You are on page 1of 410

H3C SR8800 10G Core Routers

MPLS Configuration Guide

Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: SR8800-CMW520-R3347
Document version: 6W103-20120224

Copyright © 2011-2012, Hangzhou H3C Technologies Co., Ltd. and its licensors

All rights reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
, TOP G,
, IRF, NetPilot, Neocean, NeoVTL,
H3C,
, Aolynk,
, H3Care,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface
The H3C SR8800 documentation set includes 13 configuration guides, which describe the software
features for the H3C SR8800 10G Core Routers and guide you through the software configuration
procedures. These configuration guides also provide configuration examples to help you apply software
features to different network scenarios.
The MPLS Configuration Guide describes fundamentals and configuration of MPLS basics, MPLS TE, VPLS,
MPLS L2VPN, and MPLS L3VPN.
This preface includes:

Audience

Conventions

About the H3C SR8800 documentation set

Obtaining documentation

Technical support

Documentation feedback

Audience
This documentation is intended for:

Network planners

Field technical support and servicing engineers

Network administrators working with the SR8800 series

Conventions
This section describes the conventions used in this documentation set.

Command conventions
Convention

Description

Boldface

Bold text represents commands and keywords that you enter literally as shown.

Italic

Italic text represents arguments that you replace with actual values.

[]

Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which
you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars, from
which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical
bars, from which you select at least one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical
bars, from which you select one choice, multiple choices, or none.

Convention

Description

&<1-n>

The argument or keyword and argument combination before the ampersand (&) sign can
be entered 1 to n times.

#

A line that starts with a pound (#) sign is comments.

GUI conventions
Convention

Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For
example, the New User window appears; click OK.

>

Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

Convention

Description

Symbols

WARNING

An alert that calls attention to important information that if not understood or followed can
result in personal injury.

CAUTION

An alert that calls attention to important information that if not understood or followed can
result in data loss, data corruption, or damage to hardware or software.

IMPORTANT

An alert that calls attention to essential information.
An alert that contains additional or supplementary information.

NOTE
TIP

An alert that provides helpful information.

Network topology icons
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.

Port numbering in examples
The port numbers in this document are for illustration only and might be unavailable on your router.

About the H3C SR8800 documentation set
The H3C SR8800 documentation set includes:
Category
Product description and
specifications

Documents

Purposes

Marketing brochures

Describe product specifications and benefits.

Technology white papers

Provide an in-depth description of software features
and technologies.

Card datasheets

Describe card specifications, features, and standards.

Category

Hardware specifications
and installation

Software configuration

Operations and
maintenance

Documents

Purposes

Compliance and safety
manual

Provides regulatory information and the safety
instructions that must be followed during installation.

Installation guide

Provides a complete guide to hardware installation
and hardware specifications.

H3C N68 Cabinet
Installation and Remodel
Introduction

Guides you through installing and remodeling H3C
N68 cabinets.

H3C Pluggable SFP
[SFP+][XFP] Transceiver
Modules Installation
Guide

Guides you through installing SFP/SFP+/XFP
transceiver modules.

H3C High-End Network
Products Hot-Swappable
Module Manual

Describes the hot-swappable modules available for
the H3C high-end network products, their external
views, and specifications.

Configuration guides

Describe software features and configuration
procedures.

Command references

Provide a quick reference to all available commands.

Release notes

Provide information about the product release,
including the version history, hardware and software
compatibility matrix, version upgrade information,
technical support information, and software
upgrading.

Obtaining documentation
You can access the most up-to-date H3C product documentation on the World Wide Web
at http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, software
upgrading, and software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with the
software version.

Technical support
service@h3c.com
http://www.h3c.com

Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.

Contents
Configuring basic MPLS ·············································································································································· 1 
MPLS overview ·································································································································································· 1 
Basic concepts ·························································································································································· 1 
Structure of the MPLS network································································································································· 3 
LSP establishment and label distribution ················································································································ 3 
MPLS forwarding ······················································································································································ 6 
LDP ············································································································································································· 8 
Protocols ···································································································································································· 9 
MPLS configuration task list··········································································································································· 10 
Enabling the MPLS function ··········································································································································· 11 
Configuration prerequisites ·································································································································· 11 
Configuration procedure ······································································································································ 11 
Configuring a static LSP ················································································································································ 11 
Configuration prerequisites ·································································································································· 11 
Configuration procedure ······································································································································ 12 
Establishing dynamic LSPs through LDP ······················································································································· 12 
Configuring MPLS LDP capability ························································································································ 12 
Configuring Local LDP session parameters ········································································································· 13 
Configuring remote LDP session parameters ······································································································ 14 
Configuring PHP ···················································································································································· 15 
Configuring the policy for triggering LSP establishment ··················································································· 16 
Configuring the label distribution control mode ································································································ 16 
Configuring LDP loop detection ··························································································································· 17 
Configuring LDP MD5 authentication ·················································································································· 18 
Configuring LDP label filtering ····························································································································· 18 
Maintaining LDP sessions ·············································································································································· 20 
Configuring BFD for MPLS LDP ···························································································································· 20 
Resetting LDP sessions ··········································································································································· 20 
Managing and optimizing MPLS forwarding ············································································································· 21 
Configuring MPLS MTU ········································································································································ 21 
Configuring TTL processing mode at ingress······································································································ 21 
Sending back ICMP TTL exceeded messages for MPLS TTL expired packets ················································· 23 
Configuring LDP GR ·············································································································································· 24 
Configuring MPLS statistics ··········································································································································· 26 
Setting the interval for reading statistics ············································································································· 26 
Inspecting LSPs ······························································································································································· 26 
MPLS LSP ping ······················································································································································· 26 
MPLS LSP tracert ···················································································································································· 27 
Configuring BFD for LSPs ······································································································································ 27 
Configuring periodic LSP tracert ·························································································································· 28 
Enabling MPLS trap························································································································································ 29 
Displaying and maintaining MPLS ······························································································································· 29 
Displaying MPLS operation ·································································································································· 29 
Displaying MPLS LDP operation ··························································································································· 30 
Clearing MPLS statistics ········································································································································ 31 
MPLS configuration examples ······································································································································· 32 
Configuring static LSPs ·········································································································································· 32 
Configuring LDP to establish LSPs dynamically ·································································································· 34 
Configuring BFD for LSP validity check ··············································································································· 38 
i

MPLS TE configuration ··············································································································································· 41 
MPLS TE overview ·························································································································································· 41 
Traffic engineering and MPLS TE ························································································································· 41 
Basic concepts of MPLS TE ··································································································································· 42 
MPLS TE implementation ······································································································································· 42 
CR-LSP ····································································································································································· 43 
CR-LDP ···································································································································································· 44 
RSVP-TE ··································································································································································· 44 
Traffic forwarding ·················································································································································· 48 
CR-LSP backup ······················································································································································· 50 
FRR ·········································································································································································· 50 
PS for an MPLS TE tunnel ······································································································································ 51 
DiffServ-aware TE ·················································································································································· 52 
MPLS LDP over MPLS TE ······································································································································· 54 
Protocols and standards ······································································································································· 55 
MPLS TE configuration task list ····································································································································· 55 
Configuring MPLS TE basic capabilities ······················································································································ 56 
Configuration prerequisites ·································································································································· 56 
Configuration procedure ······································································································································ 56 
Configuring DiffServ-aware TE ····································································································································· 57 
Creating MPLS TE tunnel over static CR-LSP ················································································································ 58 
Configuration prerequisites ·································································································································· 58 
Configuration procedure ······································································································································ 58 
Configuring MPLS TE tunnel with dynamic signaling protocol·················································································· 59 
Configuration prerequisites ·································································································································· 60 
Configuration procedure ······································································································································ 60 
Configuring RSVP-TE advanced features ····················································································································· 65 
Configuration prerequisites ·································································································································· 65 
Configuration procedure ······································································································································ 65 
Tuning CR-LSP setup ······················································································································································· 69 
Configuration prerequisites ·································································································································· 69 
Configuration procedure ······································································································································ 69 
Tuning MPLS TE tunnel setup ········································································································································· 71 
Configuration prerequisites ·································································································································· 72 
Configuration procedures ····································································································································· 72 
Configuring traffic forwarding ······································································································································ 73 
Configuration prerequisites ·································································································································· 73 
Configuration procedures ····································································································································· 73 
Configuring traffic forwarding tuning parameters ······································································································ 75 
Configuration prerequisites ·································································································································· 76 
Configuration procedure ······································································································································ 76 
Configuring CR-LSP backup ·········································································································································· 77 
Configuration prerequisites ·································································································································· 78 
Configuration procedure ······································································································································ 78 
Configuring FRR ····························································································································································· 78 
Configuration prerequisites ·································································································································· 79 
Configuration procedure ······································································································································ 79 
Inspecting an MPLS TE tunnel ······································································································································· 81 
Configuring MPLS LSP ping ·································································································································· 81 
Configuring MPLS LSP tracert ······························································································································· 81 
Configuring BFD for an MPLS TE tunnel·············································································································· 82 
Configuring periodic LSP tracert for an MPLS TE tunnel ··················································································· 83 
Configuring protection switching ································································································································· 84 
Configuration prerequisites ·································································································································· 84 
ii

Configuration procedure ······································································································································ 84 
Displaying and maintaining MPLS TE ·························································································································· 84 
MPLS TE configuration examples·································································································································· 87 
MPLS TE using static CR-LSP configuration example·························································································· 87 
MPLS TE tunnel using RSVP-TE configuration example ······················································································ 91 
Configuration example of inter-AS MPLS TE tunnel using RSVP-TE ·································································· 98 
RSVP-TE GR configuration example ··················································································································· 105 
MPLS RSVP-TE and BFD cooperation configuration example ········································································· 107 
MPLS TE using CR-LDP configuration example ································································································· 109 
CR-LSP backup configuration example ············································································································· 117 
FRR configuration example ································································································································· 120 
IETF DS-TE configuration example ····················································································································· 129 
MPLS LDP over MPLS TE configuration example ······························································································ 136 
MPLS TE in MPLS L3VPN configuration example ····························································································· 143 
Troubleshooting MPLS TE ············································································································································ 151 
No TE LSA generated ········································································································································· 151 
Swicthback fails to occur when the main tunnel resumes ··············································································· 151 

Configuring VPLS ···················································································································································· 153 
VPLS overview ······························································································································································ 153 
Operation of VPLS ··············································································································································· 153 
VPLS packet encapsulation ································································································································· 156 
H-VPLS implementation ······································································································································· 157 
Hub-spoke VPLS implementation ························································································································ 159 
Multi-hop PW ······················································································································································· 160 
VPLS configuration task list ·········································································································································· 161 
Configuring LDP VPLS ·················································································································································· 162 
Configuration prerequisites ································································································································ 162 
Enabling L2VPN and MPLS L2VPN ··················································································································· 162 
Configuring an LDP VPLS instance····················································································································· 162 
Configuring BGP VPLS ················································································································································· 164 
Configuration prerequisites ································································································································ 164 
Configuring the BGP extension ·························································································································· 164 
Enabling L2VPN and MPLS L2VPN ··················································································································· 164 
Configuring a BGP VPLS instance ····················································································································· 165 
Resetting VPLS BGP connections ························································································································ 165 
Binding a VPLS instance ·············································································································································· 165 
Configuring MAC address learning··························································································································· 167 
Configuring VPLS attributes ········································································································································· 168 
Displaying and maintaining VPLS ······························································································································ 168 
VPLS configuration examples ······································································································································ 169 
Configuring VPLS instances ································································································································ 169 
Configuring H-VPLS with LSP access ················································································································· 172 
Configuring hub-spoke VPLS ······························································································································ 175 
Configuring PW redundancy for H-VPLS access ······························································································ 179 
Implementing multi-AS VPN through multi-hop PW ························································································· 183 
Troubleshooting VPLS··················································································································································· 187 
Configuring MPLS L2VPN ······································································································································· 189 
MPLS L2VPN overview ················································································································································ 189 
Basic concepts of MPLS L2VPN ························································································································· 190 
Implementation of MPLS L2VPN························································································································· 190 
MPLS L2VPN configuration task list ···························································································································· 192 
Configuring MPLS L2VPN ··········································································································································· 193 
Configuring CCC MPLS L2VPN ·································································································································· 193 
iii

Configuration prerequisites ································································································································ 193  Configuration procedure ···································································································································· 193  Configuring SVC MPLS L2VPN ··································································································································· 195  Configuration prerequisites ································································································································ 195  Configuration procedure ···································································································································· 195  Configuring Martini MPLS L2VPN ······························································································································ 196  Creating a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface ······················ 196  Creating a Martini MPLS L2VPN for a service instance ·················································································· 197  Configuring Kompella MPLS L2VPN ·························································································································· 199  Configuration prerequisites ································································································································ 200  Configuration procedure ···································································································································· 200  Enabling the MPLS L2VPN mix function····················································································································· 202  Displaying and maintaining MPLS L2VPN ················································································································ 203  Displaying the operation of MPLS L2VPN ········································································································ 203  Resetting BGP L2VPN connections ···················································································································· 204  MPLS L2VPN configuration examples ························································································································ 204  Example for configuring a local CCC connection ··························································································· 204  Example for configuring a remote CCC connection ······················································································· 206  Example for configuring SVC MPLS L2VPN ····································································································· 209  Example for configuring Martini MPLS L2VPN ································································································ 213  Example for configuring Kompella MPLS L2VPN····························································································· 217  Example for configuring a Kompella local connection ··················································································· 219  Troubleshooting MPLS L2VPN····································································································································· 221  Configuring MPLS L3VPN ······································································································································· 222  MPLS L3VPN overview ················································································································································ 222  MPLS L3VPN concepts ········································································································································ 223  MPLS L3VPN packet forwarding························································································································ 225  MPLS L3VPN networking schemes ····················································································································· 226  MPLS L3VPN routing information advertisement ······························································································ 229  Inter-AS VPN ························································································································································ 230  Carrier’s carrier ··················································································································································· 233  Nested VPN ························································································································································· 235  Multi-role host······················································································································································· 237  HoVPN·································································································································································· 237  OSPF VPN extension ··········································································································································· 239  BGP AS number substitution ······························································································································· 242  Multi-VPN-instance CE ········································································································································ 243  MPLS L3VPN configuration task list ···························································································································· 244  Configuring basic MPLS L3VPN ································································································································· 245  Configuration prerequisites ································································································································ 245  Configuring VPN instances ································································································································ 245  Configuring routing between PE and CE ·········································································································· 248  Configuring routing between PEs ······················································································································ 254  Configuring routing features for BGP VPNv4 subaddress family ·································································· 254  Configuring inter-AS VPN ··········································································································································· 257  Configuration prerequisites ································································································································ 257  Configuring inter-AS option A···························································································································· 258  Configuring inter-AS option B ···························································································································· 258  Configuring inter-AS option C···························································································································· 259  Configuring nested VPN·············································································································································· 261  Configuration prerequisites ································································································································ 261  Configuring nested VPN ····································································································································· 261  Configuring multi-role host ·········································································································································· 262  Configuration prerequisites ································································································································ 262  iv .

Configuring and applying policy routing ········································································································· 262  Configuring a static route ··································································································································· 263  Configuring HoVPN ····················································································································································· 263  Configuration prerequisites ································································································································ 263  Configuring HoVPN ············································································································································ 263  Configuring an OSPF sham link ································································································································· 264  Configuration prerequisites ································································································································ 264  Configuring a loopback interface ····················································································································· 264  Redistributing the loopback interface route and OSPF routes into BGP ························································ 265  Creating a sham link ··········································································································································· 265  Configuring routing on an MCE ································································································································· 266  Configuration prerequisites ································································································································ 266  Configuring routing between MCE and VPN site ···························································································· 266  Configuring routing between MCE and PE ······································································································ 271  Specifying the VPN label processing mode ·············································································································· 275  Configuring BGP AS number substitution ·················································································································· 276  Configuration prerequisites ································································································································ 276  Configuration procedure ···································································································································· 276  Displaying and maintaining MPLS L3VPN ················································································································ 276  Resetting BGP connections ································································································································· 276  Displaying and maintaining MPLS L3VPN········································································································ 277  MPLS L3VPN configuration examples ························································································································ 280  Configuring MPLS L3VPNs using EBGP between PE and CE ········································································· 280  Configuring MPLS L3VPNs using IBGP between PE and CE ·········································································· 287  Configuring an MPLS L3VPN that uses a GRE tunnel······················································································ 295  Configuring inter-AS option A···························································································································· 300  Configuring inter-AS option B ···························································································································· 305  Configuring inter-AS option C···························································································································· 310  Configuring carrier’s carrier ······························································································································ 316  Configuring nested VPN ····································································································································· 324  Configuring HoVPN ············································································································································ 333  Configuring OSPF sham links ···························································································································· 340  Configuring BGP AS number substitution ········································································································· 345  Configuring IPv6 MPLS L3VPN ······························································································································ 349  IPv6 MPLS L3VPN overview ········································································································································ 349  IPv6 MPLS L3VPN packet forwarding ··············································································································· 350  IPv6 MPLS L3VPN routing information advertisement ····················································································· 350  IPv6 MPLS L3VPN networking schemes and functions ···················································································· 351  IPv6 MPLS L3VPN configuration task list ··················································································································· 351  Configuring basic IPv6 MPLS L3VPN ························································································································· 351  Basic IPv6 MPLS L3VPN configuration task list ································································································ 351  Configuration prerequisites ································································································································ 352  Configuring VPN instances ································································································································ 352  Configuring route related attributes for a VPN instance ················································································· 353  Configuring routing between PE and CE ·········································································································· 355  Configuring routing between PEs ······················································································································ 358  Configuring routing features for the BGP-VPNv6 subaddress family····························································· 359  Configuring inter-AS IPv6 VPN ··································································································································· 360  Configuration prerequisites ································································································································ 360  Configuring inter-AS IPv6 VPN option A ·········································································································· 361  Configuring inter-AS IPv6 VPN option C ·········································································································· 361  Configuring routing on an MCE ································································································································· 362  Configuration prerequisites ································································································································ 362  Configuring routing between MCE and VPN site ···························································································· 362  v .

Configuring routing between MCE and PE ······································································································ 366  Displaying and maintaining IPv6 MPLS L3VPN ········································································································ 369  Resetting BGP connections ································································································································· 369  Displaying information about IPv6 MPLS L3VPN ····························································································· 369  IPv6 MPLS L3VPN configuration examples ··············································································································· 371  Configuring IPv6 MPLS L3VPNs ························································································································· 371  Configuring inter-AS IPv6 VPN option A ·········································································································· 378  Configuring inter-AS IPv6 VPN option C ·········································································································· 383  Configuring carrier’s carrier ······························································································································ 390  Index ········································································································································································ 398  vi .

and Ethernet). devices forward packets according to short. • As MPLS is connection-oriented and supports label stack. instead of doing Layer 3 header analysis and complicated routing table lookup independently. and QoS. it is used in various services. Packets of the same FEC are handled in the same way on an MPLS network. see the chapters “Configuring MPLS L2VPN” and “Configuring MPLS L3VPN.” MPLS overview Multiprotocol Label Switching (MPLS) is a new IP backbone technology. such as VPN. IPv6. and IPX).and fixed-length labels. A label is locally significant and must be locally unique. • Residing between the link layer and the network layer. see the chapter “Configuring MPLS TE. PPP. Figure 1 Format of a label 1 . MPLS can work on various link layer protocols (for example. MPLS groups packets with the same characteristics (such as packets with the same destination or service class) into a class. called a “forwarding equivalence class (FEC)”. traffic engineering.Configuring basic MPLS NOTE: • For information about VPN.” • For information about MPLS TE. IPv4. MPLS is widely used on large-scale networks for it features the following advantages: • On an MPLS network. and work with mainstream network technologies. frame relay. fixed length identifier for identifying a single FEC. This is a highly effective and fast data transmission method on backbone networks. and seamlessly integrates the flexibility of IP routing and the simplicity of Layer 2 switching. The device supports classifying FECs according to the network layer destination addresses of packets. ATM. It introduces connection-oriented label switching into connectionless IP networks. Label A label is a short. Basic concepts FEC As a forwarding technology based on classification. provide connection-oriented services for various network layer protocols (for example.

• S—One bit in length. Control plane and forwarding plane An MPLS node consists of two planes. An LSP is a unidirectional path from the ingress of an MPLS network to the egress. LSR A is the upstream LSR of LSR B. two neighboring LSRs are called the “upstream LSR” and “downstream LSR” respectively. MPLS supports multiple levels of labels. Reserved field. control plane and forwarding plane. LSR B is the downstream LSR of LSR A. labeled packets are forwarded according to the Label Forwarding Information Base (LFIB). establishes and removes LSPs • Forwarding plane—Forwards packets according to the LFIB 2 . • TTL—Eight bits in length. Like the homonymous IP header field. On an LSP. • Exp—Three bits in length. establishes the LFIB. Label value for identifying a FEC. LSRs support label distribution and label swapping. 1 indicates that the label is at the bottom of the label stack. it is used to prevent loops. usually used for CoS. LSR A label switching router (LSR) is a fundamental component on an MPLS network. This field is used to indicate whether a label is at the bottom of the label stack. a label is encapsulated between the Layer 2 header and Layer 3 header of a packet. in the packet transfer direction. Figure 2 Diagram for an LSP LFIB On an MPLS network. • Control plane—Assigns labels.As shown in Figure 1. LER A label edge router (LER) is an LSR that resides at the edge of an MPLS network and is connected to another network. selects routes. In Figure 2. A label is four bytes in length and consists of the following fields: • Label—20 bits in length. LSP A label switched path (LSP) is the path along which packets of a FEC travel through an MPLS network. which is like the FIB for IP packet forwarding on an IP network.

transit LSRs perform MPLS forwarding based on labels of packets. Label distribution protocols include protocols designed specifically for label distribution. and the ingress and egress LSRs deal with the switchover between MPLS and IP forwarding. 2. 1. LSRs in the same routing or administrative domain form an MPLS domain. Establishing a static LSP through manual configuration To establish a static LSP. stable topologies. This document discusses LDP only. such as the Label Distribution Protocol (LDP). static LSPs are suitable for small-scale networks with simple. For more information about LDP. LSP establishment and label distribution LSP establishment Establishing LSPs is to bind FECs with labels on each LSR involved and notify its adjacent LSRs of the bindings. see “LDP. the element of an MPLS network is LSR. • Egress LSRs for removing labels from packets and IP forwarding the packets to their destination networks. you need to assign a label to the FEC on each LSR along the packet forwarding path. However. such as BGP and RSVP-TE. • Transit LSRs for forwarding packets along LSPs to their egress LERs according to the labels. LSPs can be established through manual configuration. Therefore. They can classify FECs.Structure of the MPLS network Figure 3 Diagram for the MPLS network structure As shown in Figure 3. and protocols extended to support label distribution. and establish and maintain LSPs. so as to establish the LFIB on each LSR. An MPLS domain consists of the following types of LSRs: • Ingress LSRs for receiving and labeling packets coming into the MPLS domain. Establishment of static LSPs consumes fewer resources than dynamic LSP establishment. Establishing an LSP through a label distribution protocol Label distribution protocols are MPLS signaling protocols.” 3 . static LSPs cannot adapt to network topology changes. In other words. or be established dynamically through label distribution protocols. distribute labels.

which then establishes an LFIB entry for the FEC according to the binding information. MPLS has two label retention modes—liberal and conservative—to manage the received label bindings that are not useful at the moment. the term label distribution protocols represents all protocols for label distribution. As shown in Figure 4. Figure 4 Process of dynamic LSP establishment Label distribution and management An LSR informs its upstream LSRs of labels assigned to FECs through label advertisement. According to the label distribution condition and order. Label advertisement modes 4 . a dynamic LSP is established in the following procedure: A downstream LSR classifies FECs according to destination addresses. the label advertisement mode can be downstream unsolicited (DU) and downstream on demand (DoD). 1. assigns a label to a FEC. an LSP is established for packets of this FEC.NOTE: In this document. and distributes the FEC-label binding to its upstream LSR. and the term LDP refers to the Label Distribution Protocol defined in RFC 5036. After all LSRs along the packet forwarding path establish a LFIB entry for the FEC. and the label distribution control mode can be independent or ordered.

• In DU mode. This means that an LSR may have distributed a label binding to its upstream LSR before it receives a binding from its downstream LSR. • In DoD mode. if the label advertisement mode is DoD. an LSR will assign labels to its upstream even if it has not obtained labels from its downstream.Figure 5 Label advertisement modes Figure 5 shows the two label advertisement modes. an LSR assigns a label to a FEC and then distributes the FEC-label binding to its upstream LSR unsolicitedly. otherwise. no LSP can be established normally. DU and DoD. In independent mode. As shown in Figure 6. NOTE: • The device supports only the DU mode. an LSR can distribute label bindings upstream at anytime. Label distribution control modes Two label distribution control modes are available: independent and ordered. 2. in independent label distribution control mode. an LSR assigns a label to a FEC and distributes the FEC-label binding to its upstream LSR only when it receives a label request from the upstream LSR. • An upstream LSR and its downstream LSR for an FEC must use the same label advertisement mode. if the label advertisement mode is DU. 5 . the LSR distributes a label to its upstream as long as it receives a label request from the upstream.

If the Token value of the FIB entry is not Invalid. an LSR distributes its label binding for a FEC upstream only when it receives a label binding for the FEC from its downstream or it is the egress of the FEC. • FEC to NHLFE (FTN) map—FTN maps each FEC to a set of NHLFEs at the ingress LSR. 3. an LSR keeps any received label binding regardless of whether the binding is from its next hop for the FEC or not. The FTN map is used for forwarding unlabeled packets that need MPLS forwarding. When an LSR receives an unlabeled packet. if the label advertisement mode is DoD. the LSR (Transit) sends a label request to its downstream (Egress). label distribution control is in ordered mode. The LSR will then look for the 6 . This allows for quicker adaptation to route changes but will waste label resources as LSRs need to keep extra labels. In conservative mode. NOTE: The router supports only the liberal mode. if the label advertisement mode is DU. after an LSR (Transit in this example) receives a label request from its upstream (Ingress). it distributes a label binding to the upstream (Ingress). It is used when forwarding MPLS packets. MPLS forwarding LFIB An LFIB comprises the following parts: • Next Hop Label Forwarding Entry (NHLFE)—Describes the label operation to be performed. Then. In Figure 5.Figure 6 Independent label distribution control mode 1) Distribute a label to the upstream unsolicitedly DU mode 2) Distribute a label to the upstream unsolicitedly Transit Ingress Egress 1) Request the downstream to assign a label DoD mode 2) Assign and distribute a label to the upstream upon receiving the request 3) Request the downstream to assign a label 4) Assign and distribute a label to the upstream upon receiving the request In ordered mode. an LSR will distribute a label upstream only when it receives a label binding for the FEC from its downstream. an LSR keeps only label bindings that are from its next hops for the FECs. it looks for the corresponding FIB entry. This allows LSRs to maintain fewer labels but makes LSRs slower in adapting to route changes. In liberal mode. after the LSR (Transit) receives the label binding from its downstream (Egress). In this case. Label retention modes Two label retention modes are available: liberal and conservative. the packet needs to be forwarded through MPLS.

if no outgoing interface is recorded. Router D (the egress) looks for the ILM entry according to the label (50) to get the Token value. 2. Router B looks for the corresponding NHLFE entry of the Token value. According to the NHLFE entry. and then forwards the labeled packet to the next hop LSR (Router D) through the outgoing interface (GE3/0/2). 1. 1. Router C swaps the original label with label 50. 3. Router C looks for the corresponding NHLFE entry of the Token value. MPLS data forwarding Figure 7 MPLS forwarding process diagram 2 1. 7 . It is used when forwarding labeled packets. in an MPLS domain. router D forwards the packet according to the IP header of the packet. When an LSR receives a labeled packet. As the Token value is not Invalid. Router C looks for the ILM entry according to the label (40) to get the Token value. Upon receiving the labeled packet. The ingress (Router B) receives a packet carrying no label. and then forwards the labeled packet to the next hop LSR (Router C) through the outgoing interface (GE3/0/2). • Incoming Label Map (ILM)—ILM maps each incoming label to a set of NHLFEs. Router D forwards the packet through the outgoing interface. a packet is forwarded in the following procedure: 1. 1. NOTE: FTN and ILM are associated with NHLFE through Token. If the ILM entry records the outgoing interface.corresponding NHLFE entry according to Token value to determine the label operation to be performed. the LSR will look for the corresponding NHLFE entry to determine the label operation to be performed. and searches the FIB table for the Token value. Router B pushes label 40 to the packet. As the Token value is not null. Router D removes the label from the packet. Router B determines the FEC of the packet according to the destination address. :4 IP As shown in Figure 7. IP :4 0. If the Token value of the ILM entry is not null. it looks for the corresponding ILM entry. 2 0. As the Token is null. According to the NHLFE entry. Upon receiving the labeled packet.

Then. relieving the egress of the label operation burden and improving the packet processing capability of the MPLS network. which carries a label of 0. PHP is configurable on the egress node. or remove FEC-label bindings. LDP The LDP protocol is used to establish LSPs dynamically. • Session messages—Establish. rather than substitutes the implicit null label for the original label at the stack top. advertisement messages. • Advertisement messages—Create. • LDP peer Two LSRs with an LDP session established between them and using LDP to exchange FEC-label bindings are LDP peers. When the egress receives the packet. In this case. An egress node needs to do forwarding table lookup twice to forward a packet: looks up the LFIB twice. When an LSR finds that it is assigned an implicit null label. LDP operation LDP goes through four phases in operation: 1. Discovery 8 . or looks up the LFIB once and the FIB once. alter. LSRs can map network layer routing information to data link layer switching paths. and error notification. UDP is used only for discovery messages. Basic concepts of LDP • LDP session LDP sessions are established between LSRs based on TCP connections and used to exchange messages for label binding. the penultimate hop popping (PHP) feature can pop the label at the penultimate node. when an egress node receives a labeled packet. it forwards the packet to the egress. When forwarding an MPLS packet. and then performs the next level label forwarding or performs IP forwarding. label releasing. The label assigned by a PHP-capable egress node to the penultimate hop can be one of the following: • A label value of 0 represents an IPv4 explicit null label. For reliable transport of LDP messages. it does not look up for the LFIB entry but pops the label stack directly and performs IPv4 forwarding. LDP message type LDP messages fall into the following types: • Discovery messages—Declare and maintain the presence of LSRs on a network. Using LDP.PHP In an MPLS network. TCP is used for LDP session messages. The egress thus can directly perform the next level forwarding upon receiving the packet. • A label value of 3 represents an implicit null label and never appears in the label stack. it directly performs a pop operation. and notification messages. An egress assigns an IPv4 explicit null label to a FEC and advertises the FEC-label binding to the upstream LSR. pops the label of the packet. • Notification messages—Provide advisory information and to notify errors. and terminate sessions between LDP peers. it looks up the LFIB. maintain. the upstream LSR substitutes the label at the stack top with the explicit null label and then sends the packet to the egress.

Extended discovery mechanism—Discovers remote LDP peers. LSRs directly connected at the link layer. An LDP session has one or more Hello adjacencies. LSRs not directly connected at the link layer. LSRs can automatically discover their LDP peers. they can send Keepalive messages to each other to maintain the LDP session. In this mechanism. it closes the TCP connection and terminates the LDP session. b. or. LDP provides the following discovery mechanisms: Basic discovery mechanism—Discovers local LDP peers. all routers on the subnet. Before the Keepalive timer times out. MPLS Label Stack Encoding 9 . In this way. Initialize negotiation of session parameters such as the LDP version. When the last Hello adjacency for the session is deleted. LSP establishment and maintenance LDP sends label requests and label binding messages. the LSRs go through the following steps to establish a session: a. the two LDP peers send Hello messages and Keepalive messages to maintain the session. it deletes the Hello adjacency with this peer.2. and Keepalive interval. 3. Session termination An LSR terminates its LDP session with an LDP peer in the following cases: All Hello adjacencies are deleted between the two peers LDP peers periodically send Hello messages to indicate that they intend to keep the Hello adjacency.0. or. Establish a TCP connection between them. label advertisement mode. an LSR periodically sends LDP targeted Hello messages to a given IP address so that the LSR with the IP address can discover the LDP peer. In this mechanism. an LSR will terminate the session with the LDP peer. the LSR will send a Notification message to terminate the LDP session. or.0. If an LSR does not receive any Hello message from a peer before the Hello timer expires. so as to advertise label bindings between LDP peers and thereby establish LSPs. if two LDP peers have no information to exchange. Protocols MPLS related protocols include: • RFC 3031. when receiving the Shutdown message from an LDP peer. Multiprotocol Label Switching Architecture • RFC 3032. Therefore. For the LSP establishment process. Loss of session connectivity An LSR determines the integrity of an LDP session according to the LDP PDU (which carries one or more LDP messages) transmitted on the session.Every LSR that wants to establish LDP sessions sends Hello messages periodically to notify neighboring LSRs of its presence.” 4. After a session is established between them. If an LSR does not receive any LDP PDU from its peer during a Keepalive interval. so that all LSRs directly connected at the link layer can discover this LSR. 2. Session establishment and maintenance After an LSR finds an LDP peer. see “LSP establishment and label distribution. Receiving a shutdown message from the peer An LSR can also send a Shutdown message to its LDP peer to terminate the LDP session. an LSR periodically sends LDP link hello messages to multicast address 224.

LDP Specification MPLS configuration task list Complete the following tasks to configure MPLS: Task Remarks Enabling the MPLS function Required Configuring a static LSP Required Establishing dynamic LSPs through LDP Maintaining LDP sessions Managing and optimizing MPLS forwarding Configuring MPLS statistics Inspecting LSPs Configuring MPLS LDP capability Required Configuring Local LDP session parameters Optional Configuring remote LDP session parameters Optional Configuring PHP Optional Configuring the policy for triggering LSP establishment Optional Configuring the label distribution control mode Optional Configuring LDP loop detection Optional Configuring LDP MD5 authentication Optional Configuring LDP label filtering Optional Configuring BFD for MPLS LDP Optional Resetting LDP sessions Optional Configuring MPLS MTU Optional Configuring TTL processing mode at ingress Optional Sending back ICMP TTL exceeded messages for MPLS TTL expired packets Optional Configuring LDP GR Optional Setting the interval for reading statistics Optional MPLS LSP ping Optional MPLS LSP tracert Optional Configuring BFD for LSPs Optional Configuring periodic LSP tracert Optional Enabling MPLS trap Optional 10 Use either the static or dynamic LSP configuration method .• RFC 5036.

Enable MPLS globally and enter MPLS view. Configuration prerequisites Before you enable MPLS. Enabling the MPLS function In an MPLS domain. ensuring that LSRs can communicate with each other at the network layer. mpls lsr-id lsr-id Not configured by default 3. Configuration prerequisites Before you configure a static LSP. mpls Not enabled by default 4. and RPR logical interface. ATM interface. Enter system view. • Assign IP addresses to interfaces. Configure the MPLS LSR ID. you need to enable MPLS on all routers for MPLS forwarding before you can configure other MPLS features. Configuration procedure To enable MPLS: Step Command Remarks 1. POS interface. mpls Not enabled by default NOTE: An MPLS LSR ID is in the format of an IP address and must be unique within an MPLS domain. Enter interface view. Configuring a static LSP The principle of establishing a static LSP is that the outgoing label of an upstream LSR is the incoming label of its downstream LSR. making all neighboring nodes reachable at the network layer. Layer 3 aggregate interface. • Configure static routes or an IGP protocol. complete the following tasks: • Configure link layer protocols to ensure the connectivity at the link layer. tunnel interface. system-view N/A 2. VLAN interface. quit N/A 5.NOTE: These types of interfaces support MPLS capability: Layer 3 Ethernet interface (GE interface and XGE interface). HDLC interface. MFR interface. Mp-group interface. interface interface-type interface-number N/A 6. Return to system view. Enable MPLS for the interface. H3C recommends using the IP address of a loopback interface on an LSR as the MPLS LSR ID. complete the following tasks: 11 .

system-view 2. If you configure a static IP route for the LSP. Enable LDP capability globally and enter MPLS LDP view. Establishing dynamic LSPs through LDP Configuring MPLS LDP capability To configure MPLS LDP capability: Step Command Remarks 1. • When you configure a static LSP on the ingress LSR. static-lsp ingress lsp-name destination dest-addr { mask | mask-length } { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label 3. be sure to specify the same next hop or outgoing interface for the static route and the static LSP. Configure a static LSP taking the current LSR as a transit LSR. Configure a static LSP taking the current LSR as the egress. static-lsp transit lsp-name incoming-interface interface-type interface-number in-label in-label { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label 4. transit LSRs. do not specify the public address of an interface on the LSR as the next hop address. Configure a static LSP taking the current LSR as the ingress. 12 . see Layer 3—IP Routing Configuration Guide. system-view N/A 2. such as a P2MP ATM subinterface or a P2MP frame relay subinterface. static-lsp egress lsp-name incoming-interface interface-type interface-number in-label in-label NOTE: • If the outgoing interface specified for a static LSP is a P2MP interface. • Make sure that the ingress LSR has a route to the FEC destination. and egress LSR for the static LSP.• Determine the ingress LSR. • For information about configuring a static IP route. the static LSP cannot be up. the next hop or outgoing interface specified must be consistent with the next hop or outgoing interface of the optimal route in the routing table. mpls ldp Not enabled by default. • For an ingress or transit LSR. Enter system view. • Enable MPLS on all these LSRs. Configuration procedure To configure a static LSP: Step Command 1. Enter system view. This is not required on the transit LSRs and egress LSR.

• If there are a many LDP sessions between the two LSRs or the CPU is occupied much. NOTE: • Disabling LDP on an interface terminates all LDP sessions on the interface. the TCP connections cannot be established normally. Configure the LDP transport address. 13 . To configure local LDP session parameters: Step Command Remarks 1. In some applications that use VPN instances (for example. 15 seconds by default. 3. interface interface-type interface-number N/A 6. CAUTION: If you configure an LDP transport address by specifying an IP address. mpls ldp timer hello-hold value 4. MPLS LSR ID of the LSR by default. the specified IP address must be the IP address of an interface on the router. you need to adjust timers to ensure the stability of the LDP sessions. mpls ldp transport-address { ip-address | interface } Optional. MPLS L3VPN). you do not need to configure the LDP LSR ID but use the default. mpls ldp Not enabled by default. Otherwise. Enter system view. however. Configure the LDP LSR ID. 5. you need to make sure that different LDP instances have different LDP LSR IDs if the address spaces overlap. 45 seconds by default. all LSPs using the sessions will be deleted. MPLS LSR ID of the LSR by default.Step Command Remarks Optional. To establish a local LDP session: • Determine the LDP transport addresses of the two peers and make sure that the LDP transport addresses are reachable to each other. This is to establish the TCP connection. which is the MPLS LSR ID. As a result. Enter interface view. Return to system view. interface interface-type interface-number N/A 3. the LDP sessions cannot be established. quit N/A 5. Set the link Keepalive timer. Set the link Hello timer. Optional. Otherwise. lsr-id lsr-id 4. system-view N/A 2. mpls ldp timer keepalive-hold value Optional. Configuring Local LDP session parameters LDP sessions established between local LDP peers are referred to as local LDP sessions. Enable LDP capability for the interface. Enter interface view. • Usually.

• If there are a many LDP sessions between the two LSRs or the CPU is occupied much. see the chapters “Configuring MPLS L2VPN. 7. prefix-label advertise 5. To configure remote LDP session parameters: Step Command Remarks 1. Optional. This is to establish the TCP connection. mpls ldp timer keepalive-hold value Optional. LDP does not advertise prefix-based labels through a remote session.Configuring remote LDP session parameters LDP sessions established between remote LDP peers are referred to as remote LDP sessions. Remote LDP sessions are mainly used in Martini MPLS L2VPN. For more information about remote session applications. MPLS LSR ID of the LSR by default. Enter system view. and MPLS LDP over MPLS TE. . Configure the LDP transport address. system-view N/A 2. 14 By default. Set the targeted Keepalive timer. Configure the remote peer IP address. mpls ldp remote-peer remote-peer-name N/A 3. Create a remote peer entity and enter MPLS LDP remote peer view. mpls ldp transport-address ip-address Optional.” To establish a remote LDP session: • Determine the LDP transport addresses of the two peers and make sure that the LDP transport addresses are reachable to each other.” and “Configuring MPLS TE. Set the targeted Hello timer. Configure LDP to advertise prefix-based labels through a remote session. 45 seconds by default. mpls ldp timer hello-hold value 6. Optional. 45 seconds by default. remote-ip ip-address N/A 4. you need to adjust timers to ensure the stability of the LDP sessions. Martini VPLS.” “Configuring VPLS.

Enter MPLS view. the router cannot distribute a normal label to the penultimate hop (that is. if you use the label advertise command to change the type of label that the egress should distribute to the penultimate hop. For information about MPLS LDP over MPLS TE. • When working as the egress. • For LDP sessions existing before the label advertise command is configured. system-view N/A 2. • If a local adjacency exists between two peers.” • Configuring LDP to advertise prefix-based labels through a remote session is for implementing MPLS LDP over MPLS TE. LDP does not advertise any prefix-based label mapping message through a remote session. you need to restart the router for the configuration to take effect. For more information about remote session applications. see the chapter “Configuring MPLS TE. NOTE: • The router supports PHP when it works as a penultimate hop. the local adjacency can be established only when the transport address and keepalive settings for the local peer and those for the remote peer match respectively. Enter system view. • The remote peer IP address to be configured must be different from all existing remote peer IP addresses. 15 . It can accept the explicit or implicit null label. label advertise { explicit-null | implicit-null | non-null } Optional. and the local session takes precedence over the remote session. see the Martini MPLS L2VPN configuration in the chapter “Configuring MPLS L2VPN. an egress distributes to the penultimate hop an implicit null label. H3C recommends using a device that supports PHP as the penultimate hop. and remote sessions are used only to transfer messages for L2VPNs. it does not support the non-null type). you can configure a local adjacency for them. If a remote adjacency exists between two peers. mpls N/A 3. Specify the type of the label to be distributed by the egress to the penultimate hop.” Configuring PHP To configure PHP: Step Command Remarks 1. in which case the remote adjacency will be removed. no remote adjacency can be established between them. only one remote session or local session can exist between two LSRs. you need to reset the LDP sessions by using the reset mpls ldp command for the PHP configuration to take effect. That is. However. By default. • By default. • After sessions are established.NOTE: • The IP address specified as the LDP transport address must be the IP address of an interface on the router.

system-view N/A 2. an exactly matching routing entry must exist on the LSR. so that only routes matching the policy can trigger establishment of LSPs. see Layer 3—IP Routing Configuration Guide. there must be an exactly matching host routing entry on the LSR. • If the vpn-instance vpn-instance-name combination is specified. Enter system view. assigns labels to them if any. Configuring the label distribution control mode With the label re-advertisement function enabled. An LSR supports two types of LSP triggering policies: • Allowing all routing entries to trigger establishment of LSPs. reducing the number of LSPs to be established on the LSR and avoiding instability of the LSR caused by excessive LSPs. Specify the label distribution control mode. lsp-trigger [ vpn-instance vpn-instance-name ] { all | ip-prefix prefix-name } Optional. To use this policy. mpls ldp N/A Optional. otherwise. • Filtering routing entries by an IP prefix list. system-view N/A 2. mpls N/A 3. to establish an LSP to a loopback address with a 32-bit mask. Enter MPLS LDP view. Enter system view. label-distribution { independent | ordered } 16 For LDP sessions existing before the command is configured. Configure the LSP establishment triggering policy. so that static and IGP routes denied by the IP prefix list will not trigger LSP establishment. you must create the IP prefix list. on an LSR. To configure the policy for triggering LSP establishment: Step Command Remarks 1. the command configures an LSP establishment triggering policy for the specified VPN. Enter MPLS view. You can set the label re-advertisement interval as needed. you need to reset the LDP sessions for the specified label distribution control mode to take effect. . 3. and advertises the label-FEC bindings. NOTE: • For an LSP to be established. For information about IP prefix list configuration. By default. only host routes with 32-bit masks can trigger establishment of LSPs. To configure the LDP label distribution control mode: Step Command Remarks 1. For example. the command configures an LSP establishment triggering policy for the public network routes. an LSR periodically looks for FECs not assigned with labels. Ordered by default.Configuring the policy for triggering LSP establishment You can configure an LSP triggering policy on an LSR.

LDP considers that a loop is present and terminates the establishment of the LSP. When such a message reaches an LSR. loop-detect Disabled by default. Enter MPLS LDP view. Command Enable label re-advertisement for DU mode. the LSR considers that a loop appears and terminates the establishment of the LSP. If not. reaches the specified limit. To configure LDP loop detection: Step Command Remarks 1. . or the length of the path vector. 30 seconds by default. if yes. which increments by 1 for each hop. du-readvertise Set the interval for label re-advertisement in DU mode. the LSR checks the path vector list of the message to see whether its MPLS LSR ID is in the list. Maximum hop count A label request message or label mapping message carries information about its hop count. the LSR will add its LSR ID to the path vector list. du-readvertise timer value Remarks Optional. LDP loop detection can be in either of two modes: 1. Optional. Set the maximum hop count. Optional 32 by default. Enabled by default. When this value reaches the specified limit. 2. system-view N/A 2. 5. Enable loop detection. 4. An LSR will also terminate the establishment of an LSP when the hop count of the path. Configuring LDP loop detection LSPs established in an MPLS domain may be looping. In the path vector mode.Step 4. Set the maximum path vector length. Enter system view. mpls ldp N/A 3. path-vectors pv-number 17 Optional. 32 by default. The LDP loop detection mechanism can detect looping LSPs and prevent LDP messages from looping forever. you also need to specify the maximum number of hops of an LSP. hops-count hop-number 5. Path vector A label request message or label mapping message carries path information in the form of path vector list.

• You need to configure loop detection before enabling LDP capability on any interface. 18 . H3C recommends configuring the routing protocol’s loop detection mechanism. md5-password { cipher | plain } peer-lsr-id password Disabled by default NOTE: To establish an LDP session successfully between two LDP peers.NOTE: • The loop detection modes configured on two LDP peers must be the same. Otherwise. the LDP session cannot be established. Configuring LDP label filtering The LDP label filtering feature provides two mechanisms. system-view N/A 2. Only if the destination address of an FEC matches the specified prefix list. • To implement loop detection in an MPLS domain. Enable LDP MD5 authentication and set the password. LDP label filtering can be used to control which LSPs are to be established dynamically and prevent routers from accepting and advertising excessive label bindings. As shown in Figure 8. Enter system view. does LSR A accept the label binding of the FEC from LSR B. which will generate redundant information and consume many system resources. so that the TCP connections can be established only if the peers have the same authentication password. In complicated MPLS network environments. Enter MPLS LDP view. LSR A does not filter label bindings received from downstream router LSR C. Configuring LDP MD5 authentication LDP sessions are established based on TCP connections. mpls ldp N/A 3. you need to enable loop detection on every LSR in the MPLS domain. you can configure MD5 authentication for the underlying TCP connections. An upstream LSR filters the label bindings received from the specified downstream LSR and accepts only those permitted by the specified prefix list. You can execute the reset mpls ldp command in user view. • LDP loop detection may result in LSP update. Label acceptance control Label acceptance control is for filtering received label bindings. label acceptance control for controlling which labels will be accepted and label advertisement control for controlling which labels will be advertised. make sure that the LDP MD5 authentication configurations on the LDP peers are consistent. so that the loop detection configurations also take effect for existing LSPs. To improve the security of LDP sessions. Changing the loop detection configurations does not affect existing LSPs. • All loop detection configurations take effect for only the LSPs established after the configurations. upstream router LSR A filters the label bindings received from downstream router LSR B. To configure LDP MD5 authentication: Step Command Remarks 1.

For information about IP prefix list configuration. system-view N/A 2. see Layer 3—IP Routing Configuration Guide. downstream router LSR A advertises to upstream router LSR B only label bindings with FEC destinations permitted by prefix list B. you must create an IP prefix list. As shown in Figure 9.Figure 8 Network diagram for label acceptance control Drop label bindings Label bindings not permitted Downstream LSR B Upstream LSR A Label bindings permitted by the label filtering configuration Accept label bindings o D l be la er ilt s t f in g n o in d b Downstream LSR C Label advertisement control Label advertisement control is for filtering label bindings to be advertised. mpls ldp N/A 19 . and advertises to upstream router LSR C only label bindings with FEC destinations permitted by prefix list C. Configuring LDP lable filtering To configure LDP label filtering policies: Step Command Remarks 1. A downstream LSR advertises only the label bindings of the specified FECs to the specified upstream LSR. Enter system view. Figure 9 Network diagram for label advertisement control Configuration prerequisites Before you configure LDP label filtering policies. Enter MPLS LDP view.

and as a result. NOTE: • For more information about BFD. see High Availability Configuration Guide. • An LSP can be bound to only one BFD session. Configuring BFD for MPLS LDP MPLS itself cannot detect a neighbor failure or link failure in time. Enter MPLS LDP remote peer view. improving performances of existing MPLS networks. system-view N/A 2. Enable BFD for MPLS LDP. Not configured by default. By cooperating with bidirectional forwarding detection (BFD). configuring a label acceptance control policy on the upstream LSR and configuring a label advertisement control policy on the downstream LSR can achieve the same effect. Command Remarks Configure a label acceptance control policy. H3C recommends configuring only label advertisement control policies. see the chapter “Configuring VPLS. accept-label peer peer-id ip-prefix ip-prefix-name Optional. remote-ip bfd Disabled by default NOTE: The cooperation of MPLS LDP and BFD can be used to detect communication failures between remote LDP peers only. MPLS LDP can be quickly aware of communication failures between remote LDP peers. Enter system view. If communication between two remote LDP peers fails. the LDP session will be down.” Resetting LDP sessions If you change LDP session parameters when some LDP sessions are up. MPLS forwarding will fail. Configure a label advertisement control policy. To configure BFD for MPLS LDP: Step Command Remarks 1. 4. mpls ldp remote-peer remote-peer-name N/A 3. advertise-label ip-prefix ip-prefix-name [ peer peer-ip-prefix-name ] Not configured by default. To reduce the network load. Maintaining LDP sessions This section describes how to detect communication failures between remote LDP peers and reset LDP sessions. the LDP sessions will not be able to function normally. you need to reset the LDP session so that the LDP peers renegotiate parameters and establish new sessions.Step 3. NOTE: For two neighboring LSRs. In this case. For related configuration examples. 20 .

data forwarding may fail on the interface. a packet. the LSR will compare the length of an MPLS packet against the configured MPLS MTU on the interface. 21 . and then forwards the fragments. the length of an MPLS fragment may be larger than the interface’s MTU. Enter system view. Enter interface view. Configuring TTL processing mode at ingress At the ingress of an LSP. after encapsulated with an MPLS label. interface interface-type interface-number N/A 3. During MPLS forwarding. To configure the MPLS MTU of an interface: Step Command Remarks 1. • If you do not configure the MPLS MTU of an interface. may exceed the allowed length of the link layer and thus cannot be forwarded. adds the label stack back into each fragment. Whether the label TTL takes the IP TTL or not depends on whether IP TTL propagation is enabled. NOTE: • MPLS packets carrying L2VPN or IPv6 packets are always successfully forwarded. although the network layer packet is smaller than the MTU of the interface. mpls mtu value By default. Thus. a label stack encapsulated with a TTL field is added to each packet. even if they are larger than the MPLS MTU. • If the MPLS MTU of an interface is greater than the MTU of the interface. To address the issue. you can configure the MPLS MTU on an interface of an LSR. and the length of fragments does not take the MPLS labels into account.Use the following command to reset LDP sessions: Task Command Remarks Reset LDP sessions. the LSR removes the label stack from the packet. Then. reset mpls ldp [ all | [ vpn-instance vpn-instance-name ] [ fec mask | peer peer-id ] ] Available in user view Managing and optimizing MPLS forwarding Configuring MPLS MTU An MPLS label stack is inserted between the link layer header and network layer header of a packet. fragments the IP packet (the length of a fragment is the MPLS MTU minus the length of the label stack). • If fragmentation is not allowed. fragmentation of MPLS packets will be based on the MTU of the interface. Configure the MPLS MTU of the interface. the LSR drops the packet directly. When the packet is larger than the MPLS MTU: • If fragmentation is allowed. the MPLS MTU of an interface is not configured. system-view N/A 2.

as if the ingress and egress were connected directly. it decrements the TTL value of the label at the stack top by 1. system-view N/A 2.With IP TTL propagation enabled: When the ingress labels a packet. In this case. Therefore. it copies the TTL value of the original IP packet to the TTL field of the label. When an LSR pops a label. Enter system view. • Figure 10 Label TTL processing when IP TTL propagation is enabled With IP TTL propagation disabled: When the ingress labels a packet. Enter MPLS view. it decrements the TTL value of the label at the stack top by 1. When an LSR pops a label. it copies the TTL value of the label at the stack top back to the TTL field of the IP packet. In this case. the TTL value of a packet is decreased hop by hop when forwarded along the LSP. it compares the IP TTL and the label TTL and uses the smaller value as the TTL of the IP packet. . mpls N/A 3. When an LSR forwards the labeled packet. it does not copy the TTL value of the original IP packet to the TTL field of the label. the result of tracert does not show the hops within the MPLS backbone. • Figure 11 Label TTL processing when IP TTL propagation is disabled To configure IP TTL propagation of MPLS: Step Command Remarks 1. ttl propagate { public | vpn } 22 Enabled for only public network packets by default. When an LSR forwards the labeled packet. Enable MPLS IP TTL propagation. Optional. the result of tracert will reflect the real path along which the packet has traveled. and the label TTL is set to 255.

CAUTION: • Within an MPLS domain. and carrier backbone PEs in nested VPNs may receive MPLS VPN packets that carry only one level of label but these devices have no IP routes to the packet senders. mpls N/A 3. for an MPLS packet carrying a multi-level label stack. when the LSR receives an MPLS packet that carries a label with TTL being 1. the first method is not applicable. Enter system view. H3C recommends that you enable it on all related provider edge (PE) devices. this command takes effect only when it is configured on the ingress. the first method is used. it forwards the ICMP TTL exceeded message along the LSP to the egress. • If you enable MPLS IP TTL propagation for VPN packets on one LSR.” Sending back ICMP TTL exceeded messages for MPLS TTL expired packets After you enable an LSR to send back ICMP TTL exceeded messages for MPLS TTL expired packets. for an MPLS packet carrying only one level of label. This ensures that the local administrator can tracert for network diagnoses. . However. ttl expiration enable 23 Optional. see the chapter “Configuring MPLS L3VPN. because autonomous system boundary routers (ASBRs). which will send the message to the packet sender. NOTE: For more information about HoVPN and nested VPN. Usually.” To configure the router to send back an ICMP TTL exceeded message for a received MPLS TTL expired packet: Step Command Remarks 1. an LSR always copies the IP TTL value of the packet. it sends the ICMP TTL exceeded message to the packet sender directly through the IP route. so you can get the same result when tracerting from those PEs. Enabled by default. superstratum PEs or service provider-end PEs (SPEs) in Hierarchy of VPN (HoVPN) applications. you can configure the undo ttl expiration pop command on these devices so that the devices use the second method. regardless of whether IP TTL propagation is enabled or not. it will generate an ICMP TTL exceeded message. Enter MPLS view. In this case. system-view N/A 2. see the chapter “Configuring MPLS L3VPN. the second method is used. Therefore. • For locally generated packets. TTL is always copied between multiple levels of labels. The ttl propagate command affects only the propagation of the IP TTL to the TTL of an MPLS label. • If the LSR has no route to the packet sender. and send the message to the packet sender in one of the following ways: • If the LSR has a route to the packet sender. For more information about PE. Enable the device to send back an ICMP TTL exceeded message when it receives an MPLS TTL expired packet.

4. ensuring continuous data transmission. ICMP TTL exceeded messages for such MPLS packets always travel along the LSPs. an ICMP TTL exceeded message is sent back along an IP route when the TTL of an MPLS packet with a one-level label stack expires. A GR helper must be GR-capable. neighbor of the GR restarter. • GR helper. Using this feature. Configuring LDP GR MPLS has two separate planes: the forwarding plane and the control plane. This configuration does not take effect when the MPLS packets carry multiple levels of labels. two LDP peers perform GR negotiation when establishing an LDP session. A GR helper maintains the neighbor relationship with the GR restarter and helps the GR restarter restore its LFIB information. The LDP session established is GR capable only when both peers support LDP GR. • (Approach 1) Use IP routes: ttl expiration pop • (Approach 2) Use LSP routes: undo ttl expiration pop By default. It must be GR-capable. The working procedure of LDP GR is as follows: 24 . the router that gracefully restarts due to a manually configured command or a fault. LDP Graceful Restart (GR) preserves the LFIB information when the signaling protocol or control plane fails. Use either approach as required.Step Command Remarks Optional. Configure the router to use IP routes or LSPs to send back the ICMP TTL exceeded messages for TTL-expired MPLS packets that have only one level of label. Figure 12 LDP GR GR helper GR restarter GR helper GR helper LDP session with GR capability As shown in Figure 12. A router that participates in a GR process plays either of two roles: • GR restarter. so that LSRs can still forward packets according to LFIB.

4. 5. the GR helper deletes the FEC-label bindings that are still marked stale. graceful-restart timer reconnect timer Optional 5. if the LDP session fails to be re-established. During the LDP restart process. Configuration prerequisites Before you configure LDP GR. 300 seconds by default 120 seconds by default 300 seconds by default Gracefully restarting MPLS LDP To test whether the MPLS LDP GR configuration has taken effect. the GR helper and the GR restarter will use the new LDP session to exchange the label mapping information. Set the FT reconnect time. during the LDP recovery time. graceful-restart timer neighbor-liveness timer Optional Set the LDP recovery time. To restart MPLS LDP gracefully: 25 . When the MPLS forwarding state holding timer expires. Whenever restarting. you can perform graceful restart of MPLS LDP. Configuring LDP GR To configure LDP GR: Step Command Remarks 1. marks them as stale. it marks the FEC-label bindings learned from the session as stale and will keep these FEC-label bindings for a period of time defined by the fault tolerant (FT) reconnect time argument. the GR restarter preserves all MPLS forwarding entries. the GR helper will delete the FEC-label bindings marked stale. Enter system view. 2. If the session is re-established successfully. graceful-restart Disabled by default 4. mpls ldp N/A 3. and delete the stale marks of the corresponding forwarding entries. you can see whether the packet forwarding path is changed and whether packet forwarding is interrupted. Enable MPLS LDP GR. 6. 3.1. update the LFIB. NOTE: The router can act as a GR restarter or a GR helper as needed in the LDP GR process. the GR restarter deletes the label forwarding entries that are still marked stale. configure MPLS LDP capability on each router that will act as the GR restarter or a GR helper. system-view N/A 2. Set the LDP neighbor liveness time. Enter MPLS LDP view. The FT reconnect time is the smaller one between the reconnect time advertised from the peer GR restarter and the neighbor liveness time configured locally. During the FT reconnect time. and starts the MPLS forwarding state holding timer for them. graceful-restart timer recovery timer Optional 6. After the recovery time elapses. After a GR helper detects that the LDP session with the GR restarter is down. The LDP recovery time is the smaller one between the recovery time configured locally and that configured on the peer GR restarter.

Enter system view. mpls N/A 3. Enter MPLS view. Configuring MPLS statistics To view LSP statistics. An MPLS echo reply carrying a success notification indicates that the lSP is normal. the control plane cannot detect the LSP failure or cannot do so in time. and an MPLS echo reply carrying an error code indicates that the LSP has failed. which then is forwarded along the LSP to the egress. system-view N/A 2. it adds the label for the FEC to be inspected into an MPLS echo request. To check the connectivity of an LSP: 26 . The egress processes the request packet and returns an MPLS echo reply to the ingress. At the ingress. the MPLS control plane is responsible for establishing LSPs. Set the interval for reading LSP statistics. statistics interval interval-time 0 seconds by default. the router provides the following mechanisms: • MPLS LSP ping • MPLS LSP tracert • BFD for LSPs • Periodic LSP tracert MPLS LSP ping MPLS LSP ping is for checking the connectivity of an LSP. However. Setting the interval for reading statistics To set the interval for reading LSP statistics: Step Command Remarks 1.Task Command Remarks Restart MPLS LDP gracefully. It does not perform active/standby switchover. Do not perform this operation in other cases. To find LSP failures in time and locate the failed node. graceful-restart mpls ldp Available in user view NOTE: The graceful-restart mpls ldp command is only used to test MPLS LDP GR function. when an LSP fails to forward data. This brings difficulty to network maintenance. meaning that the system does not read LSP statistics. you must set the interval for reading LSP statistics at first. Inspecting LSPs In MPLS.

and the ingress will add the label for the FEC to into a BFD control packet. • Static: If you specify the local and remote discriminator values by using the discriminator keyword when configuring the bfd enable command. You can also configure BFD session 27 . It consecutively sends the MPLS echo requests along the LSP to be inspected. Such a BFD session is used for connectivity detection of an LSP from the local router to the remote router. you need to configure an IP address for the loopback interface and configure the IP address as the MPLS LSR ID. After the configuration. a BFD session will be established between the ingress and egress of the LSP. and determine the status of the LSP according to the reply received. Such a BFD session is used to detect the connectivity of a pair of LSPs in opposite directions (one from local to remote. BFD triggers a traffic switchover. Upon detecting an LSP failure. Configuration prerequistes • The BFD session parameters are those configured on the loopback interface whose IP address is configured as the MPLS LSR ID. To locate errors of an LSP: Task Command Remarks Perform MPLS LSP tracert to locate an MPLS LSP error. the ingress can collect the information of each hop along the LSP. with the TTL increasing from 1 to a specific value. and the other from remote to local) between two routers.Task Command Remarks Use MPLS LSP ping to check the connectivity of an MPLS LSP. You can also use MPLS LSP tracert to collect the important information of each hop along the LSP. before enabling BFD for an LSP. • Dynamic: If you do not specify the local and remote discriminator values when configuring the bfd enable command. Then. such as the label allocated. tracert lsp [ -a source-ip | -exp exp-value | -h ttl-value | -r reply-mode |-t time-out ] * ipv4 dest-addr mask-length [ destination-ip-addr-header ] Available in any view Configuring BFD for LSPs You can configure BFD for an LSP to detect the connectivity of the LSP. the BFD session will be established with the specified discriminator values. and the BFD packets will use the MPLS LSR ID as the source address. forward the BFD control packet along the LSP to the egress. Therefore. ping lsp [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m wait-time | -r reply-mode | -s packet-size | -t time-out | -v ] * ipv4 dest-addr mask-length [ destination-ip-addr-header ] Available in any view MPLS LSP tracert MPLS LSP tracert is for locating LSP errors. the MPLS LSP ping will be run automatically to negotiate the discriminator values and then the BFD session will be established based on the negotiated discriminator values. each hop along the LSP will return an MPLS echo reply to the ingress due to TTL timeout. so as to locate the failed node. Thus. A BFD session for LSP connectivity detection can be static or dynamic.

• In a BFD session for detecting LSP connectivity. It detects the consistency of the forwarding plane and control plane and records detection results into logs. • After a static BFD session is established. If you configure BFD as well as periodic tracert for an LSP.parameters for the loopback interface as needed. Enable LSP verification and enter the MPLS LSPV view. the ingress node always works in active mode and the egress node always works in passive mode. see High Availability Configuration Guide. the BFD session will still be established successfully. • BFD for MPLS LDP is for detecting the IP connectivity between two remote LDP peers. it is not allowed to modify the discriminator values of the BFD session. For more information about BFD. BFD for LSP is for detecting the connectivity of LSPs. bfd enable destination-address mask-length [ nexthop nexthop-address [ discriminator local local-id remote remote-id ] ] Not configured by default NOTE: • You cannot establish both a static BFD session and a dynamic BFD session for the same LSP. make sure that there is already an LSP from the local router to the remote router and an LSP from the remote router to the local router. mpls lspv Disabled by default 28 . To establish a static BFD session. Configure BFD to check the connectivity of the LSPs to the specified FEC destination. • Configuring BFD for LSPs To configure BFD for LSPs: Step Command Remarks 1. Enter system view. Enter system view. Enable LSP verification and enter the MPLS LSPV view. Even if you configure the two nodes to both work in passive mode. mpls lspv Disabled by default 3. The bfd session init-mode command does not take effect on the ingress and egress nodes of such a BFD session. Configuring periodic LSP tracert The periodic LSP tracert function is for locating faults of an LSP periodically. To configure the periodic LSP tracert function: Step Command Remarks 1. once the periodic LSP tracert function detects an LSP fault or inconsistency of the forwarding plane and control plane. system-view N/A 2. system-view N/A 2. You can know whether an LSP has failed by checking the logs. the BFD session for the LSP will be deleted and a new BFD session will be established according to the control plane.

To enable the MPLS trap function: Step Command Remarks 1. display mpls ilm [ label ] [ verbose ] [ slot slot-number ] [ include text | { | { begin | exclude | include } regular-expression } ] Available in any view Display the usage information of the specified or all labels. see Network Management and Monitoring Configuration Guide. display mpls interface [ interface-type interface-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the ILM table. Command Remarks periodic-tracert destination-address mask-length [ -a source-ip | -exp exp-value | -h ttl-value | -m wait-time | -t time-out | -u retry-attempt ] * Not configured by default Enabling MPLS trap If the MPLS trap function is enabled. Configure periodic tracert for an LSP to the specified FEC destination. Displaying and maintaining MPLS Displaying MPLS operation Task Command Remarks Display information about a specific or all interfaces with MPLS enabled. snmp-agent trap enable mpls Disabled by default NOTE: For more information about the snmp-agent trap enable mpls command. system-view N/A 2. For more information about the information center. Whether and where the packets will then be output depend on the configurations of the information center. see Network Management and Monitoring Command Reference. display mpls label { label-value1 [ to label-value2 ] | all } [ | { begin | exclude | include } regular-expression ] Available in any view 29 . Enable the MPLS trap function. trap packets of the notifications level will be generated to report critical MPLS events. Such trap packets will be sent to the information center of the router.Step 3. Enter system view.

display mpls statistics lsp { index | all | name lsp-name } [ | { begin | exclude | include } regular-expression ] Available in any view Display MPLS statistics for a specific or all interfaces.Task Command Remarks Display information about LSPs. display mpls nhlfe [ token ] [ verbose ] [ slot slot-number ] [ include text | { | { begin | exclude | include } regular-expression } ] Available in any view Display usage information about the NHLFE entries. display mpls static-lsp [ lsp-name lsp-name ] [ { include | exclude } dest-addr mask-length ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about LSPs over specified or all routes for the public or a specific private network. display mpls nhlfe reflist token [ slot slot-number ] [ include text | { | { begin | exclude | include } regular-expression } ] Available in any view Display information about static LSPs. display mpls lsp bfd [ ipv4 destination-address mask-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the NHLFE table. display mpls ldp [ all [ verbose ] [ | { begin | exclude | include } regular-expression ] ] Available in any view Display the label advertisement information of the specified FEC. display mpls ldp fec [ vpn-instance vpn-instance-name ] dest-addr mask-length [ | { begin | exclude | include } regular-expression ] Available in any view 30 . display mpls lsp [ incoming-interface interface-type interface-number ] [ outgoing-interface interface-type interface-number ] [ in-label in-label-value ] [ out-label out-label-value ] [ asbr | [ vpn-instance vpn-instance-name ] [ protocol { bgp | bgp-ipv6 | crldp | ldp | rsvp-te | static | static-cr } ] ] [ egress | ingress | transit ] [ { exclude | include } dest-addr mask-length ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display LSP statistics. display mpls route-state [ vpn-instance vpn-instance-name ] [ dest-addr mask-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display MPLS statistics for a specific or all LSPs. display mpls lsp statistics [ | { begin | exclude | include } regular-expression ] Available in any view Display the BFD detection information for an LSP. display mpls statistics interface { interface-type interface-number | all } [ | { begin | exclude | include } regular-expression ] Available in any view Displaying MPLS LDP operation Task Command Remarks Display information about LDP.

vpn-instance vpn-instance-name specifies an LDP instance. display mpls ldp session [ all [ verbose] | [ vpn-instance vpn-instance-name ] [ peer-id | verbose ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display statistics information about all LSP sessions. For information about LDP instances. display mpls ldp peer [ all [ verbose ] | [ vpn-instance vpn-instance-name ] [ peer-id | verbose ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about remote LDP peers. display mpls ldp cr-lsp [ lspid lsr-id lsp-id ] [ | { begin | exclude | include } regular-expression ] Available in any view NOTE: In these display commands. reset mpls statistics interface { interface-type interface-number | all } Available in user view Clear MPLS statistics for a specific LSP or all LSPs.Task Command Remarks Display information about LDP-enabled interfaces. reset mpls statistics lsp { index | all | name lsp-name } Available in user view 31 . display mpls ldp session all statistics [ | { begin | exclude | include } regular-expression ] Available in any view Display information about LSPs established by LDP. display mpls ldp lsp [ all | [ vpn-instance vpn-instance-name ] [ dest-addr mask-length ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about CR-LSPs established by CR-LDP. display mpls ldp interface [ all [ verbose ] | [ vpn-instance vpn-instance-name ] [ interface-type interface-number | verbose ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about LDP peers.” Clearing MPLS statistics Task Command Remarks Clear MPLS statistics for a specific MPLS interface or all MPLS interfaces. see the chapter “Configuring MPLS L3VPN. display mpls ldp remote-peer [ remote-name remote-peer-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about LDP sessions between LDP peers.

There is no need to configure such a static route on the transit and egress nodes and thus you do not need to configure any routing protocol on the routers.1. and Router C support MPLS.1.0/24 and 21.MPLS configuration examples Configuring static LSPs Network requirements Router A. <RouterC> system-view [RouterC] ip route-static 11. (Details not shown) 2. Configure the IP addresses and masks of the interfaces including the loopback interfaces as required in Figure 13. Check the connectivity of the static LSPs. Configuration procedure 1. # Configure a static route to network 21.0/24 on Router A.255.1.0/24 on Router C.1. • Configure a static route to the destination address of the LSP on each ingress node.0 20. Enable MPLS.1. Configure the IP addresses of the interfaces.1. Establish static LSPs between Router A and Router C so that subnets 10.0/24 can access each other over MPLS.1. <RouterA> system-view [RouterA] ip route-static 21.1. • Configure an LSP for each direction on the forwarding path.0 24 10.2 # Configure a static route to network 11.255. Figure 13 Network diagram Configuration considerations • On an LSP.1.0 255.9 [RouterA] mpls [RouterA-mpls] quit 32 . [RouterA] mpls lsr-id 1.1. Router B.1.1.1. # Configure MPLS on Router A.1.1.1. Configure a static route to the destination address of the FEC on each ingress node.1. the outgoing label of an upstream LSR must be identical with the incoming label of its downstream LSR.1 3.1.

1.1.3. Router A. The following takes Router A as an example: [RouterA] display mpls static-lsp total statics-lsp : 2 Name FEC I/O Label I/O If State AtoC 21. Router C.1.3.1 out-label 70 # Configure the LSP egress. Configure a static LSP from Router A to Router C.0 24 nexthop 10.0 24 nexthop 20.1. Create a static LSP from Router C to Router A. [RouterB] static-lsp transit CtoA incoming-interface Pos 2/1/2 in-label 40 nexthop 10. [RouterB] static-lsp transit AtoC incoming-interface Pos 2/1/1 in-label 30 nexthop 20. [RouterA] static-lsp egress CtoA incoming-interface Pos 2/1/1 in-label 70 6. Router B. Router A. # Configure the LSP ingress.1.9 [RouterB] mpls [RouterB-mpls] quit [RouterB] interface Pos 2/1/1 [RouterB-Pos2/1/1] mpls [RouterB-Pos2/1/1] quit [RouterB] interface Pos 2/1/2 [RouterB-Pos2/1/2] mpls [RouterB-Pos2/1/2] quit # Configure MPLS on Router C.1. [RouterC] mpls lsr-id 3.1. Router B.1. # Configure the LSP ingress.9 [RouterC] mpls [RouterC-mpls] quit [RouterC] interface Pos 2/1/1 [RouterC-Pos2/1/1] mpls [RouterC-Pos2/1/1] quit 4. [RouterA] static-lsp ingress AtoC destination 21.2.[RouterA] interface Pos 2/1/1 [RouterA-Pos2/1/1] mpls [RouterA-Pos2/1/1] quit # Configure MPLS on Router B.2 out-label 30 # Configure the LSP transit node.1 out-label 40 # Configure the LSP transit node.1. [RouterC] static-lsp egress AtoC incoming-interface Pos 2/1/1 in-label 50 5. [RouterC] static-lsp ingress CtoA destination 11.2.2 out-label 50 # Configure the LSP egress. Router C.1.1. # Execute the display mpls static-lsp command on each router to view the static LSP information. Verify the configuration.1.1.0/24 NULL/30 -/Pos2/1/1 Up CtoA -/- 70/NULL Pos2/1/1/- Up 33 .1. [RouterB] mpls lsr-id 2.

2: bytes=100 Sequence=4 time = 2 ms Reply from 20.1.1.1: bytes=100 Sequence=5 time = 2 ms --.2: bytes=100 Sequence=2 time = 2 ms Reply from 20.1.1: bytes=100 Sequence=3 time = 2 ms Reply from 10. check the reachability of the LSP from Router A to Router C.FEC: IPV4 PREFIX 11.1.0 24 LSP Ping FEC: IPV4 PREFIX 21.1.0/24 : 100 data bytes.1 ipv4 11.1.1.1.00% packet loss round-trip min/avg/max = 2/2/3 ms Configuring LDP to establish LSPs dynamically Network requirements Router A.1.0/24 and 21.FEC: IPV4 PREFIX 21.1.1. Figure 14 Network diagram 34 .1.00% packet loss round-trip min/avg/max = 1/1/2 ms # On Router C.1.1.1.1.1.1. Router B.1.1: bytes=100 Sequence=1 time = 3 ms Reply from 10.1. and Router C support MPLS. press CTRL_C to break Reply from 20. Configure LDP to establish LSPs between Router A and Router C so that subnets 11.1.1.1.0/24 : 100 data bytes. [RouterC] ping lsp -a 21. press CTRL_C to break Reply from 10.1.2: bytes=100 Sequence=5 time = 2 ms --.1.1.1 ipv4 21.1.1.1.2: bytes=100 Sequence=1 time = 2 ms Reply from 20. check the reachability of the LSP from Router C to Router A.0/24 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.0/24 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.1: bytes=100 Sequence=2 time = 2 ms Reply from 10.# On Router A.0/24 can reach each other over MPLS.1. [RouterA] ping lsp -a 11.2: bytes=100 Sequence=3 time = 1 ms Reply from 20.1.0 24 LSP Ping FEC: IPV4 PREFIX 11.1.1.1.1. Check the LSP connectivity.1.1: bytes=100 Sequence=4 time = 2 ms Reply from 10.1.1.

