the PE to exchange labeled IPv4 routes with the ASBR PE in the same AS. the ASBR PEs need to maintain all VPNv4 routing information and advertise the information to peer ASBR PEs.

Configure the remote ASBR PE as the EBGP peer.Step Command Configure the PE not to change the next hop of a route when advertising it to the EBGP peer. 6. • Assigns new MPLS labels to the labeled IPv4 routes to be advertised to the PEs in the same AS. peer { group-name | ip-address } label-route-capability By default. 5. a BGP speaker does not use its address as the next hop when advertising a route to its IBGP peer/peer group. 260 . peer { group-name | ip-address } route-policy route-policy-name export By default. All of them exchange labeled IPv4 routes. an inter-AS LSP is required. The public routes carrying MPLS labels are advertised through MP-BGP. and common EBGP peer relationship with the peer ASBR PE. peer { group-name | ip-address } as-number as-number N/A 4. Configuring the ASBR PEs In the inter-AS option C solution. Enable the ASBR PE to exchange labeled IPv4 routes with the PEs in the same AS. the label mapping information for a particular route is piggybacked in the same BGP update message that is used to distribute the route itself. To configure an ASBR PE for inter-AS option C: Step Command Remarks 1. peer { group-name | ip-address } label-route-capability By default. According to RFC 3107 “Carrying Label Information in BGP-4”. Enable the ASBR PE to exchange labeled IPv4 routes with the peer ASBR PE. no routing policy is applied to a peer or peer group. peer { group-name | ip-address } next-hop-local By default. and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information. it: • Assigns MPLS labels to the routes received from the PEs in the same AS before advertising them to the peer ASBR PE. Enter system view. 8. Configure each PE in the same AS as the IBGP peer. bgp as-number N/A 3. peer { group-name | ip-address } next-hop-invariable Required only when RRs are used to advertise VPNv4 routes. peer { group-name | ip-address } as-number as-number N/A 7. Remarks Optional. 8. This capability is implemented through BGP extended attributes and requires that the BGP peers can handle labeled IPv4 routes. the device does not advertise labeled routes to the IPv4 peer/peer group. Apply a routing policy to the routes advertised by peer ASBR PE. system-view N/A 2. where the next hop of a route advertised between RRs cannot be changed. Configure the ASBR PE to change the next hop to itself when advertising routes to PEs in the same AS. the device does not advertise labeled routes to the IPv4 peer. Enter BGP view. Configuring the routing policy After you configure and apply a routing policy on an ASBR PE. An ASBR-PE establishes common IBGP peer relationship with PEs in the same AS.

you can implement layered management of internal VPNs easily with a low cost and simple management operation. To configure a routing policy for inter-AS option C on an ASBR PE: Step Command Remarks 1. 261 . By using nested VPN. system-view N/A 2. if-match mpls-label N/A 4.Which IPv4 routes are to be assigned with MPLS labels depends on the routing policy. Enable nested VPN. apply mpls-label By default. Configuring nested VPN To configure nested VPN: Step Command Remarks 1. All the other routes are still common IPv4 routes. Configure the device to match IPv4 routes with labels. Configure a CE peer or peer group. ipv4-family vpn-instance vpn-instance-name N/A 4. Configuration prerequisites Configure the basic MPLS L3VPN capability (see “Configuring basic MPLS L3VPN”). Enter system view. Enter system view. Configure the device to assign labels to IPv4 routes. Enter BGP VPN instance view. nesting-vpn Disabled by default. system-view N/A 2. see Layer 3—IP Routing Configuration Guide. route-policy policy-name permit node seq-number N/A 3. Enter BGP view. Enter BGP-VPNv4 subaddress family view. Enter routing policy view. quit N/A 6. if you want to implement layered management of VPNs and to conceal the deployment of internal VPNs. NOTE: For information about routing policy configuration. an IPv4 route does not carry any label. Return to BGP view. Only routes that satisfy the criteria are assigned with labels. Configuring nested VPN For a network with many VPNs. peer { group-name | peer-address } as-number number N/A 5. nested VPN is a good solution. ipv4-family vpnv4 N/A 7. bgp as-number N/A 3.

By default.Step Command Remarks By default. no routing policy is applied to routes received from a nested VPN peer or peer group. peer { group-name | peer-address } vpn-instance vpn-instance-name route-policy route-policy-name import Optional. • Before specifying a nested VPN peer or peer group. you must configure route exchange between VPN A and VPN B instead of that between VPN A-1 and VPN B. only IPv4 routes and no BGP-VPNv4 routes can be exchanged between nested VPN peers/peer groups. For example. NOTE: For more information about policy routing. If VPN A-1 and VPN B need to communicate. NOTE: • The address ranges for sub-VPNs of a VPN cannot overlap. peer peer-address vpn-instance vpn-instance-name group group-name Optional. Add a peer to the nested VPN peer group. Apply a routing policy to routes received from a nested VPN peer or peer group. A service provider PE and its peer must use the addresses of the directly connected interfaces to establish neighbor relationship. • Nested VPN does not support multi-hop EBGP networking. you need to configure the multi-role host feature on the PE. 8. All configurations for the multi-role host feature are on the PE connecting that CE. a peer is not in any nested VPN peer group. peer { group-name | peer-address } vpn-instance vpn-instance-name enable 9. 10. and enable the BGP-VPNv4 route exchange capability. • Do not give nested VPN peers addresses that public network peers use. see Layer 3—IP Routing Configuration Guide. be sure to configure the corresponding CE peer or peer group in BGP VPN instance view. • Nested VPN does not allow a sub-VPN of a customer VPN and another backbone VPN to import routes from each other for mutual communication. By default. Activate a nested VPN peer or peer group. Configuring multi-role host To allow a CE to access multiple VPNs. an ISP has backbone VPNs VPN A and VPN B. VPN A has a sub-VPN VPN A-1. you must configure route exchange between the customer VPN and that backbone VPN. If they need to communicate. complete the following tasks: • Create VPN instances for the VPNs • Configure basic MPLS L3VPN Configuring and applying policy routing To configure and apply policy routing: 262 . Configuration prerequisites Before you configure the multi-role host feature.

apply access-vpn vpn-instance vpn-instance-name&<1-6> 4. interface interface-type interface-number 6. Thus. packets from the multi-role host for accessing a certain VPN can return based on the routing table that does not belong to the VPN. Enter system view. see “Configuring routing between PE and CE. policy-based-route policy-name { deny | permit } node node-number 3. ipv4-family vpnv4 N/A 4. system-view 2.Step Command 1. Configuration prerequisites Complete the basic MPLS L3VPN configuration. you can adopt HoVPN to reduce the performance requirements for PEs. Configuring HoVPN For hierarchical VPNs. Enter the view of the interface connecting a CE. Apply policy routing to the interface. peer { group-name | ip-address } enable N/A Specify a BGP peer or peer group as the UPE. system-view N/A 2. Enter system view. Create a policy and enter policy routing view.” You can configure a private network static route on a PE. peer { group-name | ip-address } upe N/A 5. Enable the exchange of BGP-VPNv4 routing information with a peer. specifying the egress of another private network or public network as the egress of the static route. Enter BGP-VPNv4 subaddress family view. Specify the VPN instances for forwarding packets. Enter BGP view. bgp as-number N/A 3. 263 . Return to system view. Configuring HoVPN To configure HoVPN: Step Command Remarks 1. quit 5. ip policy-based-route policy-name Configuring a static route For configuration steps.

Create a loopback interface and enter loopback interface view. system-view N/A 2. Configuring an OSPF sham link The sham link is considered an OSPF intra-area route.Step Command Remarks • To advertise a default VPN route: Advertise a default VPN route or routes permitted by a routing policy to the UPE. peer { group-name | ip-address } default-route-advertise vpn-instance vpn-instance-name • To advertise routes permitted by a routing policy: peer { group-name | ip-address } upe route-policy route-policy-name export Configure either command as needed. • Do not configure both the peer default-route-advertise vpn-instance command and the peer upe route-policy command at the same time. The source and destination addresses of the sham link must be loopback interface addresses with 32-bit masks. Configuration prerequisites Before you configure an OSPF sham link. With the peer default-route-advertise vpn-instance command configured. the loopback interfaces must be bound to the VPN instances and be advertised through BGP. the SPE always advertises a default route using the local address as the next hop address to the UPE. NOTE: • The default routes of a VPN instance can be advertised to only a BGP peer or peer group that is UPE. Besides. ip binding vpn-instance vpn-instance-name By default. 3. • Do not connect an SPE to a CE directly. complete the following tasks: • Configure basic MPLS L3VPN (OSPF is used between PEs and CEs) • Configure OSPF in the LAN where CEs reside Configuring a loopback interface To configure a loopback interface: Step Command Remarks 1. 264 . BGP does not advertise default routes to a VPNv4 peer. interface loopback interface-number N/A Bind the loopback interface to a VPN instance. Enter system view. If an SPE must be directly connected to a CE. It is used to make sure that the VPN traffic is transmitted over the backbone instead of the backdoor link between two CEs. By default. regardless of whether the default route is present in the local routing table or not. an interface is associated with no VPN instance. 6. the VPN instance on the SPE and that on the UPE must be configured with different RDs.

system-view N/A 2. Enter OSPF area view. Enter system view. import-route ospf [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ] Creating a sham link To create a sham link: Step Command Remarks 1.Step 4. sham-link source-ip-address destination-ip-address [ cost cost | dead dead-interval | hello hello-interval | retransmit retrans-interval | trans-delay delay | simple [ cipher | plain ] password | { md5 | hmac-md5 } key-id [ cipher | plain ] password ]* By default. ipv4-family vpn-instance vpn-instance-name 4. Configure the address of the loopback interface. area area-id N/A Configure a sham link. Enter BGP view. Enter OSPF view. Enter BGP VPN instance view. Redistribute OSPF VPN routes. no sham link is configured. import-route direct [ med med-value | route-policy route-policy-name ] * 5. Redistribute direct routes into BGP (to redistribute the loopback interface route into BGP). bgp as-number 3. route-tag tag-value N/A 4. Configure the route tag. Enter system view. 5. Command Remarks ip address ip-address { mask | mask-length } N/A Redistributing the loopback interface route and OSPF routes into BGP To redistribute the loopback interface route and OSPF routes into BGP: Step Command 1. system-view 2. 265 . ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3.

However. Configuration prerequisites Before you configure routing on an MCE.NOTE: • If you start OSPF but do not configure the router ID. H3C recommends that you configure the router ID when starting an OSPF process. An MCE supports binding a static route with a VPN instance. • If you configure multiple OSPF VPN instances but do not configure the route tag. the system will automatically create one based on the AS number configured. Command Remarks system-view N/A 266 . Configuring routing between MCE and VPN site Configuring static routing betweem MCE and VPN site An MCE can reach a VPN site through a static route. the tag will be 0. Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. If you do not configure BGP. and bind the VPN instances with the interfaces connected to the VPN sites and those connected to the PE. MCE routing configuration includes: • MCE-VPN site routing configuration • MCE-PE routing configuration On the PE in an MCE network environment. For the election rules. To configure static routing between MCE and VPN site: Step 1. Therefore. • Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity. so that the static routes of different VPN instances can be isolated from each other. Enter system view. complete the following tasks: • Configure VPN instances. disable routing loop detection to avoid route loss during route calculation and disable route redistribution between routing protocols to save system resources. see Layer 3—IP Routing Configuration Guide. the same election rules produce the same router ID. Therefore. H3C recommends configuring different tags for different OSPF VPN instance. and hence the same tag will be created for multiple OSPF VPN instances on the same PE or PEs with the same AS number. the same calculation rule produces the same tag. However. Configuring routing on an MCE MCE implements service isolation through route isolation. the system will automatically elect one.

NOTE: For more information about RIP. 5. On a VPN site. Configuring OSPF between MCE and VPN site An OSPF process belongs to the public network or a single VPN instance. RIP is disabled on an interface. Redistribute remote site routes advertised by the PE. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name | tag tag ] * By default. create a normal RIP process. no route of any other protocol is redistributed into RIP. By configuring RIP-to-VPN bindings on a CE. 3. Configuring RIP between MCE and VPN site A RIP process belongs to the public network or a single VPN instance. the process belongs to the public network. system-view N/A 2. 4. default cost value Optional. Create a RIP process for a VPN instance and enter RIP view. Configure a static route for a VPN instance. you allow routes of different VPNs to be exchanged between the CE and the sites through different RIP processes. Enable RIP on the interface attached to the specified network. 3. see Layer 3—IP Routing Configuration Guide. network network-address By default. • ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { gateway-address [ public ] | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Use either command. On a VPN site. rip [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. Enter system view. ip route-static default-preference default-preference-value 60 by default. If you create an OSPF process without binding it to a VPN instance. Configure the default precedence for static routes. Optional. To configure route exchange through RIP: Step Command Remarks 1. 267 . Configure the default cost value for the redistributed routes. the process belongs to the public network. If you create a RIP process without binding it to a VPN instance. ensuring the separation and security of VPN routes. 0 by default.Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] 2. Perform this configuration on the MCE. configure a normal static route.

Configure the OSPF domain ID. network ip-address wildcard-mask By default. system-view N/A 2. create a normal OSPF process.By configuring OSPF process-to-VPN instance bindings on a MCE. For more OSPF configuration information. Create an OSPF process for a VPN instance and enter OSPF view. you need to enable OSPF. no OSPF area is created. you allow routes of different VPNs to be exchanged between the MCE and the sites through different IS-IS processes. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * Perform this configuration on the MCE. the process belongs to the public network. • An OSPF process can belong to only one VPN instance. On a VPN site. you need to configure a router ID when starting the OSPF process. no route of any other protocol is redistributed into OSPF. Perform this configuration on the MCE. • After you configure an OSPF process for a VPN instance. By configuring IS-IS process-to-VPN instance bindings on a MCE. All OSPF processes for the same VPN must be configured with the same OSPF domain ID to ensure correct route advertisement. Enter system view. domain-id domain-id [ secondary ] 5. 0 by default. 4. vpn-instance-capability simple Disabled by default. Enable OSPF on the interface attached to the specified network in the area. you allow routes of different VPNs to be exchanged between the MCE and the sites through different OSPF processes. To configure route exchange through IS-IS: 268 . but one VPN instance can use multiple OSPF processes to advertise the VPN routes. an interface neither belongs to any area nor runs OSPF. Therefore. import-route protocol [ process-id | allow-ibgp ] [ cost cost | type type | tag tag | route-policy route-policy-name ] * By default. Configuring IS-IS between MCE and VPN site An IS-IS process belongs to the public network or a single VPN instance. Enable the multi-VPN-instance function of OSPF. area area-id By default. Redistribute remote site routes advertised by the PE. NOTE: • An OSPF process that is bound with a VPN instance does not use the public network router ID configured in system view. 3. To configure route exchange through OSPF: Step Command Remarks 1. see Layer 3—IP Routing Configuration Guide. 7. The configuration procedure is the same as that for a normal OSPF process. Optional. Create an OSPF area and enter OSPF area view. ensuring the separation and security of VPN routes. perform the common OSPF configuration. 6. If you create an IS-IS process without binding it to a VPN instance. ensuring the separation and security of VPN routes. On a VPN site.

configure a normal IS-IS process. system-view N/A 2. You also can configure filtering policies to filter the received and sent routes. Configure a network entity title. 269 . network-entity net Not configured by default. Enter BGP-VPN instance view. see Layer 3—IP Routing Configuration Guide. On a VPN site. Redistribute remote site routes advertised by the PE. the command will redistribute routes to the level-2 routing table by default. Enter system view. Enter BGP view. If you do not specify the route level in the command. bgp as-number N/A 3. By default. Optional. import-route { isis [ process-id ] | ospf [ process-id ] | rip [ process-id ] | bgp [ allow-ibgp ] | direct | static } [ cost cost | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 5. and redistribute the IGP routes of each VPN instance on the VPN sites. peer { group-name | ip-address } allow-as-loop [ number ] Optional. 1. Create an IS-IS process for a VPN instance and enter IS-IS view. you must configure a BGP peer for each VPN instance on the MCE. isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. Enter interface view. Return to system view. Configure an EBGP peer. quit N/A 6. Configuring EBGP between MCE and VPN site To use EBGP for exchanging routing information between an MCE and VPN sites.Step Command Remarks 1. Enable the IS-IS process on the interface. and configure the maximum number of times that such case is allowed to appear. system-view N/A 2. peer { group-name | ip-address } as-number as-number N/A 5. NOTE: For more information about IS-IS. Enter system view. ipv4-family vpn-instance vpn-instance-name N/A 4. 4. 3. Allow the local AS number to appear in the AS_PATH attribute of a received route. interface interface-type interface-number N/A 7. Configurations on the MCE To configure the MCE: Step Command Remarks 1. IS-IS does not redistribute routes of any other protocol. isis enable [ process-id ] Disabled by default.

2. To distinguish routes of different OSPF domains. configure the MCE to allow routing loops. Configure the MCE as the EBGP peer. 6. Enter system view. NOTE: • Normally. Thus. Configurations on a VPN site To configure the VPN site: Step Command Remarks 1. Redistribute the IGP routes of the VPN. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Optional. BGP does not filter the received routes. BGP does not filter the routes to be advertised. see Layer 3—IP Routing Configuration Guide. to enable the MCE to receive route updates normally. When the OSPF route is redistributed into BGP. Redistribute remote site routes advertised by the PE. • In standard BGP/OSPF route redistribution. • After you configure a BGP VPN instance. and redistribute the IGP routes of each VPN instance on the VPN sites. making the route unable to be distinguished from routes redistributed from other domains. By default. the domain ID is added to the BGP VPN route and is transmitted over the network as the extended community attribute of BGP. Optional. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * 7.Step Command Remarks By default. bgp as-number N/A 3. By default. Configuring IBGP beween MCE and VPN site If IBGP is used for exchanging routing information between an MCE and VPN sites. Optional. If EBGP is used between the MCE and a site. you need to enable a route to carry the OSPF domain ID when the route is redistributed from OSPF into BGP on the peer PE. when the MCE advertises its routing information with its AS number to the site and then receives routing update information from the site. system-view N/A 2. the domain ID of an OSPF process is carried in a route generated by the process. when a route is redistributed into OSPF from BGP on the MCE. you must configure a BGP peer for each VPN instance respectively. making the MCE unable to receive this route update message. the route update message will carry the AS number of the MCE. the BGP route exchange in the VPN instance is the same as the common BGP’s. 270 . Enter BGP view. For more information about BGP configuration. filter-policy { acl-number | ip-prefix ip-prefix-name } import 8. Configure a filtering policy to filter the routes to be advertised. peer { group-name | ip-address } as-number as-number N/A 4. In this case. A VPN site must advertise the VPN network addresses it can reach to the connected MCE. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure a filtering policy to filter received routes. BGP checks routing loops by examining AS numbers. the route’s original OSPF attribute cannot be restored. no routes of any other protocol are redistributed to BGP.

Configurations on the MCE To configure the MCE: Step Command Remarks 1. By default. A VPN site must advertise the VPN network addresses it can reach to the connected MCE. NOTE: When a CE is configured as an IBGP peer. BGP does not filter the received routes. By default.1. Configure an IBGP peer. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure a filtering policy to filter received routes. system-view N/A 2. peer { group-name | ip-address } reflect-client 6. Enter BGP-VPN instance view. 2. peer { group-name | ip-address } as-number as-number N/A 5. Configure the system to be the RR and specify the peer as the client of the RR. no routes of any other protocol are redistributed to BGP. bgp as-number N/A 3. including VPNv4 peers. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Configuring routing between MCE and PE MCE-PE routing configuration includes these tasks: 271 Optional. Configure a filtering policy to filter the routes to be advertised. peer { group-name | ip-address } as-number as-number N/A 4. Redistribute the IGP routes of the VPN. no RR or RR client is configured. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * 7. Enter BGP view. bgp as-number N/A 3. By default. Only when you configure a CE as a client of the RR (the MCE). does the MCE advertise routes learned from it to other IBGP peers. system-view N/A 2. Configure the MCE as the IBGP peer. Enter system view. Enter system view. Redistribute remote site routes advertised by the PE. BGP does not filter the routes to be advertised. . Optional. Configurations on the VPN site To configure the VPN site: Step Command Remarks 1. Optional. Enter BGP view. Optional. ipv4-family vpn-instance vpn-instance-name N/A 4. By default. filter-policy { acl-number | ip-prefix ip-prefix-name } import 8. the MCE does not advertise the BGP routes learned from this CE to other IBGP peers.

Enter system view. Create a RIP process for a VPN instance and enter RIP view. Optional. 0 by default. system-view N/A 2. RIP is disabled on an interface. NOTE: Configurations in this section are made on the MCE. • ip route-static vpn-instance Configure the default precedence for static routes. Configuring static routing between MCE and PE To configure static routing between MCE and PE: Step 1. 5. Redistribute the VPN routes. 3. rip [ process-id ] vpn-instance vpn-instance-name N/A Enable RIP on the interface attached to the specified network. 272 Optional. ip route-static default-preference default-preference-value s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { gateway-address [ public ] | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Use either command. Configuring RIP between MCE and PE To configure RIP between MCE and PE: Step Command Remarks 1. Command Remarks system-view N/A • ip route-static dest-address { mask | mask-length } 2. 4. network network-address By default. no route of any other routing protocol is redistributed into RIP. 60 by default. Enter system view. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name | tag tag ] * By default. . Configure the default cost value for the redistributed routes.• Bind the MCE-PE interfaces to VPN instances • Perform route configurations • Redistribute VPN routes into the routing protocol running between the MCE and the PE. Configurations on the PE are similar to those on the PE in common MPLS L3VPN network solutions (see “Configuring routing between PE and CE”). { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure a static route for a VPN instance. default cost value 3.

Enter system view. vpn-instance-capability simple Disabled by default. Create an OSPF process for a VPN instance and enter OSPF view. no route of any other routing protocol is redistributed into OSPF. Redistribute the VPN routes. default { cost cost | limit limit | tag tag | type type } * 8. tag. redistributed routes are not filtered. Create an OSPF area and enter OSPF area view. Enable the multi-VPN-instance function of OSPF. network ip-address wildcard-mask By default. area area-id By default. 4. Configuring OSPF between MCE and PE To configure OSPF between MCE and PE: Step Command Remarks 1. Configure the default parameters for redistributed routes (cost. import-route protocol [ process-id | allow-ibgp ] [ cost cost | type type | tag tag | route-policy route-policy-name ] * 6. 0 by default. The default cost is 1.NOTE: For more information about RIP. By default. Enable OSPF on the interface attached to the specified network in the area. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol [ process-id ] ] 7. see Layer 3—IP Routing Configuration Guide. NOTE: For more information about OSPF. Create an IS-IS process for a VPN instance and enter IS-IS view. Enter system view. and default type of redistributed routes is Type-2. system-view N/A 2. 9. isis [ process-id ] vpn-instance vpn-instance-name N/A 273 . see Layer 3—IP Routing Configuration Guide. Configuring IS-IS between MCE and PE To configure IS-IS between MCE and PE: Step Command Remarks 1. Optional. Configure a filtering policy to filter the redistributed routes. Optional. Configure the OSPF domain ID. route number. By default. system-view N/A 2. an interface neither belongs to any area nor runs OSPF. no OSPF area is created. the default tag is 1. Optional. domain-id domain-id [ secondary ] 5. the default maximum number of routes redistributed per time is 1000. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. and type).

Enter BGP-VPN instance view. Enter interface view. Optional. Configure the PE as the EBGP peer. Configure a filtering policy to filter the routes to be advertised. If you do not specify the route level in the command. 274 Optional. BGP does not filter the received routes.Step Command Remarks Configure a network entity title. see Layer 3—IP Routing Configuration Guide. Return to system view. peer { group-name | ip-address } as-number as-number N/A 5. interface interface-type interface-number N/A 8. Optional. Enable the IS-IS process on the interface. By default. By default. IS-IS does not filter redistributed routes. network-entity net Not configured by default. Redistribute the VPN routes of the VPN site. import-route { isis [ process-id ] | ospf [ process-id ] | rip [ process-id ] | bgp [ allow-ibgp ] | direct | static } [ cost cost | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 5. Optional. filter-policy { acl-number | ip-prefix ip-prefix-name } import 7. quit N/A 7. ipv4-family vpn-instance vpn-instance-name N/A 4. Enter BGP view. 3. By default. . By default. Redistribute the VPN routes. the command will redistribute routes to the level-2 routing table by default. Configure a filtering policy to filter the redistributed routes. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * By default. IS-IS does not redistribute routes of any other routing protocol. 6. no route redistribution is configured. 4. isis enable [ process-id ] Disabled by default. BGP does not filter the routes to be advertised. Enter system view. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure a filtering policy to filter the received routes. NOTE: For more information about IS-IS. bgp as-number N/A 3. Configuring EBGP between MCE and PE To configure EBGP between MCE and PE: Step Command Remarks 1. system-view N/A 2. filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name } export [ isis process-id | ospf process-id | rip process-id | bgp | direct | static ] 6.

bgp as-number N/A 3. the router does not inform you of the result. vpn popgo POP forwarding by default NOTE: Before executing the vpn popgo command on the router. Optional. 6. To specify the VPN label processing mode on an egress PE: Step Command Remarks 1. system-view N/A 2. • POP forwarding: Pop the label. see Layer 3—IP Routing Configuration Guide. For more information about BGP. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure a filtering policy to filter the received routes. 275 . After the command is executed successfully. ipv4-family vpn-instance vpn-instance-name N/A 4. BGP does not filter the received routes. and then search the FIB to find the outbound interface and forward the packet out the interface. You can use the display vpn label operation command to view the current VPN label processing mode. Configure the PE as the IBGP peer. Specify the VPN label processing mode as POPGO forwarding. Enter system view. Specifying the VPN label processing mode The VPN label processing mode of an egress PE can be either POPGO or POP: • POPGO forwarding: Pop the label. no route redistribution is configured. filter-policy { acl-number | ip-prefix ip-prefix-name } import 7. Redistribute the VPN routes of the VPN site. Optional. Configuring IBGP between MCE and PE To configure IBGP between MCE and PE: Step Command Remarks 1. system-view N/A 2. Enter system view. Configure a filtering policy to filter the routes to be advertised. you need to save the current configuration and then reboot the router as prompted. By default. BGP does not filter the routes to be advertised. and then search for the outbound interface according to the label and forward the packet out the interface. Enter BGP-VPN instance view. By default. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * By default. peer { group-name | ip-address } as-number as-number N/A 5. Enter BGP view.NOTE: BGP runs within a VPN in the same way as it runs within a public network.

Step 1. Enter BGP view. Enable the BGP AS number substitution function.Configuring BGP AS number substitution Configuration prerequisites Before you configure BGP AS number substitution. see Layer 3—IP Routing Command Reference. Perform a soft reset of the BGP connections in a specific VPN instance. it will be replaced with that of the PE before the route is advertised. complete the following tasks: • Configure basic MPLS L3VPN • Ensure CEs at different sites to have the same AS number Configuration procedure When CEs at different sites have the same AS number. Displaying and maintaining MPLS L3VPN Resetting BGP connections When BGP configuration changes. you can use the soft reset function or reset BGP connections to make new configurations take effect. Enter BGP VPN instance view. system-view N/A 2. configure the BGP AS number substitution function to avoid route loss. With the BGP AS number substitution function. Soft reset requires that BGP peers have route refreshment capability (supporting Route-Refresh messages). Command Remarks refresh bgp vpn-instance vpn-instance-name { ip-address | all | external | group group-name } { export | import } Available in user view 276 . when a PE advertises a route to a CE of the specified peer. ipv4-family vpn-instance vpn-instance-name N/A 4. if an AS number identical to that of the CE exist in the AS_PATH of the route. peer { ip-address | group-name } substitute-as Disabled by default NOTE: For information about the peer { ip-address | group-name } substitute-as command. bgp as-number N/A 3. Enter system view. To configure the BGP AS number substitution function: Step Command Remarks 1.

reset bgp vpnv4 { as-number | ip-address | all | external | internal | group group-name } Available in user view Displaying and maintaining MPLS L3VPN Task Command Remarks Display information about the routing table associated with a VPN instance. reset bgp vpn-instance vpn-instance-name { as-number | ip-address | all | external | group group-name } Available in user view 4. display ip vpn-instance [ instance-name vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the FIB of a VPN instance. display bgp vpnv4 { all | vpn-instance vpn-instance-name } network [ | { begin | exclude | include } regular-expression ] Available in any view Display BGP VPNv4 AS path information. display fib vpn-instance vpn-instance-name [ acl acl-number | ip-prefix ip-prefix-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the FIB of a VPN instance that matches the specified destination IP address. display ip routing-table vpn-instance vpn-instance-name [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about a specific or all VPN instances. display bgp vpnv4 { all | vpn-instance vpn-instance-name } paths [ as-regular-expression | { | { begin | exclude | include } regular-expression } ] Available in any view 277 . display bgp vpnv4 { all | vpn-instance vpn-instance-name } group [ group-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about BGP VPNv4 routes redistributed into a specific or all VPN instances. Reset BGP VPNv4 connections. Perform a soft reset of the BGP VPNv4 connections. display bgp vpnv4 { all | vpn-instance vpn-instance-name } routing-table label [ | { begin | exclude | include } regular-expression ] Available in any view Display information about a specific or all BGP VPNv4 peer group. refresh bgp vpnv4 { ip-address | all | external | group group-name | internal } { export | import } Available in user view 3. Reset BGP connections of a VPN instance.Step Command Remarks 2. display fib vpn-instance vpn-instance-name ip-address [ mask | mask-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about labeled routes in the BGP routing table.

display bgp vpnv4 vpn-instance vpn-instance-name peer [ group-name log-info | ip-address { log-info | verbose } | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the IP prefix information of the ORF packets received from the specified BGP peer. display bgp vpnv4 all routing-table [ [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number }&<1-16> | different-origin-as | peer ip-address { advertised-routes | received-routes } [ statistic ] | statistic ] [ | { begin | exclude | include } regular-expression ] | regular-expression as-regular-expression ] Available in any view 278 .Task Command Remarks display bgp vpnv4 all peer [ ip-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Display information about BGP VPNv4 peers. display bgp vpnv4 { all | vpn-instance vpn-instance-name } peer ip-address received ip-prefix [ | { begin | exclude | include } regular-expression ] Available in any view Display all BGP VPNv4 routing information.

display bgp vpnv4 route-distinguisher route-distinguisher routing-table [ [ network-address [ mask | mask-length ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number }&<1-16> | different-origin-as ] [ | { begin | exclude | include } regular-expression ] | regular-expression as-regular-expression ] Available in any view Display the BGP VPNv4 routing information of a specific VPN instance.Task Command Remarks Display the BGP VPNv4 routing information of a specific RD. display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number }&<1-16> | dampened | dampening parameter | different-origin-as | flap-info [ network-address [ { mask | mask-length } [ longer-match ] ] | as-path-acl as-path-acl-number ] | peer ip-address { advertised-routes | received-routes } | statistic ] [ | { begin | exclude | include } regular-expression ] | [ flap-info ] regular-expression as-regular-expression ] Available in any view Display information about OSPF sham links. reset bgp vpn-instance vpn-instance-name dampening [ network-address [ mask | mask-length ] Available in user view 279 . display mpls ldp vpn-instance vpn-instance-name [ | { begin | exclude | include } regular-expression ] Available in any view Clear the route flap dampening information of a VPN instance. display tunnel-policy { all | policy-name tunnel-policy-name } [ | { begin | exclude | include } regular-expression ] Available in any view Display the VPN label processing mode on an egress PE. display vpn label operation [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the specified LDP instance. display ospf [ process-id ] sham-link [ area area-id ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about a specific or all tunnel policies.

2.1.9/32 PE 1 Loop0 1.9/32 POS2/1/1 172.1. • PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information. while VPN 2 uses VPN target attributes 222:2.1.1/24 280 . while CE 2 and CE 4 belong to VPN 2. Remarks reset bgp vpn-instance vpn-instance-name ip-address flap-info reset bgp vpn-instance vpn-instance-name flap-info [ ip-address [ mask | mask-length ] | as-path-acl as-path-acl-number | regexp as-path-regexp ] Available in user view NOTE: For commands to display information about a routing table.1/24 P Loop0 2. see Layer 3—IP Routing Command Reference. Figure 74 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 3 CE 1 GE4/1/1 GE4/1/1 Loop0 GE4/1/1 PE 2 PE 1 POS2/1/1 POS2/1/1 Loop0 GE4/1/2 GE4/1/1 POS2/1/2 POS2/1/1 Loop0 GE4/1/2 P MPLS backbone GE4/1/1 GE4/1/1 CE 2 Device CE 4 VPN 2 VPN 2 AS 65420 AS 65440 Interface IP address Device Interface IP address CE 1 GE4/1/1 10.2/24 GE4/1/1 10.2/24 POS2/1/2 172. Users of different VPNs cannot access each other.2.Task Command Clear route flap history information about a BGP peer of a VPN instance. MPLS L3VPN configuration examples Configuring MPLS L3VPNs using EBGP between PE and CE Network requirements • CE 1 and CE 3 belong to VPN 1.1.1.1.1.2. • EBGP is used to exchange VPN routing information between CE and PE. • VPN 1 uses VPN target attributes 111:1.1.1.

255 [PE1-ospf-1-area-0.3.3.9/32 POS2/1/1 172.0.2/24 CE 2 GE4/1/1 10.2 24 [P-POS2/1/1] quit [P] interface pos 2/1/2 [P-POS2/1/2] clock master [P-POS2/1/2] ip address 172.3.1.2.1.0] quit [PE1-ospf-1] quit # Configure the P device.1.0.1.0] network 172.0] network 172.1 24 [P-POS2/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.3.1.0 0. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.2/24 CE 4 GE4/1/1 10.0.0.9 32 [P-LoopBack0] quit [P] interface pos 2/1/1 [P-POS2/1/1] clock master [P-POS2/1/1] ip address 172.2.1.0.2.1/24 PE 2 GE4/1/1 10.0] network 2.0.2.0. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.1/24 GE4/1/2 10.0.1/24 POS2/1/1 172.1.0.3.1. Configure an IGP on the MPLS backbone to implement IP connectivity within the backbone.0.255 [P-ospf-1-area-0.0.0.0.0.GE4/1/2 10.9 32 [PE1-LoopBack0] quit [PE1] interface pos 2/1/1 [PE1-POS2/1/1] ip address 172.9 32 [PE2-LoopBack0] quit 281 .4.2.1.3.0.2.9 0.1.0.0. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.0] network 172.1.1 24 [PE1-POS2/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.2/24 CE 3 GE4/1/1 10.1.0.1.2.2.1/24 Configuration procedure 1.0.0.1.255 [P-ospf-1-area-0.4.0 [PE1-ospf-1-area-0.2.0 0.0.0.0.1.1.0] network 1.9 0.1. # Configure PE 1.1.2/24 Loop0 3.0.1.1.0 [P-ospf-1-area-0.1.1.1.0 0.0] quit [P-ospf-1] quit # Configure PE 2.

0.1/32 Direct 0 0 127.2. The output shows that the adjacency status is Full.1.0 0.0.1(POS5/1/1)'s neighbors Router ID: 2.2. Issue the display ip routing-table command.1.0. [PE1] mpls lsr-id 1.1.1.1.2 Dead timer due in 38 GR State: Normal Priority: 1 MTU: 0 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 2.1.0.0.3. The output shows that the PEs have learned the routes to the loopback interfaces of each other.0.0.9/32 OSPF 10 1 172.0] quit [PE2-ospf-1] quit After you complete the configurations.[PE2] interface pos 2/1/1 [PE2-POS2/1/1] ip address 172.1.1.1.1 InLoop0 127.1.1 InLoop0 172.2.9/32 Direct 0 0 127.9 Neighbors Area 0.0/24 OSPF 1 172.1.1/32 Direct 0 0 127.1 POS2/1/1 172.2 POS2/1/1 3.1.9 State: Full Address: 172.0.2 Mode:Nbr is DR: 172.1.1.1.1.0. # Configure PE 1.0/24 Direct 0 0 172.0] network 172.255 [PE2-ospf-1-area-0.2.0.0.0.0. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.0.1 InLoop0 2.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit 282 .3.1.1.1.0.0.0.0 interface 172.0.1.1.1.1.1.1.0.0.2 24 [PE2-POS2/1/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.9 0. The following takes PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 8 Pre Routes : 8 Destination/Mask Proto Cost NextHop Interface 1.2.0 [PE2-ospf-1-area-0.1. OSPF adjacencies are established between PE 1.2 POS2/1/1 127.1 Master BDR: 172.0.9/32 OSPF 10 2 172.0/8 Direct 0 0 127.0.0. Issue the display ospf peer verbose command.2.3. and PE 2.2 POS2/1/1 10 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.0. P.3.1 InLoop0 172.0] network 3.2.1.1.1.

The following takes PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv --------------------------------------------------------------2.2 -------/POS2/1/1 -----------------------------------------------------------------A '*' before an LSP means the LSP is not established 283 . The output shows that the LSPs established by LDP.2.3.1.1.# Configure the P device. P.1.3. LDP sessions are established between PE 1.0. Issue the display mpls ldp lsp command.2.3.0.9/32 3/NULL 127. [P] mpls lsr-id 2.3.9:0 Operational DU Passive Off Off 5/5 --------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.2.9 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations.1.2.9/32 NULL/1024 172.1 -------/InLoop0 2 2. [PE2] mpls lsr-id 3. Issue the display mpls ldp session command. and PE 2.2 -------/POS2/1/1 3 3.1.9/32 NULL/3 172.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 2/1/1 [P-POS2/1/1] mpls [P-POS2/1/1] mpls ldp [P-POS2/1/1] quit [P] interface pos 2/1/2 [P-POS2/1/2] mpls [P-POS2/1/2] mpls ldp [P-POS2/1/2] quit # Configure PE 2.2.1. The output shows that the session status is Operational.

Configure VPN instances on PEs to allow CEs to access. Use the ping command to test connectivity between the PEs and their attached CEs.1 284 . issue the display ip vpn-instance command on the PEs to view the configuration of the VPN instance.1. The following takes PE 1 and CE 1 as an example: [PE1] display ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpn1 100:1 2009/01/22 13:02:21 vpn2 100:2 2009/01/22 13:02:40 [PE1] ping -vpn-instance vpn1 10.4. # Configure PE 1.1. (Details not shown) After completing the configurations.3.1.2 24 [PE1-GigabitEthernet4/1/1] quit [PE1] interface GigabitEthernet4/1/2 [PE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet4/1/2] ip address 10.1.2 24 [PE2-GigabitEthernet4/1/1] quit [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet4/1/2] ip address 10.1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ip address 10.A '*' before a Label means the USCB or DSCB is stale 3. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ip address 10.1. The PEs can ping their attached CEs.2 24 [PE1-GigabitEthernet4/1/2] quit # Configure PE 2.2 24 [PE2-GigabitEthernet4/1/2] quit # Configure IP addresses for the CEs as required in Figure 74.2.1.

2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit NOTE: The configurations for the other three CEs (CE 2 through CE 4) are similar to those for CE 1.10.1.1 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.1 as-number 65420 [PE1-bgp-vpn2] import-route direct [PE1-bgp-vpn2] quit [PE1-bgp] quit NOTE: The configurations for PE 2 are similar to those for PE 1.1. issue the display bgp vpnv4 vpn-instance peer command on the PEs.1.1.1. (Details not shown) After completing the configuration. press CTRL_C to break Reply from 10.1.9 Local AS number : 100 Total number of peers : 1 Peer AS 10.1. (Details not shown) # Configure PE 1.1.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.00% packet loss round-trip min/avg/max = 3/23/56 ms 4.2.1.1.1.1. and has reached the Established state.1: 56 data bytes.1: bytes=56 Sequence=5 ttl=255 time=3 ms --. The following takes PE 1 and CE 1 as an example: [PE1] display bgp vpnv4 vpn-instance vpn1 peer BGP local router ID : 1.1. Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed # Configure CE 1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.PING 10.1. The output shows that BGP peer relationship has been established between the PEs and CEs.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1 65410 11 Peers in established state : 1 MsgRcvd MsgSent OutQ 9 0 285 PrefRcv 1 Up/Down 00:06:37 State Established .1.1.1. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] peer 10.

0/24 10.3.0. The output shows the routes to the CEs.9 Local AS number : 100 Total number of peers : 1 6.3.3.0.0.2.1.3.4.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit After completing the configuration.0.2.1/32 Direct 0 0 127.0.1. issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs.1 InLoop0 255 [PE1] display ip routing-table vpn-instance vpn2 Destinations : 5 Destination/Mask Proto 10.1.2/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 10.0.1.0.1 InLoop0 127.9 as-number 100 [PE1-bgp] peer 3.0.0/8 Direct 0 0 127.0. The following takes PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Destination/Mask Proto 10.1.1.0.1 InLoop0 127.9 NULL0 127.0.3. [PE2] bgp 100 [PE2-bgp] peer 1.3.1.1/32 Direct 0 0 127.1.1 InLoop0 10.3.0.1.2.1.0.1.9 as-number 100 [PE2-bgp] peer 1.1. [PE1] bgp 100 [PE1-bgp] peer 3.0.3.1.0/8 Direct 0 0 127.3.0.0/24 10.0. The output shows that BGP peer relationship has been established between the PEs.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure PE 2.1.2/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 10.0.1 InLoop0 255 286 .3.0.0/24 BGP 0 3.1 InLoop0 10.2 GE4/1/1 Direct 0 0 127.0.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.2 GE4/1/2 Direct 0 0 127. Configure an MP-IBGP peer relationship between PEs # Configure PE 1.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.1.1.5.9 NULL0 127.3.1.3. [PE1] display bgp peer BGP local router ID : 1. Peer AS 3. and has reached the Established state.9 100 MsgRcvd Peers in established state : 1 MsgSent 2 OutQ 6 PrefRcv 0 Up/Down 0 State 00:00:12 Established Verify your configurations Issue the display ip routing-table vpn-instance command on the PEs.1.3.0/24 BGP 0 3.0.

• IBGP is used to exchange VPN routing information between CE and PE.1.1.CEs of the same VPN can ping each other.3. For example.4. CE 2 and CE 4 belong to VPN 2.1: bytes=56 Sequence=4 ttl=253 time=50 ms Reply from 10.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.1: bytes=56 Sequence=3 ttl=253 time=50 ms Reply from 10.1: bytes=56 Sequence=2 ttl=253 time=34 ms Reply from 10. whereas those of different VPNs can not.1.3.1. Users of different VPNs cannot access each other.3. • VPN 1 uses VPN target attribute 111:1.3. press CTRL_C to break Reply from 10.3.1).1: bytes=56 Sequence=5 ttl=253 time=34 ms --.1.10.10.3.1.1. press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --.1.4.1. CE 1 can ping CE 3 (10. 287 .1 PING 10.4.1: 56 data bytes.1. • PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.1.4.1: bytes=56 Sequence=1 ttl=253 time=72 ms Reply from 10.00% packet loss round-trip min/avg/max = 34/48/72 ms [CE1] ping 10.1. but cannot ping CE 4 (10. VPN 2 uses VPN target attribute 222:2.00% packet loss Configuring MPLS L3VPNs using IBGP between PE and CE Network requirements • CE 1 and CE 3 belong to VPN 1.3.1.1 PING 10.3.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.3.1: 56 data bytes.1): [CE1] ping 10.

1.1.1.4.Figure 75 Network diagram AS 100 AS 100 VPN 1 VPN 1 Loop0 CE 3 CE 1 Loop0 GE3/1/1 GE3/1/1 Loop0 GE3/1/1 PE 2 PE 1 POS5/1/1 POS5/1/1 Loop0 GE3/1/2 GE3/1/1 POS5/1/2 POS5/1/1 Loop0 GE3/1/2 P MPLS backbone GE3/1/1 GE3/1/1 CE 2 Loop0 Loop0 CE 4 VPN 2 VPN 2 AS 100 AS 100 Device Interface IP address Device Interface IP address PE 1 Loop0 1.2.1/24 CE 4 Loop0 7.2.2/24 GE3/1/2 10.0.7.1.9/32 GE3/1/1 10.4.1.5.0.0 [PE1-ospf-1-area-0.9/32 GE3/1/1 10.1.6.1.0.1.6. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone.0.1. 288 .1.7.0 0.0.4.9/32 GE3/1/1 10.1.9/32 PE 2 Loop0 3.1/24 POS5/1/1 172. # Configure PE 1.3.1.9 32 [PE1-LoopBack0] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip address 172.1.1.1.0] network 172.3.1.1.0.5.1.3.2.255 [PE1-ospf-1-area-0.9 0.0.1.2/24 CE 2 Loop0 5.9/32 Loop0 2.1.2.1 24 [PE1-POS5/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.2/24 GE3/1/1 10.1/24 GE3/1/1 10.0.2/24 POS5/1/1 172.1.0.2.0] quit [PE1-ospf-1] quit # Configure the P router.2/24 GE3/1/2 10. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.9/32 GE3/1/1 10.9/32 POS5/1/2 172.2.1.2/24 CE 1 Loop0 4.1/24 P POS5/1/1 172.1.3.1.1/24 Configuration procedure 1.1/24 CE 3 Loop0 6.4.0] network 1.1.0.1.

1.1.1.0] network 2.0] quit # Configure PE 2.0.0.0.0.1.0] quit [PE2-ospf-1] quit After you complete the configurations.1.0.3.0.1.1.0.255 [P-ospf-1-area-0.0.0 0. Issue the display ip routing-table command.1.2.0.2 POS5/1/1 3.255 [PE2-ospf-1-area-0.1.1.0 [P-ospf-1-area-0. Issue the display ospf peer command.0.0. P establishes an OSPF adjacency with PE 1 and PE 2 respectively.3.0.0 0.1.0/24 Direct 0 0 172.1.9 32 [PE2-LoopBack0] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] ip address 172.9 289 .1 24 [P-POS5/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.2 POS5/1/1 127.0.1/32 Direct 0 0 127.0.3.1.9/32 Direct 0 0 127.1 InLoop0 127.0.0/8 Direct 0 0 127.0.1.1.9/32 OSPF 10 2 172.2 POS5/1/1 10 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.9 0.0.2.2 24 [PE2-POS5/1/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.1/32 Direct 0 0 127.0.2.255 [P-ospf-1-area-0. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 8 Pre Routes : 8 Destination/Mask Proto Cost NextHop Interface 1.2.1.1.0] network 172.1.1.0.1.2.0] network 3.0.0.0.0 0.2.0.0] network 172.1.0.1 InLoop0 172.9 0.0.3.0.0.2.0] network 172.1.1.0 [PE2-ospf-1-area-0.0.2.9 32 [P-LoopBack0] quit [P] interface pos 5/1/1 [P-POS5/1/1] ip address 172.2.2 24 [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] ip address 172. The output shows that the PEs have learned the routes to the loopback interfaces of each other.1 InLoop0 2.0.1.3.2.<P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.1 InLoop0 172.0.2.1.0. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.0.3. The output shows that the adjacency status is Full.0.0/24 OSPF 1 172.0.0.9/32 OSPF 10 1 172.0.1 POS5/1/1 172.

Neighbors Area 0.0. The output shows that the session status is Operational. [PE1] mpls lsr-id 1. Issue the display mpls ldp lsp command.1(POS5/1/1)'s neighbors Router ID: 2.0.1 Master BDR: 172.1.2.1.3. Take PE 1 as an example: 290 . Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.2 Dead timer due in 38 GR State: Normal Priority: 1 MTU: 0 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After you complete the configurations. # Configure PE 1. [P] mpls lsr-id 2.0 interface 172.2. [PE2] mpls lsr-id 3.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] mpls ldp [PE1-POS5/1/1] quit # Configure the P router.1.9 State: Full Address: 172.2 Mode:Nbr is DR: 172.2. The output shows the LSPs established by LDP.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 5/1/1 [P-POS5/1/1] mpls [P-POS5/1/1] mpls ldp [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] mpls [P-POS5/1/2] mpls ldp [P-POS5/1/2] quit # Configure PE 2. P establishes an LDP session with PE 1 and PE 2 respectively.3.1.1.2.1.1.1.1. Issue the display mpls ldp session command.1.

[PE1] display mpls ldp session
LDP Session(s) in Public Network
---------------------------------------------------------------Peer-ID

Status

LAM

SsnRole

FT

MD5

KA-Sent/Rcv

--------------------------------------------------------------2.2.2.9:0

Operational

DU

Passive

Off

Off

5/5

--------------------------------------------------------------LAM : Label Advertisement Mode

FT

: Fault Tolerance

[PE1] display mpls ldp lsp
LDP LSP Information
-----------------------------------------------------------------SN

DestAddress/Mask

In/OutLabel

Next-Hop

In/Out-Interface

-----------------------------------------------------------------1

1.1.1.9/32

3/NULL

127.0.0.1

-------/InLoop0

2

2.2.2.9/32

NULL/3

172.1.1.2

-------/POS5/1/1

3

3.3.3.9/32

NULL/1024

172.1.1.2

-------/POS5/1/1

-----------------------------------------------------------------A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale

3.

Configure VPN instances on PEs to allow CEs to access.
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 222:2
[PE1-vpn-instance-vpn2] quit
[PE1] interface GigabitEthernet 3/1/1
[PE1-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-GigabitEthernet3/1/1] quit
[PE1] interface GigabitEthernet 3/1/2
[PE1-GigabitEthernet3/1/2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet3/1/2 ip address 10.2.1.2 24
[PE1-GigabitEthernet3/1/2] quit

# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 200:2
[PE2-vpn-instance-vpn2] vpn-target 222:2
[PE2-vpn-instance-vpn2] quit
[PE2] interface GigabitEthernet 3/1/1
[PE2-GigabitEthernet3/1/1] ip binding vpn-instance vpn1

291

[PE2-GigabitEthernet3/1/1] ip address 10.3.1.2 24
[PE2-GigabitEthernet3/1/1] quit
[PE2] interface GigabitEthernet 3/1/2
[PE2-GigabitEthernet3/1/2] ip binding vpn-instance vpn2
[PE2-GigabitEthernet3/1/2] ip address 10.4.1.2 24
[PE2-GigabitEthernet3/1/2 quit

# Configure IP addresses for the CEs as per Figure 75. (Details not shown)
After completing the configurations, issue the display ip vpn-instance command on the PEs to view
the configuration of the VPN instances. Use the ping command to test connectivity between the PEs
and their attached CEs. The PEs can ping their attached CEs. Take PE 1 and CE 1 as examples:
[PE1] display ip vpn-instance
Total VPN-Instances configured : 2
VPN-Instance Name

RD

Create time

vpn1

100:1

2009/01/22 13:02:21

vpn2

100:2

2009/01/22 13:02:40

[PE1] ping -vpn-instance vpn1 10.1.1.1
PING 10.1.1.1: 56

data bytes, press CTRL_C to break

Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms
--- 10.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/23/56 ms

4.

Establish IBGP peer relationships between PEs and CEs to redistribute VPN routes, and configure
routing policies to change the next hop of the routes.
# On CE 1, configure PE 1 as the IBGP peer, and configure a routing policy for the routes received
from PE 1, changing the next hop address of the routes to the IP address of PE 1.
<CE1> system-view
[CE1] route-policy ce-ibgp permit node 0
[CE1-route-policy] apply ip-address next-hop 10.1.1.2
[CE1-route-policy] quit
[CE1] bgp 100
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] peer 10.1.1.2 route-policy ce-ibgp import
[CE1-bgp] import-route direct
[CE1-bgp] quit

NOTE:
The configurations for the other three CEs (CE 2 through CE 4) are similar to those for CE 1. (Details not
shown)
# On PE 1, configure the CE 1 and CE 2 as its IBGP peers, and configure PE 1 as the route
reflector.
292

[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 100
[PE1-bgp-vpn1] peer 10.1.1.1 reflect-client
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] ipv4-family vpn-instance vpn2
[PE1-bgp-vpn2] peer 10.2.1.1 as-number 100
[PE1-bgp-vpn2] peer 10.2.1.1 reflect-client
[PE1-bgp-vpn2] import-route direct
[PE1-bgp-vpn2] quit
[PE1-bgp] quit

NOTE:
The configurations for PE 2 are similar to those for PE 1. (Details not shown)
Issue the display bgp vpnv4 vpn-instance peer command on the PEs. The output shows that BGP
peer relationships have been established between the PEs and CEs, and have reached the
Established state. Take the BGP peer relationship between PE 1 and CE 1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer

BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1

Peer
10.1.1.1

5.

Peers in established state : 1

AS

MsgRcvd

100

26

MsgSent OutQ PrefRcv Up/Down
21

0

State

2 00:11:08 Established

Configure an MP-IBGP peer relationship between PEs
# On PE 1, configure PE 2 as the MP-IBGP peer, and configure a routing policy for the routes
received from PE 2, changing the next hop address of the routes as the loopback interface address
of PE 2.
[PE1] route-policy pe-ibgp permit node 0
[PE1-route-policy] apply ip-address next-hop 3.3.3.9
[PE1-route-policy] quit
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 route-policy pe-ibgp import
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit

# On PE 2, configure PE 1 as the MP-IBGP peer, and configure a routing policy for the routes
received from PE 1, changing the next hop address of the routes as the loopback interface address
of PE 1.
[PE2] route-policy pe-ibgp permit node 0
[PE2-route-policy] apply ip-address next-hop 1.1.1.9

293

[PE2-route-policy] quit
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 route-policy pe-ibgp import
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit

Issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The
output shows that a BGP peer relationship has been established between the PEs, and has reached
the Established state. Take PE 1 as an example.
[PE1] display bgp peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1

6.

Peer

AS

3.3.3.9

100

MsgRcvd

Peers in established state : 1
MsgSent

2

OutQ

6

PrefRcv

0

Up/Down

0

State

00:00:12 Established

Verify your configurations
Issue the display ip routing-table vpn-instance command on the PEs. The output shows the routes
to the peer CEs. Take PE 1 as an example:
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 7

Routes : 7

Destination/Mask

Proto

Pre

Cost

NextHop

Interface

4.4.4.9/32

BGP

255

0

10.1.1.1

GE3/1/1

6.6.6.9/32

BGP

255

0

3.3.3.9

NULL0

10.1.1.0/24

Direct 0

0

10.1.1.2

GE3/1/1

10.1.1.2/32

Direct 0

0

127.0.0.1

InLoop0

10.3.1.0/24

BGP

0

3.3.3.9

NULL0

127.0.0.0/8

Direct 0

0

127.0.0.1

InLoop0

127.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

255

[PE1] display ip routing-table vpn-instance vpn2
Routing Tables: vpn2
Destinations : 7

Routes : 7

Destination/Mask

Proto

Pre

Cost

NextHop

Interface

5.5.5.9/32

BGP

255

0

10.2.1.1

GE3/1/2

7.7.7.9/32

BGP

255

0

3.3.3.9

NULL0

10.2.1.0/24

Direct 0

0

10.2.1.2

GE3/1/2

10.2.1.2/32

Direct 0

0

127.0.0.1

InLoop0

10.4.1.0/24

BGP

0

3.3.3.9

NULL0

127.0.0.0/8

Direct 0

0

127.0.0.1

InLoop0

127.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

255

294

CEs of the same VPN can ping each other, whereas those of different VPNs can not. For example,
CE 1 can ping CE 3 (6.6.6.9), but cannot ping CE 4 (7.7.7.9):
[CE1] ping 6.6.6.9
PING 6.6.6.9: 56

data bytes, press CTRL_C to break

Reply from 6.6.6.9: bytes=56 Sequence=1 ttl=253 time=72 ms
Reply from 6.6.6.9: bytes=56 Sequence=2 ttl=253 time=34 ms
Reply from 6.6.6.9: bytes=56 Sequence=3 ttl=253 time=50 ms
Reply from 6.6.6.9: bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 6.6.6.9: bytes=56 Sequence=5 ttl=253 time=34 ms
--- 6.6.6.9 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/48/72 ms
[CE1] ping 7.7.7.9
PING 7.7.7.9: 56

data bytes, press CTRL_C to break

Request time out
Request time out
Request time out
Request time out
Request time out
--- 7.7.7.9 ping statistics --5 packet(s) transmitted
0 packet(s) received
100.00% packet loss

Configuring an MPLS L3VPN that uses a GRE tunnel
Network requirements

CE 1 and CE 2 belong to VPN 1. The PEs support MPLS. The P router does not support MPLS and
provides only IP functions.

On the backbone, use a GRE tunnel to encapsulate and forward VPN packets to implement MPLS
L3VPN.

Configure tunneling policies on the PEs and specify the tunnel type for VPN traffic as GRE.