0.0] quit [RouterC-ospf-1] quit # Execute the display ip routing-table command on each router.0.0.255 [RouterC-ospf-1-area-0.1.0.255 [RouterA-ospf-1-area-0.9/32 3.0 0.1.0.0.1.0.0] network 11.0] network 10.0 0.0] network 2.9/32 Routes : 11 Pre Cost NextHop Interface Direct 0 0 127. • LDP uses routing information for label distribution.0] network 20. <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0 [RouterA-ospf-1-area-0. Take Router A as an example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 11 Destination/Mask Proto 1.0.1.1.1. You will see that each router has learned the routes to other routers.0.0.0] network 10.1.0.9 0.3.1.1.0.1.0.0.0.255 [RouterC-ospf-1-area-0.2.0.0.0.0.0.2 Pos2/1/1 OSPF 10 2 10.1.0 0. OSPF is used in this example.0 0.0.255 [RouterB-ospf-1-area-0.1.1.1.1. Configure the IP addresses and masks of the interfaces including the loopback interfaces as required in Figure 14.3.0.0.Configuration considerations • Enable LDP on the LSRs. (Details not shown) 2.0.0 [RouterC-ospf-1-area-0.3.0. Configuration procedure 1.0.2. Therefore.1.0] network 20. LDP dynamically distributes labels and establishes LSPs and thus there is no need to manually configure labels for LSPs.1.3. you need to configure a routing protocol to learn routing information.0.0.0.0] quit [RouterA-ospf-1] quit # Configure OSPF on Router B.9 0.0.0.2.0 [RouterB-ospf-1-area-0.2 Pos2/1/1 35 . <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0. Configure OSPF to ensure IP connectivity between the routers.0.0 0. Configure the IP addresses of the interfaces. <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.2.0 0.0.255 [RouterA-ospf-1-area-0.0.9/32 2.1.0] quit [RouterB-ospf-1] quit # Configure OSPF on Router C.0.0] network 1.255 [RouterB-ospf-1-area-0.0.0.0.0.0. # Configure OSPF on Router A.0.0.1.0] network 21.0] network 3.0.1 InLoop0 OSPF 10 1 10.0.1.9 0.

1 InLoop0 127.1/32 Direct 0 0 127.1.3.1.2 Pos2/1/1 21.1/32 Direct 0 0 127. [RouterB] mpls lsr-id 2.1.1.0. one between Router A and Router B and the other between Router B and Router C. Execute the display mpls ldp session command on each router to view the LDP session information.2 Pos2/1/1 127.1. two local LDP sessions are established.1 InLoop0 20. # Configure MPLS and MPLS LDP on Router A.1.1.0.0.1. 10.1.0.0.9 [RouterA] mpls [RouterA-mpls] quit [RouterA] mpls ldp [RouterA-mpls-ldp] quit [RouterA] interface Pos 2/1/1 [RouterA-Pos2/1/1] mpls [RouterA-Pos2/1/1] mpls ldp [RouterA-Pos2/1/1] quit # Configure MPLS and MPLS LDP on Router B.1 Pos2/1/1 10.0.1 InLoop0 Enable MPLS and MPLS LDP. and execute the display mpls ldp peer command to view the LDP peer information.0/24 OSPF 10 2 10.2.0.3.1.1 InLoop0 11.1.1.3.1.0.0.0.0.1/32 Direct 0 0 127.1.0/24 Direct 0 0 10.9 [RouterC] mpls [RouterC-mpls] quit [RouterC] mpls ldp [RouterC-mpls-ldp] quit [RouterC] interface Pos 2/1/1 [RouterC-Pos2/1/1] mpls [RouterC-Pos2/1/1] mpls ldp [RouterC-Pos2/1/1] quit # After the configurations.0/24 OSPF 10 3 10.0.0/24 Direct 0 0 11. Take Router A as an example: [RouterA] display mpls ldp session 36 .9 [RouterB] mpls [RouterB-mpls] quit [RouterB] mpls ldp [RouterB-mpls-ldp] quit [RouterB] interface Pos 2/1/1 [RouterB-Pos2/1/1] mpls [RouterB-Pos2/1/1] mpls ldp [RouterB-Pos2/1/1] quit [RouterB] interface Pos 2/1/2 [RouterB-Pos2/1/2] mpls [RouterB-Pos2/1/2] mpls ldp [RouterB-Pos2/1/2] quit # Configure MPLS and MPLS LDP on Router C.1 GE3/1/1 11.1.1.1.1.2.1. [RouterC] mpls lsr-id 3.0/8 Direct 0 0 127. [RouterA] mpls lsr-id 1.1.1.1.

9/32 3/NULL 127.3.1.1. Take Router A as an example: [RouterA] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1 -------/InLoop0 2 2.2 -------/Pos2/1/1 ------------------------------------------------------------------A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale # On Router A.2. [RouterB] mpls [RouterB-mpls] lsp-trigger all [RouterB-mpls] quit # Configure the LSP establishment triggering policy on Router C.0. [RouterA] mpls [RouterA-mpls] lsp-trigger all [RouterA-mpls] quit # Configure the LSP establishment triggering policy on Router B.1.2.2.2.1.1. Verify the configuration.0.1.2 -------/Pos2/1/1 6 21.1.1.2.1. check the connectivity of the LDP LSP from Router A to 21.0.1.2.9/32 NULL/1024 10. # Configure the LSP establishment triggering policy on Router A.1.1.0/24.LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ---------------------------------------------------------------2.9 Pos2/1/1 ---------------------------------------------------------------- 4.1.2.2.2 -------/Pos2/1/1 4 11.0/24 NULL/1027 10.0/24 3/NULL 0. [RouterC] mpls [RouterC-mpls] lsp-trigger all [RouterC-mpls] quit 5.9:0 2.1. Allow all static routes and IGP routes to trigger establishment of LSPs.9:0 Operational DU Passive Off Off 5/5 ---------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [RouterA] display mpls ldp peer LDP Peer Information in Public network Total number of peers: 1 ----------------------------------------------------------------Peer-ID Transport-Address Discovery-Source ---------------------------------------------------------------2. # Execute the display mpls ldp lsp command on each router to view the LDP LSP information.9/32 NULL/3 10.0 -------/GE3/1/1 5 20.1.1.0/24 NULL/3 10.1.2 -------/Pos2/1/1 3 3.0.3.1. 37 .

1.1.2: bytes=100 Sequence=3 time = 1 ms Reply from 20. <RouterA> system-view [RouterA] mpls lspv [RouterA -mpls-lspv] bfd enable 21. Configuration procedure 1.1.1.1. [RouterC] ping lsp ipv4 11.0/24 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. press CTRL_C to break Reply from 20.0 24 38 .1.0 24 [RouterA -mpls-lspv] quit # Configure Router C.1.1. For more information.” 2.[RouterA] ping lsp ipv4 21.1.0/24 : 100 data bytes.1.1.1.2: bytes=100 Sequence=5 time = 3 ms --.1: bytes=100 Sequence=2 time = 2 ms Reply from 10.1.1.1. <RouterC> system-view [RouterC] mpls lspv [RouterC-mpls-lspv] bfd enable 11.1.0 24 LSP Ping FEC: IPV4 PREFIX 11.00% packet loss round-trip min/avg/max = 1/2/3 ms # On Router C. # Configure Router A.1.1.1.FEC: IPV4 PREFIX 11. Enable BFD for LSP validity check. see “Configuring LDP to establish LSPs dynamically.0/24.1.1.2: bytes=100 Sequence=4 time = 1 ms Reply from 20.1: bytes=100 Sequence=5 time = 2 ms --.1.1: bytes=100 Sequence=3 time = 2 ms Reply from 10.1.1.0/24 : 100 data bytes.00% packet loss round-trip min/avg/max = 2/2/3 ms Configuring BFD for LSP validity check Network requirements For the network diagram.1: bytes=100 Sequence=4 time = 3 ms Reply from 10. see Figure 13.1. Configure LDP sessions.1. Use BFD to detect the connectivity of the LSPs.0 24 LSP Ping FEC: IPV4 PREFIX 21.1. press CTRL_C to break Reply from 10.0/24 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1. Make sure that two LDP LSPs are established between Router A and Router C.1.1.FEC: IPV4 PREFIX 21.1.1.2: bytes=100 Sequence=2 time = 2 ms Reply from 20.1. check the connectivity of the LDP LSP from Router C to 11.1.2: bytes=100 Sequence=1 time = 3 ms Reply from 20.1.1.1: bytes=100 Sequence=1 time = 2 ms Reply from 10.1.1.

1.1.1.3.0/24 Type Local Discr : 129 Remote Discr : 129 Tunnel ID : 0x6040000 NextHop : 10.1.1.1.0.1.0.1.0/24 to 1.1.1. and the other for detecting the connectivity of the LSP from 21.1.0/24.1 Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Recv Pkt Num: 18 Send Pkt Num: 18 Hold Time: 1900ms Connect Type: Indirect Running Up for: 00:02:36 Auth mode: None Protocol: MFW/LSPV Diag Info: No Diagnostic Local Discr: 130 Remote Discr: 130 Source IP: 1.9 Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Recv Pkt Num: 18 Send Pkt Num: 18 39 .0/24 and 21. Use the following command to view the verbose information of the BFD sessions: [RouterA] display bfd session verbose Total session number: 2 Up session number: 2 Init mode: Active IPv4 session working under Ctrl mode: Local Discr: 129 Remote Discr: 129 Source IP: 1.0/24 to 21.9 : LSP Session State : Up : LSP Session Role : Passive FEC : 21.9 Destination IP: 127.1.1.1.0/24 Type Local Discr : 130 Remote Discr : 130 Tunnel ID : --- NextHop : --- Source IP : 3.3.[RouterC-mpls-lspv] quit 3.0/24.9 Destination IP: 3.1.1.0/24: one for detecting the connectivity of the LSP from 1.1.1.1. Execute the display mpls lsp bfd command on Router A and Router C to view information about BFD sessions established for LSPs.1.3. Verify the configuration. Take Router A as an example: [RouterA] display mpls lsp bfd MPLS BFD Session(s) Information ----------------------------------------------------------------------------FEC : 11.2 Source IP : 1.1.9 Session State : Up Session Role : Active Total Session Num: 2 The output indicates that two BFD sessions have been established between 11.1.1.3.1.

Hold Time: 1900ms Connect Type: Indirect Running Up for: 00:02:28 Auth mode: None Protocol: MFW/LSPV Diag Info: No Diagnostic 40 .

such as IP over ATM or IP over FR. TE is intended to avoid the latter situation where partial congestion may occur as the result of inefficient resource allocation. TE can make best utilization of network resources and avoid non-even load distribution by real-time monitoring traffic and traffic load on each network elements to dynamically tune traffic management attributes. Efficiently managing it is one major task of TE. maximization of throughput and enforcement of service level agreement (SLA). This allows traffic to bypass congested nodes to achieve appropriate load distribution. These are performance objectives that enhance Quality of Service (QoS) of traffic streams. Because IGPs are topology-driven and consider only network connectivity. 41 . such as minimization of packet loss. • Resource oriented. MPLS TE combines the MPLS technology and traffic engineering. minimization of delay. you can use interior gateway protocols (IGPs) or Multiprotocol Label Switching (MPLS). To implement TE. Bandwidth is a crucial resource on networks. Despite all the benefits. It delivers these benefits: • Reserve resources by establishing LSP tunnels to specific destinations. This IGP disadvantage can be repaired by using an overlay model. MPLS is better than IGPs in implementing traffic engineering for the following reasons: • MPLS supports explicit LSP routing. It also provides better traffic and resources control support for implementing a variety of traffic engineering policies. These are performance objectives that optimize resources utilization. overlay models are not suitable for implementing traffic engineering in large-sized backbones because of their inadequacy in extensibility. The performance objectives associated with TE can be either of the following: • Traffic oriented. routing parameters and resources constraints. An overlay model provides a virtual topology above the physical network topology for a more scalable network design. In this sense. • LSP routing is easy to manage and maintain compared with traditional packet-by-packet IP forwarding.MPLS TE configuration MPLS TE overview Traffic engineering and MPLS TE Let us get familiar with traffic engineering (TE) before going on to MPLS-TE. they fail to present some dynamic factors such as bandwidth and traffic characteristics. Network congestion is one of the major problems that can degrade your network backbone performance. It may occur either when network resources are inadequate or when load distribution is unbalanced. • Constraint-based Routed Label Distribution Protocol (CR-LDP) is suitable for implementing a variety of traffic engineering policies. MPLS TE is a better traffic engineering solution for its extensibility and ease of implementation. • MPLS TE uses less system resources compared with other traffic engineering implementations.

Calculating paths Link state-based routing protocols use Shortest Path First (SPF) to calculate the shortest path to each network node. • Dynamic CR-LSP processing to handle three types of CR-LSPs: basic CR-LSPs. and forwarding packets. Basic concepts of MPLS TE LSP tunnel On an LSP. Special offline tools are also available for the traffic analysis performed when the number of LSPs is large. while dynamic CR-LSP processing involves four phrases: advertising TE attributes. • In case an LSP tunnel fails or congestion occurs on a network node. A set of such LSP tunnels is called a traffic engineered tunnel (TE tunnel). Each node collects the TE attributes of all links on all routers within the local area or at the same level to build up a TE database (TEDB). OSPF and IS-IS extensions add to link states such TE attributes as link bandwidth. backup CR-LSPs and fast rerouted CR-LSPs. The bandwidth of a static CR-LSP must be configured manually. color. the packets are forwarded based on label. With MPLS TE. In MPLS TE. • TEDB 42 . color. This is achieved by extending link state-based IGPs such as OSPF and IS-IS. the Constraint-based Shortest Path First (CSPF) algorithm is used to calculate the shortest. among which maximum reservable link bandwidth and non-reserved bandwidth with a particular priority are most important. Advertising TE attributes MPLS TE must be aware of dynamic TE attributes of each link on the network. an LSP can be regarded as a tunnel. a network administrator can eliminate network congestion simply by creating some LSPs and congestion bypass nodes. setup/holding priority. establishing paths. MPLS TE can provide route backup and Fast Reroute (FRR). In this sense. MPLS TE implementation MPLS TE mainly accomplishes the following functions: • Static Constraint-based Routed LSP (CR-LSP) processing to create and remove static CR-LSPs. explicit path and other constraints. The traffic thus is transparent to the transits nodes on the LSP.• When network resources are insufficient. They are configured at the LSP ingress. MPLS TE tunnel Reroute and transmission over multiple paths may involve multiple LSP tunnels. calculating paths. It is derived from SPF and makes calculation based on two conditions: • Constraints on the LSP to be set up with respect to bandwidth. TE compliant path to a node. Static CR-LSP processing is simple. MPLS TE allows bandwidth-hungry LSPs or critical user traffic to occupy the bandwidth for lower priority LSP tunnels. after packets are labeled at the ingress node.

They are different in that CR-LDP establishes LSPs using TCP while RSVP-TE using raw IP. If a route with sufficient resources cannot be found. The mechanism setting up and managing constraints is called Constraint-based Routing (CR).CSPF first prunes TE attribute incompliant links from the TEDB and then performs SPF calculation to identify the shortest path to an LSP egress. CR-LSP involves these concepts: • Strict and loose explicit routes • Traffic characteristics • Preemption • Route pinning • Administrative group and affinity attribute • Reoptimization Strict and loose explicit routes An LSP is called a strict explicit route if all LSRs along the LSP are specified. setup priority and holding priority. Both CR-LDP and RSVP-TE are supported on your router. selected path. you may use two types of signaling: CR-LDP and RSVP-TE. RSVP is a well-established technology in terms of its architecture. Two priorities. and color and deliver the same function. The peak and committed rates describe the bandwidth constraints of a path while the service granularity specifies a constraint on the delay variation that the CR-LDP MPLS domain may introduce to a path's traffic. existing paths may be rerouted to reallocate resources to the new path. some explicit route information. while CR-LDP is an emerging technology with better scalability. Both setup and holding priorities range from 0 to 7. CR-LSPs are established based on criteria such as bandwidth. and QoS parameters in addition to routing information. Traffic characteristics Traffic is described in terms of peak rate. Forwarding packets Packets are forwarded over established tunnels. CR-LSP Unlike ordinary LSPs established based on routing information. 43 . are assigned to paths for making preemption decision. This is called path preemption. with a lower numerical number indicating a higher priority. and service granularity. protocol procedures and support to services. Preemption CR-LDP signals the resources required by a path on each hop of the route. An LSP is called a loose explicit route if the downstream LSR selection conditions rather than LSRs are defined. Both can carry constraints such as LSP bandwidth. Establishing paths When setting up LSP tunnels. committed rate.

Resource Reservation Protocol (RSVP) is designed for IntServ. may change when the route changes. CR-LDP appends some constraints in the label request message. You may configure it to meet desired QoS. The receiver initiates resource reservation requests and is responsible for maintaining the reservation information. Together with the link administrative group. Administrative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use. The following are features of RSVP: • Unidirectional • Receiver oriented. They can do this manually but CR-LSP measurement and tuning are required. a new CR-LSP will be established to replace the old one. It reserves resources on each node along a path. the Resv message of RSVP-TE is sent. it decides which links the MPLS TE tunnel can use. and services will be switched to the new CR-LSP. If a network does not run IGP TE extension. To avoid flapping caused by improper preemptions between CR-LSPs. It is used in MPLS TE to create an explicit path with resource reservation between the ingress node and the egress node. In this case. the setup priority of a CR-LSP should not be set higher than its holding priority. Alternatively.For a new path to preempt an existing path. Route pinning Route pinning prevents an established CR-LSP from changing upon route changes. Normally. When initiating an LSP at the ingress. The CR-LSP thus established however. It is an Internet control protocol similar to ICMP. RSVP operates at the transport layer but does not participate in data transmission. RSVP-TE Overview Currently. Reoptimization Traffic engineering is a process of allocating/reallocating network resources. the network administrator can set up the CR-LSP using route underpinning to make it a permanent path. the network administrator will be unable to identify from which part of the network the required bandwidth should be obtained when setting up a CR-LSP. when a better next hop becomes available. they can use MPLS TE where CR-LSPs are dynamically optimized. service providers use some mechanism to optimize CR-LSPs for best use of network resources. the setup priority of the new path must be greater than the holding priority of the existing path. CR-LDP Constraint-based Routed Label Distribution Protocol (CR-LDP) is an extension to LDP. two QoS models are available: Integrated Service (IntServ) and Differentiated Service (DiffServ). Dynamic CR-LSP optimization involves periodic calculation of paths that traffic trunks should traverse. loose explicit route (ER-hop) with required resources is used. To initiate a preemption. for example. 44 . If this is undesirable. If a better route is found for an existing CR-LSP.

Extended RSVP can support MPLS label distribution and allow resource reservation information to be transmitted with label bindings. Shared-explicit style (SE) where resources are reserved for senders on the same session and shared among them. CT. priority. Basic concepts of RSVP-TE 1. Resource reservation style Each LSP set up using RSVP-TE is assigned a resource reservation style. Figure 15 Diagram for make-before-break 45 . the router will delete the MPLS TE tunnel and then re-establish it. This extended RSVP is called RSVP-TE. the receiver decides which reservation style can be used for this session and thus which LSPs can be used. and the reservation state is generated and refreshed by the Resv message. NOTE: If you change key attributes of an MPLS TE tunnel. The path state is generated and refreshed by the Path message. Two reservation styles are available: Fixed-filter style (FF) where resources are reserved for individual senders and cannot be shared among senders on the same session. which is operating as a signaling protocol for LSP tunnel setup in MPLS TE. 2. Make-before-break Make-before-break is a mechanism to change MPLS TE tunnel attributes with minimum data loss and without extra bandwidth. such as tunnel destination. NOTE: SE is only used for make-before-break because multiple LSPs cannot be present on the same session. and protocol type. A state is to be removed if no refresh messages are received for it in certain interval. Soft state Soft state is a mechanism used in RSVP-TE to periodically refresh the resource reservation state on a node. the make-before-break mechanism does not take effect.• Using soft state mechanism to maintain resource reservation information. The resource reservation state includes the path state and the reservation state. In this process. During an RSVP session.

The TE extension to RSVP adds new objects to the Path message and the Resv message. • New objects added to the Path message include LABEL_REQUEST. • New objects added to the Resv message include LABEL and RECORD_ROUTE The LABEL_REQUEST object in the Path message requests the label bindings for an LSP. The remaining bandwidth is then 30 Mbps. The following are RSVP messages: • Path messages—Transmitted along the path of data transmission downstream by each RSVP sender to save path state information on each node along the path. • ResvTear messages—Sent upstream immediately once created to remove the reservation state on each node along the path. They do not affect the state of the nodes along the path. This helps avoid traffic interruption effectively. It allows the new path to share the bandwidth of the original path at the Router C → Router D link. and SESSION_ATTRIBUTE. the remaining bandwidth of the Router A → Router B → Router C → Router D path will be inadequate. thus accomplishing label advertisement and transmission. Setting up an LSP tunnel Figure 16 shows how to set up a LSP tunnel with RSVP: 46 . because the bandwidth of the Router C → Router D link is inadequate. It is also saved in the path state block. • Hello messages—Sent between any two directly connected RSVP neighbors to set up and maintain the neighbor relationship that has local significance on the link. The problem cannot be addressed by selecting another path. To address the problem. Router A → Router E → Router C → Router D. • ResvErr messages—Sent downstream to notify the downstream nodes that error occurs during Resv message processing or reservation error occurs as the result of preemption. traffic is switched to the new path and the previous path is torn down. supporting CR-LSP and FRR. • PathTear messages—Sent downstream immediately once created to remove the path state and related reservation state on each node along the path. you may use the make-before-break mechanism. The node receiving LABEL_REQUEST advertises the label binding using the LABEL object in the Resv message to the upstream node. • ResvConf messages—Sent to receivers to confirm Resv messages. If 40 Mbps path bandwidth is requested. • PathErr messages—Sent upstream to report Path message processing errors to senders.Figure 15 presents a scenario where a path Router A → Router B → Router C → Router D is established with 30 Mbps reserved bandwidth between Router A and Router D. Upon creation of the new path. Resv messages—Sent by each receiver upstream towards senders to request resource reservation and to create and maintain reservation state on each node along the reverse of data transmission path. These objects carry not only label bindings but also routing constraints. EXPLICIT_ROUTE. RSVP-TE messages RSVP-TE uses RSVP messages with extensions. RECORD_ROUTE.

services transmitted on the LSP are guaranteed. The Message_ID extension mechanism defined in RFC 2961 adds objects that can be carried in RSVP messages.Figure 16 Set up an LSP tunnel The following is a simplified procedure for setting up an LSP tunnel with RSVP: 1. the interface resends the message at an exponentially increased retransmission interval equivalent to (1 + Delta) × Rf seconds. If no ACK is received before the initial retransmission interval (Rf seconds for example) expires. When many RSVP sessions are present. In addition. and then forwards the message along the path calculated by CSPF hop-by-hop towards the egress LSR. RSB. After receiving this Path message. LSP is established. After the interface sends an RSVP message. As resources are reserved on the LSRs along the path for the LSP established using RSVP-TE. When the ingress LSR receives the Resv message. PSB. 47 . it waits for acknowledgement. thus improving transmission reliability. To use summary refresh. After receiving the Path message. RSVP refresh mechanism RSVP maintains path and reservation state by periodically retransmitting two types of messages: Path and Resv. the refreshing delay they must wait for recovering lost RSVP messages may be unbearable. The LSRs that the Resv message traverses along the path reserve resources as required. Message_ID extension RSVP itself uses Raw IP to send messages. 2. the interface resends the message. for some delay sensitive applications. As tuning refresh intervals is not adequate to address the two problems. 2. Of them. you must use the Message_ID extension. After that. the sender sends a Path message with a LABEL_REQUEST object. the refreshing mechanism was extended in RFC 2961 RSVP Refresh Overhead Reduction Extensions as follows to address the problems: 1. Summary refresh extension Send summary refreshes (Srefreshes) rather than retransmit standard Path or Resv messages to refresh related RSVP state. you may configure RSVP message retransmission. This reduces refresh traffic and allows nodes to make faster processing. They are sent along the path that the last Path or Resv message travels to synchronize state between RSVP neighbors and recover lost RSVP messages. periodically sent refresh messages become a network burden. 3. The ingress LSR sends a Path message that carries the label request information. These periodically retransmitted Path and Resv messages are called refresh messages. On an interface enabled with the Message_ID mechanism. the Message_ID object and the Message_ID_ACK object are used to acknowledge RSVP messages. Only states advertised using MESSAGE_ID included Path and Resv messages can be refreshed using summary refreshes. the receiver assigns a label for the path and puts the label binding in the LABEL object in the returned Resv message. the egress generates a Resv message carrying the reservation information and label and then forwards the message towards the ingress along the reverse direction of the path along which the Path message travels. and BSB timeouts To create an LSP tunnel.

the router can act as a GR restarter and a GR helper at the same time. all RSVP soft state information and forwarding entries relevant to the neighbor will be removed. A device that participates in an RSVP-TE GR process plays either of the following two roles: • GR restarter. When a GR restarter is rebooting. Traffic forwarding Even when an MPLS TE tunnel is available. A GR-capable device advertises its GR capability and relevant time parameters to its neighbors by extended RSVP hello packets. Otherwise. If a GR helper and the GR restarter reestablish a Hello session before the restart timer expires. soft state information and forwarding entries that are not restored during the GR restarting process will be removed. the router that gracefully restarts due to a manually configured command or a fault. RSVP-TE GR RSVP-TE Graceful Restart (GR) preserves the soft state and label forwarding information when the signaling protocol or control plane fails. When the number of non-refreshing times exceeds the blockade multiplier. This however should not prevent the resources reserved for the request from being used by other requests.The LABEL_REQUEST object is stored in the path state block (PSB) on the upstream nodes. It must be GR-capable. policy-based routing. the recovery timer is started and signaling packet exchanging is triggered to restore the original soft state. The state stored in the PSB or RSB object times out and is removed after the number of consecutive non-refreshing times exceeds the PSB or RSB timeout keep-multiplier. A GR helper considers that a GR restarter is rebooting when it receives no Hello packets from the restarter in a specific period of time. NOTE: If configured with RSVP-TE GR. A GR helper maintains the neighbor relationship with the GR restarter and helps the GR restarter restore its LFIB information. you can use static routing. To handle this situation. allowing data to be forwarded without interruption when the GR restarter is rebooting. neighbor of the GR restarter. For traffic to be routed along an MPLS TE tunnel. You may sometimes want to store the resource reservation state for a reservation request that does not pass the admission control on some node. You only need to manually create a route that reaches the destination through the tunnel interface. If the recovery timer expires. Static routing Static routing is the easiest way to route traffic along an MPLS TE tunnel. or automatic route advertisement. A GR helper must be GR-capable. ensuring continuous data transmission. while the LABEL object is stored in the reservation state block (RSB) on the downstream nodes. If a device and all its neighbors have the RSVP GR capability and have exchanged GR parameters. • GR helper. 48 . the state in the BSB is removed. the node transits to the blockade state and a blockade state block (BSB) is created on each downstream node. The RSVP-TE GR function depends on the extended hello capability of RSVP-TE. so that LSRs can still forward packets according to forwarding entries. each of them can function as the GR helper of another device. the GR helpers retain soft state information about the GR restarter and keep sending Hello packets periodically to the GR restarter until the restart timer expires. traffic is still IP routed if you do not configure it to travel the tunnel.

a TE tunnel is present between Router D and Router C. With IGP shortcut enabled. routes with TE tunnel interfaces as outgoing interfaces are advertised to neighboring routers but not in the IGP shortcut approach.NOTE: For more information about static routing. Therefore. In this approach. allowing traffic to be routed down MPLS TE tunnels. see Layer 3—IP Routing Configuration Guide. IGP shortcut and forwarding adjacency are different in that in the forwarding adjacency approach. Two approaches are available to automatic route advertisement: IGP shortcut and forwarding adjacency. 49 . NOTE: For more information about policy-based routing. This policy should be applied to the incoming interface. This tunnel. therefore. the ingress node Router D can use this tunnel when calculating IGP routes. Router A cannot use this tunnel to reach Router C. TE tunnels are visible to other routers in the forwarding adjacency approach but not in the IGP shortcut approach. however. Automatic route advertisement You can use automatic route advertisement to advertise MPLS TE tunnel interface routes to IGPs. With forwarding adjacency enabled. Router A can known the presence of the TE tunnel and thus forward traffic to Router C to Router D though this tunnel. Figure 17 IGP shortcut and forwarding adjacency As shown in Figure 17. OSPF and IS-IS support both approaches where TE tunnels are considered point-to-point links and TE tunnel interfaces can be set as outgoing interfaces. considers a TE tunnel as a logical interface directly connected to the destination when computing IGP routes on the ingress of the TE tunnel. see Layer 3—IP Routing Configuration Guide. is invisible to Router A. you need to create a policy that specifies the MPLS TE tunnel interface as the output interface for traffic that matches certain criteria defined in the referenced ACL. IGP shortcut. Policy-based routing You can also use policy-based routing to route traffic over an MPLS TE tunnel. also known as autoroute announce.

This is how LSP path protection is achieved. When the link fails. consider the following: • The tunnel destination address should be in the same area where the tunnel interface is located. Once a link or node on an LSP configured with FRR fails. traffic is switched to the bypass LSP. Protection FRR provides link protection and node protection for an LSP as follows: • Link protection. the primary LSP is Router A → Router B → Router C → Router D. it switches traffic to the secondary LSP and after the primary LSP becomes available. When making tunnel configuration on a TE tunnel interface. where the PLR and the MP are connected through a direct link and the primary LSP traverses this link. Two approaches are available for CR-LSP backup: • Hot backup where a secondary CR-LSP is created immediately after a primary CR-LSP is created. This can happen as fast as 50 milliseconds thus minimizing data loss. It must be located on the primary LSP but must not be the egress. once a link or node fails on a path. 50 .The configuration of IGP shortcut and forwarding adjacency is broken down into tunnel configuration and IGP configuration. FRR comes up to reroute the path to a new link or node to bypass the failed link or node. In this approach. CR-LSP backup CR-LSP backup provides end-to-end path protection for the entire LSP without time limitation. • Standard backup where a secondary CR-LSP is created to take over after the primary CR-LSP fails. • Merge point (MP)—The egress of the bypass LSP. switches traffic back. FRR Overview Fast Reroute (FRR) provides a quick per-link or per-node protection on an LSP. As shown in Figure 18. • Point of local repair (PLR)—The ingress of the bypass LSP. It must be located on the primary LSP but must not be the ingress. • Bypass LSP—An LSP used to protect the primary LSP. • The tunnel destination address should be reachable through intra-area routing. traffic is switched to the protection link and the headend of the LSP starts attempting to set up a new LSP. MPLS TE switches traffic to the secondary CR-LSP after the primary CR-LSP fails. This is different from Fast Reroute (FRR) which provides quick but temporary per-link or per-node protection on an LSP. When the ingress of a TE tunnel detects that the primary LSP is unavailable. and the bypass LSP is Router B → Router F → Router C. the LSP used to back up a primary LSP is called a secondary LSP. Basic concepts The following are concepts that FRR involves throughout this document: • Primary LSP—The protected LSP. In the same TE tunnel.

greatly improving the reliability of the network. that is. it will switch data to the protection tunnel. When the main tunnel recovers. one protection tunnel is used to service one main tunnel. the router supports only 1:1 protection switching. user data travels along the main tunnel. When the router fails. data is switched to a protection tunnel immediately. Command switching refers to a PS triggered by an externally configured switching command. 51 . and the bypass LSP is Router B → Router F→ Router D. As shown in Figure 19. use FRR for crucial interfaces or links only. data can be switched back to the main tunnel. where the PLR and the MP are connected through a router and the primary LSP traverses this router. PS for an MPLS TE tunnel Protection switching (PS) refers to establishing one or more protection tunnels (backup tunnels) for a main tunnel. If the ingress finds a defect of the main tunnel by using a probing mechanism. make sure the protected link or node is not on the bypass LSP. Figure 19 FRR node protection Deploying FRR When configuring the bypass LSP. 1. When the main tunnel fails. Router C is the protected router. Protection switching may be command triggered or signal triggered. Normally. At present. one main and one backup. which can define the following switching actions (in the descending order of priority): clear—Clears all configured switching actions. the primary LSP is Router A → Router B → Router C → Router D → Router E. there are two tunnels. When network bandwidth is insufficient.Figure 18 FRR link protection • Node protection. FRR requires extra bandwidth. Between the ingress and egress. A main tunnel and its protection tunnels form a protection group. Because bypass LSPs are pre-established. lock (lockout of protection)—Always uses the main LSP to transfer data. traffic is switched to the bypass LSP.

DiffServ-aware TE (DS-TE) combines them to optimize network resources allocation at a per-service class level. manual (manual switch)—Switches data from the main LSP to the backup LSP or vice versa. The router supports the following DS-TE modes: • Prestandard mode—Implemented by using H3C proprietary mechanisms • IETF mode—Implemented according to RFC 4124. and RFC 4127. DS-TE allocates link bandwidth. • Bandwidth Constraint (BC): Restricts the bandwidth for one or more class types. The setup priority or holding priority of an LSP transporting a traffic trunk from that CT must be the preemption priority for the CT. in the descending order: Clear Lockout of protection Forced switch Signal fail Manual switch DiffServ-aware TE Overview Diff-Serv is a model that provides differentiated QoS guarantees based on class of service. the maximum number of Bandwidth Constraints (MaxBC) and the mappings between BCs and CTs. In practice. making each traffic trunk traverse the constraints-compliant path. Examples include a PS that occurs during BFD detection for MPLS-TE tunnels. Basic concepts • Class Type (CT): A set of traffic trunks crossing a link that is governed by a specific set of bandwidth constraints. MPLS TE is a traffic engineering solution that focuses on optimizing network resources allocation.force (forced switch)—Forces data to travel on the backup LSP. this means varied bandwidth constraints. For traffic trunks which are distinguished by class of service. what DS-TE does is to map traffic trunks with LSPs. A given traffic trunk belongs to the same CT on all links. a switching command takes effect only when its priority is higher than that of a signal fail declaration. DS-TE supports two BC models. A BC model comprises two factors. • Bandwidth constraints model: Algorithm for implementing bandwidth constraints on different CTs. and performs admission control for a traffic trunk according to the traffic trunk’s CT. Russian Dolls Model (RDM) and Maximum Allocation Model (MAM). implements constraint-based routing. Signal switching (Signal Fail) refers to a PS automatically triggered by a signal fail declaration. The following shows the priority of the externally configured switching actions and the signal fail switching. RFC 4125. 52 . • TE class: A pair consisting of a CT and a preemption priority for the CT. 2. Essentially.

In cooperation with priority preemption. eight priorities. and up to 16 TE classes. The router determines whether there is enough bandwidth to establish an MPLS TE tunnel for a traffic trunk according to the traffic trunk’s CT and the tunnel interface’s BCs. eight priorities. a BC constrains the total bandwidth of multiple CTs. BC 0 is for CT 2. The IETF mode supports four CTs (CT 0 through CT 3). Determine the CT of traffic flows. RDM is suitable for networks where traffic is unstable and traffic bursts may occur. and CT 0 cannot exceed BC 0. When configuring a dynamic MPLS TE tunnel. • The prestandard mode is proprietary. Compared with RDM. the RDM model can also implement the isolation across CTs. Working process To establish MPLS TE tunnels according to CTs of traffic trunks. The total bandwidth of the traffic of CT 2 cannot exceed BC 2. you can use the mpls te bandwidth command on the tunnel interface to specify a CT for the traffic flows to be forwarded by the tunnel. In this model. as shown in Figure 20: BC 2 is for CT 2. 2. Figure 21 shows an example: 53 . and up to eight TE classes. MAM is suitable for networks where traffic of each CT is stable. MAM is easy to understand and configure. CT 1. The total bandwidth of the traffic of CT 2. This ensures isolation across CTs no matter whether preemption is used or not. BC 0 equals the maximum reservable bandwidth of the tunnel.NOTE: • The prestandard mode supports two CTs (CT 0 and CT 1). A router classifies traffic flows according to your configuration. CT 1. When configuring a static MPLS TE tunnel. Figure 20 RDM bandwidth constraints model In MAM model. ensuring each CT its share of bandwidth. BC 1 is for CT 2 and CT 1. You can use the mpls te max-reservable-bandwidth command on an MPLS TE tunnel interface to configure the bandwidth constraints of the tunnel interface. you can use the bandwidth keyword to specify a CT for the traffic flows to be forwarded along the tunnel. and therefore a device working in prestandard mode cannot communicate with devices of some other vendors. a BC constrains the bandwidth of only one CT on an interface. The relation between BCs and CTs varies in different BC models: In RDM model. A device working in IETF mode can communicate with devices of other vendors. Check whether there is enough bandwidth available for the CT. and CT 0. The IETF mode is a standard mode implemented according to relative RFCs. a router needs to: 1. The total bandwidth of the traffic of CT 2 and CT 1 cannot exceed BC 1.

Every node along the tunnel has a TE class that matches the traffic trunk’s CT and the LSP holding priority. Check whether the traffic trunk matches an existing TE class. while the IETF mode allows for TE class configuration. The bandwidth occupied by the traffic of CT 0 cannot exceed BC 0. CT 1. Figure 21 MAM bandwidth constraints model 3. and CT 2 cannot exceed the maximum reservable bandwidth. MPLS LDP over MPLS TE Figure 22 Establish an LDP LSP across the network core layer 54 . The bandwidth occupied by the traffic of CT 2 cannot exceed BC 2.BC 0 is for CT 0. The router checks whether the CT and the LSP setup/holding priority of the traffic trunk matches an existing TE class. NOTE: The prestandard mode does not allow you to configure TE classes. The bandwidth occupied by the traffic of CT 1 cannot exceed BC 1. The total bandwidth occupied by CT 0. BC 2 is for CT 2. BC 1 is for CT 1. An MPLS TE tunnel can be established for the traffic trunk only when the following conditions are satisfied: Every node along the tunnel has a TE class that matches the traffic trunk’s CT and the LSP setup priority.

To enable LDP to advertise prefix-based labels through a remote session. Requirements for Traffic Engineering Over MPLS • RFC 3212. Constraint-Based LSP Setup using LDP • RFC 2205. when setting up an LDP LSP across the core layer. LDP does not advertise any prefix-based label mapping message through a remote session. label bindings can be exchanged and an LDP LSP can be established between the MPLS TE tunnel headend and tailend. MPLS TE is usually deployed only in the core layer.1720. To set up an LDP LSP tunnel across the core layer. RSVP-TE: Extensions to RSVP for LSP Tunnels • RFC 2961. in layered networks. see MPLS Command Reference. Protocols and standards • RFC 2702. To simplify the configuration. Then. you need to configure the prefix-label advertise command. when using the MPLS TE tunnel to establish the LDP LSP. RSVP Refresh Overhead Reduction Extensions • RFC 3564. Requirements for Support of Differentiated Service-aware MPLS Traffic Engineering • ITU-T Recommendation Y. For more information about the prefix-label advertise command. Resource ReSerVation Protocol • RFC 3209. a hierarchical LSP is formed. All you have to do is to establish a remote session between the headend and tailend of the MPLS TE tunnel. In this way.As the figure shows. you can use the MPLS TE tunnel that is already established in the core layer. you need to establish a local LDP session between each pair of neighboring LSRs in the core layer. Figure 23 Configure an LDP LSP over an MPLS TE LSP NOTE: By default. Protection switching for MPLS networks MPLS TE configuration task list Complete the following tasks to configure MPLS TE: 55 . As shown in Figure 23. and MPLS networks in the distribution layer usually use LDP as the label distribution signaling. you do not need to establish local LDP sessions between neighboring LSRs in the core layer. The LDP LSP is carried on the MPLS TE tunnel.

Configuration prerequisites Before the configuration. Enable global MPLS TE. see MPLS Configuration Guide. Configuration procedure To configure MPLS TE basic capabilities: Step Command Remarks 1. do the following: • Configure static routing or IGPs to make sure all LSRs are reachable. mpls N/A 3. Enter system view. NOTE: For configuration information about MPLS basic capability.Task Remarks Configuring MPLS TE basic capabilities Required Configuring DiffServ-aware TE Optional Configuring an MPLS TE tunnel Creating MPLS TE tunnel over static CR-LSP Required Configuring MPLS TE tunnel with dynamic signaling protocol Use either approach Configuring RSVP-TE advanced features Optional Tuning CR-LSP setup Optional Tuning MPLS TE tunnel setup Optional Forwarding traffic along MPLS TE tunnels using static routes Configuring traffic forwarding Forwarding traffic along MPLS TE tunnels through automatic route advertisement Required Use either approach Configuring traffic forwarding tuning parameters Optional Configuring CR-LSP backup Optional Configuring FRR Optional Inspecting an MPLS TE tunnel Optional Configuring protection switching Optional Configuring MPLS TE basic capabilities MPLS TE basic capabilities are essential to MPLS TE feature configurations. • Configure MPLS basic capabilities. you need to make other configurations in order to use MPLS TE depending on the actual requirements. mpls te Disabled by default 56 . Enter MPLS view. After configuring the basic capabilities. system-view N/A 2.

Table 1 Default TE class mappings in IETF mode TE Class CT Priority 0 0 7 57 . Create a tunnel interface and enter its view. the TE class mappings in IETF mode are shown as Table 1. Submit the current tunnel configuration. mpls te ds-te ietf bc-mode mam By default. ip address ip-address netmask Optional 10. Configure the tunnel ID of the tunnel. tunnel-protocol mpls te N/A 11. Set the tunnel protocol to MPLS TE. Configure the BC model of IETF DS-TE as MAM. mpls N/A 3. Return to system view. 5. Enter MPLS view. interface interface-type interface-number N/A 6. quit –– 8. Optional. Optional. Enable interface MPLS TE. interface tunnel tunnel-number N/A 9. the DS-TE mode is prestandard. Enter the interface view of an MPLS TE link. mpls te commit N/A NOTE: For more information about tunnel interfaces. By default.Step Command Remarks 4. mpls te tunnel-id tunnel-id N/A 13. system-view N/A 2. the TE class-CT-priority association. mpls te Disabled by default 7. quit N/A 5. Configure the TE class mapping in IETF DS-TE mode. Return to system view. Configuring DiffServ-aware TE To configure DS-TE: Step Command Remarks 1. destination ip-address N/A 12. that is. Configure the destination address of the tunnel. mpls te ds-te mode ietf 4. Enter system view. mpls te ds-te ietf te-class te-class-index class-type class-type-number priority pri-number Optional. Configure the DS-TE mode as IETF. the BC model of IETF DS-TE is RDM. see Layer 3—IP Services Configuration Guide. By default. Assign an IP address to the tunnel interface.

system-view N/A 2.TE Class CT Priority 1 1 7 2 2 7 3 3 7 4 0 0 5 1 0 6 2 0 7 3 0 Creating MPLS TE tunnel over static CR-LSP Creating MPLS TE tunnels over static CR-LSPs does not involve configuration of tunnel constraints or the issue of IGP TE extension or CSPF. quit N/A 58 . interface tunnel tunnel-number N/A 3. Enter system view. do the following: • Configure static routing or an IGP protocol to make sure that all LSRs are reachable. Enter the interface view of an MPLS TE tunnel. mpls te commit N/A 5. Submit the current tunnel configuration. They share the same constraints and use the same label space. • Configure MPLS basic capabilities. mpls te signal-protocol static N/A 4. Configuration prerequisites Before making the configuration. Despite its ease of configuration. Configuration procedure To create an MPLS TE tunnel over a CR-LSP: Step Command Remarks 1. the application of MPLS TE tunnels over static CR-LSPs is restricted because they cannot dynamically adapt to network changes. Static CR-LSPs are special static LSPs. What you need to do is to create a static CR-LSP and a TE tunnel using static signaling and then associate them. Exit to system view. Configure the tunnel to use static CR-LSP. • Configure MPLS TE basic capabilities.

• Establish the path by using the signaling protocol RSVP-TE or CR-LDP. 59 . Otherwise. and other advanced features.Step Command Remarks • At the ingress: static-cr-lsp ingress tunnel-name destination dest-addr { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label-value [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] • On the transit node: 6. • Configure tunnel constraints. FRR. • The next hop address cannot be a local public address when configuring the static CR-LSP on the ingress or a transit node. • At the egress: static-cr-lsp egress tunnel-name incoming-interface interface-type interface-number in-label in-label-value [ lsrid ingress-lsr-id tunnel-id tunnel-id ] [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] NOTE: • The tunnel-name argument specifies the name of the MPLS TE tunnel carried over the static CR-LSP. • Use the CSPF algorithm to calculate a preferred path based on the TEDB and tunnel constraints. This restriction however does not apply to transit and egress nodes. • The tunnel-name argument in the static-cr-lsp ingress command is case-sensitive. your tunnel establishment attempt will fail. The following describes how to create an MPLS TE tunnel with a dynamic signaling protocol: • Configure MPLS TE properties for links and advertise them through IGP TE extension to form a TEDB. Configuring MPLS TE tunnel with dynamic signaling protocol Dynamic signaling protocol can adapt the path of a TE tunnel to network changes and implement redundancy. Create a static CR-LSP on your router depending on its location in the network. static-cr-lsp transit tunnel-name incoming-interface interface-type interface-number in-label in-label-value { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label-value [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] Use any of the commands depending on the location of your router in the network. you must input its name in the form of Tunnel2. To specify it for the tunnel-name in the static-cr-lsp ingress command. Suppose you create a tunnel interface with the interface tunnel 2 command.

Use either approach.NOTE: To form a TEDB. system-view N/A 2. Configuring MPLS TE tunnel constraints Optional. the CR-LSP is created based on IGP routing rather than computed by CSPF. do the following: • Configure static routing or an IGP protocol to make sure that all LSRs are reachable. • Configure MPLS basic capabilities. RSVP-TE is used for establishing an MPLS TE tunnel. . Enter interface view of MPLS TE link. Configuring an MPLS TE explicit path Optional. you must configure the IGP TE extension for the nodes on the network to send TE LSAs. interface interface-type interface-number N/A 3. mpls te max-link-bandwidth bandwidth-value 60 Optional. Establishing an MPLS TE tunnel with RSVP-TE By default. Configuring CSPF Optional. Configuring OSPF TE Required when CSPF is configured. If the IGP TE extension is not configured. Establishing an MPLS TE tunnel with CR-LDP Optional. • Configure MPLS TE basic capabilities. Configuration procedure Complete the following tasks to configure an MPLS TE tunnel using a dynamic signaling protocol: Task Remarks Configuring MPLS TE properties for a link Optional. Configuring IS-IS TE Choose one depending on the IGP protocol used. Configuring MPLS TE properties for a link To configure MPLS TE properties for a link: Step Command Remarks 1. Enter system view. 0 by default. Configuration prerequisites Before making the configuration. Configure maximum link bandwidth.

at least one neighbor must be in full state. mpls-te enable Disabled by default 61 . Enable the opaque LSA capability. mpls N/A 3. you need to enable the opaque capability of OSPF. 6. system-view N/A 2. 5. Enter OSPF view. Configure the BCs of the MPLS TE link in the RDM model of the IETF DS-TE. area area-id N/A 5. 4. Before configuring OSPF TE. Configuring CSPF To configure CSPF: Step 1. In RDM model. Enter system view. mpls te cspf Disabled by default Configuring OSPF TE Configure OSPF TE if the routing protocol is OSPF and a dynamic signaling protocol is used for MPLS TE tunnel setup. In addition. Enter OSPF area view. opaque-capability enable Disabled by default 4. Enter system view. Enter MPLS view. system-view N/A 2. Enable MPLS TE in the OSPF area. and BC 0 through BC 3 are all 0. Configure BC 0 and BC 1 of the MPLS TE link in the RDM model of the prestandard DS-TE. mpls te max-reservable-bandwidth mam bandwidth-value { bc0 bc0-bandwidth | bc1 bc1-bandwidth | bc2 bc2-bandwidth | bc3 bc3-bandwidth } * Optional. 0 for BC 0 through BC 3 by default In RDM model. BC 0 is the maximum reservable bandwidth of a link. mpls te max-reservable-bandwidth bandwidth-value [ bc1 bc1-bandwidth ] Configure maximum reservable bandwidth and BCs of the MPLS TE link in the MAM model of the IETF DS-TE. for TE LSAs to be generated. BC 0 is the maximum reservable bandwidth of a link. Enable CSPF on your router. To configure OSPF TE: Step Command Remarks 1. the maximum bandwidth.Step Command Remarks Optional. By default. mpls te max-reservable-bandwidth rdm bandwidth-value [ bc1 bc1-bandwidth ] [ bc2 bc2-bandwidth ] [ bc3 bc3-bandwidth ] Command Remarks 0 for both BC 0 and BC 1 by default. Optional. The OSPF TE extension uses Opaque Type 10 LSAs to carry TE attributes of links. ospf [ process-id ] N/A 3.

. 4. Configuring IS-IS TE Configure IS-IS TE if the routing protocol is IS-IS and a dynamic signaling protocol is used for MPLS TE tunnel setup. isis [ process-id ] –– 3. including 27 octets of LSP header and two octets of TLV header. the bw-constraint parameter is carried in sub-TLV 252. you need to configure the IS-IS wide metric style.Step 6. Enable IS-IS TE. Enter system view. and the unreserved-bw-sub-pool parameter in sub-TLV 251. cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] } By default. system-view –– 2. Return to OSPF view. Enter IS-IS view. The IS-IS TE extension uses the sub-TLV of IS reachability TLV (type 22) to carry TE attributes. IS-IS uses narrow metric style. CAUTION: • According to RFC 3784. When TE is configured. the length of the IS reachability TLV (type 22) may reach the maximum of 255 octets in some cases. • For an IS-IS LSP to carry this type of TLV and to be flooded normally on all interfaces with IS-IS enabled. which can be wide. or wide-compatible. cannot be less than 284 octets. Command Remarks quit N/A NOTE: • For more information about OSPF opaque LSA. MPLS TE cannot establish an LSP tunnel through an OSPF virtual link. compatible. Configure the TLV type of the sub-TLV carrying DS-TE parameters. traffic-eng [ level-1 | level-2 | level-1-2 ] Disabled by default. In case both OSPF TE and IS-IS TE are available. To configure IS-IS TE: Step Command Remarks 1. the minimum MTU needs to be recalculated according to the packet structure. 5. Make sure no virtual links exist in the OSPF routing domain when configuring OSPF TE. Configure the wide metric attribute of IS-IS. If an LSP must also carry the authentication information. see Layer 3—IP Routing Configuration Guide. the lo-multiplier parameter in sub-TLV 253. H3C recommends that you set the MTU of any interface with IS-IS enabled be equal to or greater than 512 octets to guarantee that IS-IS LSPs can be flooded on the network. the MTU of any IS-IS enabled interface. Before configuring IS-IS TE. OSPF TE takes priority. te-set-subtlv { bw-constraint value | lo-multiplier value | unreserved-bw-sub-pool value } 62 By default. • MPLS TE cannot reserve resources and distribute labels on OSPF virtual links. Optional.

IS-IS TE advertises only the primary IP address of the interface through the sub-TLV of IS reachability TLV (type 22). the include keyword and the strict keyword apply. Specify a next hop IP address on the explicit path. Enter system view. the explicit path traverses the specified node and the next node is a strict node. Repeat this step to define a sequential set of the hops that the explicit path traverses. Display information about the specified or all nodes on the explicit path. see Layer 3—IP Routing Configuration Guide. The relationship between any two neighboring nodes on an explicit path can be either of the following: • Strict: where the two nodes are directly connected. Modify the IP address of current node on the explicit path. 7. add hop ip-address1 [ include [ loose | strict ] | exclude ] { after | before } ip-address2 next hop ip-address [ include [ loose | strict ] | exclude ] By default. • IS-IS TE does not support secondary IP address advertisement. When inserting nodes to an explicit path or modifying nodes on it. 5. delete hop ip-address Optional. H3C does not recommend enabling IS-IS TE on an interface configured with secondary IP addresses. the include keyword and the strict keyword apply. list hop [ ip-address ] Optional. • Loose: where the two nodes have routers in between. In other words. 63 . In other words. 4. Optional. 3. the explicit path traverses the specified node and the next node is a strict node. Remove a node from the explicit path. 6. explicit-path path-name [ disable | enable ] N/A Optional. With IS-IS TE enabled on an interface configured with multiple IP addresses. you may configure the include keyword to have the established LSP traverse the specified nodes or the exclude keyword to have the established LSP bypass the specified nodes. Configuring an MPLS TE explicit path An explicit path is a set of nodes. system-view N/A 2. To configure an MPLS TE explicit path: Step Command Remarks 1. modify hop ip-address1 ip-address2 [ [ include [ loose | strict ] | exclude ] By default. Add a node to the explicit path.NOTE: • For more information about IS-IS. The next hop is a strict node by default. Create an explicit path for MPLS TE tunneling and enter its view.

Enter MPLS view. Enter MPLS TE tunnel interface view. mpls te signal-protocol crldp RSVP-TE applies by default. Enter system view. interface tunnel tunnel-number N/A 3. Specify a path for the tunnel to use and set the preference of the path. Configuring MPLS TE tunnel constraints To configure MPLS TE tunnel constraints: Step Command Remarks 1. NOTE: When establishing an MPLS TE tunnel with CR-LDP. Establishing an MPLS TE tunnel with RSVP-TE To establish an MPLS TE tunnel with RSVP-TE: Step Command Remarks 1. and specify a CT for the tunnel’s traffic. Set the signaling protocol for setting up MPLS TE tunnels to CR-LDP. interface tunnel tunnel-number N/A 3. and make sure that the ABR or ASBR is reachable. mpls N/A 64 . Optional. Submit current tunnel configuration. Assign bandwidth to the MPLS TE tunnel.NOTE: When establishing an MPLS TE tunnel between areas or Autonomous Systems (ASs). mpls te path { dynamic | explicit-path pathname } preference value Optional. Enter MPLS TE tunnel interface view. mpls te commit N/A 5. specify the area border router (ABR) or autonomous system boundary router (ASBR) as the next hop of the route. no bandwidth is assigned and traffic of the tunnel belongs to CT 0. you must use a loose explicit route. system-view N/A 2. you cannot use the mpls te bandwidth command to configure bandwidth for the tunnel. Enter system view. Establishing an MPLS TE tunnel with CR-LDP To establish an MPLS TE tunnel with CR-LDP: Step Command Remarks 1. system-view N/A 2. mpls te bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth By default. By default. Enter system view. system-view N/A 2. a tunnel uses the dynamically calculated path. 4. Submit current tunnel configuration. mpls te commit N/A 4.

you must enable both MPLS TE and RSVP-TE on the interfaces for the tunnel to use. mpls rsvp-te Disabled by default.Step Command Remarks 3. Enable RSVP-TE on your router. Enable RSVP-TE on the interface. RSVP-TE applies by default. and other advanced features of MPLS TE. • Shared-explicit style (SE) where resources are reserved for senders on the same session and shared among them. interface interface-type interface-number N/A 6. Enter interface view of MPLS TE link. quit N/A 5. Set the signaling protocol for setting up the MPLS TE tunnel to RSVP-TE. Before performing the configuration tasks in this section. 7. mpls rsvp-te Disabled by default. N/A CAUTION: To use RSVP-TE as the signaling protocol for setting up the MPLS TE tunnel. two reservation styles are available: • Fixed-filter style (FF) where resources are reserved for individual senders and cannot be shared among senders on the same session. mpls te commit 9. Currently. 65 . Optional. mpls te signal-protocol rsvp-te Submit current tunnel configuration. be aware of each configuration objective and its impact on your network. Configuration prerequisites Before configuring RSVP-TE advanced features. RSVP-TE provides many configurable options with respect to reliability. the receiver decides which reservation style can be used for this session and thus which LSPs can be used. 4. Exit to system view. During an RSVP session. Configuring RSVP-TE advanced features RSVP-TE adds new objects in Path and Resv messages to support CR-LSP setup. interface tunnel tunnel-number N/A 8. do the following: • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Establish an MPLS TE tunnel with RSVP-TE Configuration procedure Configuring RSVP reservation style Each LSP set up using RSVP-TE is assigned a resource reservation style. network resources. Enter MPLS TE tunnel interface view.

To configure RSVP reservation style: Step Command Remarks 1. mpls N/A 3. The default blockade timeout multiplier is 4. After you enable RSVP message acknowledgement on an interface. Optional. 4. Optional. the SE style is mainly used for make-before-break. mpls rsvp-te keep-multiplier number Configure the blockade timeout multiplier. Enter MPLS view. The Message_ID extension mechanism is also referred to as the reliability mechanism throughout this document. while the FF style is rarely used. Enter MPLS TE tunnel interface view. you may enable retransmission. Configuring the RSVP refreshing mechanism To enhance reliability of RSVP message transmission. To use summary refresh (Srefresh). Only states advertised using MESSAGE_ID included Path and Resv messages can be refreshed using summary refreshes. Submit current tunnel configuration. Configuring RSVP state timers To configure RSVP state timers: Step Command Remarks 1. interface interface-type interface-number N/A 66 . mpls rsvp-te blockade-multiplier number 4. To configure RSVP refreshing mechanism: Step Command Remarks 1. system-view N/A 2. 5. the Message_ID extension mechanism is used to acknowledge RSVP messages. you must use the Message_ID extension. interface tunnel tunnel-number N/A 3. NOTE: In current MPLS TE applications. Enter system view. The default path/reservation state refresh interval is 30 seconds. Optional. Enter interface view of MPLS TE link. mpls rsvp-te timer refresh timevalue Configure the keep multiplier for PSB and RSB. Enter system view. The default is 3. Configure the resources reservation style for the tunnel. mpls te resv-style { ff | se } The default resource reservation style is SE. system-view N/A 2. Configure the path/reservation state refresh interval of the node. Enter system view. mpls te commit N/A Optional. system-view N/A 2.

Exit to system view. By default. Enter system view. mpls N/A 3. The default is 3 seconds. Configure the maximum number of consecutive hellos that should be lost before the link is considered failed. Enable summary refresh. system-view N/A 2. quit N/A 7. Enable retransmission. Configure the hello interval. mpls N/A 3. Enable global RSVP hello extension.. Enter system view. Optional. Enter MPLS view. mpls rsvp-te hello-lost times 5. Enable the reliability mechanism of RSVP-TE. It is defined in RFC 3209. mpls rsvp-te hello Disabled by default.Step Command Remarks 3. 4. mpls rsvp-te hello Disabled by default. Configuring RSVP-TE resource reservation confirmation To configure RSVP-TE resource reservation confirmation: Step Command Remarks 1. interface interface-type interface-number N/A 8. Enter MPLS view. Enter interface view of MPLS TE link. Enable resource reservation confirmation. mpls rsvp-te timer hello timevalue 6. mpls rsvp-te timer retransmission { increment-value [ increment-value ] | retransmit-value [ retrans-timer-value ] } * Optional 5. mpls rsvp-te srefresh Disabled by default Optional Disabled by default Configuring the RSVP hello extension To configure the RSVP hello extension: Step Command Remarks 1. the link is considered failed if three consecutive hellos are lost. mpls rsvp-te resvconfirm Disabled by default 67 . NOTE: RSVP hello extension detects the reachability of RSVP neighboring nodes. Optional. mpls rsvp-te reliability Optional 4. system-view N/A 2. Enable interface RSVP hello extension.

mpls N/A 3. mpls rsvp-te graceful-restart Disabled by default 5. It only indicates that resources are reserved on the farthest upstream node where the Resv message arrived and the resources can be preempted. To configure RSVP-TE GR on each router to act as the GR restarter or a GR helper: Step Command Remarks 1. 68 120 seconds by default 300 seconds by default . Be sure to enable the extended hello capability of RSVP-TE before configuring RSVP-TE GR. • Receiving the ResvConf message does not mean resource reservation is established. To configure RSVP authentication: Step Command 1. system-view 2. It requires that the interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages. Enable global RSVP hello extension. Enter system view. Enter interface view of MPLS TE link. Enable RSVP hello extension for the interface. Configuring RSVP-TE GR The RSVP-TE GR function depends on the extended hello capability of RSVP-TE. mpls rsvp-te timer graceful-restart recovery recovery-time Optional 7. Enable RSVP authentication. which sends the Resv message with an object requesting reservation confirmation. Enter interface view of MPLS TE link. interface interface-type interface-number N/A 8. mpls rsvp-te authentication { cipher | plain } auth-key NOTE: FRR and RSVP authentication cannot run at the same time. mpls rsvp-te timer graceful-restart restart restart-time Optional Set the RSVP-TE GR recovery timer. Enter MPLS view.NOTE: • Reservation confirmation is initiated by the receiver. mpls rsvp-te hello Disabled by default 6. Set the RSVP-TE GR restart timer. system-view N/A 2. Enter system view. Enable MPLS RSVP-TE GR. mpls rsvp-te hello Disabled by default 4. Configuring RSVP authentication RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources. interface interface-type interface-number 3.

They must be used in conjunction with CSPF and the dynamic signal protocol (CR-LDP or RSVP-TE). Enter system view. MPLS TE itself cannot detect a link failure in time. ensuring that data can be switched from the main path to the backup path. . only one of them is selected. be aware of each configuration objective and its impact on your system. you can enable Bidirectional Forwarding Detection (BFD) for RSVP-TE on the two peers of an RSVP-TE tunnel. in the descending order of selection priority. If multiple paths are present with the same metric.Configuring Cooperation of RSVP-TE and BFD On an MPLS TE network. To configure the CSPF tie-breaking method: Step Command Remarks 1. interface interface-type tunnel-number N/A 3. To configure BFD for an RSVP-TE-enabled interface: Step Command Remarks 1. Configuration procedure Configuring the tie breaker in CSPF CSPF only calculates the shortest path to the end of a tunnel. MPLS TE can affect CSPF calculation in many ways to determine the path that a CR-LSP can traverse. Configuration prerequisites The configuration tasks described in this section are about CSPF of MPLS TE. mpls te tie-breaking { least-fill | most-fill | random } 69 Optional. Enter the view of an MPLS RSVP-TE enabled interface. The random keyword applies by default. and selecting a path randomly. To address this issue. mpls rsvp-te bfd enable Disabled by default Tuning CR-LSP setup A CR-LSP is established through the signaling protocol based on the path calculated by CSPF using TEDB and constraints. system-view N/A 2. Specify the tie breaker that a tunnel uses to select a path when multiple paths with the same metric are present on the current node. MPLS TE can be quickly aware of link failures between the peers. Enter MPLS view. include: selecting a path with the lowest bandwidth usage ratio (the used bandwidth to the maximum reservable link bandwidth). the corresponding MPLS TE tunnel will fail to forward packets. system-view N/A 2. Then. Enter system view. mpls N/A 3. if a link between neighboring LSRs fails. Enable BFD on the RSVP-TE enabled interface. selecting a path with the highest bandwidth usage ratio (the used bandwidth to the maximum reserved link bandwidth). Before performing them. Tie-breaking methods.

For a link to be used by the tunnel. Optional. at least one considered affinity bit and its corresponding administrative group bit must be set to 1. Suppose the affinity of an MPLS TE tunnel is 0xFFFFFFFF and the mask is 0x0000FFFF. but at least one of the rest bits must be 1. system-view N/A 2. If no tie breaker is specified in tunnel interface view. mpls te tie-breaking { least-fill | most-fill | random } By default. it decides which links the MPLS TE tunnel can use. The affinity of an MPLS TE tunnel is configured at the first node on the tunnel and then signaled to the rest nodes through CR-LDP or RSVP-TE. 5. the tunnel uses the tie breaker specified in MPLS view to select a path. interface tunnel tunnel-number N/A 3.Step Command Remarks interface tunnel tunnel-number N/A 4. Enable route pinning. 70 . Submit current tunnel configuration. Enter MPLS TE tunnel interface view. correctly configure their respective administrative groups and affinities. Enter MPLS TE tunnel interface view. The affinity bits corresponding to the 1s in the mask are “do care” bits which must be considered while those corresponding to the 0s in the mask are “don’t care” bits. To ensure the successful establishment of a tunnel between two devices of different vendors. Specify the tie breaker for the current tunnel to select a path when multiple paths with the same metric are present. Together with the link administrative group. Configuring route pinning Route pinning cannot be used together with reoptimization or automatic bandwidth adjustment. For a link to be used by a TE tunnel. This is done by ANDing the 32-bit affinity attribute with the 32-bit link administrative group attribute. NOTE: • A tunnel prefers the tie breaker specified in the tunnel interface view. NOTE: The associations between administrative groups and affinities may vary by vendor. mpls te commit N/A Configuring administrative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use. a 32-bit mask is used. Enter system view. • The IETF DS-TE mode supports only random path selection. When doing that. mpls te commit N/A 6. the leftmost 16 bits of its administrative group attribute can be 0s or 1s. mpls te route-pinning Disabled by default 4. Submit current tunnel configuration. a tunnel has no specific tie breaker specified and uses the tie breaker specified in MPLS view. To configure route pinning: Step Command Remarks 1.

7. mpls te reoptimization Optional Tuning MPLS TE tunnel setup This section only covers the configuration tasks for tuning MPLS TE tunnel setup. Enable reoptimization for the MPLS TE tunnel. interface tunnel tunnel-number N/A 6. 71 . mpls te link administrative group value Optional. quit N/A 5. and the default mask is 0x00000000. Submit current tunnel configuration. Enter system view. Perform reoptimization on all MPLS TE tunnels with reoptimization enabled. Enter MPLS TE tunnel interface view. 4. Assign the link to a link administrative group. mpls te reoptimization [ frequency seconds ] Disabled by default 4. Exit to system view. system-view N/A 2. Optional. mpls te commit N/A The default is 0x00000000. If a better route is found for an existing CR-LSP.To configure the administrative group and affinity attribute: Step Command Remarks 1. mpls te affinity property properties [ mask mask-value ] The default affinity attribute is 0x00000000. Enter system view. mpls te commit N/A 5. Submit current tunnel configuration. Enter MPLS TE tunnel interface view. a new CR-LSP will be established to replace the old one. interface tunnel tunnel-number N/A 3. Configure the affinity attribute of the MPLS TE tunnel. To configure CR-LSP reoptimization: Step Command Remarks 1. Exit to user view. Enter interface view of MPLS TE link. return N/A 6. system-view N/A 2. interface interface-type interface-number N/A 3. Configuring CR-LSP reoptimization Dynamic CR-LSP optimization involves periodic calculation of paths that traffic trunks should traverse. and services will be switched to the new CR-LSP.

Enter MPLS TE tunnel interface view. be aware of each configuration objective and its impact on your system. Submit current tunnel configuration. system-view N/A 2. interface tunnel tunnel-number N/A 3. Configuring route and label recording To configure route and label recording: Step Command Remarks 1. 4. Enable the system to record routes or label bindings when setting up the tunnel. • To record routes and label Both route recording and label binding recording are disabled by default. Enter MPLS TE tunnel interface view. Enable the system to perform loop detection when setting up a tunnel. To configure tunnel setup retry: 72 . interface tunnel tunnel-number N/A 3. Configuring tunnel setup retry You may configure the system to attempt setting up a tunnel multiple times until it is established successfully or until the number of attempts reaches the upper limit. Before performing them. system-view N/A 2. • To record routes: mpls te record-route Use either command. mpls te loop-detection Disabled by default Submit current tunnel configuration. Enter system view. mpls te commit N/A 4.Configuration prerequisites The configurations described in this section need to be used together with the dynamic signaling protocol CR-LDP or RSVP-TE. Enter system view. Configuration procedures Configuring loop detection To configure loop detection: Step Command Remarks 1. mpls te commit Record routes and label bindings bindings: mpls te record-route label NOTE: The mpls te record-route label command is not supported when the signaling protocol is CR-LDP.

mpls te commit Configuring traffic forwarding Configuration prerequisites Before configuring traffic forwarding. N/A Assigning priorities to a tunnel Two priorities. mpls te commit 4. To avoid flapping caused by improper preemptions between CR-LSPs. the setup priority of the new path must be greater than the holding priority of the existing path. Enter system view. system-view N/A 2. system-view N/A 2. Enter MPLS TE tunnel interface view. Enter system view. Optional. interface tunnel tunnel-number N/A 3. 5. For a new path to preempt an existing path.Step Command Remarks 1. Configure maximum number of tunnel setup retries. Enter MPLS TE tunnel interface view. The default setup and holding priorities are 7. complete the following tasks: • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Configure MPLS TE tunnels Configuration procedures Forwarding traffic along MPLS TE tunnels using static routes To create static routes for routing traffic along an MPLS TE tunnel: 73 Optional. Optional. To assign priorities to a tunnel: Step Command Remarks 1. The default is 10. setup priority and holding priority. mpls te priority setup-priority [ hold-priority ] 4. mpls te timer retry seconds Submit current tunnel configuration. N/A . The default is 2 seconds. mpls te retry times Configure the tunnel setup retry interval. are assigned to paths for MPLS TE to make preemption decision. the setup priority of a CR-LSP should not be set higher than its holding priority. Assign priorities to the tunnel. Submit current tunnel configuration. interface tunnel tunnel-number N/A 3.

If it is relative. the metric is directly used for path calculation. system-view N/A 2. are available to automatic route advertisement to advertise MPLS TE tunnel interface routes to IGPs. enable OSPF or ISIS on the MPLS TE tunnel interface. either absolute or relative. the preference value must be set. Command Enter system view. you must specify the destination address of the TE tunnel as the LSR ID of the peer and advertise the tunnel interface address to IGPs. such as OSPF and ISIS. Enter system view. 1. IGP shortcut and forwarding adjacency. see Layer 3—IP Routing Command Reference. Configure IGP shortcut To configure IGP shortcut: Step Command Remarks 1. to TE tunnels for the purpose of path calculation in either approach. 2. If it is absolute.Step 1. Before configuring automatic route advertisement. Enter MPLS TE tunnel interface view. In addition. system-view Create a static route for forwarding traffic along an MPLS TE tunnel. • For more information about the static routing configuration command. the configuration applies to both OSPF and ISIS by default. the cost of the corresponding IGP path must be added to the metric before it can be used for path calculation. • To use automatic route advertisement. allowing traffic to be routed down MPLS TE tunnels. You may assign a metric. If no IGP type is specified. Two approaches. interface tunnel tunnel-number N/A 3. mpls te igp shortcut [ isis | ospf ] 74 MPLS TE tunnels are not considered in the enhanced SPF calculation of IGP. . ip route-static dest-address { mask | mask-length } { next-hop-address [ track track-entry-number ] | interface-type interface-number next-hop-address [ bfd { control-packet | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] NOTE: • The interface-type argument in the ip route-static command must be tunnel. Forwarding traffic along MPLS TE tunnels through automatic route advertisement NOTE: • Automatic route advertisement is supported when the IGP is OSPF or ISIS. Configure the IGP to take the MPLS TE tunnels in up state into account when performing enhanced SPF calculation.

mpls te igp metric { absolute | relative } value The metrics of TE tunnels equal the metrics of their corresponding IGP routes by default. 75 . 4.. Exit to system view. Assign a metric to the MPLS TE tunnel. quit N/A 7. 2. mpls te igp metric { absolute | relative } value The metrics of TE tunnels equal the metrics of their corresponding IGP routes by default. To configure forwarding adjacency: Step Command Remarks 1. mpls te igp advertise [ hold-time value ] Routes of MPLS TE tunnels are not advertised to IGP neighbors by default. mpls te commit N/A 6. system-view N/A 2. Enable the IGP shortcut function. Optional. Configuring traffic forwarding tuning parameters In MPLS TE. you may configure traffic forwarding tuning parameters such as the failed link timer and flooding thresholds to change paths that IP or MPLS traffic flows traverse or to define type of traffic that may travel down a TE tunnel. 4. 5. ospf [ process-id ] N/A 8. mpls te commit N/A 6. you must specify the destination address of the TE tunnel as the LSR ID of the peer and advertise the tunnel interface address to OSPF or ISIS. Exit to system view. Assign a metric to the MPLS TE tunnel. interface tunnel tunnel-number N/A 3. enable traffic-adjustment Disabled by default. Submit current tunnel configuration. Submit current tunnel configuration. enable traffic-adjustment advertise Disabled by default. create a bi-directional MPLS TE tunnel and enable forwarding adjacency at both ends of the tunnel.Step Command Remarks Optional. Enter system view. Enter MPLS TE tunnel interface view. Configure forwarding adjacency To make forwarding adjacency take effect. Enable forwarding adjacency. ospf [ process-id ] N/A 8. NOTE: If you use automatic route advertisement. 5. quit N/A 7. Enter OSPF view. Enter OSPF view. Enable IGP to advertise the route of the MPLS TE tunnel to IGP neighbors.