295

Figure 76 Network diagram

Device

Interface

IP address

Device

Interface

IP address

CE 1

GE3/1/1

10.1.1.1/24

P

POS5/1/1

172.1.1.2/24

PE 1

Loop0

1.1.1.9/32

POS5/1/2

172.2.1.1/24

CE 2

GE3/1/1

10.1.1.2/24

Loop0

2.2.2.9/32

POS5/1/2

172.1.1.1/24

PE 2

GE3/1/1

10.2.1.2/24

Tunnel0

20.1.1.1/24

POS5/1/1

172.2.1.2/24

GE3/1/1

10.2.1.1/24

Tunnel0

20.1.1.2/24

Configuration procedure
1.

Configure an IGP (such as OSPF) on the MPLS backbone to ensure IP connectivity within the
backbone.
After you complete the configurations, OSPF adjacencies are established between PE 1, P, and PE
2. Issue the display ospf peer command. The output shows that the adjacency status is Full. Issue
the display ip routing-table command. The output shows that the PEs have learned the loopback
route of each other.

2.

Enable basic MPLS on the PEs
# Configure PE 1.
<PE1> system-view
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit

# Configure PE 2.
<PE2> system-view
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit

3.

Configure VPN instances on PEs to allow CEs to access, and apply tunneling policies to the VPN
instances, using a GRE tunnel for VPN packet forwarding
# Configure PE 1.
296

[PE1] tunnel-policy gre1
[PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE1-tunnel-policy-gre1] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] tnl-policy gre1
[PE1-vpn-instance-vpn1] quit
[PE1] interface GigabitEthernet 3/1/1
[PE1-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-GigabitEthernet3/1/1] quit

# Configure PE 2.
[PE2] tunnel-policy gre1
[PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE2-tunnel-policy-gre1] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] tnl-policy gre1
[PE2-vpn-instance-vpn1] quit
[PE2] interface GigabitEthernet 3/1/1
[PE2-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet3/1/1] ip address 10.2.1.2 24
[PE2-GigabitEthernet3/1/1] quit

# Configure CE 1.
<CE1> system-view
[CE1] interface GigabitEthernet 3/1/1
[CE1-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[CE1-GigabitEthernet3/1/1] quit

# Configure CE 2.
<CE2> system-view
[CE2] interface GigabitEthernet 3/1/1
[CE2-GigabitEthernet3/1/1] ip address 10.2.1.1 24
[CE2-GigabitEthernet3/1/1] quit

After completing the configurations, issue the display ip vpn-instance command on the PEs to view
the configuration of the VPN instance. Use the ping command to test connectivity between the PEs
and their attached CEs. The PEs can ping their attached CEs. The following takes PE 1 as an
example:
[PE1] display ip vpn-instance
Total VPN-Instances configured : 1
VPN-Instance Name
vpn1

RD

Create Time

100:1

2006/08/13 09:32:45

[PE1] ping -vpn-instance vpn1 10.1.1.1
PING 10.1.1.1: 56

data bytes, press CTRL_C to break

Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=27 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=33 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=7 ms

297

Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=29 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms
--- 10.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 7/21/33 ms

4.

Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit

# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpn1] peer 10.1.1.1 next-hop-local
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] quit

NOTE:
The configurations for CE 2 are similar to those for CE 1 and the configurations for PE 2 are similar to
those for PE 1. (Details not shown)
After completing the configuration, issue the display bgp vpnv4 vpn-instance peer command on
the PEs. The output shows that BGP peer relationship has been established between PE and CE,
and has reached the Established state.
The following takes PE 1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1
Peer
10.1.1.1

5.

AS

MsgRcvd

65410

Peers in established state : 1
MsgSent

OutQ

PrefRcv

5

0

1

5

Configure an MP-IBGP peers between PEs
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit

298

Up/Down

State

00:02:03 Established

(Details not shown) After completing the configuration.9/32 Direct 0 Cost NextHop Interface 0 127.1.0/24 BGP 0 10.2.1 InLoop0 10.0/8 Direct 0 0 127.1 GE3/1/1 Direct 0 0 127.2.2.1. [PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.0.1.1.0.1.1/32 Direct 0 0 127.1.1.0. the CEs can learn the interface routes from each other.1. [PE2] interface tunnel 0 [PE2-Tunnel0] tunnel-protocol gre [PE2-Tunnel0] source loopback 0 [PE2-Tunnel0] destination 1.9 [PE2-Tunnel0] ip address 20. issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The following takes CE 1 as an example: [CE1] display ip routing-table Routing Tables: Public Destinations : 5 Destination/Mask Proto 10.2 24 [PE2-Tunnel0] mpls [PE2-Tunnel0] quit 7.0.0.1.1.1.1. The output shows that BGP peer relationship has been established between the PEs.2.0.2 GE3/1/1 127.1.0/24 10.0.1.1 InLoop0 255 The following takes PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre 1.1. and has reached the Established state.0. Peers in established state : 1 AS MsgRcvd MsgSent OutQ PrefRcv 100 3 3 0 1 Up/Down State 00:00:34 Established Configure a GRE tunnel # Configure PE 1.9 6. [PE1] interface tunnel 0 [PE1-Tunnel0] tunnel-protocol gre [PE1-Tunnel0] source loopback 0 [PE1-Tunnel0] destination 2.NOTE: The configurations for PE 2 are similar to those for PE 1.9 [PE1-Tunnel0] ip address 20.9 Local AS number : 100 Total number of peers : 1 Peer 2.2.0.1.0.0.1 24 [PE1-Tunnel0] mpls [PE1-Tunnel0] quit # Configure PE 2.1 InLoop0 127. Verify your configurations After you complete the configurations.1/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 10.1.0.1.1 InLoop0 299 .

1.1.1 POS5/1/2 172.0.1: bytes=56 Sequence=3 ttl=253 time=68 ms Reply from 10. [CE1] ping 10.0.0/24 Direct 0 0 172.1.2 GE3/1/1 Direct 0 0 127.1.0.1: bytes=56 Sequence=4 ttl=253 time=68 ms Reply from 10. That is.2/32 10.1.0.0.0.0.1.1.1.2 POS5/1/2 10 [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 3 Destination/Mask Proto 10.0/24 Routes : 3 Pre Cost NextHop Interface Direct 0 0 10.0/8 Direct 0 0 127.2.2.2.10.2.2 POS5/1/2 172.1: bytes=56 Sequence=2 ttl=253 time=69 ms Reply from 10.1.1.1.0.1 InLoop0 172. press CTRL_C to break Reply from 10.0.1: 56 data bytes.0.1.2.1.2.2.1.2. 300 .2.1.1. the VRF-to-VRF method is used to manage VPN routes.1.1.1.2.1.0/24 10.1/32 Direct 0 0 127.1. • Inter-AS MPLS L3VPN is implemented using option A.1.2.1.1.1/32 Direct 0 0 127.0.1 InLoop0 127.1 InLoop0 172.2.1.1.2.1.1.1 Tunnel0 20.1. • The MPLS backbone in each AS runs OSPF.1 PING 10.1.2 POS5/1/2 10.1 Tunnel0 20.1.2/32 Direct 0 0 172.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1 InLoop0 BGP 0 2.1: bytes=56 Sequence=5 ttl=253 time=67 ms --.0/24 Static 60 10 0 20.1.0/24 Direct 0 0 20.0.1/32 Direct 0 0 127.1.9 NULL0 255 The CEs can ping each other.0.1.1.1.2.0/24 OSPF 3124 172.00% packet loss round-trip min/avg/max = 41/62/69 ms Configuring inter-AS option A Network requirements • CE 1 and CE 2 belong to the same VPN.9/32 OSPF 3125 172.1: bytes=56 Sequence=1 ttl=253 time=41 ms Reply from 10.1.1 InLoop0 127.0.2. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200.2.1.1.

3.1.1.2/24 POS2/1/2 192.1.1.1.Figure 77 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 POS2/1/2 POS2/1/1 Loop0 POS2/1/2 ASBR-PE 2 ASBR-PE 1 POS2/1/1 POS2/1/1 Loop0 POS2/1/1 PE 2 PE 1 GE4/1/2 GE4/1/2 GE4/1/1 GE4/1/1 CE 1 CE 2 AS 65001 Device AS 65002 Interface IP address CE 1 GE4/1/1 10.1.1.1.2/24 POS2/1/1 162.1.2/24 GE4/1/2 10. <PE1> system-view [PE1] mpls lsr-id 1. (Details not shown) NOTE: The 32-bit loopback interface address used as the LSR ID needs to be advertised by OSPF.2/24 ASBR-PE1 Device ASBR-PE2 Interface IP address Configuration procedure 1.9/32 PE 2 Loop0 4.9/32 POS2/1/1 172.1/24 CE 2 GE4/1/1 10.1.3.1. 2. Each ASBR PE and the PE in the same AS can ping each other.2.1/24 Loop0 2.9/32 GE4/1/2 10. each ASBR PE and the PE in the same AS can establish OSPF adjacencies.1.1.1.4.1/24 PE 1 Loop0 1.1. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs # Configure basic MPLS on PE 1 and enable MPLS LDP on the interface connected to ASBR PE 1. Configure an IGP (such as OSPF) on the MPLS backbone to ensure IP connectivity in the backbone.1.2/24 POS2/1/1 172.4.1.2.9/32 Loop0 3. The output shows that the adjacencies reach the Full state.1. and that PEs can learn the routes to the loopback interfaces of each other.1/24 POS2/1/2 192.1.2.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit 301 .1/24 POS2/1/1 162.1. Issue the display ospf peer verbose command.1. After you complete the configurations.1.2.

the VPN targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations.2. This is not required for PEs in different ASs.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface pos2/1/1 [ASBR-PE2-POS2/1/1] clock master [ASBR-PE2-POS2/1/1] mpls [ASBR-PE2-POS2/1/1] mpls ldp [ASBR-PE2-POS2/1/1] quit # Configure basic MPLS on PE 2 and enable MPLS LDP on the interface connected to ASBR PE 2.2. each PE and the ASBR PE in the same AS can establish neighbor relationship.4. <ASBR-PE2> system-view [ASBR-PE2] mpls lsr-id 3.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos2/1/1 [ASBR-PE1-POS2/1/1] clock master [ASBR-PE1-POS2/1/1] mpls [ASBR-PE1-POS2/1/1] mpls ldp [ASBR-PE1-POS2/1/1] quit # Configure basic MPLS on ASBR PE 2 and enable MPLS LDP on the interface connected to PE 2. The output shows that the session status is Operational.4. 302 . 3.3.[PE1] interface pos2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit # Configure basic MPLS on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1. Issue the display mpls ldp session command on the devices. <PE2> system-view [PE2] mpls lsr-id 4. Configure VPN instances on PEs to allow CEs to access the network NOTE: For the same VPN.

1 24 [CE2-GigabitEthernet4/1/1] quit # Configure PE 2.1.# Configure CE 1.2.1.2 24 [PE1-GigabitEthernet4/1/2] quit # Configure CE 2.2 24 [PE2-GigabitEthernet4/1/2] quit # Configure ASBR PE 1.1. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:2 [PE2-vpn-instance-vpn1] vpn-target 100:1 both [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/2] ip address 10. creating a VPN instance and binding the instance to the interface connected to ASBR PE 2. [ASBR-PE2] ip vpn-instance vpn1 [ASBR-PE2-vpn-vpn1] route-distinguisher 200:1 [ASBR-PE2-vpn-vpn1] vpn-target 100:1 both [ASBR-PE2-vpn-vpn1] quit [ASBR-PE2] interface POS 2/1/2 [ASBR-PE2-POS2/1/2] ip binding vpn-instance vpn1 303 . [ASBR-PE1] ip vpn-instance vpn1 [ASBR-PE1-vpn-vpn1] route-distinguisher 100:1 [ASBR-PE1-vpn-vpn1] vpn-target 100:1 both [ASBR-PE1-vpn-vpn1] quit [ASBR-PE1] interface POS 2/1/2 [ASBR-PE1-POS2/1/2] clock master [ASBR-PE1-POS2/1/2] ip binding vpn-instance vpn1 [ASBR-PE1-POS2/1/2] ip address 192.1 24 [ASBR-PE1-POS2/1/2] quit # Configure ASBR PE 2. <CE1> system-view [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 10. creating a VPN instance and binding the instance to the interface connected to ASBR PE 1.1.1. ASBR PE 1 considers ASBR PE 2 its CE.2.1. ASBR PE 2 considers ASBR PE 1 its CE. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/2] ip address 10.1. <CE2> system-view [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 10.1 24 [CE1-GigabitEthernet4/1/1] quit # Configure PE 1.1.

1 as-number 65002 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit 5.1.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.9 next-hop-local [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure ASBR-PE 1.2. [PE1] bgp 100 [PE1-bgp] peer 2.2.1.2 as-number 200 [CE2-bgp] import-route direct [CE2-bgp] quit # Configure PE 2.2 as-number 200 [ASBR-PE1-bgp-vpn1] quit 304 .2.1. [CE2] bgp 65002 [CE2-bgp] peer 10.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure PE 1.[ASBR-PE2-POS2/1/2] ip address 192.1.1.1.2.2.1.2.2. The PEs can ping their attached CEs and the ASBR PEs can ping each other. view the VPN instance configurations by issuing the display ip vpn-instance command. Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed # Configure CE 1.1.1 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2.2. [CE1] bgp 65001 [CE1-bgp] peer 10.2 24 [ASBR-PE2-POS2/1/2] quit After completing the configurations.9 enable [PE1-bgp-af-vpnv4] peer 2. 4. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.2.9 as-number 100 [PE1-bgp] peer 2.1. Establish an MP-IBGP peer relationship between each PE and the ASBR-PE in the same AS and an EBGP peer relationship between the ASBR PEs # Configure PE 1. [PE2] bgp 200 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE1-bgp-vpn1] peer 192.2.

3.9 next-hop-local [ASBR-PE2-bgp-af-vpnv4] quit [ASBR-PE2-bgp] quit # Configure PE 2.4.9 enable [PE2-bgp-af-vpnv4] peer 3. the CEs can learn the interface routes from each other and ping each other. CE 1 of Site 1 accesses the network through PE 1 in AS 100 and CE 2 of Site 2 accesses the network through PE 2 in AS 600.3.3.1.4.1.1.9 next-hop-local [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2.1.1.4.9 as-number 100 [ASBR-PE1-bgp] peer 1. • ASBRs do not perform VPN target filtering of received VPN-IPv4 routes.1.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4. • PEs in the same AS run IS-IS.1.4.9 enable [ASBR-PE2-bgp-af-vpnv4] peer 4.4. • PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP. • PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP.1.9 next-hop-local [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit 6. Configuring inter-AS option B Network requirements • Site 1 and Site 2 belong to the same VPN.[ASBR-PE1-bgp] peer 1.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] peer 4.3.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 3.3.9 enable [ASBR-PE1-bgp-af-vpnv4] peer 1. 305 . • ASBR-PE 1 and ASBR-PE 2 exchange labeled IPv4 routes by MP-EBGP. Verify your configurations After you complete the configurations.9 as-number 200 [PE2-bgp] peer 3.9 as-number 200 [ASBR-PE2-bgp] peer 4.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 1.3.3.4.4. [PE2] bgp 200 [PE2-bgp] peer 3. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.4.3.

9/32 POS2/1/1 1.2/8 POS2/1/2 11.4.0.1111.1111.0.1/8 GE4/1/1 20.00 [PE1-isis-1] quit # Configure LSR ID.1111.2 255.5.0.9 [PE1] mpls [PE1-mpls] label advertise non-null [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface POS 2/1/1.0.1.3.9/32 GE4/1/1 30. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.1.4.1.9/32 PE 2 Loop0 5.0.Figure 78 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2. [PE1] mpls lsr-id 2.2. and start IS-IS and enable MPLS and LDP on the interface.1.1.0.0.1/8 POS2/1/2 11.1/8 ASBR-PE 1 ASBR-PE 2 Configuration procedure 1.2.5.0.0.1/8 POS2/1/1 1.2/8 Loop0 3.3.1111.1.1.1.1.1/8 POS2/1/1 9. enable MPLS and LDP.2.9/32 Loop0 4.2/8 POS2/1/1 9.2.0.1.0 [PE1-POS2/1/1] isis enable 1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp 306 . [PE1] interface POS 2/1/1 [PE1-POS2/1/1] ip address 1. Configure PE 1 # Start IS-IS on PE 1.

Configure ASBR-PE 1 # Start IS-IS on ASBR-PE 1. <ASBR-PE1> system-view [ASBR-PE1] isis 1 [ASBR-PE1-isis-1] network-entity 10.9 as-number 100 [PE1-bgp] peer 3. enable MPLS and LDP.2222.0. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.3.3.[PE1-POS2/1/1] quit # Configure interface Loopback 0 and start IS-IS on it.3.3.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] label advertise non-null [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit # Configure interface POS 2/1/1.3. [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ip address 30. [ASBR-PE1] mpls lsr-id 3.2222.00 [ASBR-PE1-isis-1] quit # Configure LSR ID. [PE1-bgp] peer 3.2.2222.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.9 as a VPNv4 peer.2. [ASBR-PE1] interface POS 2/1/1 [ASBR-PE1-POS2/1/1] clock master 307 .3. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Bind the interface connected with CE 1 to the created VPN instance. [PE1] bgp 100 # Configure IBGP peer 3.2222.3.3. and start IS-IS and enable MPLS and LDP on the interface.1 8 [PE1-GigabitEthernet4/1/1] quit # Start BGP on PE 1.0.9 enable [PE1-bgp-af-vpnv4] quit # Redistribute direct routes to the VPN routing table of vpn1.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit 2.3.

222.2.0.2. enable MPLS and LDP.0.4.0 [ASBR-PE2-POS2/1/1] isis enable 1 308 . [ASBR-PE2] interface POS 2/1/1 [ASBR-PE2-POS2/1/1] clock master [ASBR-PE2-POS2/1/1] ip address 9.3.4.3.[ASBR-PE1-POS2/1/1] ip address 1. <ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.9 enable [ASBR-PE1-bgp-af-vpnv4] quit 3. and start IS-IS and enable MPLS and LDP on the interface.2.0.0. [ASBR-PE1] interface POS 2/1/2 [ASBR-PE1-POS2/1/2] clock master [ASBR-PE1-POS2/1/2] ip address 11.0.2.1 255.1.2.0.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Start BGP on ASBR-PE 1.1.0 [ASBR-PE1-POS2/1/1] isis enable 1 [ASBR-PE1-POS2/1/1] mpls [ASBR-PE1-POS2/1/1] mpls ldp [ASBR-PE1-POS2/1/1] quit # Configure interface POS 2/1/2 and enable MPLS.2. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.222.0 and EBGP peer 11.1 as VPNv4 peers.0.0 [ASBR-PE1-POS2/1/2] mpls [ASBR-PE1-POS2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it.0.222.2.1 as-number 600 # Specify not to filter the received VPNv4 routes using the import target attribute.9 connect-interface loopback 0 [ASBR-PE1-bgp] peer 11. [ASBR-PE1-bgp-af-vpnv4] peer 11.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface POS 2/1/1.1 enable [ASBR-PE1-bgp-af-vpnv4] peer 2. [ASBR-PE2] mpls lsr-id 4.0.0.1.0. [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] undo policy vpn-target # Configure both IBGP peer 2.2.00 [ASBR-PE2-isis-1] quit # Configure LSR ID.9 as-number 100 [ASBR-PE1-bgp] peer 2.2 255.222.0.0. Configure ASBR-PE 2 # Start IS-IS on ASBR-PE 2.0.1 255.

9 enable [ASBR-PE2-bgp-af-vpnv4] quit [ASBR-PE2-bgp] quit 4.9 connect-interface loopback 0 # Specify not to filter the received VPNv4 routes using the import target attribute.5.1111.[ASBR-PE2-POS2/1/1] mpls [ASBR-PE2-POS2/1/1] mpls ldp [ASBR-PE2-POS2/1/1] quit # Configure interface POS 2/1/2 and enable MPLS.4.00 [PE2-isis-1] quit # Configure LSR ID. and start IS-IS and enable MPLS and LDP on the interface.1. [ASBR-PE2-bgp-af-vpnv4] peer 11.0. enable MPLS and LDP.0.1 255.5. [PE2] mpls lsr-id 5.9 and EBGP peer 11. Configure PE 2 # Start IS-IS on PE 2.0 [PE2-POS2/1/1] isis enable 1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit 309 .1111.0 [ASBR-PE2-POS2/1/2] mpls [ASBR-PE2-POS2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it.5.2 as-number 100 [ASBR-PE2-bgp] peer 5.5.2 255.5.5. [PE2] interface POS 2/1/1 [PE2-POS2/1/1] ip address 9.0.1111.1.2 as VPNv4 peers.0.4.0.5.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Start BGP on ASBR-PE 2.9 [PE2] mpls [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface POS 2/1/1. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4. [ASBR-PE2] interface POS 2/1/2 [ASBR-PE2-POS2/1/2] ip address 11.0.0.5.0. [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] undo policy vpn-target # Configure both IBGP peer 5.2 enable [ASBR-PE2-bgp-af-vpnv4] peer 5.9 as-number 600 [ASBR-PE2-bgp] peer 5. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.1111.5.5.0.0. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.

The ping operation is successful. [PE1] ping –vpn-instance vpn1 20. Verify your configurations # After you complete the configurations.4.5.0. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected with CE 1 to the created VPN instance.4.0.0.9 as-number 600 [PE2-bgp] peer 4.4. • PEs in the same AS run IS-IS.5. 310 .4.0. ping PE 1 from PE 2. [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ip address 20. [PE2] ping –vpn-instance vpn1 30. [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit 5.1 8 [PE2-GigabitEthernet4/1/1] quit # Start BGP on PE 2. • PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP. [PE2-bgp] peer 4. • PE 1 and PE 2 are MP-EBGP peers.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 4. The ping operation is successful.9 enable [PE2-bgp-af-vpnv4] quit # Redistribute direct routes to the VPN routing table of vpn1. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.1 Configuring inter-AS option C Network requirements • Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100 and Site 2 accesses the network through PE 2 in AS 600.# Configure interface Loopback 0 and start IS-IS on it.1 # Ping PE 2 from PE 1.0.4.0.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes. [PE2] bgp 600 # Configure IBGP peer 4.4. • PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP.9 as a VPNv4 peer.4.4.

1.• ASBR-PE 1 and ASBR-PE 2 use their respective routing policies and label the routes received from each other.2/8 POS4/1/2 11.1.5. [PE1] interface POS 4/1/1 [PE1-POS4/1/1] ip address 1.9/32 1.1.1.00 [PE1-isis-1] quit # Configure LSR ID.3.0. Configure PE 1 # Run IS-IS on PE 1.4.1/8 11.2.0.4.0.9/32 PE 2 Loop1 30. [PE1] mpls lsr-id 2.2.1/8 POS4/1/1 9.0.1/8 ASBR-PE 2 Configuration procedure 1.3.1111.2 ASBR-PE 1 POS4/1/1 1.1.1.1111.1111.1.2 POS4/1/1 9.0. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.0.1111.1.0.2.0. 311 .0.2. Figure 79 Network diagram Device Interface IP address Device PE 1 Loop0 2. enable MPLS and LDP.1.0 [PE1-POS4/1/1] isis enable 1 [PE1-POS4/1/1] mpls [PE1-POS4/1/1] mpls ldp [PE1-POS4/1/1] quit # Configure interface Loopback 0 and start IS-IS on it.5.2 255.0.9/32 POS4/1/1 POS4/1/2 Interface IP address Loop0 5.9/32 Loop1 20.2/8 Loop0 4.2/8 Loop0 3. • ASBR-PE 1 and ASBR-PE 2 use MP-EBGP to exchange labeled IPv4 routes.9 [PE1] mpls [PE1-mpls] label advertise non-null [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface POS 4/1/1. and start IS-IS and enable MPLS and LDP on the interface.1.

[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit

# Create VPN instance vpn1 and configure the RD and VPN target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1] quit

# Configure interface Loopback 1 and bind the interface to VPN instance vpn1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip binding vpn-instance vpn1
[PE1-LoopBack1] ip address 30.0.0.1 32
[PE1-LoopBack1] quit

# Start BGP on PE 1.
[PE1] bgp 100

# Configure the capability to advertise labeled routes to IBGP peer 3.3.3.9 and to receive labeled
routes from the peer.
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp] peer 3.3.3.9 label-route-capability

# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.
[PE1-bgp] peer 5.5.5.9 as-number 600
[PE1-bgp] peer 5.5.5.9 connect-interface loopback 0
[PE1-bgp] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 5.5.5.9 enable
[PE1-bgp-af-vpnv4] quit

# Redistribute direct routes to the routing table of vpn1.
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] quit

2.

Configure ASBR-PE 1
# Start IS-IS on ASBR-PE 1.
<ASBR-PE1> system-view
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.2222.2222.2222.2222.00
[ASBR-PE1-isis-1] quit

# Configure LSR ID, enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls
[ASBR-PE1-mpls] label advertise non-null
[ASBR-PE1-mpls] quit

312

[ASBR-PE1] mpls ldp
[ASBR-PE1-mpls-ldp] quit

# Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface.
[ASBR-PE1] interface POS 4/1/1
[ASBR-PE1-POS4/1/1] clock master
[ASBR-PE1-POS4/1/1] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-POS4/1/1] isis enable 1
[ASBR-PE1-POS4/1/1] mpls
[ASBR-PE1-POS4/1/1] mpls ldp
[ASBR-PE1-POS4/1/1] quit

# Configure interface POS 4/1/2 and enable MPLS on it.
[ASBR-PE1] interface POS 4/1/2
[ASBR-PE1-POS4/1/2] clock master
[ASBR-PE1-POS4/1/2] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-POS4/1/2] mpls
[ASBR-PE1-POS4/1/2] quit

# Configure interface Loopback 0 and start IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit

# Create routing policies.
[ASBR-PE1] route-policy policy1 permit node 1
[ASBR-PE1-route-policy1] apply mpls-label
[ASBR-PE1-route-policy1] quit
[ASBR-PE1] route-policy policy2 permit node 1
[ASBR-PE1-route-policy2] if-match mpls-label
[ASBR-PE1-route-policy2] apply mpls-label
[ASBR-PE1-route-policy2] quit

# Start BGP on ASBR-PE 1 and redistribute routes from IS-IS process 1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] import-route isis 1

# Use routing policy policy2 to filter routes advertised to IBGP peer 2.2.2.9.
[ASBR-PE1-bgp] peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp] peer 2.2.2.9 route-policy policy2 export

# Configure the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled
routes from the peer.
[ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp] peer 2.2.2.9 label-route-capability

# Use routing policy policy1 to filter routes advertised to EBGP peer 11.0.0.1.
[ASBR-PE1-bgp] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp] peer 11.0.0.1 route-policy policy1 export

# Configure the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive
labeled routes from the peer.
[ASBR-PE1-bgp] peer 11.0.0.1 label-route-capability
[ASBR-PE1-bgp] quit

313

3.

Configure ASBR-PE 2
# Start IS-IS on ASBR-PE 2.
<ASBR-PE2> system-view
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.2222.2222.2222.2222.00
[ASBR-PE2-isis-1] quit

# Configure LSR ID, enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls
[ASBR-PE2-mpls] label advertise non-null
[ASBR-PE2-mpls] quit
[ASBR-PE2] mpls ldp
[ASBR-PE2-mpls-ldp] quit

# Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface.
[ASBR-PE2] interface POS 4/1/1
[ASBR-PE2-POS4/1/1] clock master
[ASBR-PE2-POS4/1/1] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-POS4/1/1] isis enable 1
[ASBR-PE2-POS4/1/1] mpls
[ASBR-PE2-POS4/1/1] mpls ldp
[ASBR-PE2-POS4/1/1] quit

# Configure interface Loopback 0 and start IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit

# Configure interface POS 4/1/2 and enable MPLS on it.
[ASBR-PE2] interface POS 4/1/2
[ASBR-PE2-POS4/1/2] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-POS4/1/2] mpls
[ASBR-PE2-POS4/1/2] quit

# Create routing policies.
[ASBR-PE2] route-policy policy1 permit node 1
[ASBR-PE2-route-policy1] apply mpls-label
[ASBR-PE2-route-policy1] quit
[ASBR-PE2] route-policy policy2 permit node 1
[ASBR-PE2-route-policy2] if-match mpls-label
[ASBR-PE2-route-policy2] apply mpls-label
[ASBR-PE2-route-policy2] quit

# Start BGP on ASBR-PE 2 and redistribute routes from IS-IS process 1.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp] import-route isis 1

# Configure the capability to advertise labeled routes to IBGP peer 5.5.5.9 and to receive labeled
routes from the peer.
[ASBR-PE2-bgp] peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0
[ASBR-PE2-bgp] peer 5.5.5.9 label-route-capability

314

# Use routing policy policy2 to filter routes advertised to IBGP peer 5.5.5.9.
[ASBR-PE2-bgp] peer 5.5.5.9 route-policy policy2 export

# Use routing policy policy1 to filter routes advertised to EBGP peer 11.0.0.2.
[ASBR-PE2-bgp] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export

# Configure the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive
labeled routes from the peer.
[ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability
[ASBR-PE2-bgp] quit

4.

Configure PE 2
# Start IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] network-entity 10.1111.1111.1111.1111.00
[PE2-isis-1] quit

# Configure LSR ID, enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls
[PE2-mpls] label advertise non-null
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit

# Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface.
[PE2] interface POS 4/1/1
[PE2-POS4/1/1] ip address 9.1.1.2 255.0.0.0
[PE2-POS4/1/1] isis enable 1
[PE2-POS4/1/1] mpls
[PE2-POS4/1/1] mpls ldp
[PE2-POS4/1/1] quit

# Configure interface Loopback 0 and start IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit

# Create VPN instance vpn1 and configure the RD and VPN target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 11:11
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1] quit

# Configure interface Loopback 1 and bind the interface to VPN instance vpn1.
[PE2] interface loopback 1
[PE2-LoopBack1] ip binding vpn-instance vpn1
[PE2-LoopBack1] ip address 20.0.0.1 32
[PE2-LoopBack1] quit

# Start BGP on PE 2.
315

[PE2] bgp 600

# Configure the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled
routes from the peer.
[PE2-bgp] peer 4.4.4.9 as-number 600
[PE2-bgp] peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp] peer 4.4.4.9 label-route-capability

# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.
[PE2-bgp] peer 2.2.2.9 as-number 100
[PE2-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE2-bgp-af-vpnv4] quit

# Redistribute direct routes to the routing table of vpn1.
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
[PE2-bgp] quit

After you complete the configurations, PE 1 and PE 2 can ping each other:
[PE2] ping –vpn-instance vpn1 30.0.0.1
[PE1] ping –vpn-instance vpn1 20.0.0.1

Configuring carrier’s carrier
Network requirements
Configure carrier’s carrier for the scenario shown in Figure 80. In this scenario:

PE 1 and PE 2 are the provider carrier’s PE routers. They provide VPN services for the customer
carrier.

CE 1 and CE 2 are the customer carrier’s routers. They are connected to the provider carrier’s
backbone as CE routers.

PE 3 and PE 4 are the customer carrier’s PE routers. They provide MPLS L3VPN services for the end
customers.

CE 3 and CE 4 are customers of the customer carrier.

The key to carrier’s carrier deployment is to configure exchange of two kinds of routes:

Exchange of the customer carrier’s internal routes on the provider carrier’s backbone.

Exchange of the end customers’ VPN routes between PE 3 and PE 4, the PEs of the customer carrier.
In this process, an MP-IBGP peer relationship must be established between PE 3 and PE 4.

316

Figure 80 Network diagram

Device

Interface

IP address

Device

Interface

IP address

CE 3

GE4/1/1

100.1.1.1/24

CE 4

GE4/1/1

120.1.1.1/24

PE 3

Loop0

1.1.1.9/32

PE 4

Loop0

6.6.6.9/32

CE 1

PE 1

GE4/1/1

100.1.1.2/24

GE4/1/1

120.1.1.2/24

POS2/1/2

10.1.1.1/24

POS2/1/2

20.1.1.2/24

Loop0

2.2.2.9/32

Loop0

5.5.5.9/32

POS2/1/1

10.1.1.2/24

POS2/1/1

21.1.1.2/24

POS2/1/2

11.1.1.1/24

POS2/1/2

20.1.1.1/24

CE 2

Loop0

3.3.3.9/32

Loop0

4.4.4.9/32

POS2/1/1

11.1.1.2/24

PE 2

POS2/1/1

30.1.1.2/24

POS2/1/2

30.1.1.1/24

POS2/1/2

21.1.1.1/24

Configuration procedure
1.

Configure MPLS L3VPN on the provider carrier backbone: start IS-IS as the IGP, enable LDP
between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs
# Configure PE 1.
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 3.3.3.9 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 3.3.3.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE1-isis-1] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis enable 1

317

[PE1-LoopBack0] quit
[PE1] interface POS 2/1/2
[PE1-POS2/1/2] ip address 30.1.1.1 24
[PE1-POS2/1/2] isis enable 1
[PE1-POS2/1/2] mpls
[PE1-POS2/1/2] mpls ldp
[PE1-POS2/1/2] mpls ldp transport-address interface
[PE1-POS2/1/2] quit
[PE1] bgp 100
[PE1-bgp] peer 4.4.4.9 as-number 100
[PE1-bgp] peer 4.4.4.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 4.4.4.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit

NOTE:
The configurations for PE 2 are similar to those for PE 1. (Details not shown)
After completing the configurations, issue the display mpls ldp session command on PE 1 or PE 2;
the output shows that the LDP session has been successfully established. Issue the display bgp peer
command; the output shows that the BGP peer relationship has been established and has reached
the Established state. Issue the display isis peer command; the output shows that the IS-IS neighbor
relationship has been set up. Take PE 1 as an example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
---------------------------------------------------------------Peer-ID

Status

LAM

SsnRole

FT

MD5

KA-Sent/Rcv

---------------------------------------------------------------4.4.4.9:0

Operational

DU

Active

Off

Off

378/378

---------------------------------------------------------------LAM : Label Advertisement Mode

FT

: Fault Tolerance

[PE1] display bgp peer
BGP local router ID : 3.3.3.9
Local AS number : 100
Total number of peers : 1
Peer
4.4.4.9

Peers in established state : 1

AS

MsgRcvd

MsgSent

OutQ

PrefRcv

100

162

145

0

0

Up/Down

State

02:12:47 Established

[PE1] display isis peer
Peer information for ISIS(1)
---------------------------System Id

Interface

0000.0000.0005 POS2/1/2

2.

Circuit Id
001

State HoldTime Type
Up

29s

L1L2

PRI
--

Configure the customer carrier network: start IS-IS as the IGP and enable LDP between PE 3 and CE
1, and between PE 4 and CE 2 respectively
# Configure PE 3.
<PE3> system-view
[PE3] interface loopback 0

318

[PE3-LoopBack0] ip address 1.1.1.9 32
[PE3-LoopBack0] quit
[PE3] mpls lsr-id 1.1.1.9
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] isis 2
[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00
[PE3-isis-2] quit
[PE3] interface loopback 0
[PE3-LoopBack0] isis enable 2
[PE3-LoopBack0] quit
[PE3] interface POS 2/1/2
[PE3-POS2/1/2] ip address 10.1.1.1 24
[PE3-POS2/1/2] isis enable 2
[PE3-POS2/1/2] mpls
[PE3-POS2/1/2] mpls ldp
[PE3-POS2/1/2] mpls ldp transport-address interface
[PE3-POS2/1/2] quit

# Configure CE 1.
<CE1> system-view
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 2.2.2.9 32
[CE1-LoopBack0] quit
[CE1] mpls lsr-id 2.2.2.9
[CE1] mpls
[CE1-mpls] quit
[CE1] mpls ldp
[CE1-mpls-ldp] quit
[CE1] isis 2
[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00
[CE1-isis-2] quit
[CE1] interface loopback 0
[CE1-LoopBack0] isis enable 2
[CE1-LoopBack0] quit
[CE1] interface pos2/1/1
[CE1-POS2/1/1] ip address 10.1.1.2 24
[CE1-POS2/1/1] isis enable 2
[CE1-POS2/1/1] mpls
[CE1-POS2/1/1] mpls ldp
[CE1-POS2/1/1] mpls ldp transport-address interface
[CE1-POS2/1/1] quit

After you complete the configurations, PE 3 and CE 1 can establish an LDP session and IS-IS neighbor
relationship between them.
NOTE:
The configurations for PE 4 and CE 2 are similar to those for PE 3 and CE 1. (Details not shown)
319

and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs. NOTE: The configurations for PE 2 and CE 2 are similar to those for PE 1 and CE 1. <CE3> system-view [CE3] interface GigabitEthernet 4/1/1 [CE3-GigabitEthernet4/1/1] ip address 100.1 24 [CE3-GigabitEthernet4/1/1] quit [CE3] bgp 65410 320 .1. # Configure CE 3.2 24 [PE1-POS2/1/1] isis enable 2 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] mpls ldp transport-address interface [PE1-POS2/1/1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import isis 2 [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1.1.1.0000.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] ip binding vpn-instance vpn1 [PE1-POS2/1/1] ip address 11. Perform configuration to allow CEs of the customer carrier to access PEs of the provider carrier. [CE1] interface POS 2/1/2 [CE1-POS2/1/2] ip address 11. (Details not shown) 4.0000. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10. PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.1. Perform configuration to connect CEs of the end customers to the PEs of the customer carrier.0000.1.1. # Configure PE 1.1 24 [CE1-POS2/1/2] isis enable 2 [CE1-POS2/1/2] mpls [CE1-POS2/1/2] mpls ldp [CE1-POS2/1/2] mpls ldp transport-address interface [CE1-POS2/1/2] quit After you complete the configurations.3.0003.

6.6.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 127.1 InLoop0 ISIS 10 30.2 as-number 100 [CE3-bgp] import-route direct [CE3-bgp] quit # Configure PE 3.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit [PE3-bgp] quit NOTE: The configurations for PE 4 and CE 4 are similar to those for PE 3 and CE 3.1.2 POS2/1/2 Direct 0 0 30.9 enable [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit NOTE: The configurations for PE 4 are similar to those for PE 3.0/24 30.1.6.1.1.1 InLoop0 15 321 . [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface GigabitEthernet 4/1/1 [PE3-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet4/1/1] ip address 100.1.[CE3-bgp] peer 100.3. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 3.1.6. [PE3] bgp 100 [PE3-bgp] peer 6.1.6.6.0.0.9/32 30.9 connect-interface loopback 0 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 6. (Details not shown) 5.9/32 4. Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers # Configure PE 3.4.1. Verify your configurations After completing all the configurations.4. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2.2 24 [PE3-GigabitEthernet4/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 100.3.9 as-number 100 [PE3-bgp] peer 6.1 POS2/1/2 Direct 0 0 127.1. (Details not shown) 6.1.1.0.0. issue the display ip routing-table command on PE 1 and PE 2.1.1.1.

1.1.2/32 ISIS 15 74 11.9 NULL0 6.1.0/24 BGP 255 0 4.0.6.5.1.9/32 ISIS 15 10 11.0.1.0.1.0.0.1.0.6.1.1.0.1.1.2 POS2/1/2 127.1/32 Direct 0 0 127.1.0/8 Direct 0 0 127.0.1.1.4.2/32 Direct 0 0 11.1.1.1 POS2/1/1 11.1 POS2/1/1 2.1.5.2.1. but the VPN routes that the customer carrier maintains are not.1.0.0.1.9/32 ISIS 15 20 11.9 NULL0 21.0.1.2 POS2/1/2 20.1.4.1 InLoop0 11.1 POS2/1/2 11.1.4.6.2 POS2/1/2 127.1 POS2/1/1 5.1.1.1.1.0.1.1 InLoop0 5.1.1.2/32 Direct 0 0 127.1.1 InLoop0 11.0.1.1.1 InLoop0 11. The output shows that the internal routes of the customer carrier network are present in the VPN routing tables.9/32 Direct 0 0 127.1/32 Direct 0 0 127.1.6. Take CE 1 as an example: [CE1] display ip routing-table Routing Tables: Public Destinations : 16 Routes : 16 Destination/Mask Proto Pre Cost NextHop Interface 1.1.4.2 POS2/1/1 2.1.1.1.0.1 POS2/1/1 11.0.0.1.0.4.2 POS2/1/1 10.1.0/24 BGP 255 0 4.1/32 Direct 0 0 127.2 POS2/1/2 21.1.0.1.0/24 ISIS 15 74 11.0/24 ISIS 15 20 11.1.5.9 NULL0 10.0. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost NextHop Interface 1.1.1/32 Direct 0 0 10. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.2.2/32 Direct 0 0 30.0/24 Direct 0 0 11.0.1.9/32 ISIS 15 74 11.2/32 BGP 255 0 4.1.1.9/32 ISIS 15 74 11.1 InLoop0 127.5.2 POS2/1/2 6.1/32 Direct 0 0 127.0/8 Direct 0 0 127.2/32 Direct 0 0 11.9 NULL0 Issue the display ip routing-table command on CE 1 and CE 2.1.4.2. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.1 POS2/1/1 10.1.1.1.0/24 Direct 0 0 11.1.1.0.2 POS2/1/2 21.1.1.1.1.9/32 BGP 255 0 4.1.1.1 InLoop0 Issue the display ip routing-table vpn-instance command on PE 1 and PE 2.0.1.1.1.1.1.30. Take PE 3 as an example: [PE3] display ip routing-table Routing Tables: Public 322 .1.1 InLoop0 127.4.1.4.1.1 InLoop0 Issue the display ip routing-table command on PE 3 and PE 4.2.4.9 NULL0 21.0.1. but the VPN routes that the customer carrier maintains are not.2 POS2/1/1 20.4.0/24 Direct 0 0 10.0/24 ISIS 15 74 11.1.9/32 ISIS 15 10 10.0.2 POS2/1/2 10.1.9/32 BGP 255 0 4.

0.1.1.0.1.1.1.2 POS2/1/2 5.2/32 120.0.0/24 ISIS 15 84 10.1.1.2 POS2/1/2 127.1.1.1.1.0/24 Direct 0 0 10.0.2.2 GE4/1/1 Direct 0 0 127.1.1.Destinations : 11 Destination/Mask Proto 1.9/32 ISIS 15 84 10.0/24 100.1.1. The output shows that the routes of the remote VPN customers are present in the VPN routing tables.2.0.1.2: bytes=56 Sequence=5 ttl=252 time=60 ms --.1.1.1: 56 data bytes.1 InLoop0 BGP 0 6.9/32 Routes : 11 Pre Cost NextHop Interface Direct 0 0 127.1.0/24 ISIS 15 84 10.1.1.9/32 ISIS 15 84 10.0.1.9/32 2.1.1.00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping 120.1.1.1.1.1.0.1 POS2/1/2 10.1.2 POS2/1/2 20.1.1.2/32 ISIS 15 84 10.1.0/24 Routes : 3 Pre Cost NextHop Interface Direct 0 0 100.1 InLoop0 ISIS 15 10 10.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.6.1 InLoop0 Issue the display ip routing-table vpn-instance command on PE 3 and PE 4.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120.1.1/32 Direct 0 0 127.1.20.5.1.1.1.1 PING 120.1.1. press CTRL_C to break Reply from 20.2: bytes=56 Sequence=3 ttl=252 time=83 ms Reply from 20.2 POS2/1/2 21.1 InLoop0 10.2 POS2/1/2 6.2: bytes=56 Sequence=1 ttl=252 time=127 ms Reply from 20.1.2 POS2/1/2 11.0/24 ISIS 15 20 10.2/32 Direct 0 0 10.1.1.1.0.1: bytes=56 Sequence=5 ttl=252 time=87 ms 323 .1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.2 POS2/1/2 21.1.1 InLoop0 127.1.1.1.1.6.1.0.1.1.1.5.6.0/8 Direct 0 0 127.0.1. press CTRL_C to break Reply from 120.2 PING 20.1. Take PE 3 as an example: [PE3] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 3 Destination/Mask Proto 100.2: bytes=56 Sequence=4 ttl=252 time=70 ms Reply from 20.0.1.1.1.6.1/32 Direct 0 0 127.0.9 NULL0 255 PE 3 and PE 4 can ping each other: [PE3] ping 20.1.1.1.0.2: 56 data bytes.2: bytes=56 Sequence=2 ttl=252 time=97 ms Reply from 20.0.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.1.2 POS2/1/2 10.1.1.1.1.1.

1/24 324 .1.9/32 CE 2 Loop0 5. • To implement exchange of sub-VPN routes between customer PEs and service provider PEs.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. • PE 3 and PE 4 are PE devices of the customer VPN.1. as shown in Figure 81. Both of them support VPNv4 routes.2/24 POS5/1/1 21.1.1. • CE 3 through CE 6 are CE devices of sub-VPNs for the customer VPN. The key of nested VPN configuration is to understand the processing of routes of sub-VPNs on the service provider PEs.00% packet loss round-trip min/avg/max = 69/90/105 ms Configuring nested VPN Network requirements The service provider provides nested VPN services for users.5. which is described as follows: • When receiving a VPNv4 route from a CE (CE 1 or CE 2 in this example).120.2/24 POS5/1/2 11.1/24 POS5/1/2 20.1.2. and then forwards the VPNv4 route as usual. Both of them support MPLS L3VPN. Figure 81 Network diagram Device Interface IP address Device Interface IP address CE 1 Loop0 2. Both of them support the nested VPN function.--.1.1. a service provider PE replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider network where the CE resides.1. where: • PE 1 and PE 2 are PE devices on the service provider backbone.5. MP-EBGP peers should be established between service provider PEs and customer CEs.1.9/32 POS5/1/1 10.1. • CE 1 and CE 2 are connected to the service provider backbone. adds the export target attribute of the MPLS VPN on the service provider network to the extended community attribute list.2.

<PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.4.1.9/32 PE 2 Loop0 4.1.2/24 Configuration procedure 1.1. using IS-IS as the IGP protocol.1.4.3.4.1.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.9/32 Loop0 6.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit NOTE: Configurations on PE 2 are similar to those on PE 1.4.9/32 POS5/1/1 11.4.2/24 GE3/1/2 110.1.2/24 POS5/1/2 30.4.1.2/24 PE 4 GE3/1/1 120.0000.1/24 CE 6 GE3/1/1 130.2/24 GE3/1/2 130.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.1.6.1. and are thus omitted here.1.9/32 GE3/1/1 100.1/24 PE 3 Loop0 1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.1.3.2/24 POS5/1/1 30. Configure MPLS L3VPN on the service provider backbone.1/24 CE 5 GE3/1/1 110.3.3.1.1/24 POS5/1/2 20.1.1.0004.1.0000.1.1. # Configure PE 1.1/24 PE 1 Loop0 3.4.3.1/24 CE 4 GE3/1/1 120.1.1. 325 .1.1.1. and enabling LDP and establishing MP-IBGP peer relationship between PE 1 and PE 2.1 24 [PE1-POS5/1/2] isis enable 1 [PE1-POS5/1/2] mpls [PE1-POS5/1/2] mpls ldp [PE1-POS5/1/2] mpls ldp transport-address interface [PE1-POS5/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.3.1.1.1.1/24 POS5/1/2 21.CE 3 GE3/1/1 100.1.1.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 5/1/2 [PE1-POS5/1/2] ip address 30.4.0000.9 as-number 100 [PE1-bgp] peer 4.1.1.1.1.2/24 POS5/1/2 10.6.

using IS-IS as the IGP protocol and enabling LDP between PE 3 and CE 1.3.1.0000.0001. execute commands display mpls ldp session.1.After completing the configurations.9 Local AS number : 100 Total number of peers : 1 Peer 4.0000.1 24 [PE3-POS5/1/2] isis enable 2 [PE3-POS5/1/2] mpls [PE3-POS5/1/2] mpls ldp [PE3-POS5/1/2] quit 326 .00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface pos 5/1/2 [PE3-POS5/1/2] ip address 10. The output shows that the LDP session is established. and between PE 4 and CE 2.3.0000. # Configure PE 3. [PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ---------------------------------------------------------------4. The following takes PE 1 for illustration. the BGP peer relationship is established and in Established state.1. and the IS-IS neighbor relationship is established and up.4.0005 POS5/1/1 2.4.1.1.0000. 001 State HoldTime Type Up 29s L1L2 PRI -- Configure the customer VPN.4.9 Peers in established state : 1 AS MsgRcvd MsgSent OutQ PrefRcv 100 162 145 0 0 Up/Down State 02:12:47 Established [PE1] display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id 0000.4.9:0 Operational DU Active Off Off 378/378 ---------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1. display bgp peer and display isis peer respectively on either PE 1 or PE 2.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.

0002. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip binding vpn-instance vpn1 [PE1-POS5/1/1] ip address 11.1. # Configure PE 1.0000.2. NOTE: Configurations on PE 4 and CE 2 are similar to those on PE 3 and CE 1 respectively.9 [CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10. [CE1] interface pos 5/1/2 [CE1-POS5/1/2] ip address 11.1.1.2 24 [CE1-POS5/1/1] isis enable 2 [CE1-POS5/1/1] mpls [CE1-POS5/1/1] mpls ldp [CE1-POS5/1/1] quit After the configurations.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface pos 5/1/1 [CE1-POS5/1/1] ip address 10.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.1. and are thus omitted here.# Configure CE 1.2.1 as-number 200 [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1.1. Connect CE 1 and CE 2 to service provider PEs. <CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.1.1 24 327 .2. 3.0000.2 24 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 11.1.1.0000. LDP and IS-IS neighbor relationship can be established between PE 3 and CE 1.2.

1. Connect sub-VPN CEs to the customer VPN PEs.1 24 [CE5-GigabitEthernet3/1/1] quit [CE5] bgp 65411 [CE5-bgp] peer 110.[CE1-POS5/1/2] mpls [CE1-POS5/1/2] quit [CE1] bgp 200 [CE1-bgp] peer 11.2 as-number 200 [CE3-bgp] import-route direct [CE3-bgp] quit # Configure CE 5. [PE3] ip vpn-instance SUB_VPN1 [PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1 [PE3-vpn-instance-SUB_VPN1] vpn-target 2:1 [PE3-vpn-instance-SUB_VPN1] quit [PE3] interface GigabitEthernet 3/1/1 [PE3-GigabitEthernet3/1/1] ip binding vpn-instance SUB_VPN1 [PE3-GigabitEthernet3/1/1] ip address 100. <CE5> system-view [CE5] interface GigabitEthernet 3/1/1 [CE5-GigabitEthernet3/1/1] ip address 110.1. 4.1.1.2 24 [PE3-GigabitEthernet3/1/2] quit [PE3] bgp 100 328 .2 as-number 100 [CE1-bgp] import isis 2 [CE1-bgp] quit NOTE: Configurations on PE 2 and CE 2 are similar to those on PE 1 and CE 1 respectively.1. <CE3> system-view [CE3] interface GigabitEthernet 3/1/1 [CE3-GigabitEthernet3/1/1] ip address 100.1.1.1.1.1.2 24 [PE3-GigabitEthernet3/1/1] quit [PE3] ip vpn-instance SUB_VPN2 [PE3-vpn-instance-SUB_VPN2] route-distinguisher 101:1 [PE3-vpn-instance-SUB_VPN2] vpn-target 2:2 [PE3-vpn-instance-SUB_VPN2] quit [PE3] interface GigabitEthernet 3/1/2 [PE3-GigabitEthernet3/1/2] ip binding vpn-instance SUB_VPN2 [PE3-GigabitEthernet3/1/2] ip address 110. and are thus omitted here.1.1.1.1 24 [CE3-GigabitEthernet3/1/1] quit [CE3] bgp 65410 [CE3-bgp] peer 100. # Configure CE 3.1.2 as-number 200 [CE5-bgp] import-route direct [CE5-bgp] quit # Configure PE 3.

1.9 connect-interface loopback 0 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 2.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received.9 as-number 200 [PE3-bgp] peer 2.1.2.9 enable 329 .2.1.1 as-number 65410 [PE3-bgp-SUB_VPN1] import-route direct [PE3-bgp-SUB_VPN1] quit [PE3-bgp] ipv4-family vpn-instance SUB_VPN2 [PE3-bgp-SUB_VPN2] peer 110.2. [PE3] bgp 200 [PE3-bgp] peer 2. Establish MP-EBGP peer relationship between service provider PEs and their CEs to exchange user VPNv4 routes. 6.1.2. [PE1] bgp 100 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] nesting-vpn [PE1-bgp-af-vpnv4] peer 11.[PE3-bgp] ipv4-family vpn-instance SUB_VPN1 [PE3-bgp-SUB_VPN1] peer 100. # Configure PE 1. CE 4 and CE 6 are similar to those on PE 3.1. Establish MP-IBGP peer relationship between sub-VPN PEs and CEs of the customer VPN to exchange VPNv4 routes of sub-VPNs. [CE1-bgp-af-vpnv4] peer 11.1 vpn-instance vpn1 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure CE 1.2.1. enabling VPNv4 capability and establishing VPNv4 neighbor relationship between CE 1 and PE 1. [CE1] bgp 200 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 11. and are thus omitted here.2.1 as-number 65411 [PE3-bgp-SUB_VPN2] import-route direct [PE3-bgp-SUB_VPN2] quit [PE3-bgp] quit NOTE: Configurations on PE 4. enabling nested VPN. and are thus omitted here. CE 3 and CE 5 respectively.1.1.2 allow-as-loop 2 # Receive all VPNv4 routes. # Configure PE 3.1. 5.1. [CE1-bgp-af-vpnv4] undo policy vpn-target [CE1-bgp-af-vpnv4] quit [CE1-bgp] quit NOTE: Configurations on PE 2 and CE 2 are similar to those on PE 1 and CE 1 respectively.

1.0.1.0.9/32 30.1.0/8 Direct 0 0 127.1.1.1 NULL0 110.1.0.1.0.4.1.1 InLoop0 30.1.1.0/24 11.1.1.1/32 Routes : 9 Pre Cost NextHop Interface Direct 0 0 11.1. After completing all the configurations.1.2/32 Direct 0 0 11.1.9 allow-as-loop 2 [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit # Configure CE 1.9 as-number 200 [CE1-bgp] peer 1.0.1.1.1. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 9 Destination/Mask Proto 11.1.1.0.1. and are thus omitted here.1.0.2.0.0.1.1.9 connect-interface loopback 0 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 1.1.3.0/24 BGP 255 0 11.2/32 Direct 0 0 30. execute the display ip routing-table command on PE 1 and PE 2 to verify that the public routing tables contain only routes on the service provider network.1 InLoop0 ISIS 10 30.9/32 4.0/24 BGP 255 0 11.0/24 30.1 POS5/1/2 Direct 0 0 127.0.1.1 InLoop0 15 Execute the display ip routing-table vpn-instance command on PE 1 and PE 2 to verify that the VPN routing tables contain sub-VPN routes.1.1/32 Direct 0 0 127.1.1.1. The following takes PE 1 for illustration.# Allow the local AS number to appear in the AS-PATH attribute of the routes received. The following takes PE 1 for illustration.1.9 enable [CE1-bgp-af-vpnv4] undo policy vpn-target [CE1-bgp-af-vpnv4] quit [CE1-bgp] quit NOTE: Configurations on PE 4 and CE 2 are similar to those on PE 3 and CE 1 respectively.1.2 POS5/1/1 100.3. [CE1] bgp 200 [CE1-bgp] peer 1. 7.1 NULL0 330 .2.1. [PE3-bgp-af-vpnv4] peer 2. [PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 3.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 127.1 POS5/1/1 Direct 0 0 127.0. Verify the configurations.1.0.0.0.2 POS5/1/2 127.1.4.1 InLoop0 11.1.1 InLoop0 127.2 POS5/1/2 Direct 0 0 30.

1.0.11.4. i .0.1 InLoop0 127.4.Stale Origin : i . 331 .VPN best.0/24 11.1.0/24 BGP 0 4.best.2 1026/1027 Route Distinguisher: 201:1 Network NextHop In/Out Label * > 130.1.120.2 1027/1028 Execute the display ip routing-table vpn-instance SUB_VPN1 command on PE 3 and PE 4 to verify that the VPN routing tables contain routes sent by provider PEs to sub-VPNs.1 InLoop0 130. The following takes CE 1 for illustration. h . e . s .1.1.1. ? .1.0/24 1.incomplete Total number of routes from all PE: 4 Route Distinguisher: 100:1 *> Network NextHop In/Out Label 100.11 Status codes: * .1.4.damped.0/24 1.1.1.9 1024/1024 Route Distinguisher: 101:1 Network NextHop In/Out Label * > 110. ^ .1.1.history. [CE1] display bgp vpnv4 all routing-table BGP Local router ID is 11. S .0.1.9 1024/1024 MED LocPrf MED LocPrf MED LocPrf MED LocPrf MED LocPrf Route Distinguisher: 101:1 *^ Network NextHop In/Out Label 100.0.suppressed.1.0.11.1.0/24 1. d .1/32 Direct 0 0 127.1.0. The following takes PE 3 for illustration.0/24 11.1.9 1025/1025 Route Distinguisher: 200:1 Network NextHop In/Out Label * > 120.0.4.1.9 NULL0 127.IGP.0.valid.1.1.0/8 Direct 0 255 0 127.0/24 BGP 0 4.1.1.EGP. > .9 NULL0 255 Execute the display bgp vpnv4 all routing-table command on CE 1 and CE 2 to verify that the VPNv4 routing tables on the customer VPN contain internal sub-VPN routes.1.internal.1.