Enter MPLS view. Configuring flooding thresholds After the bandwidth of links regulated by MPLS TE changes. If IGP does not remove or modify the link before the timer expires. system-view N/A 2. To configure failed link timer: Step Command Remarks 1. mpls N/A 76 . the change is flooded. CSPF will update information about the link in TEDB and stops the timer. Configure the CSPF failed link timer. Both up and down flooding thresholds are 10 by default. To reduce recalculations and flood only significant changes. When the percentage of available-bandwidth decrease to the maximum reservable bandwidth exceeds the threshold. The default is 10 seconds. Configuration procedure Configuring the failed link timer A CSPF failed link timer starts once a link goes down. This tends to be resource consuming as recalculation involves IGP flooding. CSPF may need to recalculate paths. you may configure the following two IGP flooding thresholds in percentages: • Up threshold. To configure flooding thresholds: Step Command Remarks 1. Configure the up/down thresholds for IGP to flood bandwidth changes. If IGP removes or modifies the link before the timer expires. Specifying the link metric type for tunnel path calculation To specify the metric type for tunnel path calculation: Step Command Remarks 1. the state of the link in TEDB will change to up. Enter MPLS view. Enter MPLS TE tunnel interface view. mpls N/A 3. system-view N/A 2. • Down threshold. interface interface-type interface-number N/A 3. Enter system view. When the percentage of available-bandwidth increase to the maximum reservable bandwidth exceeds the threshold. system-view N/A 2. mpls te bandwidth change thresholds { down | up } percent Optional. Enter system view. the change is flooded. Enter system view. mpls te cspf timer failed-link timer-interval Optional.Configuration prerequisites The configurations described in this section are used in conjunction with CSPF and the dynamic signaling protocol CR-LDP or RSVP-TE.

4. no specific link metric type is specified for the tunnel interface and the one specified in MPLS view is used. Submit current tunnel configuration. system-view N/A 2. quit N/A 9. Enter MPLS TE tunnel interface view. the metric type specified in MPLS view takes effect. Configure the traffic flow type of the TE tunnel. Configuring the traffic flow type of a tunnel To configure the traffic flow type of a tunnel: Step Command Remarks 1. mpls te path metric-type { igp | te } 7. interface interface-type interface-number N/A 3.Step Command Remarks Specify the metric type to use when no metric type is explicitly configured for a tunnel. quit N/A 5. Optional. Enter interface view of MPLS TE link. mpls te metric value If no TE metric is assigned to the link. 8. 77 . Enter MPLS TE tunnel interface view. IGP metric is used as the TE metric by default. NOTE: If you do not configure the mpls te path metric-type command in MPLS TE tunnel interface view. mpls te commit Optional. Assign a TE metric to the link. interface tunnel tunnel-number N/A 3. Enter system view. mpls te commit N/A Traffic flow types of TE tunnels are not restricted by default. mpls te path metric-type { igp | te } TE metrics of links are used by default. Specify the metric type to use for path calculation of the current tunnel. By default. Submit current tunnel configuration. 4. Optional. interface tunnel tunnel-number N/A 6. 10. mpls te vpn-binding { acl acl-number | vpn-instance vpn-instance-name } Optional. Optional. Return to system view. Configuring CR-LSP backup CR-LSP backup provides end-to-end path protection to protect the entire LSP. Exit to system view.

bypass tunnels only forward data traffic when protected primary tunnels fail. Enter MPLS TE tunnel interface view. A bypass tunnel cannot be used for services like VPN at the same time. To guarantee that a primary LSP can always bind with the bypass LSP successfully. Fast Reroute (FRR) provides quick but temporary per-link or per-node local protection on an LSP. interface tunnel tunnel-number N/A 3. Configuring FRR NOTE: The FRR feature is not supported when the signaling protocol is CR-LDP. Normally. The bandwidth of a bypass LSP is to protect its primary LSPs. Submit current tunnel configuration. and whether a bypass LSP provides bandwidth protection as well as the sum of protected bandwidth.Configuration prerequisites Before you configure CR-LSP backup. they require extra bandwidth and are usually used to protect crucial interfaces or links only. The system routes the primary LSP and backup LSP automatically. Configure the backup mode used by the TE tunnel. You can define which type of LSP can use bypass LSPs. system-view N/A 2. mpls te commit N/A NOTE: CR-LSP backup should be configured at the ingress node of a tunnel. make sure that the bandwidth assigned to the bypass LSP is not less than the total bandwidth needed by all protected LSPs. 78 . complete the following tasks: • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Configure MPLS TE tunnels Configuration procedure To configure CR-LSP backup: Step Command Remarks 1. mpls te backup { hot-standby | ordinary } Tunnel backup is disabled by default. 4. You do not need to configure them. As mentioned earlier. To allow a bypass tunnel to forward data traffic while protecting the primary tunnel. As bypass tunnels are pre-established. Enter system view of the ingress node. FRR uses bypass tunnels to protect primary tunnels. you need to make sure that bypass tunnels are available with adequate bandwidth.

interface tunnel tunnel-number N/A 3. a bypass LSP cannot act as a primary LSP to be protected by another LSP at the same time. Enter system view. Enable FRR. To configure a bypass tunnel on its PLR: Step Command Remarks 1.Configuration prerequisites Before you configure FRR. Enter tunnel interface view of the primary LSP. Enter interface view of the bypass tunnel. When specifying a bypass tunnel for an interface. The best-fit algorithm is used to determine which of them should be used in case failure occurs. However. Enter system view. Submit current tunnel configuration. mpls te fast-reroute Disabled by default 4. complete the following tasks: • Configure IGP. its corresponding LSP becomes a bypass LSP. The configuration of a bypass LSP is similar to that of a common LSP. That is. Up to three bypass tunnels can be specified for a protected interface. make sure that: • The bypass tunnel is up. interface tunnel tunnel-number N/A 79 . a bypass LSP cannot be configured with FRR. ensuring that all LSRs are reachable • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Establish an MPLS TE tunnel with RSVP-TE • Set up primary LSPs Configuration procedure Enabling FRR on the headend of a primary LSP To enable FRR on the headend of a primary LSP: Step Command Remarks 1. system-view N/A 2. Your router has restriction on links that use the same bypass tunnel so that their total bandwidth does not exceeds a specific value. The setup of a bypass LSP must be manually performed on the PLR. • The protected interface is not the outgoing interface of the bypass tunnel. mpls te commit N/A Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface. system-view N/A 2.

80 . This can defeat your attempts to binding a primary LSP to a bypass tunnel. Therefore. • For link protection. you need to perform the tasks in this section on the PLR and the protected node. Enter the view of the interface directly connected to the protected node or PLR. mpls te backup bandwidth { bandwidth | { ct0 | ct1 | ct2 | ct3 } { bandwidth | un-limited } } Bandwidth is not protected by default. Configuring node protection To use FRR for node protection. quit N/A 7. Enter MPLS view. mpls te fast-reroute bypass-tunnel tunnel tunnel-number N/A 8. you must configure the bandwidth that it is intended to protect with the mpls te backup bandwidth command. Enable RSVP hello extension on current node. Enter system view. system-view N/A 2. mpls rsvp-te hello Disabled by default 4.Step Command Remarks • For node protection. interface interface-type interface-number N/A Bind the bypass tunnel with the protected interface. when configuring a bypass tunnel. interface interface-type interface-number N/A Enable RSVP hello extension on the interface. skip this section. Enter interface view of the outgoing interface of the protected LSP. this is the 3. NOTE: RSVP hello extension is configured to detect node failures caused by problems such as signaling error other than failures caused by link failures. Specify the destination address of the bypass tunnel. Exit to system view. CAUTION: Bypass tunnels do not protect bandwidth by default. mpls N/A 3. mpls rsvp-te hello Disabled by default 6. 4. this is the LSR ID of the next hop router of PLR. If you only need to protect links. Exit to system view. Configure the bandwidth and type of LSP that the bypass tunnel can protect. Submit current tunnel configuration. mpls te commit N/A 6. To configure node protection: Step Command Remarks 1. destination ip-address LSR ID of the next hop router of PLR. quit N/A 5. 5.

81 .Configuring the FRR polling timer The protection provided by FRR is temporary. To detect MPLS TE tunnel failures in time and locate the failed node. Enter system view of the PLR node. Configure the FRR polling timer. system-view N/A 2. You can also use MPLS LSP tracert to collect important information of each hop along the MPLS TE tunnel. Each node along the MPLS TE tunnel will return an MPLS echo reply to the ingress due to TTL timeout. Inspecting an MPLS TE tunnel On an MPLS TE network. when an MPLS TE tunnel fails. the control plane cannot detect the failure or cannot do so in time. The FRR polling timer is 300 seconds by default. such as the label allocated. traffic will be switched to the protected or new LSP. It sends MPLS echo requests to the nodes along the MPLS TE tunnel to be inspected. To check the connectivity of an MPLS TE tunnel: Task Command Use MPLS LSP ping to check the connectivity of an MPLS TE tunnel. ping lsp [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m wait-time | -r reply-mode | -s packet-size | -t time-out | -v ] * te interface-type interface-number Configuring MPLS LSP tracert MPLS LSP tracert can be used to locate errors of an MPLS TE tunnel. Once a protected LSP becomes available again or a new LSP is established. After this switchover. This brings difficulty to network maintenance. with the TTL increasing from 1 to a specific value. Thus. the ingress can collect the information of each hop along the MPLS TE tunnel. the PLR polls available bypass tunnels for the best one at the regular interval specified by the FRR polling timer: To configure the FRR polling timer: Step Command Remarks 1. so as to locate the failed node. Enter MPLS view. which then is forwarded along the MPLS TE tunnel to the egress. it adds the label for the MPLS TE tunnel to be inspected into an MPLS echo request. mpls N/A 3. At the ingress. mpls te timer fast-reroute [ second ] Optional. The ingress determines whether the MPLS TE tunnel is normal according to whether it can receive a reply from the egress. the router provides the following mechanisms: • MPLS LSP ping • MPLS LSP tracert • BFD for an MPLS TE tunnel • Periodic tracert of an MPLS TE tunnel Configuring MPLS LSP ping MPLS LSP ping can be used to check the connectivity of an MPLS TE tunnel.

Upon detecting an MPLS TE tunnel failure. mpls te failure-action teardown 82 Optional. Enter system view. Configure BFD to check the connectivity of the MPLS TE tunnel. Such a BFD session can detect the connectivity of a pair of MPLS TE tunnels in opposite directions (one from local to remote. the MPLS LSP ping will be run automatically to negotiate the discriminator values and then the BFD session will be established based on the negotiated discriminator values. and determine the status of the tunnel according to the BFD control packet received from the egress. • Static: If you specify the local and remote discriminator values by using the discriminator keyword when configuring the mpls te bfd enable command. and the other from remote to local) between two routers. mpls te bfd enable [ discriminator local local-id remote remote-id ] By default. mpls lspv By default. Not configured by default.To locate errors of an MPLS TE tunnel: Task Command Use MPLS LSP tracert to locate errors of an MPLS TE tunnel. Configure MPLS TE to tear down a failed RSVP TE tunnel and reestablish it. BFD can detect the failure. BFD is not configured to check connectivity of MPLS TE tunnels. • Dynamic: If you do not specify the local and remote discriminator values when configuring the mpls te bfd enable command. Return to system view. and the ingress will add the label for the tunnel into a BFD control packet. To configure BFD for an MPLS TE tunnel: Step Command Remarks 1. A BFD session for MPLS TE tunnel detection can be static or dynamic. quit N/A 4. the BFD session will be established with the specified discriminator values. Enter the tunnel interface view of an MPLS TE tunnel. . After you enable BFD and configure the mpls te failure-action teardown command for an MPLS TE tunnel. LSP verification is disabled. MPLS TE will remove the failed RSVP-TE tunnel and then re-establish it. forward the BFD control packet along the tunnel. interface tunnel tunnel-number N/A 5. Enable LSP verification and enter MPLS LSPV view. 6. tracert lsp [ -a source-ip | -exp exp-value | -h ttl-value | -r reply-mode |-t time-out ] * te interface-type interface-number Configuring BFD for an MPLS TE tunnel You can configure BFD for an MPLS TE tunnel to implement fast detection of the connectivity of the tunnel. a BFD session will be established between the ingress and egress of the tunnel. BFD triggers protection switching to switch traffic to another tunnel. and if RSVP does not re-establish the tunnel within a specific period of time. After you configure BFD for an MPLS TE tunnel. 3. once an RSVP-TE tunnel failure occurs. system-view N/A 2. Such a BFD session can detect the connectivity of a unidirectional (from the local router to the remote router) MPLS TE tunnel between two routers.

the periodic LSP tracert function can detect the failure. make sure that there is already an MPLS TE tunnel from the local router to the remote router and an MPLS TE tunnel from the remote router to the local router. The source address of the BFD session is the MPLS LSR ID. 3. The bfd session init-mode command does not take effect on the ingress and egress nodes of such a BFD session. to make sure that the BFD session will not be down during an FRR switching. once the periodical LSP tracert function detects a fault or inconsistency of the forwarding plane and control plane of the MPLS TE tunnel. see MPLS Command Reference. Return to system view. Configuring periodic LSP tracert for an MPLS TE tunnel The periodic LSP tracert function for an MPLS TE tunnel is for locating faults of the MPLS TE tunnel periodically. • In a BFD session for detecting an MPLS TE tunnel’s connectivity.NOTE: • For more information about the mpls lspv command. see High Availability Configuration Guide. • Before establishing a static BFD session. the BFD session for the tunnel will be deleted and a new BFD session will be established according to the control plane. mpls lspv By default. make sure that there is a route on the peer router to the MPLS LSR ID. system-view N/A 2. the ingress node always works in active mode and the egress node always works in passive mode. Therefore. For more information about BFD parameter configuration. Even if you configure the two nodes to both work in passive mode. To configure periodic LSP tracert for an MPLS TE tunnel: Step Command Remarks 1. Enable LSP verification and enter MPLS LSPV view. and if RSVP does not re-establish the RSVP-TE tunnel within a specific period of time. • If you enable both FRR and BFD for an MPLS TE tunnel. and you can also configure the BFD session parameters on the tunnel interface as needed. you cannot modify the discriminator values of the BFD session. quit N/A 4. MPLS TE will remove the failed RSVP-TE tunnel and then re-establish it. • You cannot establish both a static BFD session and a dynamic BFD session for the same MPLS TE tunnel. you need to give the BFD detection interval a greater value than the FRR detection interval. If you configure BFD as well as periodical tracert for an MPLS TE tunnel. interface tunnel tunnel-number N/A 83 . LSP verification is disabled. • The BFD session parameters are those configured on the MPLS TE tunnel interface. You can know whether an MPLS TE tunnel has failed by checking the logs. After you configure periodic LSP tracert and the mpls te failure-action teardown command for an MPLS TE tunnel. • After establishing a static BFD session for an MPLS TE tunnel. It detects the consistency of the forwarding and control plane and records detection results into logs. Enter the tunnel interface view of an MPLS TE tunnel. the BFD session will still be established successfully. once an RSVP-TE tunnel failure occurs. before configuring BFD to inspect an MPLS TE tunnel. Enter system view.

Before configuring a protection tunnel. Configuring protection switching Configuration prerequisites Before configuring protection switching. N/A Displaying and maintaining MPLS TE 84 . mpls te protection tunnel tunnel-id [ holdoff holdoff-time | mode { non-revertive | revertive [ wtr wtr-time ] } ] * N/A Configure an external protection switching action. By default. 5. Enter tunnel interface view. Enable periodic LSP tracert for the MPLS TE tunnel. Optional. mpls te commit 4. Configure a protection tunnel for the main tunnel. mpls te protect-switch { clear | force | lock | manual { protect-lsp | work-lsp } } Commit the current configuration of the tunnel. prepare the following data: • Interface number of the main tunnel in the protection group • ID of the protection tunnel in the protection group Configuration procedure To configure protection switching: Step Command Remarks 1. periodic LSP tracert is disabled for MPLS TE tunnels. NOTE: For more information about the mpls lspv command. interface tunnel tunnel-number N/A 3. no switching action is configured. Configure MPLS TE to tear down a failed RSVP TE tunnel and reestablish it. see MPLS Command Reference. do the following: • Configure MPLS basic capabilities • Enable MPLS TE and create an MPLS TE tunnel • Configure BFD for the MPLS TE tunnel. system-view N/A 2. mpls te periodic-tracert [ -a source-ip | -exp exp-value | -h ttl-value | -m wait-time | -t time-out | -u retry-attempt ] * 6.Step Command Remarks By default. 5. mpls te failure-action teardown Optional. Enter system view. Not configured by default.

display mpls rsvp-te peer [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about RSVP requests. display mpls rsvp-te rsb-content ingress-lsr-id Ispid tunnel-id egress-lsr-id nexthop-address [ | { begin | exclude | include } regular-expression ] Available in any view Display information about RSVP sender messages. display mpls rsvp-te request [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about RSVP resource reservation.Task Command Remarks Display information about explicit paths. display mpls te link-administration bandwidth-allocation [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view 85 . display explicit-path [ pathname ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about static CR-LSPs. display mpls te link-administration admission-control [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the bandwidth allocated to the specified or all MPLS TE-enabled interfaces. display mpls rsvp-te established [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display RSVP-TE neighbors. display mpls rsvp-te sender [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display statistics about RSVP-TE. display mpls rsvp-te psb-content ingress-lsr-id lspid tunnel-id egress-lsr-id [ | { begin | include | exclude } regular-expression ] Available in any view Display information about RSVP-TE RSB. display mpls static-cr-lsp [ lsp-name lsp-name ] [ { include | exclude } ip-address prefix-length ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display RSVP-TE configuration. display mpls rsvp-te [ interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] ] Available in any view Display the RSVP-TE tunnel information. display mpls rsvp-te statistics { global | interface [ interface-type interface-number ] } [ | { begin | exclude | include } regular-expression ] Available in any view Display criteria-compliant information about CSPF-based TEDB. display mpls rsvp-te reservation [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about RSVP-TE PSB. display mpls te cspf tedb { all | area area-id | interface ip-address | network-lsa | node [ mpls-lsr-id ] } [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the CR-LSPs carried on the specified or all links.

display mpls te tunnel path [ lsp-id lsr-id lsp-id | tunnel-name tunnel-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display statistics about MPLS TE tunnels. display isis traffic-eng link [ [ level-1 | level-1-2 | level-2 ] | verbose ] * [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about TE networks for IS-IS. display isis traffic-eng advertisements [ [ level-1 | level-1-2 | level-2 ] | [ lsp-id lsp-id | local ] ] * [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about TE links for IS-IS. display isis traffic-eng sub-tlvs [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about tunnels. display ospf [ process-id ] mpls-te [ area area-id ] [ self-originated ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the latest TE information advertised by IS-IS TE. display mpls lsp bfd [ te tunnel tunnel-number ] [ | { begin | exclude | include } regular-expression ] Available in any view 86 . display mpls te tunnel statistics [ | { begin | exclude | include } regular-expression ] Available in any view Display information about MPLS TE tunnel interfaces. display tunnel-info { tunnel-id | all | statistics } [ | { begin | exclude | include } regular-expression ] Available in any view Display the BFD information for an MPLS TE tunnel. display mpls te tunnel-interface tunnel number [ | { begin | exclude | include } regular-expression ] Available in any view Display the information of the specified or all OSPF processes about traffic tuning. display isis traffic-eng network [ level-1 | level-1-2 | level-2 ] [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display statistics about TE for IS-IS. display ospf [ process-id ] traffic-adjustment [ | { begin | exclude | include } regular-expression ] Available in any view Display information about OSPF TE. display mpls te tunnel [ destination dest-addr ] [ lsp-id lsr-id lsp-id ] [ lsr-role { all | egress | ingress | remote | transit } ] [ name name ] [ { incoming-interface | outgoing-interface | interface } interface-type interface-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the path attributes of MPLS TE tunnels on this node. display isis traffic-eng statistics [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about sub-TLVs for the IS-IS TE extension.Task Command Remarks Display information about MPLS TE tunnels..

reset mpls rsvp-te statistics { global | interface [ interface-type interface-number ] Available in user view MPLS TE configuration examples MPLS TE using static CR-LSP configuration example Network requirements Router A.0000.0000. Enable IS-IS to advertise host routes with LSR IDs as destinations # Configure Router A. Router B. Figure 24 Network diagram Configuration procedure 1. display mpls te ds-te [ | { begin | exclude | include } regular-expression ] Available in any view Clear the statistics about RSVP-TE. Establish a TE tunnel using a static CR-LSP between Router A and Router C. display mpls te protection tunnel { tunnel-id | all } [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about DS-TE.Task Command Remarks Display information about the specified tunnels and their protection tunnels.0005. Assign IP addresses and masks to interfaces (see Figure 24).00 [RouterA-isis-1] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] isis enable 1 [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface loopback 0 87 . (Details not shown) 2. and Router C run IS-IS. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0001.

1.0/24 ISIS 15 20 2.0. Routes : 8 Destination/Mask Proto Cost NextHop Interface 1.1.[RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] quit # Configure Router B.00 [RouterB-isis-1] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] isis enable 1 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] isis enable 1 [RouterB-GigabitEthernet3/1/2] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] quit # Configure Router C.1.1.1.0000.2 GE3/1/1 3.0.0002.0.1. <RouterB> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 00.2.1/32 Direct 0 0 127.0/8 Direct 0 0 127.1 GE3/1/1 2.2/32 ISIS 15 10 2.0.2 GE3/1/1 127. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.0.1. Take Router A for example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 8 3.00 [RouterC-isis-1] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] isis enable 1 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit Perform the display ip routing-table command on each router.1.1 InLoop0 Configure MPLS TE basic capabilities # Configure Router A.1/32 Direct 0 0 127.3/32 ISIS 15 20 2.1 InLoop0 127.1 InLoop0 2.2.1.0.1.0000.1.1.0005.3. [RouterA] mpls lsr-id 1.0.0.1.1.3.1 InLoop0 2.2.0003.1.0/24 Direct 0 0 2.0000.0.1.0005. You can see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.0.1 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] quit 88 .2 GE3/1/1 3.0.1/32 Direct 0 Pre 0 127.1.0.0000.

3 [RouterA-Tunnel3] mpls te tunnel-id 10 [RouterA-Tunnel3] mpls te signal-protocol static [RouterA-Tunnel3] mpls te commit [RouterA-Tunnel3] quit 5. [RouterB] mpls lsr-id 2.1.2 out-label 20 # Configure Router B as the transit node on the static CR-LSP.2. Configure an MPLS TE tunnel # Configure an MPLS TE tunnel on Router A. [RouterB] static-cr-lsp transit tunnel3 incoming-interface GigabitEthernet 3/1/1 in-label 20 nexthop 3. [RouterC] static-cr-lsp egress tunnel3 incoming-interface GigabitEthernet 3/1/1 in-label 30 6. [RouterA] interface tunnel 3 [RouterA-Tunnel3] ip address 6.2 out-label 30 # Configure Router C as the egress node of the static CR-LSP.3 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] quit 4.2.255.3. [RouterA] static-cr-lsp ingress tunnel3 destination 3.3. Verify the configuration 89 .1.1.1.3.2.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] quit # Configure Router C.0 [RouterA-Tunnel3] tunnel-protocol mpls te [RouterA-Tunnel3] destination 3.3 nexthop 2. [RouterC] mpls lsr-id 3.[RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.1 255. Create a static CR-LSP # Configure Router A as the ingress node of the static CR-LSP.255.3.3.1.3.

[RouterA] display interface tunnel Tunnel3 current state: UP Line protocol current state: UP Description: Tunnel3 Interface The Maximum Transmit Unit is 1500 Internet Address is 6.3.3.3 -/GE3/1/1 Name Tunnel3 [RouterB] display mpls te tunnel LSP-Id Destination In/Out-If - - GE3/1/1/GE3/1/2 Name Tunnel3 [RouterC] display mpls te tunnel LSP-Id Destination In/Out-If - - GE3/1/1/- Name Tunnel3 Perform the display mpls lsp command or the display mpls static-cr-lsp command on each router to verify information about the static CR-LSP. 0/500/0 0/75/0 0 bytes/sec.Perform the display interface tunnel command on Router A.1. [RouterA] display mpls lsp ------------------------------------------------------------------LSP Information: STATIC CRLSP ------------------------------------------------------------------FEC In/Out Label In/Out IF 3.3.1. 0 packets/sec 0 bytes 0 input error 0 packets output. service-loopback-group ID not set Tunnel source unknown. destination 3.3.1.3.1:1 3. 0 bytes 0 output error Perform the display mpls te tunnel command on each router to verify information about the MPLS TE tunnel. 0 packets/sec Last 300 seconds output: 0 packets input. [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If 1.3 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0 bytes/sec.3.1.1/24 Primary Encapsulation is TUNNEL.3/32 NULL/20 -/GE3/1/1 Vrf Name [RouterB] display mpls lsp -----------------------------------------------------------------LSP Information: STATIC CRLSP -----------------------------------------------------------------FEC In/Out Label In/Out IF -/- 20/30 GE3/1/1/GE3/1/2 Vrf Name [RouterC] display mpls lsp -----------------------------------------------------------------LSP Information: STATIC CRLSP 90 . You can find that the tunnel interface is up.

2. Use RSVP-TE to create a TE tunnel with 2000 kbps of bandwidth from Router A to Router D. it is normal that the FEC field in the sample output is empty on Router B and Router C. 7. ensuring that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth is 5000 kbps. Router C. Router B.3.-----------------------------------------------------------------FEC In/Out Label In/Out IF -/- 30/NULL GE3/1/1/- Vrf Name [RouterA] display mpls static-cr-lsp total static-cr-lsp : 1 Name FEC I/O Label I/O If State Tunnel3 3.3. MPLS TE tunnel using RSVP-TE configuration example Network requirements Router A.3/32 NULL/20 -/GE3/1/1 Up [RouterB] display mpls static-cr-lsp total static-cr-lsp : 1 Name FEC I/O Label I/O If State Tunnel3 -/- 20/30 GE3/1/1/GE3/1/2 Up [RouterC] display mpls static-cr-lsp total static-cr-lsp : 1 Name FEC I/O Label I/O If State Tunnel3 -/- 30/NULL GE3/1/1/- Up NOTE: On an MPLS TE tunnel configured using a static CR-LSP. You can find a static route entry with interface Tunnel3 as the outgoing interface.1. Figure 25 Network diagram Device Interface IP address Device 91 Interface IP address . Therefore.2 24 tunnel 3 preference 1 Perform the display ip routing-table command on Router A. Create a static route for routing MPLS TE tunnel traffic. [RouterA] ip route-static 3. traffic is forwarded directly based on label at the transit nodes and egress node. and Router D are running IS-IS and all of them are Level-2 routers.

2/24 POS 2/1/1 20.00 [RouterB-isis-1] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] isis enable 1 [RouterB-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] clock master [RouterB-POS2/1/1] isis enable 1 [RouterB-POS2/1/1] isis circuit-level level-2 [RouterB-POS2/1/1] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] isis circuit-level level-2 [RouterB-LoopBack0] quit # Configure Router C. Assign IP addresses and masks to interfaces (see Figure 25) Details not shown 2.1. <RouterC> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 00.0000.0005.1.9/32 GE 3/1/1 10.1.1.0001.0000.0000.1. Enable IS-IS to advertise host routes with LSR IDs as destinations # Configure Router A.9/32 GE 3/1/1 10.1.2/24 Loop0 4. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.1.1.4.2/24 Router D Configuration procedure 1.0000.1. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0003.1/24 Router C Loop0 3.2.0002.9/32 GE 3/1/1 30.1.1.1.2.0005.3.Router A Router B Loop0 1.0000.00 [RouterC-isis-1] quit 92 .9/32 GE 3/1/1 30.0005.1/24 Loop0 2.1.4.1.1/24 POS 2/1/1 20.3.00 [RouterA-isis-1] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] isis enable 1 [RouterA-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface loopback 0 [RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] isis circuit-level level-2 [RouterA-LoopBack0] quit # Configure Router B.0000.

2.0000.1. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] network-entity 00. Proto Pre Routes : 10 Cost NextHop Interface 1.0.2.0.0/24 Direct 0 0 10.2 GE3/1/1 10.1.0.0000.1.0.0.1.2 GE3/1/1 3.1 InLoop0 Configure MPLS TE basic capabilities. You can see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.0/8 Direct 0 0 127.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf 93 . and enable RSVP-TE and CSPF # Configure Router A.9/32 Direct 0 0 127.1.2 GE3/1/1 30.1.9/32 ISIS 15 10 10.1 InLoop0 127.1 InLoop0 2.1.3.1.1.0.4.0/24 ISIS 15 20 10.0.1.1 GE3/1/1 10.0.2 GE3/1/1 4.1. Take Router A for example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 Destination/Mask 3.[RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] isis enable 1 [RouterC-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface pos 2/1/1 [RouterC-POS2/1/1] isis enable 1 [RouterC-POS2/1/1] isis circuit-level level-2 [RouterC-POS2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configure Router D.1.1.1.1/32 Direct 0 0 127.1 InLoop0 20.1.00 [RouterD-isis-1] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] isis enable 1 [RouterD-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterD-GigabitEthernet3/1/1] quit [RouterD] interface loopback 0 [RouterD-LoopBack0] isis enable 1 [RouterD-LoopBack0] isis circuit-level level-2 [RouterD-LoopBack0] quit Perform the display ip routing-table command on each router.1.0.1.0.2 GE3/1/1 127.0/24 ISIS 15 30 10.3.0.1.1.1.9/32 ISIS 15 20 10. [RouterA] mpls lsr-id 1.0004.4.1.0.9/32 ISIS 15 30 10.1/32 Direct 0 0 127.1.1.1.0005.

2.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls rsvp-te [RouterD-mpls] mpls te cspf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 94 .9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface pos 2/1/1 [RouterC-POS2/1/1] mpls [RouterC-POS2/1/1] mpls te [RouterC-POS2/1/1] mpls rsvp-te [RouterC-POS2/1/1] quit # Configure Router D.4.3.2.[RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.4. [RouterD] mpls lsr-id 4.3. [RouterC] mpls lsr-id 3. [RouterB] mpls lsr-id 2.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit # Configure Router C.

[RouterB] isis 1 [RouterB-isis-1] cost-style wide [RouterB-isis-1] traffic-eng level-2 [RouterB-isis-1] quit # Configure Router C.[RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] mpls rsvp-te [RouterD-GigabitEthernet3/1/1] quit 4. [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface pos 2/1/1 95 . [RouterA] isis 1 [RouterA-isis-1] cost-style wide [RouterA-isis-1] traffic-eng level-2 [RouterA-isis-1] quit # Configure Router B. [RouterC] isis 1 [RouterC-isis-1] cost-style wide [RouterC-isis-1] traffic-eng level-2 [RouterC-isis-1] quit # Configure Router D. Configure MPLS TE attributes of links # Configure maximum link bandwidth and maximum reservable bandwidth on Router A. [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit 5. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet3/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router B. Configure IS-IS TE # Configure Router A. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterB-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-POS2/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router C.

0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 4.1. 0 packets/sec 0 bytes 0 input error 0 packets output.1. Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A. 0 bytes 0 output error Perform the display mpls te tunnel-interface command on Router A to verify information about the MPLS TE tunnel.255.4.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0/75/0 0 bytes/sec. 0/500/0 0 bytes/sec. Verify the configuration Perform the display interface tunnel command on Router A. [RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 7.[RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-POS2/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router D. destination 4.1.9 [RouterA-Tunnel4] mpls te tunnel-id 10 [RouterA-Tunnel4] mpls te signal-protocol rsvp-te [RouterA-Tunnel4] mpls te bandwidth 2000 [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit 7.255.4. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel4 Interface The Maximum Transmit Unit is 1500 Internet Address is 7.4.1 255. 0 packets/sec Last 300 seconds output: 0 packets input.1/24 Primary Encapsulation is TUNNEL. You can find that the tunnel interface is up.4.1. service-loopback-group ID not set Tunnel source unknown. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : 96 . [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterD-GigabitEthernet3/1/1] quit 6.

You can find a static route entry with interface Tunnel4 as the outgoing interface.2.9 ISIS 1 Level-2 2 3 4.4.9 ISIS 1 Level-2 2 2 2.4.1.9 Egress LSR ID: 4.1.4.1.4.2.9 ISIS 1 Level-2 1 4 1.9 ISIS 1 Level-2 1 Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 30.3.9:3 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1.1. [RouterA] display mpls te cspf tedb all 8. Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 Id MPLS LSR-Id IGP Process-Id Area Link-Count 1 3.1.1.1. 97 .1.3.LSP ID : 1.2 24 tunnel 4 preference 1 Perform the display ip routing-table command on Router A.9 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 2000 kbps Reserved BW : 2000 kbps Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : - : Hold Priority: UP 7 Tie-Breaking Policy : None Metric Type : None Record Route : Disabled Record Label : Disabled FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : 10 sec : - Disabled Auto BW Freq : - - Max BW - : Perform the display mpls te cspf tedb all command on Router A to view information about links in TEDB.

9/32 GE3/1/1 10.3. Assign IP addresses and masks to interfaces (see Figure 26) 2.2/24 POS2/1/1 20. so that a route is available between AS 100 and AS 200.9/32 GE3/1/1 30.1. Router C and Router D are in AS 200.1/24 GE3/1/1 30.0. and they run OSPF as the IGP.1.1. Figure 26 Network diagram Device Router A Router B Interface IP address Device Router C Interface IP address Loop0 1.1.2/24 Loop0 4.9 0.1.1.2.4.1.0 0.1/24 Router D Configuration procedure 1. Along the tunnel.255 [RouterA-ospf-1-area-0.0.0.1.1/24 Loop0 2. the maximum link bandwidth is 10000 kbps and maximum reservable bandwidth is 5000 kbps.2. with the bandwidth being 2000 kbps.1. and they run OSPF as the IGP.0] quit [RouterA-ospf-1] quit 98 . Redistribute BGP routes into OSPF and OSPF routes into BGP.1.0.3.1. Establish an MPLS TE tunnel between Router A and Router D by using RSVP-TE.9/32 Loop0 3.1.1.0.Configuration example of inter-AS MPLS TE tunnel using RSVP-TE Network requirements Router A and Router B are in AS 100.1. Configure OSPF to advertise routes within the ASs # Configure OSPF on Router A.1. Establish an EBGP connection between ASBRs Router B and Router C.0] network 1.1. <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0 [RouterA-ospf-1-area-0.4.0.2/24 GE3/1/1 10.9/32 POS2/1/1 20.0] network 10.0.1.0.1.0.

255 [RouterD-ospf-1-area-0.2 GE3/1/1 10.0] network 2.0 0. ensuring that the ASs can communicate with each other.1.0.0.1.1.9 0.0 [RouterC-ospf-1-area-0. <RouterD> system-view [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] import-route direct [RouterB-ospf-1] import-route bgp [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0] quit [RouterD-ospf-1] quit After the configurations. Destination/Mask Proto 1.0.1/32 Direct 0 0 127.0.0.0] network 30.1.0] quit [RouterC-ospf-1] quit # Configure OSPF on Router D.0.9/32 Routes : 6 Pre Cost NextHop Interface Direct 0 0 127.# Configure OSPF on Router B.1.1 GE3/1/1 10.1.0 0.0.0.0.9 0.2.0.0] quit [RouterB-ospf-1] quit # Configure OSPF on Router C.0.3.1.0. The output shows that each device has learned the route to the LSR ID of the other device in the same AS. Take Router A as an example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 6 3.0] network 4.4.0.0. <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] import-route direct [RouterC-ospf-1] import-route bgp [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0.1.0 [RouterB-ospf-1-area-0.4. execute the display ip routing-table command on each device.0.0. [RouterB] bgp 100 99 .1 InLoop0 127.0.255 [RouterC-ospf-1-area-0.0.0.0] network 10.1.1.9/32 OSPF 1 10.2.0/24 Direct 0 0 10.3.0.0.0.0.255 [RouterB-ospf-1-area-0.0.1 InLoop0 127.0.0.1 InLoop0 10 Configure BGP on Router B and Router C and redistribute routes.0.1.0/8 Direct 0 0 127.0.2.1.1/32 Direct 0 0 127.1.0] network 3.1 InLoop0 2.0 [RouterD-ospf-1-area-0.0.0.0.9 0. # Configure Router B.0.1.2.0.0] network 30.0 0.0.1.1.0.0.0.

1. [RouterB] mpls lsr-id 2.2 GE3/1/1 127.0.1. and enable RSVP-TE and CSPF # Configure Router A.1. The output shows that each device has learned the routes to the outside of the AS.1.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.2.1.0.1. [RouterC] bgp 200 [RouterC-bgp] peer 20.2 GE3/1/1 4.1.1 InLoop0 127.1.1 InLoop0 2.1.2.1.1.0.1.1.0.9/32 O_ASE 150 1 10.0.1.1.1.9/32 Routes : 10 Pre Cost NextHop Interface Direct 0 0 127.1.1/32 Direct 0 0 127.0/24 Direct 0 0 10. execute the display ip routing-table command on each device.2 GE3/1/1 30. [RouterA] mpls lsr-id 1.1.1 InLoop0 Configure MPLS TE basic capabilities.0.1.3.3. Take Router A as an example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 4.0/8 Direct 0 0 127. Destination/Mask Proto 1.0/24 O_ASE 150 1 10.2 GE3/1/1 10.1.2 as-number 200 [RouterB-bgp] import-route ospf [RouterB-bgp] import-route direct [RouterB-bgp] quit # Configure Router C.0.1.1.0/24 O_ASE 150 1 10.2.0.0.9/32 O_ASE 150 1 10.9/32 OSPF 10 1 10.2 GE3/1/1 3.[RouterB-bgp] peer 20.1.4.1.1.1.1 as-number 100 [RouterC-bgp] import-route ospf [RouterC-bgp] import-route direct [RouterC-bgp] quit After the configuration.0.0.1.2.4.0.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te 100 .1/32 Direct 0 0 127.1 GE3/1/1 10.1 InLoop0 20.1.

[RouterA] ospf [RouterA-ospf-1] opaque-capability enable [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.[RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit # Configure Router C. [RouterD] mpls lsr-id 4.0. [RouterC] mpls lsr-id 3.4.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls rsvp-te [RouterD-mpls] mpls te cspf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] mpls rsvp-te [RouterD-GigabitEthernet3/1/1] quit 5.0] quit 101 . Configure OSPF TE # Configure Router A.4.3.0.0] mpls-te enable [RouterA-ospf-1-area-0.3.0.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls [RouterC-POS2/1/1] mpls te [RouterC-POS2/1/1] mpls rsvp-te [RouterC-POS2/1/1] quit # Configure Router D.

1.0] mpls-te enable [RouterC-ospf-1-area-0.1. Configure MPLS TE attributes of links # Configure the maximum link bandwidth and maximum reservable bandwidth on Router A.1.0.0.0] mpls-te enable [RouterB-ospf-1-area-0.2 include loose [RouterA-explicit-path-atod] quit 7.0.0] mpls-te enable [RouterD-ospf-1-area-0.[RouterA-ospf-1] quit # Configure Router B. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterB-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-POS2/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router C. [RouterC] ospf [RouterC-ospf-1] opaque-capability enable [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0. [RouterB] ospf [RouterB-ospf-1] opaque-capability enable [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0. [RouterD] ospf [RouterD-ospf-1] opaque-capability enable [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0] quit [RouterC-ospf-1] quit # Configure Router D.0.0.1.1.0. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet3/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router B.2 include loose [RouterA-explicit-path-atod] next hop 30. [RouterA] explicit-path atod enable [RouterA-explicit-path-atod] next hop 10.0.0] quit [RouterB-ospf-1] quit # Configure Router C. [RouterC] interface GigabitEthernet 3/1/1 102 .0.0. Configure a loose explicit route # Configure a loose explicit route on Router A.1.0.0.2 include loose [RouterA-explicit-path-atod] next hop 20.0] quit [RouterD-ospf-1] quit 6.

service-loopback-group ID not set. destination 4. 0 bytes 0 output error 103 0/500/0 0/75/0 .4.1 255.0 [RouterA-Tunnel1] tunnel-protocol mpls te [RouterA-Tunnel1] destination 4. 0 packets/sec Last 300 seconds output: 0 packets input.1/24 Primary Encapsulation is TUNNEL.4.4. Tunnel source unknown.1.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last clearing of counters: Never Last 300 seconds input: 0 bytes/sec.1. Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A.4. [RouterA] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.[RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-POS2/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router D. The output shows that the tunnel interface is up. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterD-GigabitEthernet3/1/1] quit 8.1. Verify the configuration Perform the display interface tunnel command on Router A.255.1. 0 bytes/sec.255.9 [RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] mpls te path explicit-path atod preference 5 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit 9. [RouterA] interface tunnel 1 [RouterA-Tunnel1] ip address 7. 0 packets/sec 0 bytes 0 input error 0 packets output.

4.1.9 OSPF 1 0 1 104 .9 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 2000 kbps Reserved BW : 2000 kbps Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : atod Tie-Breaking Policy : None Metric Type : None Loop Detection : Disabled Record Route : FRR Flag BackUpBW Type : UP Hold Priority: 7 Disabled Record Label : Disabled : Disabled BackUpBW Flag: Not Supported : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : 2 sec : - Disabled Auto BW Freq : - Max BW - : - Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : Perform the display mpls te cspf tedb all command on Router A to view information about links in TEDB.1.9:2 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1.1.1.9 Egress LSR ID: 4. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel1 Tunnel Desc : Tunnel1 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.4.Perform the display mpls te tunnel-interface command on Router A to view the detailed information of the MPLS TE tunnel.1.1. [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 2 Current Total Link Number: 2 Id MPLS LSR-Id IGP Process-Id Area Link-Count 1 1.

1.2.1.0/8 Direct 0 0 127. The output shows a static route entry with interface Tunnel 1 as the outgoing interface.0/24 Direct 0 0 10.2.1. Router B and Router C are RSVP-TE neighbors.2.1 InLoop0 150 RSVP-TE GR configuration example Network requirements Router A.0.1. [RouterA] display ip routing-table Routing Tables: Public Destinations : 14 Destination/Mask Proto 1. Figure 27 Network diagram Configuration procedure 1.9/32 O_ASE 150 1 10.0.1.0.1.0.9/32 O_ASE 150 1 10. All of them are Level-2 routers and support RSVP hello extension.2 GE3/1/1 30.2 24 tunnel 1 preference 1 Perform the display ip routing-table command on Router A.1 InLoop0 20.3.2 GE3/1/1 3.1.0.0.1 InLoop0 10. Router A.0.1.1.1 GE3/1/1 10.0.1.1.0. Assign IP addresses and masks to interfaces (see Figure 27) Details not shown 2.1.1.1.1.1.2 10. Enable IS-IS to advertise host routes with LSR IDs as destinations Details not shown 105 .1.1 InLoop0 2.1.4.1.1 Tun1 127.1/32 Direct 0 0 127.9/32 Routes : 14 Pre Cost NextHop Interface Direct 0 0 127.1.3.0.1.0/24 O_ASE 1 10.0/24 Static 1 0 7.1. With GR capability. Use RSVP-TE to create a TE tunnel from Router A to Router C.9/32 OSPF 10 1 10.1.1 Tun1 7.1 InLoop0 127.0.0.4.9 OSPF 1 0 1 Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 30.1.1.1/32 Direct 0 0 127. each of them can provide GR helper support when another is GR restarting.1/32 Direct 0 0 127.1.0.0.2.1.2 GE3/1/1 7.2 GE3/1/1 4.1. 2.1.1.0/24 Direct 0 0 7. Router B and Router C are running IS-IS.

1.3.1.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls rsvp-te hello [RouterC-mpls] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te hello [RouterC-GigabitEthernet3/1/1] quit 4.2.3.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls rsvp-te hello [RouterB-mpls] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te hello [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] mpls rsvp-te [RouterB-GigabitEthernet3/1/2] mpls rsvp-te hello [RouterB-GigabitEthernet3/1/2] quit # Configure Router C. <RouterA> system-view [RouterA] mpls lsr-id 1.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls rsvp-te hello [RouterA-mpls] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te hello [RouterA-GigabitEthernet3/1/1] quit # Configure Router B. Configure MPLS TE basic capabilities. <RouterC> system-view [RouterC] mpls lsr-id 3.2. and enable RSVP-TE and RSVP hello extension # Configure Router A.3. <RouterB> system-view [RouterB] mpls lsr-id 2. Configure IS-IS TE 106 .

2 SrcInstance: 880 NbrSrcInstance: 5017 PSB Count: 0 RSB Count: 1 Hello Type Sent: REQ Neighbor Hello Extension: ENABLE SRefresh Enable: NO Graceful Restart State: Ready Restart Time: 120 Sec Recovery Time: 300 Sec MPLS RSVP-TE and BFD cooperation configuration example Network requirements Router A and Router B are connected directly. If the physical link between Router A and Router B fails. Verify the configuration After previous configurations.1. <RouterC> system-view [RouterC] mpls [RouterC-mpls] mpls rsvp-te graceful-restart 7. <RouterB> system-view [RouterB] mpls [RouterB-mpls] mpls rsvp-te graceful-restart # Configure Router C. Figure 28 Network diagram 107 . Enable MPLS RSVP-TE BFD on the interfaces connecting the two routers. BFD can detect the failure quickly and inform MPLS RSVP-TE of the failure. <RouterA> display mpls rsvp-te peer Interface GigabitEthernet3/1/1 Neighbor Addr: 10. and run OSPF on the routers to ensure reachability at the network layer.Details not shown 5. Issuing the following command. you will see that the neighbor’s GR status is Ready. a tunnel is created between Router A and Router C. Configure the MPLS TE tunnel Details not shown 6. Configure RSVP-TE GR # Configure Router A.1. <RouterA> system-view [RouterA] mpls [RouterA-mpls] mpls rsvp-te graceful-restart # Configure Router B.

12.0.0.1.0 [RouterB-ospf-1-area-0.0.2. <RouterB> system-view [RouterB] mpls lsr-id 2.2.0 [Router-A-ospf-1-area-0.1 0.0. <RouterB>system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0. <RouterA> system-view [RouterA] ospf [Router-A-ospf-1] area 0 [Router-A-ospf-1-area-0.12.0.2 0.0.0] network 12.0.0.0] network 2.0.0] network 1. Configure MPLS RSVP-TE basic capabilities # Configure Router A.1 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te bfd enable [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.0.0.Configuration procedure 1.255 [Router-A-ospf-1-area-0.0] quit [RouterB-ospf-1] quit 3.1.2.0.0] quit [Router-A-ospf-1] quit # Configure Router B.1 0.0. Configure OSPF # Configure Router A.12.2. <RouterA> system-view [RouterA] mpls lsr-id 1. Configure IP addresses for the interfaces 108 .255 [RouterB-ospf-1-area-0.0.0.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te bfd enable [RouterB-GigabitEthernet3/1/1] quit 2.0.0.2 0.0.0] network 12.1.1.0.0.12.

12. ensuring that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth is 5000 kbps.2 24 4. Router B.2 [RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] return 5. 109 .10. [RouterA] interface tunnel 1 [RouterA-Tunnel1] ip address 10.# Configure Router A.1 24 [RouterA-Tunnel1] tunnel-protocol mpls te [RouterA-Tunnel1] destination 2. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] ip address 12.1 24 [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.12. Configure the MPLS TE tunnel # Configure an RSVP-TE tunnel between Router A and Router B. Use CR-LDP to create a TE tunnel from Router A to Router D. <RouterA> display bfd session verbose Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: Local Discr: 19 Remote Discr: 18 Source IP: 12.12.2 Session State: Up Interface: GigabitEthernet3/1/1 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Running Up for: 00:00:01 Auth mode: None Connect Type: Direct Board Num: 6 Protocol: RSVP Diag Info: No Diagnostic MPLS TE using CR-LDP configuration example Network requirements Router A.10.2.12.12.2.12. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] ip address 12. Router C and Router D are running OSPF and all of them are in area 0.1 Destination IP: 12. Verify the configuration Display the detailed information of the BFD session between Router A and Router B.12.12.

3. [RouterB] mpls lsr-id 2.4.2/24 Router B Router C Configuration procedure 1. You can see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.1.1. 3.4.1.1. [RouterA] mpls lsr-id 1.1.2/24 GE 3/1/1 30.9/32 Loop0 3.2.2/24 Loop0 2.1.1/24 GE 3/1/2 20.1.2.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls 110 .1. you can perform the display ip routing-table command on each router. Assign IP addresses and masks to interfaces (see Figure 29) Details not shown 2. Enable OSPF to advertise host routes with LSR IDs as destinations Details not shown After configuration.1. and enable CSPF # Configure Router A.9/32 GE 3/1/1 10.1.1/24 GE 3/1/1 30.1.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls te cspf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.1.3.1.9/32 Router D Loop0 4.Figure 29 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1/24 GE 3/1/2 20. Configure MPLS TE basic capabilities.1.2.1.1.9/32 GE 3/1/1 10.2.

3.0.0] mpls-te enable [RouterA-ospf-1-area-0.0.0.4.4.[RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] quit # Configure Router C.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface GigabitEthernet 3/1/2 [RouterC-GigabitEthernet3/1/2] mpls [RouterC-GigabitEthernet3/1/2] mpls te [RouterC-GigabitEthernet3/1/2] quit # Configure Router D. [RouterD] mpls lsr-id 4.0. Configure OSPF TE # Configure Router A.0. [RouterC] mpls lsr-id 3. [RouterB] ospf [RouterB-ospf-1] opaque-capability enable [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0. [RouterA] ospf [RouterA-ospf-1] opaque-capability enable [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0] quit [RouterB-ospf-1] quit # Configure Router C. [RouterC] ospf 111 .3.0.0.0] mpls-te enable [RouterB-ospf-1-area-0.0.0] quit [RouterA-ospf-1] quit # Configure Router B.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls te cspf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] quit 4.

0] mpls-te enable [RouterD-ospf-1-area-0. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterD-GigabitEthernet3/1/1] quit Perform the display mpls te cspf tedb all command on each router to view information about links in TEDB. [RouterD] ospf [RouterD-ospf-1] opaque-capability enable [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0. Take Router A for example: [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 Id MPLS LSR-Id IGP Process-Id 112 Area Link-Count . [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet3/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router B.0.0] quit [RouterC-ospf-1] quit # Configure Router D.0.0.0] quit [RouterD-ospf-1] quit 5.[RouterC-ospf-1] opaque-capability enable [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0. Configure MPLS TE attributes of links # Configure maximum link bandwidth and maximum reservable bandwidth on Router A.0] mpls-te enable [RouterC-ospf-1-area-0.0. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet3/1/2] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router C.0.0. [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface GigabitEthernet 3/1/2 [RouterC-GigabitEthernet3/1/2] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/2] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/2] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router D.

Take Router A for example: [RouterA] display mpls ldp session LDP Session(s) in Public Network ----------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ----------------------------------------------------------------2. 1 2.4.9 OSPF 1 0 1 4 1. FT Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A.9 OSPF 1 0 1 Configure LDP # Configure Router A. [RouterD] mpls ldp [RouterD-mpls-ldp] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls ldp [RouterD-GigabitEthernet3/1/1] quit Perform the display mpls ldp session command on each router.2.2.3.1. [RouterC] mpls ldp [RouterC-mpls-ldp] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls ldp [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface GigabitEthernet 3/1/2 [RouterC-GigabitEthernet3/1/2] mpls ldp [RouterC-GigabitEthernet3/1/2] quit # Configure Router D.4.6.2.2. 113 : Fault Tolerance .9 OSPF 1 0 2 2 3.9:0 Operational DU Passive Off Off 11/11 ----------------------------------------------------------------LAM : Label Advertisement Mode 7.9 OSPF 1 0 2 3 4. [RouterB] mpls ldp [RouterB-mpls-ldp] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls ldp [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls ldp [RouterB-GigabitEthernet3/1/2] quit # Configure Router C.3. You can find that an LDP session has been established and its state is operational. [RouterA] mpls ldp [RouterA-mpls-ldp] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls ldp [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.1.

4. 0 bytes 0 output error # Perform the display mpls te tunnel-interface command on Router A to view information about the tunnel. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel4 Interface The Maximum Transmit Unit is 1500 Internet Address is 8.255.9:2 Session ID : Admin State : UP Oper State Ingress LSR ID : 1. service-loopback-group ID not set Tunnel source unknown. 0/500/0 0 bytes/sec.1.[RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 8. 0 packets/sec 0 bytes 0 input error 0 packets output.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0/75/0 0 bytes/sec.4.1.9 [RouterA-Tunnel4] mpls te tunnel-id 10 [RouterA-Tunnel4] mpls te signal-protocol crldp [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit # Perform the display interface tunnel command on Router A.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 4.1. destination 4.1/24 Primary Encapsulation is TUNNEL. You can find that the tunnel interface is up.4.4.1.1. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.9 Signaling Prot : CR LDP Resv Style : - Class Type : CT0 Tunnel BW : 2000 kbps Reserved BW : 2000 kbps Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : - 10 : Hold Priority: Tie-Breaking Policy : None Metric Type : None Record Route : Disabled 114 Record Label : UP 7 Disabled .4.9 Egress LSR ID: 4.255.1. 0 packets/sec Last 300 seconds output: 0 packets input.1.1.1 255.4.

9 Area ID : 0.1.0.0.2 Local Interface Address : 10.1.1 Remote Interface Address : 0.1.FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Disabled Auto BW Freq : - Min BW Max BW - : - Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : : : 10 sec - # Perform the display ospf mpls-te command on Router A to view LSAs of OSPF TE.1.1.0 TE Metric : 1 115 .0. [RouterA] display ospf mpls-te area 0 self-originated OSPF Process 100 with Router ID 1.0.9 LSA : 811 Age Length : 200 LSA : E O Options LS Seq Number : 8000000D CheckSum : B1C4 Link Type : MultiAccess Link ID : 10.1.1.1.0 Traffic Engineering LSA's of the database ------------------------------------------------ LSA [ 1 ] -----------------------------------------------LSA Type : Opq-Area Opaque Type : 1 Opaque ID : 1 Advertising Router ID : 1.

1.2 24 tunnel 4 preference 1 Perform the display ip routing-table command on Router A. Type : Opq-Area Opaque Type : 1 Opaque ID : 0 Advertising Router ID : 1.Maximum Bandwidth : 1250000 bytes/sec Maximum Reservable BW : 625000 bytes/sec Admin Group : 0X0 Unreserved Bandwidth for each TE Class: Unreserved BW [ 0] =625000 bytes/sec Unreserved BW [ 1] =625000 bytes/sec Unreserved BW [ 2] =625000 bytes/sec Unreserved BW [ 3] =625000 bytes/sec Unreserved BW [ 4] =625000 bytes/sec Unreserved BW [ 5] =625000 bytes/sec Unreserved BW [ 6] =625000 bytes/sec Unreserved BW [ 7] =625000 bytes/sec Unreserved BW [ 8] = 0 bytes/sec Unreserved BW [ 9] = 0 bytes/sec Unreserved BW [10] = 0 bytes/sec Unreserved BW [11] = 0 bytes/sec Unreserved BW [12] = 0 bytes/sec Unreserved BW [13] = 0 bytes/sec Unreserved BW [14] = 0 bytes/sec Unreserved BW [15] = 0 bytes/sec Bandwidth Constraints: BC [ 0] =625000 bytes/sec BC [ 1] = 0 bytes/sec ------------------------------------------------ LSA [ 2 ] -----------------------------------------------LSA 8.1. You can find a static route entry with Tunnel 4 as the outgoing interface.9 LSA : 1118 Age Length : 28 LSA : E O Options LS Seq Number : 8000000B CheckSum : ECBF MPLS TE Router ID : 1.1.9 Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 30.1.1. 116 .1.

1.1.3.1.2/24 POS 2/1/2 30.1.1/24 POS 2/1/2 40.1.2. You should see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.CR-LSP backup configuration example Network requirements Set up an MPLS TE tunnel from Router A to Router C.1.1.1.1.9/32 Router B GE 3/1/1 10.2/24 GE 3/1/2 20.1.1.9/32 Loop0 3.1/24 Loop0 2.1.4.2. Configure MPLS TE basic capabilities.1. (Details not shown) Perform the display ip routing-table command on each router.9/32 GE 3/1/1 10.1/24 POS 2/1/2 40. Use CR-LSP hot backup for it.3. and enable RSVP-TE and CSPF <RouterA> system-view [RouterA] mpls lsr-id 1.1.1. 3. Configure the IGP protocol # Enable IS-IS to advertise host routes with LSR IDs as destinations on each node.1.1.1.1/24 POS 2/1/1 30.1.4.9/32 Router D Loop0 4.2/24 GE 3/1/1 20. Figure 30 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.2/24 Router C Configuration procedure 1.1. Assign IP addresses and masks to interfaces (see Figure 30) Details not shown 2.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 117 .

3.1. Create an MPLS TE tunnel on Router A # Configure the MPLS TE tunnel carried on the primary LSP. Verify the configuration 118 0/500/0 0/75/0 .3.3.1 255. 0 bytes/sec. 0 bytes 0 output error 5. 4.1.1/24 Primary Encapsulation is TUNNEL.9 [RouterA-Tunnel4] mpls te tunnel-id 10 # Enable hot LSP backup. service-loopback-group ID not set Tunnel source unknown. 0 packets/sec Last 300 seconds output: 0 packets input.[RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface pos 2/1/2 [RouterA-POS2/1/2] mpls [RouterA-POS2/1/2] mpls te [RouterA-POS2/1/2] mpls rsvp-te [RouterA-POS2/1/2] quit NOTE: • Follow the same steps to configure Router B.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 3. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel4 Interface The Maximum Transmit Unit is 1500 Internet Address is 9. [RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 9.255.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0 bytes/sec.3. • You need to configure the clock mode of the POS interface on Router D as master clock. and Router D. [RouterA-Tunnel4] mpls te backup hot-standby [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit # Perform the display interface tunnel command on Router A. 0 packets/sec 0 bytes 0 input error 0 packets output. You can find that Tunnel 4 is up. destination 3.1. Router C.255.1.

3.1.1.3.1.9 -/GE3/1/1 Tunnel4 1.3. [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.40 bytes packet 1 10.9(3.9) 30 hops max.1.2 25 ms 2 40.3.3.1.1.2 25 ms 30.2 Hop 2 4.1.9(3.3.1.3.1.1.3.2 Hop 2 2.1.9) 30 hops max.3. [RouterA] tracert –a 1.2 28 ms 27 ms 23 ms 2 40.1.1.1.1.1.9 Tunnel Interface Name : Tunnel4 Lsp ID : 1.9 traceroute to 3.3.9:2054 3.3.9 :2054 Hop Information Hop 0 30.3.1.1.2 29 ms 40. You can find that two tunnels are present with the outgoing interface being GigabitEthernet 3/1/1 and POS 2/1/2 respectively.9 # Perform the tracert command to draw the picture of the path that a packet must travel to reach the tunnel destination.1.1.1.1.1 Hop 1 10.2.1.3.1.2 Hop 5 3.2 54 ms The sample output shows that the current LSP traverses Route B but not Router D.1.1.1.3.3.1.3.4.1 Hop 4 40.3.1.9:2054 3.2 45 ms 20.40 bytes packet 1 30. Perform the tracert command on Router A to draw the path to the tunnel destination.9:6 3.9 Hop 3 20.1.3.1.4.2 25 ms 10. This indicates that a backup CR-LSP was created upon creation of the primary CR-LSP.1.1 Hop 1 30.2.1.1.1.2 Hop 5 3.9 -/POS2/1/2 Tunnel4 # Perform the display mpls te tunnel path command on Router A to identify the paths that the two tunnels traverse: [RouterA] display mpls te tunnel path Tunnel Interface Name : Tunnel4 Lsp ID : 1.1.9 Hop 3 40.1.1.1.1.1.2 50 ms 50 ms 49 ms # Perform the display mpls te tunnel command on Router A.1.1.9 3. You can see that the LSP is re-routed to traverse Router D: [RouterA] tracert –a 1.9 traceroute to 3.9 -/POS2/1/2 Tunnel4 119 .9 :6 Hop Information Hop 0 10.# Perform the display mpls te tunnel command on Router A.3.1.1 Hop 4 20. You can find that only the tunnel traversing Router D is present: [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.3.1.9 3.3.1.3. # Shut down interface GigabitEthernet 3/1/2 on Router B.

1.1/24 Loop0 2.1.1.1.2/24 Router C 120 .3.1.1.1.1. Unlike in hot CR-LSP backup where a secondary tunnel is created immediately upon creation of a primary tunnel. Router B is the PLR and Router C is the MP. in ordinary CR-LSP backup.1.2.1. Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 20.1.1.1.1/24 Loop0 3.3. FRR configuration example Network requirements On a primary LSP Router A → Router B → Router C → Router D.1.1.1/24 POS 2/1/1 3. 6.2.2. a secondary CR-LSP is created only after the primary LSP goes down.5.2/24 GE 3/1/1 4.3/32 3.2/24 POS 2/1/2 3.4.1.4/32 POS 2/1/1 3.1.5/32 POS 2/1/1 3.1.2. Figure 31 Network diagram Device Router A Router B Router D Interface IP address Device Router E Loop0 1.1.5.3.2 24 tunnel 4 preference 1 Perform the display ip routing-table command on Router A.1/24 GE 3/1/2 3.1.2/24 Loop0 4. use FRR to protect the link Router B → Router C.3.2/32 GE 3/1/1 2. • Explicitly route the primary TE tunnel and the bypass TE tunnel with the signaling protocol being RSVP-TE.NOTE: Configuring ordinary CR-LSP backup is almost the same as configuring hot CR-LSP backup except that you need to replace the mpls te backup hot-standby command with the mpls te backup ordinary command.4.1/24 GE 3/1/1 4.2/24 GE 3/1/2 Interface IP address Loop0 5. Do the following: • Create a bypass LSP that traverses the path Router B → Router E → Router C.1/32 GE 3/1/1 2. You can find a static route entry with interface Tunnel4 as the outgoing interface.

2 GE3/1/1 5.1.2 GE3/1/1 127. Take Router A for example: <RouterA> display ip routing-table Routing Tables: Public Destinations : 13 Destination/Mask 3.0/24 ISIS 15 30 2.1.4/32 ISIS 15 30 2. Assign IP addresses and masks to interfaces (see Figure 31) Details not shown 2.1 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.1.2/32 ISIS 15 10 2.4.0/8 Direct 0 0 127.1/32 Direct 0 0 127.2 GE3/1/1 3.0. (Details not shown) # Perform the display ip routing-table command on each router.0.1.2 GE3/1/1 3.1.1.1.1/32 Direct 0 0 127.1.2.0. and enable RSVP-TE and CSPF # Configure Router A.1.2.0.1.0.4.1. <RouterB> system-view [RouterB] mpls lsr-id 2.0.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf 121 .1.1.0/24 ISIS 15 20 2.3/32 ISIS 15 20 2.1. Proto Pre Routes : 13 Cost NextHop Interface 1.1.1.1.3.Configuration procedure 1.0.5. Configure the IGP protocol # Enable IS-IS to advertise host routes with LSR IDs as destinations on each node.0.1 InLoop0 127.2.1.1 InLoop0 2.1/32 Direct 0 0 127.3.1.2.1.2 GE3/1/1 4.1.1.2 GE3/1/1 3.1.1.1.2 GE3/1/1 3.1.1.0.1 InLoop0 2.1.0/24 ISIS 15 20 2.1.1 InLoop0 Configure MPLS TE basic capabilities.0.0. <RouterA> system-view [RouterA] mpls lsr-id 1.1.0.1.5.0/24 ISIS 15 30 2.0/24 Direct 0 0 2.3.1 GE3/1/1 2.1.2.2 GE3/1/1 4. You should see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.5/32 ISIS 15 20 2.

[RouterA-Tunnel4] mpls te fast-reroute [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit # Perform the display interface tunnel command on Router A.2 [RouterA-explicit-path-pri-path] next hop 4.255.1.1 255. [RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 10.2 [RouterA-explicit-path-pri-path] next hop 4.1/24 Primary 122 .[RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] mpls rsvp-te [RouterB-GigabitEthernet3/1/2] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit NOTE: • Follow the same steps to configure Router C. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel4 Interface The Maximum Transmit Unit is 1500 Internet Address is 10.2 [RouterA-explicit-path-pri-path] next hop 3.1.4. Router D. 4.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 4.4. Create an MPLS TE tunnel on Router A.1.1.1.4 [RouterA-Tunnel4] mpls te tunnel-id 10 [RouterA-Tunnel4] mpls te path explicit-path pri-path preference 1 # Enabel FRR. • You need to configure the clock mode of the POS interface on Router E as master clock.255.1.4 [RouterA-explicit-path-pri-path] quit # Configure the MPLS TE tunnel carried on the primary LSP.1. You can find that Tunnel4 is up. [RouterA] explicit-path pri-path [RouterA-explicit-path-pri-path] next hop 2. and Router E.1.1. the headend of the primary LSP # Create an explicit path for the primary LSP.4.1.4.

0 packets/sec 0 bytes 0 input error 0 packets output.4. 0 bytes 0 output error # Perform the display mpls te tunnel-interface command on Router A to verify the configuration of the tunnel interface.Encapsulation is TUNNEL.4.4.1:1 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1. service-loopback-group ID not set Tunnel source unknown.1.1.4.4 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 0 kbps Reserved BW : 0 kbps Setup Priority : 7 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : pri-path : Hold Priority: UP 7 Tie-Breaking Policy : None Metric Type : None Record Route : Enabled Record Label : Enabled FRR Flag : Enabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - : 10 sec : - Disabled Auto BW Freq : - - Max BW - 123 : . 0 packets/sec Last 300 seconds output: 0 packets input. 0/500/0 0/75/0 0 bytes/sec. destination 4.4 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0 bytes/sec.1 Egress LSR ID: 4.1.1.

4.4/32 NULL/1024 -/GE3/1/1 Vrf Name [RouterB] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4. [RouterA] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4.2.3.5.1.2 [RouterB-explicit-path-by-path] next hop 3.4.3. [RouterB] interface tunnel 5 [RouterB-Tunnel5] ip address 11.3. Backup Tunnel : - Group Status : - Oam Status : - Configure a bypass tunnel on Router B (the PLR) # Create an explicit path for the bypass LSP. [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls te fast-reroute bypass-tunnel tunnel 5 [RouterB-GigabitEthernet3/1/2] quit # Perform the display interface tunnel command on Router B. You can find that two LSPs are traversing Router B and Router C. [RouterB-Tunnel5] mpls te backup bandwidth 10000 [RouterB-Tunnel5] mpls te commit [RouterB-Tunnel5] quit # Bind the bypass tunnel with the protected interface.255.3 [RouterB-explicit-path-by-path] quit # Create the bypass tunnel.1. You can find that Tunnel5 is up.3. [RouterB] explicit-path by-path [RouterB-explicit-path-by-path] next hop 3.0 [RouterB-Tunnel5] tunnel-protocol mpls te [RouterB-Tunnel5] destination 3.4.4.3 [RouterB-Tunnel5] mpls te tunnel-id 15 [RouterB-Tunnel5] mpls te path explicit-path by-path preference 1 # Configure the bandwidth that the bypass tunnel protects.255.3.1 255.2 [RouterB-explicit-path-by-path] next hop 3.3.1.4/32 1024/3 GE3/1/2/GE3/1/1 124 Vrf Name .3.4.3/32 NULL/1024 -/POS2/1/1 Vrf Name [RouterC] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4.1.4/32 1024/1024 GE3/1/1/GE3/1/2 3.4. # Perform the display mpls lsp command on each router.

3/32 1024/3 POS2/1/1/POS2/1/2 Vrf Name # Perform the display mpls te tunnel command on each router.4.4.1.4.3.3.2 In-Label : 1024 Out-Label : 1024 In-Interface : GigabitEthernet3/1/1 Out-Interface : GigabitEthernet3/1/2 125 .1.1:1 4.1.1:1 4.3.1:1 4.4. You can find that the bypass tunnel is bound with the protected interface GigabitEthernet 3/1/2 and is currently unused.2.1.1.3.3.4.1.4. You can find that two MPLS TE tunnels are traversing Router B and Router C.2.3.2.4 GE3/1/2/GE3/1/1 Name Tunnel4 2.2:1 3.1.2.1.4.3.4.3 POS2/1/1/POS2/1/2 Name Tunnel5 # Perform the display mpls lsp verbose command on Router B.3/32 3/NULL POS2/1/1/- [RouterD] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4.2.1.1:1 4.2:1 3.4/32 Nexthop : 3.3 POS2/1/1/- Tunnel5 [RouterD] display mpls te tunnel LSP-Id Destination In/Out-If 1.1 LocalLspID : 1 Tunnel-Interface : Tunnel4 Fec : 4.4. [RouterB] display mpls lsp verbose ------------------------------------------------------------------LSP Information: RSVP LSP ------------------------------------------------------------------No : 1 IngressLsrID : 1.3 -/POS2/1/1 Tunnel5 [RouterC] display mpls te tunnel LSP-Id Destination In/Out-If 1.1.3.4 -/GE3/1/1 Name Tunnel4 [RouterB] display mpls te tunnel LSP-Id Destination In/Out-If 1.4/32 3/NULL GE3/1/1/- Vrf Name [RouterE] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 3.3.4. [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If 1.4.1.2:1 3.4 GE3/1/1/GE3/1/2 Name Tunnel4 2.3.1.2.4 GE3/1/1/- Name Tunnel4 [RouterE] display mpls te tunnel LSP-Id Destination In/Out-If 2.4.3.

4. You can find that the tunnel interface is still up.6. LspIndex : 4097 Tunnel ID : 0x22001 LsrType : Transit Bypass In Use : Not Used BypassTunnel : Tunnel Index[Tunnel5].1. [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] shutdown %Sep 7 08:53:34 2004 RouterB IFNET/5/UPDOWN:Line protocol on the interface GigabitEthernet3/1/2 turns into DOWN state # Perform the display interface tunnel 4 command on Router A to identify the state of the primary LSP.2.2 LocalLspID : 1 Tunnel-Interface : Tunnel5 Fec : 3.3. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : Modifying CR-LSP is setting up Tunnel Attributes : LSP ID : 1.1.1:1 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1.1 Egress LSR ID: 4.3.2.4. InnerLabel[1024] Mpls-Mtu : 1500 No : 2 IngressLsrID : 2.1.1.2 In-Label : NULL Out-Label : 1024 In-Interface : ---------- Out-Interface : POS2/1/1 LspIndex : 4098 Tunnel ID : 0x22002 LsrType : Ingress Bypass In Use : Not Exists BypassTunnel : Tunnel Index[---] Mpls-Mtu : 1500 Verify the FRR function # Shut down the protected outgoing interface on PLR. # Perform the display mpls te tunnel-interface command on Router A to verify the configuration of the tunnel interface.3/32 Nexthop : 3.4 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 0 kbps Reserved BW : 0 kbps Setup Priority : 7 Affinity Prop/Mask : 0/0 Explicit Path Name : pri-path : Hold Priority: 126 UP 7 .2.1.

1.1 Egress LSR ID: 4.4 Signaling Prot : RSVP Resv Style : SE Class Type : CT0 Tunnel BW : 0 kbps Reserved BW : 0 kbps Setup Priority : 7 Affinity Prop/Mask : 0/0 Explicit Path Name : pri-path Oper State : Hold Priority: Modified 7 Tie-Breaking Policy : None Metric Type : None Record Route : Enabled Record Label : Enabled FRR Flag : Enabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Disabled 127 : 10 sec : - Auto BW Freq : - .4.1.1.Tie-Breaking Policy : None Metric Type : None Record Route : Enabled Record Label : Enabled FRR Flag : Enabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Disabled Auto BW Freq : - Min BW : - Max BW - Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : Modifying CR-LSP is setting up Tunnel Attributes : : 10 sec - : LSP ID : 1.1:1025 Session ID : 10 Admin State : Ingress LSR ID : 1.1.4.

2. # Perform the display mpls lsp verbose command on Router B.2 In-Label : 1024 Out-Label : 1024 In-Interface : GigabitEthernet3/1/1 Out-Interface : GigabitEthernet3/1/2 LspIndex : 4097 Tunnel ID : 0x22001 LsrType : Transit Bypass In Use : In Use BypassTunnel : Tunnel Index[Tunnel5]. [RouterB] display mpls lsp verbose -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------No : 1 IngressLsrID : 1.4.1.1. InnerLabel[1024] No : 2 IngressLsrID : 2.2 In-Label : NULL Out-Label : 1024 In-Interface : ---------- Out-Interface : POS2/1/1 128 .2.3. This is normal because the make-before-break mechanism of FRR introduces a delay before removing the old LSP after a new LSP is created.3.1.2. You can find that the bypass tunnel is in use.4/32 Nexthop : 3.1 LocalLspID : 1 Tunnel-Interface : Tunnel4 Fec : 4.3/32 Nexthop : 3.4.2 LocalLspID : 1 Tunnel-Interface : Tunnel5 Fec : 3.Min BW : - Current Collected BW: - Max BW Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : - NOTE: If you perform the display mpls te tunnel-interface command immediately after an FRR protection switch.1.1. you are likely to see two CR-LSPs in up state are present.

5000 kbps.LspIndex : 4098 Tunnel ID : 0x22002 LsrType : Ingress Bypass In Use : Not Exists BypassTunnel : Tunnel Index[---] # Set the FRR polling timer to five seconds on PLR. Router C. BC 2. You can find that Tunnel5 is still bound with interface GigabitEthernet 3/1/2 and is unused. the maximum reservable bandwidth is 10000 kbps. You can find that the tunnel interface is up. [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] undo shutdown %Sep 7 09:01:31 2004 RouterB IFNET/5/UPDOWN:Line protocol on the interface GigabitEthernet3/1/2 turns into UP state # Perform the display interface tunnel command on Router A to identify the state of the primary LSP. and BC 3 are 8000 kbps. IETF DS-TE configuration example Network requirements Router A. For each link that the tunnel traverses. and 3000 kbps respectively.1. Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 4. and the tunnel needs a bandwidth of 4000 kbps. Router B. and BC 1. and Router D are running IS-IS and all of them are Level-2 routers. the maximum bandwidth is 10000 kbps. perform the display mpls lsp verbose command on Router B. Traffic of the tunnel belongs to CT 2. # About 5 seconds later.1. 7. Figure 32 Network diagram Device Interface IP address Device 129 Interface IP address . [RouterB] mpls [RouterB-mpls] mpls te timer fast-reroute 5 [RouterB-mpls] quit # Bring the protected outgoing interface up on PLR. Use RSVP-TE to create a TE tunnel from Router A to Router D. You can find a static route entry with interface Tunnel4 as the outgoing interface.2 24 tunnel 4 preference 1 Perform the display ip routing-table command on Router A.