0.2 GE3/1/1 127.1.0.1.0.0.1.0.0/24 110.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.1.0.0/8 Direct 0 0 127.1.120.0/24 BGP 0 110.1.1: bytes=56 Sequence=5 ttl=252 time=87 ms --.1 GE3/1/1 Direct 0 0 127.0.0/8 Direct 0 0 127.1 InLoop0 255 Execute the display ip routing-table command on CE 3 and CE 4 to verify that the routing tables contain routes of remote sub-VPNs.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120. [CE3] display ip routing-table Routing Tables: Public Destinations : 5 Destination/Mask Proto 100.1 InLoop0 255 Execute the display ip routing-table command on CE 5 and CE 6 to verify that the routing tables contain routes of remote sub-VPNs.0.1/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 100. [CE5] display ip routing-table Routing Tables: Public Destinations : 5 Destination/Mask Proto 110. The following takes CE5 for illustration.2 GE3/1/1 255 CE 3 and CE 4 can ping each other successfully.1.0.1 InLoop0 120.0.0/24 100.9 NULL0 127.1.1.1 GE3/1/1 Direct 0 0 127.0/24 BGP 0 2.1. The following takes CE 3 for illustration.1 InLoop0 127.0.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.1.0.1.0.1.0.0.2.1.1.1.0.0.2/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 100.1.0.1/32 Direct 0 0 127.1.1.0.0.0/24 100.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120.1.0.0/8 Direct 0 0 127.1.1/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 110.0.1.1.1/32 Direct 0 0 127.1 InLoop0 127.1 PING 120.1.0/24 BGP 0 100.0.1.2.1.1.1.1 InLoop0 130.1.1.0.0.1 InLoop0 120.0.1.2 GE3/1/1 Direct 0 0 127.1: 56 data bytes.1.1.1.0.1.1.1.1. [CE3] ping 120.1.0. press CTRL_C to break Reply from 120.1 InLoop0 127.0.1.1.[PE3] display ip routing-table vpn-instance SUB_VPN1 Routing Tables: SUB_VPN1 Destinations : 5 Destination/Mask Proto 100.0.1.1 InLoop0 127.1.1 ping statistics --5 packet(s) transmitted 332 .1/32 Direct 0 0 127.

1. the backbone and the MPLS VPN networks.1. • Performance requirements for the UPEs are lower than those for the SPEs.1.5 packet(s) received 0.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 130. • SPEs act as PEs to allow MPLS VPNs to access the backbone. press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 130. • UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 130.1.1.1 PING 130.1.1: 56 data bytes.1: bytes=56 Sequence=5 ttl=252 time=87 ms --.1: 56 data bytes.1. permitting CE 1 and CE 3 in VPN 1 to communicate with each other and forbidding CE 2 and CE 4 in VPN 2 to communicate with each other.1.1.1.130. [CE5] ping 130.1.1.1.00% packet loss round-trip min/avg/max = 69/90/105 ms CE 3 and CE 6 cannot ping each other.1.1.1.1. • SPEs advertise routes permitted by the routing policies to UPEs. 333 .00% packet loss round-trip min/avg/max = 69/90/105 ms CE 5 and CE 6 can ping each other successfully.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 130.00% packet loss Configuring HoVPN Network requirements There are two levels of networks. [CE3] ping 130. as shown in Figure 82.1. press CTRL_C to break Reply from 130.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.1.1 PING 130.130.

2.9/32 GE4/1/1 172. OSPF.1 24 [UPE1-GigabitEthernet4/1/3] mpls [UPE1-GigabitEthernet4/1/3] mpls ldp [UPE1-GigabitEthernet4/1/3] quit # Configure the IGP protocol.Figure 82 Network diagram Loop0 Loop0 GE4/1/2 GE4/1/1 SPE 1 Loop0 GE4/1/1 GE4/1/3 SPE 2 GE4/1/2 GE4/1/1 AS 100 UPE 1 UPE 2 GE4/1/2 GE4/1/1 VPN 1 GE4/1/2 VPN 2 GE4/1/1 GE4/1/1 CE 2 AS 65420 GE4/1/3 VPN 1 GE4/1/1 CE 1 AS 65410 Loop0 VPN 2 GE4/1/1 CE 3 AS 65430 Device Interface CE 1 GE4/1/1 10.2/24 GE4/1/1 172. <UPE1> system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.2/24 SPE 2 Configuration procedure 1.2/24 GE4/1/3 172.1/24 CE 2 GE4/1/1 10.2.1. IP address Configure UPE 1 # Configure basic MPLS and MPLS LDP to establish LDP LSPs.1/24 CE 3 GE4/1/1 10.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1. [UPE1] ospf [UPE1-ospf-1] area 0 334 .1.4.9/32 Loop0 3.1.4.1.1.1.3.2/24 Loop0 2.2.1.1.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface GigabitEthernet 4/1/3 [UPE1-GigabitEthernet4/1/3] ip address 172.3.1.2/24 GE4/1/2 180.1.4.3.2/24 GE4/1/1 180.2.1.1/24 UPE 2 UPE 1 SPE 1 IP address Device CE 4 AS 65440 Interface Loop0 1.1.1.1.1/24 GE4/1/3 10.1.1.1.9/32 Loop0 4.9/32 GE4/1/1 10. for example.1/24 GE4/1/2 10.4.1.2/24 GE4/1/2 10.3.1.1.1.1/24 CE 4 GE4/1/1 10.1.2.1.2.1.1.1/24 GE4/1/2 172.1.1.

2 as-number 100 [CE1-bgp] import-route direct [CE1] quit 3.0] quit [UPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2.0.1.9 enable [UPE1-bgp-af-vpnv4] quit [UPE1-bgp] ipv4-family vpn-instance vpn1 [UPE1-bgp-vpn1] peer 10.255. Configure CE 2 <CE2> system-view 335 .1.2.0.0] network 1.255 [UPE1-ospf-1-area-0.0.0.1.1.0. [UPE1] bgp 100 [UPE1-bgp] peer 2.2.9 0.1.9 as-number 100 [UPE1-bgp] peer 2.4.1 255.1.1.2.2.0.2.0 0. Configure CE 1 <CE1> system-view [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 10.2.1.4.9 connect-interface loopback 0 [UPE1-bgp] ipv4-family vpnv4 [UPE1-bgp-af-vpnv4] peer 2.1.0] network 172.0 [UPE1-ospf-1-area-0.2 24 [UPE1-GigabitEthernet4/1/1] quit [UPE1] interface GigabitEthernet 4/1/2 [UPE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 [UPE1-GigabitEthernet4/1/2] ip address 10.0.2.0.0.[UPE1-ospf-1-area-0.0.2.1 as-number 65420 [UPE1-bgp-vpn1] import-route direct [UPE1-bgp-vpn1] quit [UPE1-bgp] quit 2. allowing CE 1 and CE 2 to access UPE 1.2.2 24 [UPE1-GigabitEthernet4/1/2] quit # Configure UPE 1 to establish MP-IBGP peer relationship with SPE 1 and to inject VPN routes.1 as-number 65410 [UPE1-bgp-vpn1] import-route direct [UPE1-bgp-vpn1] quit [UPE1-bgp] ipv4-family vpn-instance vpn2 [UPE1-bgp-vpn1] peer 10. [UPE1] ip vpn-instance vpn1 [UPE1-vpn-instance-vpn1] route-distinguisher 100:1 [UPE1-vpn-instance-vpn1] vpn-target 100:1 both [UPE1-vpn-instance-vpn1] quit [UPE1] ip vpn-instance vpn2 [UPE1-vpn-instance-vpn2] route-distinguisher 100:2 [UPE1-vpn-instance-vpn2] vpn-target 100:2 both [UPE1-vpn-instance-vpn2] quit [UPE1] interface GigabitEthernet 4/1/1 [UPE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [UPE1-GigabitEthernet4/1/1] ip address 10.255.1.0 [CE1-GigabitEthernet4/1/1] quit [CE1] bgp 65410 [CE1-bgp] peer 10.2.

4.3.9 32 [UPE2-LoopBack0] quit [UPE2] mpls lsr-id 4. allowing CE 3 and CE 4 to access UPE 2.4. Configure UPE 2 # Configure basic MPLS and MPLS LDP to establish LDP LSPs.1.4.9 [UPE2] mpls [UPE2-mpls] quit [UPE2] mpls ldp [UPE2-mpls-ldp] quit [UPE2] interface GigabitEthernet 4/1/1 [UPE2-GigabitEthernet4/1/1] ip address 172.2 as-number 100 [CE2-bgp] import-route direct [CE2] quit 4.0 [UPE2-ospf-1-area-0. OSPF.4.4.0] network 4.1.0.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2.2.0 [CE2-GigabitEthernet4/1/1] quit [CE2] bgp 65420 [CE2-bgp] peer 10.1 255.0. for example.1.9 0.4. [UPE2] ip vpn-instance vpn1 [UPE2-vpn-instance-vpn1] route-distinguisher 300:1 [UPE2-vpn-instance-vpn1] vpn-target 100:1 both [UPE2-vpn-instance-vpn1] quit [UPE2] ip vpn-instance vpn2 [UPE2-vpn-instance-vpn2] route-distinguisher 400:2 [UPE2-vpn-instance-vpn2] vpn-target 100:2 both [UPE2-vpn-instance-vpn2] quit [UPE2] interface GigabitEthernet 4/1/2 [UPE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn1 [UPE2-GigabitEthernet4/1/2] ip address 10.255.0 0.0.1 24 [UPE2-GigabitEthernet4/1/1] mpls [UPE2-GigabitEthernet4/1/1] mpls ldp [UPE2-GigabitEthernet4/1/1] quit # Configure the IGP protocol.255 [UPE2-ospf-1-area-0.1.255.0.0.4.0.[CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 10.0.4.2.0. [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0] network 172.0.1.2 24 [UPE2-GigabitEthernet4/1/3] quit 336 .0.2 24 [UPE2-GigabitEthernet4/1/2] quit [UPE2] interface GigabitEthernet 4/1/3 [UPE2-GigabitEthernet4/1/3] ip binding vpn-instance vpn2 [UPE2-GigabitEthernet4/1/3] ip address 10.1. <UPE2> system-view [UPE2] interface loopback 0 [UPE2-LoopBack0] ip address 4.1.

1.2 24 337 .3.3.3.0 [CE3-GigabitEthernet4/1/1] quit [CE3] bgp 65430 [CE3-bgp] peer 10.1.255.255.9 connect-interface loopback 0 [UPE2-bgp] ipv4-family vpnv4 [UPE2-bgp-af-vpnv4] peer 3. <SPE1> system-view [SPE1] interface loopback 0 [SPE1-LoopBack0] ip address 2. [UPE2] bgp 100 [UPE2-bgp] peer 3.1 255.1.9 [SPE1] mpls [SPE1-mpls] quit [SPE1] mpls ldp [SPE1-mpls-ldp] quit [SPE1] interface GigabitEthernet 4/1/1 [SPE1-GigabitEthernet4/1/1] ip address 172.0 [CE4-GigabitEthernet4/1/1] quit [CE4] bgp 65440 [CE4-bgp] peer 10.# Configure UPE 2 to establish MP-IBGP peer relationship with SPE 2 and to inject VPN routes.2.3.3.255.3.2 as-number 100 [CE4-bgp] import-route direct [CE4] quit 7.1 255.1. Configure CE 3 <CE3> system-view [CE3] interface GigabitEthernet 4/1/1 [CE3-GigabitEthernet4/1/1] ip address 10.1 as-number 65430 [UPE2-bgp-vpn1] import-route direct [UPE2-bgp-vpn1] quit [UPE2-bgp] ipv4-family vpn-instance vpn2 [UPE2-bgp-vpn1] peer 10.1.1.1.1 as-number 65440 [UPE2-bgp-vpn1] import-route direct [UPE2-bgp-vpn1] quit [UPE2-bgp] quit 5.1.3.3.1. Configure CE 4 <CE4> system-view [CE4] interface GigabitEthernet 4/1/1 [CE4-GigabitEthernet4/1/1] ip address 10.9 enable [UPE2-bgp-af-vpnv4] quit [UPE2-bgp] ipv4-family vpn-instance vpn1 [UPE2-bgp-vpn1] peer 10.255.9 32 [SPE1-LoopBack0] quit [SPE1] mpls lsr-id 2.1.2.2.2.9 as-number 100 [UPE2-bgp] peer 3.2 as-number 100 [CE3-bgp] import-route direct [CE3] quit 6.1.3. Configure SPE 1 # Configure basic MPLS and MPLS LDP to establish LDP LSPs.

0.1.1.3.0.0 0.3.1.255 [SPE1-ospf-1-area-0.0. [SPE1] ip vpn-instance vpn1 [SPE1-vpn-instance-vpn1] route-distinguisher 500:1 [SPE1-vpn-instance-vpn1 ] vpn-target 100:1 both [SPE1-vpn-instance-vpn1] quit [SPE1] ip vpn-instance vpn2 [SPE1-vpn-instance-vpn2] route-distinguisher 700:1 [SPE1-vpn-instance-vpn2] vpn-target 100:2 both [SPE1-vpn-instance-vpn2] quit # Configure SPE 1 to establish MP-IBGP peer relationship with UPE 1 and to inject VPN routes.0. for example.1.9 next-hop-local [SPE1-bgp] peer 3. and specify UPE 1.3.0.1.1.0.9 as-number 100 [SPE1-bgp] peer 3.0.255 [SPE1-ospf-1-area-0.1.1. [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.9 as-number 100 [SPE1-bgp] peer 1.3.1 24 [SPE1-GigabitEthernet4/1/2] mpls [SPE1-GigabitEthernet4/1/2] mpls ldp [SPE1-GigabitEthernet4/1/2] quit # Configure the IGP protocol.2.3.1.1. [SPE1] bgp 100 [SPE1-bgp] peer 1.1.1.0. [SPE1] ip ip-prefix hope index 10 permit 10.1 24 [SPE1] route-policy hope permit node 0 [SPE1-route-policy] if-match ip-prefix hope 338 . that is.1.0] network 172.[SPE1-GigabitEthernet4/1/1] mpls [SPE1-GigabitEthernet4/1/1] mpls ldp [SPE1-GigabitEthernet4/1/1] quit [SPE1] interface GigabitEthernet 4/1/2 [SPE1-GigabitEthernet4/1/2] ip address 180.1.0.2.9 connect-interface loopback 0 [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 3.9 connect-interface loopback 0 [SPE1-bgp] peer 1.1.9 enable [SPE1-bgp-af-vpnv4] peer 1.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2.0.0] network 2.0] network 180.0.1.9 0.3.0 [SPE1-ospf-1-area-0. the routes of CE 3.0. OSPF.0.9 enable [SPE1-bgp-af-vpnv4] peer 1.1.0.9 upe [SPE1-bgp-af-vpnv4] quit [SPE1-bgp]ipv4-family vpn-instance vpn1 [SPE1-bgp-vpn1] quit [SPE1-bgp]ipv4-family vpn-instance vpn2 [SPE1-bgp-vpn2] quit [SPE1-bgp] quit # Configure SPE 1 to advertise to UPE 1 the routes permitted by a routing policy.0 0.1.

0 [SPE2-ospf-1-area-0.3.9 upe route-policy hope export 8.0.0.9 [SPE2] mpls [SPE2-mpls] quit [SPE2] mpls ldp [SPE2-mpls-ldp] quit [SPE2] interface GigabitEthernet 4/1/1 [SPE2-GigabitEthernet4/1/1] ip address 180.0.255 [SPE2-ospf-1-area-0.255 [SPE2-ospf-1-area-0.1.3.3.1. [SPE2] bgp 100 [SPE2-bgp] peer 4.3.0. <SPE2> system-view [SPE2] interface loopback 0 [SPE2-LoopBack0] ip address 3.0. OSPF.2.0.1.0.4.2 24 [SPE2-GigabitEthernet4/1/2] mpls [SPE2-GigabitEthernet4/1/2] mpls ldp [SPE2-GigabitEthernet4/1/2] quit # Configure the IGP protocol.4.0] network 172.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.0.0.9 connect-interface loopback 0 339 .[SPE1-route-policy] quit [SPE1] bgp 100 [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 1.1.1.3. [SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.4.0. for example.0.0 0.4.0.1. [SPE2] ip vpn-instance vpn1 [SPE2-vpn-instance-vpn1] route-distinguisher 600:1 [SPE2-vpn-instance-vpn1 ] vpn-target 100:1 both [SPE2-vpn-instance-vpn1] quit [SPE2] ip vpn-instance vpn2 [SPE2-vpn-instance-vpn2] route-distinguisher 800:1 [SPE2-vpn-instance-vpn2] vpn-target 100:2 both [SPE2-vpn-instance-vpn2] quit # Configure SPE 2 to establish MP-IBGP peer relationship with UPE 2 and to inject VPN routes.0] network 180. and specify UPE 2.9 as-number 100 [SPE2-bgp] peer 4.0] quit [SPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2.0] network 3.1. Configure SPE 2 # Configure basic MPLS and MPLS LDP to establish LDP LSPs.1.2 24 [SPE2-GigabitEthernet4/1/1] mpls [SPE2-GigabitEthernet4/1/1] mpls ldp [SPE2-GigabitEthernet4/1/1] quit [SPE2] interface GigabitEthernet 4/1/2 [SPE2-GigabitEthernet4/1/2] ip address 172.2.9 0.0.0 0.

1.4.1/24 340 .9 enable [SPE2-bgp-af-vpnv4] peer 4.4.1 24 [SPE2] route-policy hope permit node 0 [SPE2-route-policy] if-match ip-prefix hope [SPE2-route-policy] quit [SPE2] bgp 100 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 4.1.2.2.2.4.4.4.1.2. Figure 83 Network diagram Loop0 Loop0 POS2/1/2 POS2/1/1 PE 1 GE4/1/1 PE 2 GE4/1/1 Sham-link Loop1 Loop1 OSPF Area 1 GE4/1/1 POS2/1/2 CE 1 POS2/1/2 GE4/1/1 POS2/1/1 POS2/1/2 Router A CE 2 Backdoor link Device Interface IP address Device Interface IP address CE 1 GE4/1/1 100. [SPE2] ip ip-prefix hope index 10 permit 10.4. the routes of CE 1.4.2.2.1.9 enable [SPE2-bgp-af-vpnv4] peer 4.9 connect-interface loopback 0 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 2.9 as-number 100 [SPE2-bgp] peer 2.9 upe [SPE2-bgp-af-vpnv4] quit [SPE2-bgp]ipv4-family vpn-instance vpn1 [SPE2-bgp-vpn1] quit [SPE2-bgp]ipv4-family vpn-instance vpn2 [SPE2-bgp-vpn2] quit [SPE2-bgp] quit # Configure SPE 2 to advertise to UPE 2 the routes permitted by a routing policy.9 next-hop-local [SPE2-bgp] peer 2. • VPN traffic between CE 1 and CE 2 is required to be forwarded through the MPLS backbone. that is.1/24 CE 2 GE4/1/1 120. instead of any route in the OSPF area.9 upe route-policy hope export Configuring OSPF sham links Network requirements • CE 1 and CE 2 belong to VPN 1 and are respectively connected to PE 1 and PE 2.4.1.2.[SPE2-bgp] peer 4. • CE 1 and CE 2 are in the same OSPF area.

1.2/24 Loop0 2.1.0.0/24 OSPF 3124 20.1.2/24 Configuration procedure 1.1.1.1.1. CE 1 and CE 2 can learn the OSPF route to the GigabitEthernet interface of each other. The following takes CE 1 as an example: <CE1> display ip routing-table Routing Tables: Public Destinations : 9 2.3.1. [PE1] bgp 100 [PE1-bgp] peer 2.2 POS2/1/2 100.1.3.2/24 POS2/1/2 10.1.1.2 POS2/1/2 127.1 InLoop0 20.1.1.1 InLoop0 120.1.0.1/32 Direct 0 0 127.1.1.0.1.1/24 Loop0 1. Destination/Mask Proto 20.1.1.1.0. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1. and CE 2 to advertise segment addresses of the interfaces as shown in Figure 83.1.1.0/8 Direct 0 0 127.1.1.5/32 GE4/1/1 100.0.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.PE 1 Router A POS2/1/2 20.1.1. Configure OSPF on the customer networks Configure conventional OSPF on CE 1.2/24 GE4/1/1 120.1.1 POS2/1/2 Direct 0 0 127.5. (Details not shown) After completing the configurations.1 InLoop0 127.2/24 POS2/1/1 30.0.1/24 POS2/1/1 10.1/32 Direct 0 0 127.0/24 20.0.1 InLoop0 10 10 Configure MPLS L3VPN on the backbone # Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs.2 POS2/1/2 30.1/32 Pre Routes : 9 Cost NextHop Interface Direct 0 0 20.1.1 24 [PE1-POS2/1/2] mpls [PE1-POS2/1/2] mpls ldp [PE1-POS2/1/2] quit # Configure PE 1 to take PE 2 as the MP-IBGP peer.9/32 PE 2 POS2/1/2 30.3/32 Loop1 5.1.5.1.0.1.1.1.9/32 Loop1 3.0.2.1.1.1.2.1.9 as-number 100 341 .1 GE4/1/1 100.1.2.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface POS 2/1/2 [PE1-POS2/1/2] ip address 10.1/24 POS2/1/2 20.1. Router A.0.1.1.0.1.1.0.1.1.2.1.0/24 Direct 0 0 100.2/32 Direct 0 0 20.0/24 OSPF 3125 20.

0 [PE1-ospf-1-area-0.1.0.9 0.0] network 10.0.1.255 [PE1-ospf-1-area-0.0.[PE1-bgp] peer 2.0.0.2.0. [PE2] bgp 100 [PE2-bgp] peer 1.0] quit [PE2-ospf-1] quit 3.2.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2. [PE1]ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.2.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure OSPF on PE 1.1.2 24 [PE2-POS2/1/2] mpls [PE2-POS2/1/2] mpls ldp [PE2-POS2/1/2] quit # Configure PE 2 to take PE 1 as the MP-IBGP peer.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.2.0.1.1.0] network 2.1.1.1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 342 .1.9 0.0.0.0.2.0.0] quit [PE1-ospf-1] quit # Configure basic MPLS and MPLS LDP on PE 2 to establish LDP LSPs.2. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.0.9 as-number 100 [PE2-bgp] peer 1.0.0 [PE2-ospf-1-area-0.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Configure OSPF on PE 2.0 0.2.255 [PE2-ospf-1-area-0.0] network 1.1.2.1. [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.1.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.1.0.0.0.2.0.0 0. Configure PEs to allow CEs to access the network # Configure PE 1 to allow CE 1 to access the network.0.1.0] network 10.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface POS 2/1/2 [PE2-POS2/1/2] ip address 10.

1] quit [PE2-ospf-100] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 100 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit After completing the configurations.0.0.0. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1 [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ip address 120.1.0.1] network 120.0.255 [PE1-ospf-100-area-0.1. issue the display ip routing-table vpn-instance command on the PEs.0.0.1.1.1.1] network 100.1.2 24 [PE1-GigabitEthernet4/1/1] quit [PE1] ospf 100 vpn-instance vpn1 [PE1-ospf-100] domain-id 10 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.1.0 0.0.2 24 [PE2-GigabitEthernet4/1/1] quit [PE2] ospf 100 vpn-instance vpn1 [PE2-ospf-100] domain-id 10 [PE2-ospf-100] area 1 [PE2-ospf-100-area-0. You can see that the path to the peer CE is along the OSPF route across the customer networks.1.0/24 Direct 0 0 100.0.2 GE4/1/1 343 .[PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ip address 100.1] quit [PE1-ospf-100] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route ospf 100 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 to allow CE 2 to access the network.1.1.1.1.1.1 GE4/1/1 30.0.0 0.1.1.1.0.0/24 OSPF 10 3125 100.1 GE4/1/1 100. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost NextHop Interface 20.1.1.1.0/24 OSPF 10 1563 100.255 [PE2-ospf-100-area-0. instead of the BGP route across the backbone.1.0.

issue the display ip routing-table vpn-instance command again on the PEs.0.0.5.3.3/32 5.5. Take CE 1 as an example: [CE1] display ip routing-table Routing Tables: Public Destinations : 9 Pre Routes : 9 Destination/Mask Proto Cost NextHop Interface 20. [PE2] interface loopback 1 [PE2-LoopBack1] ip binding vpn-instance vpn1 [PE2-LoopBack1] ip address 5. and that a route to the sham link destination address is present.1/32 Direct 0 0 127.0.3 32 [PE1-LoopBack1] quit [PE1] ospf 100 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.1.5/32 Routes : 6 Pre Cost NextHop Interface Direct 0 0 127.1.0.1 InLoop0 120.1.1.5.0/24 BGP 0 2.1.0. You can see that the cost of the OSPF route to the peer CE is now 10 (the cost configured for the sham link).1.0/24 Direct 0 0 100. You can see that the path to the peer CE is now along the BGP route across the backbone.0.0.0/24 OSPF 10 1563 100.1 InLoop0 20.1.0/24 Direct 0 0 20.2 POS2/1/1 344 .1.1] sham-link 5.3.0.4.1.1.2/32 Direct 0 0 127.1. and that the next hop is now the GigabitEthernet interface connected to the PE.3.2/32 Direct 0 0 127.2/32 Direct 0 0 20. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 6 Destination/Mask Proto 3.1.5 cost 10 [PE1-ospf-100-area-0.0.3. 100.2.1.1.5.1.1 GE4/1/1 100.3.1.5.1.1 GE4/1/1 10 Configure a sham link # Configure PE 1.5 3.0.1.0/24 OSPF 3126 100.3.1.0.0.2 GE4/1/1 100.1 InLoop0 BGP 255 0 2.3 5. This means that VPN traffic to the peer will be forwarded over the backbone.5.0.1.5.1.1.3 cost 10 [PE2-ospf-100-area-0.0.1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 3.1] quit [PE1-ospf-100] quit # Configure PE 2.1 POS2/1/1 20.5 32 [PE2-LoopBack1] quit [PE2] ospf 100 [PE2-ospf-100] area 1 [PE2-ospf-100-area-0.1] quit [PE2-ospf-100] quit After completing the configurations.3.5.1.2.1.2.0.0.1] sham-link 3.1.1.2.1.9 NULL0 255 Issue the display ip routing-table command on the CEs.1 InLoop0 120.3.9 NULL0 20.

1.0.1.0/8 Direct 0 0 127.1.1/24 345 Interface IP address Loop0 2.0.0.0.0.0.1.1.0.2.1.1.1.1.1.2 Sham Link: Area NeighborId Source-IP Destination-IP State Cost 0.3.0. Transmit Delay 1 Configuring BGP AS number substitution Network requirements As shown in Figure 84.0.0.1/32 Direct 0 0 127.1/24 P GE4/1/2 100.1 InLoop0 127.1.2 GE4/1/1 127.1/32 Direct 0 0 127.1 InLoop0 10 Issue the display ospf sham-link command on the PEs.1.2 Neighbour State: Full Area: 0.5 P-2-P 10 Issue the display ospf sham-link area command. In addition.2 Sham-Link: 3.3.1.0.0/24 OSPF 12 100. You can see that the peer state is Full: [PE1] display ospf sham-link area 1 OSPF Process 100 with Router ID 100.1. CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2 respectively.5.0.2.1.0/24 OSPF 1574 100.1 InLoop0 120.5. Figure 84 Configure BGP AS number substitution Device CE 1 Interface IP address Device GE4/1/1 10.1 Cost: 10 State: P-2-P Type: Sham Timers: Hello 10.5. Retransmit 5. they use the same AS number 600.1.0.0/24 Direct 0 10 0 100.9/32 GE4/1/1 20. Take PE 1 as an example: [PE1] display ospf sham-link OSPF Process 100 with Router ID 100.1 GE4/1/1 100.0.1.1.3 --> 5.3 5.5 Neighbor ID: 120.1.1.1.1.1. Dead 40.2/24 .1.3.1.3.1.5.2 3.30. You can see the established sham link.1.2 GE4/1/1 100.1.1 120.