1.0003. and advertise host routes with LSR IDs as destinations.1.2/24 Loop0 4. 2. Configure IS-IS.1/24 Router C Router D Loop0 3.0001.1.0005.2. Configure IP addresses for interfaces.9/32 GE3/1/1 10.0000.1. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.3.0000.1. details not shown).1.00 [RouterC-isis-1] quit [RouterC] interface GigabitEthernet 3/1/1 130 .0000. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.1.0000.1/24 Loop0 2.00 [RouterA-isis-1] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] isis enable 1 [RouterA-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface loopback 0 [RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] isis circuit-level level-2 [RouterA-LoopBack0] quit # Configurations on Router B. Assign IP addresses and masks to interfaces (see Figure 32.3.0000.9/32 GE3/1/1 30.0005.9/32 GE3/1/1 10.1. # Configurations on Router A.1.1/24 POS2/1/1 20.1.1.9/32 GE3/1/1 30.4. <RouterC> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 00.1.Router A Router B Loop0 1.4.1.0002.00 [RouterB-isis-1] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] isis enable 1 [RouterB-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] isis enable 1 [RouterB-POS2/1/1] isis circuit-level level-2 [RouterB-POS2/1/1] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] isis circuit-level level-2 [RouterB-LoopBack0] quit # Configurations on Router C.2/24 POS2/1/1 20.1.0005.2.2/24 Configuration procedure 1.0000.

1.0. Proto Pre Routes : 10 Cost NextHop Interface 1.1 InLoop0 Configure MPLS TE basic capabilities.0/24 ISIS 15 30 10.1.00 [RouterD-isis-1] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] isis enable 1 [RouterD-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterD-GigabitEthernet3/1/1] quit [RouterD] interface loopback 0 [RouterD-LoopBack0] isis enable 1 [RouterD-LoopBack0] isis circuit-level level-2 [RouterD-LoopBack0] quit # Execute the display ip routing-table command on each router.[RouterC-GigabitEthernet3/1/1] isis enable 1 [RouterC-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] isis enable 1 [RouterC-POS2/1/1] isis circuit-level level-2 [RouterC-POS2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configurations on Router D. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] network-entity 00.2 GE3/1/1 127.0004.1.9/32 Direct 0 0 127.1.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls te cspf 131 .1 InLoop0 127.0.1.1.0000.0.4. enable RSVP-TE and CSPF. and configure the DS-TE mode as IETF.0.9/32 ISIS 15 10 10.0.1.3.2.0/24 Direct 0 0 10.2 GE3/1/1 4.1.1.2 GE3/1/1 10. You see that each router has learnt the routes to the LSR IDs of the other routers.1.0.1.1.0.4.0.3.1 GE3/1/1 10.1.1.0005.0.1.1.1 InLoop0 2. # Configure Router A.1.1/32 Direct 0 0 127. [RouterA] mpls lsr-id 1.1.0/8 Direct 0 0 127.2 GE3/1/1 30.9/32 ISIS 15 20 10.1.1.1.2 GE3/1/1 3.0.9/32 ISIS 15 30 10.0000.1/32 Direct 0 0 127.0/24 ISIS 15 20 10.1. Take Router A for example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 Destination/Mask 3.0.0.2.1.1 InLoop0 20.1.

[RouterA-mpls] mpls te ds-te mode ietf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.2.4. [RouterD] mpls lsr-id 4. [RouterC] mpls lsr-id 3.4.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls rsvp-te 132 .3.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] mpls te ds-te mode ietf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit # Configure Router C.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] mpls te ds-te mode ietf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] mpls rsvp-te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls [RouterC-POS2/1/1] mpls te [RouterC-POS2/1/1] mpls rsvp-te [RouterC-POS2/1/1] quit # Configure Router D.2. [RouterB] mpls lsr-id 2.3.

[RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit 5. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterA-GigabitEthernet3/1/1] quit # Configure the maximum bandwidth and bandwidth constraints on Router B. [RouterA] isis 1 [RouterA-isis-1] cost-style wide [RouterA-isis-1] traffic-eng level-2 [RouterA-isis-1] quit # Configure Router B. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterB-POS2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterB-POS2/1/1] quit 133 . Configure MPLS TE attributes of links # Configure the maximum bandwidth and bandwidth constraints on Router A. [RouterC] isis 1 [RouterC-isis-1] cost-style wide [RouterC-isis-1] traffic-eng level-2 [RouterC-isis-1] quit # Configure Router D. Configure IS-IS TE # Configure Router A.[RouterD-mpls] mpls te cspf [RouterD-mpls] mpls te ds-te mode ietf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] mpls rsvp-te [RouterD-GigabitEthernet3/1/1] quit 4. [RouterB] isis 1 [RouterB-isis-1] cost-style wide [RouterB-isis-1] traffic-eng level-2 [RouterB-isis-1] quit # Configure Router C.

1. [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterC-POS2/1/1] quit # Configure the maximum bandwidth and bandwidth constraints on Router D.4.# Configure the maximum bandwidth and bandwidth constraints on Router C.1.4. [RouterA] interface tunnel 1 [RouterA-Tunnel1] ip address 7. Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A.255.9 [RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth ct2 4000 [RouterA-Tunnel1] mpls te priority 0 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit 7. [RouterA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.255.1 255.1.1. You see that the tunnel interface is up.1/24 Primary Encapsulation is TUNNEL. Verify the configuration # Execute the display interface tunnel command on Router A. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterD-GigabitEthernet3/1/1] quit 6.4.0 [RouterA-Tunnel1] tunnel-protocol mpls te [RouterA-Tunnel1] destination 4. service-loopback-group ID not set Tunnel source unknown.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0 packets input. 0/75/0 0 bytes/sec. 0 packets/sec Last 300 seconds output: 0 bytes/sec. 0 packets/sec 0 bytes 0 input error 134 0/500/0 .4. destination 4.

9:3 Session ID : 10 Admin State : UP Oper State Ingress LSR ID : 1.9 Signaling Prot : RSVP Resv Style : SE Class Type : CT2 Tunnel BW : 4000 kbps Reserved BW : 4000 kbps Setup Priority : 0 Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : - : Hold Priority: UP 0 Tie-Breaking Policy : None Metric Type : None Record Route : Disabled Record Label : Disabled FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Oam Status : - : 10 sec : - Disabled Auto BW Freq : - - Max BW - : # Execute the display mpls te cspf tedb all command on Router A to view the link information in the TEDB.9 Egress LSR ID: 4.4.1.9 ISIS 1 Level-2 2 135 .3.4.1.1.3. [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 Id MPLS LSR-Id IGP Process-Id Area Link-Count 1 3.0 packets output. 0 bytes 0 output error # Execute the display mpls te tunnel-interface command on Router A to view the detailed information of the tunnel. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel1 Tunnel Desc : Tunnel1 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.1.

4.9 ISIS 1 Level-2 1 4 1. as well as between Router C and Router D.2.2 24 tunnel 1 preference 1 Execute the display ip routing-table command on Router A.2.1.2 2.1.9 ISIS 1 Level-2 1 # Execute the display mpls te link-administration bandwidth-allocation command on Router A to view interface bandwidth information.1.4. A remote LDP session is established between Router B and Router C.9 ISIS 1 Level-2 2 3 4. Router B uses the SPE card to process MPLS L2VPN services. A local LDP session is established between Router A and Router B. bandwidth-allocation : 10000 kbits/sec Max Reservable Bandwidth PreStandard RDM : 0 kbits/sec Max Reservable Bandwidth IETF RDM : 10000 kbits/sec Max Reservable Bandwidth IETF MAM : 0 kbits/sec Downstream LSP Count : 1 UpStream LSP Count : 1 Downstream Bandwidth : 4000 kbits/sec Upstream Bandwidth : 0 kbits/sec IPUpdown Link Status : UP PhysicalUpdown Link Status : UP BC PreStandard Mode RDM(kbps) IETF Mode RDM(kbps) IETF Mode MAM(kbps) 0 0 10000 0 1 0 8000 0 2 0 5000 0 3 0 2000 0 TE CLASS CLASS TYPE PRIORITY BW RESERVED(kbps) BW AVAILABLE(kbps) 0 0 7 0 6000 1 1 7 0 4000 2 2 7 0 1000 3 3 7 0 1000 4 0 0 0 6000 5 1 0 0 4000 6 2 0 4000 1000 7 3 0 0 1000 Create a static route to import traffic into the MPLS TE tunnel [RouterA] ip route-static 30. 136 . An MPLS TE tunnel is established along Router B → Router E → Router C by using RSVP-TE. There is a static route entry with interface Tunnel1 as the outgoing interface.1. MPLS LDP over MPLS TE configuration example Network requirements Router A through Router E all support MPLS and run OSPF as the IGP. [RouterA] display mpls GigabitEthernet 3/1/1 Link ID: te link-administration interface GigabitEthernet 3/1/1 Max Link Bandwidth 8.

1.2/24 GE3/1/2 Router B Router D GE2/1/2 3.1.2/24 Configuration procedure 1. (Details not shown) 3.3/32 3.1.1/24 GE3/1/2 3.1.2.1. Configure the IGP protocol Enable OSPF on each router to advertise subnets to which interfaces belong and the host routes with LSR IDs as destinations. Configure MPLS LDP basic capabilities on Router A and Router D Details not shown 4.2.4/32 GE2/1/1 3.4.2/24 Loop0 4.2.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls [RouterB-GigabitEthernet2/1/1] mpls te [RouterB-GigabitEthernet2/1/1] mpls rsvp-te 137 .1.3.1. Configure MPLS TE basic capabilities and enable RSVP-TE and CSPF on Router B.5/32 GE3/1/1 2.2/24 GE3/1/1 4.1.2/24 Loop0 2.1.1/24 GE2/1/1 3.2.1/24 GE3/1/1 4.1. Router C and Router E # Configure Router B.1.1.1/32 Router E Loop0 5.4.Figure 33 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.2/32 GE3/1/1 2.3.1/24 Loop0 3.1.1.1.2. Assign IP addresses and masks to interfaces (see Figure 33) Details not shown 2.1.1.1/24 Router C GE2/1/1 3.5.2. <RouterB> system-view [RouterB] mpls lsr-id 2.3.3.5.

[RouterB-GigabitEthernet2/1/1] quit

# Configure Router E.
<RouterE> system-view
[RouterE] mpls lsr-id 5.5.5.5
[RouterE] mpls
[RouterE-mpls] mpls te
[RouterE-mpls] mpls rsvp-te
[RouterE-mpls] mpls te cspf
[RouterE-mpls] quit
[RouterE] interface GigabitEthernet 2/1/1
[RouterE-GigabitEthernet2/1/1] mpls
[RouterE-GigabitEthernet2/1/1] mpls te
[RouterE-GigabitEthernet2/1/1] mpls rsvp-te
[RouterE-GigabitEthernet2/1/1] quit
[RouterE] interface GigabitEthernet 2/1/2
[RouterE-GigabitEthernet2/1/2] mpls
[RouterE-GigabitEthernet2/1/2] mpls te
[RouterE-GigabitEthernet2/1/2] mpls rsvp-te
[RouterE-GigabitEthernet2/1/2] quit

# Configure Router C.
<RouterC> system-view
[RouterC] mpls lsr-id 3.3.3.3
[RouterC] mpls
[RouterC-mpls] mpls te
[RouterC-mpls] mpls rsvp-te
[RouterC-mpls] mpls te cspf
[RouterC-mpls] quit
[RouterC] interface GigabitEthernet 2/1/1
[RouterC-GigabitEthernet2/1/1] mpls
[RouterC-GigabitEthernet2/1/1] mpls te
[RouterC-GigabitEthernet2/1/1] mpls rsvp-te
[RouterC-GigabitEthernet2/1/1] quit

5.

Create an MPLS TE tunnel on Router B
# Configure an MPLS TE tunnel.
[RouterB] interface tunnel 3
[RouterB-Tunnel3] ip address 10.1.1.1 255.255.255.0
[RouterB-Tunnel3] tunnel-protocol mpls te
[RouterB-Tunnel3] destination 3.3.3.3
[RouterB-Tunnel3] mpls te tunnel-id 10

# Configure IGP shortcut.
[RouterB-Tunnel3] mpls te igp shortcut
[RouterB-Tunnel3] mpls te igp metric relative -1
[RouterB-Tunnel3] mpls te commit

# Enable MPLS.
[RouterB-Tunnel3] mpls
[RouterB-Tunnel3] quit

# Configure OSPF TE.
138

[RouterB] ospf
[RouterB-ospf-1] opaque-capability enable
[RouterB-ospf-1] enable traffic-adjustment
[RouterB-ospf-1] area 0.0.0.0
[RouterB-ospf-1-area-0.0.0.0] mpls-te enable
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit

After previous configurations, execute the display interface tunnel command on Router B. You can
see that tunnel interface Tunnel 3 is up.
[RouterB] display interface tunnel
Tunnel3 current state: UP
Line protocol current state: UP
Description: Tunnel3 Interface
The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/24 Primary
Encapsulation is TUNNEL, service-loopback-group ID not set.
Tunnel source unknown, destination 3.3.3.3
Tunnel protocol/transport CR_LSP
Output queue : (Urgent queuing : Size/Length/Discards)

0/100/0

Output queue : (Protocol queuing : Size/Length/Discards)
Output queue : (FIFO queuing : Size/Length/Discards)
Last 300 seconds input:

0 bytes/sec, 0 packets/sec

Last 300 seconds output:
0 packets input,

0/500/0

0/75/0

8 bytes/sec, 0 packets/sec

0 bytes

0 input error
47 packets output,

2740 bytes

0 output error

Execute the display ip routing-table command on Router B. You can see that the outgoing interface
to Router C is the tunnel interface Tunnel 3.
[RouterB] display ip routing-table
Routing Tables: Public
Destinations : 12

Routes : 12

Destination/Mask

Proto

Pre

Cost

NextHop

Interface

1.1.1.1/32

OSPF

10

1

2.1.1.1

GE3/1/1

2.1.1.0/24

Direct 0

0

2.1.1.2

GE3/1/1

2.1.1.2/32

Direct 0

0

127.0.0.1

InLoop0

2.2.2.2/32

Direct 0

0

127.0.0.1

InLoop0

3.1.1.0/24

Direct 0

0

3.1.1.1

GE3/1/2

3.1.1.1/32

Direct 0

0

127.0.0.1

InLoop0

3.3.3.3/32

OSPF

10

1

10.1.1.1

Tunnel3

4.1.1.0/24

OSPF

10

2

10.1.1.1

Tunmel3

127.0.0.0/8

Direct 0

0

127.0.0.1

InLoop0

127.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

139

CAUTION:
• You must configure IGP shortcut or a static route for the MPLS TE tunnel, so that IP routing prefers the
MPLS TE tunnel interface as the outgoing interface.
• You must configure the tunnel tailend LSR ID as the tunnel destination.
6.

Configure LDP on Router B and Router C
# Configure Router B.
[RouterB] mpls
[RouterB-mpls] mpls ldp
[RouterB-mpls] quit
[RouterB] interface GigabitEthernet 3/1/1
[RouterB-GigabitEthernet3/1/1] mpls
[RouterB-GigabitEthernet3/1/1] mpls ldp
[RouterB-GigabitEthernet3/1/1] quit
[RouterB] mpls ldp remote-peer C
[RouterB-mpls-ldp-remote-c] remote-ip 3.3.3.3
[RouterB-mpls-ldp-remote-c] prefix-label advertise
[RouterB-mpls-ldp-remote-c] quit

# Configure Router C.
[RouterC] mpls
[RouterC-mpls] mpls ldp
[RouterC-mpls] quit
[RouterC] interface GigabitEthernet 3/1/1
[RouterC-GigabitEthernet3/1/1] mpls
[RouterC-GigabitEthernet3/1/1] mpls ldp
[RouterC-GigabitEthernet3/1/1] quit
[RouterC] mpls ldp remote-peer b
[RouterC-mpls-ldp-remote-b] remote-ip 2.2.2.2
[RouterC-mpls-ldp-remote-b] prefix-label advertise
[RouterC-mpls-ldp-remote-b] quit

# Execute the display mpls ldp session command on Router B. You can see that a remote session
is established between Router B and Router C.
[RouterB] display mpls ldp session verbose

LDP Session(s) in Public Network
---------------------------------------------------------------------Peer LDP ID

: 1.1.1.1:0

Local LDP ID

: 2.2.2.2:0

TCP Connection

: 2.2.2.2 -> 1.1.1.1

Session State

: Operational

Session Role

: Active

Session FT Flag : Off

MD5 Flag

: Off

Reconnect Timer : ---

Recovery Timer : ---

Negotiated Keepalive Timer

: 45 Sec

Keepalive Message Sent/Rcvd

: 437/437 (Message Count)

Label Advertisement Mode

: Downstream Unsolicited

Label Resource Status(Peer/Local) : Available/Available
Peer Discovery Mechanism

: Basic

140

Session existed time

: 000:01:48

LDP Basic Discovery Source

: GigabitEthernet3/1/1

(DDD:HH:MM)

Addresses received from peer: (Count: 2)
2.1.1.1

1.1.1.1

---------------------------------------------------------------------Peer LDP ID

: 3.3.3.3:0

Local LDP ID

: 2.2.2.2:0

TCP Connection

: 2.2.2.2 <- 3.3.3.3

Session State

: Operational

Session Role

: Passive

Session FT Flag : Off

MD5 Flag

: Off

Reconnect Timer : ---

Recovery Timer : ---

Negotiated Keepalive Timer

: 45 Sec

Keepalive Message Sent/Rcvd

: 411/411 (Message Count)

Label Advertisement Mode

: Downstream Unsolicited

Label Resource Status(Peer/Local) : Available/Available
Peer Discovery Mechanism

: Extended

Session existed time

: 000:01:42

LDP Extended Discovery Source

: Remote peer: 1

(DDD:HH:MM)

Addresses received from peer: (Count: 2)
4.1.1.1

3.3.3.3

----------------------------------------------------------------------

# Execute the display mpls ldp lsp command on Router B. You can see that Router C sent label
mapping messages to Router B and established an LDP LSP.
[RouterB] display mpls ldp lsp

LDP LSP Information
---------------------------------------------------------------------SN

DestAddress/Mask

In/OutLabel

Next-Hop

In/Out-Interface

---------------------------------------------------------------------1

1.1.1.1/32

NULL/3

2.1.1.1

-------/GE3/1/1

2

2.2.2.2/32

3/NULL

127.0.0.1

-------/InLoop0

3

3.3.3.3/32

NULL/3

10.1.1.1

-------/Tunnel3

4

3.3.3.3/32

1024/3

10.1.1.1

-------/Tunnel3

---------------------------------------------------------------------A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale

CAUTION:
The IP address of the LDP remote peer must be configured as the LSR ID of the MPLS TE tunnel tailend.
7.

Verify the configuration
Execute the display mpls lsp command on Rotuer B. You can see that the LDP LSP from Router B to
Rotuer C is nested within the MPLS TE tunnel, that is, the outgoing interface of the LDP LSP is the
MPLS TE tunnel interface.
141

[RouterB] display mpls lsp include 3.3.3.3 32 verbose
---------------------------------------------------------------------LSP Information: RSVP LSP
---------------------------------------------------------------------No

:

1

IngressLsrID

:

2.2.2.2

LocalLspID

:

1

Tunnel-Interface

:

Tunnel3

Fec

:

3.3.3.3/32

Nexthop

:

3.2.1.2

In-Label

:

NULL

Out-Label

:

1024

In-Interface

:

----------

Out-Interface

:

GigabitEthernet 2/1/1

LspIndex

:

3073

Tunnel ID

:

0x11000c

LsrType

:

Ingress

Bypass In Use

:

Not Exists

BypassTunnel

:

Tunnel Index[---]

---------------------------------------------------------------------LSP Information: LDP LSP
---------------------------------------------------------------------No

:

2

VrfIndex

:

Fec

:

3.3.3.3/32

Nexthop

:

10.1.1.1

In-Label

:

NULL

Out-Label

:

3

In-Interface

:

----------

Out-Interface

:

Tunnel3

LspIndex

:

6147

Tunnel ID

:

0x11000e

LsrType

:

Ingress

Outgoing Tunnel ID

:

0x15000d

Label Operation

:

PUSH

No

:

3

VrfIndex

:

Fec

:

3.3.3.3/32

Nexthop

:

10.1.1.1

In-Label

:

1024

Out-Label

:

3

In-Interface

:

----------

Out-Interface

:

Tunnel3

LspIndex

:

6148

Tunnel ID

:

0x11000f

LsrType

:

Transit

142

Outgoing Tunnel ID

:

0x15000d

Label Operation

:

SWAP

MPLS TE in MPLS L3VPN configuration example
Network requirements
CE 1 and CE 2 belong to VPN 1. They are connected to the MPLS backbone respectively through PE 1
and PE 2. The IGP protocol running on the MPLS backbone is OSPF.
Do the following:

Set up an MPLS TE tunnel to forward traffic of VPN 1 from PE 1 to PE 2.

To allow the MPLS L3VPN traffic to travel the TE tunnel, configure a tunneling policy to use a CR-LSP
as the VPN tunnel when creating the VPN.

Figure 34 Network diagram

Configuration procedure
1.

Configure OSPF, ensuring that PE 1 and PE 2 can learn routes from each other.
# Configure PE 1.
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.2 255.255.255.255
[PE1-LoopBack0] quit
[PE1] interface pos 2/1/2
[PE1-POS2/1/2] clock master
[PE1-POS2/1/2] ip address 10.0.0.1 255.255.255.0
[PE1-POS2/1/2] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure PE 2.
<PE2> system-view

143

[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.3 255.255.255.255
[PE2-LoopBack0] quit
[PE2] interface pos 2/1/2
[PE2-POS2/1/2] ip address 10.0.0.2 255.255.255.0
[PE2-POS2/1/2] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

After you complete the configuration, the PEs should be able to establish the OSPF neighborship.
Perform the display ospf peer command; you should see that the neighborship state is FULL.
Perform the display ip routing-table command; you should see that the PEs learnt the routes to the
loopback interfaces of each other. Take PE 1 for example:
[PE1] display ospf peer
OSPF Process 1 with Router ID 2.2.2.2
Neighbors
Area 0.0.0.0 interface 10.0.0.1(POS2/1/2)'s neighbors
Router ID: 3.3.3.3
State: Full
DR: None

Address: 10.0.0.2

Mode:Nbr is

Master

GR State: Normal

Priority: 1

BDR: None

Dead timer due in 30

sec

Neighbor is up for 00:01:00
Authentication Sequence: [ 0 ]
[PE1] display ip routing-table
Routing Tables: Public
Destinations : 7
Destination/Mask

2.

Proto

Pre

Routes : 7
Cost

NextHop

Interface

2.2.2.2/32

Direct 0

0

127.0.0.1

InLoop0

3.3.3.3/32

OSPF

1563

10.0.0.2

POS2/1/2

10

10.0.0.0/24

Direct 0

0

10.0.0.1

POS2/1/2

10.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

10.0.0.2/32

Direct 0

0

10.0.0.2

POS2/1/2

127.0.0.0/8

Direct 0

0

127.0.0.1

InLoop0

127.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

Configure MPLS basic capabilities and LDP.
# Configure PE 1.
[PE1] mpls lsr-id 2.2.2.2
[PE1] mpls
[PE1-mpls] lsp-trigger all
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/1/2
[PE1-POS2/1/2] mpls
[PE1-POS2/1/2] mpls ldp

144

[PE1-POS2/1/2] quit

# Configure PE 2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] lsp-trigger all
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 2/1/2
[PE2-POS2/1/2] mpls
[PE2-POS2/1/2] mpls ldp
[PE2-POS2/1/2] quit

After you complete the configuration, PEs should be able to set up LDP sessions. Perform the
display mpls ldp session command; you should be able to see that the session state is operational.
Take PE 1 for example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
-----------------------------------------------------------------Peer-ID

Status

LAM

SsnRole

FT

MD5

KA-Sent/Rcv

-----------------------------------------------------------------3.3.3.3:0

Operational

DU

Passive

Off

Off

2/2

-----------------------------------------------------------------LAM : Label Advertisement Mode

3.

FT

Enable MPLS TE, CSPF and OSPF TE
# Configure PE 1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] mpls te cspf
[PE1-mpls] quit
[PE1] interface pos 2/1/2
[PE1-POS2/1/2] mpls te
[PE1-POS2/1/2] quit
[PE1] ospf
[PE1-ospf-1] opaque-capability enable
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] mpls-te enable
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# Configure PE 2.
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] mpls te cspf
[PE2-mpls] quit
[PE2] interface pos 2/1/2
[PE2-POS2/1/2] mpls te
[PE2-POS2/1/2] quit
[PE2] ospf

145

: Fault Tolerance

3. 5.168.1 255.3 [PE1-Tunnel4] mpls te tunnel-id 10 [PE1-Tunnel4] mpls te signal-protocol crldp [PE1-Tunnel4] mpls te commit [PE1-Tunnel4] quit # Perform the display interface tunnel command on PE 1.168.2.255.0 [CE1-GigabitEthernet3/1/1] quit # Configure the VPN instance on PE 1. <CE2> system-view [CE2] interface GigabitEthernet 3/1/1 [CE2-GigabitEthernet3/1/1] ip address 192.[PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.1.168.255.1. You can see that the tunnel interface is up.0 [CE2-GigabitEthernet3/1/1] quit # Configure the VPN instance on PE 2.1 255. Configure an MPLS TE tunnel # Create a TE tunnel with PE 1 as the headend and PE 2 as the tail.255. The signaling protocol is CR-LDP.0.255.0 [PE1-Tunnel4] tunnel-protocol mpls te [PE1-Tunnel4] destination 3.255. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 100:1 both 146 .0 [PE1-GigabitEthernet3/1/1] quit # Configure on CE 2.255. Bind the VPN instance with the interface connected to CE 1.1.0] quit [PE2-ospf-1] quit 4.2 255. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy policy1 [PE1-vpn-instance-vpn1] quit [PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [PE1-tunnel-policy-policy1] quit [PE1] interface GigabitEthernet 3/1/1 [PE1-GigabitEthernet3/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet3/1/1] ip address 192.0.255.2 255.0. Configure the VPN instance on each PE.255. and bind it with the interface connected to CE 2.0. and use CR-LSP for VPN setup. [PE1] interface tunnel 4 [PE1-Tunnel4] ip address 12.0] mpls-te enable [PE2-ospf-1-area-0. <CE1> system-view [CE1] interface GigabitEthernet 3/1/1 [CE1-GigabitEthernet3/1/1] ip address 192. and bind it to the interface connected to the CE # Configure on CE 1.1.3.

For example.168.[PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 3/1/1 [PE2-GigabitEthernet3/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet3/1/1] ip address 192. 00 hours.1.168.2 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] peer 3.1.3 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.2: bytes=56 Sequence=2 ttl=255 time=26 ms Reply from 192.1.00% packet loss round-trip min/avg/max = 26/30/47 ms The output shows that PE 1 can reach CE 1.3.192.1.255.1.2 PING 192.168. 1 Create time : 2006/09/27 15:10:29 Up time : 0 days.1.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --.3.168.2: 56 data bytes.168.0 [PE2-GigabitEthernet3/1/1] quit # Perform the display ip vpn-instance command on the PEs to verify the configuration of the VPN instance.3. [CE1] bgp 65001 [CE1-bgp] peer 192.168.255.3 as-number 100 [PE1-bgp] peer 3.2.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 192.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. Configure BGP # Configure CE 1. ping CE 1 on PE 1: [PE1] ping -vpn-instance vpn1 192. and the IBGP peer relationship with PE 2.1.3 enable [PE1-bgp-af-vpnv4] quit 147 .3.168. 6. Take PE 1 for example: [PE1] display ip vpn-instance instance-name vpn1 VPN-Instance Name and ID : vpn1.1 as-number 100 [CE1-bgp] quit # Configure PE 1 to establish the EBGP peer relationship with CE 1.168.168.168.2: bytes=56 Sequence=1 ttl=255 time=47 ms Reply from 192.1 255.168. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 192.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 192. 03 minutes and 09 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Tunnel Policy : policy1 Interfaces : GigabitEthernet3/1/1 # Ping connected CEs on PEs to test connectivity.1.3.3.1. press CTRL_C to break Reply from 192.

3.2 Local AS number : 100 Total number of peers : 1 Peer V AS 3.2: bytes=56 Sequence=3 ttl=253 time=53 ms Reply from 192.2: bytes=56 Sequence=1 ttl=253 time=61 ms Reply from 192.2. press CTRL_C to break 148 PrefRcv 0 .1.1.2: 56 data bytes. You can see that the BGP peer relationships have been formed between PEs and between PEs and CEs and have reached the established state.168.2.168.2 as-number 100 [PE2-bgp] peer 2. [CE2] bgp 65002 [CE2-bgp] peer 192.168. press CTRL_C to break Reply from 192.2 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 2.168.2 PING 192. [CE1] ping 192.3.2.2: bytes=56 Sequence=4 ttl=253 time=57 ms Reply from 192. Take PE 1 for example: [PE1-bgp] display bgp peer BGP local router ID : 2.1.2.2 as-number 65002 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] peer 2.2.168.2 Local AS number : 100 Total number of peers : 1 Peer V AS Peers in established state : 1 MsgRcvd MsgSent 192.1 as-number 100 [CE2-bgp] quit # Configure PE 2 to establish the EBGP peer relationship with CE 2 and the IBGP relationship with PE 1.168.168.168.168.192.2 PING 192.2.2.3 4 100 Peers in established state : 1 MsgRcvd MsgSent OutQ 3 3 0 Up/Down State 00:00:11 Established PrefRcv 0 [PE1-bgp] display bgp vpn-instance vpn1 peer BGP local router ID : 2.[PE1-bgp] quit # Configure CE 2.168.168.2. [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 192.2.2 4 65001 4 5 OutQ Up/Down 0 00:02:13 Established State # Ping CE 2 on CE 1 and vice versa to test connectivity.2.2.2.2: bytes=56 Sequence=5 ttl=253 time=36 ms --.2.168.2.2.2.2 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Perform the display bgp peer command and the display bgp vpn-instance peer command on PEs.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.2: 56 data bytes.2: bytes=56 Sequence=2 ttl=253 time=54 ms Reply from 192.168.2.2.00% packet loss round-trip min/avg/max = 36/52/61 ms [CE2] ping 192.2.

1 In-Label : 1024 Out-Label : NULL In-Interface : ---------- Out-Interface : ---------- LspIndex : 8193 Tunnel ID : 0x0 LsrType : Egress 149 . 7.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.3/32 Nexthop : 10.168.1.168.2 In-Label : NULL Out-Label : 1024 In-Interface : ---------- Out-Interface : POS2/1/2 LspIndex : 2050 Tunnel ID : 0x22004 LsrType : Ingress Bypass In Use : Not Exists BypassTunnel : Tunnel Index[---] Mpls-Mtu : 1500 -----------------------------------------------------------------LSP Information: BGP LSP -----------------------------------------------------------------No : 2 VrfIndex : vpn1 Fec : 192.1.1.168.168.0/24 Nexthop : 192.0.00% packet loss round-trip min/avg/max = 35/48/74 ms The output shows that CE 1 and CE 2 can reach each other.1.2.0.2.3.2: bytes=56 Sequence=3 ttl=253 time=74 ms Reply from 192. established using CR-LDP.3.2: bytes=56 Sequence=5 ttl=253 time=35 ms --.1.2: bytes=56 Sequence=1 ttl=253 time=38 ms Reply from 192.Reply from 192.168.1. the MPLS TE tunnel.2 LocalLspID : 1 Tunnel-Interface : Tunnel4 Fec : 3. [PE1] display mpls lsp verbose -----------------------------------------------------------------LSP Information: CRLDP LSP -----------------------------------------------------------------No : 1 IngressLsrID : 2.1.168. that is.2: bytes=56 Sequence=2 ttl=253 time=61 ms Reply from 192.192. You can find an LSP with LspIndex 2050.168.168. Verify the configuration # Perform the display mpls lsp verbose command on PE 1.2: bytes=56 Sequence=4 ttl=253 time=36 ms Reply from 192. This is the LSP.

0.2.3.2.2 In-Label : NULL Out-Label : 3 In-Interface : ---------- Out-Interface : POS2/1/2 LspIndex : 10242 Tunnel ID : 0x22000 LsrType : Ingress Outgoing Tunnel ID : 0x0 Label Operation : PUSH # Perform the display interface tunnel command on PE 1. [PE1] display interface tunnel 4 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1500 Internet Address is 12. 0 packets/sec 150 0/500/0 .1/24 Primary Encapsulation is TUNNEL.3/32 Nexthop : 10.Outgoing Tunnel ID : 0x0 Label Operation : POP -----------------------------------------------------------------LSP Information: LDP LSP -----------------------------------------------------------------No : 3 VrfIndex : Fec : 2.2/32 Nexthop : 127.0.0.3. 0 packets/sec 5 bytes/sec. service-loopback-group ID not set Tunnel source unknown. The output shows that traffic is being forwarded along the CR-LSP of the TE tunnel.1.0.1.3.3.3 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: Last 300 seconds output: 0/75/0 5 bytes/sec. destination 3.1 In-Label : 3 Out-Label : NULL In-Interface : POS2/1/2 Out-Interface : ---------- LspIndex : 10241 Tunnel ID : 0x0 LsrType : Egress Outgoing Tunnel ID : 0x0 Label Operation : POP No : 4 VrfIndex : Fec : 3.

at least one OSPF neighbor must reach the FULL state. Perform the display current-configuration command to check that MPLS TE is configured on involved interfaces. the Switch Result field has a value of Protect-tunnel and the Work-tunnel defect state field has a value of No-defect. Solution 151 . Analysis For TE LSAs to be generated. 2856 bytes 0 output error Troubleshooting MPLS TE No TE LSA generated Symptom OSPF TE is configured but no TE LSAs can be generated to describe MPLS TE attributes. If you expect that protection switching will be triggered when the main tunnel recovers. If you hope the switchover occurs immediately when the main tunnel recovers. the configuration defines that reverting should not occur. If the Mode field is revertive and the WTR field is a non-zero value. data will be switched back to the main tunnel. if the main tunnel still has no defect. 2.34 packets input. you can use the mpls te protection tunnel command to change the reverting delay time to 0. Perform the display ospf peer command to check that OSPF neighbors are established correctly. Solution 1. • The reverting delay period is relatively long. Swicthback fails to occur when the main tunnel resumes Symptom When data is transmitted along the protection tunnel. 1. Analysis Possible reasons include: • The reverting mode is non-revertive. 2. the reverting delay timer has expired. Perform the debugging ospf mpls-te command to observe whether OSPF can receive the TE LINK establishment message. 3. In the output of the display mpls te protection tunnel command. 2856 bytes 0 input error 34 packets output. the main tunnel becomes normal but data still travels along the protection tunnel. Execute the display mpls te protection tunnel command. you can configure the mpls te protection tunnel command in the main tunnel interface view to set the reverting mode as revertive. When the timer expires. If the Mode field in the output is Non-revertive. • A switching command with higher priority forces data to travel along the protection tunnel.

a switching action with a higher priority than the signal switching is configured.3. check the The current switch command field in the output of the display mpls te protection tunnel command. If your case is neither 1) nor 2). you can use the mpls te protect-switch clear command to clear all configured switching actions. If you expect that signaling can trigger switchover when the main tunnel recovers. If its value is Force. 152 .

usually an MPLS tunnel. allowing packets to be transmitted with two layers of tags across the service provider network. rather than the point-to-point services that traditional VPN supports. With VPLS. It is used to carry PWs. A PE can be a UPE or NPE.1Q. all user packets on an AC. With QinQ. It offers a point-to-multipoint L2VPN service mechanism. • VSI—Virtual switch instance that maps actual access links to virtual links. • Forwarder—A forwarder functions as the VPLS forwarding table. allowing customers to build their LANs across the Metropolitan Area Network (MAN) or Wide Area Network (WAN). However. A PW consists of two unidirectional MPLS virtual circuits (VCs). • Encapsulation—Packets transmitted over a PW use the standard PW encapsulation formats and technologies: Ethernet and VLAN. service providers can create on the PEs a series of virtual switches for customers. 153 . • UPE—User facing provider edge device that functions as the user access convergence device. is a direct channel between a local PE and the peer PE for transparent data transmission in-between. • NPE—Network provider edge device that functions as the network core PE. can deliver a point-to-multipoint L2VPN service over public networks. An NPE resides at the edge of a VPLS network core domain and provides transparent VPLS transport services between core networks.Configuring VPLS VPLS overview Virtual Private LAN Service (VPLS). VPLS provides Layer 2 VPN services. • PE—Provider edge device that connects one or more CEs to the service provider network. Once a PE receives a packet from an AC. geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN.1Q in 802. the forwarder selects a PW for forwarding the packet. With VPLS. This provides a simpler Layer 2 VPN tunneling service. • Tunnel—A tunnel. the private network VLAN tags of packets are encapsulated into the public network VLAN tags.1Q. A PE maps and forwards packets between private networks and public network tunnels. must be forwarded to the peer site without being changed. It can use physical interfaces or virtual interfaces. • AC—Attachment circuit that connects the CE to the PE. it supports multipoint services. A tunnel can carry multiple PWs. Usually. including Layer 2 and Layer 3 protocol messages. Operation of VPLS Basic VPLS concepts • CE—Customer edge device that is directly connected to the service provider network. • PW—Pseudo wire that is the bidirectional virtual connection between VSIs. • QinQ—802. also called Transparent LAN Service (TLS) or virtual private switched network service. a tunneling protocol based on 802.

A PW is up only when both of the VC LSPs are up. Figure 35 Network diagram for VPLS Site 1 Tunnel VPN 1 PW AC CE 1 VPN 2 Site 2 MPLS backbone CE 2 Forwarder P CE 3 VPN 1 PE 1 CE 4 PE 2 PWSignaling VPN 2 Site 3 MAC address learning and flooding VPLS provides reachability by MAC address learning. the PW needs to map the MAC address to the outbound VC LSP. Source MAC address learning MAC address learning includes two parts: Remote MAC address learning associated with PWs A PW consists of two unidirectional VC LSPs. there are two PW signaling protocols: LDP and BGP.• PW signaling—The PW signaling protocol is the fundament of VPLS. This occurs on the corresponding VSI interfaces. When the inbound VC LSP learns a new MAC address. Local MAC address learning of interfaces directly connected to users This refers to learning source MAC addresses from Layer 2 packets originated by CEs. Figure 36 shows the procedure of MAC address learning and flooding on PEs. It is used for creating and maintaining PWs and automatically discovering VSI peer PE. Currently. Each PE maintains a MAC address table. Figure 35 shows a typical VPLS networking scenario. 154 . 1.

Therefore. If NULL is specified. except for those learned from the PW that sent the message. Upon receiving such a message. a PE updates the corresponding MAC entries in the FIB table of the VPLS instance and sends the message to other PEs that are directly connected through LDP sessions. which carries MAC TLV. The aging mechanism used here is the aging timer corresponding to the MAC address. enabling STP in the private networks means nothing to the service provider network. This is not applicable for VPLS networks because the users cannot sense the service provider network. 3. Two methods for VPLS loop avoidance are supported: 155 . full mesh and split horizon forwarding are used to avoid use of STP at the private network side. the PE resets the aging timer. the router removes all MAC addresses of the VSI except for those learned from the PW that received the address reclaim message. There are two types of address reclaim messages: those with MAC address lists and those without MAC address lists. After a backup link becomes active and a message with the instruction of relearning MAC entries arrives. a router removes MAC addresses or relearns them according to the specified parameters in the TLV. VPLS loop avoidance In general. The VPLS draft defines a dynamic address learning method that uses the address reclaim message. MAC address reclaim Dynamic address learning must support refreshing and relearning. Layer 2 networks use the Spanning Tree Protocol (STP) to avoid loops. MAC address aging Remote MAC addresses learned by a PE that are related to VC labels but no more in use need to be aged out by an aging mechanism. When receiving a packet whose source MAC address has an aging timer started. The address reclaim message is very useful when the network topology changes and it is required to remove the learned MAC addresses quickly. If the message contains a null MAC address TLV list. these PEs remove all MAC addresses from the specified VSI.Figure 36 MAC learning and flooding on PEs 2. In VPLS.

NOTE: For more information about the Martini mode and Kompella mode. LDP and BGP can be used as PW signaling protocols. LDP and BGP are used to automatically discover VSI peer PEs. • Ethernet access: The Ethernet header of a packet upstream from the CE or downstream from the PE does not contain any service delimiter. that is. it is the internal VLAN tag of the user and means nothing to the PE. In other words. can be either Ethernet or VLAN. This kind of internal VLAN tag of the user is called a U-Tag. In addition. a PE cannot forward packets via PWs of the same VSI. each PE must create for each VPLS forwarding instance a tree to all the other PEs of the instance. This mode is also called the Kompella mode. the PE directly adds a PW label and a tunnel label into the packet and then forwards the packet. a PW signaling protocol is needed to assign a multiplex distinguishing flag (that is. control word. Peer PE discovery and PW signaling protocol For PEs in the same VSI. Currently. 156 . For a PW to be created. Otherwise. see the chapter “Configuring MPLS L2VPN. the PW signaling protocol advertises VPLS system parameters such as PW ID. and interface parameters. • Each PE must support horizontal split to avoid loops. P-TAG is not transferred on the PW. you can configure the peer PE addresses or use an automatic discovery mechanism. the PE removes the service delimiter and adds a PW label and a tunnel label into the packet before forwarding the packet.” VPLS packet encapsulation Packet encapsulation on an AC The packet encapsulation type of an AC depends on the user VSI access mode. because all the PEs of a VSI are directly connected. With the PW signaling protocol. VC label) and advertise the assigned VC flag to the peer. • BGP VPLS—Uses BGP extension as the signaling protocol. rewriting and removing of existing tags are not allowed. whether the PE adds the service delimiter into the packet depends on your configuration.• PEs are logically fully meshed (so are PWs). For a packet to be sent downstream. However. packets from PWs on the public network side cannot be forwarded to other PWs. also called the PW transport mode. if it contains the service delimiter. • VLAN access: The Ethernet header of a packet sent by a CE to a PE or sent by a PE to a CE includes a VLAN tag that is added in the header as a service delimiter for the service provider network to identify the user. they can only be forwarded to the private network side. Packet encapsulation on a PW The packet encapsulation type of a PW. If a header contains a VLAN tag. You can specify the VSI access mode to be used. For a packet from a CE. PWs can be established between PEs to form a fully meshed network to provide VPLS services. VPLS can be one of the following based on the PW signaling protocol used: • LDP VPLS—Uses LDP as the signaling protocol. that is. This mode is also called the Martini mode. The tag is called a P-Tag. which can be VLAN or Ethernet. • In Ethernet mode.

which forwards the packet to the CE. NPE 1 determines which VSI the packet belongs to by the label and. the PE adds the VLAN tag expected by the peer PE or a null tag. H-VPLS with LSP access Figure 37 H-VPLS with LSP access As shown in Figure 37. NPE 1 tags the packet with the multiplex distinguishing flag for the U-PW and sends the packet to UPE. or retains the service delimiter depending on your configuration. • H-VPLS reduces the logical complexity of the fully meshed network consisting of PEs and the configuration complexity. Advantages of H-VPLS access • H-VPLS has lower requirements on the multi-tenant unit switch (MTU-s). UPE can forward them directly without NPE 1 because it holds the bridging function by itself. • Upon receiving the packet from the N-PW. For a packet to be sent downstream. UPE tags the packet with the MPLS label for the U-PW. the packet encapsulation type of a PW is VLAN by default.• In VLAN mode. Data forwarding in H-VPLS with LSP access is as follows: • Upon receiving a packet from a CE. According to the protocol. tags the packet with the multiplex distinguishing flag for the N-PW. forwards it through U-PW to NPE 1. • When receiving the packet. packets transmitted over the PW must carry a P-Tag. and forwards the packet. It does not establish virtual links with any other peers. It has distinct hierarchies which fulfill definite tasks. at the same time. the PE keeps the P-Tag unchanged or changes the P-Tag to the VLAN tag expected by the peer PE or to a null tag (the tag value is 0). If the packet contains no service delimiter. and then sends the packet to NPE 1. which replicates the packet and sends a copy to each peer CE. UPE broadcasts the packet to CE 2 through the bridging function and. based on the destination MAC address of the packet. H-VPLS implementation Hierarchy of VPLS (H-VPLS) can extend the VPLS access range of a service provider and reduce costs. the PE rewrites. if it contains the service delimiter. For a packet from a CE. For the first packet with an unknown destination MAC address or a broadcast packet. UPE functions as the convergence device MTU-s and establishes only a virtual link U-PW with NPE 1. and then a PW label and a tunnel label into the packet before sending the packet out. For packets to be exchanged between CE 1 and CE 2. removes. namely the multiplex distinguishing flag. and then adds a PW label and a tunnel label into the packet before sending the packet out. 157 .

H-VPLS with QinQ access Figure 38 H-VPLS with QinQ access As shown in Figure 38. it forwards the packet through the QinQ tunnel to MTU. tags the packet with the multiplex distinguishing flag (MPLS label) for the PW. forwards it through the QinQ tunnel to PE 1. • Upon receiving the packet from the PW. MTU broadcasts the packet to CE 2 through the bridging function and. Data forwarding in H-VPLS with QinQ access is as follows: • Upon receiving a packet from a CE. based on the destination MAC address of the packet. • When receiving the packet. For packets to be exchanged between CE 1 and CE 2. PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag (MPLS label) and. which in turn forwards the packet to the CE. which replicates the packet and sends a copy to each peer CE. it forwards the packet. Then. at the same time. MTU labels the packet with a VLAN tag as the multiplex distinguishing flag. MTU is a standard bridging device and QinQ is enabled on its interfaces connected to CEs. MTU can forward them directly without PE 1 because it holds the bridging function by itself. Then. PE 1 determines which VSI the packet belongs to by the VLAN tag and. For the first data packet with an unknown destination MAC address or a broadcast packet. 158 . and transparently sends the packet to PE 1 through the QinQ tunnel. based on the destination MAC address of the packet. labels the packet with the VLAN tag.

The spoke sites (the spoke-CEs) are not permitted to communicate with each other directly. only the primary PW link is used. 159 . The PE connecting the hub site is called the “hub-PE. When the main link fails. • The LDP session between the peers of the primary PW goes down. there is one hub site and multiple spoke sites.” The PEs connecting the spoke sites are called “spoke-PEs. facilitating centralized management of traffic. one of the VPLS networking modes. Normally. Figure 39 Backup link for H-VPLS with LSP access CE 1 NPE 1 N-PW NPE 3 U-PW UPE CE 3 N-PW CE 2 N-PW U-PW (Backup link) NPE 2 The H-VPLS with LSP access activates the backup link when: • The tunnel over which the primary PW is established is deleted. all traffic between spoke sites must go through the hub site. and the PW is deleted as a result.PW redundancy The network design with a single PW between a UPE and an NPE has a distinct drawback: once the PW experiences a failure. causing the PW to go down. data transmission between them depends on the hub site (the hub-CE). The H-VPLS with LSP access provides redundant links for PW backup. • BFD detects a primary link failure.” Advantages of hub-spoke networking In hub-spoke networking. all VPNs connected to the aggregate device will lose connectivity. the backup link takes over the VPN services. Hub-spoke VPLS implementation In hub-spoke networking.

and then forwards the packet to Spoke-CE 2. the following describes only the data forwarding procedure: 1. 2. When Spoke-PE 2 receives the packet from the PW. and forwards the packet to Spoke-PE 2. Receiving the packet from the PW. you can establish multiple continuous PW segments that function as a single PW. 160 . inserts an MPLS label to which the PW corresponds based on the destination MAC address.” a virtual connection between the two PEs. As the MAC address learning in a hub-spoke network is the same as that in a common network. 5. Receiving the packet from the AC. 4. Upon receiving a packet from Spoke-CE 1. Hub-PE determines by the VLAN tag the VSI that the packet is for. Hub-CE has Layer 2 forwarding function. it determines by the MPLS label the VSI that the packet is for. called a “multi-hop PW. Hub-PE determines by the MPLS label the VSI that the packet is for and forwards the packet to Hub-CE directly. Multi-hop PW A PW cannot be setup directly between two PEs when: • The two PEs are in different Autonomous Systems (ASs).Hub-Spoke networking Figure 40 Hub-spoke networking Hub-CE Hub-PE Spoke-PE 1 Spoke-CE 1 Spoke-PE 2 Spoke-CE 2 Figure 40 shows a typical hub-spoke networking application. • The two PEs use different PW signaling protocols. 3. where they cannot establish a singling connection. Spoke-PE 1 inserts an MPLS label into the packet according to the VSI to which Spoke-CE 1 belongs and then forwards the packet to Hub-PE. It processes the packet and then forwards the packet back to Hub-PE. In such cases.

Figure 41 Diagram for multi-hop PW MPLS backbone MPLS backbone ASBR 2 ASBR 1 AS 100 AS 200 PE 1 PE 2 PW 2 PW 1 PW 3 CE 1 CE 2 As shown in Figure 41. and PW 3 between ASBR 2 between PE 2. Then. ASBR 2 removes the existing inner and outer labels of the packet and then adds the inner and outer labels of PW 3 (or PW 2) to the packet. NOTE: Only LDP VPLS connections can form a multi-hop PW. VPLS configuration task list Complete the following tasks to configure VPLS: Task Configuring LDP VPLS Configuring BGP VPLS Remarks Enabling L2VPN and MPLS L2VPN Required Configuring an LDP VPLS instance Required Configuring the BGP extension Required Enabling L2VPN and MPLS L2VPN Required Configuring a BGP VPLS instance Required Binding a VPLS instance Required Configuring MAC address learning Optional Configuring VPLS attributes Optional 161 Configure either type of VPLS as needed . PW 1. you need to: • Establish three PWs: PW 1 between PE 1 and ASBR 1. upon receiving a packet from PW 2 (or PW 3). Then. To set up a multi-hop PW between PE 1 and PE 2. ASBR 1 removes the existing inner and outer labels of the packet and adds the inner and outer labels of PW 2 (or PW 1) to the packet. when receiving a packet from PW 1 (or PW 2). • Associate PW 1 and PW 2 on ASBR 1. PE 1 and PE 2 are in different ASs. Thus. PW 2. • Associate PW 2 and PW 3 on ASBR 2. PW 2 between ASBR 1 and ASBR 2. and PW 3 are put end to end and a multi-hop PW is formed across the ASs.

For configuration information. the Martini mode uses extended LDP (remote LDP sessions) as the signaling for transferring PW information. Enter system view. For configuration details.” Enabling L2VPN and MPLS L2VPN You need to enable L2VPN and MPLS L2VPN before you can perform VPLS related configurations. system-view 2. the LDP mode is also called the Martini mode. 4. l2vpn 3. Configuring an LDP VPLS instance Configuration prerequisites • Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone • Configuring basic MPLS for the MPLS backbone on the PEs and P devices • Configuring MPLS L2VPN Configuration procedure When creating an LDP VPLS instance. see MPLS Command Reference. Use the peer command to create the VPLS peer PE for the instance. see the chapter “Configuring basic MPLS. specifying: • IP address of the peer PE. Specify the ID of the VPLS instance. When configuring a VPLS instance in LDP mode. Specify a globally unique name for the VPLS instance and set the peer discovery mechanism to manual configuration. 162 . To enable L2VPN and MPLS L2VPN: Step Command 1. 3. • Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels on the backbone network. Therefore.” • Configure LDP remote peers on PEs to establish remote LDP sessions.Configuring LDP VPLS Configuration prerequisites • Configure IGP on the MPLS backbone devices (PEs and P devices) to guarantee the IP connectivity of the MPLS backbone. In L2VPN implementation. Enable L2VPN and enter L2VPN view. you need to perform the following configurations: 1. you must configure LDP as the signaling protocol to be used. see Layer 3—IP Routing Configuration Guide. see the chapter “Configuring basic MPLS. 2. For configuration information. mpls l2vpn NOTE: For more information about the l2vpn command and the mpls l2vpn command. Enable MPLS L2VPN.

2. On a UPE. you can configure only one pair of primary and secondary NPEs. Configure the PW transport mode. A PW class template defines the PW transport mode and tunneling policy to be used. 9. pw-class pw-class-name 3. If you specify a peer as a UPE. trans-mode { ethernet | vlan } Optional.• ID of the PW to the peer PE. vsi-id vsi-id N/A Create a peer PE for the VPLS instance. the peer is a user access convergence device in the H-VPLS model. Enter system view. dual-npe revertive [ wtr-time wtr-time ] 163 Optional. VLAN by default. quit N/A 6. Disabled by default. no PW class template is created. • Type of the peer PE. NOTE: For information about Martini mode.” To configure an LDP VPLS instance: Step Command Remarks system-view N/A 1. the tunneling policy specified through the tnl-policy command in VSI view is used. Create a PW class template and enter its view. 10. Specify a tunneling policy. pwsignal ldp N/A Specify an ID for the VPLS instance. Optional. the local PE is a UPE and you create a primary NPE and a secondary NPE on it. . vsi vsi-name static [ hub-spoke | p2p ] N/A 7. which must be consistent with that specified on the peer PE. Specify LDP as the PW signaling protocol and enter VSI LDP view. Enable the PW switchback function and set the switchback delay time. By default. while it is not necessary for a UPE to connect with all the NPEs. Return to system view. peer ip-address [ { hub | spoke } | pw-class class-name | [ pw-id pw-id ] [ upe | backup-peer ip-address [ backup-pw-id pw-id ] ] ] * N/A 8. • PW class template to be referenced. The specified remote NPE peers must be fully meshed. 4. Create an LDP VPLS instance and enter VSI view. 5. If you specify the backup-peer keyword when creating the peer. pw-tunnel-policy policy-name By default. Optional. see the chapter “Configuring MPLS L2VPN.

Configuring BGP VPLS Configuration prerequisites • Configure IGP on the MPLS backbone devices (PEs and P devices) to guarantee the IP connectivity of the MPLS backbone.” Enabling L2VPN and MPLS L2VPN Enable L2VPN and MPLS L2VPN before you configure VPLS related configurations. • Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels on the backbone network. mpls 164 . specify the p2p keyword when you create a VPLS instance to enable the PW to PW (P2P) capability. Configure the LSR ID. For configuration details. Enter system view. peer peer-address enable No peer is activated by default. For configuration details. To configure BGP extension: Step Command Remarks 1. Activate a peer. see the chapter “Configuring MPLS L3VPN. To enable L2VPN and MPLS L2VPN: Step Command 1.” Configuring the BGP extension Before configuring BGP VPLS. NOTE: For configurations in VPLS address family view. • Up to two peer PEs can be specified for a P2P enabled VPLS instance. see the chapter “Configuring basic MPLS. system-view N/A 2. mpls lsr-id 3.NOTE: • To configure a multi-hop PW. Enter system view. and one of them must be specified as a UPE. Enable MPLS capability and enter MPLS view. system-view 2. For configuration information. vpls-family N/A 4. see Layer 3—IP Routing Configuration Guide. • A P2P enabled VPLS instance cannot be bound with a Layer 3 interface or a service instance. Enter VPLS address family view. and specify the two peer PEs by using the peer command in the VPLS instance view to associate two PWs. Enter BGP view. bgp as-number N/A 3. you need to configure BGP parameters on the PEs. see Layer 3—IP Routing Configuration Guide.

mpls l2vpn NOTE: For more information about the l2vpn command the mpls l2vpn command. you must configure BGP as the signaling protocol to be used. quit 5. Task Command Remarks Reset VPLS BGP connections. Enter system view. pwsignal bgp 4. reset bgp vpls { as-number | ip-address | all | external | internal } Available in user view Binding a VPLS instance You can establish the association between packets and a VPLS instance in either of the following methods: 165 . Return to system view. Create a site for the VPLS instance. vsi vsi-name auto 3. Enable MPLS L2VPN.Step Command 4. you must reset the BGP connections in a VPLS to make the new configurations take effect to all connections. system-view 2. Configure VPN targets for the VPLS instance. l2vpn 6. you must specify a globally unique name for the VPLS instance and set the peer discovery mechanism to automatic configuration. Create a BGP VPLS instance and enter VSI view. When configuring a VPLS instance in BGP mode. Enable L2VPN and enter L2VPN view. route-distinguisher route-distinguisher 5. Configure an RD for the VPLS instance. see MPLS Command Reference. vpn-target vpn-target&<1-16> [ both | import-extcommunity | export-extcommunity ] 6. site site-id [ range site-range ] [ default-offset { 0 | 1 } ] Resetting VPLS BGP connections When the BGP routing policy or protocol is changed. To configure a BGP VPLS instance: Step Command 1. Specify BGP as the PW signaling protocol and enter VSI BGP view. Configuring a BGP VPLS instance When creating a BGP VPLS instance. where extended BGP is used as the signaling protocol. The BGP mode is also called the Kompella mode.

• Specify a packet matching VLAN ID for the service instance. you need to remove both the VPLS service and the MPLS service and then reconfigure the service. they cannot forward unicast or multicast packets. neither VPLS nor MPLS can work normally and to use either service. With the first binding method. interface interface-type interface-number N/A 3. To bind a Layer 3 interface with a VPLS instance: Step Command Remarks 1. l2 binding vsi vsi-name [ access-mode { ethernet | vlan } | { hub | spoke } ] * By default. Bind the interface with a VPLS instance. • If you bind a Layer 3 interface with a VPLS instance. Enter system view. After you remove the binding. you need to: • Create a service instance on the Layer 2 Ethernet port. CAUTION: • On the interface that is bound with a VPLS instance. all packets arriving at the Layer 3 interface will be forwarded through the VPLS instance. system-view N/A 2. packets that arrive at the Layer 2 Ethernet port and match the specified VLAN ID will be forwarded through the bound VPLS instance.• Binding a Layer 3 interface (other than VLAN interface) with the VPLS instance. packets arriving at the Layer 2 port and carrying the specified VLAN tag will be forwarded through the VPLS instance. • Bind the service instance with the VPLS instance. After these configurations. After you configure such a binding. This not only wastes the Layer 2 Ethernet interface and VLAN resources. but also cannot differentiate users and services connected to different Layer 2 Ethernet ports. The second binding method can solve these problems. To bind a Layer 2 port and a VLAN ID with the VPLS instance: 166 . for example. IP related functions on the sub-interfaces of the Layer 3 interface will fail. regardless of which Layer 2 Ethernet ports the packets arrive at. Otherwise. Enter interface view. one VLAN interface can be bound to only one VPLS instance and all packets carrying the VLAN tag will be forwarded through the VPLS instance. For example. a routing interface or a routing sub-interface. Binding a Layer 3 interface with a VPLS instance NOTE: The router does not support binding a VLAN interface with a VPLS instance in this method. an interface is not bound with any VPLS instance. • Binding a Layer 2 port and a VLAN ID with the VPLS instance. do not enable the MPLS function. if you bind VLAN interfaces. the IP related functions on the sub-interfaces recover. Binding a Layer 2 port and a VLAN ID with the VPLS instance To bind a Layer 2 port and a VLAN ID with the VPLS instance. the sub-interfaces cannot receive ARP or IGMP packets. After you configure such a binding.

65535 by default. Optional. system-view N/A 2. Create the service instance and enter its view. no service instance is created. 7. Configuring MAC address learning To configure the MAC address learning function: Step Command Remarks 1. can you further specify the access mode as hub or spoke. quit N/A 5. port interface N/A 4. • For the access mode configuration of a service instance. Specify a MAC address learning mode for the VPLS instance. 8. mac-learning { enable | disable } 4. Enabled by default. The default is spoke. vsi vsi-name N/A 3. Create the VLAN to be used by the service instance to match packets. Optional. NOTE: • You can configure up to 4094 service instances on a Layer 2 Ethernet port. 5. Return to system view. • The xconnect vsi command is only available for service instances with the ID in the range of 1 to 4094. a service instance is not associated with any VPLS instance.Step Command Remarks 1. see the chapter “Configuring MPLS L2VPN. . The router only supports the unqualify mode. interface interface-type interface-number N/A 6. Optional. mac-table limit mac-limit-number 167 unqualify by default. mac-learn-style { qualify | unqualify } Set the maximum number of MAC addresses that the device can learn for the VPLS instance. encapsulation s-vid vlan-id By default. xconnect vsi vsi-name [ access-mode { ethernet | vlan } | { hub | spoke } ] * By default. Enter VSI view.” • Only when the VPLS instance is enabled with the hub-spoke capability. Associate the service instance with a VPLS instance. service-instance service-instance-id By default. Enter system view. Enter the view of the port connecting the CE. no packet matching VLAN ID is specified for a service instance. Enter system view. vlan vlan-id N/A 3. Specify a packet matching VLAN ID for the service instance. Enable/disable MAC address learning for the VPLS instance. system-view N/A 2. Add the Layer 2 port that connects the CE to the VLAN.

5 by default. NOTE: The router supports limiting traffic speed and suppressing broadcast traffic for VPLS instances only when the system working mode is SPE. encapsulation { ethernet | vlan | bgp-vpls } 6. 8. Optional. no tunneling policy is specified for a VPLS instance and a VPLS instance uses the default tunneling policy. system-view N/A 2. bandwidth vpn-speed Set the broadcast suppression percentage of the VPLS instance. broadcast-restrain ratio 5. 9. see Fundamentals Configuration Guide. Set the MTU of the VPLS instance. 1.Configuring VPLS attributes To configure VPLS attributes: Step Command Remarks 1. tnl-policy tunnel-policy-name By default. 102. Displaying and maintaining VPLS Task Command Remarks Display the VPLS information in the BGP routing table. Specify the encapsulation type of the VPLS instance.400 kbps by default. shutdown 4. Set the upper speed limit of the VPLS instance. Specify a tunneling policy for the VPLS instance. Optional. Optional. 7. The default tunneling policy selects only one tunnel (no load balancing) in this order: LSP tunnel. Optional. Optional. which corresponds to the VSI PW encapsulation type of tagged. For more information about system working modes. CR-LSP tunnel. Enter VSI view. Optional. Optional. Enter system view. vsi vsi-name N/A 3. description text Shut down the VPLS service of the VPLS instance. Enabled by default. display bgp vpls { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher route-distinguisher [ site-id site-id [ label-offset label-offset ] ] } [ | { begin | exclude | include } regular-expression ] Available in any view 168 .500 bytes by default. vlan by default. No description set by default. mtu mtu Set the description of the VPLS instance.

display vsi [ vsi-name ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about remote VPLS connections. display mpls l2vpn fib ac vpls [ vsi vsi-name | interface interface-type interface-number [ service-instance service-instanceid ] ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the PW information of one or all VPLS instances. the Kompella mode. display vpls connection [ bgp | ldp | vsi vsi-name ] [ block | down | up ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the AC information of one or all VPLS instances. while bbb uses BGP. display mac-address vsi [ vsi-name ] [ blackhole | dynamic | static ] [ count ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about VPLS connections.Task Command Remarks Display the MAC address table information of one or all VPLS instances. display pw-class [ pw-class-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about one or all fast switching groups. VPLS instance aaa uses LDP. that is. that is. display l2vpn fast-switch-group [ group-index ] [ | { begin | exclude | include } regular-expression ] Available in any view Clear the MAC address table of one or all VPLS instances. The AS number is 100. the Martini mode. reset mac-address vsi [ vsi-name ] Available in user view VPLS configuration examples Configuring VPLS instances Network requirements CE 1 and CE 2 reside in different sites but both belong to VPN 1. display vsi remote { bgp | ldp } [ | { begin | exclude | include } regular-expression ] Available in any view Display information about one or all PW class templates. Figure 42 Network diagram 169 . display mpls l2vpn fib pw vpls [ vsi vsi-name [ link link-id ] ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about one or all VPLS instances.

2. Configure PE 1.2.2.9 connect-interface loopback 0 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 2.9 as-number 100 [PE1-bgp] peer 2.10 24 # Configure basic MPLS on the interface.1.2.10.1.2. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling.2.9 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # Configure the VPLS instance bbb that uses BGP signaling.9 [PE1-mpls-remote-1] quit # Configure BGP extension. [PE1] vsi aaa static [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500 [PE1-vsi-aaa-ldp] peer 2. [PE1] mpls ldp remote-peer 1 [PE1-mpls-remote-1] remote-ip 2.2.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1. (Details not shown) # Configure basic MPLS. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1. [PE1] interface GigabitEthernet 3/1/1 [PE1-GigabitEthernet3/1/1] ip address 10.1. [PE1] vsi bbb auto 170 .9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface GigabitEthernet 3/1/1. which is OSPF in this example.2. [PE1] bgp 100 [PE1-bgp] peer 2.9 enable [PE1-bgp-af-vpls] quit [PE1-bgp] quit # Enable L2VPN and MPLS L2VPN.10.Configuration procedure 1.2. [PE1-GigabitEthernet3/1/1] mpls [PE1-GigabitEthernet3/1/1] mpls ldp [PE1-GigabitEthernet3/1/1] quit # Configure the remote LDP session. # Configure the IGP protocol.2.

2.11 24 # Configure basic MPLS on the interface.1.9 connect-interface loopback 0 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer 1. [PE1] interface GigabitEthernet3/1/2 // To bind VPLS instance aaa to interface GigabitEthernet 3/1/2: [PE1-GigabitEthernet3/1/2] l2 binding vsi aaa // To bind VPLS instance bbb to interface GigabitEthernet 3/1/2: [PE1-GigabitEthernet3/1/2] l2 binding vsi bbb [PE1-GigabitEthernet3/1/2] quit 2.[PE1-vsi-bbb] pwsignal bgp [PE1-vsi-bbb-bgp] route-distinguisher 100:1 [PE1-vsi-bbb-bgp] vpn-target 111:1 [PE1-vsi-bbb-bgp] site 1 range 10 [PE1-vsi-bbb-bgp] quit [PE1-vsi-bbb] quit # Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa or bbb to the interface.9 [PE2-mpls-remote-2] quit # Configure BGP extensions.2. # Configure the IGP protocol. [PE2] mpls ldp remote-peer 2 [PE2-mpls-remote-2] remote-ip 1. [PE2] interface GigabitEthernet 3/1/1 [PE2-GigabitEthernet3/1/1] ip address 10.1. Configure PE 2.9 as-number 100 [PE2-bgp] peer 1.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.1.10.1.1.10.1. [PE2-GigabitEthernet3/1/1] mpls [PE2-GigabitEthernet3/1/1] mpls ldp [PE2-GigabitEthernet3/1/1] quit # Configure the remote LDP session.9 [PE2] mpls [PE1-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface GigabitEthernet 3/1/1.2.1.1. [PE2] bgp 100 [PE2-bgp] peer 1. such as OSPF.9 enable [PE2-bgp-af-vpls] quit [PE2-bgp] quit # Enable L2VPN and MPLS L2VPN. 171 . (Details not shown) # Configure basic MPLS.2. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.

[PE2] l2vpn
[PE2-l2vpn] mpls l2vpn
[PE2-l2vpn] quit

# Configure the VPLS instance aaa that uses LDP signaling.
[PE2] vsi aaa static
[PE2-vsi-aaa] pwsignal ldp
[PE2-vsi-aaa-ldp] vsi-id 500
[PE2-vsi-aaa-ldp] peer 1.1.1.9
[PE2-vsi-aaa-ldp] quit
[PE2-vsi-aaa] quit

# Configure the VPLS instance bbb that uses BGP signaling.
[PE2] vsi bbb auto
[PE2-vsi-bbb] pwsignal bgp
[PE2-vsi-bbb-bgp] route-distinguisher 100:1
[PE2-vsi-bbb-bgp] vpn-target 111:1
[PE2-vsi-bbb-bgp] site 2 range 10
[PE2-vsi-bbb-bgp] quit
[PE2-vsi-bbb] quit

# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa or bbb to the interface.
[PE2] interface GigabitEthernet 3/1/2

// To bind VPLS instance aaa to interface GigabitEthernet 3/1/2:
[PE2-GigabitEthernet3/1/2] l2 binding vsi aaa

// To bind VPLS instance bbb to interface GigabitEthernet 3/1/2:
[PE2-GigabitEthernet3/1/2] l2 binding vsi bbb
[PE2-GigabitEthernet3/1/2] quit

After completing previous configurations, issue the display vpls connection command on the PEs. You will
see that a PW connection in up state has been established.

Configuring H-VPLS with LSP access
Network requirements
Create a U-PW between UPE and NPE 1 and an N-PW between NPE 1 and NPE 3. Create an LDP VPLS
instance aaa.
Figure 43 Network diagram

172

Configuration procedure
1.

Configure the IGP protocol (such as OSPF) on the MPLS backbone. (Details not shown)

2.

Configure UPE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname UPE
[UPE] interface loopback 0
[UPE-LoopBack0] ip address 1.1.1.9 32
[UPE-LoopBack0] quit
[UPE] mpls lsr-id 1.1.1.9
[UPE] mpls
[UPE-mpls] quit
[UPE] mpls ldp
[UPE-mpls-ldp] quit

# Configure basic MPLS on the interface connected to NPE 1.
[UPE] interface GigabitEthernet 3/1/1
[UPE-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[UPE-GigabitEthernet3/1/1] mpls
[UPE-GigabitEthernet3/1/1] mpls ldp
[UPE-GigabitEthernet3/1/1] quit

# Configure the remote LDP session.
[UPE] mpls ldp remote-peer 1
[UPE-mpls-remote-1] remote-ip 2.2.2.9
[UPE-mpls-remote-1] quit

# Enable L2VPN and MPLS L2VPN.
[UPE] l2vpn
[UPE-l2vpn] mpls l2vpn
[UPE-l2vpn] quit

# Configure the VPLS instance aaa that uses LDP signaling.
[UPE] vsi aaa static
[UPE-vsi-aaa] pwsignal ldp
[UPE-vsi-aaa-ldp] vsi-id 500
[UPE-vsi-aaa-ldp] peer 2.2.2.9
[UPE-vsi-aaa-ldp] quit
[UPE-vsi-aaa] quit

# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa to the interface.
[UPE] interface GigabitEthernet 3/1/2
[UPE-GigabitEthernet3/1/2] l2 binding vsi aaa
[UPE-GigabitEthernet3/1/2] quit

3.

Configure NPE 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname NPE1
[NPE1] interface loopback 0
[NPE1-LoopBack0] ip address 2.2.2.9 32
[NPE1-LoopBack0] quit

173

[NPE1] mpls lsr-id 2.2.2.9
[NPE1] mpls
[NPE1–mpls] quit
[NPE1] mpls ldp
[NPE1–mpls-ldp] quit

# Configure basic MPLS on the interface connected to UPE.
[NPE1] interface GigabitEthernet3/1/1
[NPE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[NPE1-GigabitEthernet3/1/1] mpls
[NPE1-GigabitEthernet3/1/1] mpls ldp
[NPE1-GigabitEthernet3/1/1] quit

# Configure basic MPLS on the interface connected to NPE 3.
[NPE1] interface GigabitEthernet3/1/2
[NPE1-GigabitEthernet3/1/2] ip address 11.1.1.1 24
[NPE1-GigabitEthernet3/1/2] mpls
[NPE1-GigabitEthernet3/1/2] mpls ldp
[NPE1-GigabitEthernet3/1/2] quit

# Configure the remote LDP session with UPE.
[NPE1] mpls ldp remote-peer 2
[NPE1-mpls-remote-2] remote-ip 1.1.1.9
[NPE1-mpls-remote-2] quit

# Configure the remote LDP session with NPE 3.
[NPE1] mpls ldp remote-peer 3
[NPE1-mpls-remote-3] remote-ip 3.3.3.9
[NPE1-mpls-remote-3] quit

# Enable L2VPN and MPLS L2VPN.
[NPE1] l2vpn
[NPE1-l2vpn] mpls l2vpn
[NPE1-l2vpn] quit

# Configure the VPLS instance aaa that uses LDP signaling.
[NPE1] vsi aaa static
[NPE1-vsi-aaa] pwsignal ldp
[NPE1-vsi-aaa-ldp] vsi-id 500
[NPE1-vsi-aaa-ldp] peer 1.1.1.9 upe
[NPE1-vsi-aaa-ldp] peer 3.3.3.9
[NPE1-vsi-aaa-ldp] quit
[NPE1-vsi-aaa] quit

4.

Configure NPE 3.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname NPE3
[NPE3] interface loopback 0
[NPE3-LoopBack0] ip address 3.3.3.9 32
[NPE3-LoopBack0] quit
[NPE3] mpls lsr-id 3.3.3.9
[NPE3] mpls
[NPE3–mpls] quit

174

[NPE3] mpls ldp
[NPE3–mpls-ldp] quit

# Configure basic MPLS on the interface connected to NPE 1.
[NPE3] interface GigabitEthernet3/1/1
[NPE3-GigabitEthernet3/1/1] ip address 11.1.1.2 24
[NPE3-GigabitEthernet3/1/1] mpls
[NPE3-GigabitEthernet3/1/1] mpls ldp
[NPE3-GigabitEthernet3/1/1] quit

# Configure the remote LDP session.
[NPE3] mpls ldp remote-peer 1
[NPE3-mpls-remote-1] remote-ip 2.2.2.9
[NPE3-mpls-remote-1] quit

# Enable L2VPN and MPLS L2VPN.
[NPE3] l2vpn
[NPE3-l2vpn] mpls l2vpn
[NPE3-l2vpn] quit

# Configure the VPLS instance aaa that uses LDP signaling.
[NPE3] vsi aaa static
[NPE3-vsi-aaa] pwsignal ldp
[NPE3-vsi-aaa-ldp] vsi-id 500
[NPE3-vsi-aaa-ldp] peer 2.2.2.9
[NPE3-vsi-aaa-ldp] quit
[NPE3-vsi-aaa] quit

# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa to the interface.
[NPE3] interface GigabitEthernet 3/1/2
[NPE3-GigabitEthernet3/1/2] l2 binding vsi aaa
[NPE3-GigabitEthernet3/1/2] quit

After completing previous configurations, issue the display vpls connection command on the PEs. You will
see that a PW connection in up state has been established.

Configuring hub-spoke VPLS
Network requirements
Create a PW between Spoke-PE 1 and Hub-PE and another PW between Spoke-PE 2 and Hub-PE.
Create VPLS instance aaa and configure it to support hub-spoke networking.

175

Figure 44 Network diagram

Configuration procedure
1.

Configure an IGP (such as OSPF) on the MPLS backbone. (Details not shown)

2.

Configure Spoke-PE 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Spoke-PE1
[Spoke-PE1] interface loopback 0
[Spoke-PE1-LoopBack0] ip address 1.1.1.9 32
[Spoke-PE1-LoopBack0] quit
[Spoke-PE1] mpls lsr-id 1.1.1.9
[Spoke-PE1] mpls
[Spoke-PE1–mpls] quit
[Spoke-PE1] mpls ldp
[Spoke-PE1-mpls-ldp] quit

# Configure basic MPLS on the interface connected to Hub-PE.
[Spoke-PE1] interface GigabitEthernet 3/1/1
[Spoke-PE1-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[Spoke-PE1-GigabitEthernet3/1/1] mpls
[Spoke-PE1-GigabitEthernet3/1/1] mpls ldp
[Spoke-PE1-GigabitEthernet3/1/1] quit

# Configure the remote LDP session with Hub-PE.
[Spoke-PE1] mpls ldp remote-peer 1
[Spoke-PE1-mpls-remote-1] remote-ip 3.3.3.9
[Spoke-PE1-mpls-remote-1] quit

# Enable L2VPN and MPLS L2VPN.
[Spoke-PE1] l2vpn
[Spoke-PE1-l2vpn] mpls l2vpn
[Spoke-PE1-l2vpn] quit

176

# Configure LDP VPLS instance aaa that supports the hub-spoke model, and configure the peer as
the hub.
[Spoke-PE1] vsi aaa static hub-spoke
[Spoke-PE1-vsi-aaa] pwsignal ldp
[Spoke-PE1-vsi-aaa-ldp] vsi-id 500
[Spoke-PE1-vsi-aaa-ldp] peer 3.3.3.9 hub
[Spoke-PE1-vsi-aaa-ldp] quit
[Spoke-PE1-vsi-aaa] quit

# Configure interface GigabitEthernet 3/1/2, bind VPLS instance aaa to the interface, and
specify the attached CE as a spoke-CE.
[Spoke-PE1] interface GigabitEthernet 3/1/2
[Spoke-PE1-GigabitEthernet3/1/2] l2 binding vsi aaa spoke
[Spoke-PE1-GigabitEthernet3/1/2] quit

3.

Configure Spoke-PE 2.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Spoke-PE2
[Spoke-PE2] interface loopback 0
[Spoke-PE2-LoopBack0] ip address 2.2.2.9 32
[Spoke-PE2-LoopBack0] quit
[Spoke-PE2] mpls lsr-id 2.2.2.9
[Spoke-PE2] mpls
[Spoke-PE2–mpls] quit
[Spoke-PE2] mpls ldp
[Spoke-PE2–mpls-ldp] quit

# Configure basic MPLS on the interface connected to Hub-PE.
[Spoke-PE2] interface GigabitEthernet3/1/1
[Spoke-PE2-GigabitEthernet3/1/1] ip address 20.1.1.1 24
[Spoke-PE2-GigabitEthernet3/1/1] mpls
[Spoke-PE2-GigabitEthernet3/1/1] mpls ldp
[Spoke-PE2-GigabitEthernet3/1/1] quit

# Configure the remote LDP session with Hub-PE.
[Spoke-PE2] mpls ldp remote-peer 2
[Spoke-PE2-mpls-remote-2] remote-ip 3.3.3.9
[Spoke-PE2-mpls-remote-2] quit

# Enable L2VPN and MPLS L2VPN.
[Spoke-PE2] l2vpn
[Spoke-PE2-l2vpn] mpls l2vpn
[Spoke-PE2-l2vpn] quit

# Configure the LDP VPLS instance aaa that supports the hub-spoke model, and configure the peer
as the hub.
[Spoke-PE2] vsi aaa static hub-spoke
[Spoke-PE2-vsi-aaa] pwsignal ldp
[Spoke-PE2-vsi-aaa-ldp] vsi-id 500
[Spoke-PE2-vsi-aaa-ldp] peer 3.3.3.9 hub
[Spoke-PE2-vsi-aaa-ldp] quit
[Spoke-PE2-vsi-aaa] quit

177

# Configure interface GigabitEthernet 3/1/2, bind VPLS instance aaa to the interface, and
specify the attached CE as a spoke-CE.
[Spoke-PE2] interface GigabitEthernet 3/1/2
[Spoke-PE2-GigabitEthernet3/1/2] l2 binding vsi aaa spoke
[Spoke-PE2-GigabitEthernet3/1/2] quit

4.

Configure Hub-PE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Hub-PE
[Hub-PE] interface loopback 0
[Hub-PE-LoopBack0] ip address 3.3.3.9 32
[Hub-PE-LoopBack0] quit
[Hub-PE] mpls lsr-id 3.3.3.9
[Hub-PE] mpls
[Hub-PE–mpls] quit
[Hub-PE] mpls ldp
[Hub-PE–mpls-ldp] quit

# Configure basic MPLS on the interface connected to Spoke-PE 1.
[Hub-PE] interface GigabitEthernet 3/1/1
[Hub-PE-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[Hub-PE-GigabitEthernet3/1/1] mpls
[Hub-PE-GigabitEthernet3/1/1] mpls ldp
[Hub-PE-GigabitEthernet3/1/1] quit

# Configure basic MPLS on the interface connected to Spoke-PE 2.
[Hub-PE] interface GigabitEthernet 3/1/2
[Hub-PE-GigabitEthernet3/1/2] ip address 20.1.1.2 24
[Hub-PE-GigabitEthernet3/1/2] mpls
[Hub-PE-GigabitEthernet3/1/2] mpls ldp
[Hub-PE-GigabitEthernet3/1/2] quit

# Configure the remote LDP sessions.
[Hub-PE] mpls ldp remote-peer 1
[Hub-PE-mpls-remote-1] remote-ip 1.1.1.9
[Hub-PE-mpls-remote-1] quit
[Hub-PE] mpls ldp remote-peer 2
[Hub-PE-mpls-remote-2] remote-ip 2.2.2.9
[Hub-PE-mpls-remote-2] quit

# Enable L2VPN and MPLS L2VPN.
[Hub-PE] l2vpn
[Hub-PE-l2vpn] mpls l2vpn
[Hub-PE-l2vpn] quit

# Configure the LDP VPLS instance aaa that supports the hub-spoke model, and configure the peers
as spokes.
[Hub-PE] vsi aaa static hub-spoke
[Hub-PE-vsi-aaa] pwsignal ldp
[Hub-PE-vsi-aaa-ldp] vsi-id 500
[Hub-PE-vsi-aaa-ldp] peer 1.1.1.9 spoke
[Hub-PE-vsi-aaa-ldp] peer 2.2.2.9 spoke

178

[Hub-PE-vsi-aaa-ldp] quit
[Hub-PE-vsi-aaa] quit

# Configure interface GigabitEthernet 3/1/3, bind VPLS instance aaa to the interface, and
specifying the attached CE as the hub-CE.
[Hub-PE] interface GigabitEthernet 3/1/3
[Hub-PE-GigabitEthernet3/1/3] l2 binding vsi aaa hub
[Hub-PE-GigabitEthernet3/1/3] quit

After completing previous configurations, issue the display vpls connection command on the PEs. You will
see that a PW connection in up state has been established.

Configuring PW redundancy for H-VPLS access
Network requirements
As shown in Figure 45, UPE establishes a PW connection (U-PW) with NPE 1 and NPE 2, with the NPE
2 link as the backup. NPE 1 and NPE 2 each establish a PW connection (N-PW) with NPE 3. CE 3 is
connected to the network through NPE 3.
UPE is connected to NPE 1 through GigabitEthernet 3/1/2 and is connected to NPE 2 through
GigabitEthernet 3/1/3. NPE 1 is connected to NPE 3 through GigabitEthernet 3/1/5, and NPE 2 is
connected to NPE 3 through GigabitEthernet 3/1/6.
Configure a VPLS instance and configure it to support H-VPLS networking.
Figure 45 Network diagram

Configuration procedure
1.

Configure the IGP protocol (such as OSPF) on the MPLS backbone. (Details not shown)

2.

Configure UPE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname UPE
[UPE] interface loopback 0
[UPE-LoopBack0] ip address 1.1.1.1 32
[UPE-LoopBack0] quit

179

3. GigabitEthernet 3/1/4 create a service instance and bind the VSI.1 255.255.255.1. that is.0 [UPE-GigabitEthernet3/1/2]mpls [UPE-GigabitEthernet3/1/2]mpls ldp [UPE-GigabitEthernet3/1/2]quit # Configure basic MPLS on the interface connected to NPE 2. [UPE]interface GigabitEthernet 3/1/3 [UPE-GigabitEthernet3/1/3] ip address 13.3 [UPE-mpls-remote-1] quit # Enable L2VPN and MPLS L2VPN.1. [UPE] interface GigabitEthernet 3/1/1 [UPE-GigabitEthernet3/1/1] service-instance 1000 [UPE-GigabitEthernet3/1/1-srv1000] encapsulation s-vid 10 [UPE-GigabitEthernet3/1/1-srv1000] xconnect vsi aaa [UPE-GigabitEthernet3/1/1-srv1000] quit # On the interface connected to CE 2. [UPE] interface GigabitEthernet 3/1/4 180 .[UPE] mpls lsr-id 1. [UPE] interface GigabitEthernet 3/1/2 [UPE-GigabitEthernet3/1/2] ip address 12.2 [UPE-mpls-remote-1] quit # Configure the remote LDP session with NPE 2.3 [UPE-vsi-aaa-ldp] dual-npe revertive wtr-time 1 [UPE-vsi-aaa-ldp] quit [UPE-vsi-aaa] quit # On the interface connected to CE 1.1.2 backup-peer 3.2.1 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit # Configure basic MPLS on the interface connected to NPE 1.2. that is GigabitEthernet 3/1/1.1.1.3.2. [UPE] mpls ldp remote-peer 2 [UPE-mpls-remote-1] remote-ip 3.0 [UPE-GigabitEthernet3/1/3]mpls [UPE-GigabitEthernet3/1/3]mpls ldp [UPE-GigabitEthernet3/1/3]quit # Configure the remote LDP session with NPE 1. create a service instance and bind the VSI.1.3.255.1 255. [UPE] vsi aaa static [UPE-vsi-aaa] pwsignal ldp [UPE-vsi-aaa-ldp] vsi-id 500 [UPE-vsi-aaa-ldp] peer 2.2.3.255. [UPE] l2vpn [UPE-l2vpn] mpls l2vpn [UPE-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling. [UPE] mpls ldp remote-peer 1 [UPE-mpls-remote-1] remote-ip 2.

0 [NPE1-GigabitEthernet3/1/2]mpls [NPE1-GigabitEthernet3/1/2]mpls ldp [NPE1-GigabitEthernet3/1/2]quit # Configure an IP address for the interface connected to NPE 3.1.4.1 255.1.2.2 32 [NPE1-LoopBack0] quit [NPE1] mpls lsr-id 2.1.1. [NPE1] l2vpn [NPE1-l2vpn] mpls l2vpn [NPE1-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling.2. <Sysname> system-view [Sysname] sysname NPE1 [NPE1] interface loopback 0 [NPE1-LoopBack0] ip address 2.1. # Configure basic MPLS.0 [NPE1-GigabitEthernet3/1/5]mpls [NPE1-GigabitEthernet3/1/5]mpls ldp [NPE1-GigabitEthernet3/1/5]quit # Configure the remote LDP session with UPE.2 255.1.4 [NPE1-mpls-remote-3] quit # Enable L2VPN and MPLS L2VPN.1 upe 181 . and then enable MPLS and MPLS LDP. [NPE1] mpls ldp remote-peer 3 [NPE1-mpls-remote-3] remote-ip 4.255. Configure NPE 1.2. and then enable MPLS and MPLS LDP. [NPE1]interface GigabitEthernet 3/1/2 [NPE1-GigabitEthernet3/1/2] ip address 12. [NPE1] mpls ldp remote-peer 2 [NPE1-mpls-remote-2] remote-ip 1. [NPE1]interface GigabitEthernet 3/1/5 [NPE1-GigabitEthernet3/1/5] ip address 15.[UPE-GigabitEthernet3/1/4] service-instance 1000 [UPE-GigabitEthernet3/1/4-srv1000] encapsulation s-vid 11 [UPE-GigabitEthernet3/1/4-srv1000] xconnect vsi aaa [UPE-GigabitEthernet3/1/4-srv1000] quit 3.2 [NPE1] mpls [NPE1–mpls] quit [NPE1] mpls ldp [NPE1–mpls-ldp] quit # Configure an IP address for the interface connected to UPE.2. [NPE1] vsi aaa static [NPE1-vsi-aaa] pwsignal ldp [NPE1-vsi-aaa-ldp] vsi-id 500 [NPE1-vsi-aaa-ldp] peer 1.255.1.4.1.255.255.1 [NPE1-mpls-remote-2] quit # Configure the remote LDP session with NPE 3.

<Sysname> system-view [Sysname] sysname NPE3 [NPE3] interface loopback 0 [NPE3-LoopBack0] ip address 4.2. (Details not shown) 4.4 [NPE1-vsi-aaa-ldp] quit [NPE1-vsi-aaa] quit The configuration procedure on NPE 2 is similar to that on NPE 1.3.4 [NPE3] mpls [NPE3–mpls] quit [NPE3] mpls ldp [NPE3–mpls-ldp] quit # Configure an IP address for the interface connected to NPE 1.4.2 255.2 [NPE3-mpls-remote-1] quit [NPE3] mpls ldp remote-peer 2 [NPE3-mpls-remote-2] remote-ip 3.2 255. and then enable MPLS and MPLS LDP. and then enable MPLS and MPLS LDP.3 182 . Configure NPE 3.4.3.255.3 [NPE3-mpls-remote-2] quit # Enable L2VPN and MPLS L2VPN.0 [NPE3-GigabitEthernet3/1/6]mpls [NPE3-GigabitEthernet3/1/61]mpls ldp [NPE3-GigabitEthernet3/1/6]quit # Configure the remote LDP session.2.1.1.255.2 [NPE3-vsi-aaa-ldp] peer 3.3.1.4.2.3.2. [NPE3]interface GigabitEthernet 3/1/6 [NPE3-GigabitEthernet3/1/6] ip address 16.255. [NPE3]interface GigabitEthernet 3/1/5 [NPE3-GigabitEthernet3/1/5] ip address 15.4.4 32 [NPE3-LoopBack0] quit [NPE3] mpls lsr-id 4. # Configure basic MPLS. [NPE3] mpls ldp remote-peer 1 [NPE3-mpls-remote-1] remote-ip 2. [NPE3] l2vpn [NPE3-l2vpn] mpls l2vpn [NPE3-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling [NPE3] vsi aaa static [NPE3-vsi-aaa] pwsignal ldp [NPE3-vsi-aaa-ldp] vsi-id 500 [NPE3-vsi-aaa-ldp] peer 2.[NPE1-vsi-aaa-ldp] peer 4.1.255.4.4.0 [NPE3-GigabitEthernet3/1/5]mpls [NPE3-GigabitEthernet3/1/5]mpls ldp [NPE3-GigabitEthernet3/1/5]quit # Configure an IP address for the interface connected to NPE 2.

Create a VPLS instance that supports P2P on ASBR 1 and ASBR 2.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1 24 [PE1-GigabitEthernet3/1/2] mpls 183 .1.1. so as to set up a multi-hop PW between PE 1 and PE 2.1. and bind the VPLS instance. execute the display vpls connection command on the PEs. [PE1] interface GigabitEthernet 3/1/2 [PE1-GigabitEthernet3/1/2] ip address 10. # Configure basic MPLS.1. Configurations on PE 1.[NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Create service instance on interface GigabitEthernet 3/1/1 connected to CE 3.1. [NPE3] interface GigabitEthernet 3/1/1 [NPE3-GigabitEthernet3/1/1] service-instance 1000 [NPE3-GigabitEthernet3/1/1-srv1000] encapsulation s-vid 10 [NPE3-GigabitEthernet3/1/1-srv1000] xconnect vsi aaa [NPE3-GigabitEthernet3/1/1-srv1000] quit After completing the configurations. Implementing multi-AS VPN through multi-hop PW Network requirements Each CE is connected to a PE through an Ethernet. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1. Figure 46 Network diagram Configuration procedure 1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure basic MPLS for the interface connecting ASBR 1. You will see that a PW connection in up state has been established.

0 0.3 [ASBR1-mpls-ldp-remote-1] quit # Configure OSPF. [PE1] interface GigabitEthernet 3/1/1 [PE1-GigabitEthernet3/1/1] l2 binding vsi aaa [PE1-GigabitEthernet3/1/1] quit 2.2 32 [ASBR1-LoopBack0] quit [ASBR1] mpls lsr-id 2.0] network 10.0.0] network 2. the interface connected to PE 1.2.255 [ASBR1-ospf-1-area-0.2 24 [ASBR1-GigabitEthernet3/1/1] mpls [ASBR1-GigabitEthernet3/1/1] mpls ldp [ASBR1-GigabitEthernet3/1/1] quit 184 . [ASBR1] ospf [ASBR1-ospf-1] area 0 [ASBR1-ospf-1-area-0.2. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Create VPLS instance aaa that uses LDP signaling. the interface connected to CE 1.0.1.0.0.2.0.[PE1-GigabitEthernet3/1/2] mpls ldp [PE1-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN.2 [ASBR1] mpls [ASBR1–mpls] quit [ASBR1] mpls ldp [ASBR1–mpls-ldp] quit # Create a remote LDP peer.0.1.0] quit [ASBR1-ospf-1] quit # Configure basic MPLS for GigabitEthernet 3/1/1.3.0.2.3. <Sysname> system-view [Sysname] sysname ASBR1 [ASBR1] interface loopback 0 [ASBR1-LoopBack0] ip address 2. # Configure basic MPLS.2. [ASBR1] mpls ldp remote-peer 1 [ASBR1-mpls-ldp-remote-1] remote-ip 3.1.0.0.2 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # Bind the VPLS instance aaa to GigabitEthernet 3/1/1.2.0 [ASBR1-ospf-1-area-0.2 0.2. [ASBR1] interface GigabitEthernet 3/1/1 [ASBR1-GigabitEthernet3/1/1] ip address 10.0. Configurations on ASBR 1.1.2. [PE1] vsi aaa static [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500 [PE1-vsi-aaa-ldp] peer 2.

<Sysname> system-view [Sysname] sysname ASBR2 [ASBR2] interface loopback 0 [ASBR2-LoopBack0] ip address 3.0 185 . # Configure basic MPLS.2.1.1.3 as-number 200 [ASBR1-bgp] peer 11.0.3 0.0.3 32 [ASBR2-LoopBack0] quit [ASBR2] mpls lsr-id 3. [ASBR1] bgp 100 [ASBR1-bgp] import-route direct [ASBR1-bgp] peer 11.2.3 [ASBR1-vsi-aaa-ldp] quit [ASBR1-vsi-aaa] quit # Configure BGP to advertise labeled unicast routes.3.1.1 upe [ASBR1-vsi-aaa-ldp] peer 3. [ASBR1] vsi aaa static p2p [ASBR1-vsi-aaa] pwsignal ldp [ASBR1-vsi-aaa-ldp] vsi-id 500 [ASBR1-vsi-aaa-ldp] peer 1.2 [ASBR2-mpls-ldp-remote-2] quit # Configure OSPF. [ASBR1] interface GigabitEthernet 3/1/2 [ASBR1-GigabitEthernet3/1/2] ip address 11.1.0] network 3. [ASBR2] mpls ldp remote-peer 2 [ASBR2-mpls-ldp-remote-2] remote-ip 2.3.3 [ASBR2] mpls [ASBR2–mpls] quit [ASBR2] mpls ldp [ASBR2–mpls-ldp] quit # Create a remote LDP peer.1.3.3 route-policy map export [ASBR1-bgp] peer 11. [ASBR2] ospf [ASBR2-ospf-1] area 0 [ASBR2-ospf-1-area-0. Configurations on ASBR 2.2 24 [ASBR1-GigabitEthernet3/1/2] mpls [ASBR1-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN.3.1.3.0.# Configure basic MPLS for GigabitEthernet 3/1/2.0. the interface connected to ASBR 2.3.1.1. [ASBR1] l2vpn [ASBR1-l2vpn] mpls l2vpn [ASBR1-l2vpn] quit # Configure a P2P-capable VPLS instance aaa that uses LDP signaling.3 label-route-capability [ASBR1-bgp] quit [ASBR1] route-policy map permit node 10 [ASBR1-route-policy] apply mpls-label [ASBR1-route-policy] quit 3.1.3.1.3.

4 [PE2] mpls [PE2–mpls] quit [PE2] mpls ldp 186 . [ASBR2] l2vpn [ASBR2-l2vpn] mpls l2vpn [ASBR2-l2vpn] quit # Configure a P2P-capable VPLS instance aaa that uses LDP signaling.4 upe [ASBR2-vsi-aaa-ldp] peer 2.1.0.2 label-route-capability [ASBR2-bgp] quit [ASBR2] route-policy map permit node 10 [ASBR2-route-policy] apply mpls-label [ASBR2-route-policy] quit 4.0. [ASBR2] bgp 200 [ASBR2-bgp] import-route direct [ASBR2-bgp] peer 11.1. [ASBR2] interface GigabitEthernet 3/1/2 [ASBR2-GigabitEthernet3/1/2] ip address 12.1.3 24 [ASBR2-GigabitEthernet3/1/1] mpls [ASBR2-GigabitEthernet3/1/1] quit # Configure basic MPLS for GigabitEthernet 3/1/2.1.4.2 [ASBR2-vsi-aaa-ldp] quit [ASBR2-vsi-aaa] quit # Configure BGP to advertise labeled unicast routes.1.2 as-number 100 [ASBR2-bgp] peer 11.4.0] quit [ASBR2-ospf-1] quit # Configure basic MPLS for GigabitEthernet 3/1/1. Configurations on PE 2.255 [ASBR2-ospf-1-area-0.0 0. # Configure basic MPLS.2 route-policy map export [ASBR2-bgp] peer 11.0.3 24 [ASBR2-GigabitEthernet3/1/2] mpls [ASBR2-GigabitEthernet3/1/2] mpls ldp [ASBR2-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN.2.1.2.4.4. [ASBR2] interface GigabitEthernet 3/1/1 [ASBR2-GigabitEthernet3/1/1] ip address 11.0.0.1. [ASBR2] vsi aaa static p2p [ASBR2-vsi-aaa] pwsignal ldp [ASBR2-vsi-aaa-ldp] vsi-id 500 [ASBR2-vsi-aaa-ldp] peer 4.4.[ASBR2-ospf-1-area-0.1.1.1. the interface connecting PE 2.4 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 4.1. the interface connecting ASBR 1.0. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 4.0] network 12.1.4.

the interface connected to CE 2. • The extended session is not working normally. • Check whether the PW ID and transport mode are the same on the two peers. the PW cannot come up. if the corresponding VPLS instances on the two peers have different MTU settings. Solution 187 .3 [PE2-vsi-aaa-ldp] quit [PE2-vsi-aaa] quit # Bind VPLS instance aaa to GigabitEthernet 3/1/1. • Check the routing tables of the PEs to see whether a route is available between the two PEs. [PE2] interface GigabitEthernet 3/1/2 [PE2-GigabitEthernet3/1/2] ip address 12. • Check whether the private network interfaces are up or whether the PW to the UPE is up. Verify the configuration. Analysis • The public network LSP tunnel is not established.3.1. [PE2] interface GigabitEthernet 3/1/1 [PE2-GigabitEthernet3/1/1] l2 binding vsi aaa [PE2-GigabitEthernet3/1/1] quit 5. Troubleshooting VPLS Symptom The VPLS link PW is not up. Check whether each router can ping the loopback interface of the peer and whether the LDP session is normal. • When LDP is used as the PW signaling protocol. You will see that a PW in up state has been established between the devices. [PE2] vsi aaa static [PE2-vsi-aaa] pwsignal ldp [PE2-vsi-aaa-ldp] vsi-id 500 [PE2-vsi-aaa-ldp] peer 3.1.4 24 [PE2-GigabitEthernet3/1/2] mpls [PE2-GigabitEthernet3/1/2] mpls ldp [PE2-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN.3.[PE2–mpls-ldp] quit # Configure basic MPLS for GigabitEthernet 3/1/2. • A private VLAN virtual interface is not bound with the corresponding VPLS instance and is not up. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure VPLS instance aaa that uses LDP signaling. • Check whether any extended session configuration command is missing at either side. Execute the display vpls connection command on each device. the interface connected to ASBR 2.

188 .• Check whether the VPLS instances on the two peers are configured with the same MTU value.

• SPC cards only support binding a Layer 2 Ethernet port with an L2VPN. MPLS L2VPN transfers Layer 2 user data transparently on the MPLS network. the MPLS network is a Layer 2 switched network and they can establish Layer 2 connections over the network. It allows carriers to establish L2VPNs on different data link layer protocols. VLAN. • SPC cards do not support CCC. and SNA. Figure 47 Network diagram for MPLS L2VPN Comparison with MPLS L3VPN Compared with MPLS L3VPN. and SPE cards refer to the cards prefixed with SPE. for example. such as IP. SPC cards refer to the cards prefixed with SPC. MPLS L2VPN has the following advantages: • High scalability. Each customer edge (CE) device can connect to the MPLS network through an ATM virtual circuit (VC) to communicate with another CE. As no routing information of users is involved. This greatly reduces the load of the PEs and even the load of the whole service provider network. for example. For users. • Guaranteed reliability and private routing information security. 189 . SPE-1020-E-II. MPLS L2VPN neither tries to obtain nor processes the routing information of users. This is similar to that of an ATM network. or Kompella MPLS L2VPNs. • Support for multiple network layer protocols. IPX. enabling carriers to support more VPNs and to service more users. Consider ATM as an example. Ethernet and PPP. They do not support binding a Layer 3 Ethernet interface with an L2VPN. SVC. MPLS L2VPN establishes only Layer 2 connections. guaranteeing the security of the user VPN routing information. It does not involve the routing information of users.Configuring MPLS L2VPN NOTE: • In this documentation. MPLS L2VPN overview MPLS L2VPN provides Layer 2 VPN services on the MPLS network. SPC-GT48L. including ATM.

• Provider edge (PE) device—A PE resides at the edge of a service provider network and connects one or more CEs. • Outer label. Figure 48 MPLS L2VPN label stack processing 1) L2 PDU: Layer 2 protocol data unit 2) T represents tunnel label. The following sections describe these implementation methods for MPLS L2VPN in detail. • Kompella—A CE-to-CE mode for implementing MPLS L2VPN on the MPLS network. It has only basic MPLS forwarding capability. It uses Label Distribution Protocol (LDP) as a signaling protocol to transfer VC labels. • Inner label. 190 . It uses extended BGP as the signaling protocol to advertise Layer 2 reachability information and VC labels.Basic concepts of MPLS L2VPN In MPLS L2VPN. T’ represents swapped tunnel label. It can be a router. V represents VC label. Implementation of MPLS L2VPN MPLS L2VPN can be implemented in one of the following methods: • Circuit Cross Connect (CCC) and Static Virtual Circuit (SVC)—Two methods of implementing MPLS L2VPN by configuring VC labels statically. On an MPLS network. a switch. also called tunnel label. or a host. Figure 48 illustrates how the label stack changes in the MPLS L2VPN forwarding process. • Upon receiving packets. is used to transfer packets from one PE to another. the concepts and principles of CE. It is not directly connected to any CE. also called VC label. is used to identify different connections between VPNs. • Provider (P) device—A P device is a core device on a service provider network. a PE determines to which CE the packets are to be forwarded according to the VC labels. It can neither “sense” the presence of any VPN nor does it need to support MPLS. • Martini—A method for establishing PPP links to implement MPLS L2VPN. all VPN services are processed on the PEs. MPLS L2VPN uses label stacks to implement the transparent transmission of user packets in the MPLS network. PE and P are the same as those in MPLS L3VPN: • Customer edge (CE) device—A CE resides on a customer network and has one or more interfaces directly connected to service provider networks.

since LSPs are dedicated. It transfers L2VPN information without using any signaling protocol. The VC type indicates the encapsulation type of the VC. The PE functions like a Layer 2 switch and can directly switch packets between the CEs without any static LSP. VLAN. The PEs connecting the two CEs of a VC exchange VC labels through LDP. the Martini method extended LDP by adding the forwarding equivalence class (FEC) type of VC FEC. Your configuration will not affect the operation of the network. it has high scalability. To allow the exchange of VC labels between PEs. Once LDP establishes an LSP between the two PEs and the label exchange and the binding to CE are finished. only PEs need to maintain a small amount of VC labels and LSP mappings and no P router contains Layer 2 VPN information. NOTE: The labels for CCC and SVC range from 16 to 1023. You only need to configure VC label information. Moreover. and bind their respective CE by the VC ID. As long as MPLS forwarding is supported and service provider networks are interconnected. this method supports QoS services.CCC MPLS L2VPN Unlike common MPLS L2VPN. Therefore. which are connected to different PEs. which are reserved for static LSPs. 191 . Martini MPLS L2VPN employs VC type and VC ID to identify a VC. With Martini MPLS L2VPN. a VC is set up and ready to transfer Layer 2 data. as the two PEs exchanging VC labels may not be connected directly. SVC MPLS L2VPN SVC also implements MPLS L2VPN by static configuration. The difference is that it does not use LDP to transfer Layer 2 VC and link information. NOTE: You must configure for each remote CCC connection two LSPs. CCC employs just one level of label to transfer user data. it can neither be used for other MPLS L2VPN connections. Therefore. on the P router along the remote connection. The VC ID uniquely identifies the VC among the VCs of the same type on a PE. one for inbound and the other for outbound. The SVC method resembles the Martini method closely and is in fact a static implementation of the Martini method. In addition. There are two types of CCC connections: • Local connection—A local connection is established between two local CEs that are connected to the same PE. it uses label switched paths (LSPs) exclusively. or PPP. this method works perfectly. The most significant advantage of this method is that no label signaling is required for transferring Layer 2 VPN information. a remote LDP session must be set up to transfer the VC FEC and VC labels. nor for MPLS L3VPN or common IP packets. • Remote connection—A remote connection is established between a local CE and a remote CE. to add a new VC. A CCC LSP can transfer only the data of the CCC connection. Martini MPLS L2VPN The key of the Martini method is to set up VCs between CEs. In addition. you only need to configure a one-way VC for each of the PEs. which can be ATM.

the IP related functions on the sub-interfaces recover. This brings excellent VPN networking flexibility. Then. the system assigns a label block of a size equal to the CE range for the CE. Thus. you can specify the CE range of a VPN to indicate how many CEs can be connected to the VPN. Imagine that an enterprise VPN contains 10 CEs and the number may increase to 20 in future service expansion. they cannot forward unicast or multicast packets. In addition. Kompella supports local connections. when you need to add a CE to the VPN later. the sub-interfaces cannot receive ARP or IGMP packets. Its label block mode allows it to assign labels to multiple connections at a time. MPLS L2VPN configuration task list Complete the following tasks to configure MPLS L2VPN: Task Remarks Configuring MPLS L2VPN Required Configuring CCC MPLS L2VPN Configuring SVC MPLS L2VPN Use one of the approaches according to the MPLS L2VPN implementation method Configuring Martini MPLS L2VPN Configuring Kompella MPLS L2VPN Enabling the MPLS L2VPN mix function Optional NOTE: After you create an MPLS L2VPN connection on a Layer 3 interface. IP related functions on the sub-interfaces of the Layer 3 interface will fail. Similar to MPLS L3VPN. In this way. you can reserve some labels for the VPN for future use. After you remove the MPLS L2VPN connection.The Martini method applies to scenarios with sparse Layer 2 connections. Kompella MPLS L2VPN also uses VPN targets to identify VPNs. No change is required for the other PEs. such as the VPI/VCI with ATM. 192 . With Kompella MPLS L2VPN. For a connection to be established between two CEs. It organizes different VPNs in the whole service provider network and encodes each CE in a VPN. you only need to modify the configurations of the PE to which the new CE is connected. For example. you can set the CE range of each CE to 20. you only need to perform these tasks on the PEs: • Configuring CE IDs of the local and remote CEs respectively • Specifying the circuit ID that the local CE assigns to the connection. but can reduce the VPN deployment and configuration workload in the case of expansion. Kompella MPLS L2VPN Kompella MPLS L2VPN is different from Martini MPLS L2VPN in that it does not operate on the connections between CEs directly. such as a scenario with a star topology. Kompella MPLS L2VPN uses extended BGP as the signaling protocol to distribute VC labels. In this case. This makes VPN expansion extremely simple. This wastes some label resources in a short term.

Specify the reserved VLAN for MPLS L2VPN. mpls l2vpn reserve vlan vlan-id Optional 7. mpls N/A 4. you must complete the following tasks: • Configure basic MPLS • Enable L2VPN • Enable MPLS L2VPN To perform basic MPLS L2VPN configurations: Step Command Remarks 1. mpls lsr-id lsr-id N/A 3. However. Configure the LSR ID. Enable L2VPN and enter L2VPN view. and the incoming and outgoing labels of the LSRs along the CCC connection Configuration procedure Configuring the local CCC connection To create a local CCC connection on a PE: 193 . Configure basic MPLS and enter MPLS view. To configure CCC MPLS L2VPN. you need the following data: • Name for the CCC connection • Connection type: local or remote • For a local CCC connection: the types and numbers of the incoming and outgoing interfaces • For a remote CCC connection: the type and number of the incoming interface. complete the following tasks: • Configure basic MPLS on the PEs and P routers. quit N/A 5. the address of the next hop or the type and number of the outgoing interface. system-view N/A 2. no matter what method you select. Enable MPLS L2VPN. Enter system view. You do not need to enable MPLS L2VPN on the P routers. Return to system view. l2vpn Disabled by default 6. • Enable MPLS L2VPN on the PEs of the MPLS backbone.Configuring MPLS L2VPN You can select any of the implementation methods for MPLS L2VPN as needed. mpls l2vpn Disabled by default Configuring CCC MPLS L2VPN Configuration prerequisites Before configuring CCC L2VPN.

Create a local CCC connection between two CEs connected to the same PE. 2. Configure the PEs To configure a PE: Step 1. Enter system view. can you use the out-interface keyword to specify the outgoing interface. 2. Command Enter system view. or Layer 3 aggregate interface. Configure the P routers To configure a P router: Step 1. where the incoming label must be exclusively for the CCC connection. 2.Step Command 1. static-lsp transit lsp-name incoming-interface interface-type interface-number in-label in-label { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label 194 . system-view Configure a transit static LSP. The labels function as static LSPs. you must use the nexthop keyword to specify the IP address of the next hop. ccc ccc-connection-name interface interface-type interface-number in-label in-label-value out-label out-label-value { nexthop ip-address | out-interface interface-type interface-number } [ control-word | no-control-word ] CAUTION: • You do not need to configure two static LSPs for each remote CCC connection. If the link is not a point-to-point link but. system-view Create a remote CCC connection between CEs connected to different PEs. • Only when the link that the outgoing interface connects is a point-to-point link. system-view 2. you only need to configure the incoming and outgoing labels. VLAN interface. a link connecting to Layer 3 Ethernet interface. for example. Instead. Command Enter system view. ccc ccc-connection-name interface interface-type interface-number out-interface interface-type interface-number Configuring the remote CCC connection 1.

Configuring SVC MPLS L2VPN SVC MPLS L2VPN does not use any signaling protocol to transfer L2VPN information. If a Layer 3 Ethernet sub-interface is bound with an L2VPN. By default. a routing interface or routing sub-interface. and CR-LSP. • You cannot enable both VLL and MPLS on an interface of the router. no static LSPs are required on the PEs but dedicated bidirectional static LSPs are required on all the P routers between the PEs for transmitting the data of the CCC connection. • If a Layer 3 Ethernet interface is bound with an L2VPN. see MPLS Command Reference. you need the following data: • Types and numbers of the interfaces connecting the CEs • Destination LSR ID of SVC • Incoming and outgoing labels of the L2VPN connection • SVC tunneling policy Configuration procedure To configure SVC MPLS L2VPN on the PE: Step Command 1. LDP LSP tunnels are used. To configure SVC MPLS L2VPN. system-view 2. it uses tunnels to transport data between PEs. Instead. SVC supports these tunnel types: LDP LSP. Enter interface view for the interface connecting the CE. the Layer 3 Ethernet interface of the sub-interface cannot be bound with any L2VPN or VPLS instance.CAUTION: • With CCC. interface interface-type interface-number 195 . neither the MPLS service nor the MPLS L2VPN service can work normally and you must remove both of the two services first for further service configuration. Enter system view. • For static LSP configuration commands. for example. Otherwise. Configuration prerequisites Before configuring SVC MPLS L2VPN. the Layer 3 Ethernet sub-interfaces of the Layer 3 Ethernet interface cannot be bound with any L2VPN or VPLS instance. complete these tasks: • Configuring IGP on the PEs and P routers to guarantee the IP connectivity of the MPLS backbone • Configuring basic MPLS and MPLS LDP for the MPLS backbone on the PEs and P routers to establish LDP LSPs • Enabling MPLS L2VPN on the PEs • Establishing the tunnels between PEs according to the tunneling policy.

Because two PEs may not be connected to each other directly. complete the following tasks: • Configure an IGP on the PEs and P routers to ensure IP connectivity within the MPLS backbone • Configure basic MPLS and MPLS LDP on the PEs and P routers to establish LDP LSPs • Enable MPLS L2VPN on the PEs • Establish remote LDP sessions between PEs To configure Martini MPLS L2VPN. the Layer 3 Ethernet sub-interfaces of the Layer 3 Ethernet interface cannot be bound with any L2VPN or VPLS instance. If a Layer 3 Ethernet sub-interface is bound with an L2VPN. for example. you need to: • Create a Martini MPLS L2VPN connection After a Martini MPLS L2VPN connection is created on a Layer 3 Ethernet interface/sub-interface. VC labels need to be exchanged between PEs. • If a Layer 3 Ethernet interface is bound with an L2VPN. neither the MPLS service nor the MPLS L2VPN service can work normally and you must remove both of the two services first for further service configuration. Configuring Martini MPLS L2VPN You can create a Martini MPLS L2VPN connection in either of the following ways: • Configuring it on a Layer 3 interface that is not a VLAN interface (see “Creating a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface”). so that VC FECs and VC labels can be transferred through the session. mpls static-l2vc destination destination-router-id transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ { control-word | ethernet | no-control-word | vlan } | tunnel-policy tunnel-policy-name ] * Create an SVC MPLS L2VPN connection. Configuration prerequisites Before you configure Martini MPLS L2VPN. • Configure the remote peer In Martini MPLS L2VPN implementation. packets arriving at the interface are forwarded through the MPLS L2VPN connection. To configure Martini MPLS L2VPN. CAUTION: • You need to ensure the validity of incoming labels and outgoing labels in an SVC L2VPN. Creating a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface Martini MPLS L2VPN uses extended LDP to transfer Layer 2 information and VC labels. you need to establish a remote LDP session between the two PEs. Otherwise. the Layer 3 Ethernet interface of the sub-interface cannot be bound with any L2VPN or VPLS instance. a routing interface or routing sub-interface.Step Command 3. prepare the following data: 196 . • Configuring it in a service instance (see “Creating a Martini MPLS L2VPN for a service instance”). • You cannot enable both VLL and MPLS on an interface of the router.

Creating a Martini MPLS L2VPN for a service instance 197 . and you must remove both services first for further service configuration. see Layer 2—WAN Configuration Guide. • If a Layer 3 Ethernet interface is bound with an L2VPN. Enter system view. 3. Otherwise. mpls ldp remote-peer remote-peer-name N/A Specify an IP address for the remote peer. mpls l2vc destination vcid [ { control-word | ethernet | no-control-word | vlan } | tunnel-policy tunnel-policy-name ] * N/A 4. • You must configure the PVC and MAP for an ATM interface before using the mpls l2vc destination vcid [ tunnel-policy tunnel-policy-name ] [ control-word | no-control-word ] [ ethernet | vlan ] command on the ATM interface. For more information about PVC and MAP configuration. Otherwise. you must configure the PW encapsulation mode as VLAN. Return to system view. packets may not be forwarded correctly. the Layer 3 Ethernet sub-interfaces of the Layer 3 Ethernet interface cannot be bound with any L2VPN or VPLS instance. NOTE: For remote peer configuration information. Create a Martini MPLS L2VPN connection. neither MPLS nor MPLS L2VPN service can work normally. If a Layer 3 Ethernet sub-interface is bound with an L2VPN. the Layer 3 Ethernet interface of the sub-interface cannot be bound with any L2VPN or VPLS instance. • Do not configure both MPLS and Martini MPLS L2VPN on a Layer 3 Ethernet interface/sub-interface.” CAUTION: • A Martini connection has two main parameters: IP address of the peer PE. see the chapter “Configuring basic MPLS configuration. quit N/A 5. Enter interface view for the interface connecting the CE.• Types and numbers of the interfaces connecting the CEs • Destination address of the L2VPN connection and the PW ID (VC ID) • PW class template Configuration procedure To configure a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface of the PE: Step Command Remarks 1. remote-ip ip-address N/A 6. and VC ID. Configure an MPLS LDP remote peer entity and enter its view. system-view N/A 2. interface interface-type interface-number The interface must be a Layer 3 Ethernet interface/sub-interface. • When configuring a Martini MPLS L2VPN connection on a Layer 3 Ethernet sub-interface on an SPC card.

If you create a Martini MPLS L2VPN connection on a VLAN interface. or configure the port as a hybrid port that permits packets from the access VLAN to pass with the VLAN tag stripped. More specifically: 1. Create a Martini MPLS L2VPN connection in the service instance view.NOTE: • Do not configure services other than L2VPN for the VLAN that is bound to the private network side of the MPLS L2VPN. You can add this port to the access VLAN as an access port. 3. Configuration prerequisites Before you configure Martini MPLS L2VPN. no matter from which Layer 2 Ethernet ports the packets are received. VLAN by default. This not only wastes the Layer 2 Ethernet port and VLAN resources but also mixes the users and services of different Layer 2 Ethernet ports. complete the following tasks: • Configure an IGP on the PEs and P routers to ensure IP connectivity within the MPLS backbone • Configure basic MPLS and MPLS LDP on the PEs and P routers to establish LDP LSPs • Enable MPLS L2VPN on the PEs To configure Martini MPLS L2VPN. trans-mode { ethernet | vlan } 3. 802. pw-class pw-class-name Specify the PW transport mode. all packets carrying the tag of the VLAN will be forwarded through the MPLS L2VPN connection. do not use a trunk port to connect the private network side. prepare the following data: • Types and numbers of the interfaces connecting the CEs • Destination address of the L2VPN connection and the PW ID • PW class template Configuration procedure To create a Martini MPLS L2VPN connection in a service instance: Step Command Remarks N/A 1. Enter system view. Specify a packet matching VLAN ID for the service instance. packets arriving at the Layer 2 Ethernet port and carrying the specified VLAN ID will be forwarded by the MPLS L2VPN connection. Create a PW class template and enter PW class template view. To solve the problem. the router chooses an MPLS L2VPN connection for a received packet according to only the VLAN tag carried in the packet. Optional.1X. Optional. GVRP. system-view 2. DLDP. 198 By default. Then. Create a service instance on a Layer 2 Ethernet port. • For an MPLS L2VPN connection created for a service instance. LLDP. Ethernet OAM. That is. and LACP on a port enabled with MPLS L2VPN. you can create a Martini MPLS L2VPN connection in a service instance. 2. if the access mode of the service instance is Ethernet. • Do not enable port-based protocols such as STP. no PW class template is created. .

encapsulation s-vid vlan-id By default. no service instance is created. you must use the undo xconnect peer command to remove the L2VPN connection first. vlan vlan-id N/A Add the Layer 2 port connecting the CE to the VLAN. interface interface-type interface-number N/A 12. Create a service instance and enter service instance view. the default tunneling policy is used. Specify an IP address for the remote peer. Return to system view. service-instance instance-id By default. Specify the tunneling policy. 13. Configuring Kompella MPLS L2VPN Kompella MPLS L2VPN uses extended BGP as the signaling protocol to transfer L2VPN information between PEs. 199 . quit N/A 9. access mode. The default tunneling policy selects only one tunnel (no load balancing) in this order: LSP tunnel. Create a Martini MPLS L2VPN connection in the service instance.Step Command Remarks Optional. xconnect peer peer-ip-address pw-id pw-id [ access-mode { ethernet | vlan } | mtu mtu-value | [ pw-class class-name ] ] * After this command is executed. mpls ldp remote-peer remote-peer-name N/A 10. By default. remote-ip ip-address N/A 11. no packet matching VLAN ID is specified for the service instance. port interface N/A 8. Create the VLAN to be used by the service instance to match packets. Return to system view. Enter the configuration view of the Layer 2 port that connects with the CE. quit N/A 6. CR-LSP tunnel. 4. 14. Specify a packet matching VLAN ID for the service instance. pw-tunnel-policy policy-name 5. Configure an MPLS LDP remote peer entity and enter its view. and MTU configured for the service instance cannot be changed. NOTE: • You can configure up to 4094 service instances on a Layer 2 Ethernet port. To modify these parameters. the VLAN ID. 7. • The xconnect peer command is available for service instances with the ID in the range of 1 to 4094.

RD. Enter BGP view. peer { group-name | ip-address } enable 7. Specify the interface for the TCP connection. you only need to configure the VPN and CE connection on the PE. l2vpn-family N/A 6. prepare the following data: • AS numbers of the local PE and the peer PE • Name. see the chapter “Configuring MPLS L3VPN. Establish the peer relationship with the peer PE. bgp as-number N/A 3. peer { group-name | ip-address } connect-interface interface-type interface-number N/A 5. Neither IGP nor BGP L2VPN capability is required. policy vpn-target Enable the specified peer or peers to exchange BGP routing information of the BGP-L2VPN address family. Enter system view. Configuration prerequisites Before configuring Kompella MPLS L2VPN. Enable the filtering by the VPN target extended community attributes for the received routing information. and CE range • CE offset Configuration procedure Configuring BGP L2VPN capability To configure BGP L2VPN capability: Step Command Remarks 1. CE ID. and VPN Target attributes of the L2VPN connection • CE name. Optional Enabled by default N/A NOTE: For information about the configuration of BGP-L2VPN address family.To create a Kompella local connection. complete the following tasks: • Configure an IGP on the PEs and P routers to ensure IP connectivity within the MPLS backbone • Configure basic MPLS and MPLS LDP on the PEs and P routers to establish LDP LSPs • Enable MPLS L2VPN on the PEs To configure Kompella MPLS L2VPN. peer { group-name | ip-address } as-number as-number N/A 4.” Configuring VPN To configure VPN: 200 . Enter BGP L2VPN address family view. system-view N/A 2.

Enter system view. For Kompella MPLS L2VPN. Configure an RD for the L2VPN. Once configured. if you do not specify the CE offset: • For the first connection of the CE. the system applies for a supplementary label block of the size of 10. the RD is required. the CE offset is the value specified by the default-offset parameter in the ce command. It affects only possible parameter negotiations. When you increase the CE range. if the original CE range is 10. When creating a CE connection. Associate a particular VPN with one or more VPN targets. This can reduce the configuration modification required when CEs are added in the VPN in future. You can configure a CE range greater than what is required based on your estimate of the future VPN expansion if the label resources are abundant (they are usually abundant). you can increase it to 20. you must configure the VPN encapsulation mode as VLAN. route-distinguisher route-distinguisher N/A 4. You can only increase the CE range. • When you plan a VPN. Set the Layer 2 MTU for the VPN. the CE offset is that of the former connection plus 1. • The configuration of the VPN targets and RD are the same as that for MPLS L3VPN. you must specify an encapsulation type matching that of the CE side interface. for example. This ensures that the existing services will not be interrupted. The CE range of a VPN indicates the maximum number of CEs that can be connected to the VPN. vpn-target vpn-target&<1-16> [ both | export-extcommunity | import-extcommunity ] N/A 5. Otherwise. When creating an L2VPN. but cannot reduce it to 5. The only way to reduce the CE range is to delete the CE and re-create it. mtu mtu Optional CAUTION: • H3C does not recommend configuring the mtu command. in which case you can omit the ce-offset keyword (use the default setting) for most of connections. • With Kompella MPLS L2VPN. Create a VPN and enter MPLS L2VPN view. encode the CE IDs in continuous natural numbers starting from 1. Creating a CE Connection CE ID is used for identifying a CE uniquely in a VPN. • For any other connection of the CE. For example. you must create on the PE an L2VPN instance for each VPN where a directly connected CE resides. It does not affect data forwarding. from 10 to 20. • When configuring a Kompella MPLS L2VPN connection on a Layer 3 Ethernet sub-interface on an SPC card. system-view N/A 2.Step Command Remarks 1. an RD cannot be changed. To create a CE connection: 201 . the system does not release the original label block and then re-apply for a new label block of the size of 20. mpls l2vpn vpn-name [ encapsulation { atm-aal5 | ethernet | fr | hdlc | ppp | vlan } [ control-word | no-control-word ] ] N/A 3. unless you delete the L2VPN and then re-create it. To facilitate the configuration. Instead. H3C recommends encoding CE IDs in incremental sequence starting from 1 and then configuring connections in the sequence of the CE IDs. packets may not be forwarded correctly.

ce ce-name [ id ce-id [ range ce-range ] [ default-offset ce-offset ] ] 4. If a Layer 3 Ethernet sub-interface is bound with an L2VPN. To configure the MPLS L2VPN mix function: Step 1. you need to enable the MPLS L2VPN mix function. Enable the MPLS L2VPN mix function.Step Command 1. the MPLS L2VPN mix function cannot take effect. the Layer 3 Ethernet sub-interfaces of the Layer 3 Ethernet interface cannot be bound with any L2VPN or VPLS instance. the HoVPN function on the SPC card cannot take effect. Otherwise. neither the MPLS service nor the MPLS L2VPN service can work normally and you must remove both of the two services first for further service configuration. for example. Enter MPLS L2VPN view. • For configuration information of HoVPN. • If a Layer 3 Ethernet interface is bound with an L2VPN. Create a Kompella connection. Create a CE for a VPN and enter MPLS L2VPN CE view. vpn l2vpn mix By default. NOTE: • With the MPLS L2VPN mix function enabled. • When both the SPC card and the SPE card of a router are working. see the chapter “Configuring MPLS L3VPN. With the HoVPN function enabled. first use the undo vpn l2vpn mix command to disable the MPLS L2VPN mix function. a routing interface or routing sub-interface. 2. CAUTION: When only the SPC card is working.” 202 . Enabling the MPLS L2VPN mix function If you configure MPLS L2VPN services (including VLL and VPLS) on both the SPC card and the SPE card of a router. connection [ ce-offset id ] interface interface-type interface-number [ tunnel-policy tunnel-policy-name ] CAUTION: • You cannot enable both VLL and MPLS on an interface of the router. system-view 2. do not configure the MPLS L2VPN mix function. so that the SPC card and the SPE card can work together to forward L2VPN traffic normally. Otherwise. if you want to configure the HoVPN function on the SPC card. Enter system view. the HoVPN function cannot take effect. Enter system view. mpls l2vpn vpn-name 3. the Layer 3 Ethernet interface of the sub-interface cannot be bound with any L2VPN or VPLS instance. the MPLS L2VPN mix function is enabled when both the SPC card and the SPE card are working. Command Remarks system-view N/A Optional.

display mpls l2vpn fib pw vpws [ interface interface-type interface-number [ service-instance service-instanceid ] ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the service instance information on an interface. display mpls l2vpn fib ac vpws [ interface interface-type interface-number [ service-instance service-instanceid ] ] [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the MPLS L2VPN PW information. display mpls l2vc[ interface interface-type interface-number [ service-instance instance-id ] | remote-info] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about Kompella L2VPN connections.Displaying and maintaining MPLS L2VPN Displaying the operation of MPLS L2VPN Task Command Remarks Display information about CCC connections. display pw-class [ pw-class-name ] [ | { begin | exclude | include } regular-expression ] Available in any view 203 . display mpls l2vpn connection [ vpn-name vpn-name [ remote-ce ce-id | down | up | verbose ] | summary | interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about L2VPN in the BGP routing table. display service-instance interface interface-type interface-number [ service-instance instance-id ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about one or all PW class templates. display mpls static-l2vc [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about Martini VCs configured on the router. display mpls l2vpn [ export-route-target-list | import-route-target-list | vpn-name vpn-name [ local-ce | remote-ce ] ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the MPLS L2VPN AC information. display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher rd [ ce-id ce-id [ label-offset label-offset ] ] } [ | { begin | exclude | include } regular-expression ] Available in any view Display L2VPN information on a PE. display ccc [ ccc-name ccc-name | type { local | remote } ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about specified L2VPN VC interfaces. display l2vpn ccc-interface vc-type { all | bgp-vc | ccc | ldp-vc | static-vc } [ up | down ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about static VCs configured on the router.

<Sysname> system-view [Sysname] sysname PE 204 . Configure the PE. Configure CE 1. one is enough.1 24 2.1. NOTE: • Because a local CCC connection is bidirectional.Resetting BGP L2VPN connections Task Command Remarks Reset BGP L2VPN connections. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 100. reset bgp l2vpn { as-number | ip-address | all | external | internal } Available in user view MPLS L2VPN configuration examples Example for configuring a local CCC connection Network requirements As shown in Figure 49. • The PE interfaces connecting the CEs require no IP addresses. the CEs are connected to the PE through GigabitEthernet interfaces.1. # Configure the LSR ID and enable MPLS globally. Figure 49 Network diagram Configuration procedure 1. Create a local CCC connection between CE 1 and CE 2.

[PE] interface loopback 0 [PE-LoopBack0] ip address 172.1.1. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 100.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1 32 [PE-LoopBack0] quit [PE] mpls lsr-id 172. [CE1] ping 100. 1 up Remote ccc vc : 0. [PE] interface GigabitEthernet 4/1/1 [PE-GigabitEthernet4/1/1] quit # Configure interface GigabitEthernet 4/1/2.2: 56 data bytes.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.100.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms --.1.2 PING 100.1.1. The output shows that CE 1 and CE 2 can ping each other.1 [PE] mpls [PE-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit # Configure interface GigabitEthernet 4/1/1. The output shows that a local CCC connection has been established.1.2 24 4. Configure CE 2.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1. 0 up ***Name : ce1-ce2 Type : local State : up Intf1 : GigabitEthernet4/1/1 (up) Intf2 : GigabitEthernet4/1/2 (up) # Ping CE 2 from CE 1. [PE] interface GigabitEthernet 4/1/2 [PE-GigabitEthernet 4/1/2] quit # Create a local connection between CE 1 and CE 2.1. [PE] ccc ce1-ce2 interface GigabitEthernet 4/1/1 out-interface GigabitEthernet 4/1/2 3. press CTRL_C to break Reply from 100.1.1.1. # Display CCC connection information on the PE.1.00% packet loss 205 .1. [PE] display ccc Total ccc vc : 1 Local ccc vc : 1. Verify your configuration.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1.

0.1/24 CE 2 PE 2 Configuration procedure 1.0.0.1.0.1.1.0.0. Enable MPLS L2VPN on the PEs.1 [PE1] mpls [PE1-mpls] quit 206 .2/24 Loop0 10. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 100.2. Create a remote CCC connection on the PEs. 2.1/32 GE4/1/1 10. The main steps for configuring a CCC remote connection are: 1.1.1.1. Configure PE 1. Create a remote CCC connection between CE 1 and CE 2. the CEs are connected to the PEs through GigabitEthernet interfaces. 3.0.2/24 GE4/1/1 100. Configure CE 1.0. Configure two static LSPs on the P router for packets to be transferred in both directions.2. You do not need to enable MPLS L2VPN on the P router.1.1.1. # Configure the LSR ID and enable MPLS globally.0.1/24 GE4/1/2 10.2.2/32 PE 1 Loop0 10. No static LSP is required on the PEs.3/32 GE4/1/1 10.1 24 2. Figure 50 Network diagram Device Interface IP address Device Interface IP address CE 1 GE4/1/1 100.round-trip min/avg/max = 10/76/180 ms Example for configuring a remote CCC connection Network requirements As shown in Figure 50.0.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 10.1/24 P Loop0 10.1.2. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 10.2/24 GE4/1/2 10.

[PE1] ccc ce1-ce2 interface GigabitEthernet 4/1/1 in-label 100 out-label 200 nexthop 10. using the interface connecting CE 1 as the incoming interface and the interface connecting the P router as the outgoing interface. [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] quit # Configure interface GigabitEthernet 4/1/2.1. Configure PE 2. [P] static-lsp transit pe1_pe2 incoming-interface GigabitEthernet 4/1/2 in-label 200 nexthop 10. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Configure interface GigabitEthernet 4/1/1.2 24 [P-GigabitEthernet4/1/1] mpls [P-GigabitEthernet4/1/1] quit # Create a static LSP for forwarding packets from PE 1 to PE 2. <Sysname> system-view 207 .2 3.0. # Configure the LSR ID and enable MPLS globally.2.# Enable L2VPN and MPLS L2VPN. and enable MPLS.1. [P] interface GigabitEthernet 4/1/2 [P-GigabitEthernet4/1/2] ip address 10.2 24 [P-GigabitEthernet4/1/2] mpls [P-GigabitEthernet4/1/2] quit # Configure interface GigabitEthernet 4/1/1.1.0.1. [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip address 10.1.2. and enable MPLS.2.1.0.1.1. and enable MPLS.2 [P] mpls [P-mpls] quit # Configure interface GigabitEthernet 4/1/2. [P] interface GigabitEthernet 4/1/1 [P-GigabitEthernet4/1/1] ip address 10. # Configure the LSR ID and enable MPLS globally. setting the incoming label to 100 and the outgoing label to 200.2 32 [P-LoopBack0] quit [P] mpls lsr-id 10.1 out-label 100 4. <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 10.1 24 [PE1-GigabitEthernet4/1/2] mpls [PE1-GigabitEthernet4/1/2] quit # Create a remote connection from CE 1 to CE 2. [P] static-lsp transit pe2_pe1 incoming-interface GigabitEthernet 4/1/1 in-label 101 nexthop 10. Configure the P router.2.0.1 out-label 201 # Create a static LSP for forwarding packets from PE 2 to PE 1.

Configure CE 2.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 10.2.0.2 24 6. [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip address 10.[Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 10. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure interface GigabitEthernet 4/1/2. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 100.2: 56 data bytes.2 PING 100.1.2.1. setting the incoming label to 201 and the outgoing label to 101.1. [PE2] ccc ce2-ce1 interface GigabitEthernet 4/1/2 in-label 201 out-label 101 nexthop 10.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms 208 . The output shows that a remote CCC connection has been established.1. using the interface connecting CE 2 as the incoming interface and the interface connecting the P router as the outgoing interface. [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] quit # Configure interface GigabitEthernet 4/1/1 and enable MPLS. 1 up ***Name : ce1-ce2 Type : remote State : up Intf : GigabitEthernet4/1/2 (up) In-label : 201 Out-label : 101 nexthop : 10.2 (up) # Ping CE 2 from CE 1.2. The output shows that CE 1 and CE 2 can ping each other.1. 0 up Remote ccc vc : 1.0. press CTRL_C to break Reply from 100.2.0.3 [PE2] mpls [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN. # Display CCC connection information on PE 1.1. [PE] display ccc Total ccc vc : 1 Local ccc vc : 0.2. [CE1] ping 100.2 5.1. Verify your configuration.2.0.1 24 [PE2-GigabitEthernet4/1/1] mpls [PE2-GigabitEthernet4/1/1] quit # Create a remote connection from CE 2 to CE 1.

1.1/24 Configuration procedure The main steps are the following two: • Configure MPLS basic forwarding capability on the PEs and P router.2.2.2.1.2/24 CE 2 PE 2 Interface IP address Loop0 192. This includes configuring the LSR ID.1.2/24 Loop0 192. The detailed configuration procedure is as follows: 1. and running IGP (OSPF in this example) between PE 1. Figure 51 Network diagram Device Interface IP address Device P CE 1 GE4/1/1 100.1.1. enabling MPLS and LDP. the CEs are connected to PEs through GigabitEthernet interfaces.1/24 PE 1 Loop0 192.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.2: bytes=56 Sequence=5 ttl=255 time=60 ms --.1.3.1.4.1.1.1.1.Reply from 100.1. Establish an SVC MPLS L2VPN between CE 1 and CE 2. • Establish an SVC MPLS L2VPN connection.100.2/32 GE4/1/2 10.1.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.4.00% packet loss round-trip min/avg/max = 10/76/180 ms Example for configuring SVC MPLS L2VPN Network requirements As shown in Figure 51.1.2/24 GE4/1/2 10. Configure CE 1.1.2.2. This includes enabling MPLS L2VPN on PE 1 and PE 2 and establishing an SVC connection and specifying the VC labels.3/32 GE4/1/1 10. the P router. and PE 2 to establish LSPs.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface GigabitEthernet 4/1/1 209 .4/32 GE4/1/1 10.3.1/24 GE4/1/1 100.1.

[CE1-GigabitEthernet4/1/1] ip address 100. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.1 24 2.0. # Configure the LSR ID and enable MPLS globally.1.0 [PE1-ospf-1-area-0.0. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.1.0] quit [PE1-ospf-1] quit # On the interface connecting CE 1. create an SVC MPLS L2VPN connection.2.0.1 24 [PE1-GigabitEthernet4/1/2] mpls [PE1-GigabitEthernet4/1/2] mpls ldp [PE1-GigabitEthernet4/1/2] quit # Configure OSPF on PE 1 for establishing LSPs. The interface requires no IP address. namely GigabitEthernet 4/1/1.0.3.0. Configure the P router.2 0.2. [PE1-mpls] lsp-trigger all [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN.0.3.4.3 .1.2. namely GigabitEthernet 4/1/2.0] network 192. and enable LDP on the interface.0.2.4 32 210 destination 192. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.4. <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.1. Configure PE 1.0] network 10.2.255 [PE1-ospf-1-area-0. [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] mpls static-l2vc transmit-vpn-label 100 receive-vpn-label 200 [PE1-GigabitEthernet4/1/1] quit 3. # Configure the LSR ID and enable MPLS globally.2.2 [PE1] mpls # Configure the LSP establishment triggering policy.1.1 0.0. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure the interface for connecting to the P router.0.1. [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip address 10.

4.0 [P-ospf-1-area-0. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0. namely GigabitEthernet 4/1/1.2 24 [P-GigabitEthernet4/1/2] mpls [P-GigabitEthernet4/1/2] mpls ldp [P-GigabitEthernet4/1/2] quit # Configure the interface connected with PE 2. # Configure the LSR ID and enable MPLS globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1.[P-LoopBack0] quit [P] mpls lsr-id 192.2. [P] interface GigabitEthernet 4/1/2 [P-GigabitEthernet4/1/2] ip address 10. and enable LDP on the interface.4.0.4.2 24 [P-GigabitEthernet4/1/1] mpls [P-GigabitEthernet4/1/1] mpls ldp [P-GigabitEthernet4/1/1] quit # Configure OSPF on the P router for establishing LSPs. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.2.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.2.1. and enable LDP on the interface.0. namely GigabitEthernet 4/1/2.4 0.255 [P-ospf-1-area-0.3.1.1. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Enable LDP globally.1.4.0. [PE2] mpls ldp [PE2-mpls-ldp] quit 211 .2 0.0.0.0. [PE2-mpls] lsp-trigger all [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN. Configure PE 2.0.3.2.0] network 10.0.4 [P] mpls # Enable LDP globally.0.0] network 10.0.0.2 0.255 [P-ospf-1-area-0.0] network 192. [P] interface GigabitEthernet 4/1/1 [P-GigabitEthernet4/1/1] ip address 10.3 [PE2] mpls # Configure the LSP establishment triggering policy.0] quit [P-ospf-1] quit 4.0.3.0.3.0.

1. ce-intf GigabitEthernet4/1/2 1 up.3.2: bytes=56 Sequence=1 ttl=255 time=150 ms Reply from 100.3.1.2 tr-label 200 rcv-label tnl-policy 100 default # Ping CE 2 from CE 1. Configure CE 2.0.2: bytes=56 Sequence=2 ttl=255 time=130 ms Reply from 100.1.2 24 6.1 24 [PE2-GigabitEthernet4/1/1] mpls [PE2-GigabitEthernet4/1/1] mpls ldp [PE2-GigabitEthernet4/1/1] quit # Configure OSPF on PE 2 for establishing LSPs.3 0. [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip address 10.2 ping statistics --- 212 . ce-intf 1 up.2: bytes=56 Sequence=5 ttl=255 time=80 ms --.1.1.0.100.255 [PE2-ospf-1-area-0.2.1. and enable LDP on the interface. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 100.0] network 192.3 tr-label 100 rcv-label tnl-policy 200 default Display SVC L2VPN connection information on PE 2: [PE2] display mpls static-l2vc Total connections: 1.0.0.3.1. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0. 0 down state destination GigabitEthernet4/1/1 up 192.# Configure the interface connected with the P router.0.1. The output shows that an L2VPN connection has been established.0. # Display SVC L2VPN connection information on PE 1 or PE 2. The output shows that CE 1 and CE 2 can ping each other.1.2: bytes=56 Sequence=3 ttl=255 time=130 ms Reply from 100.2.2: bytes=56 Sequence=4 ttl=255 time=140 ms Reply from 100. create an SVC MPLS L2VPN connection.0.1.2. Display SVC L2VPN connection information on PE 1: [PE1] display mpls static-l2vc Total connections: 1.1. [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] mpls static-l2vc transmit-vpn-label 200 receive-vpn-label 100 destination 192.0.2: 56 data bytes.1. Verify your configuration.2.2.2.2 PING 100.1.2.2 [PE2-GigabitEthernet4/1/2] quit 5.1.0.0] network 10.2.0] quit [PE2-ospf-1] quit # On the interface connecting CE 2.1.1 0. [CE1] ping 100.1.1. 0 down state destination up 192. The interface requires no IP address. namely GigabitEthernet4/1/1.1.0. namely GigabitEthernet 4/1/2.3.0 [PE2-ospf-1-area-0. press CTRL_C to break Reply from 100.

1. Configure CE 1.2.2/24 GE4/1/2 10.1.2. # Configure the LSR ID and enable MPLS globally.1.4/32 PE 1 Loop0 192. the CEs are connected to PEs through GigabitEthernet interfaces.1.2/24 GE4/1/1 100.2.1/24 P Loop0 192.5 packet(s) transmitted 5 packet(s) received 0.1 24 2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.00% packet loss round-trip min/avg/max = 80/126/150 ms Example for configuring Martini MPLS L2VPN Network requirements As shown in Figure 52.2.3.2/32 GE4/1/1 10.1. Establish a Martini MPLS L2VPN between CE 1 and CE 2. Figure 52 Network diagram Device Interface IP address Device Interface IP address CE 1 GE4/1/1 100.2.1/24 GE4/1/2 10. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.3.1.2. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface GigabitEthernet4/1/1 [CE1-GigabitEthernet4/1/1] ip address 100.3/32 GE4/1/2 10.2.1.1/24 CE 2 PE 2 Configuration procedure 1.2. [PE1-mpls] lsp-trigger all [PE1-mpls] quit 213 .2 [PE1] mpls # Configure the LSP establishment triggering policy. Configure PE 1.4.2/24 Loop0 192.2.2.1.4.1.1.

[PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. [PE1] interface GigabitEthernet4/1/2 [PE1-GigabitEthernet4/1/2] ip address 10.0] network 192. and enable LDP on the interface. Configure the P router. namely GigabitEthernet 4/1/1.3.1 24 [PE1-GigabitEthernet4/1/2] mpls [PE1-GigabitEthernet4/1/2] mpls ldp [PE1-GigabitEthernet4/1/2] quit # Configure OSPF on PE 1 for establishing LSPs.0.2.4.2 24 214 .1 0. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.3.4 [P] mpls # Enable LDP globally.0. namely GigabitEthernet 4/1/1. [P] interface GigabitEthernet4/1/1 [P-GigabitEthernet4/1/1] ip address 10.1. <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.0. create a Martini MPLS L2VPN connection.0] network 10.0.1.255 [PE1-ospf-1-area-0.3 [PE1-mpls-ldp-remote-1] quit # Configure the interface connected with the P router. # Configure the LSR ID and enable MPLS globally.4.0.1.4.4.0.3. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1. namely GigabitEthernet 4/1/2.0 [PE1-ospf-1-area-0.2.0] quit [PE1-ospf-1] quit # On the interface connecting CE 1.1.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.2 0. The interface requires no IP address.0.3 101 [PE1-GigabitEthernet4/1/1] quit 3.3.0. [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 192. and enable LDP on the interface.1. [PE1] interface GigabitEthernet4/1/1 [PE1-GigabitEthernet4/1/1] mpls l2vc 192. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure the peer relationship with PE 2 so that the LDP remote session can be established between them.0.1.0.# Enable L2VPN and MPLS L2VPN.

1.3.3.4.0 [P-ospf-1-area-0. # Configure the LSR ID and enable MPLS globally. namely GigabitEthernet 4/1/2.0.2.0.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected with the P router.2. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0. and enable LDP on the interface.2.0. [PE2] interface GigabitEthernet4/1/2 [PE2-GigabitEthernet4/1/2] ip address 10.0.2.0.[P-GigabitEthernet4/1/1] mpls [P-GigabitEthernet4/1/1] mpls ldp [P-GigabitEthernet4/1/1] quit # Configure the interface connected with PE 2.2.255 [P-ospf-1-area-0.0.0.0] network 192. and enable LDP on the interface.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.0.0.2 0.2 0.2 24 [P-GigabitEthernet4/1/2] mpls [P-GigabitEthernet4/1/2] mpls ldp [P-GigabitEthernet4/1/2] quit # Configure OSPF on the P router for establishing LSPs.2.0] quit [P-ospf-1] quit 4.3. Configure PE 2.4.0] network 10.2. [PE2-mpls] lsp-trigger all [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN.0.0.3.255 [P-ospf-1-area-0.0.0.4 0. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192.0.0] network 10.2.3 [PE2] mpls # Configure the LSP establishment triggering policy. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure the peer relationship with PE 1 so that the LDP remote session can be established between them. namely GigabitEthernet 4/1/2. [P] interface GigabitEthernet4/1/2 [P-GigabitEthernet4/1/2] ip address 10.1.1 24 [PE2-GigabitEthernet4/1/2] mpls 215 . [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Enable LDP globally.

1.2 24 6.1. namely GigabitEthernet 4/1/1.0. The operation succeeds.3 0. create a Martini MPLS L2VPN connection. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface GigabitEthernet4/1/1 [CE2-GigabitEthernet4/1/1] ip address 100.2.0 0.0 [PE2-ospf-1-area-0.0.0.2 PING 100.1.0.0] network 192.1.[PE2-GigabitEthernet4/1/2] mpls ldp [PE2-GigabitEthernet4/1/2] quit # Configure OSPF on PE 2 for establishing LSPs.3. # Display L2VPN connection information on PE 1.2.1.2. The output shows that an L2VPN connection is established on PE 2.0.2: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.0. The interface requires no IP address.0. press CTRL_C to break Reply from 100.2: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 100.1. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.1.2: 56 data bytes.1. [CE1] ping 100.1.1.2.255 [PE2-ospf-1-area-0.0. [PE2] display mpls l2vc Total ldp vc : 1 1 up 0 down 0 blocked Transport Client VC Local Remote VC ID Intf State VC Label VC Label 101 GE4/1/1 up 1025 1024 # Ping CE 2 from CE 1.2: bytes=56 Sequence=5 ttl=255 time=70 ms --.1. [PE2] interface GigabitEthernet4/1/1 [PE2-GigabitEthernet4/1/1] mpls l2vc 192. Configure CE 2. Verify your configuration.0.1. The output shows that an L2VPN connection is established.2: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 100.0] quit [PE2-ospf-1] quit # On the interface connecting CE 2.3.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.0] network 10.1.1. [PE1] display mpls l2vc Total ldp vc : 1 1 up 0 down 0 blocked Transport Client VC Local Remote VC ID Intf State VC Label VC Label 101 GE4/1/1 up 1024 1025 # Display the L2VPN connection information on PE 2.1.2 101 [PE2-GigabitEthernet4/1/1] quit 5.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 216 .1.100.1.0.

or the display mpls lsp command to view the LSPs established.1. you can issue the display mpls ldp session and display mpls ldp peer commands to view the LDP sessions and peer relationship established. 2.1/24 GE4/1/2 169. Configure an IGP on the MPLS backbone.1.3. you should see that OSPF adjacencies have been established and reached the state of Full. you should see that it has learned the routes to the LSR IDs of the other LSRs.9/32 PE 1 Loop0 1.1.9/32 GE4/1/1 169.0.1/24 GE4/1/1 30.1/24 P Loop0 2. Configure BGP L2VPN capability.9/32 GE4/1/1 168. the CEs are connected to PEs through GigabitEthernet interfaces.1.1.1. issuing the display ip routing-table command on each LSR.9 as-number 100 217 .1.1.1. Issuing the display ospf peer command. This example uses OSPF.1.00% packet loss round-trip min/avg/max = 30/50/70 ms Example for configuring Kompella MPLS L2VPN Network requirements As shown in Figure 53.2/24 CE 2 PE 2 Interface IP address Loop0 3. 3.2/24 Configuration procedure 1. (Details not shown) After configuration.3. Configure basic MPLS and LDP to establish LDP LSPs.1.1.2/24 GE4/1/2 168.1. (Details not shown) After configuration. <Sysname> system-view [Sysname] sysname PE1 [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit [PE1] bgp 100 [PE1-bgp] peer 3. Establish a Kompella MPLS L2VPN between CE 1 and CE 2.2.1.3. Figure 53 Network diagram Device Interface IP address Device CE 1 GE4/1/1 30.3.2. # Configure PE 1.