1.1.0.1.1.2.1.1.1. • Configure BGP between PE 1 and CE 1.1.0.0.1 InLoop0 127.1.1.1/32 BGP 255 0 10.1/24 PE 2 Configuration procedure 1.1.1 InLoop0 200.1.1.2.9/32 GE4/1/1 10. issue the display ip routing-table command on CE 2.2.1.2/24 Loop0 1.1.1.1.1.3.1/32 BGP 255 0 1.1/32 Direct 0 0 127.2.1.1.9 NULL0 200.2.1.2. You can see the route to the VPN behind the peer CE.1.1.2.2.2.1/24 Loop0 3.0.1.0/24) behind CE 1.1.0/8 Direct 0 0 127.0/24 Direct 0 0 10.0.0.0/24.2.1.1.1.1/32 BGP 255 0 10.1.1. • Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network.1.1.0. The situation on CE 1 is similar.0. • Establish MP-IBGP peer relationship between the PEs to advertise VPN IPv4 routes.1 InLoop0 200. where the interface used by CE 1 to access PE 1 resides.PE 1 CE 2 GE4/1/2 30.1 GE4/1/1 10. • Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network.1.0.1 GE4/1/1 346 . You can see that CE 2 has learned the route to network segment 10.1.1.1/24 GE4/1/1 10.1 InLoop0 Issue the display ip routing-table vpn-instance command on the PEs.1.9 NULL0 10. • Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. After completing the configurations.1.1.1.0/24 BGP 255 0 10. but has not learned the route to the VPN (100.1. Take PE 2 as an example: <PE2> display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost NextHop Interface 10.0.1/32 Direct 0 0 127.2.0/24 Direct 0 0 200.1.1 GE4/1/1 10.1.2.1/32 Direct 0 0 127.9 NULL0 10.0.1 InLoop0 10. Configure basic MPLS L3VPN • Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.1.1.2 GE4/1/1 10.2/24 10.2 GE4/1/1 10.1.2.1.0/24 Direct 0 0 10.1.2 GE4/1/1 127.0.1.3.1 InLoop0 100.1.9/32 20.1/32 Direct 0 0 10.1.2.1.0.1. and between PE 2 and CE 2 to inject routes of CEs into PEs.1.1/24 GE4/1/2 30.2/32 Direct 0 0 10.2/24 GE4/1/2 GE4/1/1 GE4/1/2 200.0/24 BGP 255 0 1.1.2.0.1/32 BGP 255 0 1. <CE2> display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost NextHop Interface 10.1.2 GE4/1/1 10.2/32 Direct 0 0 127.

You can see that CE 2 did not receive the route to 100. d .1.EGP. e .2. i . > .2 MED *> 10.2.0/24 10.1. s .valid. h .2 received-routes Total Number of Routes: 4 BGP Local router ID is 10.1.1.Stale Origin : i .2.IGP.1.1.1.internal.0/24 10. <PE2> system-view [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.1/32 10.1.1/32.internal.1 substitute-as [PE2-bgp-vpn1] quit [PE2-bgp] quit The output shows that among the routes advertised by PE 2 to CE 2.1.VPN best.1 for following destinations : Origin : Incomplete AS Path : 100 600 Next Hop : 10. S .1.2. <PE2> terminal monitor <PE2> terminal debugging <PE2> debugging bgp update vpn-instance vpn1 verbose <PE2> refresh bgp vpn-instance vpn1 all export *0.4402392 PE2 RM/7/RMDEBUG: BGP.1.1 Status codes: * .2. Network NextHop *> 10. s .2 0 * 10.2 received-routes Total Number of Routes: 5 BGP Local router ID is 10.1.1. Issue the display bgp routing-table peer received-routes command on CE 2.2.2.damped.1/32 has changed from 100 600 to 100 100: *0.13498737 PE2 RM/7/RMDEBUG: BGP.1.VPNv4 best. ^ .2.best.1.1/32 10.2.2. ^ . S .2.2.1.damped.history. > .vpn1: Send UPDATE to 10.1 Status codes: * .incomplete 2. <CE2> display bgp routing-table peer 10.1 for following destinations : Origin : Incomplete AS Path : 100 100 Next Hop : 10.1.1.1/32.1.2.suppressed.1.best.suppressed. i .1.1.1.1.1.Stale 347 .valid.Enable BGP update packet debugging on PE 2.history.1/32 Display again the routing information that CE 2 receives and the routing table: <CE2> display bgp routing-table peer 10. the AS_PATH of 100.2.vpn1: Send UPDATE to 10. d .2.1.2 0 LocPrf PrefVal Path/Ogn 0 100? 0 100? 0 100? 0 100? Configure BGP AS number substitution # Configure BGP AS number substitution on PE 2.1.1/32. ? .1. You can see that PE 2 advertises the route to 100.2 100.2 100.2 * 10. h . and the AS_PATH is 100 600.1.

1.2/32 Direct 0 0 10.1.1/32 Direct 0 0 127.1.0.2.1.1.1.1 InLoop0 200.0.1.2.1.1.0.1/32 10.1: bytes=56 Sequence=5 ttl=253 time=70 ms --.2 GE4/1/1 10.2 0 100 100? <CE2> display ip routing-table Routing Tables: Public Destinations : 9 Destination/Mask Proto 110.1 GE4/1/1 10.1.1/32 10.0.1.0/8 Direct 0 0 127.1.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms Reply from 200.1.1.0/24 Direct 0 0 10.2 0 0 100? *> 100. press CTRL_C to break Reply from 200.1.0/24 Routes : 9 Pre BGP 255 255 Cost 0 NextHop 10.1.0/24 10.00% packet loss round-trip min/avg/max = 66/79/109 ms 348 .1: bytes=56 Sequence=2 ttl=253 time=67 ms Reply from 200.1.1: bytes=56 Sequence=4 ttl=253 time=85 ms Reply from 200.1.1.1.0.2.1/32 BGP 0 10.1.1.1.1.1.1/32 Direct 0 0 127.2.1.2.0.2.1.0.1.0.1.1.1.1 InLoop0 255 After configuring BGP AS substitution on PE 1 too.1/32 10.2.2.1.2 GE4/1/1 127.2 0 0 100? * 10.2.2 GE4/1/1 100.2 0 100? *> 10.1/32 BGP 0 10.2 Interface GE4/1/1 10. the GigabitEthernet interfaces of CE 1 and CE 2 can ping each other: <CE1> ping –a 100.2.1.1.0. ? .1/32 Direct 0 0 127.1.1.2.2 0 100? * 10.1 InLoop0 127.1 PING 200.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.2.1.incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0.Origin : i .2.1: 56 data bytes.0/24 10.0.IGP.1 InLoop0 10.1.1.1: bytes=56 Sequence=3 ttl=253 time=66 ms Reply from 200.1.EGP.1. e .1 200.200.2.2.0.1.1.

Configuring IPv6 MPLS L3VPN IPv6 MPLS L3VPN overview MPLS L3VPN applies to the IPv4 environment. IPv6 MPLS L3VPN functions similarly. The PE-CE interfaces of a PE run IPv6 and the PE-P interface of a PE runs IPv4. At present. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. Figure 85 Network diagram for the IPv6 MPLS L3VPN model VPN 1 IPv6 Site 1 VPN 2 IPv6 Site 3 IPv4 network P P CE CE PE PE CE P P PE CE IPv6 Site 2 VPN 2 IPv6 Site 4 VPN 1 349 . IPv6 runs inside the VPNs and between CEs and PEs. Therefore. PEs must support both IPv4 and IPv6. Figure 85 shows the typical IPv6 MPLS L3VPN model. It uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. the service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network.

IPv6 IS-IS routes. PE 1 labels the packet with both inner and outer labels and forwards the packet out. From the egress PE to the remote peer CE. From the local CE to the ingress PE. the ingress PE adds RDs and VPN targets for these standard IPv6 routes to create VPN-IPv6 routes. PE 1 searches the routing table of the VPN instance. the IPv6 MPLS L3VPN packet forwarding procedure is as follows: 1. a route is available from the local CE to the remote CE. CE 1 transmits the packet to PE 1. From the ingress PE to the egress PE. Finding a matching entry. Then. 350 . the PC at Site 2. According to the inner label and destination address of the packet. or EBGP routes. 3. OSPFv3 routes. RIPng routes. a CE advertises its IPv6 VPN routes to the PE. The routes between a CE and a PE can be static routes. The PC at Site 1 sends an IPv6 packet destined for 2001:2::1. 2. and then triggers MPLS to assign VPN labels for them. IPv6 MPLS L3VPN routing information advertisement The IPv6 VPN routing information of a local CE is advertised to a remote peer PE in three steps: 1. 2. saves them to the routing table of the VPN instance created for the CE. 3. The outer label is removed from the packet at the penultimate hop. CE 2 forwards the packet to the destination by IPv6 forwarding. the CE always advertises standard IPv6 routes to the PE. 5. 4. Routing information exchange from the ingress PE to the egress PE After learning the IPv6 VPN routes from the CE. Based on the inbound interface and destination address of the packet. No matter which routing protocol is used. Routing information exchange from the local CE to the ingress PE After establishing an adjacency with the directly connected PE. PE 2 searches the routing table of the VPN instance to determine the outbound interface and then forwards the packet out the interface to CE 2. The MPLS backbone transmits the packet to PE 2 by outer label.IPv6 MPLS L3VPN packet forwarding Figure 86 IPv6 MPLS L3VPN packet forwarding diagram Site 1 CE 1 CE 2 P 2001:1::1/96 P PE 2 PE 1 Layer1 2001:2::1 Site 2 2001:2::1/96 Layer2 Layer2 2001:2::1 2001:2::1 2001:2::1 As shown in Figure 86.

Complete the following tasks to configure basic IPv6 MPLS L3VPN: Task Configuring VPN instances Remarks Creating a VPN instance Required Associating a VPN instance with an interface Required 351 . see the related sections. Finally. adds the routes to the routing table of the VPN instance. including PE-CE route exchange and PE-PE route exchange. you can construct simple IPv6 VPN networks over an MPLS backbone. Configuring routing on an MCE Configuring basic IPv6 MPLS L3VPN Basic IPv6 MPLS L3VPN configuration task list The key task in IPv6 MPLS L3VPN configuration is to manage the advertisement of IPv6 VPN routes on the MPLS backbone. Routing information exchange from the egress PE to the remote CE The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE. IPv6 MPLS L3VPN supports the following networking schemes and functions: • Basic VPN networking • Inter-AS VPN option A • Inter-AS VPN option C • Carrier’s carrier • Multi-VPN-instance CE IPv6 MPLS L3VPN configuration task list Complete the following tasks to configure IPv6 MPLS L3VPN: Task Remarks Configuring basic IPv6 MPLS L3VPN By configuring basic IPv6 MPLS L3VPN. you also need to perform some specific configurations in addition to the basic IPv6 MPLS L3VPN configuration. if they are the same. Configuring inter-AS IPv6 VPN To deploy special IPv6 MPLS L3VPN networks. such as inter-AS VPN. IPv6 MPLS L3VPN networking schemes and functions At present. the ingress PE advertises the VPN-IPv6 routes to the egress PE through MP-BGP.Then. For more information. The PEs use an IGP to ensure the connectivity between them. the egress PE compares the export target attributes of the VPN-IPv6 routes with the import target attributes that it maintains for the VPN instance and.

route-distinguisher route-distinguisher Required 4. ip vpn-instance vpn-instance-name Required 3. A VPN instance does not necessarily correspond to one VPN. A VPN instance takes effect only after you configure an RD for it. complete these tasks: • Configuring an IGP for the MPLS backbone (on the PEs and Ps) to achieve IP connectivity • Configuring basic MPLS for the MPLS backbone • Configuring MPLS LDP for the MPLS backbone so that LDP LSPs can be established Configuring VPN instances By configuring VPN instances on a PE. Configure a description for the VPN instance. All VPN instance configurations are performed on PEs or MCEs. Configure an RD for the VPN instance. you isolate not only VPN routes from public network routes. To create and configure a VPN instance: Step Command Remarks 1. This feature allows VPN instances to be used in networking scenarios besides MPLS L3VPNs. Creating a VPN instance A VPN instance is associated with a site. Enter system view. such as its relationship with a certain VPN. description text Optional 352 . Create a VPN instance and enter VPN instance view. It is a collection of the VPN membership and routing rules of its associated site.Task Remarks Configuring route related attributes for a VPN instance Optional Configuring a tunneling policy for a VPN instance Optional Configuring an LDP instance Optional Configuring routing between PE and CE Required Configuring routing between PEs Required Configuring routing features for the BGP-VPNv6 subaddress family Optional Configuration prerequisites Before configuring basic IPv6 MPLS L3VPN. You can configure a description for a VPN instance to record its related information. but also routes of a VPN from those of another VPN. system-view N/A 2.

which is usually the export target attribute of the VPN instance associated with the CE. Enter system view. system-view N/A 2. routing-table limit number { warn-threshold | simply-alert } Optional 6. Be sure to re-configure an IP address for the interface after configuring the command. vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] Required 5. ip binding vpn-instance vpn-instance-name No VPN instance is associated with an interface by default. Enter system view. Apply an import routing policy. Enter interface view. For information about LDP-capable interfaces. Enter IPv6 VPN view. • The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the VPN target. all routes matching the import target attribute are accepted. system-view N/A 2. Enter VPN instance view. To configure route related attributes for a VPN instance: Step Command Remarks 1. Optional import route-policy route-policy 353 By default. Set the maximum number of routes supported. NOTE: The ip binding vpn-instance command clears the IP address of the interface on which it is configured. Any LDP-capable interface can be associated with a VPN instance. Associate a VPN instance with the interface. ipv6-family Optional 4. BGP associates it with a VPN target extended community attribute list. • The VPN instance determines how to change the VPN targets attributes for routes to be advertised according to the export-extcommunity in the VPN target. . interface interface-type interface-number N/A 3.” To associate a VPN instance with an interface: Step Command Remarks 1. Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows: • When a VPN route learned from a CE gets redistributed into BGP. Configure VPN targets. ip vpn-instance vpn-instance-name N/A 3.Associating a VPN instance with an interface After creating and configuring a VPN instance. you need to associate the VPN instance with the interface for connecting the CE. see the chapter “Configuring basic MPLS.

• You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view. Otherwise. only one tunnel is selected (no load balancing) in this order: LSP tunnel. NOTE: • Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 VPNs. system-view N/A 2. Configuring a tunneling policy for a VPN instance To configure a tunneling policy for a VPN instance: Step Command Remarks 1. Remarks Optional export route-policy route-policy By default. quit N/A 5. Enter IPv6 VPN view. • Create a routing policy before associating it with a VPN instance. tnl-policy tunnel-policy-name By default. • A single vpn-target command can configure up to eight VPN targets. preventing too many routes from being redistributed into the PE. tunnel-policy tunnel-policy-name Required 3. Return to system view. the device cannot filter the routes to be received and advertised. Create a tunneling policy and enter tunneling policy view. ip vpn-instance vpn-instance-name Required 6. only one tunnel is selected (no load balancing) in this order: LSP tunnel. Apply the tunneling policy to the VPN instance. Those configured in IPv6 VPN view take precedence. Command Apply an export routing policy. You can configure up to 64 VPN targets for a VPN instance.Step 7. • You can define the maximum number of routes for a VPN instance to support. CR-LSP tunnel. Enter VPN instance view. tunnel select-seq { cr-lsp | lsp } * load-balance-number number By default. CR-LSP tunnel. 354 . 4. Enter system view. ipv6-family Optional 7. routes to be advertised are not filtered. Specify the tunnel selection preference order and the number of tunnels for load balancing.

OSPFv3. Enter system view. • A tunneling policy configured in VPN instance view is applicable to both IPv4 VPNs and IPv6 VPNs. On CEs. Otherwise. RIPng. IPv6 IS-IS. the default tunneling policy is used.NOTE: • When you configure tunnel selection preference order by using the tunnel select-seq command. and configure LDP parameters for the LDP instance. tunnels of different types may be used. a tunnel type closer to the select-seq keyword has a higher priority. see the chapter “Configuring MPLS L3VPN. create an LDP instance for the VPN instance. Command Remarks system-view N/A ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] ipv6 route-static vpn-instance s-vpn-instance-name&<1-6> ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] 355 Required Use either command Perform this configuration on PEs. Configuring an LDP instance LDP instances are for carrier’s carrier networking applications. • Create a tunneling policy before associating it with a VPN instance. the VPN uses the LSP tunnel instead. A tunneling policy configured in IPv6 VPN view takes precedence. • You can configure a tunneling policy for IPv6 VPNs in both VPN instance view and IPv6 VPN view. Configuration prerequisites Before you configure routing between PE and CE. After an LSP is created. configure normal static routes. VPN uses a CR-LSP tunnel when no LSP exists. 2. For LDP instance configuration information. For example. . or EBGP between PE and CE.” Configuring routing between PE and CE You can configure static routing. Configure static routes for a VPN instanceN/A. This task is to enable LDP for an existing VPN instance. with the tunnel select-seq lsp cr-lsp load-balance-number 1 command configured. complete the following tasks: • Assign an IPv6 address to the CE-PE interface of the CE • Assign an IPv6 address to the PE-CE interface of the PE Configuring static routing between PE and CE To configure PE-CE route exchange through static routes: Step 1. • If you specify more than one tunnel type and the number of tunnels of a type is less than the specified number of tunnels for load balancing.

see Layer 3—IP Routing Configuration Guide. If you create a RIPng process without binding it to a VPN instance. To configure RIPng between PE and CE: Step Command Remarks 1. quit N/A 5.NOTE: For information about IPv6 static routing. 3. the process belongs to the public network. On CEs. If you create an OSPF process without binding it to a VPN instance. OSPFv3 is disabled on an interface. Configuring OSPFv3 between PE and CE An OSPFv3 process belongs to the public network or a single VPN instance. create a normal RIPng process. To configure OSPFv3 between PE and CE: Step Command Remarks 1. Create a RIPng process for a VPN instance and enter RIPng view. Enter interface view. Perform this configuration on PEs. interface interface-type interface-number N/A 5. system-view N/A 2. ospfv3 [ process-id ] vpn-instance vpn-instance-name Perform this configuration on PEs. Configuring RIPng between PE and CE A RIPng process belongs to the public network or a single VPN instance. router-id router-id Required 4. Enter interface view. • For more information about OSPFv3. 3. quit N/A 4. the process belongs to the public network. Return to system view. Enter system view. see Layer 3—IP Routing Configuration Guide. Create an OSPFv3 process for a VPN instance and enter the OSPFv3 view. ripng process-id enable By default. RIPng is disabled on an interface. Enable RIPng on the interface. NOTE: • Deleting a VPN instance will delete all related OSPFv3 processes at the same time. interface interface-type interface-number N/A 6. ospfv3 process-id area area-id [ instance instance-id ] By default. ripng [ process-id ] vpn-instance vpn-instance-name Perform this configuration on PEs. Return to system view. create a normal OSPF process. system-view N/A 2. On CEs. see Layer 3—IP Routing Configuration Guide. NOTE: For more information about RIPng. Set the router ID. Enter system view. Enable OSPFv3 on the interface. 356 .

the process belongs to the public network. peer ipv6-address as-number as-number Required 5. 3. Create an IPv6 IS-IS process for a VPN instance and enter IS-IS view. On CEs. create a normal IPv6 IS-IS process. system-view N/A 2. Configure the CE as the VPN EBGP peer. 6. interface interface-type interface-number N/A 7. network-entity net Not configured by default 4. ipv6-family vpn-instance vpn-instance-name Required 4. Enter system view. ipv6 enable Disabled by default 5. Enter interface view. Enter IPv6 BGP-VPN instance view. Enable the IPv6 capacity for the IS-IS process. see Layer 3—IP Routing Configuration Guide. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * A PE needs to redistribute the routes of the local CEs into its VPN routing table so that it can advertise them to the peer PE. Enter system view. Return to system view.Configuring IPv6 IS-IS between PE and CE An IPv6 IS-IS process belongs to the public network or a single VPN instance. . Configuring EBGP between PE and CE 1. If you create an IPv6 IS-IS process without binding it to a VPN instance. bgp as-number N/A 3. Configure a filtering policy to filter the routes to be advertised. To configure IPv6 IS-IS between PE and CE: Step Command Remarks 1. Enable BGP and enter BGP view. isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on PEs. quit N/A 6. isis ipv6 enable [ process-id ] Disabled by default NOTE: For more information about IPv6 IS-IS. BGP does not filter routes to be advertised. Enable the IPv6 capacity for the IS-IS process on the interface. Configurations on a PE To configure EBGP between PE and CE: Step Command Remarks 1. system-view N/A 2. Configure a network entity title for the IS-IS process. Redistribute the routes of the local CEs. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ direct | isisv6 process-id | ripng process-id | static ] 357 Optional By default.

Configuring routing between PEs To configure routing between PEs: Step Command Remarks 1. Configure the PE as the EBGP peer. bgp as-number N/A 3.Step Configure a filtering policy to filter received routes. Enter system view. Enter system view. the PE does not filter received routes. 7. peer ipv6-address as-number as-number Required Configure route redistribution and advertisement. NOTE: • After an IPv6 BGP-VPN instance is configured. 5. For more configuration commands in the two views. Enter BGP-VPNv6 subaddress family view. ipv6-family Required 4. system-view N/A 2. Command Remarks filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import Optional By default. peer { group-name | ip-address } connect-interface interface-type interface-number By default. 2. Enter BGP view. Enter BGP view. BGP uses the outbound interface of the best route to the BGP peer. exchange of BGP routes for the VPN instance is the same as exchange of ordinary BGP routes. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Optional 5. Specify the source interface for route update packets. Enter IPv6 BGP subaddress family view. peer ip-address as-number as-number Required 4. bgp as-number Required 3. Configurations on a CE To configure EBGP between PE and CE: Step Command Remarks 1. Configure the remote PE as the peer. system-view N/A 2. ipv6-family vpnv6 Required 358 . A CE needs to advertise its VPN routes to the connected PE so that the PE can advertise them to the peer CE. see Layer 3—IP Routing Configuration Guide. • The configuration commands available in IPv6 BGP-VPN instance view are the same as those in IPv6 BGP subaddress family view.

Set the default value of the local preference. To configure routing features for the BGP-VPNv6 subaddress family: Step Command Remarks 1. Optional By default. Configure a filtering policy to filter received routes. peer ip-address connect-interface interface-type interface-number Required 5. Optional By default. Configure a filtering policy to filter routes to be advertised. Enter BGP-VPNv6 subaddress family view. Enter BGP view. By default. the default value of the system MED is 0. You can select any of the features as required. no filtering policy is applied for a peer. peer ip-address filter-policy acl6-number { export | import } 11. Command Remarks peer ip-address enable By default. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import Optional 10. no IPv6 prefix list is applied for a peer. default local-preference value Optional 100 by default Optional 7. Set the default value for the system MED. peer ip-address as-number as-number Required 4. bgp as-number N/A 3. Specify the preference value for the routes received from the peer. 8. Enable the exchange of BGP-VPNv6 routing information with the specified peer. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ direct | isisv6 process-id | ripng process-id | static ] Optional 9. Enter system view. Optional 0 by default .Step 6. default med med-value By default. Apply an IPv6-prefix list for the peer to filter received/advertised routes. Specify the interface for TCP connections. peer ip-address preferred-value value 359 By default. Configure the remote PE as the peer. Configuring routing features for the BGP-VPNv6 subaddress family A variety of routing features for the BGP-VPNv6 subaddress family are the same as those for BGP IPv6 unicast routing. system-view N/A 2. peer ip-address ipv6-prefix prefix-name { export | import } 12. Apply a filtering policy for the peer. BGP peers exchange only IPv4 routing information. the PE does not filter routes to be advertised. ipv6-family vpnv6 N/A 6. the PE does not filter received routes.

Optional NOTE: For information about IPv6 BGP routing features. Apply a routing policy for the peer. Enable route reflection between clients. a route reflector uses its router ID as the cluster ID. reflect between-clients 18. Enable VPN target filtering for received BGP-VPNv6 subaddress family routes. policy vpn-target By default. Configuring inter-AS IPv6 VPN If the MPLS backbone that carries the IPv6 VPN routes spans multiple ASs. no routing policy is applied for a peer. peer ip-address public-as-only By default. rr-filter extended-community-list-number No route reflector or client is configured by default. Optional Enabled by default Optional By default. IPv6 MPLS L3VPN supports only inter-AS VPN option A and option C. 360 . Configure the local PE as the route reflector and specify the peer as the client.Step Command Remarks Optional 13. Create an RR reflection policy. peer ip-address reflect-client 17. Optional Enabled by default Optional 16. you need to configure inter-AS IPv6 VPN. see the chapter “Configuring MPLS L3VPN”). reflector cluster-id { cluster-id | ip-address } 19. Configuration prerequisites Before configuring inter-AS IPv6 VPN. see Layer 3—IP Routing Configuration Guide. a BGP update carries private AS numbers. Configure a cluster ID for the route reflector. complete these tasks: • Configuring an IGP for the MPLS backbone in each AS to implement IP connectivity • Configuring basic MPLS capabilities for the MPLS backbone of each AS • Configuring MPLS LDP for the MPLS backbones so that LDP LSPs can be established NOTE: The following sections describe inter-AS IPv6 VPN option A and option C. peer ip-address route-policy route-policy-name { export | import } Optional 15. There are three inter-AS VPN solutions (for more information. Configure BGP updates to the peer to not carry private AS numbers. 14. Select one according to your networking scenario.

bgp as-number N/A 3. ipv6-family vpnv6 N/A 7. Configuring inter-AS IPv6 VPN option C Configuring the PEs You need to establish ordinary IBGP peer relationships between PEs and ASBR PEs in an AS and MP-EBGP peer relationships between PEs in different ASs. Configure the ASBR PE in the same AS as the IBGP peer. peer { group-name | ip-address } as-number as-number Required 4. peer { group-name | ip-address } label-route-capability By default. The VPN instances on PEs allow CEs to access the network. you need to: • Perform basic IPv6 MPLS L3VPN configuration on each AS. For configuration information.” NOTE: In the inter-AS IPv6 VPN option A solution. In other words. peer { group-name | ip-address } as-number as-number Required 6. configure VPN instances on both PEs and ASBR PEs. while those on ASBR PEs are for access of the peer ASBR PEs. VPN targets configured on the PEs in different ASs do not have such requirements. Enable the PE to exchange labeled routes with the ASBR PE in the same AS. the VPN targets configured on the PEs must match those configured on the ASBR-PEs in the same AS to make sure that VPN routes sent by the PEs (or ASBR-PEs) can be received by the ASBR-PEs (or PEs). see the chapter “Configuring basic IPv6 MPLS L3VPN. It is easy to implement. 5.Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. To configure a PE for inter-AS IPv6 VPN option C: Step Command Remarks 1. for the same IPv6 VPN. The PEs and ASBR PEs in an AS must be able to exchange labeled routes. Enable the PE to exchange BGP VPNv6 routing information with the EBGP peer. Configure the PE of another AS as the EBGP peer. Enter BGP view. the PE does not advertise labeled routes to the IPv4 peer/peer group. system-view N/A 2. Enter system view. taking the peer ASBR PE as its CE. • Configure each ASBR. peer ip-address enable Required 361 . Enter BGP-VPNv6 subaddress family view. To configure inter-AS IPv6 option A.

ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] 362 Use either command. and bind the VPN instances with the interfaces connected to the VPN sites and those connected to the PE. • Assigns new MPLS labels to the labeled routes to be advertised to the PEs in the same AS. Configuration prerequisites Before you configure routing on an MCE. The configuration is the same as that in the Inter-AS IPv4 VPN option C solution (see the chapter “Configuring MPLS L3VPN”). and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information. it: • Assigns MPLS labels to routes received from the PEs in the same AS before advertising them to the peer ASBR PE. disable routing loop detection to avoid route loss during route calculation and disable route redistribution between routing protocols to save system resources. 2. configure VPN instances. Configuring routing on an MCE An MCE implements service isolation through route isolation. complete the following tasks: • On the MCE. so that the static routes of different IPv6 VPN instances can be isolated from each other. Perform this configuration on the MCE.Configuring the ASBR PEs In the inter-AS IPv6 VPN option C solution. The configuration is the same as that in the Inter-AS IPv4 VPN option C solution (see the chapter “Configuring MPLS L3VPN”). • Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity. MCE routing configuration includes: • MCE-VPN site routing configuration • MCE-PE routing configuration On the PE in an MCE network environment. . Command Remarks Enter system view. system-view N/A Required Configure IPv6 static routes for an IPv6 VPN instanceN/A. Configuring routing between MCE and VPN site Configuring static routing between MCE and VPN site An MCE can reach a VPN site through a static route. An MCE supports binding a static route with an IPv6 VPN instance. an inter-AS LSP is required. Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. On a VPN site. To configure static routing between MCE and VPN site: Step 1. Configuring the routing policy After you configure and apply a routing policy on an ASBR PE.

ensuring the separation and security of IPv6 VPN routes. By configuring OSPFv3 process-to-IPv6 VPN instance bindings on a MCE. you allow routes of different VPNs to be exchanged between the MCE and the sites through different RIPng processes. If you create an OSPFv3 process without binding it to an IPv6 VPN instance. Command Remarks ipv6 route-static vpn-instance s-vpn-instance-name&<1-6> ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] configure normal static routes. ripng process-id enable Disabled by default Optional 0 by default NOTE: For more information about RIPng. Configuring OSPFv3 between MCE and VPN site An OSPFv3 process belongs to the public network or a single IPv6 VPN instance. Return to system view. ipv6 route-static default-preference default-preference-value Optional 60 by default Configuring RIPng between MCE and VPN site A RIPng process belongs to the public network or a single IPv6 VPN instance. Enable RIPng on the interface. Create a RIPng process for a VPN instance and enter RIPng view. 3. you allow routes of different IPv6 VPNs to be exchanged between the MCE and the sites through different OSPFv3 processes. the process belongs to the public network. ensuring the separation and security of IPv6 VPN routes. interface interface-type interface-number N/A 7. ripng [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. 4. default cost value 5. Redistribute remote site routes advertised by the PE. Enter interface view. By configuring RIPng process-to-IPv6 VPN instance bindings on a MCE. no route of any other routing protocol is redistributed into RIPng. To configure OSPFv3 between MCE and VPN site: 363 . configure normal RIPng. Configure the default cost value for the redistributed routes. Enter system view. the process belongs to the public network.Step 3. On a VPN site. quit N/A 6. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name ] * By default. If you create a RIPng process without binding it to an IPv6 VPN instance. see Layer 3—IP Routing Configuration Guide. To configure RIPng between MCE and VPN site: Step Command Remarks 1. Configure the default precedence for IPv6 static routes. system-view N/A 2.

isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. Enable the IPv6 capacity for the IPv6 IS-IS process. ipv6 import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 364 By default. redistributed routes are added to the level-2 routing table by default. no route of any other routing protocol is redistributed into OSPFv3. Configuring IPv6 IS-IS between MCE and VPN site An IPv6 IS-IS process belongs to the public network or a single IPv6 VPN instance. quit N/A 6. ospfv3 [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE.Step Command Remarks 1.. ospfv3 process-id area area-id [ instance instance-id ] By default. router-id router-id Required 4. you allow routes of different IPv6 VPNs to be exchanged between the MCE and the sites through different IPv6 IS-IS processes. . Return to system view. ensuring the separation and security of IPv6 VPN routes. • For more information about OSPFv3. 3. NOTE: • Deleting a VPN instance will delete all related OSPFv3 processes at the same time. Configure a network entity title for the IS-IS process. interface interface-type interface-number N/A 7. system-view N/A 2. 5. By configuring IPv6 IS-IS process-to-IPv6 VPN instance bindings on a MCE. Enter system view. the process belongs to the public network. Create an IPv6 IS-IS process for a VPN instance and enter IS-IS view. If you create an IPv6 IS-IS process without binding it to an IPv6 VPN instance. On a VPN site. Enter interface view. no routes from any other routing protocol are redistributed to IPv6 IS-IS. import-route protocol [ process-id | allow-ibgp ] [ cost value | route-policy route-policy-name | type type ] * By default. OSPFv3 is disabled on an interface. see Layer 3—IP Routing Configuration Guide. Enter system view. To configure IPv6 IS-IS between MCE and VPN site: Step Command Remarks 1. Redistribute remote site routes advertised by the PE. Redistribute remote site routes advertised by the PE. Create an OSPFv3 process for a VPN instance and enter OSPFv3 view. 3. ipv6 enable Disabled by default Optional 5. If you do not specify the route level in the command. Enable OSPFv3 on the interface. system-view N/A 2. network-entity net Not configured by default 4. Set the router ID. configure normal OSPFv3. On a VPN site. configure normal IPv6 IS-IS.

the MCE does not filter the received routes. quit N/A 7. system-view N/A 2. 2. Configurations on the MCE To configure EBGP between MCE and VPN site: Step Command Remarks 1. Specify an IPv6 BGP peer in an AS. Enter system view. Enter IPv6 BGP-VPN instance view. interface interface-type interface-number N/A 8. Enter BGP view. 6. see Layer 3—IP Routing Configuration Guide. ipv6-family vpn-instance vpn-instance-name Required 4. isis ipv6 enable [ process-id ] Disabled by default NOTE: For more information about IPv6 IS-IS.Step Command Remarks 6. Optional By default. peer ipv6-address as-number as-number Required 5. and redistribute the IGP routes of each VPN instance on the IPv6 VPN sites. you also can configure filtering policies to filter the received routes and the routes to be advertised. 1. the IPv6 BGP route exchange for the IPv6 VPN instance is the same with the normal IPv6 BGP VPN route exchange. Configure a filtering policy to filter the routes to be advertised. Return to system view. you must configure a BGP peer for each IPv6 VPN instance on the MCE. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } import 7. Enter interface view. import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] By default. see Layer 3—IP Routing Configuration Guide. For more information about IPv6 BGP. bgp as-number N/A 3. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } export [ direct | isisv6 process-id | ripng process-id | static ] Configure a filtering policy to filter the received routes. Redistribute remote site routes advertised by the PE. If EBGP is used for route exchange. the MCE does not filter the routes to be advertised. Configuring EBGP between MCE and VPN site To use EBGP for exchanging routing information between an MCE and IPv6 VPN sites. Optional By default. No route redistribution is configured. Enable the IPv6 IS-IS process on the interface. NOTE: After you configure an IPv6 BGP VPN instance. Configurations on a VPN site To configure EBGP between MCE and VPN site: 365 .

Enter BGP view. no route redistribution is configured. Enter system view. Configuring routing between MCE and PE MCE-PE routing configuration includes these tasks: • Bind the MCE-PE interfaces to IPv6 VPN instances • Perform routing configurations • Redistribute IPv6 VPN routes into the routing protocol running between the MCE and the PE. Enter system view. Configure static routes for an IPv6 VPN instanceN/A. 5. NOTE: Configurations in this section are configured on the MCE. 2. Enter IPv6 address family view. A VPN site must advertise the IPv6 VPN network addresses it can reach to the connected MCE. 3. ipv6-family N/A 4. Configurations on the PE are similar to those on the PE in common IPv6 MPLS L3VPN network solutions (see “Configuring routing between PE and CE”). Configuring IPv6 static routing between MCE and PE To configure static routing between MCE and PE: Step 1. bgp as-number N/A 3. import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] By default. Optional 60 by default . Command Remarks system-view N/A ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] Required ipv6 route-static vpn-instance s-vpn-instance-name&<1-6> ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] ipv6 route-static default-preference default-preference-value 366 User either command. system-view N/A 2. Configure the MCE as the EBGP peer. Configure the default precedence for static routes.Step Command Remarks 1. peer ipv6-address as-number as-number Required Optional Redistribute the IGP routes of the VPN.

see Layer 3—IP Routing Configuration Guide. Return to system view. system-view N/A 2. default cost value 5. Configuring OSPFv3 between MCE and PE To configure OSPFv3 between MCE and PE: Step Command Remarks 1. 4. interface interface-type interface-number N/A 3. router-id router-id Required Redistribute the VPN routes. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ bgp4+ | direct | isisv6 process-id | ospfv3 process-id | ripng process-id | static ] 6. quit N/A 6. Enter interface view. Configure the default cost value for the redistributed routes. import-route protocol [ process-id | allow-ibgp ] [ cost value | route-policy route-policy-name | type type ] * By default. redistributed routes are not filtered. Configure a filtering policy to filter the redistributed routes. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name ] * By default. Enter interface view. ripng [ process-id ] vpn-instance vpn-instance-name Required 3. interface interface-type interface-number N/A 7. Enter system view. no route of any other routing protocol is redistributed into OSPFv3. 367 Optional By default. no route of any other routing protocol is redistributed into RIPng.Configuring RIPng between MCE and PE To configure RIPng between MCE and PE: Step Command Remarks 1. Optional 0 by default NOTE: For more information about RIPng. Enter system view. ripng process-id enable Disabled by default. Create a RIPng process for an IPv6 VPN instance and enter RIPng view. 5. 4. Return to system view. Enable the RIPng process on the interface. Redistribute the VPN routes. Create an OSPFv3 process for an IPv6 VPN instance and enter OSPFv3 view. . system-view N/A 2. quit N/A 7. ospfv3 [ process-id ] vpn-instance vpn-instance-name Required Set the router ID.

Configuring EBGP between MCE and PE To configure EBGP between MCE and PE: 368 . see Layer 3—IP Routing Configuration Guide. Create an IS-IS process for an IPv6 VPN instance and enter IS-IS view. Enter interface view. the command will redistribute routes to the level-2 routing table by default. Configuring IPv6 IS-IS between MCE and PE To configure IPv6 IS-IS between MCE and PE: Step Command Remarks 1. Redistribute the VPN routes. Optional By default.Step 8. quit N/A 8. If you do not specify the route level in the command. Return to system view. isis ipv6 enable [ process-id ] Disabled by default. NOTE: For more information about IPv6 IS-IS. NOTE: For more information about OSPFv3. 5. ipv6 filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } export [ protocol [ process-id ] ] Optional 7. interface interface-type interface-number N/A 9. IPv6 IS-IS does not filter redistributed routes. By default. Command Remarks ospfv3 process-id area area-id [ instance instance-id ] Disabled by default. see Layer 3—IP Routing Configuration Guide. Enter system view. 4. Configure a network entity title. Enable the IPv6 capacity for the IS-IS process. Enable IPv6 for the IS-IS process on the interface. ipv6 enable Disabled by default. isis [ process-id ] vpn-instance vpn-instance-name Required 3. ipv6 import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * Configure a filtering policy to filter the redistributed routes. system-view N/A 2. 6. Enable the OSPFv3 process on the interface. network-entity net Not configured by default. IS-IS does not redistribute routes of any other routing protocol.

Optional By default. use the soft reset function or reset BGP connections to make the changes take effect. see Layer 3—IP Routing Configuration Guide. Optional By default. Enter system view. reset bgp ipv6 vpn-instance vpn-instance-name { as-number | ipv6-address | all | external } Available in user view Reset BGP VPNv6 connections. For more information about IPv6 BGP. Enter IPv6 BGP-VPN instance view. Step Command Remarks Soft reset the IPv6 BGP connections of a VPN instance. Redistribute the VPN routes. Configure the PE as the EBGP peer. NOTE: IPv6 BGP runs within a VPN in the same way as it runs within a public network. reset bgp vpnv6 { as-number | ip-address | all | external | internal } Available in user view 1. refresh bgp vpnv6 { ip-address | all | external | internal } { export | import } Available in user view 3. Enter BGP view.Step Command Remarks 1. Displaying and maintaining IPv6 MPLS L3VPN Resetting BGP connections When BGP configuration changes. BGP does not filter the received routes. Configure a filtering policy to filter the routes to be advertised. 4. which means supporting Route-Refresh messages. Reset the IPv6 BGP connections of a VPN instance. BGP does not filter the routes to be advertised. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } export [ direct | isisv6 process-id | ripng process-id | static ] Configure a filtering policy to filter the received routes. system-view N/A 2. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } import 7. bgp as-number N/A 3. import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] By default. ipv6-family vpn-instance vpn-instance-name Required 4. No route redistribution is configured. peer ipv6-address as-number as-number Required 5. Soft reset requires that BGP peers have the route refreshment capability. Displaying information about IPv6 MPLS L3VPN 369 . Soft reset the BGP VPNv6 connections. 6. refresh bgp ipv6 vpn-instance vpn-instance-name { ipv6-address | all | external } { export | import } Available in user view 2.

display bgp vpnv6 route-distinguisher route-distinguisher routing-table [ network-address prefix-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the BGP VPNv6 routing information of a VPN instance. display ipv6 fib vpn-instance vpn-instance-name [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display a VPN instance’s FIB entries that match the specified destination IPv6 address. see Layer 3—IP Routing Command Reference.Task Command Remarks Display information about the IPv6 routing table associated with a VPN instance. display bgp vpnv6 vpn-instance vpn-instance-name peer [ ipv6-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display all BGP VPNv6 routing information. 370 . display bgp vpnv6 all peer [ ipv4-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about IPv6 BGP peers established between the PE and CE in a VPN instance. display bgp vpnv6 vpn-instance vpn-instance-name routing-table [ network-address prefix-length [ longer-prefixes ] | peer ipv6-address { advertised-routes | received-routes } ] [ | { begin | exclude | include } regular-expression ] Available in any view NOTE: For commands that display information about a routing table. display bgp vpnv6 all routing-table [ network-address prefix-length [ longer-prefixes ] | peer ip-address { advertised-routes | received-routes } [ statistic ] | statistic ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the BGP VPNv6 routing information of an RD. display ipv6 fib vpn-instance vpn-instance-name ipv6-address [ prefix-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about BGP VPNv6 peers established between PEs. display ipv6 routing-table vpn-instance vpn-instance-name [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about a specific VPN instance or all VPN instances. display ip vpn-instance [ instance-name vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the IPv6 FIB of a VPN instance.

1.IPv6 MPLS L3VPN configuration examples Configuring IPv6 MPLS L3VPNs Network requirements • CE 1 and CE 3 belong to VPN 1. Users of different VPNs cannot access each other.9 32 371 . • VPN 1 uses VPN target attributes 111:1.9/32 PE 1 Loop0 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1. VPN 2 uses VPN target attributes 222:2.2.9/32 POS2/1/1 172.2. • EBGP is used to exchange VPN routing information between CEs and PEs.1.9/32 PE 2 POS2/1/1 172.1.1. Configure OSPF on the MPLS backbone to achieve IP connectivity among the PEs and the P router.2/24 GE4/1/1 2001:1::2/96 POS2/1/2 172.1.1/24 GE4/1/2 2001:2::2/96 Loop0 3. CE 2 and CE 4 belong to VPN 2.1. Figure 87 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 3 CE 1 GE4/1/1 GE4/1/1 Loop0 GE4/1/1 PE 2 PE 1 POS2/1/1 POS2/1/1 Loop0 GE4/1/2 GE4/1/1 POS2/1/2 POS2/1/1 Loop0 GE4/1/2 P MPLS backbone GE4/1/1 GE4/1/1 CE 2 CE 4 VPN 2 VPN 2 AS 65420 AS 65440 Device Interface IP address Device Interface IP address CE 1 GE4/1/1 2001:1::1/96 P Loop0 2.1. # Configure PE 1.1.2.3. • PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.2/24 CE 4 GE4/1/1 2001:4::1/96 Configuration procedure 1.3.1.1/24 GE4/1/1 2001:3::2/96 CE 2 GE4/1/1 2001:2::1/96 GE4/1/2 2001:4::2/24 CE 3 GE4/1/1 2001:3::1/96 POS2/1/1 172.2.

0 0.0.255 [P-ospf-1-area-0.3.0.0] network 1.0.0 [P-ospf-1-area-0.0.0.9 0.[PE1-LoopBack0] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] ip address 172.2.0. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.0.0.0.0] quit [P-ospf-1] quit # Configure PE 2.0.0.0.2.0.3.1. The output shows that the PEs have learned the routes to the loopback interfaces of each other.2.2.3.0.0.1.2.0.2 24 [P-POS2/1/1] quit [P] interface POS 2/1/2 [P-POS2/1/2] ip address 172. OSPF adjacencies are established between PE 1.0.1.9 32 [P-LoopBack0] quit [P] interface pos2/1/1 [P-POS2/1/1] ip address 172.2.0.0. and PE 2.0 0.3.0 0.0 [PE1-ospf-1-area-0.2.0.255 [P-ospf-1-area-0.1.0. P.9 32 [PE2-LoopBack0] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] ip address 172.0] network 172.1.0] quit [PE1-ospf-1] quit # Configure the P router.0] network 3.9 0.0 [PE2-ospf-1-area-0.0.0.0. Issue the display ip routing-table command.1.0.0] quit [PE2-ospf-1] quit After you complete the configurations.1.0.0] network 2. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.1.2 24 [PE2-POS2/1/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0 0.255 [PE2-ospf-1-area-0.0.1 24 [P-POS2/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.1.0.1.1 24 [PE1-POS2/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0] network 172.0. The following takes PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public 372 .0] network 172.255 [PE1-ospf-1-area-0.1. Issue the display ospf peer command.1.0.0] network 172.9 0.1.0.0.1. The output shows that the adjacency is in Full state.2.

1.1.1 InLoop0 127.1. [P] mpls lsr-id 2.1/32 Direct 0 0 127.1.0.1 InLoop0 172.1.9 Neighbors Area 0.1.9/32 Routes : 9 Pre Cost NextHop Interface Direct 0 0 127.1.0/24 OSPF 1 172.2.0.3.0/8 Direct 0 0 127. 373 .1.0. [PE1] mpls lsr-id 1.1.9/32 OSPF 10 2 172.1.9/32 2.2/32 Direct 0 0 172.1 InLoop0 172.0.1.1(POS2/1/1)'s neighbors Router ID: 172.1/32 Direct 0 0 127.2 POS2/1/1 10 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1 POS2/1/1 172.2 POS2/1/1 127.1. Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs.1.2 State: Full DR: None Address: 172.2 POS2/1/1 172.0 interface 172.3.1.0.1.0.2.1.2 POS2/1/1 3. # Configure PE 1.0.1.0.0.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit # Configure the P router.2.2.1.0.1 InLoop0 OSPF 10 1 172.1.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos2/1/1 [P-POS2/1/1] mpls [P-POS2/1/1] mpls ldp [P-POS2/1/1] quit [P] interface POS 2/1/2 [P-POS2/1/2] mpls [P-POS2/1/2] mpls ldp [P-POS2/1/2] quit # Configure PE 2.0.1.0.0/24 Direct 0 0 172.1.0.1.0.1.1.Destinations : 9 Destination/Mask Proto 1.2.1.1.1.1.2 Mode:Nbr is BDR: None Dead timer due in 38 Master GR State: Normal Priority: 1 MTU: 1500 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 2.1.

LDP sessions are established between PE 1.9:0 Operational DU Passive Off Off 5/5 --------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1. P. The output shows the LSPs established by LDP. Configure IPv6 VPN instances on the PEs to allow the CEs to access.9/32 3/NULL 127.2.[PE2] mpls lsr-id 3.1.3. The output shows that the session status is Operational.9/32 NULL/1024 172.2.2. Issue the display mpls ldp session command. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet4/1/1] quit [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 374 . The following takes PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv --------------------------------------------------------------2. and PE 2.9/32 NULL/3 172.0.3.1.3.2.0.2 -------/POS2/1/1 3 3.1. Issue the display mpls ldp lsp command. # Configure PE 1.1 POS2/1/1/InLoop0 2 2.1.1.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations.3.2 -------/POS2/1/1 -----------------------------------------------------------------A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale 3.

Use the ping command to test connectivity between the PEs and their attached CEs. (Details not shown) After completing the configurations.2001:1::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms 375 time = 1 ms . The PEs can ping their attached CEs.[PE1-GigabitEthernet4/1/2] ipv6 address 2001:2::2 96 [PE1-GigabitEthernet4/1/2] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ipv6 address 2001:3::2 96 [PE2-GigabitEthernet4/1/1] quit [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet4/1/2] ipv6 address 2001:4::2 24 [PE2-GigabitEthernet4/1/2] quit # Configure IP addresses for the CEs as required in Figure 87. The following takes PE 1 and CE 1 as an example: [PE1] display ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create Time vpn1 100:1 2006/08/13 09:32:45 vpn2 100:2 2006/08/13 09:42:59 [PE1] ping ipv6 -vpn-instance vpn1 2001:1::1 PING 2001:1::1 : 56 data bytes. press CTRL_C to break Reply from 2001:1::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=5 hop limit=64 --. issue the display ip vpn-instance command on the PEs to view information about the VPN instances.

issue the display bgp vpnv6 vpn-instance peer command on the PEs.3. BGP peer relationships have been established between the PEs and CEs. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] ipv6-family vpn-instance vpn2 [PE1-bgp-ipv6-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp] quit NOTE: The configurations for PE 2 are similar to those for PE 1. and have reached Established state.3. # Configure PE 1. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit NOTE: The configurations for the CE 2 through CE 4 are similar. The following takes the PE 1-CE 1 BGP peer relationship as an example: [PE1] display bgp vpnv6 vpn-instance vpn1 peer BGP local router ID : 1. (Details not shown) # Configure PE 1.4.9 as-number 100 [PE1-bgp] peer 3.3.3.9 enable [PE1-bgp-af-vpnv6] quit [PE1-bgp] quit # Configure PE 2. # Configure CE 1. Establish EBGP peer relationships between the PEs and CEs to allow them to exchange VPN routes.3.1. (Details not shown) After completing the configurations. 376 . [PE1] bgp 100 [PE1-bgp] peer 3.1.3.9 Local AS number : 100 Total number of peers : 1 Peer 2001:1::1 5. AS Peers in established state : 1 MsgRcvd MsgSent OutQ 65410 11 9 0 PrefRcv Up/Down State 1 00:06:37 Established Configure an MP-IBGP peer relationship between the PEs.9 connect-interface loopback 0 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 3.

You can see a BGP peer relationship has been established between the PEs.9 connect-interface loopback 0 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.[PE2] bgp 100 [PE2-bgp] peer 1. [PE1] display bgp peer BGP local router ID : 1.1.9 100 MsgRcvd Peers in established state : 1 MsgSent 2 6 OutQ PrefRcv 0 0 Up/Down State 00:00:12 Established Verify your configurations # Issue the display ipv6 routing-table vpn-instance command on the PEs. The output shows the routes to the CEs.1.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit After completing the configurations.1.9 as-number 100 [PE2-bgp] peer 1.1.3.9 Local AS number : 100 Total number of peers : 1 6. The following takes PE 1 as an example: [PE1] display ipv6 routing-table vpn-instance vpn1 Routing Table : Destinations : 3 Routes : 3 Destination: 2001:1::/96 Protocol NextHop : 2001:1::2 Preference: 0 : Direct Interface : GE4/1/1 Cost : 0 Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:2::/96 Protocol : BGP4+ NextHop : ::FFFF:303:309 Preference: 0 Interface : NULL0 Cost : 0 Destination: 2001:3::/96 Protocol : Direct NextHop : 2001:3::2 Preference: 0 Interface : GE4/1/2 Cost : 0 Destination: 2001:3::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:4::/96 Protocol : BGP4+ NextHop Preference: 0 [PE1] display ipv6 routing-table vpn-instance vpn2 Routing Table : Destinations : 3 Routes : 3 : ::FFFF:303:309 377 . issue the display bgp peer command or the display bgp vpnv6 all peer command on the PEs.1.1.1.3. Peer AS 3. and has reached Established state.

For example. but cannot ping CE 4 (2001:4::1): [CE1] ping ipv6 2001:3::1 PING 2001:3::1 : 56 data bytes.00% packet loss round-trip min/avg/max = 1/1/1 ms [CE1] ping ipv6 2001:4::1 PING 2001:4::1 : 56 data bytes. CEs of the same VPN can ping each other. • The MPLS backbone in each AS runs OSPF. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200. 378 .2001:3::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. ping other CEs. whereas those of different VPNs should not. the VRF-to-VRF method is used to manage VPN routes. That is.Interface : NULL0 Cost : 0 # From each CE. CE 1 can ping CE 3 (2001:3::1).00% packet loss round-trip min/avg/max = 0/0/0 ms Configuring inter-AS IPv6 VPN option A Network requirements • CE 1 and CE 2 belong to the same VPN. press CTRL_C to break Reply from 2001:3::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms --.2001:4::1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100. • An inter-AS IPv6 MPLS L3VPN is implemented using option A. press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --.

9/32 Loop0 3.9/32 POS2/1/1 172.1.3.1.1.4. After you complete the configurations. # Configure basic MPLS on PE 1 and enable MPLS LDP for both PE 1 and the interface connected to ASBR-PE 1. Issue the display ospf peer command and ping command.Figure 88 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 POS2/1/2 POS2/1/1 Loop0 POS2/1/2 ASBR-PE 2 ASBR-PE 1 POS2/1/1 POS2/1/1 Loop0 POS2/1/1 PE 2 PE 1 GE4/1/1 GE4/1/1 GE4/1/1 GE4/1/1 CE 1 CE 2 AS 65001 Device AS 65002 Interface IP address CE 1 GE4/1/1 2001:1::1/96 CE 2 GE4/1/1 2001:2::1/96 PE 1 Loop0 1.1. Configure an IGP (such as OSPF) on each MPLS backbone to ensure IP connectivity within the backbone.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp 379 .9/32 PE 2 Loop0 4.2/24 POS2/1/1 162.2/24 Loop0 2. (Details not shown) NOTE: Be sure to advertise the route to the 32-bit loopback interface address of each router through OSPF.1.1. each ASBR PE and the PE in the same AS can establish an OSPF adjacency. Configure basic MPLS and enable MPLS LDP on each MPLS backbone to establish LDP LSPs.4. The loopback interface address of a router is to be used as the router’s LSR ID.3.2.1/24 POS2/1/1 162. 2. <PE1> system-view [PE1] mpls lsr-id 1.1.1/24 POS2/1/2 2002:1::1/96 POS2/1/2 2002:1::2/96 ASBR-PE1 Device ASBR-PE2 Interface IP address Configuration procedure 1.1. and that the PE and ASBR PE in the same AS have learned the routes to the loopback interfaces of each other and can ping each other.2. the output shows that the adjacencies are in Full state.1.1.1.9/32 GE4/1/1 2001:1::2/96 GE4/1/1 2001:2::2/96 POS2/1/1 172.

Issue the display mpls ldp session command on the routers.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface pos2/1/1 [ASBR-PE2-POS2/1/1] mpls [ASBR-PE2-POS2/1/1] mpls ldp [ASBR-PE2-POS2/1/1] quit # Configure basic MPLS on PE 2 and enable MPLS LDP for both PE 2 and the interface connected to ASBR-PE 2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations. <ASBR-PE2> system-view [ASBR-PE2] mpls lsr-id 3.4. The output shows that the session status is Operational. <PE2> system-view [PE2] mpls lsr-id 4.2.4. Configure a VPN instance on the PEs to allow the CEs to access 380 .[PE1-mpls-ldp] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit # Configure basic MPLS on ASBR-PE 1 and enable MPLS LDP for both ASBR-PE 1 and the interface connected to PE 1. each PE and the ASBR PE in the same AS can establish the LDP neighbor relationship.3. 3. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.3.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos2/1/1 [ASBR-PE1-POS2/1/1] mpls [ASBR-PE1-POS2/1/1] mpls ldp [ASBR-PE1-POS2/1/1] quit # Configure basic MPLS on ASBR-PE 2 and enable MPLS LDP for both ASBR-PE 2 and the interface connected to PE 2.

# Configure CE 1.NOTE: For the same VPN. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet4/1/1] quit # Configure CE 2. [ASBR-PE2] ip vpn-instance vpn1 [ASBR-PE2-vpn-vpn1] route-distinguisher 200:1 [ASBR-PE2-vpn-vpn1] vpn-target 100:1 both 381 . This is not required for PEs in different ASs. creating a VPN instance and binding the VPN instance to the interface connected to ASBR-PE 2 (ASBR-PE 1 considers ASBR-PE 2 its attached CE). [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:2 [PE2-vpn-instance-vpn1] vpn-target 100:1 both [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ipv6 address 2001:2::2 96 [PE2-GigabitEthernet4/1/1] quit # Configure ASBR-PE 1. the VPN targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. [ASBR-PE1] ip vpn-instance vpn1 [ASBR-PE1-vpn-vpn1] route-distinguisher 100:1 [ASBR-PE1-vpn-vpn1] vpn-target 100:1 both [ASBR-PE1-vpn-vpn1] quit [ASBR-PE1] interface POS 2/1/2 [ASBR-PE1-POS2/1/2] ip binding vpn-instance vpn1 [ASBR-PE1-POS2/1/2] ipv6 address 2002:1::1 96 [ASBR-PE1-POS2/1/2] quit # Configure ASBR-PE 2. <CE2> system-view [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ipv6 address 2001:2::1 96 [CE2-GigabitEthernet4/1/1] quit # Configure PE 2. creating a VPN instance and binding the VPN instance to the interface connected to ASBR-PE 1 (ASBR-PE 2 considers ASBR-PE 1 its attached CE). <CE1> system-view [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ipv6 address 2001:1::1 96 [CE1-GigabitEthernet4/1/1] quit # Configure PE 1.