3.9 Local AS number : 100 Total number of peers : 1 4. # Configure PE 1.3. [PE1] mpls l2vpn vpn1 encapsulation ethernet [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface GigabitEthernet4/1/1 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit # Configure PE 2. The peer state should be Established.9 enable [PE1-bgp-af-l2vpn] quit [PE1-bgp] quit # Configure PE 2. Verify your configuration. Take PE 1 as an example: [PE1] display bgp l2vpn peer BGP local router ID : 1.3.[PE1-bgp] peer 3.9 enable [PE2-bgp-af-l2vpn] quit [PE2-bgp] quit After completing the configurations.9 as-number 100 [PE2-bgp] peer 1.1.1.1.3. <Sysname> system-view [Sysname] sysname PE2 [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.9 connect-interface loopback 0 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] policy vpn-target [PE1-bgp-af-l2vpn] peer 3. [PE2] mpls l2vpn vpn1 encapsulation ethernet [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface GigabitEthernet4/1/2 [PE2-mpls-l2vpn-ce-vpn1-ce2] quit [PE2-mpls-l2vpn-vpn1] quit 5. issue the display bgp l2vpn peer command on PE 1 and PE 2 to view the peer relationship established between the PEs.3.1. 218 .1.3.9 4 100 Peers in established state : 1 MsgRcvd MsgSent 2 5 OutQ PrefRcv Up/Down 0 0 State 00:01:07 Established Configure the L2VPN and the CE connection.9 connect-interface loopback 0 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] policy vpn-target [PE2-bgp-af-l2vpn] peer 1.1. Peer V AS 3.1.

3.1.1.2 PING 30. # Configure basic MPLS.1.00% packet loss round-trip min/avg/max = 34/68/94 ms Example for configuring a Kompella local connection Network requirements As shown in Figure 54.1.1.1. 0 down. Configure the PE.3.2: 56 data bytes. The output shows that an L2VPN connection is established between the PEs and the connection is up.2: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 30.2: bytes=56 Sequence=5 ttl=255 time=94 ms --.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms Reply from 30. press CTRL_C to break Reply from 30. 0 local.9 # Ping CE 2 from CE 1. connections: 1 up.1. Figure 54 Network diagram Configuration procedure 1. 1 total connections. 0 down.1.1. 0 local. 0 unknown VPN name: vpn1.30.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. Rid type status peer-id route-distinguisher intf 2 100:1 GigabitEthernet4/1/2 rmt up 3. 219 .1. (Details not shown) # Configure the L2VPN and the CE connection. connections: 1 up. create a Kompella local connection between CE 1 and CE 2.Issue the display mpls l2vpn connection command on the PEs.2: bytes=56 Sequence=4 ttl=255 time=46 ms Reply from 30.1.1. The output shows that CE 1 and CE 2 can ping each other. 1 remote. [CE1] ping 30.2: bytes=56 Sequence=3 ttl=255 time=34 ms Reply from 30. id: 1.1. 0 unknown CE name: ce1. 1 remote. Take PE 1 as an example: [PE1] display mpls l2vpn connection 1 total connections.1.

0 unknown VPN name: vpn1. [CE1] ping 30. Verify your configuration.1. Rid type status peer-id route-distinguisher intf 2 --- GigabitEthernet4/1/1 Rid type status peer-id route-distinguisher intf 1 --- GigabitEthernet4/1/2 loc up --- CE name: ce2. 2 total connections.1.<Sysname> system-view [Sysname] sysname PE [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit [PE] mpls l2vpn vpn1 encapsulation ethernet [PE-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE-mpls-l2vpn-vpn1] vpn-target 111:1 [PE-mpls-l2vpn-vpn1] ce ce1 id 1 [PE-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface GigabitEthernet4/1/1 [PE-mpls-l2vpn-ce-vpn1-ce1] quit [PE-mpls-l2vpn-vpn1] ce ce2 id 2 [PE-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface GigabitEthernet4/1/2 [PE-mpls-l2vpn-vpn1] quit 2. loc up --- # Ping CE 2 from CE 1. 0 unknown CE name: ce1.1. connections: 2 up.30. 0 remote.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 30.2: bytes=56 Sequence=3 ttl=255 time=34 ms Reply from 30.1.1.2: 56 data bytes.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.1.2 PING 30. 2 local.1. id: 1.2: bytes=56 Sequence=2 ttl=255 time=77 ms Reply from 30.1. connections: 2 up. 0 down. [PE] display mpls l2vpn connection 2 total connections.2: bytes=56 Sequence=4 ttl=255 time=46 ms Reply from 30. The output shows that CE 1 and CE 2 can ping each other.1.1. 0 down.1. # Issue the display mpls l2vpn connection command on the PE.00% packet loss round-trip min/avg/max = 34/68/94 ms 220 .1. id: 2.2: bytes=56 Sequence=5 ttl=255 time=94 ms --. 2 local. The output shows that two local L2VPN connections are established and in up state. 0 remote.1. press CTRL_C to break Reply from 30.

221 . • Check whether the PEs are configured with the Remote argument and whether the peer addresses are correctly configured. the peer PEs cannot ping each other.Troubleshooting MPLS L2VPN Symptom After the L2VPN configuration. Solution • Check whether the local PE and the peer PE are configured with the same encapsulation type. the connection is destined to fail. The output of the display mpls l2vc command shows that the VC is down and the remote VC label is invalid. If not. Analysis The reason the VC is down may be that the PEs are configured with different encapsulation types.

It is not directly connected to any CE. It has only basic MPLS forwarding capability. MPLS L3VPN overview MPLS L3VPN is a PE-based L3VPN technology. MPLS L3VPN provides flexible networking modes. It can neither “sense” the presence of any VPN nor does it need to support MPLS. Figure 55 Network diagram for MPLS L3VPN model VPN 1 Site 1 VPN 2 Site 3 P P CE CE PE PE CE P P PE CE Site 2 VPN 2 Site 4 VPN 1 CEs and PEs mark the boundary between the service providers and the customers. MPLS L3VPN comprises the following types of devices: • Customer edge (CE) device—A CE resides on a customer network and has one or more interfaces directly connected to service provider networks.Configuring MPLS L3VPN NOTE: This chapter covers only introduction to and configuration of MPLS L3VPN. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over service provider backbones. and convenient support for MPLS QoS and MPLS TE. excellent scalability.” For information about BGP. It can be a router. see the chapter “Configuring basic MPLS. • Provider edge (PE) device—A PE resides at the edge of a service provider network and connects one or more CEs. 222 . a switch. or a host. On an MPLS network. all VPN services are processed on the PEs. For information about MPLS basics. • Provider (P) device—A P device is a core device on a service provider network. see Layer 3—IP Routing Configuration Guide.

if both VPN 1 and VPN 2 use the addresses on network segment 10. and the administration information of the VPN instance. Address space overlapping Each VPN independently manages the addresses that it uses. which results in loss of the other route. • The classification of a site depends on the topology relationship of the devices. rather than all VPN routing information on the provider network. A CE and a PE use BGP/IGP to exchange routing information. rather than the geographical positions. the ingress PE functions as the ingress LSR. • The devices at a site can belong to multiple VPNs. 223 . A PE creates and maintains a VPN instance for each directly connected site.10. MPLS L3VPN concepts Site Sites are often mentioned in the VPN. For example. and P routers function as the transit LSRs. both VPN 1 and VPN 2 use addresses on the segment 10. each VPN instance on a PE maintains a relatively independent routing table and a separate label forwarding information base (LFIB). A site can contain many CEs. it advertises its VPN routes to the PE and learns remote VPN routes from the PE.A CE is usually a router.110. If.0/24 and each advertise a route to the segment. After a PE learns the VPN routing information of a CE. Each VPN instance contains the VPN membership and routing rules of the corresponding site. route filtering policy.0/24. A P router only maintains routes to PEs and does not deal with VPN routing information. The address spaces of VPNs may overlap. VPN-IPv4 address Traditional BGP cannot process VPN routes which have overlapping address spaces. Such a set is called a VPN. Sites connected to the same provider network can be classified into different sets by policies. routes of different VPNs are identified by VPN instances. VPN instance information includes the LFIB. If a user at a site belongs to multiple VPNs at the same time. but a CE can belong to only one site. • A site is connected to a provider network through one or more CEs. VPN instance In MPLS VPN. After a CE establishes adjacency with a directly connected PE. though the devices at a site are adjacent to each other geographically in most cases. Only the sites in the same set can access each other through the provider network. the egress PE functions as the egress LSR.110. the IP routing table. When VPN traffic travels over the MPLS backbone. A site has the following features: • A site is a group of IP systems with IP connectivity that does not rely on any service provider network to implement. The administration information of a VPN instance includes the route distinguisher (RD). The assembly of such addresses for a VPN is called an address space. BGP selects only one of them. the VPN instance of the site contains information about all the VPNs. address space overlapping occurs. A PE maintains routing information about only VPNs that are directly connected. it uses BGP to exchange VPN routing information with other PEs. You can also configure static routes between them. For independence and security of VPN data.10. the interfaces bound to the VPN instance. and member interface list. for example.

or route target attributes. the Assigned number subfield occupies two bytes. and the RD format is 32-bit AS number:16-bit user-defined number. so that routes to the same CE use the same RD. a PE can advertise different routes to VPNs even if the VPNs are from different service providers and are using the same IPv4 address space. and the RD format is 16-bit AS number:32-bit user-defined number. An RD can be related to an autonomous system (AS) number. to control the advertisement of VPN routing information.PEs use MP-BGP to advertise VPN routes. followed by a 4-byte IPv4 address prefix. in which case it is the combination of the IP address and a discretionary number.1. do not set the Administrator subfield to any private AS number or private IP address. The VPN-IPv4 address with an RD of 0 is in fact a globally unique IPv4 address. the Assigned number subfield occupies two bytes. A service provider can independently assign RDs provided the assigned RDs are unique. the Administrator subfield occupies four bytes. If the export target attribute matches the import target attribute of the VPN instance. • Import target attribute: A PE checks the export target attribute of VPN-IPv4 routes advertised by other PEs. • When the value of the Type field is 2. and the RD format is 32-bit IPv4 address:16-bit user-defined number. For example. Thus. To guarantee global uniqueness for RDs. in which case it is the combination of the AS number and a discretionary number. The first eight bytes represent the RD. as shown in Figure 56. Figure 56 VPN-IPv4 address structure When a PE receives an ordinary IPv4 route from a CE. the Assigned number subfield occupies four bytes. By prefixing a distinct RD to a specific IPv4 address prefix. A VPN-IPv4 address consists of 12 bytes.1:1. the Administrator subfield occupies two bytes. 65536:1. VPN target attributes MPLS L3VPN uses the BGP extended community attributes called VPN target attributes. it must advertise the VPN route to the peer PE. • When the value of the Type field is 1. the PE adds the routes to the VPN routing table. A VPN instance on a PE supports two types of VPN target attributes: • Export target attribute: A local PE sets this type of VPN target attribute for VPN-IPv4 routes learned from directly connected sites before advertising them to other PEs. where the minimum value of the AS number is 65536. An RD can be in one of the following three formats distinguished by the Type field: • When the value of the Type field is 0. 172. The uniqueness of a VPN route is implemented by adding an RD to the route. For example. the Administrator subfield occupies four bytes. Configure a distinct RD for each VPN instance on a PE. or it can be related to an IP address.1. 100:1. 224 . you get a globally unique VPN IPv4 address prefix. For example. and use VPN-IPv4 address family to solve the problem with traditional BGP.

to which CE the packet should be sent. or both as needed. It is backward compatible and supports both traditional IPv4 address family and other address families. • 32-bit AS number:16-bit user-defined number. you can configure an import routing policy. VPN packets can be label switched along the LSPs to the remote PEs. VPN target attributes define which sites can receive VPN-IPv4 routes. and from which sites that a PE can receive routes. For example. you can also configure import and export routing policies to control the redistribution and advertisement of VPN routes more precisely. An inner label indicates to which site.1:1. By default. A tunneling policy takes effect only within the local AS.1. 65536:1. It can reject the routes selected by the communities in the import target attribute. used for label switching inside the backbone. Using MP-BGP can guarantee that private routes of a VPN are advertised only in the VPN and implement communications between MPLS VPN members. • Layer 2 labels—Inner labels.1. The following takes Figure 57 as an example to illustrate the VPN packet forwarding procedure. For example. where the minimum value of the AS number is 65536. They indicate LSPs from the local PEs to the remote PEs. an export routing policy. 172. For example. each CE only needs to know how to reach the other CE. you can optionally configure a tunneling policy for the VPN instance. An export routing policy can reject the routes selected by the communities in the export target attribute. MPLS L3VPN packet forwarding For basic MPLS L3VPN applications in a single AS. • 32-bit IPv4 address:16-bit user-defined number. VPN packets are forwarded with the following layers of labels: • Layer 1 labels—Outer labels. Routing policy In addition to the import and export extended communities for controlling VPN route advertisement. or more precisely. Based on layer 1 labels.In other words. used for forwarding packets from the remote PEs to the CEs. such as VPN-IPv4 address family. 225 . After a VPN instance is created. CR-LSP tunnel. A PE finds the interface for forwarding a packet according to the inner label. Like RDs. VPN target attributes can be of three formats: • 16-bit AS number:32-bit user-defined number. MP-BGP Multiprotocol extensions for BGP-4 (MP-BGP) advertises VPN composition information and routes between PEs. After a VPN instance is created. 100:1. If two sites (CEs) belong to the same VPN and are connected to the same PE. Tunneling policy A tunneling policy is used to select the tunnel for the packets of a specific VPN instance to use. only one tunnel is selected (no load balancing) in this order: LSP tunnel. An import routing policy can further filter the routes that can be advertised to a VPN instance by using the VPN target attribute of import target attribute.

CE 1 transmits the packet to PE 1. For this networking scheme. this VPN target cannot be used by any other VPNs. VPN target attributes are used to control the advertisement and reception of VPN routes between sites. Moreover. Site 1 sends an IP packet with the destination address of 1. you need to assign a VPN target to each VPN for identifying the export target attribute and import target attribute of the VPN. 2. 5.2. 3. CE 2 transmits the packet to the destination by IP forwarding.Figure 57 VPN packet forwarding 1. Once finding a matching entry.1. They can forward traffic to each other but cannot communicate with any user outside the VPN. PE 2 searches VPN instance entries according to the inner label and destination address of the packet to determine the outbound interface and then forwards the packet out the interface to CE 2. Basic VPN networking scheme In the simplest case. all users in a VPN form a closed user group. They work independently and can be configured with multiple values to support flexible VPN access control and implement multiple types of VPN networking schemes. the basic VPN networking scheme. 4. The MPLS backbone transmits the packet to PE 2 by outer label. PE 1 labels the packet with both inner and outer labels and forwards the packet out. 226 . MPLS L3VPN networking schemes In MPLS L3VPNs. The outer label is removed from the packet at the penultimate hop. PE 1 searches VPN instance entries based on the inbound interface and destination address of the packet.1.

• On the hub PE (that is. Hub and spoke networking scheme For a VPN where a central access control device is required and all users must communicate with each other through the access control device. for example. while that for VPN 2 is 200:1. The VPN target setting rules for VPN instances of all sites on PEs are as follows: • On spoke PEs (that is. The two VPN 1 sites can communicate with each other. 227 . However. and the export target attribute of the VPN instance for the latter to Hub. the VPN 1 sites cannot communicate with the VPN 2 sites. and the two VPN 2 sites can communicate with each other. and the other for advertising routes to spoke PEs. Set the import target attribute of the VPN instance for the former to Spoke. the VPN target for VPN 1 is 100:1 on the PEs. the hub and spoke networking scheme can be used to implement the monitoring and filtering of user communications. one for receiving routes from spoke PEs.Figure 58 Network diagram for basic VPN networking scheme In Figure 58. the PEs connected with spoke sites). set the export target attribute to Spoke and the import target attribute to Hub. This networking scheme requires two VPN targets: one for the hub and the other for the spoke. the PE connected to the hub site). specify two interfaces or subinterfaces.

Figure 59 Network diagram for hub and spoke networking scheme In Figure 59. • The import target attribute of any spoke PE is distinct from the export VPN targets of the other spoke PEs. In this kind of networking scheme. Extranet networking scheme The extranet networking scheme can be used when some resources in a VPN are to be accessed by users that are not in the VPN. 228 . the export target attribute and the import target attribute of the VPN must be contained respectively in the import target attribute and the export target attribute of the VPN instance of the shared site. Thus. • The hub PE advertises the routes learned from a spoke PE to the other spoke PEs. any two spoke PEs can neither directly advertise VPN-IPv4 routes to each other nor directly access each other. • All spoke PEs can receive the VPN-IPv4 routes advertised by the hub PE. The arrows in the figure indicate the advertising path of routes from Site 2 to Site 1: • The hub PE can receive all the VPN-IPv4 routes advertised by spoke PEs. if a VPN needs to access a shared site. the spoke sites communicate with each other through the hub site. Therefore. the spoke sites can communicate with each other through the hub site.

a CE advertises its VPN routing information to the PE. 229 . routes learned from an IBGP neighbor will not be advertised to any other IBGP neighbor). Site 1 and Site 3 of VPN 1 can communicate with each other.Figure 60 Network diagram for extranet networking scheme In Figure 60. A PE maintains only the routing information of the VPNs directly connected to it. The following describes these phases in detail. Therefore. • Based on the above. a route is available between the local CE and the remote CE. The VPN routing information of a local CE is advertised in three phases: 1. nor the VPN-IPv4 routes received from PE 2 to PE 1 (that is. MPLS L3VPN has excellent scalability. rather than that of all VPNs. 3. Advertised from the local CE to the ingress PE. and the VPN routing information can be advertised on the backbone. Advertised from the ingress PE to the egress PE. VPN 1 and VPN 2 can access Site 3 of VPN 1. Advertised from the egress PE to the remote CE. PE 3 advertises neither the VPN-IPv4 routes received from PE 1 to PE 2. MPLS L3VPN routing information advertisement In basic MPLS L3VPN networking. Therefore. • PE 1 and PE 2 can receive the VPN-IPv4 routes advertised by PE 3. A P router maintains only the routes of the backbone and does not need to know any VPN routing information. and Site 2 of VPN 2 and Site 3 of VPN 1 can communicate with each other. the advertisement of VPN routing information involves CEs and PEs. • PE 3 can receive the VPN-IPv4 routes advertised by PE 1 and PE 2. Site 1 of VPN 1 and Site 2 of VPN 2 cannot communicate with each other. Routing information exchange from the local CE to the ingress PE After establishing an adjacency with the directly connected PE. Then. 2.

OSPF route. This solution is also called inter-AS option B. the CE always advertises standard IPv4 routes to the PE. The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE. Each of them treats the other as a CE of its own and advertises IPv4 routes through conventional EBGP. This solution is also called inter-AS option A. Within an AS. Routing information exchange from the egress PE to the remote CE A remote CE can learn VPN routes from the egress PE in a number of ways. PEs use IGP to ensure the connectivity between them. 230 . • Multihop EBGP redistribution of labeled VPN-IPv4 routes—PEs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. EBGP route. This solution is also called inter-AS option C. The routes can be static routes. Inter-AS VPN In some networking scenarios. • EBGP redistribution of labeled VPN-IPv4 routes—ASBRs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE. each inter-AS has a pair of subinterfaces to exchange VPN routing information. Ideally. Then. the ingress PE advertises the VPN-IPv4 routes to the egress PE through MP-BGP. RIP route. RFC 2547bis presents the following inter-AS VPN solutions: • VRF-to-VRF—ASBRs manage VPN routes between them through subinterfaces. RIP routes. packets are forwarded using two-level label forwarding as VPN packets. and then trigger MPLS to assign VPN labels for them. EBGP routes. Finally.The route between the CE and the PE can be a static route. IS-IS route. OSPF routes. PEs of two ASs are directly connected and each PE is also the ASBR of its AS. Inter-AS option A In this solution. the egress PE compares the export target attribute of the VPN-IPv4 routes with the import target attribute that it maintains for the VPN instance and determines whether to add the routes to the routing table of the VPN instance. multiple sites of a VPN may be connected to multiple ISPs in different ASs. Between ASBRs. and IBGP routes. The PEs acting as ASBRs are connected through multiple subinterfaces. No matter which routing protocol is used. or IBGP route. save them to the routing table of the VPN instance that is created for the CE. conventional IP forwarding is used. IS-IS routes. or to multiple ASs of an ISP. the ingress PE adds RDs and VPN targets for these standard IPv4 routes to create VPN-IPv4 routes. Such an application is called inter-AS VPN.

2. the requirement to create a separate subinterface for each VPN also calls for higher performance of the PEs. The ASBRs must perform the special processing on the labeled VPN-IPv4 routes. The ASBR PE of AS 200 advertises labeled VPN-IPv4 routes to PEs in AS 200 or to the RR for the PEs through MP-IBGP. two ASBRs use MP-EBGP to exchange labeled VPN-IPv4 routes that they have obtained from the PEs in their respective ASs.Figure 61 Network diagram for inter-AS option A This kind of solution is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. PEs in AS 100 advertise labeled VPN-IPv4 routes to the ASBR PE of AS 100 or the route reflector (RR) for the ASBR PE through MP-IBGP. the routes are advertised through the following steps: 1. it has limited scalability because the PEs acting as the ASBRs have to manage all the VPN routes and create VPN instances on a per-VPN basis. 3. The ASBR PE advertises labeled VPN-IPv4 routes to the ASBR PE of AS 200 through MP-EBGP. This leads to excessive VPN-IPv4 routes on the PEs. As shown in Figure 62. also called ASBR extension method. Moreover. However. 231 . Inter-AS option B In this kind of solution.

inter-AS option B is better than option A. the ASBRs may become bottlenecks hindering network extension. Thus. • VPN-IPv4 routes are exchanged only between VPN peers. • The ASBRs neither maintain VPN-IPv4 routes nor advertise VPN-IPv4 routes to each other.Figure 62 Network diagram for inter-AS option B M IB PG P M G IB PP In terms of scalability. note the following issues: • ASBRs perform no VPN target filtering on VPN-IPv4 routes that they receive from each other. an LSP is established between the ingress PE and egress PE. However. A VPN user can exchange VPN-IPv4 routes neither with the public network nor with MP-EBGP peers with whom it has not reached agreement on the route exchange. When adopting MP-EBGP method. • An ASBR maintains labeled IPv4 routes of the PEs in the AS and advertises them to the peers in the other ASs. The ASBR of another AS also advertises labeled IPv4 routes. they require that the ASBRs maintain and advertise VPN-IPv4 routes. Therefore. 232 . One way to solve the above problem is to make PEs directly exchange VPN-IPv4 routes without the participation of ASBRs: • Two ASBRs advertise labeled IPv4 routes to PEs in their respective ASs through MP-IBGP. • Between PEs of different ASs. Multi-hop EBGP connections are established to exchange VPN-IPv4 routes. the ISPs in different ASs that exchange VPN-IPv4 routes need to agree on the route exchange. Inter-AS option C The inter-AS option A and B solutions can satisfy the needs for inter-AS VPNs. When every AS needs to exchange a great amount of VPN routes.

while the customer is called the customer carrier or the Level 2 carrier. the Level 2 service provider serves as a CE of the Level 1 service provider. This networking model is referred to as carrier’s carrier. In this model. In this case. For good scalability. the Level 1 carrier does not redistribute the routes of the customer network connected to a Level 2 carrier.Figure 63 Network diagram for inter-AS option C To improve the scalability. as shown in Figure 64. making it maintain all VPN-IPv4 routes and exchange VPN-IPv4 routes with PEs in the AS. Figure 64 Network diagram for inter-AS option C using RRs Carrier’s carrier Introduction to carrier's carrier It is possible that a customer of the MPLS L3VPN service provider is also a service provider. the MPLS L3VPN service provider is called the provider carrier or the Level 1 carrier. you can specify an RR in each AS. The RRs in two ASs establish an inter-AS VPNv4 connection to advertise VPN-IPv4 routes. it only redistributes the routes for delivering packets between different sites 233 .

PE 3 and PE 4 exchange VPN routes of the Level 2 carrier through MP-IBGP sessions. When the Level 2 carrier is an ordinary ISP. Implementation of carrier’s carrier Compared with the common MPLS L3VPN. the carrier’s carrier is different because of the way in which a CE of a Level 1 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. a Level 2 carrier. PE 3 and PE 4 exchange VPN routes of the Level 2 carrier through IBGP sessions. As shown in Figure 66. As shown in Figure 65. you need to configure MP-EBGP to label the routes exchanged between them. • If the PE and the CE are not in the same AS. Figure 65 Scenario where the Level 2 carrier is an ISP When the Level 2 carrier is an MPLS L3VPN service provider. accesses a PE of the Level 1 carrier: • If the PE and the CE are in a same AS. Routes of the customer networks connected to a Level 2 carrier are exchanged through the BGP session established between the routers of the Level 2 carrier. A Level 2 carrier can be an ordinary ISP or an MPLS L3VPN service provider. but it does not advertise the routes to the PE of the Level 1 carrier.of the Level 2 carrier. rather than MPLS. the CE holds the VPN routes of the Level 2 carrier. that is. 234 . Moreover. its PEs need to run IGP and LDP to communicate with CEs. In either case. you need to configure IGP and LDP between them. you need to enable MPLS on the CE of the Level 1 carrier. its PEs run IGP to communicate with the CEs. it only exchanges the routes with other PEs of the Level 2 carrier.

This solution is easy to deploy. a customer’s networks are ordinary IP networks and cannot be further divided into sub-VPNs. 235 . The traditional solution to this request is to implement internal VPN configuration on the service provider’s PEs. On the service provider’s MPLS VPN network. Nested VPN Background In an MPLS L3VPN network. The customer VPN contains two sub-VPNs. CE 7 and CE 8) exchange VPNv4 routes that carry the sub-VPN routing information with the service provider PEs. The nested VPN technology offers a better solution. • Any modification of an internal VPN must be done through the service provider. H3C recommends establishing equal cost LSPs between them. CE 2. Different sites of a VPN customer are connected to the PEs through CEs to implement communication. VPN A-1 and VPN A-2. but it increases the network operation cost and brings issues on management and security because: • The number of VPNs that PEs must support will increase sharply. generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs. It exchanges VPNv4 routes between PEs and CEs of the ISP MPLS L3VPN and allows a customer to manage its own internal VPNs.Figure 66 Scenario where the Level 2 carrier is an MPLS L3VPN service provider PE 1 PE 2 MP-IBGP Level 1 carrier CE 1 Level 2 carrier IGP/LDP/Labeled BGP IGP/LDP IGP/LDP CE 2 Level 2 carrier MP-IBGP PE 3 PE 4 CAUTION: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier. The service provider PEs treat the customer’s network as a common VPN user and do not join any sub-VPNs. in actual applications. However. customer networks can be dramatically different in form and complexity. The customer’s CE devices (CE 1. implementing the propagation of the sub-VPN routing information throughout the customer network. and a customer network may need to use VPNs to further group its users. Figure 67 depicts a nested VPN network. there is a customer VPN named VPN A. In this scenario.

it matches the VPNv4 routes based on its local VPNs. Benefits The nested VPN technology features the following main benefits: • Support for VPN aggregation. the PE advertises VPNv4 routes to the CE. Sites of the same VPN can have the same number or different numbers of internal VPNs. Each local VPN accepts routes of its own and advertises them to its connected sub-VPN CEs (such as CE 3 and CE 4. a provider PE keeps the user’s internal VPN information. • Support for multiple levels of nesting of internal VPNs. the PE advertises IPv4 routes to the CE. routing information is propagated in the following process: 1. 236 . A provider PE and its CEs exchange VPNv4 routes. After receiving a VPNv4 route.Figure 67 Network diagram for nested VPN P CE 8 Provider PE Provider MPLS VPN backbone Provider PE VPN 1 Customer MPLS VPN network Customer MPLS VPN network Customer PE Customer PE VPN 1 VPN 2 CE 2 CE 1 CE 3 CE 7 CE 5 CE 4 VPN 1 VPN 2 CE 6 VPN 2 Propagation of routing information In a nested VPN network. • Support for both symmetric networking and asymmetric networking. That is. 2. or CE 5 and CE 6 in Figure 67). If a CE is connected to a provider PE through an IPv4 connection. If a CE is connected to a provider PE through a VPNv4 connection (a user MPLS VPN network). 4. 3. it replaces the RD of the VPNv4 route with the RD of the user’s MPLS VPN on the service provider network and adds the export route-target (ERT) attribute of the user’s MPLS VPN on the service provider network to the extended community attribute list of the route. It can aggregate a customer’s internal VPNs into one VPN on the service provider’s MPLS VPN network. After another provider PE receives the VPNv4 routes. and appends the user’s MPLS VPN attributes on the service provider network. The provider PE advertises VPNv4 routes which carry the comprehensive VPN information to the other PEs of the service provider. which carry information about users’ internal VPNs. The internal VPN information of the user is maintained on the provider PE.

hierarchy of VPN (HoVPN) was proposed to meet that requirement. which take different roles for the same functions and form a hierarchical architecture. They provide the following functions: • User access. the plane model is not applicable to the large-scale VPN deployment. Due to the specified difference. With HoVPN. NOTE: All IP addresses associated with the PE must be unique to implement the multi-role host feature. For example. Multi-role host The VPN attributes of the packets forwarded from a CE to a PE depend on the VPN instance bound to the inbound interface. In a real networking environment. the core layer. you can set multiple logical interfaces to satisfy the requirement. Using multi-role host. HoVPN Why HoVPN? In MPLS L3VPN solutions. on the contrary. you are faced with the scalability problem when deploying PEs at any of the three layers. namely. In this case. MPLS L3VPN must transition to the hierarchical model. In MPLS L3VPN. and access layer. all CEs whose packets are forwarded through the same inbound interface of a PE must belong to the same VPN. and user packet processing. a CE may need to access multiple VPNs through a single physical interface. the PE functions can be distributed among multiple PEs. Therefore. In practice. From the core layer to the access layer. Therefore. To allow information from other VPNs to reach the CE from the PE. MPLS L3VPN. 237 .Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs to pay for one MPLS VPN to have multiple internal VPNs connected. distribution layer. These require that a PE must have a large-capacity memory and high forwarding capability. and allows for multi-level hierarchical access control over the internal VPNs. To solve the scalability problem of the plane model. Nested VPN provides diversified VPN networking methods for a customer. PEs are the key devices. the performance requirements on the devices decrease while the network expands. If a certain PE has limited performance or scalability. • VPN route managing and advertising. This means that the PEs must have a large amount of interfaces. the performance or scalability of the whole network is influenced. you must configure static routes on other VPNs that take the interface connected to the CE as the next hop. is a plane model where performance requirements are the same for all PEs. the MAN architecture contains typically three layers. H3C recommends centralizing the addresses of each VPN to improve the forwarding efficiency. you can configure policy routing on the PE to allow packets from the CE to access multiple VPNs. But this needs extra configurations and brings limitations to the application. Most of the current network schemes use the typical hierarchical architecture. however.

The hierarchical PE consists of multiple UPEs and SPEs. or only maintains their summary routes. By using routing policies. low forwarding performance. whereas devices that are connected with UPEs and are in the internal network are called superstratum PEs (SPE) or service provider-end PEs. • A UPE is required to have small-capacity routing table. Hence.As in the typical hierarchical network model. and fewer interface resources. UPEs and SPEs play different roles: • A UPE allows user access. HoVPN has different requirements on the devices at different layers of the hierarchy. It does not maintain the routes of the remote sites in the VPN. It maintains the routes of the VPN sites that are directly connected with it. A UPE assigns inner labels to the routes of its directly connected sites. HoVPN takes full use of both the high performance of SPEs and the high access capability of UPEs. • An SPE manages and advertises VPN routes. the solution is also called hierarchy of PE (HoPE). and advertises the labels to the SPE along with VPN routes through MP-BGP. NOTE: With the HoVPN solution. you can control which nodes in a VPN can communicate with each other. including the routes of both the local and remote sites. Different roles mean different requirements: • An SPE is required to have large-capacity routing table. but higher access capability. It maintains all the routes of the VPNs connected through UPEs. devices directly connected to CEs are called underlayer PEs (UPEs) or user-end PEs. 238 . An SPE advertises routes along with labels to UPEs. including the default routes of VPN instances or summary routes and the routes permitted by the routing policy. Implementation of HoVPN Figure 68 Basic architecture of HoVPN As shown in Figure 68. high forwarding performance. PE functions are implemented hierarchically. which function together as a traditional PE.

The HoPE and common PEs can coexist in an MPLS network. in order to advertise routes between IBGP peers. OSPF VPN extension 239 . Each UPE maintains only VPN routes of its directly connected sites. SPE-UPE The MP-BGP running between SPE and UPE can be either MP-IBGP or MP-EBGP. The PE in the middle is called the middle-level PE (MPE). MP-BGP advertises all the VPN routes of the UPEs to the SPEs. it does not act as the RR of the other PEs. With MP-IBGP. Figure 69 Recursion of HoPEs Figure 69 shows a three-level HoPE. as well as between MPE and UPE. With recursion of HoPEs. However. • A HoPE can act as an SPE to form a new HoPE with multiple UPEs. a PE may be the SPE of its underlayer PEs and a UPE of its SPE at the same time. Which one to use depends on whether the UPE and SPE belong to a same AS.The concepts of SPE and UPE are relative. a VPN can be extended infinitely in theory. The SPE maintains the VPN routes of all sites in the HoVPN. Recursion and extension of HoVPN HoVPN supports HoPE recursion: • A HoPE can act as a UPE to form a new HoPE with an SPE. NOTE: The term of MPE does not really exist in a HoVPN model. The number of routes maintained by the MPE is between SPE and UPE. In the hierarchical PE architecture. the SPE acts as the RR and advertises routes from IBGP peer UPE to IBGP peer SPE. It is used here just for the convenience of description. and advertises the default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs. • HoVPN supports multi-level recursion. MP-BGP runs between SPE and MPE.

As shown in Figure 70. PE 1 redistributes OSPF routes from CE 11 into BGP. The following describes details of OSPF configuration between PE and CE. PE 1 advertises the VPN routes to PE 2 through BGP. the connected PE must be connected to the backbone area of the VPN site through area 0. and CE 22 belong to the same OSPF domain. This improves network management and makes OSPF applications more effective. 240 . c. OSPF sites are considered directly connected. For more information about OSPF. This results in more OSPF traffic and network management problems. if the customers require MPLS L3VPN services through conventional OSPF backbone. Properly configured. For OSPF to run between CE and PE. CE 11. CE 21. In addition. Assumes that CE 11. using OSPF between PE and CE can simplify the transition. and CE 22 belong to VPN 1. PEs advertise VPN 1 routes in the following procedure: a. see Layer 3—IP Routing Configuration Guide. and PEs can exchange OSPF routing information as they are using dedicated lines. the MPLS VPN backbone is considered the backbone area (area 0). the routes that one site learns are advertised to the other as external routes. Conventional OSPF considers two sites to be in different ASs even if they belong to the same VPN. Therefore. PE 2 redistributes the BGP VPN routes into OSPF and advertises them to CE 21 and CE 22. CE 21. If a VPN site contains an OSPF area 0.NOTE: This section focuses on the OSPF VPN extension. PE 1 and PE 2 are connected through the MPLS backbone. the PE must support multiple OSPF processes. • Configuration of OSPF areas between PE and CE The OSPF area between a PE and a CE can be either a non-backbone area or a backbone area. The area 0 of each VPN site must be connected to the MPLS VPN backbone because OSPF requires that the backbone area be contiguous. Each OSPF process must correspond to a VPN instance and have its own interface and routing table. OSPF for VPNs on a PE OSPF is a prevalent IGP protocol. It often runs between PE and CE to simplify CE configuration and management because the CEs only need to support OSPF. You can configure a logical connection by using a virtual link. • BGP/OSPF interaction PEs advertise VPN routes to each other through BGP and to CEs through OSPF. In the OSPF VPN extension application. b. The extended OSPF protocol supports multiple instances to address the previous problems.

Figure 70 Application of OSPF in VPN With the standard BGP/OSPF interaction. 241 . differentiating the routes from real AS-External routes. PE 1 and PE 2. CE 11. when creating Type 3 LSAs. Sham link Generally. and the route advertisement between them should use Type 3 LSAs (inter-AS routes). the route connecting the two sites through PEs is an inter-area route. If the PE needs to advertise to a CE the routes from other OSPF domains. To avoid routing loops. As shown in Figure 71. the PE always sets the flag bit DN for BGP VPN routes learned from MPLS/BGP. CE 21. It is not preferred by OSPF because its preference is lower than that of the intra-area route across the backdoor link. the LSAs may be received by another PE. the PE uses an extended BGP/OSPF interaction process called BGP/OSPF interoperability to advertise routes from one site to another. The OSPF that runs on the remote PE can use the information to create Type 3 summary LSAs to be transmitted to the CEs. In this case. both site 1 and site 2 belong to VPN 1 and OSPF area1. The process requires that extended BGP community attributes carry the information for identifying the OSPF attributes. so the system can know that all VPN routes with the same domain ID are from the same VPN. There is an intra-area OSPF link called backdoor link between them. and advertise the routes using Type 5 LSAs. regardless of whether the PE and the CEs are connected through the OSPF backbone. To solve the problem. When performing route calculation. it must indicate that it is the ASBR. the OSPF process of the PE ignores the Type 3 LSAs whose DN bit is set. PE 2 advertises the BGP VPN routes to CE 21 and CE 22 through Type 5 LSAs (ASE LSAs). However. Each OSPF domain must have a configurable domain ID. resulting in a routing loop. They are connected to different PEs. H3C recommends that you configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN. • Routing loop detection If OSPF runs between CEs and PEs and a VPN site is connected to multiple PEs. BGP peers carry routing information on the MPLS VPN backbone through the BGP extended community attributes. when a PE advertises the BGP VPN routes learned from MPLS/BGP to the VPN site through LSAs. and CE 22 belong to the same OSPF domain.

242 . The endpoint address is a loopback interface address with a 32-bit mask in the VPN address space on the PE. In addition. Different sham links of the same OSPF process can share an endpoint address. BGP advertises the endpoint addresses of sham links as VPN-IPv4 addresses. performing BGP AS number substitution based on the above principle. the PE re-advertises all routing information to the connected CEs in the peer group. You can select a route between the sham link and backdoor link by adjusting the metric. A route across the sham link cannot be redistributed into BGP as a VPN-IPv4 route. if EBGP runs between PEs and CEs. The function is a BGP outbound policy and functions on routes to be advertised. redistribute OSPF VPN routes to BGP. you can establish a sham link between the two PEs so that the routes between them over the MPLS VPN backbone become an intra-area route. The BGP AS number substitution function allows physically dispersed CEs to use the same AS number. The sham link acts as an intra-area point-to-point link and is advertised through the Type 1 LSA. With the BGP AS number substitution function. you must assign different AS numbers to geographically different sites to ensure correct transmission of the routing information. BGP AS number substitution Since BGP detects routing loops by AS number. A sham link can be configured in any area. NOTE: When configuring an OSPF sham link. You need to configure it manually. The sham link is considered the link between the two VPN instances with one endpoint address in each VPN instance. it will be replaced with that of the PE.Figure 71 Network diagram for sham link To solve the problem. but that of different OSPF processes cannot. NOTE: After you enable the BGP AS number substitution function. the local VPN instance must have a route to the destination of the sham link. if an AS number identical to that of the CE exist in the AS_PATH of the route. but do not redistribute BGP routes to OSPF to avoid route loops. when a PE advertises a route to a CE of the specified peer.

For better services and higher security. However. ensuring the normal transmission of VPN packets over the public network. both CE 1 and CE 2 use the AS number of 800. 243 . Multi-VPN-instance CE Background BGP/MPLS VPN transmits private network data through MPLS tunnels over the public network. CE 2 can normally receive the routing information from CE 1. routing loops may appear. will increase users’ device expense and maintenance costs. PE 2 finds that an AS number in the AS_PATH is the same as that of CE 2 and hence substitutes its own AS number 100 for the AS number. you can remove the contradiction of low cost and high security in multi-VPN networks.Figure 72 Application of BGP AS number substitution In Figure 72. a private network is usually divided into multiple VPNs to isolate services. which connects CE 2 and CE 3. apparently. MCE allows you to bind each VPN to a VLAN interface. such as PE 2 in Figure 72. In this way. in conjunction with the PE. AS number substitution is enabled on PE 2 for CE 2. you can configure a CE for each VPN. Using the Multi-VPN-Instance CE (MCE) function. as shown in Figure 55. NOTE: For a multi-homed CE. How MCE works The following uses Figure 73 to describe how an MCE maintains the routing entries for multiple VPNs and exchanges VPN routes with PEs. This separates the forwarding paths of packets of different VPNs and. Otherwise. can correctly advertise the routes of each VPN to the peer PE. which cannot ensure the data security. To meet these requirements. Before advertising updates received from CE 1 to CE 2. a CE connected with multiple PEs. which. AS number substitution also applies to a PE connecting multiple CEs through different interfaces. Or. the BGP AS number substitution function must be used in combination with the site-of-origin (SOO) function. that is. the traditional MPLS L3VPN architecture requires that each VPN instance exclusively use a CE to connect with a PE. The MCE creates and maintains a separate routing table for each VPN. you can configure multiple VPNs to use the same CE and the same routing table.

You must also bind PE 1’s interfaces/subinterfaces connected to the MCE to the VPNs in the same way. EBGP. You can configure static routes. The MCE connects to PE 1 through a trunk link. IS-IS. NOTE: To implement dynamic IP assignment for DHCP clients in private networks. nested VPN. In this way. or IBGP between MCE and VPN site and between MCE and PE. When receiving a route. the MCE device can determine the source of the routing information according to the number of the receiving interface. Create a routing table for VPN 1 and VPN 2 respectively on the MCE device. RIP.Figure 73 Network diagram for the MCE function Establish a tunnel between the two sites of each VPN. and adds it to the corresponding routing table. such as inter-AS VPN. and bind VLAN-interface 2 to VPN 1 and VLAN-interface 3 to VPN 2. PE 1 can determine the VPN a received packet belongs to according to the VLAN tag of the packet and sends the packet through the corresponding tunnel. The IP address spaces for different private networks cannot overlap. which permits packets of VLAN 2 and VLAN 3 with VLAN tags carried. OSPF. MPLS L3VPN configuration task list Complete the following tasks to configure MPLS L3VPN: Task Remarks Configuring basic MPLS L3VPN Configuring inter-AS VPN By configuring basic MPLS L3VPN. Configuring HoVPN Configuring an OSPF sham link Configuring routing on an MCE Specifying the VPN label processing mode 244 . you can configure DHCP server or DHCP relay agent on the MCE. you can construct simple VPN networks over an MPLS backbone. and multi-role host. you also need to perform some specific configurations in addition to the basic MPLS L3VPN configuration. Configuring nested VPN Configuring multi-role host To deploy special MPLS L3VPN networks.

It is a collection of the VPN membership and routing rules of its associated site. Complete the following tasks to configure basic MPLS L3VPN: Task Configuring VPN instances Remarks Creating a VPN instance Required Associating a VPN instance with an interface Required Configuring route related attributes for a VPN instance Optional Configuring a tunneling policy for a VPN instance Optional Configuring an LDP instance Optional Configuring routing between PE and CE Required Configuring routing between PEs Required Configuring routing features for BGP VPNv4 subaddress family Optional Configuration prerequisites Before you configure basic MPLS L3VPN.Task Remarks Configuring BGP AS number substitution Configuring basic MPLS L3VPN The key task in MPLS L3VPN configuration is to manage the advertisement of VPN routes on the MPLS backbone. complete the following tasks: • Configure an IGP for the MPLS backbone (on the PEs and Ps) to achieve IP connectivity • Configure basic MPLS for the MPLS backbone • Configure MPLS LDP for the MPLS backbone so that LDP LSPs can be established Configuring VPN instances By configuring VPN instances on a PE. A VPN instance takes effect only after you configure an RD for it. but also routes of a VPN from those of another VPN. This feature allows VPN instances to be used in networking scenarios besides MPLS L3VPNs. including PE-CE route exchange and PE-PE route exchange. To create and configure a VPN instance: 245 . such as its relationship with a certain VPN. Creating a VPN instance A VPN instance is associated with a site. you can isolate not only VPN routes from public network routes. You can configure a description for a VPN instance to record its related information. A VPN instance does not necessarily correspond to one VPN. All VPN instance configurations are performed on PEs or MCEs.

Enter VPN instance view. Create a VPN instance and enter VPN instance view. Associate a VPN instance with the interface.” To associate a VPN instance with an interface: Step Command Remarks 1. you need to associate the VPN instance with the interface for connecting the CE. system-view N/A 2. Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows: • When a VPN route learned from a CE gets redistributed into BGP. For information about LDP-capable interfaces. Enter system view. system-view N/A 2. Be sure to re-configure an IP address for the interface after configuring the command. • The VPN instance determines how to change the VPN targets attributes for routes to be advertised according to the export-extcommunity in the VPN target. Configure an RD for the VPN instance. Any LDP-capable interface can be associated with a VPN instance. ip binding vpn-instance vpn-instance-name No VPN instance is associated with an interface by default.Step Command Remarks 1. system-view N/A 2. Configure VPN targets. To configure route related attributes for a VPN instance: Step Command Remarks 1. vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] N/A 246 . see the chapter “Configuring basic MPLS. Enter interface view. BGP associates it with a VPN target extended community attribute list. route-distinguisher route-distinguisher N/A 4. which is usually the export target attribute of the VPN instance associated with the CE. ipv4-family Optional. interface interface-type interface-number N/A 3. Configure a description for the VPN instance. • The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the VPN target. 4. description text Optional Associating a VPN instance with an interface After creating and configuring a VPN instance. ip vpn-instance vpn-instance-name N/A 3. Enter system view. ip vpn-instance vpn-instance-name N/A 3. Enter IPv4 VPN view. NOTE: The ip binding vpn-instance command clears the IP address of the interface on which it is configured. Enter system view.

6. tunnel select-seq { cr-lsp | lsp } * load-balance-number number By default. 4. Set the maximum number of routes allowed. Enter system view. Enter VPN instance view. Optional. quit N/A 5. • A single vpn-target command can configure up to eight VPN targets. Otherwise. Those configured in IPv4 VPN view take precedence. only one tunnel is selected (no load balancing) in this order: LSP tunnel. import route-policy route-policy By default. Return to system view. Configuring a tunneling policy for a VPN instance To configure a tunneling policy for a VPN instance: Step Command Remarks 1. • You can configure route related attributes for IPv4 VPNs in both VPN instance view and IPv4 VPN view. 7. Apply an import routing policy. routes to be advertised are not filtered. • You can define the maximum number of routes for a VPN instance to support. • Create a routing policy before associating it with a VPN instance. Apply an export routing policy. Create a tunneling policy and enter tunneling policy view. all routes matching the import target attribute are accepted. system-view N/A 2. Specify the tunnel selection preference order and the number of tunnels for load balancing. 247 . Apply the tunnel policy to the VPN instance. the router cannot filter the routes to be received and advertised. tunnel-policy tunnel-policy-name N/A 3. CR-LSP tunnel. export route-policy route-policy By default. ipv4-family Optional. Optional. Command Remarks routing-table limit number { warn-threshold | simply-alert } Optional. CR-LSP tunnel.Step 5. You can configure up to 64 VPN targets for a VPN instance. preventing too many routes from being redistributed into the PE. ip vpn-instance vpn-instance-name N/A 6. Enter IPv4 VPN view. 7. NOTE: • Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 VPNs. tnl-policy tunnel-policy-name By default. only one tunnel is selected (no load balancing) in this order: LSP tunnel.

a tunnel type closer to the select-seq keyword has a higher priority. This task is to configure the LDP capability for an existing VPN instance. all commands available in MPLS LDP view can be configured in MPLS LDP VPN instance view. LDP adjacencies on a private network are established by using addresses of the LDP-enabled interfaces. A tunneling policy configured in IPv4 VPN view takes precedence. • A tunneling policy configured in VPN instance view is applicable to both IPv4 VPNs and IPv6 VPNs.” • Configurations in MPLS LDP VPN instance view affect only the LDP-enabled interface bound to the VPN instance. The default tunneling policy selects only one tunnel (no load balancing) in this order: LSP tunnel. Enter system view. • By default. while configurations in MPLS LDP view do not affect interfaces bound to VPN instances. EBGP. OSPF. while those on the public network are established by using the LDP LSR ID. For more information about MPLS LDP. Otherwise. the default tunneling policy is used. create an LDP instance for the VPN instance. with the tunnel select-seq lsp cr-lsp load-balance-number 1 command configured. see the chapter “Configuring basic MPLS.” Optional 3. CR-LSP tunnel. Configuring an LDP instance LDP instances are for carrier’s carrier networking applications. mpls ldp vpn-instance vpn-instance-name Disabled by default Configure LDP parameters except LDP GR for the instance. the VPN uses the LSP tunnel instead. or IBGP between PE and CE. • You can configure a tunneling policy for IPv4 VPNs in both VPN instance view and IPv4 VPN view. Enable LDP for a VPN instance. When configuring the transport address of an LDP instance. create an LDP instance. and configure LDP parameters for the LDP instance. For example. see the chapter “Configuring basic MPLS. VPN uses a CR-LSP tunnel when no LSP exists. For configuration information. • When you configure the tunnel selection preference order by using the tunnel select-seq command. Configuring routing between PE and CE You can configure static routing. you need to use the IP address of the interface bound to the VPN instance. and enter MPLS LDP VPN instance view. • Create a tunneling policy before associating it with a VPN instance. 248 .NOTE: • If you specify more than one tunnel type and the number of tunnels of a type is less than the specified number of tunnels for load balancing. After an LSP is created. To configure an LDP instance: Step Command Remarks 1. system-view N/A 2. tunnels of different types may be used. NOTE: • Except the command for LDP GR. IS-IS. RIP.

network network-address By default. mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] • ip route-static vpn-instance s-vpn-instance-name&<1-5> dest-address { mask | mask-length } { gateway-address [ public ] | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Use either command. configure normal static routes. On CEs. On CEs. Configuring RIP between PE and CE A RIP process belongs to the public network or a single VPN instance. see Layer 3—IP Routing Configuration Guide. If you create a RIP process without binding it to a VPN instance. Perform this configuration on PEs. see Layer 3—IP Routing Configuration Guide. Configure a static route for a VPN instance. complete the following tasks: • Assigning an IP address to the CE-PE interface of the CE. 3. RIP is disabled on an interface. create a normal RIP process.Configuration prerequisites Before you configure routing between PE and CE. • Assigning an IP address to the PE-CE interface of the PE. Create a RIP process for a VPN instance and enter RIP view. Enable RIP on the interface attached to the specified network. To configure RIP between PE and CE: Step Command Remarks 1. Configuring static routing between PE and CE To configure static routing between PE and CE: Step 1. rip [ process-id ] vpn-instance vpn-instance-name Perform this configuration on PEs. Enter system view. Command Remarks system-view N/A • ip route-static dest-address { mask | 2. the process belongs to the public network. 249 . NOTE: For more information about RIP. system-view N/A 2. Enter system view. NOTE: For information about static routing.

NOTE: Deleting a VPN instance also deletes all the associated OSPF processes. Enable OSPF on the interface attached to the specified network in the area. An OSPF process belongs to the public network or a single VPN instance. An OSPF process can be configured with only one domain ID. and 0x0306 for Route Type. The domain ID of an OSPF process is included in the routes generated by the process. Enter system view. Configure the OSPF domain ID. 0 by default. 6. If you create an OSPF process without binding it to a VPN instance. On CEs. the OSPF domain ID is included in the BGP VPN route and delivered as a BGP extended community attribute. 3. Domain IDs of different OSPF processes are independent of each other. The defaults are as follows: ext-community-type { domain-id type-code1 | router-id type-code2 | route-type type-code3 } 0x0005 for Domain ID. 250 . Perform this configuration on PEs. an interface neither belongs to any area nor runs OSPF. To configure OSPF between PE and CE: Step Command Remarks 1. the process belongs to the public network. All OSPF processes of a VPN must be configured with the same domain ID for routes to be correctly advertised. Therefore. system-view N/A 2.Configuring OSPF between PE and CE An OSPF process that is bound to a VPN instance does not use the public network router ID configured in system view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * Perform the configurations on PEs. When an OSPF route is redistributed into BGP. Configure the type codes of OSPF extended community attributes. 0x0107 for Router ID. Create an OSPF process for a VPN instance and enter the OSPF view. domain-id domain-id [ secondary ] Optional. 5. while OSPF processes on PEs in different VPNs can be configured with domain IDs as desired. no OSPF area is created. Optional. network ip-address wildcard-mask By default. you need to specify the router ID when starting a process or to configure the IP address for at least one interface of the VPN instance. Create an OSPF area and enter area view. 4. create a normal OSPF process. area area-id By default.

Enable BGP and enter BGP view. Return to system view. Enter system view. system-view N/A 2. see Layer 3—IP Routing Configuration Guide. Configure the CE as the VPN EBGP peer. Enter system view. system-view N/A 2. quit N/A 5. the process belongs to the public network. isis enable [ process-id ] Disabled by default NOTE: For more information about IS-IS. Redistribute the routes of the local CEs. bgp as-number N/A 3. network-entity net Not configured by default 4. Configurations on a PE To configure EBGP between PE and CE: Step Command Remarks 1.NOTE: • After configuring an OSPF process for a VPN instance. • For more information about OSPF. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * A PE needs to redistribute the routes of the local CEs into its VPN routing table so that it can advertise them to the peer PE. Enter interface view. The configuration procedure is the same as that for a normal OSPF process. interface interface-type interface-number N/A 6. see Layer 3—IP Routing Configuration Guide. Configuring IS-IS between PE and CE An IS-IS process belongs to the public network or a single VPN instance. If you create an IS-IS process without binding it to a VPN instance. isis [ process-id ] vpn-instance vpn-instance-name N/A 3. Enter BGP VPN instance view. • After you configure the domain-id domain-id [ secondary ] command. the configuration will not take effect until you execute the reset ospf command. Create an IS-IS process for a VPN instance and enter IS-IS view. ipv4-family vpn-instance vpn-instance-name N/A 4. Configure a network entity title for the IS-IS process. To configure IS-IS between PE and CE: Step Command Remarks 1. you must enable OSPF. Enable the IS-IS process on the interface. peer { group-name | ip-address } as-number as-number N/A 5. 251 . Configuring PE-CE route exchange through EBGP 1.

For more information. Therefore. Optional. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Optional. This chapter does not differentiate between peer and peer group.Step Command Remarks Optional. see Layer 3—IP Routing Configuration Guide. BGP detects routing loops by AS number. BGP does not filter routes to be advertised. the route updates that the PE receives from the CE also include the number of the AS where the PE resides. filter-policy { acl-number | ip-prefix ip-prefix-name } import 8. peer { group-name | ip-address } as-number as-number N/A 4. By default. however. routing loops must be allowed. system-view N/A 2. bgp as-number N/A 3. the routing information the PE advertises to a CE carries the number of the AS where the PE resides. • The BGP configuration task in BGP-VPN instance view is the same as that in BGP view. Configurations on a CE To configure EBGP between PE and CE: Step Command Remarks 1. with EBGP running between PE and CE. Configure the PE as the EBGP peer. Enter system view. Configure the route redistribution and advertisement behavior. 6. BGP does not filter received routes. Enter BGP view. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] 7. Configure BGP to filter routes to be advertised. peer { group-name | ip-address } allow-as-loop [ number ] By default. • For information about BGP peer and peer group configuration. In this case. In the hub and spoke networking scheme. NOTE: • Exchange of BGP routes for a VPN instance is the same as that of ordinary BGP routes. For the hub and spoke networking scheme NOTE: Normally. see Layer 3—IP Routing Configuration Guide. Configure BGP to filter received routes. Configuring IBGP between PE and CE 252 . 2. A CE needs to advertise its routes to the connected PE so that the PE can advertise them to the peer CE. Allow the local AS number to appear in the AS_PATH attribute of a received route and set the maximum number of repetitions. Optional. This causes the PE unable to receive the route updates.

inter-AS VPN. Configure the system to be the RR and specify the CE as the client of the RR. carrier’s carrier. Optional. Configurations a CE To configure IBGP between PE and CE: 253 . peer { group-name | ip-address } as-number as-number N/A 5. For RRs in other views. NOTE: • By default. Enter BGP view. Configure BGP to filter routes to be advertised. Configure the CE as the VPN IBGP peer. nested VPN. Enter BGP VPN instance view. By default. Optional. Optional. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] 9. To change the next hop of a route. Configure the cluster ID for the RR. BGP does not filter received routes. The two commands take effect for only the RR in the view where they are executed. Optional. reflector cluster-id { cluster-id | ip-address } 8.NOTE: IBGP can be used between PE and CE devices in only common MPLS L3VPN networking. Optional. Configure BGP to filter received routes. 2. Configurations a PE To configure IBGP between PE and CE: Step Command Remarks 1. peer { group-name | ip-address } reflect-client Enable route reflection between clients. Router ID of an RR in the cluster by default. bgp as-number N/A 3. configure an inbound policy on the receiving side of the route. • You can execute the reflect between-clients command and the reflector cluster-id command in multiple views. system-view N/A 2. Enter system view. BGP does not filter routes to be advertised. no RR or RR client is configured. By default. such as BGP-VPN instance view and BGP-VPNv4 subaddress family view. you cannot use IBGP between PE and CE devices. • Configuring an RR does not change the next hop of a route. reflect between-clients 7. ipv4-family vpn-instance vpn-instance-name N/A 4. By default. does the PE advertise routes learned from it to other IBGP peers. filter-policy { acl-number | ip-prefix ip-prefix-name } import 6. including VPNv4 IBGP peers. Only when you configure an IBGP peer CE as a client of the RR. Enabled by default. they do not take effect. and HoVPN networking. In Extranet. 1. a PE does not advertise routes learned from IBGP peer CEs to IBGP peers.

Enable the exchange of BGP-VPNv4 routing information with the specified peer. ipv4-family vpnv4 N/A 6. BGP peers exchange IPv4 routing information only. Configuring routing between PEs To configure routing between PEs: Step Command Remarks 1. Configure the PE as the IBGP peer. Every command in the following table has the same function on BGP 254 . see Layer 3—IP Routing Configuration Guide. Configuring common routing features for all types of subaddress families For VPN applications.Step Command Remarks 1. bgp as-number N/A 3. Enter system view. • For information about BGP peer and BGP peer group configuration. This chapter does not differentiate between peer and peer group. Configure the route redistribution and advertisement behavior. 5. Enter system view. system-view N/A 2. Enter BGP view. peer { group-name | ip-address } connect-interface interface-type interface-number By default. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Optional. Configuring routing features for BGP VPNv4 subaddress family With BGP VPNv4 subaddress family. BGP uses the source interface of the optimal route update packet. NOTE: • Exchange of BGP routes of a VPN instance is the same as that of ordinary BGP routes. Enter BGP-VPNv4 subaddress family view. there are a variety of routing features that are the same as those for BGP IPv4 unicast routing. • The BGP configuration task in BGP VPN instance view is the same as that in BGP view. Specify the source interface for route updates. peer { group-name | ip-address } enable By default. For more information. system-view N/A 2. BGP address families include BGP VPN-IPv4 address family. BGP-L2VPN address family. peer { group-name | ip-address } as-number as-number N/A 4. bgp as-number N/A 3. A CE needs to advertise its routes to the connected PE so that the PE can advertise them to the peer CE. see Layer 3—IP Routing Configuration Guide. Configure the remote PE as the peer. peer { group-name | ip-address } as-number as-number N/A 4. You can select any of the features as required. and VPLS address family. Enter BGP view.

Enter BGP view. In the inter-AS option C solution. peer { group-name | ip-address } reflect-client 11. peer ip-address group group-name Optional. peer { group-name | ip-address } next-hop-local 10. no RR or RR client is configured. Enabled by default. only IPv4 routing information is exchanged between BGP peers. you need to configure the peer { group-name | ip-address } next-hop-invariable command on the RR for multi-hop EBGP neighbors and reflector clients to make sure that the next hop of a VPN route will not be changed. Optional. Add a peer into an existing peer group. peer { group-name | ip-address } capability-advertise orf ip-prefix { both | receive | send } 12. the ORF capability is disabled on a BGP peer or peer group. 9. peer ip-address as-number as-number N/A 4. Optional. Optional. peer { group-name | ip-address } enable By default. 6. Allow the local AS number to appear in the AS_PATH attribute of a received route and set the maximum number of repetitions.routes for each type of the address families and only takes effect for the BGP routes in the address family view where the command is executed. Configure the system to be the RR and set a peer or peer group as the client of the RR. 8. Specify the interface for TCP connection. Configure the system to use the local address as the next hop of a route to be advertised to a specific peer or peer group. Optional. 7. . peer { group-name | ip-address } allow-as-loop [ number ] Optional. By default. Enable a peer or peer group for an address family and enable the exchange of BGP routing information of the address family. Enable VPN target filtering for received VPNv4 routes. policy vpn-target 255 By default. Enter address family view. Configure the remote PE as the peer. Enter system view. To configure common routing features for all types of subaddress families: Step Command Remarks 1. By default. system-view N/A 2. bgp as-number N/A 3. the system uses the local address as the next hop of a route to be advertised to an EBGP peer. peer ip-address connect-interface interface-type interface-number N/A 5. • ipv4-family vpnv4 • l2vpn-family • vpls-family Use one of the commands as needed. Enable the Outbound Route Filtering (ORF) capability for a BGP peer/peer group.

no community attributes are advertised to any peer or peer group. 11. BGP does not filter routes to be advertised. no AS filtering list is applied to a peer or peer group. Set the default value for the system MED. Optional. Create an RR reflection policy. peer { group-name | ip-address } as-path-acl as-path-filter-number { import | export } Optional. Configuring specific routing features for BGP-VPNv4 subaddress family To configure specific routing features for BGP-VPNv4 subaddress family: Step Command Remarks 1. BGP does not filter received routes. 8. 100 by default. Enter system view. Filter received routes. Advertise community attributes to a peer or peer group. Enter BGP view.Step Command 13. Enable route reflection between clients. reflector cluster-id { cluster-id | ip-address } 15. Specify the cluster ID of the RR. Set the default value of the local preference. Specify the interface for TCP connection. peer { group-name | ip-address } advertise-community By default. ipv4-family vpnv4 N/A 6. Enter BGP-VPNv4 subaddress family view. Optional. By default. Filter routes received from or to be advertised to a peer or peer group based on an AS_PATH list. 7. By default. system-view N/A 2. Optional. NOTE: For information about BGP-L2VPN address family and VPLS address family. rr-filter extended-community-list-number Remarks Optional. see MPLS Command Reference. default med med-value By default. Optional. . peer ip-address connect-interface interface-type interface-number N/A 5. reflect between-clients 14. 256 By default. filter-policy { acl-number | ip-prefix ip-prefix-name } import 10. default local-preference value Optional. Enabled by default. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Optional. the default value of the system MED is 0. Optional. 9. bgp as-number N/A 3. peer ip-address as-number as-number N/A 4. Router ID of an RR in the cluster by default. Configure the remote PE as the peer. Filter all or certain types of routes to be advertised.

15. Specify not to change the next hop of a route when advertising it to an EBGP peer.Step Command Remarks 12. no default route is advertised to a peer or peer group. By default. 16. Optional. Specify the preference value for the routes received from the peer/peer group. peer { group-name | ip-address } ip-prefix prefix-name { export | import } By default. 13. peer { group-name | ip-address } preferred-value value Optional. complete the following tasks: • Configure an IGP for the MPLS backbones in each AS to implement IP connectivity of the backbones in the AS • Configure basic MPLS capabilities for the MPLS backbones of each AS • Configure MPLS LDP for the MPLS backbones so that LDP LSPs can be established • Configure basic MPLS L3VPN for each AS 257 . no filtering policy is applied to a peer or peer group. peer { group-name | ip-address } default-route-advertise vpn-instance vpn-instance-name Optional. a device uses its address as the next hop when advertising a route to its EBGP peer. peer { group-name | ip-address } public-as-only 18. 14. By default. peer { group-name | ip-address } next-hop-invariable By default. Apply a route filtering policy based on IP prefix list to a peer or peer group. Three inter-AS VPN solutions are available. you need to configure inter-AS VPN. Optional. no route filtering policy based on IP prefix list is applied to a peer or peer group. Make BGP updates to be sent carry no private AS numbers. peer { group-name | ip-address } route-policy route-policy-name { export | import } 0 by default. NOTE: For information about BGP routing. see Layer 3—IP Routing Configuration Guide. Advertise a default route destined for a VPN instance to a peer or peer group. Apply a filtering policy to a peer or peer group. Apply a routing policy to a peer or peer group. peer { group-name | ip-address } filter-policy acl-number { export | import } Optional. a BGP update carries private AS numbers. Optional. Configuration prerequisites Before you configure inter-AS VPN. Optional. Configuring inter-AS VPN If the MPLS backbone on which the VPN routes rely spans multiple ASs. By default. By default. no routing policy is applied to a peer or peer group. You can choose them as required. 17.

The routes surviving the filtering will be added to the routing table. configure VPN instances on PEs and ASBR PEs respectively. bgp as-number N/A 6. you only need to: • Configure basic MPLS L3VPN on each AS. Configure the IP address of the interface. Enter BGP-VPNv4 subaddress family view. Enter interface view for the interface connecting to the remote ASBR-PE. taking the peer ASBR-PE as its CE. PE performs VPN target filtering of the received VPNv4 routes. In other words. • Configure each ASBR-PE.” NOTE: In the inter-AS option A solution. This depends on the inter-AS VPN solution selected. ipv4-family vpnv4 N/A 7. . the VPN targets configured on the PEs must match those configured on the ASBR-PEs in the same AS to make sure that VPN routes sent by the PEs (or ASBR-PEs) can be received by the ASBR-PEs (or PEs). Return to system view. Configuring inter-AS option B To configure inter-AS option B on ASBR PEs: Step Command Remarks 1. Enter system view. Enter BGP view. quit N/A 5. It is simple to implement. VPN targets configured on the PEs in different ASs do not have such requirements. see “Configuring basic MPLS L3VPN. Configuring inter-AS option A Inter-AS option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. The VPN instances on PEs are used to allow CEs to access the network. for the same VPN. specific configurations may be required on PEs or ASBR PEs. For more information. undo policy vpn-target 258 By default.NOTE: When configuring basic MPLS L3VPN for each AS. interface interface-type interface-number N/A 3. system-view N/A 2. and the others are discarded. ip address ip-address { mask | mask-length } N/A 4. and those on ASBR PEs are used to access the peer ASBR PEs. Disable VPN target filtering for VPNv4 routes. To configure inter-AS option A.

Enable the PE to exchange BGP VPNv4 routing information with the EBGP peer. normal EBGP routes to be advertised to IBGP do not have their next hops changed by default. peer { group-name | ip-address } as-number as-number N/A 4. Enable the PE to exchange labeled IPv4 routes with the ASBR PE in the same AS. the device does not advertise labeled routes to the IPv4 peer/peer group. peer { group-name | ip-address } label-route-capability By default. Enter BGP view. system-view N/A 2. The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes. NOTE: For inter-AS option B. Configuring inter-AS option C Configuring the PEs You need to establish ordinary IBGP peer relationship between PEs and ASBR PEs in an AS and MP-EBGP peer relationship between PEs of different ASs. Enter BGP-VPNv4 subaddress family view. In the inter-AS option B solution. two configuration methods are available: • Do not change the next hop on an ASBR. peer { group-name | ip-address } enable N/A 259 . bgp as-number N/A 3. • Change the next hop on an ASBR. Therefore. To change the next hop to a local address. the ASBR PEs must receive all VPNv4 routing information without performing VPN target filtering. 5. you still need to configure MPLS LDP between ASBRs. see Layer 3—IP Routing Configuration Guide. Enter system view. Configure the PE of another AS as the EBGP peer.In the inter-AS option B solution. However. For information about the command. ipv4-family vpnv4 N/A 7. Configure the ASBR PE in the same AS as the IBGP peer. MP-EBGP routes will get their next hops changed by default before being redistributed to MP-IBGP. With this method. In this case. the ASBR PEs need to maintain all VPNv4 routing information and advertise the information to peer ASBR PEs. The router supports only the second method. MPLS LDP is not required between ASBRs. use the peer { ip-address | group-name } next-hop-local command. With this method. peer { group-name | ip-address } as-number as-number N/A 6. for the same VPN. To configure a PE for inter-AS option C: Step Command Remarks 1. the VPN targets for the VPN instances on the PEs in different ASs must match.

system-view N/A 2. a BGP speaker does not use its address as the next hop when advertising a route to its IBGP peer/peer group. it: • Assigns MPLS labels to the routes received from the PEs in the same AS before advertising them to the peer ASBR PE. bgp as-number N/A 3.Step Command Configure the PE not to change the next hop of a route when advertising it to the EBGP peer. no routing policy is applied to a peer or peer group. Configuring the ASBR PEs In the inter-AS option C solution. Enter BGP view. 5. Configuring the routing policy After you configure and apply a routing policy on an ASBR PE. and common EBGP peer relationship with the peer ASBR PE. • Assigns new MPLS labels to the labeled IPv4 routes to be advertised to the PEs in the same AS. 260 . peer { group-name | ip-address } label-route-capability By default. Enable the ASBR PE to exchange labeled IPv4 routes with the peer ASBR PE. peer { group-name | ip-address } as-number as-number N/A 4. The public routes carrying MPLS labels are advertised through MP-BGP. This capability is implemented through BGP extended attributes and requires that the BGP peers can handle labeled IPv4 routes. the label mapping information for a particular route is piggybacked in the same BGP update message that is used to distribute the route itself. Configure each PE in the same AS as the IBGP peer. 8. an inter-AS LSP is required. peer { group-name | ip-address } label-route-capability By default. Configure the remote ASBR PE as the EBGP peer. All of them exchange labeled IPv4 routes. peer { group-name | ip-address } next-hop-local By default. where the next hop of a route advertised between RRs cannot be changed. 8. An ASBR-PE establishes common IBGP peer relationship with PEs in the same AS. the device does not advertise labeled routes to the IPv4 peer/peer group. According to RFC 3107 “Carrying Label Information in BGP-4”. peer { group-name | ip-address } as-number as-number N/A 7. To configure an ASBR PE for inter-AS option C: Step Command Remarks 1. and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information. Remarks Optional. Enable the ASBR PE to exchange labeled IPv4 routes with the PEs in the same AS. peer { group-name | ip-address } next-hop-invariable Required only when RRs are used to advertise VPNv4 routes. peer { group-name | ip-address } route-policy route-policy-name export By default. 6. the device does not advertise labeled routes to the IPv4 peer. Enter system view. Apply a routing policy to the routes advertised by peer ASBR PE. Configure the ASBR PE to change the next hop to itself when advertising routes to PEs in the same AS.

Configuring nested VPN For a network with many VPNs. if you want to implement layered management of VPNs and to conceal the deployment of internal VPNs. Enter routing policy view. an IPv4 route does not carry any label. Configure the device to match IPv4 routes with labels. peer { group-name | peer-address } as-number number N/A 5. Enter BGP view. Configure a CE peer or peer group. Configuration prerequisites Configure the basic MPLS L3VPN capability (see “Configuring basic MPLS L3VPN”). All the other routes are still common IPv4 routes. nesting-vpn Disabled by default. bgp as-number N/A 3. Configure the device to assign labels to IPv4 routes. you can implement layered management of internal VPNs easily with a low cost and simple management operation. Only routes that satisfy the criteria are assigned with labels. Enable nested VPN. Enter system view. ipv4-family vpn-instance vpn-instance-name N/A 4. route-policy policy-name permit node seq-number N/A 3.Which IPv4 routes are to be assigned with MPLS labels depends on the routing policy. 261 . see Layer 3—IP Routing Configuration Guide. system-view N/A 2. Enter BGP-VPNv4 subaddress family view. By using nested VPN. To configure a routing policy for inter-AS option C on an ASBR PE: Step Command Remarks 1. Enter system view. system-view N/A 2. ipv4-family vpnv4 N/A 7. quit N/A 6. apply mpls-label By default. if-match mpls-label N/A 4. Return to BGP view. NOTE: For information about routing policy configuration. Configuring nested VPN To configure nested VPN: Step Command Remarks 1. nested VPN is a good solution. Enter BGP VPN instance view.

NOTE: For more information about policy routing. • Before specifying a nested VPN peer or peer group. All configurations for the multi-role host feature are on the PE connecting that CE. peer { group-name | peer-address } vpn-instance vpn-instance-name enable 9. Add a peer to the nested VPN peer group. and enable the BGP-VPNv4 route exchange capability. By default. By default. no routing policy is applied to routes received from a nested VPN peer or peer group. VPN A has a sub-VPN VPN A-1. NOTE: • The address ranges for sub-VPNs of a VPN cannot overlap. For example. only IPv4 routes and no BGP-VPNv4 routes can be exchanged between nested VPN peers/peer groups. • Nested VPN does not allow a sub-VPN of a customer VPN and another backbone VPN to import routes from each other for mutual communication. A service provider PE and its peer must use the addresses of the directly connected interfaces to establish neighbor relationship.Step Command Remarks By default. a peer is not in any nested VPN peer group. peer peer-address vpn-instance vpn-instance-name group group-name Optional. If VPN A-1 and VPN B need to communicate. you must configure route exchange between the customer VPN and that backbone VPN. • Nested VPN does not support multi-hop EBGP networking. an ISP has backbone VPNs VPN A and VPN B. If they need to communicate. complete the following tasks: • Create VPN instances for the VPNs • Configure basic MPLS L3VPN Configuring and applying policy routing To configure and apply policy routing: 262 . • Do not give nested VPN peers addresses that public network peers use. see Layer 3—IP Routing Configuration Guide. 10. Apply a routing policy to routes received from a nested VPN peer or peer group. Configuring multi-role host To allow a CE to access multiple VPNs. you must configure route exchange between VPN A and VPN B instead of that between VPN A-1 and VPN B. Configuration prerequisites Before you configure the multi-role host feature. you need to configure the multi-role host feature on the PE. be sure to configure the corresponding CE peer or peer group in BGP VPN instance view. Activate a nested VPN peer or peer group. peer { group-name | peer-address } vpn-instance vpn-instance-name route-policy route-policy-name import Optional. 8.

bgp as-number N/A 3. apply access-vpn vpn-instance vpn-instance-name&<1-6> 4. Configuring HoVPN To configure HoVPN: Step Command Remarks 1. Apply policy routing to the interface. system-view 2. ipv4-family vpnv4 N/A 4. system-view N/A 2. quit 5. packets from the multi-role host for accessing a certain VPN can return based on the routing table that does not belong to the VPN. Enter BGP view. specifying the egress of another private network or public network as the egress of the static route. Enter BGP-VPNv4 subaddress family view. Enter the view of the interface connecting a CE. peer { group-name | ip-address } upe N/A 5. Specify the VPN instances for forwarding packets. peer { group-name | ip-address } enable N/A Specify a BGP peer or peer group as the UPE. Return to system view. ip policy-based-route policy-name Configuring a static route For configuration steps. see “Configuring routing between PE and CE. Enable the exchange of BGP-VPNv4 routing information with a peer. policy-based-route policy-name { deny | permit } node node-number 3. you can adopt HoVPN to reduce the performance requirements for PEs. interface interface-type interface-number 6. Create a policy and enter policy routing view. Enter system view. Thus. Configuration prerequisites Complete the basic MPLS L3VPN configuration.” You can configure a private network static route on a PE.Step Command 1. 263 . Configuring HoVPN For hierarchical VPNs. Enter system view.

interface loopback interface-number N/A Bind the loopback interface to a VPN instance. Enter system view. ip binding vpn-instance vpn-instance-name By default. • Do not connect an SPE to a CE directly.Step Command Remarks • To advertise a default VPN route: Advertise a default VPN route or routes permitted by a routing policy to the UPE. 6. the VPN instance on the SPE and that on the UPE must be configured with different RDs. Configuration prerequisites Before you configure an OSPF sham link. regardless of whether the default route is present in the local routing table or not. It is used to make sure that the VPN traffic is transmitted over the backbone instead of the backdoor link between two CEs. the SPE always advertises a default route using the local address as the next hop address to the UPE. By default. BGP does not advertise default routes to a VPNv4 peer. Create a loopback interface and enter loopback interface view. complete the following tasks: • Configure basic MPLS L3VPN (OSPF is used between PEs and CEs) • Configure OSPF in the LAN where CEs reside Configuring a loopback interface To configure a loopback interface: Step Command Remarks 1. system-view N/A 2. • Do not configure both the peer default-route-advertise vpn-instance command and the peer upe route-policy command at the same time. 3. 264 . The source and destination addresses of the sham link must be loopback interface addresses with 32-bit masks. Besides. If an SPE must be directly connected to a CE. peer { group-name | ip-address } default-route-advertise vpn-instance vpn-instance-name • To advertise routes permitted by a routing policy: peer { group-name | ip-address } upe route-policy route-policy-name export Configure either command as needed. an interface is associated with no VPN instance. With the peer default-route-advertise vpn-instance command configured. the loopback interfaces must be bound to the VPN instances and be advertised through BGP. Configuring an OSPF sham link The sham link is considered an OSPF intra-area route. NOTE: • The default routes of a VPN instance can be advertised to only a BGP peer or peer group that is UPE.

import-route direct [ med med-value | route-policy route-policy-name ] * 5. import-route ospf [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ] Creating a sham link To create a sham link: Step Command Remarks 1. Enter BGP VPN instance view. bgp as-number 3.Step 4. sham-link source-ip-address destination-ip-address [ cost cost | dead dead-interval | hello hello-interval | retransmit retrans-interval | trans-delay delay | simple [ cipher | plain ] password | { md5 | hmac-md5 } key-id [ cipher | plain ] password ]* By default. Enter system view. Command Remarks ip address ip-address { mask | mask-length } N/A Redistributing the loopback interface route and OSPF routes into BGP To redistribute the loopback interface route and OSPF routes into BGP: Step Command 1. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. system-view 2. 5. Enter OSPF area view. Configure the address of the loopback interface. route-tag tag-value N/A 4. Configure the route tag. Redistribute OSPF VPN routes. Redistribute direct routes into BGP (to redistribute the loopback interface route into BGP). 265 . Enter BGP view. area area-id N/A Configure a sham link. Enter system view. Enter OSPF view. system-view N/A 2. ipv4-family vpn-instance vpn-instance-name 4. no sham link is configured.

complete the following tasks: • Configure VPN instances. • If you configure multiple OSPF VPN instances but do not configure the route tag. MCE routing configuration includes: • MCE-VPN site routing configuration • MCE-PE routing configuration On the PE in an MCE network environment. and bind the VPN instances with the interfaces connected to the VPN sites and those connected to the PE.NOTE: • If you start OSPF but do not configure the router ID. If you do not configure BGP. the same calculation rule produces the same tag. Therefore. disable routing loop detection to avoid route loss during route calculation and disable route redistribution between routing protocols to save system resources. Therefore. the same election rules produce the same router ID. the system will automatically elect one. the tag will be 0. see Layer 3—IP Routing Configuration Guide. Enter system view. • Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity. However. the system will automatically create one based on the AS number configured. Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. For the election rules. Configuring routing on an MCE MCE implements service isolation through route isolation. However. Configuration prerequisites Before you configure routing on an MCE. H3C recommends that you configure the router ID when starting an OSPF process. Command Remarks system-view N/A 266 . so that the static routes of different VPN instances can be isolated from each other. H3C recommends configuring different tags for different OSPF VPN instance. To configure static routing between MCE and VPN site: Step 1. An MCE supports binding a static route with a VPN instance. and hence the same tag will be created for multiple OSPF VPN instances on the same PE or PEs with the same AS number. Configuring routing between MCE and VPN site Configuring static routing betweem MCE and VPN site An MCE can reach a VPN site through a static route.

0 by default. rip [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. Enter system view. the process belongs to the public network. • ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { gateway-address [ public ] | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Use either command. ip route-static default-preference default-preference-value 60 by default. Redistribute remote site routes advertised by the PE. network network-address By default. 3. system-view N/A 2. RIP is disabled on an interface. create a normal RIP process. no route of any other protocol is redistributed into RIP. Optional. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name | tag tag ] * By default. If you create an OSPF process without binding it to a VPN instance. On a VPN site. Configuring RIP between MCE and VPN site A RIP process belongs to the public network or a single VPN instance. default cost value Optional. Configure a static route for a VPN instance. NOTE: For more information about RIP. By configuring RIP-to-VPN bindings on a CE. Configure the default precedence for static routes. 3. see Layer 3—IP Routing Configuration Guide. To configure route exchange through RIP: Step Command Remarks 1. Configure the default cost value for the redistributed routes. 4. On a VPN site. Configuring OSPF between MCE and VPN site An OSPF process belongs to the public network or a single VPN instance.Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] 2. the process belongs to the public network. If you create a RIP process without binding it to a VPN instance. configure a normal static route. ensuring the separation and security of VPN routes. 267 . you allow routes of different VPNs to be exchanged between the CE and the sites through different RIP processes. Perform this configuration on the MCE. Enable RIP on the interface attached to the specified network. Create a RIP process for a VPN instance and enter RIP view. 5.

Therefore. ensuring the separation and security of VPN routes. no OSPF area is created. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * Perform this configuration on the MCE. domain-id domain-id [ secondary ] 5. area area-id By default. import-route protocol [ process-id | allow-ibgp ] [ cost cost | type type | tag tag | route-policy route-policy-name ] * By default. For more OSPF configuration information. ensuring the separation and security of VPN routes. To configure route exchange through IS-IS: 268 . NOTE: • An OSPF process that is bound with a VPN instance does not use the public network router ID configured in system view. If you create an IS-IS process without binding it to a VPN instance. By configuring IS-IS process-to-VPN instance bindings on a MCE. 4. network ip-address wildcard-mask By default. The configuration procedure is the same as that for a normal OSPF process. Configure the OSPF domain ID. you need to configure a router ID when starting the OSPF process. • After you configure an OSPF process for a VPN instance. 6. vpn-instance-capability simple Disabled by default. 0 by default. Enter system view. Create an OSPF process for a VPN instance and enter OSPF view.By configuring OSPF process-to-VPN instance bindings on a MCE. Redistribute remote site routes advertised by the PE. you allow routes of different VPNs to be exchanged between the MCE and the sites through different OSPF processes. All OSPF processes for the same VPN must be configured with the same OSPF domain ID to ensure correct route advertisement. Optional. On a VPN site. you need to enable OSPF. Enable OSPF on the interface attached to the specified network in the area. On a VPN site. To configure route exchange through OSPF: Step Command Remarks 1. the process belongs to the public network. 3. system-view N/A 2. 7. you allow routes of different VPNs to be exchanged between the MCE and the sites through different IS-IS processes. an interface neither belongs to any area nor runs OSPF. but one VPN instance can use multiple OSPF processes to advertise the VPN routes. no route of any other protocol is redistributed into OSPF. perform the common OSPF configuration. Create an OSPF area and enter OSPF area view. see Layer 3—IP Routing Configuration Guide. Enable the multi-VPN-instance function of OSPF. create a normal OSPF process. Perform this configuration on the MCE. • An OSPF process can belong to only one VPN instance. Configuring IS-IS between MCE and VPN site An IS-IS process belongs to the public network or a single VPN instance.

ipv4-family vpn-instance vpn-instance-name N/A 4. import-route { isis [ process-id ] | ospf [ process-id ] | rip [ process-id ] | bgp [ allow-ibgp ] | direct | static } [ cost cost | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 5. and redistribute the IGP routes of each VPN instance on the VPN sites. Allow the local AS number to appear in the AS_PATH attribute of a received route. quit N/A 6. Enter interface view. peer { group-name | ip-address } allow-as-loop [ number ] Optional. see Layer 3—IP Routing Configuration Guide.Step Command Remarks 1. 3. Enter BGP-VPN instance view. Configurations on the MCE To configure the MCE: Step Command Remarks 1. Configuring EBGP between MCE and VPN site To use EBGP for exchanging routing information between an MCE and VPN sites. isis enable [ process-id ] Disabled by default. peer { group-name | ip-address } as-number as-number N/A 5. If you do not specify the route level in the command. You also can configure filtering policies to filter the received and sent routes. On a VPN site. interface interface-type interface-number N/A 7. bgp as-number N/A 3. and configure the maximum number of times that such case is allowed to appear. Create an IS-IS process for a VPN instance and enter IS-IS view. system-view N/A 2. Configure an EBGP peer. 4. Enter system view. system-view N/A 2. the command will redistribute routes to the level-2 routing table by default. Enter system view. Configure a network entity title. 1. By default. NOTE: For more information about IS-IS. Redistribute remote site routes advertised by the PE. Enable the IS-IS process on the interface. configure a normal IS-IS process. Return to system view. Optional. isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. IS-IS does not redistribute routes of any other protocol. network-entity net Not configured by default. you must configure a BGP peer for each VPN instance on the MCE. 269 . Enter BGP view.

import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * 7. filter-policy { acl-number | ip-prefix ip-prefix-name } import 8. • After you configure a BGP VPN instance. In this case. When the OSPF route is redistributed into BGP. BGP does not filter the routes to be advertised. Configure a filtering policy to filter the routes to be advertised. the route update message will carry the AS number of the MCE. the domain ID of an OSPF process is carried in a route generated by the process. If EBGP is used between the MCE and a site. making the MCE unable to receive this route update message.Step Command Remarks By default. 270 . BGP checks routing loops by examining AS numbers. 2. you must configure a BGP peer for each VPN instance respectively. making the route unable to be distinguished from routes redistributed from other domains. Optional. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure a filtering policy to filter received routes. Configure the MCE as the EBGP peer. By default. Enter system view. when the MCE advertises its routing information with its AS number to the site and then receives routing update information from the site. the domain ID is added to the BGP VPN route and is transmitted over the network as the extended community attribute of BGP. 6. when a route is redistributed into OSPF from BGP on the MCE. To distinguish routes of different OSPF domains. Redistribute remote site routes advertised by the PE. the route’s original OSPF attribute cannot be restored. For more information about BGP configuration. NOTE: • Normally. configure the MCE to allow routing loops. By default. • In standard BGP/OSPF route redistribution. Configuring IBGP beween MCE and VPN site If IBGP is used for exchanging routing information between an MCE and VPN sites. Enter BGP view. Configurations on a VPN site To configure the VPN site: Step Command Remarks 1. no routes of any other protocol are redistributed to BGP. peer { group-name | ip-address } as-number as-number N/A 4. Optional. system-view N/A 2. and redistribute the IGP routes of each VPN instance on the VPN sites. bgp as-number N/A 3. A VPN site must advertise the VPN network addresses it can reach to the connected MCE. see Layer 3—IP Routing Configuration Guide. BGP does not filter the received routes. you need to enable a route to carry the OSPF domain ID when the route is redistributed from OSPF into BGP on the peer PE. Redistribute the IGP routes of the VPN. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Optional. to enable the MCE to receive route updates normally. Thus. the BGP route exchange in the VPN instance is the same as the common BGP’s.

filter-policy { acl-number | ip-prefix ip-prefix-name } import 8. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * 7. Enter BGP-VPN instance view. Configure a filtering policy to filter the routes to be advertised. NOTE: When a CE is configured as an IBGP peer. bgp as-number N/A 3. . By default. By default. 2. Configure the MCE as the IBGP peer.1. system-view N/A 2. Configure an IBGP peer. Redistribute remote site routes advertised by the PE. ipv4-family vpn-instance vpn-instance-name N/A 4. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Configuring routing between MCE and PE MCE-PE routing configuration includes these tasks: 271 Optional. A VPN site must advertise the VPN network addresses it can reach to the connected MCE. system-view N/A 2. Enter system view. By default. the MCE does not advertise the BGP routes learned from this CE to other IBGP peers. peer { group-name | ip-address } as-number as-number N/A 5. bgp as-number N/A 3. BGP does not filter the received routes. Configurations on the VPN site To configure the VPN site: Step Command Remarks 1. does the MCE advertise routes learned from it to other IBGP peers. Only when you configure a CE as a client of the RR (the MCE). no RR or RR client is configured. Enter system view. Optional. Enter BGP view. peer { group-name | ip-address } reflect-client 6. By default. no routes of any other protocol are redistributed to BGP. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure a filtering policy to filter received routes. Configure the system to be the RR and specify the peer as the client of the RR. Optional. Enter BGP view. Configurations on the MCE To configure the MCE: Step Command Remarks 1. Optional. Redistribute the IGP routes of the VPN. peer { group-name | ip-address } as-number as-number N/A 4. BGP does not filter the routes to be advertised. including VPNv4 peers.

Command Remarks system-view N/A • ip route-static dest-address { mask | mask-length } 2. rip [ process-id ] vpn-instance vpn-instance-name N/A Enable RIP on the interface attached to the specified network. 3. Redistribute the VPN routes. Configuring RIP between MCE and PE To configure RIP between MCE and PE: Step Command Remarks 1.• Bind the MCE-PE interfaces to VPN instances • Perform route configurations • Redistribute VPN routes into the routing protocol running between the MCE and the PE. Enter system view. no route of any other routing protocol is redistributed into RIP. Configuring static routing between MCE and PE To configure static routing between MCE and PE: Step 1. default cost value 3. Configure the default cost value for the redistributed routes. 60 by default. ip route-static default-preference default-preference-value s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { gateway-address [ public ] | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Use either command. system-view N/A 2. Configurations on the PE are similar to those on the PE in common MPLS L3VPN network solutions (see “Configuring routing between PE and CE”). import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name | tag tag ] * By default. RIP is disabled on an interface. Enter system view. network network-address By default. 4. 5. . • ip route-static vpn-instance Configure the default precedence for static routes. 0 by default. Optional. 272 Optional. NOTE: Configurations in this section are made on the MCE. Create a RIP process for a VPN instance and enter RIP view. { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure a static route for a VPN instance.

By default. 0 by default. domain-id domain-id [ secondary ] 5. By default. and type). Enable OSPF on the interface attached to the specified network in the area. Optional. see Layer 3—IP Routing Configuration Guide. isis [ process-id ] vpn-instance vpn-instance-name N/A 273 . an interface neither belongs to any area nor runs OSPF. Create an IS-IS process for a VPN instance and enter IS-IS view. Enable the multi-VPN-instance function of OSPF. the default maximum number of routes redistributed per time is 1000. area area-id By default. NOTE: For more information about OSPF. no OSPF area is created. Configure a filtering policy to filter the redistributed routes. default { cost cost | limit limit | tag tag | type type } * 8. Configure the default parameters for redistributed routes (cost. tag. Optional. Configure the OSPF domain ID. Configuring IS-IS between MCE and PE To configure IS-IS between MCE and PE: Step Command Remarks 1. and default type of redistributed routes is Type-2. Create an OSPF process for a VPN instance and enter OSPF view. import-route protocol [ process-id | allow-ibgp ] [ cost cost | type type | tag tag | route-policy route-policy-name ] * 6. the default tag is 1. system-view N/A 2. route number. Optional. 4. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. see Layer 3—IP Routing Configuration Guide. Create an OSPF area and enter OSPF area view. Redistribute the VPN routes. network ip-address wildcard-mask By default. no route of any other routing protocol is redistributed into OSPF. system-view N/A 2. The default cost is 1. Configuring OSPF between MCE and PE To configure OSPF between MCE and PE: Step Command Remarks 1. redistributed routes are not filtered. vpn-instance-capability simple Disabled by default. Enter system view. Enter system view. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol [ process-id ] ] 7. 9.NOTE: For more information about RIP.

Enter system view.Step Command Remarks Configure a network entity title. Optional. IS-IS does not filter redistributed routes. ipv4-family vpn-instance vpn-instance-name N/A 4. filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name } export [ isis process-id | ospf process-id | rip process-id | bgp | direct | static ] 6. By default. Configuring EBGP between MCE and PE To configure EBGP between MCE and PE: Step Command Remarks 1. If you do not specify the route level in the command. Enable the IS-IS process on the interface. BGP does not filter the received routes. see Layer 3—IP Routing Configuration Guide. 4. 3. 274 Optional. . Configure a filtering policy to filter the routes to be advertised. network-entity net Not configured by default. By default. filter-policy { acl-number | ip-prefix ip-prefix-name } import 7. Redistribute the VPN routes of the VPN site. Enter BGP view. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * By default. Redistribute the VPN routes. isis enable [ process-id ] Disabled by default. Configure the PE as the EBGP peer. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure a filtering policy to filter the received routes. Optional. BGP does not filter the routes to be advertised. the command will redistribute routes to the level-2 routing table by default. bgp as-number N/A 3. Configure a filtering policy to filter the redistributed routes. Return to system view. Enter BGP-VPN instance view. peer { group-name | ip-address } as-number as-number N/A 5. interface interface-type interface-number N/A 8. system-view N/A 2. 6. NOTE: For more information about IS-IS. no route redistribution is configured. By default. By default. import-route { isis [ process-id ] | ospf [ process-id ] | rip [ process-id ] | bgp [ allow-ibgp ] | direct | static } [ cost cost | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 5. quit N/A 7. Optional. Enter interface view. IS-IS does not redistribute routes of any other routing protocol.

You can use the display vpn label operation command to view the current VPN label processing mode. Specify the VPN label processing mode as POPGO forwarding. BGP does not filter the routes to be advertised. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure a filtering policy to filter the received routes. Optional. and then search for the outbound interface according to the label and forward the packet out the interface. filter-policy { acl-number | ip-prefix ip-prefix-name } import 7. Enter BGP view. BGP does not filter the received routes. Configuring IBGP between MCE and PE To configure IBGP between MCE and PE: Step Command Remarks 1. By default. Specifying the VPN label processing mode The VPN label processing mode of an egress PE can be either POPGO or POP: • POPGO forwarding: Pop the label. Redistribute the VPN routes of the VPN site. By default. no route redistribution is configured. 6. After the command is executed successfully. system-view N/A 2. see Layer 3—IP Routing Configuration Guide. the router does not inform you of the result. To specify the VPN label processing mode on an egress PE: Step Command Remarks 1. peer { group-name | ip-address } as-number as-number N/A 5. 275 . • POP forwarding: Pop the label. Enter BGP-VPN instance view. system-view N/A 2. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * By default. Optional. Enter system view. and then search the FIB to find the outbound interface and forward the packet out the interface. Configure the PE as the IBGP peer. you need to save the current configuration and then reboot the router as prompted. Enter system view. Configure a filtering policy to filter the routes to be advertised. bgp as-number N/A 3. vpn popgo POP forwarding by default NOTE: Before executing the vpn popgo command on the router.NOTE: BGP runs within a VPN in the same way as it runs within a public network. For more information about BGP. ipv4-family vpn-instance vpn-instance-name N/A 4.

Enter system view. it will be replaced with that of the PE before the route is advertised.Configuring BGP AS number substitution Configuration prerequisites Before you configure BGP AS number substitution. With the BGP AS number substitution function. you can use the soft reset function or reset BGP connections to make new configurations take effect. Enter BGP VPN instance view. bgp as-number N/A 3. configure the BGP AS number substitution function to avoid route loss. Command Remarks refresh bgp vpn-instance vpn-instance-name { ip-address | all | external | group group-name } { export | import } Available in user view 276 . Soft reset requires that BGP peers have route refreshment capability (supporting Route-Refresh messages). To configure the BGP AS number substitution function: Step Command Remarks 1. if an AS number identical to that of the CE exist in the AS_PATH of the route. see Layer 3—IP Routing Command Reference. Enter BGP view. Step 1. system-view N/A 2. when a PE advertises a route to a CE of the specified peer. ipv4-family vpn-instance vpn-instance-name N/A 4. Displaying and maintaining MPLS L3VPN Resetting BGP connections When BGP configuration changes. complete the following tasks: • Configure basic MPLS L3VPN • Ensure CEs at different sites to have the same AS number Configuration procedure When CEs at different sites have the same AS number. Perform a soft reset of the BGP connections in a specific VPN instance. peer { ip-address | group-name } substitute-as Disabled by default NOTE: For information about the peer { ip-address | group-name } substitute-as command. Enable the BGP AS number substitution function.

Reset BGP VPNv4 connections. display fib vpn-instance vpn-instance-name ip-address [ mask | mask-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about labeled routes in the BGP routing table. display bgp vpnv4 { all | vpn-instance vpn-instance-name } network [ | { begin | exclude | include } regular-expression ] Available in any view Display BGP VPNv4 AS path information. Perform a soft reset of the BGP VPNv4 connections. display bgp vpnv4 { all | vpn-instance vpn-instance-name } paths [ as-regular-expression | { | { begin | exclude | include } regular-expression } ] Available in any view 277 . reset bgp vpnv4 { as-number | ip-address | all | external | internal | group group-name } Available in user view Displaying and maintaining MPLS L3VPN Task Command Remarks Display information about the routing table associated with a VPN instance. display bgp vpnv4 { all | vpn-instance vpn-instance-name } routing-table label [ | { begin | exclude | include } regular-expression ] Available in any view Display information about a specific or all BGP VPNv4 peer group. reset bgp vpn-instance vpn-instance-name { as-number | ip-address | all | external | group group-name } Available in user view 4. refresh bgp vpnv4 { ip-address | all | external | group group-name | internal } { export | import } Available in user view 3.Step Command Remarks 2. display bgp vpnv4 { all | vpn-instance vpn-instance-name } group [ group-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about BGP VPNv4 routes redistributed into a specific or all VPN instances. display ip vpn-instance [ instance-name vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the FIB of a VPN instance. display ip routing-table vpn-instance vpn-instance-name [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about a specific or all VPN instances. Reset BGP connections of a VPN instance. display fib vpn-instance vpn-instance-name [ acl acl-number | ip-prefix ip-prefix-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the FIB of a VPN instance that matches the specified destination IP address.

display bgp vpnv4 { all | vpn-instance vpn-instance-name } peer ip-address received ip-prefix [ | { begin | exclude | include } regular-expression ] Available in any view Display all BGP VPNv4 routing information. display bgp vpnv4 all routing-table [ [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number }&<1-16> | different-origin-as | peer ip-address { advertised-routes | received-routes } [ statistic ] | statistic ] [ | { begin | exclude | include } regular-expression ] | regular-expression as-regular-expression ] Available in any view 278 .Task Command Remarks display bgp vpnv4 all peer [ ip-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Display information about BGP VPNv4 peers. display bgp vpnv4 vpn-instance vpn-instance-name peer [ group-name log-info | ip-address { log-info | verbose } | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the IP prefix information of the ORF packets received from the specified BGP peer.

display ospf [ process-id ] sham-link [ area area-id ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about a specific or all tunnel policies. display bgp vpnv4 route-distinguisher route-distinguisher routing-table [ [ network-address [ mask | mask-length ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number }&<1-16> | different-origin-as ] [ | { begin | exclude | include } regular-expression ] | regular-expression as-regular-expression ] Available in any view Display the BGP VPNv4 routing information of a specific VPN instance. reset bgp vpn-instance vpn-instance-name dampening [ network-address [ mask | mask-length ] Available in user view 279 . display vpn label operation [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the specified LDP instance. display mpls ldp vpn-instance vpn-instance-name [ | { begin | exclude | include } regular-expression ] Available in any view Clear the route flap dampening information of a VPN instance. display tunnel-policy { all | policy-name tunnel-policy-name } [ | { begin | exclude | include } regular-expression ] Available in any view Display the VPN label processing mode on an egress PE.Task Command Remarks Display the BGP VPNv4 routing information of a specific RD. display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number }&<1-16> | dampened | dampening parameter | different-origin-as | flap-info [ network-address [ { mask | mask-length } [ longer-match ] ] | as-path-acl as-path-acl-number ] | peer ip-address { advertised-routes | received-routes } | statistic ] [ | { begin | exclude | include } regular-expression ] | [ flap-info ] regular-expression as-regular-expression ] Available in any view Display information about OSPF sham links.

9/32 POS2/1/1 172. • PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information. • EBGP is used to exchange VPN routing information between CE and PE. Remarks reset bgp vpn-instance vpn-instance-name ip-address flap-info reset bgp vpn-instance vpn-instance-name flap-info [ ip-address [ mask | mask-length ] | as-path-acl as-path-acl-number | regexp as-path-regexp ] Available in user view NOTE: For commands to display information about a routing table.Task Command Clear route flap history information about a BGP peer of a VPN instance.1/24 280 .1.1.1/24 P Loop0 2.2/24 POS2/1/2 172.1. Figure 74 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 3 CE 1 GE4/1/1 GE4/1/1 Loop0 GE4/1/1 PE 2 PE 1 POS2/1/1 POS2/1/1 Loop0 GE4/1/2 GE4/1/1 POS2/1/2 POS2/1/1 Loop0 GE4/1/2 P MPLS backbone GE4/1/1 GE4/1/1 CE 2 Device CE 4 VPN 2 VPN 2 AS 65420 AS 65440 Interface IP address Device Interface IP address CE 1 GE4/1/1 10.1. Users of different VPNs cannot access each other.1.2.2.2/24 GE4/1/1 10.1.1.2.9/32 PE 1 Loop0 1. MPLS L3VPN configuration examples Configuring MPLS L3VPNs using EBGP between PE and CE Network requirements • CE 1 and CE 3 belong to VPN 1. • VPN 1 uses VPN target attributes 111:1.1. while CE 2 and CE 4 belong to VPN 2. while VPN 2 uses VPN target attributes 222:2. see Layer 3—IP Routing Command Reference.1.

1/24 POS2/1/1 172.0.3.1.0] quit [P-ospf-1] quit # Configure PE 2.0.0.1. # Configure PE 1.255 [P-ospf-1-area-0.1. Configure an IGP on the MPLS backbone to implement IP connectivity within the backbone.2/24 CE 2 GE4/1/1 10.2.1/24 PE 2 GE4/1/1 10.0 0.0.0.0. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.4.2 24 [P-POS2/1/1] quit [P] interface pos 2/1/2 [P-POS2/1/2] clock master [P-POS2/1/2] ip address 172.9/32 POS2/1/1 172.1.2.1.3.1.0.0] network 2.0.0] network 172.255 [PE1-ospf-1-area-0.2.0.0 [P-ospf-1-area-0.0.1.3.255 [P-ospf-1-area-0.2/24 CE 3 GE4/1/1 10.0. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.2/24 CE 4 GE4/1/1 10.0.1.0.0.0.9 32 [PE2-LoopBack0] quit 281 .3.0.1.1.2.1.2.0.0 0.9 32 [P-LoopBack0] quit [P] interface pos 2/1/1 [P-POS2/1/1] clock master [P-POS2/1/1] ip address 172.1.1.1/24 GE4/1/2 10.1/24 Configuration procedure 1.1.0] network 172.0 [PE1-ospf-1-area-0.1 24 [PE1-POS2/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.1.0 0.0.1.1.1.0] network 172.0] network 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.2.1.1.3.9 0.0.2.3.2.9 0.0.0] quit [PE1-ospf-1] quit # Configure the P device.0.0.2/24 Loop0 3.0.1.1 24 [P-POS2/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.2.4.1.9 32 [PE1-LoopBack0] quit [PE1] interface pos 2/1/1 [PE1-POS2/1/1] ip address 172.GE4/1/2 10.1.0.

9/32 OSPF 10 1 172. Issue the display ospf peer verbose command.0.1.9 State: Full Address: 172.1. Issue the display ip routing-table command.1. The output shows that the adjacency status is Full.1 POS2/1/1 172.0.1.1.0.1.1.1 InLoop0 172.1.1.1.2 Dead timer due in 38 GR State: Normal Priority: 1 MTU: 0 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 2.1.[PE2] interface pos 2/1/1 [PE2-POS2/1/1] ip address 172.1.0.0.1/32 Direct 0 0 127. The output shows that the PEs have learned the routes to the loopback interfaces of each other.1.1.0.1.2. The following takes PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 8 Pre Routes : 8 Destination/Mask Proto Cost NextHop Interface 1.0/24 Direct 0 0 172.2 POS2/1/1 3.2 POS2/1/1 127. and PE 2.0.3.9/32 Direct 0 0 127.9 Neighbors Area 0.0.0. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.1.1.0.1.3.1.0 [PE2-ospf-1-area-0.1.1.0.0.255 [PE2-ospf-1-area-0.0 interface 172.2.1. P.1.1.0/8 Direct 0 0 127.1(POS5/1/1)'s neighbors Router ID: 2.1/32 Direct 0 0 127.1.0.2.2 24 [PE2-POS2/1/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0.3.9 0.0/24 OSPF 1 172.0 0.0] quit [PE2-ospf-1] quit After you complete the configurations.0.1 Master BDR: 172.0.2. OSPF adjacencies are established between PE 1.1 InLoop0 127.2.0.1.0.0.0.2.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit 282 .0] network 172.2 POS2/1/1 10 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.3. # Configure PE 1.0.2.1 InLoop0 172.1.9/32 OSPF 10 2 172.1 InLoop0 2.1. [PE1] mpls lsr-id 1.0.0] network 3.2 Mode:Nbr is DR: 172.

The output shows that the LSPs established by LDP.1.3. LDP sessions are established between PE 1. P.2 -------/POS2/1/1 3 3. Issue the display mpls ldp session command.0.9 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations. The output shows that the session status is Operational.1.1.2.1.2 -------/POS2/1/1 -----------------------------------------------------------------A '*' before an LSP means the LSP is not established 283 . The following takes PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv --------------------------------------------------------------2.1.0.3.9:0 Operational DU Passive Off Off 5/5 --------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 2/1/1 [P-POS2/1/1] mpls [P-POS2/1/1] mpls ldp [P-POS2/1/1] quit [P] interface pos 2/1/2 [P-POS2/1/2] mpls [P-POS2/1/2] mpls ldp [P-POS2/1/2] quit # Configure PE 2.# Configure the P device.2.9/32 NULL/1024 172.2. and PE 2.1 -------/InLoop0 2 2. [PE2] mpls lsr-id 3.2.3.9/32 NULL/3 172.1.3. [P] mpls lsr-id 2.2.9/32 3/NULL 127. Issue the display mpls ldp lsp command.

4.1. The PEs can ping their attached CEs. Use the ping command to test connectivity between the PEs and their attached CEs.2 24 [PE2-GigabitEthernet4/1/2] quit # Configure IP addresses for the CEs as required in Figure 74.1.1 284 . The following takes PE 1 and CE 1 as an example: [PE1] display ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpn1 100:1 2009/01/22 13:02:21 vpn2 100:2 2009/01/22 13:02:40 [PE1] ping -vpn-instance vpn1 10.1. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ip address 10.2 24 [PE1-GigabitEthernet4/1/2] quit # Configure PE 2. (Details not shown) After completing the configurations.2 24 [PE1-GigabitEthernet4/1/1] quit [PE1] interface GigabitEthernet4/1/2 [PE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet4/1/2] ip address 10.3. Configure VPN instances on PEs to allow CEs to access.2 24 [PE2-GigabitEthernet4/1/1] quit [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet4/1/2] ip address 10.1. # Configure PE 1.1. issue the display ip vpn-instance command on the PEs to view the configuration of the VPN instance.2.1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ip address 10.A '*' before a Label means the USCB or DSCB is stale 3.1.

(Details not shown) # Configure PE 1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.1.1.1.1.1.1. press CTRL_C to break Reply from 10.PING 10. issue the display bgp vpnv4 vpn-instance peer command on the PEs.1. Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed # Configure CE 1.1.1.1.1. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] peer 10.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit NOTE: The configurations for the other three CEs (CE 2 through CE 4) are similar to those for CE 1.1.00% packet loss round-trip min/avg/max = 3/23/56 ms 4.1.1. The following takes PE 1 and CE 1 as an example: [PE1] display bgp vpnv4 vpn-instance vpn1 peer BGP local router ID : 1.1.1.1 as-number 65420 [PE1-bgp-vpn2] import-route direct [PE1-bgp-vpn2] quit [PE1-bgp] quit NOTE: The configurations for PE 2 are similar to those for PE 1.1: 56 data bytes. (Details not shown) After completing the configuration.1: bytes=56 Sequence=5 ttl=255 time=3 ms --.1.9 Local AS number : 100 Total number of peers : 1 Peer AS 10.1.1 65410 11 Peers in established state : 1 MsgRcvd MsgSent OutQ 9 0 285 PrefRcv 1 Up/Down 00:06:37 State Established .1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. and has reached the Established state.1.10.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.2. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10. The output shows that BGP peer relationship has been established between the PEs and CEs.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.

1 InLoop0 255 [PE1] display ip routing-table vpn-instance vpn2 Destinations : 5 Destination/Mask Proto 10.1.0.0.0.0.1.1. [PE1] bgp 100 [PE1-bgp] peer 3.0/24 BGP 0 3.1 InLoop0 127.1. The output shows the routes to the CEs.0.1 InLoop0 10.0.3.1 InLoop0 255 286 .1.0.2.0.2 GE4/1/2 Direct 0 0 127.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure PE 2.0/24 10.3.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.0.1.1.5.3.1. [PE1] display bgp peer BGP local router ID : 1.3.0.2.3. Configure an MP-IBGP peer relationship between PEs # Configure PE 1.9 NULL0 127.1.0/8 Direct 0 0 127. Peer AS 3.1.0.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit After completing the configuration.9 NULL0 127.0.0.0.9 as-number 100 [PE2-bgp] peer 1. The output shows that BGP peer relationship has been established between the PEs.9 100 MsgRcvd Peers in established state : 1 MsgSent 2 OutQ 6 PrefRcv 0 Up/Down 0 State 00:00:12 Established Verify your configurations Issue the display ip routing-table vpn-instance command on the PEs.0.3.2.0/24 BGP 0 3.0.3.1/32 Direct 0 0 127.2/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 10.1.1.1.3.3.1.0. [PE2] bgp 100 [PE2-bgp] peer 1.9 as-number 100 [PE1-bgp] peer 3.1 InLoop0 127. and has reached the Established state.1.2 GE4/1/1 Direct 0 0 127.0.0.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.1.3.3. The following takes PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Destination/Mask Proto 10.0/8 Direct 0 0 127.0.3.1 InLoop0 10.9 Local AS number : 100 Total number of peers : 1 6.0/24 10.4. issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs.2/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 10.1/32 Direct 0 0 127.

3.1 PING 10. whereas those of different VPNs can not.1.3.4.10.1. • PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.1 PING 10.1. press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --.1. but cannot ping CE 4 (10.3. CE 1 can ping CE 3 (10.1): [CE1] ping 10.1: bytes=56 Sequence=4 ttl=253 time=50 ms Reply from 10.1: bytes=56 Sequence=2 ttl=253 time=34 ms Reply from 10.3. press CTRL_C to break Reply from 10. Users of different VPNs cannot access each other.1. 287 . • VPN 1 uses VPN target attribute 111:1.1: 56 data bytes.1.3.1.1.10.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100. • IBGP is used to exchange VPN routing information between CE and PE.1.CEs of the same VPN can ping each other.1).00% packet loss Configuring MPLS L3VPNs using IBGP between PE and CE Network requirements • CE 1 and CE 3 belong to VPN 1. VPN 2 uses VPN target attribute 222:2.4.1.1.4.4.3. For example.1: bytes=56 Sequence=5 ttl=253 time=34 ms --.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms Reply from 10.3. CE 2 and CE 4 belong to VPN 2.00% packet loss round-trip min/avg/max = 34/48/72 ms [CE1] ping 10.1: 56 data bytes.1.3.3.1: bytes=56 Sequence=3 ttl=253 time=50 ms Reply from 10.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.

Figure 75 Network diagram AS 100 AS 100 VPN 1 VPN 1 Loop0 CE 3 CE 1 Loop0 GE3/1/1 GE3/1/1 Loop0 GE3/1/1 PE 2 PE 1 POS5/1/1 POS5/1/1 Loop0 GE3/1/2 GE3/1/1 POS5/1/2 POS5/1/1 Loop0 GE3/1/2 P MPLS backbone GE3/1/1 GE3/1/1 CE 2 Loop0 Loop0 CE 4 VPN 2 VPN 2 AS 100 AS 100 Device Interface IP address Device Interface IP address PE 1 Loop0 1.1.2/24 POS5/1/1 172.0.1.1/24 CE 3 Loop0 6.0.1.6.3.2/24 CE 2 Loop0 5.9/32 GE3/1/1 10.2/24 GE3/1/1 10.1.1.9/32 GE3/1/1 10.1.3.0 0.1.4.0.1.0.1.1.1/24 POS5/1/1 172.9 32 [PE1-LoopBack0] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip address 172.1.0.0.1.1.2.4.0.1.7.5. 288 .1.2.2.7.9/32 PE 2 Loop0 3.1.1/24 CE 4 Loop0 7.1.4. # Configure PE 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1/24 GE3/1/1 10.9/32 GE3/1/1 10.2/24 GE3/1/2 10.9 0.1.0 [PE1-ospf-1-area-0.5.2.1.0] network 1.2.255 [PE1-ospf-1-area-0.2/24 GE3/1/2 10.2.1.9/32 POS5/1/2 172.3.9/32 GE3/1/1 10. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone.1/24 P POS5/1/1 172.0.3.1 24 [PE1-POS5/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0] network 172.0.1.1/24 Configuration procedure 1.0] quit [PE1-ospf-1] quit # Configure the P router.1.1.9/32 Loop0 2.0.2/24 CE 1 Loop0 4.1.1.4.1.6.

0.1.1.0/24 OSPF 1 172.0 0.0.1.0.0.1.0.0.9 32 [PE2-LoopBack0] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] ip address 172.1 24 [P-POS5/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.2.2.1.255 [PE2-ospf-1-area-0.0 0.1.0] network 2.0. Issue the display ip routing-table command.0.0] quit [PE2-ospf-1] quit After you complete the configurations.0.0.1.0] network 172.1.0.1.9/32 OSPF 10 2 172.0.1.9 0.0.1 POS5/1/1 172. P establishes an OSPF adjacency with PE 1 and PE 2 respectively.0.2.1/32 Direct 0 0 127.0.0/24 Direct 0 0 172.0.1.255 [P-ospf-1-area-0.0.2.1.1.9/32 Direct 0 0 127. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 8 Pre Routes : 8 Destination/Mask Proto Cost NextHop Interface 1.1.3.2. Issue the display ospf peer command.2 24 [PE2-POS5/1/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.1.0.1.0.1. The output shows that the adjacency status is Full.3.0] quit # Configure PE 2. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.255 [P-ospf-1-area-0.2.9 32 [P-LoopBack0] quit [P] interface pos 5/1/1 [P-POS5/1/1] ip address 172.0.3.0.0.2 POS5/1/1 10 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.0.0.9/32 OSPF 10 1 172.0.0] network 172.3.1.1 InLoop0 172.0.2 POS5/1/1 3.9 0.0.0.2.2 24 [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] ip address 172.0.1.1.9 289 .2.0] network 3.1.0 [P-ospf-1-area-0.1/32 Direct 0 0 127.<P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.1 InLoop0 2.1.0.0/8 Direct 0 0 127.1.3.1.0.0 [PE2-ospf-1-area-0.0 0.0.3.1.0.1 InLoop0 172.0] network 172.2.0.0.1 InLoop0 127.0.2.2 POS5/1/1 127. The output shows that the PEs have learned the routes to the loopback interfaces of each other.

Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.0.1.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 5/1/1 [P-POS5/1/1] mpls [P-POS5/1/1] mpls ldp [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] mpls [P-POS5/1/2] mpls ldp [P-POS5/1/2] quit # Configure PE 2. The output shows the LSPs established by LDP. # Configure PE 1.3. [P] mpls lsr-id 2.2.1(POS5/1/1)'s neighbors Router ID: 2.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] mpls ldp [PE1-POS5/1/1] quit # Configure the P router.1.9 State: Full Address: 172. The output shows that the session status is Operational.3.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After you complete the configurations.1. [PE2] mpls lsr-id 3. Take PE 1 as an example: 290 .2 Dead timer due in 38 GR State: Normal Priority: 1 MTU: 0 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 2.1. Issue the display mpls ldp lsp command.2.0.1.2.2 Mode:Nbr is DR: 172.Neighbors Area 0. Issue the display mpls ldp session command.1.1 Master BDR: 172.0 interface 172.1. P establishes an LDP session with PE 1 and PE 2 respectively.1.1.1. [PE1] mpls lsr-id 1.

[PE1] display mpls ldp session
LDP Session(s) in Public Network
---------------------------------------------------------------Peer-ID

Status

LAM

SsnRole

FT

MD5

KA-Sent/Rcv

--------------------------------------------------------------2.2.2.9:0

Operational

DU

Passive

Off

Off

5/5

--------------------------------------------------------------LAM : Label Advertisement Mode

FT

: Fault Tolerance

[PE1] display mpls ldp lsp
LDP LSP Information
-----------------------------------------------------------------SN

DestAddress/Mask

In/OutLabel

Next-Hop

In/Out-Interface

-----------------------------------------------------------------1

1.1.1.9/32

3/NULL

127.0.0.1

-------/InLoop0

2

2.2.2.9/32

NULL/3

172.1.1.2

-------/POS5/1/1

3

3.3.3.9/32

NULL/1024

172.1.1.2

-------/POS5/1/1

-----------------------------------------------------------------A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale

3.

Configure VPN instances on PEs to allow CEs to access.
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 222:2
[PE1-vpn-instance-vpn2] quit
[PE1] interface GigabitEthernet 3/1/1
[PE1-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-GigabitEthernet3/1/1] quit
[PE1] interface GigabitEthernet 3/1/2
[PE1-GigabitEthernet3/1/2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet3/1/2 ip address 10.2.1.2 24
[PE1-GigabitEthernet3/1/2] quit

# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 200:2
[PE2-vpn-instance-vpn2] vpn-target 222:2
[PE2-vpn-instance-vpn2] quit
[PE2] interface GigabitEthernet 3/1/1
[PE2-GigabitEthernet3/1/1] ip binding vpn-instance vpn1

291

[PE2-GigabitEthernet3/1/1] ip address 10.3.1.2 24
[PE2-GigabitEthernet3/1/1] quit
[PE2] interface GigabitEthernet 3/1/2
[PE2-GigabitEthernet3/1/2] ip binding vpn-instance vpn2
[PE2-GigabitEthernet3/1/2] ip address 10.4.1.2 24
[PE2-GigabitEthernet3/1/2 quit

# Configure IP addresses for the CEs as per Figure 75. (Details not shown)
After completing the configurations, issue the display ip vpn-instance command on the PEs to view
the configuration of the VPN instances. Use the ping command to test connectivity between the PEs
and their attached CEs. The PEs can ping their attached CEs. Take PE 1 and CE 1 as examples:
[PE1] display ip vpn-instance
Total VPN-Instances configured : 2
VPN-Instance Name

RD

Create time

vpn1

100:1

2009/01/22 13:02:21

vpn2

100:2

2009/01/22 13:02:40

[PE1] ping -vpn-instance vpn1 10.1.1.1
PING 10.1.1.1: 56

data bytes, press CTRL_C to break

Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms
--- 10.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/23/56 ms

4.

Establish IBGP peer relationships between PEs and CEs to redistribute VPN routes, and configure
routing policies to change the next hop of the routes.
# On CE 1, configure PE 1 as the IBGP peer, and configure a routing policy for the routes received
from PE 1, changing the next hop address of the routes to the IP address of PE 1.
<CE1> system-view
[CE1] route-policy ce-ibgp permit node 0
[CE1-route-policy] apply ip-address next-hop 10.1.1.2
[CE1-route-policy] quit
[CE1] bgp 100
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] peer 10.1.1.2 route-policy ce-ibgp import
[CE1-bgp] import-route direct
[CE1-bgp] quit

NOTE:
The configurations for the other three CEs (CE 2 through CE 4) are similar to those for CE 1. (Details not
shown)
# On PE 1, configure the CE 1 and CE 2 as its IBGP peers, and configure PE 1 as the route
reflector.
292

[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 100
[PE1-bgp-vpn1] peer 10.1.1.1 reflect-client
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] ipv4-family vpn-instance vpn2
[PE1-bgp-vpn2] peer 10.2.1.1 as-number 100
[PE1-bgp-vpn2] peer 10.2.1.1 reflect-client
[PE1-bgp-vpn2] import-route direct
[PE1-bgp-vpn2] quit
[PE1-bgp] quit

NOTE:
The configurations for PE 2 are similar to those for PE 1. (Details not shown)
Issue the display bgp vpnv4 vpn-instance peer command on the PEs. The output shows that BGP
peer relationships have been established between the PEs and CEs, and have reached the
Established state. Take the BGP peer relationship between PE 1 and CE 1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer

BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1

Peer
10.1.1.1

5.

Peers in established state : 1

AS

MsgRcvd

100

26

MsgSent OutQ PrefRcv Up/Down
21

0

State

2 00:11:08 Established

Configure an MP-IBGP peer relationship between PEs
# On PE 1, configure PE 2 as the MP-IBGP peer, and configure a routing policy for the routes
received from PE 2, changing the next hop address of the routes as the loopback interface address
of PE 2.
[PE1] route-policy pe-ibgp permit node 0
[PE1-route-policy] apply ip-address next-hop 3.3.3.9
[PE1-route-policy] quit
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 route-policy pe-ibgp import
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit

# On PE 2, configure PE 1 as the MP-IBGP peer, and configure a routing policy for the routes
received from PE 1, changing the next hop address of the routes as the loopback interface address
of PE 1.
[PE2] route-policy pe-ibgp permit node 0
[PE2-route-policy] apply ip-address next-hop 1.1.1.9

293

[PE2-route-policy] quit
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 route-policy pe-ibgp import
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit

Issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The
output shows that a BGP peer relationship has been established between the PEs, and has reached
the Established state. Take PE 1 as an example.
[PE1] display bgp peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1

6.

Peer

AS

3.3.3.9

100

MsgRcvd

Peers in established state : 1
MsgSent

2

OutQ

6

PrefRcv

0

Up/Down

0

State

00:00:12 Established

Verify your configurations
Issue the display ip routing-table vpn-instance command on the PEs. The output shows the routes
to the peer CEs. Take PE 1 as an example:
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 7

Routes : 7

Destination/Mask

Proto

Pre

Cost

NextHop

Interface

4.4.4.9/32

BGP

255

0

10.1.1.1

GE3/1/1

6.6.6.9/32

BGP

255

0

3.3.3.9

NULL0

10.1.1.0/24

Direct 0

0

10.1.1.2

GE3/1/1

10.1.1.2/32

Direct 0

0

127.0.0.1

InLoop0

10.3.1.0/24

BGP

0

3.3.3.9

NULL0

127.0.0.0/8

Direct 0

0

127.0.0.1

InLoop0

127.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

255

[PE1] display ip routing-table vpn-instance vpn2
Routing Tables: vpn2
Destinations : 7

Routes : 7

Destination/Mask

Proto

Pre

Cost

NextHop

Interface

5.5.5.9/32

BGP

255

0

10.2.1.1

GE3/1/2

7.7.7.9/32

BGP

255

0

3.3.3.9

NULL0

10.2.1.0/24

Direct 0

0

10.2.1.2

GE3/1/2

10.2.1.2/32

Direct 0

0

127.0.0.1

InLoop0

10.4.1.0/24

BGP

0

3.3.3.9

NULL0

127.0.0.0/8

Direct 0

0

127.0.0.1

InLoop0

127.0.0.1/32

Direct 0

0

127.0.0.1

InLoop0

255

294

CEs of the same VPN can ping each other, whereas those of different VPNs can not. For example,
CE 1 can ping CE 3 (6.6.6.9), but cannot ping CE 4 (7.7.7.9):
[CE1] ping 6.6.6.9
PING 6.6.6.9: 56

data bytes, press CTRL_C to break

Reply from 6.6.6.9: bytes=56 Sequence=1 ttl=253 time=72 ms
Reply from 6.6.6.9: bytes=56 Sequence=2 ttl=253 time=34 ms
Reply from 6.6.6.9: bytes=56 Sequence=3 ttl=253 time=50 ms
Reply from 6.6.6.9: bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 6.6.6.9: bytes=56 Sequence=5 ttl=253 time=34 ms
--- 6.6.6.9 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/48/72 ms
[CE1] ping 7.7.7.9
PING 7.7.7.9: 56

data bytes, press CTRL_C to break

Request time out
Request time out
Request time out
Request time out
Request time out
--- 7.7.7.9 ping statistics --5 packet(s) transmitted
0 packet(s) received
100.00% packet loss

Configuring an MPLS L3VPN that uses a GRE tunnel
Network requirements

CE 1 and CE 2 belong to VPN 1. The PEs support MPLS. The P router does not support MPLS and
provides only IP functions.

On the backbone, use a GRE tunnel to encapsulate and forward VPN packets to implement MPLS
L3VPN.

Configure tunneling policies on the PEs and specify the tunnel type for VPN traffic as GRE.

295

Figure 76 Network diagram

Device

Interface

IP address

Device

Interface

IP address

CE 1

GE3/1/1

10.1.1.1/24

P

POS5/1/1

172.1.1.2/24

PE 1

Loop0

1.1.1.9/32

POS5/1/2

172.2.1.1/24

CE 2

GE3/1/1

10.1.1.2/24

Loop0

2.2.2.9/32

POS5/1/2

172.1.1.1/24

PE 2

GE3/1/1

10.2.1.2/24

Tunnel0

20.1.1.1/24

POS5/1/1

172.2.1.2/24

GE3/1/1

10.2.1.1/24

Tunnel0

20.1.1.2/24

Configuration procedure
1.

Configure an IGP (such as OSPF) on the MPLS backbone to ensure IP connectivity within the
backbone.
After you complete the configurations, OSPF adjacencies are established between PE 1, P, and PE
2. Issue the display ospf peer command. The output shows that the adjacency status is Full. Issue
the display ip routing-table command. The output shows that the PEs have learned the loopback
route of each other.

2.

Enable basic MPLS on the PEs
# Configure PE 1.
<PE1> system-view
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit

# Configure PE 2.
<PE2> system-view
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit

3.

Configure VPN instances on PEs to allow CEs to access, and apply tunneling policies to the VPN
instances, using a GRE tunnel for VPN packet forwarding
# Configure PE 1.
296

[PE1] tunnel-policy gre1
[PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE1-tunnel-policy-gre1] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] tnl-policy gre1
[PE1-vpn-instance-vpn1] quit
[PE1] interface GigabitEthernet 3/1/1
[PE1-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[PE1-GigabitEthernet3/1/1] quit

# Configure PE 2.
[PE2] tunnel-policy gre1
[PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE2-tunnel-policy-gre1] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] tnl-policy gre1
[PE2-vpn-instance-vpn1] quit
[PE2] interface GigabitEthernet 3/1/1
[PE2-GigabitEthernet3/1/1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet3/1/1] ip address 10.2.1.2 24
[PE2-GigabitEthernet3/1/1] quit

# Configure CE 1.
<CE1> system-view
[CE1] interface GigabitEthernet 3/1/1
[CE1-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[CE1-GigabitEthernet3/1/1] quit

# Configure CE 2.
<CE2> system-view
[CE2] interface GigabitEthernet 3/1/1
[CE2-GigabitEthernet3/1/1] ip address 10.2.1.1 24
[CE2-GigabitEthernet3/1/1] quit

After completing the configurations, issue the display ip vpn-instance command on the PEs to view
the configuration of the VPN instance. Use the ping command to test connectivity between the PEs
and their attached CEs. The PEs can ping their attached CEs. The following takes PE 1 as an
example:
[PE1] display ip vpn-instance
Total VPN-Instances configured : 1
VPN-Instance Name
vpn1

RD

Create Time

100:1

2006/08/13 09:32:45

[PE1] ping -vpn-instance vpn1 10.1.1.1
PING 10.1.1.1: 56

data bytes, press CTRL_C to break

Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=27 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=33 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=7 ms

297

Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=29 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms
--- 10.1.1.1 ping statistics --5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 7/21/33 ms

4.

Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit

# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpn1] peer 10.1.1.1 next-hop-local
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] quit

NOTE:
The configurations for CE 2 are similar to those for CE 1 and the configurations for PE 2 are similar to
those for PE 1. (Details not shown)
After completing the configuration, issue the display bgp vpnv4 vpn-instance peer command on
the PEs. The output shows that BGP peer relationship has been established between PE and CE,
and has reached the Established state.
The following takes PE 1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1
Peer
10.1.1.1

5.

AS

MsgRcvd

65410

Peers in established state : 1
MsgSent

OutQ

PrefRcv

5

0

1

5

Configure an MP-IBGP peers between PEs
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit

298

Up/Down

State

00:02:03 Established

0. issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The output shows that BGP peer relationship has been established between the PEs.0.1.0.0.1.1 InLoop0 255 The following takes PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 Cost NextHop Interface 0 127.9 [PE2-Tunnel0] ip address 20.0.1/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 10.2.1.2.0/24 BGP 0 10.0/24 10.0.1.0/8 Direct 0 0 127.1 InLoop0 10. [PE1] display bgp vpnv4 all peer BGP local router ID : 1.1 InLoop0 127.NOTE: The configurations for PE 2 are similar to those for PE 1. and has reached the Established state.1/32 Direct 0 0 127.0.0.1 24 [PE1-Tunnel0] mpls [PE1-Tunnel0] quit # Configure PE 2.2.1.2.1.1.9 6.0.1.2 GE3/1/1 127.1.1.2 24 [PE2-Tunnel0] mpls [PE2-Tunnel0] quit 7.0.9 Local AS number : 100 Total number of peers : 1 Peer 2. [PE2] interface tunnel 0 [PE2-Tunnel0] tunnel-protocol gre [PE2-Tunnel0] source loopback 0 [PE2-Tunnel0] destination 1.1 InLoop0 299 . Verify your configurations After you complete the configurations.2. the CEs can learn the interface routes from each other. [PE1] interface tunnel 0 [PE1-Tunnel0] tunnel-protocol gre [PE1-Tunnel0] source loopback 0 [PE1-Tunnel0] destination 2.1.1. Peers in established state : 1 AS MsgRcvd MsgSent OutQ PrefRcv 100 3 3 0 1 Up/Down State 00:00:34 Established Configure a GRE tunnel # Configure PE 1.1 GE3/1/1 Direct 0 0 127.1.9 [PE1-Tunnel0] ip address 20.1. (Details not shown) After completing the configuration.1.1.1. The following takes CE 1 as an example: [CE1] display ip routing-table Routing Tables: Public Destinations : 5 Destination/Mask Proto 10.0.0.

1 InLoop0 172.0.0/24 Routes : 3 Pre Cost NextHop Interface Direct 0 0 10.2.1.1.00% packet loss round-trip min/avg/max = 41/62/69 ms Configuring inter-AS option A Network requirements • CE 1 and CE 2 belong to the same VPN.2 POS5/1/2 10 [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 3 Destination/Mask Proto 10.1.1.1.1.1 InLoop0 127.0.1. the VRF-to-VRF method is used to manage VPN routes. press CTRL_C to break Reply from 10.1.0.0/24 Direct 0 0 20.1.1 Tunnel0 20.1.1.1.1: bytes=56 Sequence=2 ttl=253 time=69 ms Reply from 10.0/24 Direct 0 0 172.1: bytes=56 Sequence=3 ttl=253 time=68 ms Reply from 10.0.1.1.1.0/8 Direct 0 0 127.1.1. That is.1.2.10.2 POS5/1/2 10.0/24 OSPF 3124 172.2.1.2.2.1 InLoop0 127.1.1/32 Direct 0 0 127.0.2.1.0.1.1.0.9/32 OSPF 3125 172.1.2/32 Direct 0 0 172.0. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200.2. 300 .1: bytes=56 Sequence=1 ttl=253 time=41 ms Reply from 10.1.2.2.0.1.1: bytes=56 Sequence=5 ttl=253 time=67 ms --.2.1/32 Direct 0 0 127.0.0/24 10.1: 56 data bytes.1.1 InLoop0 BGP 0 2.1.1: bytes=56 Sequence=4 ttl=253 time=68 ms Reply from 10.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.1.2.1 Tunnel0 20. • The MPLS backbone in each AS runs OSPF.1.2.1.0.2/32 10.1 InLoop0 172.2 POS5/1/2 172.1.0.2. [CE1] ping 10.1.0.1/32 Direct 0 0 127.0/24 Static 60 10 0 20.9 NULL0 255 The CEs can ping each other.1.2.2.2.1 PING 10.1.1.2 GE3/1/1 Direct 0 0 127. • Inter-AS MPLS L3VPN is implemented using option A.1.1 POS5/1/2 172.1.0.1.

2/24 POS2/1/2 192.4.1.1.9/32 GE4/1/2 10.1/24 CE 2 GE4/1/1 10.1/24 Loop0 2.1.1/24 POS2/1/2 192. <PE1> system-view [PE1] mpls lsr-id 1.1.1.4.1.1. Issue the display ospf peer verbose command.3. and that PEs can learn the routes to the loopback interfaces of each other.1.1.1.1.1/24 PE 1 Loop0 1.1.2/24 ASBR-PE1 Device ASBR-PE2 Interface IP address Configuration procedure 1.9/32 Loop0 3.1.1.1. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs # Configure basic MPLS on PE 1 and enable MPLS LDP on the interface connected to ASBR PE 1.1. each ASBR PE and the PE in the same AS can establish OSPF adjacencies.3.2.2. Configure an IGP (such as OSPF) on the MPLS backbone to ensure IP connectivity in the backbone.1/24 POS2/1/1 162.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit 301 .Figure 77 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 POS2/1/2 POS2/1/1 Loop0 POS2/1/2 ASBR-PE 2 ASBR-PE 1 POS2/1/1 POS2/1/1 Loop0 POS2/1/1 PE 2 PE 1 GE4/1/2 GE4/1/2 GE4/1/1 GE4/1/1 CE 1 CE 2 AS 65001 Device AS 65002 Interface IP address CE 1 GE4/1/1 10. (Details not shown) NOTE: The 32-bit loopback interface address used as the LSR ID needs to be advertised by OSPF.1.2/24 GE4/1/2 10.1.2.1.1.9/32 POS2/1/1 172.9/32 PE 2 Loop0 4.2/24 POS2/1/1 172.2/24 POS2/1/1 162.1. 2.1. After you complete the configurations.2. The output shows that the adjacencies reach the Full state. Each ASBR PE and the PE in the same AS can ping each other.

9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.4. <PE2> system-view [PE2] mpls lsr-id 4. The output shows that the session status is Operational.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos2/1/1 [ASBR-PE1-POS2/1/1] clock master [ASBR-PE1-POS2/1/1] mpls [ASBR-PE1-POS2/1/1] mpls ldp [ASBR-PE1-POS2/1/1] quit # Configure basic MPLS on ASBR PE 2 and enable MPLS LDP on the interface connected to PE 2.2. <ASBR-PE2> system-view [ASBR-PE2] mpls lsr-id 3.3. This is not required for PEs in different ASs.2.4. the VPN targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. 3.[PE1] interface pos2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit # Configure basic MPLS on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1.3. Configure VPN instances on PEs to allow CEs to access the network NOTE: For the same VPN. 302 .9 [ASBR-PE2] mpls [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface pos2/1/1 [ASBR-PE2-POS2/1/1] clock master [ASBR-PE2-POS2/1/1] mpls [ASBR-PE2-POS2/1/1] mpls ldp [ASBR-PE2-POS2/1/1] quit # Configure basic MPLS on PE 2 and enable MPLS LDP on the interface connected to ASBR PE 2. Issue the display mpls ldp session command on the devices. each PE and the ASBR PE in the same AS can establish neighbor relationship.

1. creating a VPN instance and binding the instance to the interface connected to ASBR PE 2.1.# Configure CE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/2] ip address 10. ASBR PE 2 considers ASBR PE 1 its CE.2.2.1 24 [CE1-GigabitEthernet4/1/1] quit # Configure PE 1. <CE2> system-view [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 10.1 24 [CE2-GigabitEthernet4/1/1] quit # Configure PE 2. <CE1> system-view [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 10.1 24 [ASBR-PE1-POS2/1/2] quit # Configure ASBR PE 2.1. creating a VPN instance and binding the instance to the interface connected to ASBR PE 1.1.2 24 [PE2-GigabitEthernet4/1/2] quit # Configure ASBR PE 1. [ASBR-PE2] ip vpn-instance vpn1 [ASBR-PE2-vpn-vpn1] route-distinguisher 200:1 [ASBR-PE2-vpn-vpn1] vpn-target 100:1 both [ASBR-PE2-vpn-vpn1] quit [ASBR-PE2] interface POS 2/1/2 [ASBR-PE2-POS2/1/2] ip binding vpn-instance vpn1 303 .1. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:2 [PE2-vpn-instance-vpn1] vpn-target 100:1 both [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/2] ip address 10.2 24 [PE1-GigabitEthernet4/1/2] quit # Configure CE 2. [ASBR-PE1] ip vpn-instance vpn1 [ASBR-PE1-vpn-vpn1] route-distinguisher 100:1 [ASBR-PE1-vpn-vpn1] vpn-target 100:1 both [ASBR-PE1-vpn-vpn1] quit [ASBR-PE1] interface POS 2/1/2 [ASBR-PE1-POS2/1/2] clock master [ASBR-PE1-POS2/1/2] ip binding vpn-instance vpn1 [ASBR-PE1-POS2/1/2] ip address 192.1.1.1. ASBR PE 1 considers ASBR PE 2 its CE.

[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE1-bgp-vpn1] peer 192.2.2 as-number 200 [CE2-bgp] import-route direct [CE2-bgp] quit # Configure PE 2.1.[ASBR-PE2-POS2/1/2] ip address 192.1.1.2.1. [CE1] bgp 65001 [CE1-bgp] peer 10.1.1. [PE1] bgp 100 [PE1-bgp] peer 2. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure PE 1.1.1.2.2.1 as-number 65002 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit 5.2.2.9 as-number 100 [PE1-bgp] peer 2. [CE2] bgp 65002 [CE2-bgp] peer 10. Establish an MP-IBGP peer relationship between each PE and the ASBR-PE in the same AS and an EBGP peer relationship between the ASBR PEs # Configure PE 1.2.9 next-hop-local [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure ASBR-PE 1.1.2.2 24 [ASBR-PE2-POS2/1/2] quit After completing the configurations. view the VPN instance configurations by issuing the display ip vpn-instance command.2.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2. Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed # Configure CE 1.1.9 enable [PE1-bgp-af-vpnv4] peer 2. The PEs can ping their attached CEs and the ASBR PEs can ping each other.2.2 as-number 200 [ASBR-PE1-bgp-vpn1] quit 304 . 4.1 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [PE2] bgp 200 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.

1.1.4. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.4.9 enable [ASBR-PE1-bgp-af-vpnv4] peer 1.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 3. Verify your configurations After you complete the configurations.3.1. • PEs in the same AS run IS-IS. [PE2] bgp 200 [PE2-bgp] peer 3. • PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP.1. • ASBR-PE 1 and ASBR-PE 2 exchange labeled IPv4 routes by MP-EBGP.4.9 enable [PE2-bgp-af-vpnv4] peer 3.[ASBR-PE1-bgp] peer 1.9 enable [ASBR-PE2-bgp-af-vpnv4] peer 4.3.3.4.1.3.3.9 as-number 200 [PE2-bgp] peer 3. • ASBRs do not perform VPN target filtering of received VPN-IPv4 routes.3.1.3.1. Configuring inter-AS option B Network requirements • Site 1 and Site 2 belong to the same VPN.4.9 as-number 100 [ASBR-PE1-bgp] peer 1.4.4.9 next-hop-local [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. • PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 1. 305 .9 next-hop-local [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit 6.9 next-hop-local [ASBR-PE2-bgp-af-vpnv4] quit [ASBR-PE2-bgp] quit # Configure PE 2.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] peer 4.3.1.1. CE 1 of Site 1 accesses the network through PE 1 in AS 100 and CE 2 of Site 2 accesses the network through PE 2 in AS 600.1 as-number 100 [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4. the CEs can learn the interface routes from each other and ping each other.9 as-number 200 [ASBR-PE2-bgp] peer 4.1.4.

1.0.1111. and start IS-IS and enable MPLS and LDP on the interface.1/8 POS2/1/1 1.0.Figure 78 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2. [PE1] interface POS 2/1/1 [PE1-POS2/1/1] ip address 1.1.0.2 255.3. [PE1] mpls lsr-id 2.1111.0.9/32 Loop0 4.1111.0.1.1.9/32 GE4/1/1 30.2.0. Configure PE 1 # Start IS-IS on PE 1.0.1/8 POS2/1/2 11.1.2.1. enable MPLS and LDP.1/8 ASBR-PE 1 ASBR-PE 2 Configuration procedure 1.2/8 POS2/1/2 11.1111.1/8 POS2/1/1 9.2/8 POS2/1/1 9.9 [PE1] mpls [PE1-mpls] label advertise non-null [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface POS 2/1/1.4.0.0.9/32 PE 2 Loop0 5.3.9/32 POS2/1/1 1.2/8 Loop0 3.0 [PE1-POS2/1/1] isis enable 1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp 306 .1.00 [PE1-isis-1] quit # Configure LSR ID. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.2.0.1.5.1/8 GE4/1/1 20.1.2.5.1.4.

3.2. [PE1] bgp 100 # Configure IBGP peer 3.2222.3. and start IS-IS and enable MPLS and LDP on the interface.9 as-number 100 [PE1-bgp] peer 3.9 enable [PE1-bgp-af-vpnv4] quit # Redistribute direct routes to the VPN routing table of vpn1.2.3. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit 2.[PE1-POS2/1/1] quit # Configure interface Loopback 0 and start IS-IS on it. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Bind the interface connected with CE 1 to the created VPN instance. [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ip address 30.3.3. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2. enable MPLS and LDP. [ASBR-PE1] mpls lsr-id 3.3.9 as a VPNv4 peer.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] label advertise non-null [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit # Configure interface POS 2/1/1.00 [ASBR-PE1-isis-1] quit # Configure LSR ID. <ASBR-PE1> system-view [ASBR-PE1] isis 1 [ASBR-PE1-isis-1] network-entity 10. [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3. Configure ASBR-PE 1 # Start IS-IS on ASBR-PE 1.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes. [ASBR-PE1] interface POS 2/1/1 [ASBR-PE1-POS2/1/1] clock master 307 .0.3.2222.1 8 [PE1-GigabitEthernet4/1/1] quit # Start BGP on PE 1.2222.0.3.2222.

2.2.1 as-number 600 # Specify not to filter the received VPNv4 routes using the import target attribute.0 and EBGP peer 11. [ASBR-PE2] interface POS 2/1/1 [ASBR-PE2-POS2/1/1] clock master [ASBR-PE2-POS2/1/1] ip address 9.2.2. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.0.00 [ASBR-PE2-isis-1] quit # Configure LSR ID.0.222. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.0.0.222.0.0.2.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Start BGP on ASBR-PE 1.0.2.0. [ASBR-PE1] interface POS 2/1/2 [ASBR-PE1-POS2/1/2] clock master [ASBR-PE1-POS2/1/2] ip address 11.222.1.1 as VPNv4 peers.0.0 [ASBR-PE2-POS2/1/1] isis enable 1 308 .9 enable [ASBR-PE1-bgp-af-vpnv4] quit 3.0.0.0 [ASBR-PE1-POS2/1/1] isis enable 1 [ASBR-PE1-POS2/1/1] mpls [ASBR-PE1-POS2/1/1] mpls ldp [ASBR-PE1-POS2/1/1] quit # Configure interface POS 2/1/2 and enable MPLS.1 enable [ASBR-PE1-bgp-af-vpnv4] peer 2.4.1 255.3.222.4.2. [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] undo policy vpn-target # Configure both IBGP peer 2.1 255.2.[ASBR-PE1-POS2/1/1] ip address 1.0 [ASBR-PE1-POS2/1/2] mpls [ASBR-PE1-POS2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it.1.2 255.1. and start IS-IS and enable MPLS and LDP on the interface. Configure ASBR-PE 2 # Start IS-IS on ASBR-PE 2.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface POS 2/1/1. <ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10. enable MPLS and LDP.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] peer 11. [ASBR-PE1-bgp-af-vpnv4] peer 11. [ASBR-PE2] mpls lsr-id 4.3.0.9 as-number 100 [ASBR-PE1-bgp] peer 2.0.0.

1111.0.0.1111.5.0.0.5.1111. enable MPLS and LDP. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.1.0. [PE2] mpls lsr-id 5.5.9 and EBGP peer 11.4.9 as-number 600 [ASBR-PE2-bgp] peer 5.2 as VPNv4 peers.9 [PE2] mpls [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface POS 2/1/1.4.[ASBR-PE2-POS2/1/1] mpls [ASBR-PE2-POS2/1/1] mpls ldp [ASBR-PE2-POS2/1/1] quit # Configure interface POS 2/1/2 and enable MPLS. Configure PE 2 # Start IS-IS on PE 2.1.0. [ASBR-PE2-bgp-af-vpnv4] peer 11.0.5.5.0.0 [PE2-POS2/1/1] isis enable 1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit 309 . [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.5.5.0.0.00 [PE2-isis-1] quit # Configure LSR ID.0. [ASBR-PE2] interface POS 2/1/2 [ASBR-PE2-POS2/1/2] ip address 11.2 enable [ASBR-PE2-bgp-af-vpnv4] peer 5. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.9 enable [ASBR-PE2-bgp-af-vpnv4] quit [ASBR-PE2-bgp] quit 4.2 255.1 255. [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] undo policy vpn-target # Configure both IBGP peer 5.5.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Start BGP on ASBR-PE 2.9 connect-interface loopback 0 # Specify not to filter the received VPNv4 routes using the import target attribute.1111.0 [ASBR-PE2-POS2/1/2] mpls [ASBR-PE2-POS2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it. [PE2] interface POS 2/1/1 [PE2-POS2/1/1] ip address 9.0.2 as-number 100 [ASBR-PE2-bgp] peer 5.5.5. and start IS-IS and enable MPLS and LDP on the interface.

# Configure interface Loopback 0 and start IS-IS on it.4.4. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5. • PEs in the same AS run IS-IS. The ping operation is successful. Verify your configurations # After you complete the configurations.1 8 [PE2-GigabitEthernet4/1/1] quit # Start BGP on PE 2. [PE2] ping –vpn-instance vpn1 30. • PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP. [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit 5.5.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 4.0.0.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes. • PE 1 and PE 2 are MP-EBGP peers.4.0. [PE2] bgp 600 # Configure IBGP peer 4. [PE1] ping –vpn-instance vpn1 20.4.9 as a VPNv4 peer. Site 1 accesses the network through PE 1 in AS 100 and Site 2 accesses the network through PE 2 in AS 600. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected with CE 1 to the created VPN instance.9 enable [PE2-bgp-af-vpnv4] quit # Redistribute direct routes to the VPN routing table of vpn1. 310 . ping PE 1 from PE 2.1 # Ping PE 2 from PE 1.4. • PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP.0.4.0.9 as-number 600 [PE2-bgp] peer 4. [PE2-bgp] peer 4.4. [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ip address 20.4.1 Configuring inter-AS option C Network requirements • Site 1 and Site 2 belong to the same VPN.0. The ping operation is successful.

• ASBR-PE 1 and ASBR-PE 2 use their respective routing policies and label the routes received from each other.1.2 255.1111.1111. [PE1] mpls lsr-id 2.1/8 POS4/1/1 9.2/8 Loop0 4.9/32 POS4/1/1 POS4/1/2 Interface IP address Loop0 5.0. Configure PE 1 # Run IS-IS on PE 1.2.4.9/32 PE 2 Loop1 30.2.1.0. enable MPLS and LDP.0.5.2.1.9/32 1.1.1111.1.0.1.0.2 ASBR-PE 1 POS4/1/1 1.1/8 ASBR-PE 2 Configuration procedure 1.0. 311 .1.9 [PE1] mpls [PE1-mpls] label advertise non-null [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface POS 4/1/1.1.2/8 Loop0 3.1.2/8 POS4/1/2 11.2 POS4/1/1 9.4.00 [PE1-isis-1] quit # Configure LSR ID.0.1/8 11.0. Figure 79 Network diagram Device Interface IP address Device PE 1 Loop0 2.2.0.0. [PE1] interface POS 4/1/1 [PE1-POS4/1/1] ip address 1.1. • ASBR-PE 1 and ASBR-PE 2 use MP-EBGP to exchange labeled IPv4 routes.0 [PE1-POS4/1/1] isis enable 1 [PE1-POS4/1/1] mpls [PE1-POS4/1/1] mpls ldp [PE1-POS4/1/1] quit # Configure interface Loopback 0 and start IS-IS on it.3.5. and start IS-IS and enable MPLS and LDP on the interface.1111.9/32 Loop1 20.3. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.