[ASBR-PE2-vpn-vpn1] quit [ASBR-PE2] interface POS 2/1/2 [ASBR-PE2-POS2/1/2] ip binding vpn-instance vpn1 [ASBR-PE2-POS2/1/2] ipv6 address 2002:1::2 96 [ASBR-PE2-POS2/1/2] quit After completing the configurations. you can view the VPN instance information by issuing the display ip vpn-instance command.2. 4. [PE1] bgp 100 [PE1-bgp] peer 2. and ASBR-PE 1 and ASBR-PE 2 can ping each other. Establish EBGP peer relationships between PEs and CEs to allow them to exchange VPN routes.9 as-number 100 [PE1-bgp] peer 2.9 connect-interface loopback 0 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 2.2.2.2. Establish an IBGP peer relationship between each PE and the ASBR PE in the same AS and an EBGP peer relationship between the ASBR PEs # Configure PE 1. Each PE can ping its attached CE. [PE2] bgp 200 [PE2-bgp] ipv6-family vpn-instance vpn1 [PE2-bgp-ipv6-vpn1] peer 2001:2::1 as-number 65002 [PE2-bgp-ipv6-vpn1] import-route direct [PE2-bgp-ipv6-vpn1] quit [PE2-bgp] quit 5.2. [CE1] bgp 65001 [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit # Configure PE 1.2. # Configure CE 1. 382 .9 enable [PE1-bgp-af-vpnv6] quit [PE1-bgp] quit # Configure ASBR-PE 1. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65001 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE1-bgp] ipv6-family [CE2-bgp-af-ipv6] peer 2001:2::2 as-number 200 [CE2-bgp-af-ipv6] import-route direct [CE2-bgp-af-ipv6] quit # Configure PE 2.

1. • ASBR-PE 1 and ASBR-PE 2 use MP-EBGP to exchange labeled IPv4 routes.4.4. • PEs in the same AS run IS-IS.9 as-number 200 [ASBR-PE2-bgp] peer 4. • ASBR-PE 1 and ASBR-PE 2 use their respective routing policies and label the routes received from each other.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1. display the routing table and use the ping command. [PE2] bgp 200 [PE2-bgp] peer 3. • PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP. The CEs have learned the route to each other and can ping each other.3.3. Verify your configurations After you complete the configurations.1.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit 6.[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 as-number 200 [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp] peer 1. • PE 1 and PE 2 are MP-EBGP peers.3.3.9 as-number 200 [PE2-bgp] peer 3.4.3.1.9 connect-interface loopback 0 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 3. 383 .4.4.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1. • PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP.4. Site 1 accesses the network through PE 1 in AS 100 and Site 2 accesses the network through PE 2 in AS 600.9 enable [ASBR-PE2-bgp-af-vpnv6] quit [ASBR-PE2-bgp] quit # Configure PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE2-bgp-ipv6-vpn1] peer 2002:1::1 as-number 100 [ASBR-PE2-bgp-ipv6-vpn1] quit [ASBR-PE2-bgp] peer 4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv6-family vpnv6 [ASBR-PE2-bgp-af-vpnv6] peer 4.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2.3. Configuring inter-AS IPv6 VPN option C Network requirements • Site 1 and Site 2 belong to the same VPN.

9/32 Loop1 2001:1::1/128 Loop1 2001:1::2/12 8 POS4/1/1 1.2/8 POS4/1/2 11.111. and enable MPLS and LDP.2.2.2.9/32 ASBR-PE 1 ASBR-PE 2 POS4/1/1 1.2.1.1.1/8 Configuration procedure 1.3.00 [PE1-isis-1] quit # Configure an LSR ID.111.1.0.111.9 [PE1] mpls [PE1-mpls] label advertise non-null [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface POS 4/1/1. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.1.1.1/8 POS4/1/2 11.1.1/8 POS4/1/1 9. and start IS-IS and enable MPLS and LDP on the interface.2/8 Loop0 3.2 255.4.0. [PE1] mpls lsr-id 2.0 [PE1-POS4/1/1] isis enable 1 [PE1-POS4/1/1] mpls [PE1-POS4/1/1] mpls ldp [PE1-POS4/1/1] quit # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface POS 4/1/1 [PE1-POS4/1/1] ip address 1.3.0.4.2.1.111.Figure 89 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.9/32 PE 2 Loop0 5.9 32 [PE1-LoopBack0] isis enable 1 384 .2.0.1.9/32 Loop0 4.1.2/8 POS4/1/1 9.0. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10. Configure PE 1 # Configure IS-IS on PE 1.1.5.0.5.

5.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] label advertise non-null [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit # Configure interface POS 4/1/1.9.3.00 [ASBR-PE1-isis-1] quit # Configure an LSR ID.222.3.5.3.5.9 connect-interface loopback 0 [PE1-bgp] peer 3. and start IS-IS and enable MPLS and LDP on the interface. [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] quit 2.5.3. [PE1-bgp] peer 5. [PE1] bgp 100 # Configure the capability to advertise labeled routes to and receive labeled routes from IBGP peer 3. [ASBR-PE1] mpls lsr-id 3.5.9 connect-interface loopback 0 [PE1-bgp] peer 5.9 ebgp-max-hop 10 # Configure peer 5.5.3. Configure ASBR-PE 1 # Start IS-IS on ASBR-PE 1.3.5.9 as-number 600 [PE1-bgp] peer 5. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1.9 enable [PE1-bgp-af-vpnv6] quit # Redistribute direct routes to the routing table of vpn1.3. [PE1-bgp] peer 3. [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 5. <ASBR-PE1> system-view [ASBR-PE1] isis 1 [ASBR-PE1-isis-1] network-entity 10.9 as a VPNv6 peer. and configure the RD and VPN target attributes for it.222. 385 .9 as 10.5.9 label-route-capability # Configure the maximum hop count from PE 1 to EBGP peer 5. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ipv6 address 2001:1::1 128 [PE1-LoopBack1] quit # Start BGP on PE 1.5.5. and enable MPLS and LDP.[PE1-LoopBack0] quit # Create VPN instance vpn1.5.3.5.222.3.3.222.9 as-number 100 [PE1-bgp] peer 3.

9.2.2.00 386 .0.0.1. [ASBR-PE1] interface POS 4/1/2 [ASBR-PE1-POS4/1/2] ip address 11.0.3.0 [ASBR-PE1-POS4/1/2] mpls [ASBR-PE1-POS4/1/2] quit # Configure interface Loopback 0 and start IS-IS on it.2.0.0 [ASBR-PE1-POS4/1/1] isis enable 1 [ASBR-PE1-POS4/1/1] mpls [ASBR-PE1-POS4/1/1] mpls ldp [ASBR-PE1-POS4/1/1] quit # Configure interface POS 4/1/2 and enable MPLS on it. [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy1] apply mpls-label [ASBR-PE1-route-policy1] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy2] if-match mpls-label [ASBR-PE1-route-policy2] apply mpls-label [ASBR-PE1-route-policy2] quit # Start BGP on ASBR-PE 1 and redistribute routes from IS-IS process 1.1.0. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.2.2.9 route-policy policy2 export # Configure the capability to advertise labeled routes to and receive labeled routes from IBGP peer 2.222.1.9.0.0. [ASBR-PE1-bgp] peer 2. [ASBR-PE1-bgp] peer 11.3.0.0.0.0.222.1 route-policy policy1 export # Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.2 255. <ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.0.2.1 as-number 600 [ASBR-PE1-bgp] peer 11.2.1.2. [ASBR-PE1-bgp] peer 2.2. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] import-route isis 1 # Apply routing policy policy2 to filter routes advertised to IBGP peer 2.0.[ASBR-PE1] interface POS 4/1/1 [ASBR-PE1-POS4/1/1] ip address 1.9 connect-interface loopback 0 [ASBR-PE1-bgp] peer 2.2. [ASBR-PE1-bgp] peer 11.222.0.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Create routing policies. Configure ASBR-PE 2 # Start IS-IS on ASBR-PE 2.2.1 label-route-capability [ASBR-PE1-bgp] quit 3.9 as-number 100 [ASBR-PE1-bgp] peer 2.2.222.1 255.9 label-route-capability # Apply routing policy policy1 to filter routes advertised to EBGP peer 11.0.0.

9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Configure interface POS 4/1/2 and enable MPLS on it.0.0.0.0.5.0.5.5.0.0.2.1.5.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface POS 4/1/1.0.5.9.4.1 255.0.9.9 label-route-capability # Apply routing policy policy2 to filter routes advertised to IBGP peer 5.1.[ASBR-PE2-isis-1] quit # Configure an LSR ID. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.9 route-policy policy2 export # Apply routing policy policy1 to filter routes advertised to EBGP peer 11.0. [ASBR-PE2-bgp] peer 11.9 connect-interface loopback 0 [ASBR-PE2-bgp] peer 5.0.0 [ASBR-PE2-POS4/1/2] mpls [ASBR-PE2-POS4/1/2] quit # Create routing policies. and start IS-IS and enable MPLS and LDP on the interface.0 [ASBR-PE2-POS4/1/1] isis enable 1 [ASBR-PE2-POS4/1/1] mpls [ASBR-PE2-POS4/1/1] mpls ldp [ASBR-PE2-POS4/1/1] quit # Configure interface Loopback 0 and start IS-IS on it.2 as-number 100 [ASBR-PE2-bgp] peer 11.5.4.5.2 route-policy policy1 export 387 . [ASBR-PE2] interface POS 4/1/2 [ASBR-PE2-POS4/1/2] ip address 11. and enable MPLS and LDP.9 as-number 600 [ASBR-PE2-bgp] peer 5. [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy1] apply mpls-label [ASBR-PE2-route-policy1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy2] if-match mpls-label [ASBR-PE2-route-policy2] apply mpls-label [ASBR-PE2-route-policy2] quit # Start BGP on ASBR-PE 2 and redistribute routes from IS-IS process 1.4.5.0. [ASBR-PE2] mpls lsr-id 4.5. [ASBR-PE2-bgp] peer 5. [ASBR-PE2] interface POS 4/1/1 [ASBR-PE2-POS4/1/1] ip address 9.1 255.5.4.5. [ASBR-PE2-bgp] peer 5.5. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] import-route isis 1 # Configure the capability to advertise labeled routes to and receive labeled routes from IBGP peer 5.

2 label-route-capability [ASBR-PE2-bgp] quit 4. Configure PE 2 # Start IS-IS on PE 2.4.9 [PE2] mpls [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface POS 4/1/1.4.111.0. and enable MPLS and LDP.4.2.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes for it.5.4.4. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 11:11 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1.5.9 connect-interface loopback 0 388 .0.111. [PE2] mpls lsr-id 5.0. [PE2-bgp] peer 4.0. [PE2] interface POS 4/1/1 [PE2-POS4/1/1] ip address 9. [PE2] bgp 600 # Configure the capability to advertise labeled routes to and receive labeled routes from IBGP peer 4.# Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.111. and start IS-IS and enable MPLS and LDP on the interface.5. [PE2] interface loopback 1 [PE2-LoopBack1] ip binding vpn-instance vpn1 [PE2-LoopBack1] ipv6 address 2001:1::2 128 [PE2-LoopBack1] quit # Start BGP.00 [PE2-isis-1] quit # Configure an LSR ID.0 [PE2-POS4/1/1] isis enable 1 [PE2-POS4/1/1] mpls [PE2-POS4/1/1] mpls ldp [PE2-POS4/1/1] quit # Configure interface Loopback 0 and start IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.1.5.111.0.9. [ASBR-PE2-bgp] peer 11.1.2 255.9 as-number 600 [PE2-bgp] peer 4.4.

[PE2-bgp] ipv6-family vpn-instance vpn1 [PE2-bgp-ipv6-vpn1] import-route direct [PE2-bgp-ipv6-vpn1] quit [PE2-bgp] quit 5. press CTRL_C to break Reply from 2001:1::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms --.9 as a VPNv6 peer.2. press CTRL_C to break Reply from 2001:1::2 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:1::2 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:1::2 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::2 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::2 bytes=56 Sequence=5 hop limit=64 --. ping the other PE.2. Verify your configurations # From each PE.9 as-number 100 [PE2-bgp] peer 2.9 ebgp-max-hop 10 # Configure peer 2.2001:1::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms [PE1] ping ipv6 –vpn-instance vpn1 2001:1::2 PING 2001:1::2 : 56 data bytes.2. [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 2.2001:1::2 ping statistics --- 389 time = 1 ms .2. [PE2-bgp] peer 2.4.2.2.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.4.2. PE 1 and PE 2 can ping each other: [PE2] ping ipv6 –vpn-instance vpn1 2001:1::1 PING 2001:1::1 : 56 data bytes.9 enable [PE2-bgp-af-vpnv6] quit # Redistribute direct routes to the routing table of vpn1.9 connect-interface loopback 0 [PE2-bgp] peer 2.9 as 10.[PE2-bgp] peer 4.2.2.2.

In this scenario: • PE 1 and PE 2 are the provider carrier’s PE routers.1.9/32 PE 4 Loop0 6. They provide VPN services to the customer carrier. .1. They provide IPv6 MPLS L3VPN services to end customers.1.1. • PE 3 and PE 4 are the customer carrier’s PE routers.1/24 CE 2 390 .1/24 POS2/1/2 20.2/24 Loop0 5.1.1. The key to the carrier’s carrier deployment is to configure exchange of two kinds of routes: • Exchange of the customer carrier’s internal routes on the provider carrier’s backbone.1. They are connected to the provider carrier’s backbone as CE routers. • CE 3 and CE 4 are customers of the customer carrier.1. the PEs of the customer carrier.5 packet(s) transmitted 5 packet(s) received 0.9/32 GE4/1/1 2001:1::2/96 GE4/1/1 2001:2::2/96 POS2/1/2 20.6.6.1.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring carrier’s carrier Network requirements Configure carrier’s carrier for the scenario shown in Figure 90.2. In this process.5.1/24 Loop0 2.2/24 POS2/1/1 21.2/24 POS2/1/2 11.1.1. • CE 1 and CE 2 are the customer carrier’s routers.9/32 POS2/1/1 10.1.5. Figure 90 Network diagram Device Interface IP address Device Interface IP address CE 3 GE4/1/1 2001:1::1/96 CE 4 GE4/1/1 2001:2::1/96 PE 3 Loop0 1.9/32 CE 1 POS2/1/2 10.1. an MP-IBGP peer relationship must be established between PE 3 and PE 4. • Exchange of the end customers’ internal routes between PE 3 and PE 4.1.2.

# Configure PE 1.1. enable LDP on PE 1 and PE 2.1.3. Issue the display isis peer command. the output shows that an IS-IS neighbor relationship has been set up. Configure MPLS L3VPN on the provider carrier backbone: start IS-IS as the IGP.4.3.9 as-number 100 [PE1-bgp] peer 4.1. and establish an MP-IBGP peer relationship between the PEs. issue the display mpls ldp session command on PE 1 or PE 2.1. Take PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network 391 .9/32 POS2/1/1 11.4.4.1. (Details not shown) After completing the configurations.4. the output shows that the LDP session has been established successfully.0000.4.9/32 Loop0 4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.4.0000.4.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface POS 2/1/2 [PE1-POS2/1/2] ip address 30.4.0004.1. Issue the display bgp peer command.3.PE 1 Loop0 3.2/24 PE 2 POS2/1/1 30.1/24 Configuration procedure 1.1 24 [PE1-POS2/1/2] isis enable 1 [PE1-POS2/1/2] mpls [PE1-POS2/1/2] mpls ldp [PE1-POS2/1/2] mpls ldp transport-address interface [PE1-POS2/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.3.2/24 POS2/1/2 30.1.1.1/24 POS2/1/2 21.3.1. the output shows that the BGP peer relationship has been established and has reached the Established state.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit NOTE: The configurations for PE 2 are similar to those for PE 1.0000.

1. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.0000.1.9 100 Peers in established state : 1 MsgRcvd MsgSent 162 145 OutQ PrefRcv 0 Up/Down 0 State 02:12:47 Established [PE1] display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id 0000.0001.1.3. and enable LDP between PE 3 and CE 1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10. <CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.4. 001 State HoldTime Type Up 29s L1L2 PRI -- Configure the customer carrier network: start IS-IS as the IGP.0000. and between PE 4 and CE 2.2.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface POS 2/1/2 [PE3-POS2/1/2] ip address 10.2.9 Local AS number : 100 Total number of peers : 1 Peer AS 4.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.4.0005 POS2/1/2 2.1.0000.1.1.3.0000.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.4.2.---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ---------------------------------------------------------------4.9:0 Operational DU Active Off Off 378/378 ---------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.9 392 .4.1 24 [PE3-POS2/1/2] isis enable 2 [PE3-POS2/1/2] mpls [PE3-POS2/1/2] mpls ldp [PE3-POS2/1/2] mpls ldp transport-address interface [PE3-POS2/1/2] quit # Configure CE 1. # Configure PE 3.

0003.0000. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.1. (Details not shown) 3.0000.1. PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.0000.1.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] ip binding vpn-instance vpn1 [PE1-POS2/1/1] ip address 11. Connect the customer carrier to the provider carrier. # Configure PE 1. NOTE: The configurations for PE 4 and CE 2 are similar to those for PE 3 and CE 1.[CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.2 24 [CE1-POS2/1/1] isis enable 2 [CE1-POS2/1/1] mpls [CE1-POS2/1/1] mpls ldp [CE1-POS2/1/1] mpls ldp transport-address interface [CE1-POS2/1/1] quit After you complete the configurations.2 24 [PE1-POS2/1/1] isis enable 2 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] mpls ldp transport-address interface [PE1-POS2/1/1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import isis 2 [PE1-bgp-vpn1] quit [PE1-bgp] quit 393 .0000.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface POS2/1/1 [CE1-POS2/1/1] ip address 10.0000.0002.1.

NOTE: The configurations for PE 2 and CE 2 are similar to those for PE 1 and CE 1. Connect end customers to the customer carrier.# Configure CE 1.1 24 [CE1-POS2/1/2] isis enable 2 [CE1-POS2/1/2] mpls [CE1-POS2/1/2] mpls ldp [CE1-POS2/1/2] mpls ldp transport-address interface [CE1-POS2/1/2] quit After you complete the configurations.1.1. # Configure PE 3. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface GigabitEthernet 4/1/1 [PE3-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet4/1/1] ipv6 address 2001:1::2 96 [PE3-GigabitEthernet4/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv6-family vpn-instance vpn1 [PE3-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-ipv6-vpn1] import-route direct [PE3-bgp-ipv6-vpn1] quit [PE3-bgp] quit NOTE: The configurations for PE 4 and CE 4 are similar to those for PE 3 and CE 3. [PE3] bgp 100 394 . [CE1] interface POS 2/1/2 [CE1-POS2/1/2] ip address 11. Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers. (Details not shown) 4. (Details not shown) 5. # Configure CE 3. PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. <CE3> system-view [CE3] interface GigabitEthernet 4/1/1 [CE3-GigabitEthernet4/1/1] ipv6 address 2001:1::1 96 [CE3-GigabitEthernet4/1/1] quit [CE3] bgp 65410 [CE3-bgp] ipv6-family [CE3-bgp] peer 2001:1::2 as-number 100 [CE3-bgp] import-route direct [CE3-bgp] quit # Configure PE 3.

6.0.1.1.1.1.1.6.6.6. Issue the display ip routing-table command on CE 1 and CE 2.2 POS2/1/2 Direct 0 0 30.1 InLoop0 30.2.4.1.4.1.6.9/32 BGP 255 0 4.1.9/32 BGP 255 0 4. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.4.1 POS2/1/1 5.9 NULL0 6.1.1/32 Direct 0 0 127.1.0/24 Direct 0 0 11.0.4.0.0.9 enable [PE3-bgp-af-vpnv6] quit [PE3-bgp] quit NOTE: The configurations for PE 4 are similar to those for PE 3.1.9 NULL0 21.1.4.1.4.1.1.1.4.1.4. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 3.1 POS2/1/1 11.1.1. The output shows that the internal routes of the customer carrier network are present in the VPN routing tables.9 NULL0 21.9 as-number 100 [PE3-bgp] peer 6.1.4.0.1 InLoop0 11. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2.1.3.2 POS2/1/1 20.1.0/8 Direct 0 0 127. (Details not shown) 6.9/32 ISIS 15 10 11.1.9 NULL0 # Issue the display ipv6 routing-table vpn-instance command on PE 1 and PE 2.5.1.0/24 BGP 255 0 4.4.9/32 30.1.1.2.1 InLoop0 ISIS 10 30.9/32 4.0.1 InLoop0 127.1.9/32 ISIS 15 20 11.1.1/32 Direct 0 0 127.1.1.1 POS2/1/1 11.2/32 Direct 0 0 30.1 POS2/1/1 2.1. Verify your configurations # Issue the display ip routing-table command on PE 1 and PE 2.2 POS2/1/2 127.6.0.2/32 BGP 255 0 4.0.0.9 connect-interface loopback 0 [PE3-bgp] ipv6-family vpnv6 [PE3-bgp-af-vpnv6] peer 6.3.0.0.1.6.5. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost NextHop Interface 1.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 127.0/24 BGP 255 0 4.9 NULL0 10.1.[PE3-bgp] peer 6.4.1.0.1 POS2/1/2 Direct 0 0 127.1. The output shows that their VPN routing tables do not contain the VPN routes that the customer carrier maintains.0/24 30.0.1.0/24 ISIS 15 20 11.4.1. Take CE 1 as an example: 395 .1 InLoop0 15 # Issue the display ip routing-table vpn-instance command on PE 1 and PE 2.2/32 Direct 0 0 11.1.0.6.

1.1/32 Direct 0 0 127.0/24 Direct 0 0 11.0.1.0/24 ISIS 15 74 11.1.1.0.1.2/32 Direct 0 0 11.2 POS2/1/2 20.1/32 Direct 0 0 127.0.2 POS2/1/2 6.1.0.0/24 ISIS 15 74 11.0.1 InLoop0 127.1.1.1.1.1.6.1.1 InLoop0 5.9/32 ISIS 15 84 10.0.2 POS2/1/2 10.2 POS2/1/2 6.2 POS2/1/2 21.0.1.1 POS2/1/2 10.2: bytes=56 Sequence=2 ttl=252 time=97 ms Reply from 20.0/24 ISIS 15 84 10.2 POS2/1/2 127.1.0.1.1.9/32 ISIS 15 74 11.0.[CE1] display ip routing-table Routing Tables: Public Destinations : 16 Routes : 16 Destination/Mask Proto Pre Cost NextHop Interface 1.9/32 ISIS 15 10 10.1.1.1.1 InLoop0 127.2.0/24 Direct 0 0 10.1.1 InLoop0 # Ping PE 3 from PE 4 and ping PE 4 from PE 3.1.1.2.2.1.2 POS2/1/1 10.1.0/24 ISIS 15 84 10.1.1 InLoop0 11.0/8 Direct 0 0 127.1.1.1.1.9/32 Direct 0 0 127.1.1.1. The output shows that the VPN routing tables do not contain the VPN routes that the customer carrier maintains.1.1 InLoop0 11.1.6.2/32 Direct 0 0 127.0.2: bytes=56 Sequence=1 ttl=252 time=127 ms Reply from 20.9/32 ISIS 15 10 10.1.1.5.2 POS2/1/2 21.5.2 POS2/1/2 21.1.1 InLoop0 2.0/24 ISIS 15 20 10.5.1 InLoop0 # Issue the display ipv6 routing-table vpn-instance command on CE 1 and CE 2.1.0. press CTRL_C to break Reply from 20.1.2 POS2/1/2 5.1.1.1.1 POS2/1/2 11.1.1.1.1.1.1/32 Direct 0 0 127.1 InLoop0 10.1.1.1.1.1.0.6.1. # Issue the display ip routing-table command on PE 3 and PE 4.2/32 ISIS 15 74 11.5.0.0.9/32 ISIS 15 84 10.1.2 POS2/1/2 10.2: 56 data bytes.0.1.2 POS2/1/2 20.0.1.0/8 Direct 0 0 127.0.1.0.1.0.1.1.1.9/32 Direct 0 Pre 0 127.1.1 POS2/1/1 10. PE 3 and PE 4 can ping each other: [PE3] ping 20.1.0.2 POS2/1/2 11.1.0/24 Direct 0 0 10.0.2: bytes=56 Sequence=4 ttl=252 time=70 ms 396 .1.1. Take PE 3 as an example: [PE3] display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Cost NextHop Interface 1.1.1.0.2 POS2/1/2 21.1.2/32 Direct 0 0 10.2 PING 20.1.0.1.1.1.1.1.1.0. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.1.1.2 POS2/1/1 2.1.2.2/32 ISIS 15 84 10.1.0.2: bytes=56 Sequence=3 ttl=252 time=83 ms Reply from 20.1.1.6.1.0.1/32 Direct 0 0 127.2 POS2/1/2 127.1.9/32 ISIS 15 74 11.1.1.1/32 Direct 0 0 10.

press CTRL_C to break Reply from 2001:2::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=5 hop limit=64 --.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.20.Reply from 20.00% packet loss round-trip min/avg/max = 1/1/1 ms 397 time = 1 ms .00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping ipv6 2001:2::1 PING 2001:2::1 : 56 data bytes.1.2: bytes=56 Sequence=5 ttl=252 time=60 ms --.2001:2::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.

221 398 .167 Maintaining LDP sessions.11 Configuring BGP VPLS.81 Configuring HoVPN.195 MPLS TE overview.369 B Displaying and maintaining MPLS.203 C Displaying and maintaining MPLS L3VPN.202 Configuring CCC MPLS L2VPN.276 Configuring a static LSP.58 T D Troubleshooting MPLS L2VPN.12 Configuring CR-LSP backup.10 Configuring MPLS TE basic capabilities.276 Enabling the MPLS function.65 MPLS TE configuration task list.362 MPLS overview.84 Configuring an OSPF sham link.57 I Configuring FRR.77 Configuring DiffServ-aware TE.Index BCDEIMSTV Displaying and maintaining IPv6 MPLS L3VPN.196 Managing and optimizing MPLS forwarding.20 Configuring Martini MPLS L2VPN.222 Configuring routing on an MCE.275 Creating MPLS TE tunnel over static CR-LSP.84 MPLS L3VPN overview.87 Configuring RSVP-TE advanced features.349 Configuring LDP VPLS.21 Configuring MPLS L2VPN.55 Configuring SVC MPLS L2VPN.32 Configuring MPLS statistics.29 Binding a VPLS instance.11 Displaying and maintaining MPLS TE.262 MPLS L3VPN configuration examples.204 Configuring MPLS TE tunnel with dynamic signaling protocol.29 Configuring BGP AS number substitution.280 Configuring nested VPN.199 IPv6 MPLS L3VPN overview.351 E Configuring basic MPLS L3VPN.168 Configuring basic IPv6 MPLS L3VPN.266 MPLS TE configuration examples.26 Configuring inter-AS IPv6 VPN.1 Configuring routing on an MCE.59 MPLS L2VPN configuration task list.244 Configuring protection switching.56 MPLS L2VPN configuration examples.192 MPLS L2VPN overview.164 Enabling the MPLS L2VPN mix function.41 Configuring traffic forwarding.351 Configuring Kompella MPLS L2VPN.26 MPLS configuration task list.73 Configuring traffic forwarding tuning parameters.165 Displaying and maintaining MPLS L2VPN.261 MPLS L3VPN configuration task list.245 Enabling MPLS trap.257 IPv6 MPLS L3VPN configuration task list.371 Configuring inter-AS VPN.193 MPLS configuration examples.189 Configuring multi-role host.193 Establishing dynamic LSPs through LDP.263 Inspecting LSPs.162 M Configuring MAC address learning.78 Inspecting an MPLS TE tunnel.168 Specifying the VPN label processing mode.75 S Configuring VPLS attributes.264 Displaying and maintaining VPLS.360 IPv6 MPLS L3VPN configuration examples.

Troubleshooting MPLS TE.153 399 .161 Tuning MPLS TE tunnel setup.187 VPLS configuration examples.151 V Troubleshooting VPLS.169 Tuning CR-LSP setup.71 VPLS overview.69 VPLS configuration task list.