[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit

# Create VPN instance vpn1 and configure the RD and VPN target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1] quit

# Configure interface Loopback 1 and bind the interface to VPN instance vpn1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip binding vpn-instance vpn1
[PE1-LoopBack1] ip address 30.0.0.1 32
[PE1-LoopBack1] quit

# Start BGP on PE 1.
[PE1] bgp 100

# Configure the capability to advertise labeled routes to IBGP peer 3.3.3.9 and to receive labeled
routes from the peer.
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp] peer 3.3.3.9 label-route-capability

# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.
[PE1-bgp] peer 5.5.5.9 as-number 600
[PE1-bgp] peer 5.5.5.9 connect-interface loopback 0
[PE1-bgp] peer 5.5.5.9 ebgp-max-hop 10

# Configure peer 5.5.5.9 as a VPNv4 peer.
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 5.5.5.9 enable
[PE1-bgp-af-vpnv4] quit

# Redistribute direct routes to the routing table of vpn1.
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] quit

2.

Configure ASBR-PE 1
# Start IS-IS on ASBR-PE 1.
<ASBR-PE1> system-view
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.2222.2222.2222.2222.00
[ASBR-PE1-isis-1] quit

# Configure LSR ID, enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls
[ASBR-PE1-mpls] label advertise non-null
[ASBR-PE1-mpls] quit

312

[ASBR-PE1] mpls ldp
[ASBR-PE1-mpls-ldp] quit

# Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface.
[ASBR-PE1] interface POS 4/1/1
[ASBR-PE1-POS4/1/1] clock master
[ASBR-PE1-POS4/1/1] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-POS4/1/1] isis enable 1
[ASBR-PE1-POS4/1/1] mpls
[ASBR-PE1-POS4/1/1] mpls ldp
[ASBR-PE1-POS4/1/1] quit

# Configure interface POS 4/1/2 and enable MPLS on it.
[ASBR-PE1] interface POS 4/1/2
[ASBR-PE1-POS4/1/2] clock master
[ASBR-PE1-POS4/1/2] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-POS4/1/2] mpls
[ASBR-PE1-POS4/1/2] quit

# Configure interface Loopback 0 and start IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit

# Create routing policies.
[ASBR-PE1] route-policy policy1 permit node 1
[ASBR-PE1-route-policy1] apply mpls-label
[ASBR-PE1-route-policy1] quit
[ASBR-PE1] route-policy policy2 permit node 1
[ASBR-PE1-route-policy2] if-match mpls-label
[ASBR-PE1-route-policy2] apply mpls-label
[ASBR-PE1-route-policy2] quit

# Start BGP on ASBR-PE 1 and redistribute routes from IS-IS process 1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] import-route isis 1

# Use routing policy policy2 to filter routes advertised to IBGP peer 2.2.2.9.
[ASBR-PE1-bgp] peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp] peer 2.2.2.9 route-policy policy2 export

# Configure the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled
routes from the peer.
[ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp] peer 2.2.2.9 label-route-capability

# Use routing policy policy1 to filter routes advertised to EBGP peer 11.0.0.1.
[ASBR-PE1-bgp] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp] peer 11.0.0.1 route-policy policy1 export

# Configure the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive
labeled routes from the peer.
[ASBR-PE1-bgp] peer 11.0.0.1 label-route-capability
[ASBR-PE1-bgp] quit

313

3.

Configure ASBR-PE 2
# Start IS-IS on ASBR-PE 2.
<ASBR-PE2> system-view
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.2222.2222.2222.2222.00
[ASBR-PE2-isis-1] quit

# Configure LSR ID, enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls
[ASBR-PE2-mpls] label advertise non-null
[ASBR-PE2-mpls] quit
[ASBR-PE2] mpls ldp
[ASBR-PE2-mpls-ldp] quit

# Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface.
[ASBR-PE2] interface POS 4/1/1
[ASBR-PE2-POS4/1/1] clock master
[ASBR-PE2-POS4/1/1] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-POS4/1/1] isis enable 1
[ASBR-PE2-POS4/1/1] mpls
[ASBR-PE2-POS4/1/1] mpls ldp
[ASBR-PE2-POS4/1/1] quit

# Configure interface Loopback 0 and start IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit

# Configure interface POS 4/1/2 and enable MPLS on it.
[ASBR-PE2] interface POS 4/1/2
[ASBR-PE2-POS4/1/2] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-POS4/1/2] mpls
[ASBR-PE2-POS4/1/2] quit

# Create routing policies.
[ASBR-PE2] route-policy policy1 permit node 1
[ASBR-PE2-route-policy1] apply mpls-label
[ASBR-PE2-route-policy1] quit
[ASBR-PE2] route-policy policy2 permit node 1
[ASBR-PE2-route-policy2] if-match mpls-label
[ASBR-PE2-route-policy2] apply mpls-label
[ASBR-PE2-route-policy2] quit

# Start BGP on ASBR-PE 2 and redistribute routes from IS-IS process 1.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp] import-route isis 1

# Configure the capability to advertise labeled routes to IBGP peer 5.5.5.9 and to receive labeled
routes from the peer.
[ASBR-PE2-bgp] peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0
[ASBR-PE2-bgp] peer 5.5.5.9 label-route-capability

314

# Use routing policy policy2 to filter routes advertised to IBGP peer 5.5.5.9.
[ASBR-PE2-bgp] peer 5.5.5.9 route-policy policy2 export

# Use routing policy policy1 to filter routes advertised to EBGP peer 11.0.0.2.
[ASBR-PE2-bgp] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export

# Configure the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive
labeled routes from the peer.
[ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability
[ASBR-PE2-bgp] quit

4.

Configure PE 2
# Start IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] network-entity 10.1111.1111.1111.1111.00
[PE2-isis-1] quit

# Configure LSR ID, enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls
[PE2-mpls] label advertise non-null
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit

# Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface.
[PE2] interface POS 4/1/1
[PE2-POS4/1/1] ip address 9.1.1.2 255.0.0.0
[PE2-POS4/1/1] isis enable 1
[PE2-POS4/1/1] mpls
[PE2-POS4/1/1] mpls ldp
[PE2-POS4/1/1] quit

# Configure interface Loopback 0 and start IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit

# Create VPN instance vpn1 and configure the RD and VPN target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 11:11
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1] quit

# Configure interface Loopback 1 and bind the interface to VPN instance vpn1.
[PE2] interface loopback 1
[PE2-LoopBack1] ip binding vpn-instance vpn1
[PE2-LoopBack1] ip address 20.0.0.1 32
[PE2-LoopBack1] quit

# Start BGP on PE 2.
315

[PE2] bgp 600

# Configure the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled
routes from the peer.
[PE2-bgp] peer 4.4.4.9 as-number 600
[PE2-bgp] peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp] peer 4.4.4.9 label-route-capability

# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.
[PE2-bgp] peer 2.2.2.9 as-number 100
[PE2-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10

# Configure peer 2.2.2.9 as a VPNv4 peer.
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE2-bgp-af-vpnv4] quit

# Redistribute direct routes to the routing table of vpn1.
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
[PE2-bgp] quit

After you complete the configurations, PE 1 and PE 2 can ping each other:
[PE2] ping –vpn-instance vpn1 30.0.0.1
[PE1] ping –vpn-instance vpn1 20.0.0.1

Configuring carrier’s carrier
Network requirements
Configure carrier’s carrier for the scenario shown in Figure 80. In this scenario:

PE 1 and PE 2 are the provider carrier’s PE routers. They provide VPN services for the customer
carrier.

CE 1 and CE 2 are the customer carrier’s routers. They are connected to the provider carrier’s
backbone as CE routers.

PE 3 and PE 4 are the customer carrier’s PE routers. They provide MPLS L3VPN services for the end
customers.

CE 3 and CE 4 are customers of the customer carrier.

The key to carrier’s carrier deployment is to configure exchange of two kinds of routes:

Exchange of the customer carrier’s internal routes on the provider carrier’s backbone.

Exchange of the end customers’ VPN routes between PE 3 and PE 4, the PEs of the customer carrier.
In this process, an MP-IBGP peer relationship must be established between PE 3 and PE 4.

316

Figure 80 Network diagram

Device

Interface

IP address

Device

Interface

IP address

CE 3

GE4/1/1

100.1.1.1/24

CE 4

GE4/1/1

120.1.1.1/24

PE 3

Loop0

1.1.1.9/32

PE 4

Loop0

6.6.6.9/32

CE 1

PE 1

GE4/1/1

100.1.1.2/24

GE4/1/1

120.1.1.2/24

POS2/1/2

10.1.1.1/24

POS2/1/2

20.1.1.2/24

Loop0

2.2.2.9/32

Loop0

5.5.5.9/32

POS2/1/1

10.1.1.2/24

POS2/1/1

21.1.1.2/24

POS2/1/2

11.1.1.1/24

POS2/1/2

20.1.1.1/24

CE 2

Loop0

3.3.3.9/32

Loop0

4.4.4.9/32

POS2/1/1

11.1.1.2/24

PE 2

POS2/1/1

30.1.1.2/24

POS2/1/2

30.1.1.1/24

POS2/1/2

21.1.1.1/24

Configuration procedure
1.

Configure MPLS L3VPN on the provider carrier backbone: start IS-IS as the IGP, enable LDP
between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs
# Configure PE 1.
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 3.3.3.9 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 3.3.3.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0004.00
[PE1-isis-1] quit
[PE1] interface loopback 0
[PE1-LoopBack0] isis enable 1

317

[PE1-LoopBack0] quit
[PE1] interface POS 2/1/2
[PE1-POS2/1/2] ip address 30.1.1.1 24
[PE1-POS2/1/2] isis enable 1
[PE1-POS2/1/2] mpls
[PE1-POS2/1/2] mpls ldp
[PE1-POS2/1/2] mpls ldp transport-address interface
[PE1-POS2/1/2] quit
[PE1] bgp 100
[PE1-bgp] peer 4.4.4.9 as-number 100
[PE1-bgp] peer 4.4.4.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 4.4.4.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit

NOTE:
The configurations for PE 2 are similar to those for PE 1. (Details not shown)
After completing the configurations, issue the display mpls ldp session command on PE 1 or PE 2;
the output shows that the LDP session has been successfully established. Issue the display bgp peer
command; the output shows that the BGP peer relationship has been established and has reached
the Established state. Issue the display isis peer command; the output shows that the IS-IS neighbor
relationship has been set up. Take PE 1 as an example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
---------------------------------------------------------------Peer-ID

Status

LAM

SsnRole

FT

MD5

KA-Sent/Rcv

---------------------------------------------------------------4.4.4.9:0

Operational

DU

Active

Off

Off

378/378

---------------------------------------------------------------LAM : Label Advertisement Mode

FT

: Fault Tolerance

[PE1] display bgp peer
BGP local router ID : 3.3.3.9
Local AS number : 100
Total number of peers : 1
Peer
4.4.4.9

Peers in established state : 1

AS

MsgRcvd

MsgSent

OutQ

PrefRcv

100

162

145

0

0

Up/Down

State

02:12:47 Established

[PE1] display isis peer
Peer information for ISIS(1)
---------------------------System Id

Interface

0000.0000.0005 POS2/1/2

2.

Circuit Id
001

State HoldTime Type
Up

29s

L1L2

PRI
--

Configure the customer carrier network: start IS-IS as the IGP and enable LDP between PE 3 and CE
1, and between PE 4 and CE 2 respectively
# Configure PE 3.
<PE3> system-view
[PE3] interface loopback 0

318

[PE3-LoopBack0] ip address 1.1.1.9 32
[PE3-LoopBack0] quit
[PE3] mpls lsr-id 1.1.1.9
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] isis 2
[PE3-isis-2] network-entity 10.0000.0000.0000.0001.00
[PE3-isis-2] quit
[PE3] interface loopback 0
[PE3-LoopBack0] isis enable 2
[PE3-LoopBack0] quit
[PE3] interface POS 2/1/2
[PE3-POS2/1/2] ip address 10.1.1.1 24
[PE3-POS2/1/2] isis enable 2
[PE3-POS2/1/2] mpls
[PE3-POS2/1/2] mpls ldp
[PE3-POS2/1/2] mpls ldp transport-address interface
[PE3-POS2/1/2] quit

# Configure CE 1.
<CE1> system-view
[CE1] interface loopback 0
[CE1-LoopBack0] ip address 2.2.2.9 32
[CE1-LoopBack0] quit
[CE1] mpls lsr-id 2.2.2.9
[CE1] mpls
[CE1-mpls] quit
[CE1] mpls ldp
[CE1-mpls-ldp] quit
[CE1] isis 2
[CE1-isis-2] network-entity 10.0000.0000.0000.0002.00
[CE1-isis-2] quit
[CE1] interface loopback 0
[CE1-LoopBack0] isis enable 2
[CE1-LoopBack0] quit
[CE1] interface pos2/1/1
[CE1-POS2/1/1] ip address 10.1.1.2 24
[CE1-POS2/1/1] isis enable 2
[CE1-POS2/1/1] mpls
[CE1-POS2/1/1] mpls ldp
[CE1-POS2/1/1] mpls ldp transport-address interface
[CE1-POS2/1/1] quit

After you complete the configurations, PE 3 and CE 1 can establish an LDP session and IS-IS neighbor
relationship between them.
NOTE:
The configurations for PE 4 and CE 2 are similar to those for PE 3 and CE 1. (Details not shown)
319

2 24 [PE1-POS2/1/1] isis enable 2 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] mpls ldp transport-address interface [PE1-POS2/1/1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import isis 2 [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1.1 24 [CE1-POS2/1/2] isis enable 2 [CE1-POS2/1/2] mpls [CE1-POS2/1/2] mpls ldp [CE1-POS2/1/2] mpls ldp transport-address interface [CE1-POS2/1/2] quit After you complete the configurations. and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs.1. # Configure PE 1.1.0000.0000.1 24 [CE3-GigabitEthernet4/1/1] quit [CE3] bgp 65410 320 .1. Perform configuration to allow CEs of the customer carrier to access PEs of the provider carrier.0003. # Configure CE 3.1.3.1. Perform configuration to connect CEs of the end customers to the PEs of the customer carrier.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] ip binding vpn-instance vpn1 [PE1-POS2/1/1] ip address 11. NOTE: The configurations for PE 2 and CE 2 are similar to those for PE 1 and CE 1.1. [CE1] interface POS 2/1/2 [CE1-POS2/1/2] ip address 11. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000. <CE3> system-view [CE3] interface GigabitEthernet 4/1/1 [CE3-GigabitEthernet4/1/1] ip address 100. (Details not shown) 4. PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.

1.6.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit [PE3-bgp] quit NOTE: The configurations for PE 4 and CE 4 are similar to those for PE 3 and CE 3. [PE3] bgp 100 [PE3-bgp] peer 6.2 as-number 100 [CE3-bgp] import-route direct [CE3-bgp] quit # Configure PE 3. Verify your configurations After completing all the configurations. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 3.9/32 30.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 127.4.6.6.1.9 enable [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit NOTE: The configurations for PE 4 are similar to those for PE 3.1.0.1. Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers # Configure PE 3.1.6.4.1.1. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface GigabitEthernet 4/1/1 [PE3-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet4/1/1] ip address 100. (Details not shown) 5.9/32 4.1.6.1 InLoop0 15 321 .1.9 as-number 100 [PE3-bgp] peer 6. (Details not shown) 6.3.3.9 connect-interface loopback 0 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 6.1. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2.0.1.2 24 [PE3-GigabitEthernet4/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 100. issue the display ip routing-table command on PE 1 and PE 2.1.0/24 30.2 POS2/1/2 Direct 0 0 30.0.[CE3-bgp] peer 100.6.1.1 InLoop0 ISIS 10 30.0.1.1 POS2/1/2 Direct 0 0 127.

1.1/32 Direct 0 0 127.2 POS2/1/2 6.1.1 InLoop0 11.1 InLoop0 Issue the display ip routing-table vpn-instance command on PE 1 and PE 2. Take PE 3 as an example: [PE3] display ip routing-table Routing Tables: Public 322 .1.6.1.1.2/32 Direct 0 0 11.2 POS2/1/2 20.9 NULL0 10.0/24 BGP 255 0 4.6.1 InLoop0 127.1.2.1.4.9/32 ISIS 15 20 11.1.0.1.0.0.1 POS2/1/1 10.2 POS2/1/2 127. Take CE 1 as an example: [CE1] display ip routing-table Routing Tables: Public Destinations : 16 Routes : 16 Destination/Mask Proto Pre Cost NextHop Interface 1.4.1.1.0/24 Direct 0 0 11.0/24 ISIS 15 74 11.9 NULL0 21.1.0/24 Direct 0 0 10.1.1.1.0.1.1.2 POS2/1/1 20.30.1.2 POS2/1/2 10.2 POS2/1/1 2.0.0.1.9 NULL0 21.0/24 ISIS 15 20 11.1.4.1 POS2/1/1 2.1.1.1.1 InLoop0 5.1/32 Direct 0 0 127.0/8 Direct 0 0 127.0.1.1 InLoop0 11.1.9/32 ISIS 15 74 11.1.4.2 POS2/1/1 10.1.1.0.1.9 NULL0 6.5.0/8 Direct 0 0 127.2.1.1.2/32 ISIS 15 74 11.1.1. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.1 POS2/1/2 11.5. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.1.1.1.6.9/32 BGP 255 0 4.1.9/32 BGP 255 0 4.0.9/32 Direct 0 0 127.2/32 Direct 0 0 11.4.5.1 InLoop0 11.1/32 Direct 0 0 127.2/32 Direct 0 0 127.0.1.0.1.1.1.2.1.4.1.0.1.2 POS2/1/2 21.2/32 BGP 255 0 4.1.1.1.0.1.0/24 Direct 0 0 11.2 POS2/1/2 21.1.1.0/24 BGP 255 0 4.1 InLoop0 127.1 POS2/1/1 11.1.1 POS2/1/1 11.1.0. but the VPN routes that the customer carrier maintains are not.1.1.1 InLoop0 Issue the display ip routing-table command on PE 3 and PE 4.0.1.4.0.1/32 Direct 0 0 127.5.1.1/32 Direct 0 0 10.0.0.9 NULL0 Issue the display ip routing-table command on CE 1 and CE 2.1.1.9/32 ISIS 15 10 10.4.0.1 POS2/1/1 5.9/32 ISIS 15 74 11.1.4. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost NextHop Interface 1.1.2.0.1.6.1.0.1.1.1.0.1. but the VPN routes that the customer carrier maintains are not.4.1. The output shows that the internal routes of the customer carrier network are present in the VPN routing tables.1.0.0.1.2/32 Direct 0 0 30.9/32 ISIS 15 10 11.2 POS2/1/2 127.1.0/24 ISIS 15 74 11.

2 POS2/1/2 127.1.2/32 ISIS 15 84 10.1.1.1. Take PE 3 as an example: [PE3] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 3 Destination/Mask Proto 100.2 POS2/1/2 21.0.1.1/32 Direct 0 0 127.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.2: bytes=56 Sequence=1 ttl=252 time=127 ms Reply from 20.6.1.1.1.6.0.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.1.2: bytes=56 Sequence=5 ttl=252 time=60 ms --.1.1.1.0/24 ISIS 15 84 10.1.1 InLoop0 ISIS 15 10 10.1.9/32 Routes : 11 Pre Cost NextHop Interface Direct 0 0 127.1.1.1.0.0.1 InLoop0 BGP 0 6.1.2 POS2/1/2 11.1.1.1.2: 56 data bytes.1.0/24 ISIS 15 20 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.2 GE4/1/1 Direct 0 0 127.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120. The output shows that the routes of the remote VPN customers are present in the VPN routing tables. press CTRL_C to break Reply from 120.1.2: bytes=56 Sequence=3 ttl=252 time=83 ms Reply from 20.1.1.2/32 120.0.1.0/24 100.0/24 ISIS 15 84 10. press CTRL_C to break Reply from 20.1.1.20.1.1.1.9 NULL0 255 PE 3 and PE 4 can ping each other: [PE3] ping 20.0.2: bytes=56 Sequence=4 ttl=252 time=70 ms Reply from 20.0.2/32 Direct 0 0 10.1.1.0.0.6.1.1.1 PING 120.5.2 POS2/1/2 5.0.2 POS2/1/2 21.1.0/8 Direct 0 0 127.1 POS2/1/2 10.1.1.9/32 ISIS 15 84 10.2 PING 20.1.2 POS2/1/2 10.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.1.1.1.1.1/32 Direct 0 0 127.Destinations : 11 Destination/Mask Proto 1.2 POS2/1/2 20.1.1.1.0.1: bytes=56 Sequence=5 ttl=252 time=87 ms 323 .1 InLoop0 Issue the display ip routing-table vpn-instance command on PE 3 and PE 4.1.1.1.00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping 120.1.1.9/32 ISIS 15 84 10.1.1.0.5.0.0.1.0/24 Direct 0 0 10.1.2.1: 56 data bytes.9/32 2.1.6.2: bytes=56 Sequence=2 ttl=252 time=97 ms Reply from 20.1.1.1 InLoop0 10.1.1 InLoop0 127.1.1.2 POS2/1/2 6.1.2.1.0/24 Routes : 3 Pre Cost NextHop Interface Direct 0 0 100.1.1.1.

1. Both of them support MPLS L3VPN. and then forwards the VPNv4 route as usual.00% packet loss round-trip min/avg/max = 69/90/105 ms Configuring nested VPN Network requirements The service provider provides nested VPN services for users. which is described as follows: • When receiving a VPNv4 route from a CE (CE 1 or CE 2 in this example).120.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.9/32 POS5/1/1 10. adds the export target attribute of the MPLS VPN on the service provider network to the extended community attribute list. • PE 3 and PE 4 are PE devices of the customer VPN.1.1. Both of them support VPNv4 routes.1.1/24 POS5/1/2 20.1.1. • CE 1 and CE 2 are connected to the service provider backbone.2. Both of them support the nested VPN function.9/32 CE 2 Loop0 5.1.1. Figure 81 Network diagram Device Interface IP address Device Interface IP address CE 1 Loop0 2. as shown in Figure 81. MP-EBGP peers should be established between service provider PEs and customer CEs. • To implement exchange of sub-VPN routes between customer PEs and service provider PEs.5. a service provider PE replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider network where the CE resides.5.--. • CE 3 through CE 6 are CE devices of sub-VPNs for the customer VPN.2/24 POS5/1/2 11.1/24 324 .2.1. where: • PE 1 and PE 2 are PE devices on the service provider backbone.1.2/24 POS5/1/1 21. The key of nested VPN configuration is to understand the processing of routes of sub-VPNs on the service provider PEs.

9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.1.1. 325 .4.9/32 GE3/1/1 100.2/24 PE 4 GE3/1/1 120.1/24 POS5/1/2 20.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 5/1/2 [PE1-POS5/1/2] ip address 30.1.1 24 [PE1-POS5/1/2] isis enable 1 [PE1-POS5/1/2] mpls [PE1-POS5/1/2] mpls ldp [PE1-POS5/1/2] mpls ldp transport-address interface [PE1-POS5/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.9/32 PE 2 Loop0 4.1.1.1/24 PE 1 Loop0 3.1.1.1.2/24 POS5/1/1 30.0000.4.1.2/24 Configuration procedure 1.9 as-number 100 [PE1-bgp] peer 4.1.2/24 POS5/1/2 10.2/24 GE3/1/2 110.1.CE 3 GE3/1/1 100.1/24 PE 3 Loop0 1.1.1.1.1.1.9/32 POS5/1/1 11.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit NOTE: Configurations on PE 2 are similar to those on PE 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.6.3.3.4. and enabling LDP and establishing MP-IBGP peer relationship between PE 1 and PE 2.1.4.1.4.3.1.1.1.1.9/32 Loop0 6.1.3.6.1/24 POS5/1/2 21.1. # Configure PE 1. and are thus omitted here.4.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.1.0004. Configure MPLS L3VPN on the service provider backbone.1/24 CE 4 GE3/1/1 120.3.1.1.1.0000.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10. using IS-IS as the IGP protocol.0000.2/24 GE3/1/2 130.1.1/24 CE 6 GE3/1/1 130.2/24 POS5/1/2 30.1.1.4.1.1/24 CE 5 GE3/1/1 110.

1. display bgp peer and display isis peer respectively on either PE 1 or PE 2. and the IS-IS neighbor relationship is established and up.0000.3.1. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.3.0000.0000.9 Peers in established state : 1 AS MsgRcvd MsgSent OutQ PrefRcv 100 162 145 0 0 Up/Down State 02:12:47 Established [PE1] display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id 0000. The output shows that the LDP session is established.0005 POS5/1/1 2.1.4. # Configure PE 3.After completing the configurations.0000.9 Local AS number : 100 Total number of peers : 1 Peer 4.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.0001. execute commands display mpls ldp session. [PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ---------------------------------------------------------------4. and between PE 4 and CE 2.1 24 [PE3-POS5/1/2] isis enable 2 [PE3-POS5/1/2] mpls [PE3-POS5/1/2] mpls ldp [PE3-POS5/1/2] quit 326 .1.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface pos 5/1/2 [PE3-POS5/1/2] ip address 10.4.9:0 Operational DU Active Off Off 378/378 ---------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10. 001 State HoldTime Type Up 29s L1L2 PRI -- Configure the customer VPN.4. The following takes PE 1 for illustration. the BGP peer relationship is established and in Established state. using IS-IS as the IGP protocol and enabling LDP between PE 3 and CE 1.4.1.

1.1.2.0002.2.9 [CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.# Configure CE 1. <CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.1.1. [CE1] interface pos 5/1/2 [CE1-POS5/1/2] ip address 11.0000.2 24 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 11.2.1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip binding vpn-instance vpn1 [PE1-POS5/1/1] ip address 11.2 24 [CE1-POS5/1/1] isis enable 2 [CE1-POS5/1/1] mpls [CE1-POS5/1/1] mpls ldp [CE1-POS5/1/1] quit After the configurations.1.1.0000.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface pos 5/1/1 [CE1-POS5/1/1] ip address 10.1 as-number 200 [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1. Connect CE 1 and CE 2 to service provider PEs.0000.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.1. LDP and IS-IS neighbor relationship can be established between PE 3 and CE 1.1 24 327 . and are thus omitted here. 3. # Configure PE 1. NOTE: Configurations on PE 4 and CE 2 are similar to those on PE 3 and CE 1 respectively.

1 24 [CE3-GigabitEthernet3/1/1] quit [CE3] bgp 65410 [CE3-bgp] peer 100.1. <CE5> system-view [CE5] interface GigabitEthernet 3/1/1 [CE5-GigabitEthernet3/1/1] ip address 110.1.2 24 [PE3-GigabitEthernet3/1/1] quit [PE3] ip vpn-instance SUB_VPN2 [PE3-vpn-instance-SUB_VPN2] route-distinguisher 101:1 [PE3-vpn-instance-SUB_VPN2] vpn-target 2:2 [PE3-vpn-instance-SUB_VPN2] quit [PE3] interface GigabitEthernet 3/1/2 [PE3-GigabitEthernet3/1/2] ip binding vpn-instance SUB_VPN2 [PE3-GigabitEthernet3/1/2] ip address 110. [PE3] ip vpn-instance SUB_VPN1 [PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1 [PE3-vpn-instance-SUB_VPN1] vpn-target 2:1 [PE3-vpn-instance-SUB_VPN1] quit [PE3] interface GigabitEthernet 3/1/1 [PE3-GigabitEthernet3/1/1] ip binding vpn-instance SUB_VPN1 [PE3-GigabitEthernet3/1/1] ip address 100.1.2 as-number 200 [CE3-bgp] import-route direct [CE3-bgp] quit # Configure CE 5. <CE3> system-view [CE3] interface GigabitEthernet 3/1/1 [CE3-GigabitEthernet3/1/1] ip address 100.1 24 [CE5-GigabitEthernet3/1/1] quit [CE5] bgp 65411 [CE5-bgp] peer 110. and are thus omitted here.1.1.1.1.1. # Configure CE 3.2 as-number 100 [CE1-bgp] import isis 2 [CE1-bgp] quit NOTE: Configurations on PE 2 and CE 2 are similar to those on PE 1 and CE 1 respectively.1.1.2 as-number 200 [CE5-bgp] import-route direct [CE5-bgp] quit # Configure PE 3. Connect sub-VPN CEs to the customer VPN PEs.2 24 [PE3-GigabitEthernet3/1/2] quit [PE3] bgp 100 328 .1.1.1.1. 4.[CE1-POS5/1/2] mpls [CE1-POS5/1/2] quit [CE1] bgp 200 [CE1-bgp] peer 11.

1.1. [CE1] bgp 200 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 11. enabling nested VPN.1.2.2.1.1.9 as-number 200 [PE3-bgp] peer 2.1.2.9 connect-interface loopback 0 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 2.1 vpn-instance vpn1 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure CE 1.1.2 allow-as-loop 2 # Receive all VPNv4 routes. and are thus omitted here. Establish MP-EBGP peer relationship between service provider PEs and their CEs to exchange user VPNv4 routes.1 as-number 65411 [PE3-bgp-SUB_VPN2] import-route direct [PE3-bgp-SUB_VPN2] quit [PE3-bgp] quit NOTE: Configurations on PE 4.1. CE 3 and CE 5 respectively.2.2. enabling VPNv4 capability and establishing VPNv4 neighbor relationship between CE 1 and PE 1. 6.9 enable 329 . [PE1] bgp 100 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] nesting-vpn [PE1-bgp-af-vpnv4] peer 11. [PE3] bgp 200 [PE3-bgp] peer 2.1 as-number 65410 [PE3-bgp-SUB_VPN1] import-route direct [PE3-bgp-SUB_VPN1] quit [PE3-bgp] ipv4-family vpn-instance SUB_VPN2 [PE3-bgp-SUB_VPN2] peer 110. 5. [CE1-bgp-af-vpnv4] peer 11. # Configure PE 1. Establish MP-IBGP peer relationship between sub-VPN PEs and CEs of the customer VPN to exchange VPNv4 routes of sub-VPNs.[PE3-bgp] ipv4-family vpn-instance SUB_VPN1 [PE3-bgp-SUB_VPN1] peer 100.1. [CE1-bgp-af-vpnv4] undo policy vpn-target [CE1-bgp-af-vpnv4] quit [CE1-bgp] quit NOTE: Configurations on PE 2 and CE 2 are similar to those on PE 1 and CE 1 respectively. # Configure PE 3.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received.2. CE 4 and CE 6 are similar to those on PE 3. and are thus omitted here.1.

4.1. 7.1 InLoop0 ISIS 10 30.1. [PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 3.0.1.1.1.9 allow-as-loop 2 [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit # Configure CE 1.1.0. [CE1] bgp 200 [CE1-bgp] peer 1.# Allow the local AS number to appear in the AS-PATH attribute of the routes received.0. execute the display ip routing-table command on PE 1 and PE 2 to verify that the public routing tables contain only routes on the service provider network.1 NULL0 110.1 POS5/1/2 Direct 0 0 127.1.3.1. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 9 Destination/Mask Proto 11.1.1.2 POS5/1/1 100. [PE3-bgp-af-vpnv4] peer 2. The following takes PE 1 for illustration.1.9/32 30.9 enable [CE1-bgp-af-vpnv4] undo policy vpn-target [CE1-bgp-af-vpnv4] quit [CE1-bgp] quit NOTE: Configurations on PE 4 and CE 2 are similar to those on PE 3 and CE 1 respectively.2/32 Direct 0 0 11.0.1.1.1.4.1.0.9 as-number 200 [CE1-bgp] peer 1.0.0.9 connect-interface loopback 0 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 1.2.1.3.1 InLoop0 15 Execute the display ip routing-table vpn-instance command on PE 1 and PE 2 to verify that the VPN routing tables contain sub-VPN routes.0.1.2 POS5/1/2 127.1 InLoop0 30.1.1 InLoop0 11.1.1.1/32 Direct 0 0 127.2. The following takes PE 1 for illustration.1.1.1/32 Routes : 9 Pre Cost NextHop Interface Direct 0 0 11. Verify the configurations.1.0/8 Direct 0 0 127.0/24 BGP 255 0 11.0.0/24 BGP 255 0 11.1.0.1.1.0.0.1 NULL0 330 .0/24 11.1 POS5/1/1 Direct 0 0 127.1.1.1.1.1. and are thus omitted here.1.1 InLoop0 127. After completing all the configurations.2/32 Direct 0 0 30.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 127.2 POS5/1/2 Direct 0 0 30.1.0/24 30.0.9/32 4.1.1.0.1.

331 .11.0/24 BGP 0 4. e .0.9 NULL0 255 Execute the display bgp vpnv4 all routing-table command on CE 1 and CE 2 to verify that the VPNv4 routing tables on the customer VPN contain internal sub-VPN routes.9 1025/1025 Route Distinguisher: 200:1 Network NextHop In/Out Label * > 120.suppressed.1 InLoop0 130.VPN best.11 Status codes: * .IGP. The following takes CE 1 for illustration.9 1024/1024 MED LocPrf MED LocPrf MED LocPrf MED LocPrf MED LocPrf Route Distinguisher: 101:1 *^ Network NextHop In/Out Label 100.4.4. ? . s .0. h .0.1.1. i .11.1 InLoop0 127.9 1024/1024 Route Distinguisher: 101:1 Network NextHop In/Out Label * > 110.2 1026/1027 Route Distinguisher: 201:1 Network NextHop In/Out Label * > 130.1/32 Direct 0 0 127.1.best. > .2 1027/1028 Execute the display ip routing-table vpn-instance SUB_VPN1 command on PE 3 and PE 4 to verify that the VPN routing tables contain routes sent by provider PEs to sub-VPNs. The following takes PE 3 for illustration.0/24 BGP 0 4.1.0.0/24 11.valid.1.history.1.1.1.4.incomplete Total number of routes from all PE: 4 Route Distinguisher: 100:1 *> Network NextHop In/Out Label 100.internal.1. d .0/24 11.1.0/24 1.0.1.EGP.0.1.1.120.Stale Origin : i .0/24 1.4.1.1. [CE1] display bgp vpnv4 all routing-table BGP Local router ID is 11.1.1.0.1.0/24 1.1.0/8 Direct 0 255 0 127.damped. ^ .9 NULL0 127.1.1.1.1.0.1. S .

1 InLoop0 127.1/32 Direct 0 0 127.1.0. The following takes CE 3 for illustration.1.1.1 InLoop0 127.1/32 Direct 0 0 127.1.0.0. [CE5] display ip routing-table Routing Tables: Public Destinations : 5 Destination/Mask Proto 110.1.0/24 BGP 0 2.0.0/24 100.1.1.1 GE3/1/1 Direct 0 0 127.0.0.0.1.1.1 PING 120.0.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.1.1.1/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 100.1.0.0.2.0. The following takes CE5 for illustration. [CE3] ping 120.0.0.1.1.0.0.1.1.0.120.0/24 110.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.2 GE3/1/1 255 CE 3 and CE 4 can ping each other successfully.1.1.1 InLoop0 255 Execute the display ip routing-table command on CE 3 and CE 4 to verify that the routing tables contain routes of remote sub-VPNs.1.1 InLoop0 127.0.1: 56 data bytes.0.0.1 ping statistics --5 packet(s) transmitted 332 .0.0.0/8 Direct 0 0 127.1. press CTRL_C to break Reply from 120.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.2/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 100.1.0.2.0.1.1.1 InLoop0 255 Execute the display ip routing-table command on CE 5 and CE 6 to verify that the routing tables contain routes of remote sub-VPNs.1.0.1 InLoop0 130.1.1 GE3/1/1 Direct 0 0 127.1/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 110.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120.1.0.0/24 BGP 0 100.1.1.1 InLoop0 120.2 GE3/1/1 Direct 0 0 127.1.1.2 GE3/1/1 127.0/24 100.1.1.1.1.0.0/8 Direct 0 0 127.1: bytes=56 Sequence=5 ttl=252 time=87 ms --.1.0.0.1.1 InLoop0 127.9 NULL0 127.0/8 Direct 0 0 127.1.1/32 Direct 0 0 127.1.[PE3] display ip routing-table vpn-instance SUB_VPN1 Routing Tables: SUB_VPN1 Destinations : 5 Destination/Mask Proto 100.0.1.1.1 InLoop0 120.0/24 BGP 0 110.1.0.1. [CE3] display ip routing-table Routing Tables: Public Destinations : 5 Destination/Mask Proto 100.

1 PING 130.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.130.1.1. • Performance requirements for the UPEs are lower than those for the SPEs.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 130.1: bytes=56 Sequence=5 ttl=252 time=87 ms --.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 130.1.130.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 130.00% packet loss Configuring HoVPN Network requirements There are two levels of networks. [CE3] ping 130.1. [CE5] ping 130. • SPEs act as PEs to allow MPLS VPNs to access the backbone.00% packet loss round-trip min/avg/max = 69/90/105 ms CE 3 and CE 6 cannot ping each other.1. 333 .5 packet(s) received 0.1.1.1. permitting CE 1 and CE 3 in VPN 1 to communicate with each other and forbidding CE 2 and CE 4 in VPN 2 to communicate with each other.1.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 130. press CTRL_C to break Reply from 130.1. as shown in Figure 82.1 PING 130.1.1.1. press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --. the backbone and the MPLS VPN networks. • SPEs advertise routes permitted by the routing policies to UPEs.1: 56 data bytes. • UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.1.1.1.00% packet loss round-trip min/avg/max = 69/90/105 ms CE 5 and CE 6 can ping each other successfully.1: 56 data bytes.1.

1.2.3.1.2/24 GE4/1/2 10.2/24 SPE 2 Configuration procedure 1.2/24 GE4/1/3 172.9/32 Loop0 4.1.3.1.1.1/24 GE4/1/2 10.1/24 GE4/1/3 10.2.9/32 GE4/1/1 172.1.2/24 GE4/1/2 180.1.Figure 82 Network diagram Loop0 Loop0 GE4/1/2 GE4/1/1 SPE 1 Loop0 GE4/1/1 GE4/1/3 SPE 2 GE4/1/2 GE4/1/1 AS 100 UPE 1 UPE 2 GE4/1/2 GE4/1/1 VPN 1 GE4/1/2 VPN 2 GE4/1/1 GE4/1/1 CE 2 AS 65420 GE4/1/3 VPN 1 GE4/1/1 CE 1 AS 65410 Loop0 VPN 2 GE4/1/1 CE 3 AS 65430 Device Interface CE 1 GE4/1/1 10.1. IP address Configure UPE 1 # Configure basic MPLS and MPLS LDP to establish LDP LSPs.2.4.1.1.1.2.9/32 Loop0 3.4.2.1.1/24 CE 2 GE4/1/1 10.2.3.1.1. [UPE1] ospf [UPE1-ospf-1] area 0 334 .1/24 UPE 2 UPE 1 SPE 1 IP address Device CE 4 AS 65440 Interface Loop0 1.1.1. OSPF.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1/24 CE 3 GE4/1/1 10.3.1.1.1.9/32 GE4/1/1 10.4.1/24 GE4/1/2 172.1. for example.1.1.1.1.2/24 GE4/1/1 180.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface GigabitEthernet 4/1/3 [UPE1-GigabitEthernet4/1/3] ip address 172. <UPE1> system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.2/24 Loop0 2.2/24 GE4/1/1 172.1.4.1 24 [UPE1-GigabitEthernet4/1/3] mpls [UPE1-GigabitEthernet4/1/3] mpls ldp [UPE1-GigabitEthernet4/1/3] quit # Configure the IGP protocol.1.1/24 CE 4 GE4/1/1 10.1.1.

2. allowing CE 1 and CE 2 to access UPE 1. [UPE1] ip vpn-instance vpn1 [UPE1-vpn-instance-vpn1] route-distinguisher 100:1 [UPE1-vpn-instance-vpn1] vpn-target 100:1 both [UPE1-vpn-instance-vpn1] quit [UPE1] ip vpn-instance vpn2 [UPE1-vpn-instance-vpn2] route-distinguisher 100:2 [UPE1-vpn-instance-vpn2] vpn-target 100:2 both [UPE1-vpn-instance-vpn2] quit [UPE1] interface GigabitEthernet 4/1/1 [UPE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [UPE1-GigabitEthernet4/1/1] ip address 10.9 connect-interface loopback 0 [UPE1-bgp] ipv4-family vpnv4 [UPE1-bgp-af-vpnv4] peer 2.2.0] network 172. Configure CE 2 <CE2> system-view 335 .2.0.2.1 255.2.0 [UPE1-ospf-1-area-0.0.1.1.0.1.1.0 0.[UPE1-ospf-1-area-0.2 as-number 100 [CE1-bgp] import-route direct [CE1] quit 3.4.1.2 24 [UPE1-GigabitEthernet4/1/1] quit [UPE1] interface GigabitEthernet 4/1/2 [UPE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 [UPE1-GigabitEthernet4/1/2] ip address 10.1.9 enable [UPE1-bgp-af-vpnv4] quit [UPE1-bgp] ipv4-family vpn-instance vpn1 [UPE1-bgp-vpn1] peer 10.0 [CE1-GigabitEthernet4/1/1] quit [CE1] bgp 65410 [CE1-bgp] peer 10.1 as-number 65420 [UPE1-bgp-vpn1] import-route direct [UPE1-bgp-vpn1] quit [UPE1-bgp] quit 2.2.1.2.1 as-number 65410 [UPE1-bgp-vpn1] import-route direct [UPE1-bgp-vpn1] quit [UPE1-bgp] ipv4-family vpn-instance vpn2 [UPE1-bgp-vpn1] peer 10.255.0.1.0] quit [UPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2.0] network 1.1. [UPE1] bgp 100 [UPE1-bgp] peer 2.0.0.0.0.2.9 as-number 100 [UPE1-bgp] peer 2.0.9 0.0.2.4.2. Configure CE 1 <CE1> system-view [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 10.255.255 [UPE1-ospf-1-area-0.2 24 [UPE1-GigabitEthernet4/1/2] quit # Configure UPE 1 to establish MP-IBGP peer relationship with SPE 1 and to inject VPN routes.1.

2 24 [UPE2-GigabitEthernet4/1/3] quit 336 .4.4.0.255 [UPE2-ospf-1-area-0.0 0.0.4.0 [CE2-GigabitEthernet4/1/1] quit [CE2] bgp 65420 [CE2-bgp] peer 10.9 32 [UPE2-LoopBack0] quit [UPE2] mpls lsr-id 4.0 [UPE2-ospf-1-area-0. [UPE2] ip vpn-instance vpn1 [UPE2-vpn-instance-vpn1] route-distinguisher 300:1 [UPE2-vpn-instance-vpn1] vpn-target 100:1 both [UPE2-vpn-instance-vpn1] quit [UPE2] ip vpn-instance vpn2 [UPE2-vpn-instance-vpn2] route-distinguisher 400:2 [UPE2-vpn-instance-vpn2] vpn-target 100:2 both [UPE2-vpn-instance-vpn2] quit [UPE2] interface GigabitEthernet 4/1/2 [UPE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn1 [UPE2-GigabitEthernet4/1/2] ip address 10.2. <UPE2> system-view [UPE2] interface loopback 0 [UPE2-LoopBack0] ip address 4.0.0] network 4.0.1.[CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 10.0.0.0.9 [UPE2] mpls [UPE2-mpls] quit [UPE2] mpls ldp [UPE2-mpls-ldp] quit [UPE2] interface GigabitEthernet 4/1/1 [UPE2-GigabitEthernet4/1/1] ip address 172.4. OSPF.1.2 24 [UPE2-GigabitEthernet4/1/2] quit [UPE2] interface GigabitEthernet 4/1/3 [UPE2-GigabitEthernet4/1/3] ip binding vpn-instance vpn2 [UPE2-GigabitEthernet4/1/3] ip address 10.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2.1.1.4.9 0.0.1 255.255.255.1.0] network 172.2 as-number 100 [CE2-bgp] import-route direct [CE2] quit 4.2.0.1.3. Configure UPE 2 # Configure basic MPLS and MPLS LDP to establish LDP LSPs.4.4. [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.1.4. for example.1 24 [UPE2-GigabitEthernet4/1/1] mpls [UPE2-GigabitEthernet4/1/1] mpls ldp [UPE2-GigabitEthernet4/1/1] quit # Configure the IGP protocol. allowing CE 3 and CE 4 to access UPE 2.

1.2. [UPE2] bgp 100 [UPE2-bgp] peer 3.3.1 255.3.1.1.255.# Configure UPE 2 to establish MP-IBGP peer relationship with SPE 2 and to inject VPN routes.3.1. Configure CE 3 <CE3> system-view [CE3] interface GigabitEthernet 4/1/1 [CE3-GigabitEthernet4/1/1] ip address 10. Configure SPE 1 # Configure basic MPLS and MPLS LDP to establish LDP LSPs.3.2.1.2 as-number 100 [CE3-bgp] import-route direct [CE3] quit 6.1 as-number 65440 [UPE2-bgp-vpn1] import-route direct [UPE2-bgp-vpn1] quit [UPE2-bgp] quit 5.9 connect-interface loopback 0 [UPE2-bgp] ipv4-family vpnv4 [UPE2-bgp-af-vpnv4] peer 3.1.1 as-number 65430 [UPE2-bgp-vpn1] import-route direct [UPE2-bgp-vpn1] quit [UPE2-bgp] ipv4-family vpn-instance vpn2 [UPE2-bgp-vpn1] peer 10.0 [CE3-GigabitEthernet4/1/1] quit [CE3] bgp 65430 [CE3-bgp] peer 10.2.2.1.3.2 24 337 .9 [SPE1] mpls [SPE1-mpls] quit [SPE1] mpls ldp [SPE1-mpls-ldp] quit [SPE1] interface GigabitEthernet 4/1/1 [SPE1-GigabitEthernet4/1/1] ip address 172.1.255.255.3.1.9 as-number 100 [UPE2-bgp] peer 3.1.3. Configure CE 4 <CE4> system-view [CE4] interface GigabitEthernet 4/1/1 [CE4-GigabitEthernet4/1/1] ip address 10.255.3.0 [CE4-GigabitEthernet4/1/1] quit [CE4] bgp 65440 [CE4-bgp] peer 10. <SPE1> system-view [SPE1] interface loopback 0 [SPE1-LoopBack0] ip address 2.1.3.1 255.9 enable [UPE2-bgp-af-vpnv4] quit [UPE2-bgp] ipv4-family vpn-instance vpn1 [UPE2-bgp-vpn1] peer 10.2 as-number 100 [CE4-bgp] import-route direct [CE4] quit 7.9 32 [SPE1-LoopBack0] quit [SPE1] mpls lsr-id 2.

3. [SPE1] ip ip-prefix hope index 10 permit 10.1.0.1.2.0] network 2. [SPE1] ip vpn-instance vpn1 [SPE1-vpn-instance-vpn1] route-distinguisher 500:1 [SPE1-vpn-instance-vpn1 ] vpn-target 100:1 both [SPE1-vpn-instance-vpn1] quit [SPE1] ip vpn-instance vpn2 [SPE1-vpn-instance-vpn2] route-distinguisher 700:1 [SPE1-vpn-instance-vpn2] vpn-target 100:2 both [SPE1-vpn-instance-vpn2] quit # Configure SPE 1 to establish MP-IBGP peer relationship with UPE 1 and to inject VPN routes.0.0.0 [SPE1-ospf-1-area-0.9 enable [SPE1-bgp-af-vpnv4] peer 1.0.1.2.1.9 connect-interface loopback 0 [SPE1-bgp] peer 1.255 [SPE1-ospf-1-area-0.[SPE1-GigabitEthernet4/1/1] mpls [SPE1-GigabitEthernet4/1/1] mpls ldp [SPE1-GigabitEthernet4/1/1] quit [SPE1] interface GigabitEthernet 4/1/2 [SPE1-GigabitEthernet4/1/2] ip address 180.1.1.0] network 180.255 [SPE1-ospf-1-area-0.0.0.3. for example.0.1.9 connect-interface loopback 0 [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 3. OSPF.1. and specify UPE 1.0 0.0.0 0.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2.1.1.0] network 172.9 enable [SPE1-bgp-af-vpnv4] peer 1.1.9 as-number 100 [SPE1-bgp] peer 3.1.1.3.1 24 [SPE1] route-policy hope permit node 0 [SPE1-route-policy] if-match ip-prefix hope 338 .9 upe [SPE1-bgp-af-vpnv4] quit [SPE1-bgp]ipv4-family vpn-instance vpn1 [SPE1-bgp-vpn1] quit [SPE1-bgp]ipv4-family vpn-instance vpn2 [SPE1-bgp-vpn2] quit [SPE1-bgp] quit # Configure SPE 1 to advertise to UPE 1 the routes permitted by a routing policy.0.1. that is.1 24 [SPE1-GigabitEthernet4/1/2] mpls [SPE1-GigabitEthernet4/1/2] mpls ldp [SPE1-GigabitEthernet4/1/2] quit # Configure the IGP protocol.3.9 0.0.0.1.3.1.0. the routes of CE 3.1.3.1.0.0.9 as-number 100 [SPE1-bgp] peer 1.9 next-hop-local [SPE1-bgp] peer 3. [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0. [SPE1] bgp 100 [SPE1-bgp] peer 1.

[SPE1-route-policy] quit [SPE1] bgp 100 [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 1.0.0 [SPE2-ospf-1-area-0.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.0] network 3.1.1.9 0.0] network 180. and specify UPE 2.0.0.4.4.2.9 as-number 100 [SPE2-bgp] peer 4.0. OSPF.255 [SPE2-ospf-1-area-0.3.0] quit [SPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2. [SPE2] bgp 100 [SPE2-bgp] peer 4.4.9 [SPE2] mpls [SPE2-mpls] quit [SPE2] mpls ldp [SPE2-mpls-ldp] quit [SPE2] interface GigabitEthernet 4/1/1 [SPE2-GigabitEthernet4/1/1] ip address 180.1.2.9 connect-interface loopback 0 339 .0.1.0.0.2 24 [SPE2-GigabitEthernet4/1/1] mpls [SPE2-GigabitEthernet4/1/1] mpls ldp [SPE2-GigabitEthernet4/1/1] quit [SPE2] interface GigabitEthernet 4/1/2 [SPE2-GigabitEthernet4/1/2] ip address 172.0.1.2 24 [SPE2-GigabitEthernet4/1/2] mpls [SPE2-GigabitEthernet4/1/2] mpls ldp [SPE2-GigabitEthernet4/1/2] quit # Configure the IGP protocol. Configure SPE 2 # Configure basic MPLS and MPLS LDP to establish LDP LSPs.0.3.0.1.1.3. <SPE2> system-view [SPE2] interface loopback 0 [SPE2-LoopBack0] ip address 3.3.255 [SPE2-ospf-1-area-0. for example.0 0.9 upe route-policy hope export 8.4.1.3.0.0] network 172. [SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0 0.0. [SPE2] ip vpn-instance vpn1 [SPE2-vpn-instance-vpn1] route-distinguisher 600:1 [SPE2-vpn-instance-vpn1 ] vpn-target 100:1 both [SPE2-vpn-instance-vpn1] quit [SPE2] ip vpn-instance vpn2 [SPE2-vpn-instance-vpn2] route-distinguisher 800:1 [SPE2-vpn-instance-vpn2] vpn-target 100:2 both [SPE2-vpn-instance-vpn2] quit # Configure SPE 2 to establish MP-IBGP peer relationship with UPE 2 and to inject VPN routes.3.0.

4.4.9 as-number 100 [SPE2-bgp] peer 2.2.[SPE2-bgp] peer 4.2.1 24 [SPE2] route-policy hope permit node 0 [SPE2-route-policy] if-match ip-prefix hope [SPE2-route-policy] quit [SPE2] bgp 100 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 4.1. Figure 83 Network diagram Loop0 Loop0 POS2/1/2 POS2/1/1 PE 1 GE4/1/1 PE 2 GE4/1/1 Sham-link Loop1 Loop1 OSPF Area 1 GE4/1/1 POS2/1/2 CE 1 POS2/1/2 GE4/1/1 POS2/1/1 POS2/1/2 Router A CE 2 Backdoor link Device Interface IP address Device Interface IP address CE 1 GE4/1/1 100.9 upe route-policy hope export Configuring OSPF sham links Network requirements • CE 1 and CE 2 belong to VPN 1 and are respectively connected to PE 1 and PE 2.1.4.4. that is.4.2. [SPE2] ip ip-prefix hope index 10 permit 10.9 upe [SPE2-bgp-af-vpnv4] quit [SPE2-bgp]ipv4-family vpn-instance vpn1 [SPE2-bgp-vpn1] quit [SPE2-bgp]ipv4-family vpn-instance vpn2 [SPE2-bgp-vpn2] quit [SPE2-bgp] quit # Configure SPE 2 to advertise to UPE 2 the routes permitted by a routing policy.1.1/24 CE 2 GE4/1/1 120.4.9 next-hop-local [SPE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 2.2. • CE 1 and CE 2 are in the same OSPF area.4. instead of any route in the OSPF area. the routes of CE 1. • VPN traffic between CE 1 and CE 2 is required to be forwarded through the MPLS backbone.2.9 enable [SPE2-bgp-af-vpnv4] peer 4.1.4.1.1/24 340 .9 enable [SPE2-bgp-af-vpnv4] peer 4.

0/8 Direct 0 0 127.2/32 Direct 0 0 20.0.1/32 Pre Routes : 9 Cost NextHop Interface Direct 0 0 20.0/24 20.1.1 POS2/1/2 Direct 0 0 127.0/24 Direct 0 0 100.1. (Details not shown) After completing the configurations.1.1.1.1.1.1.PE 1 Router A POS2/1/2 20.1 InLoop0 20.1.3/32 Loop1 5.1.1/32 Direct 0 0 127.1 InLoop0 10 10 Configure MPLS L3VPN on the backbone # Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs.1.1/32 Direct 0 0 127.1.1. and CE 2 to advertise segment addresses of the interfaces as shown in Figure 83. The following takes CE 1 as an example: <CE1> display ip routing-table Routing Tables: Public Destinations : 9 2.1 24 [PE1-POS2/1/2] mpls [PE1-POS2/1/2] mpls ldp [PE1-POS2/1/2] quit # Configure PE 1 to take PE 2 as the MP-IBGP peer.1.0.0.0. CE 1 and CE 2 can learn the OSPF route to the GigabitEthernet interface of each other.3.9 as-number 100 341 .1.1.2/24 Configuration procedure 1.1.2/24 POS2/1/2 10.1. Destination/Mask Proto 20.2.0/24 OSPF 3124 20.1.1.1.1.1.1.1.0.5.1 InLoop0 120.2 POS2/1/2 30.5/32 GE4/1/1 100.2/24 GE4/1/1 120.2/24 POS2/1/1 30.5.0.1.1/24 POS2/1/2 20.1 InLoop0 127.1. Configure OSPF on the customer networks Configure conventional OSPF on CE 1.0.1.1.0/24 OSPF 3125 20.2/24 Loop0 2.1.1.1.0.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface POS 2/1/2 [PE1-POS2/1/2] ip address 10.9/32 PE 2 POS2/1/2 30.1.1.2 POS2/1/2 100.3.9/32 Loop1 3.0. Router A.1.2.1. [PE1] bgp 100 [PE1-bgp] peer 2.1 GE4/1/1 100.1/24 POS2/1/1 10.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.0.1.1.1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1.0.1.0.1.1.2.2 POS2/1/2 127.2.1.1/24 Loop0 1.

0.1.0.0.0.0.0] network 2.1.0.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface POS 2/1/2 [PE2-POS2/1/2] ip address 10. [PE2] bgp 100 [PE2-bgp] peer 1.2.0.0 [PE1-ospf-1-area-0.0.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.0] network 10.9 as-number 100 [PE2-bgp] peer 1.1.0] quit [PE2-ospf-1] quit 3. [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 342 .0 [PE2-ospf-1-area-0.0. Configure PEs to allow CEs to access the network # Configure PE 1 to allow CE 1 to access the network.1.2.0.0.2.0] network 1.0.0.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.0] network 10.2.9 0.0. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.0.0.0.1.1.0.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Configure OSPF on PE 2.2.2.0 0.255 [PE2-ospf-1-area-0.2.2.0.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure OSPF on PE 1.255 [PE1-ospf-1-area-0.9 0.1.2.1.0 0.1.1.[PE1-bgp] peer 2.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2 24 [PE2-POS2/1/2] mpls [PE2-POS2/1/2] mpls ldp [PE2-POS2/1/2] quit # Configure PE 2 to take PE 1 as the MP-IBGP peer.0] quit [PE1-ospf-1] quit # Configure basic MPLS and MPLS LDP on PE 2 to establish LDP LSPs. [PE1]ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.1.1.

0.0.1.0.2 24 [PE2-GigabitEthernet4/1/1] quit [PE2] ospf 100 vpn-instance vpn1 [PE2-ospf-100] domain-id 10 [PE2-ospf-100] area 1 [PE2-ospf-100-area-0.1.2 GE4/1/1 343 . Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost NextHop Interface 20.1.1.0.0.1.1.1.1.0.1.1 GE4/1/1 30.0.0/24 Direct 0 0 100.0. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1 [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ip address 120.1 GE4/1/1 100.0/24 OSPF 10 1563 100. instead of the BGP route across the backbone.1.1. You can see that the path to the peer CE is along the OSPF route across the customer networks.255 [PE2-ospf-100-area-0.0/24 OSPF 10 3125 100.0 0.1] quit [PE2-ospf-100] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 100 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit After completing the configurations.1] network 120.1.1.1.255 [PE1-ospf-100-area-0.1.1.2 24 [PE1-GigabitEthernet4/1/1] quit [PE1] ospf 100 vpn-instance vpn1 [PE1-ospf-100] domain-id 10 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.1.1.[PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ip address 100.0.0.0.1.1] quit [PE1-ospf-100] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route ospf 100 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 to allow CE 2 to access the network.1.1] network 100.0 0.0. issue the display ip routing-table vpn-instance command on the PEs.

5.1.1] quit [PE1-ospf-100] quit # Configure PE 2.4.5.0.1.1.2.1. [PE2] interface loopback 1 [PE2-LoopBack1] ip binding vpn-instance vpn1 [PE2-LoopBack1] ip address 5.2/32 Direct 0 0 20.1.1.0/24 OSPF 10 1563 100.0. and that a route to the sham link destination address is present.2 POS2/1/1 344 .0.3.2.0. Take CE 1 as an example: [CE1] display ip routing-table Routing Tables: Public Destinations : 9 Pre Routes : 9 Destination/Mask Proto Cost NextHop Interface 20.0.1.0.5.1.3/32 5.3.0/24 Direct 0 0 100.1.0. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 6 Destination/Mask Proto 3.1.1.0/24 OSPF 3126 100.2/32 Direct 0 0 127.1] quit [PE2-ospf-100] quit After completing the configurations. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 3.1 InLoop0 120.5 cost 10 [PE1-ospf-100-area-0.1.1.3 cost 10 [PE2-ospf-100-area-0.5 32 [PE2-LoopBack1] quit [PE2] ospf 100 [PE2-ospf-100] area 1 [PE2-ospf-100-area-0.3.0.0/24 BGP 0 2.1/32 Direct 0 0 127.3 32 [PE1-LoopBack1] quit [PE1] ospf 100 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.2/32 Direct 0 0 127.2 GE4/1/1 100.5.0.1] sham-link 3.1 InLoop0 120.1.0.5. This means that VPN traffic to the peer will be forwarded over the backbone.1 GE4/1/1 100.1.0.1 GE4/1/1 10 Configure a sham link # Configure PE 1.1. 100.1.1.1 POS2/1/1 20.1. issue the display ip routing-table vpn-instance command again on the PEs.1.1.9 NULL0 20. and that the next hop is now the GigabitEthernet interface connected to the PE.3.1.3.1.0.0.5.2.1.1 InLoop0 BGP 255 0 2.5 3. You can see that the path to the peer CE is now along the BGP route across the backbone.3.0.3 5.0.1.5.0. You can see that the cost of the OSPF route to the peer CE is now 10 (the cost configured for the sham link).1] sham-link 5.1.3.1.9 NULL0 255 Issue the display ip routing-table command on the CEs.0/24 Direct 0 0 20.1 InLoop0 20.2.5.5/32 Routes : 6 Pre Cost NextHop Interface Direct 0 0 127.3.1.

0.1.0.5 Neighbor ID: 120.1.5.0/8 Direct 0 0 127.0/24 Direct 0 10 0 100.1. Transmit Delay 1 Configuring BGP AS number substitution Network requirements As shown in Figure 84.1.2 Sham Link: Area NeighborId Source-IP Destination-IP State Cost 0.1.1.3 --> 5. Take PE 1 as an example: [PE1] display ospf sham-link OSPF Process 100 with Router ID 100.0.0.30. Retransmit 5.2.1.5.1.1 GE4/1/1 100. Dead 40. they use the same AS number 600.1/32 Direct 0 0 127.1.0/24 OSPF 12 100.0.3 5.1.1.3.0.2 GE4/1/1 100.1.0.1.1.1/24 P GE4/1/2 100.2 Sham-Link: 3.1.0.1 Cost: 10 State: P-2-P Type: Sham Timers: Hello 10.1. In addition.0.2 Neighbour State: Full Area: 0.2.1.1.5.1.0. Figure 84 Configure BGP AS number substitution Device CE 1 Interface IP address Device GE4/1/1 10.1 InLoop0 127.1 120.0.1.1/24 345 Interface IP address Loop0 2.1. You can see that the peer state is Full: [PE1] display ospf sham-link area 1 OSPF Process 100 with Router ID 100.0/24 OSPF 1574 100.0.1/32 Direct 0 0 127.1. CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2 respectively.1.1.9/32 GE4/1/1 20.3.2 GE4/1/1 127.5. You can see the established sham link.0.1 InLoop0 10 Issue the display ospf sham-link command on the PEs.3.1.5 P-2-P 10 Issue the display ospf sham-link area command.1.0.1 InLoop0 120.2/24 .3.1.2 3.1.

• Configure BGP between PE 1 and CE 1. • Establish MP-IBGP peer relationship between the PEs to advertise VPN IPv4 routes.1.1.1 InLoop0 100.1.1.0.1/24 GE4/1/1 10.2.1.0/24 BGP 255 0 1.2/24 Loop0 1.3.1.1/32 Direct 0 0 127.2.1/32 Direct 0 0 127.0.0. • Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network.9/32 20.1.1.1. issue the display ip routing-table command on CE 2.1.1/32 BGP 255 0 1.2.1.1.0/24 BGP 255 0 10.2.1.1.0.1.1.9 NULL0 200. where the interface used by CE 1 to access PE 1 resides.1.2.1.2.1 InLoop0 127.1.1.1.0/24 Direct 0 0 200.1.0/24) behind CE 1.1 GE4/1/1 10.1.1/32 BGP 255 0 10.0.1.1.2.0.1.1/32 BGP 255 0 10.1.0/24 Direct 0 0 10.1.2/32 Direct 0 0 127.1.1.9 NULL0 10.1/32 BGP 255 0 1.1. but has not learned the route to the VPN (100.1.2 GE4/1/1 10.1 InLoop0 200.0.1.2/32 Direct 0 0 10.1.1.0/8 Direct 0 0 127.1 InLoop0 200.0.1. <CE2> display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost NextHop Interface 10.2/24 10.1 InLoop0 10.1. and between PE 2 and CE 2 to inject routes of CEs into PEs. After completing the configurations.1. • Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network.1.2/24 GE4/1/2 GE4/1/1 GE4/1/2 200.2.1.1.9/32 GE4/1/1 10. • Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.1.1.1.1.2.1. Take PE 2 as an example: <PE2> display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost NextHop Interface 10.0/24 Direct 0 0 10.1 GE4/1/1 10.9 NULL0 10.2 GE4/1/1 10. Configure basic MPLS L3VPN • Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.1 InLoop0 Issue the display ip routing-table vpn-instance command on the PEs.2.2.1 GE4/1/1 346 .1.3.2 GE4/1/1 10.0. You can see the route to the VPN behind the peer CE.0/24.1.2.1. You can see that CE 2 has learned the route to network segment 10.1/24 PE 2 Configuration procedure 1.2.1.1/32 Direct 0 0 127.1.1.2 GE4/1/1 127.1.0.0.PE 1 CE 2 GE4/1/2 30. The situation on CE 1 is similar.1.0.1/32 Direct 0 0 10.1.0.1/24 Loop0 3.2.1/24 GE4/1/2 30.2.0.

1.1.1.1/32 10.2.damped.suppressed.2 received-routes Total Number of Routes: 4 BGP Local router ID is 10.1.1.1 for following destinations : Origin : Incomplete AS Path : 100 600 Next Hop : 10.history.2.1.2. Issue the display bgp routing-table peer received-routes command on CE 2.vpn1: Send UPDATE to 10.2.VPNv4 best.1.1 Status codes: * .1. > .2.1/32 has changed from 100 600 to 100 100: *0.2 * 10.2. S .1.damped. <CE2> display bgp routing-table peer 10.VPN best.2 MED *> 10. > .1. You can see that PE 2 advertises the route to 100.1/32. d .2. s .vpn1: Send UPDATE to 10. e .1.1.Enable BGP update packet debugging on PE 2.valid.13498737 PE2 RM/7/RMDEBUG: BGP.4402392 PE2 RM/7/RMDEBUG: BGP. <PE2> terminal monitor <PE2> terminal debugging <PE2> debugging bgp update vpn-instance vpn1 verbose <PE2> refresh bgp vpn-instance vpn1 all export *0.2. and the AS_PATH is 100 600.best.2.suppressed.valid. i . ^ .2 100.Stale 347 .2 0 LocPrf PrefVal Path/Ogn 0 100? 0 100? 0 100? 0 100? Configure BGP AS number substitution # Configure BGP AS number substitution on PE 2.internal.EGP.2 received-routes Total Number of Routes: 5 BGP Local router ID is 10.1. d .0/24 10.1.1.1 Status codes: * .2.2.internal. i .1/32 10.1. ? .1.2 0 * 10.1/32 Display again the routing information that CE 2 receives and the routing table: <CE2> display bgp routing-table peer 10.incomplete 2.best. S .1.1.1/32.2. h .0/24 10.1. h .history.1.1.IGP.1.2. Network NextHop *> 10. ^ . You can see that CE 2 did not receive the route to 100.1/32. s .Stale Origin : i .1. <PE2> system-view [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1.1 for following destinations : Origin : Incomplete AS Path : 100 100 Next Hop : 10.1 substitute-as [PE2-bgp-vpn1] quit [PE2-bgp] quit The output shows that among the routes advertised by PE 2 to CE 2.1.2.1.2 100. the AS_PATH of 100.1.

1.2.0.0.1.1.1.1: 56 data bytes.2.2.2.1.1.2 0 100? * 10.200.2 GE4/1/1 127.1.0.1/32 10.1.1: bytes=56 Sequence=3 ttl=253 time=66 ms Reply from 200.EGP.1.Origin : i .1.1: bytes=56 Sequence=5 ttl=253 time=70 ms --.1 InLoop0 127.1.1.2.1.0/24 Direct 0 0 10.1.0.1.00% packet loss round-trip min/avg/max = 66/79/109 ms 348 . e .1 200.1.1.1.2.1.0/24 10.1.2 Interface GE4/1/1 10.1.1 InLoop0 200.2 0 0 100? * 10.1.1.2.1.1/32 BGP 0 10.1.1/32 Direct 0 0 127.1.2 0 100? *> 10.0/24 Routes : 9 Pre BGP 255 255 Cost 0 NextHop 10.2 0 100 100? <CE2> display ip routing-table Routing Tables: Public Destinations : 9 Destination/Mask Proto 110.1.0.1. ? .1: bytes=56 Sequence=4 ttl=253 time=85 ms Reply from 200.1.1.1.1.1.2.0.IGP.1.1 InLoop0 255 After configuring BGP AS substitution on PE 1 too.0.1.1/32 10.1.1.1/32 10.2.0.1.2.2.2 GE4/1/1 100.1: bytes=56 Sequence=2 ttl=253 time=67 ms Reply from 200.1/32 Direct 0 0 127.1 GE4/1/1 10.1.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms Reply from 200.0/24 10.0.1.2/32 Direct 0 0 10.0/8 Direct 0 0 127.incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1/32 BGP 0 10.1.0.2.1.1 InLoop0 10.1.2.1/32 Direct 0 0 127.2 GE4/1/1 10.1.1.2.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.0.2.2 0 0 100? *> 100.1 PING 200. press CTRL_C to break Reply from 200.0. the GigabitEthernet interfaces of CE 1 and CE 2 can ping each other: <CE1> ping –a 100.

Therefore. At present. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. The PE-CE interfaces of a PE run IPv6 and the PE-P interface of a PE runs IPv4.Configuring IPv6 MPLS L3VPN IPv6 MPLS L3VPN overview MPLS L3VPN applies to the IPv4 environment. IPv6 runs inside the VPNs and between CEs and PEs. IPv6 MPLS L3VPN functions similarly. Figure 85 Network diagram for the IPv6 MPLS L3VPN model VPN 1 IPv6 Site 1 VPN 2 IPv6 Site 3 IPv4 network P P CE CE PE PE CE P P PE CE IPv6 Site 2 VPN 2 IPv6 Site 4 VPN 1 349 . It uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. PEs must support both IPv4 and IPv6. Figure 85 shows the typical IPv6 MPLS L3VPN model. the service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network.

Based on the inbound interface and destination address of the packet. From the ingress PE to the egress PE. No matter which routing protocol is used. Routing information exchange from the local CE to the ingress PE After establishing an adjacency with the directly connected PE. 3. the IPv6 MPLS L3VPN packet forwarding procedure is as follows: 1. PE 2 searches the routing table of the VPN instance to determine the outbound interface and then forwards the packet out the interface to CE 2. 5. According to the inner label and destination address of the packet.IPv6 MPLS L3VPN packet forwarding Figure 86 IPv6 MPLS L3VPN packet forwarding diagram Site 1 CE 1 CE 2 P 2001:1::1/96 P PE 2 PE 1 Layer1 2001:2::1 Site 2 2001:2::1/96 Layer2 Layer2 2001:2::1 2001:2::1 2001:2::1 As shown in Figure 86. The MPLS backbone transmits the packet to PE 2 by outer label. CE 1 transmits the packet to PE 1. The outer label is removed from the packet at the penultimate hop. RIPng routes. Then. Finding a matching entry. From the egress PE to the remote peer CE. PE 1 searches the routing table of the VPN instance. a CE advertises its IPv6 VPN routes to the PE. 4. The PC at Site 1 sends an IPv6 packet destined for 2001:2::1. 2. a route is available from the local CE to the remote CE. the PC at Site 2. PE 1 labels the packet with both inner and outer labels and forwards the packet out. or EBGP routes. Routing information exchange from the ingress PE to the egress PE After learning the IPv6 VPN routes from the CE. 2. CE 2 forwards the packet to the destination by IPv6 forwarding. From the local CE to the ingress PE. the CE always advertises standard IPv6 routes to the PE. IPv6 MPLS L3VPN routing information advertisement The IPv6 VPN routing information of a local CE is advertised to a remote peer PE in three steps: 1. and then triggers MPLS to assign VPN labels for them. the ingress PE adds RDs and VPN targets for these standard IPv6 routes to create VPN-IPv6 routes. 350 . saves them to the routing table of the VPN instance created for the CE. OSPFv3 routes. 3. The routes between a CE and a PE can be static routes. IPv6 IS-IS routes.

Then. see the related sections. if they are the same. Configuring inter-AS IPv6 VPN To deploy special IPv6 MPLS L3VPN networks. adds the routes to the routing table of the VPN instance. Finally. such as inter-AS VPN. Complete the following tasks to configure basic IPv6 MPLS L3VPN: Task Configuring VPN instances Remarks Creating a VPN instance Required Associating a VPN instance with an interface Required 351 . the egress PE compares the export target attributes of the VPN-IPv6 routes with the import target attributes that it maintains for the VPN instance and. IPv6 MPLS L3VPN supports the following networking schemes and functions: • Basic VPN networking • Inter-AS VPN option A • Inter-AS VPN option C • Carrier’s carrier • Multi-VPN-instance CE IPv6 MPLS L3VPN configuration task list Complete the following tasks to configure IPv6 MPLS L3VPN: Task Remarks Configuring basic IPv6 MPLS L3VPN By configuring basic IPv6 MPLS L3VPN. you also need to perform some specific configurations in addition to the basic IPv6 MPLS L3VPN configuration. you can construct simple IPv6 VPN networks over an MPLS backbone. The PEs use an IGP to ensure the connectivity between them. For more information. Routing information exchange from the egress PE to the remote CE The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE. the ingress PE advertises the VPN-IPv6 routes to the egress PE through MP-BGP. IPv6 MPLS L3VPN networking schemes and functions At present. including PE-CE route exchange and PE-PE route exchange. Configuring routing on an MCE Configuring basic IPv6 MPLS L3VPN Basic IPv6 MPLS L3VPN configuration task list The key task in IPv6 MPLS L3VPN configuration is to manage the advertisement of IPv6 VPN routes on the MPLS backbone.

It is a collection of the VPN membership and routing rules of its associated site. system-view N/A 2. Configure an RD for the VPN instance. ip vpn-instance vpn-instance-name Required 3. To create and configure a VPN instance: Step Command Remarks 1. route-distinguisher route-distinguisher Required 4. A VPN instance takes effect only after you configure an RD for it. You can configure a description for a VPN instance to record its related information. but also routes of a VPN from those of another VPN. A VPN instance does not necessarily correspond to one VPN. complete these tasks: • Configuring an IGP for the MPLS backbone (on the PEs and Ps) to achieve IP connectivity • Configuring basic MPLS for the MPLS backbone • Configuring MPLS LDP for the MPLS backbone so that LDP LSPs can be established Configuring VPN instances By configuring VPN instances on a PE. This feature allows VPN instances to be used in networking scenarios besides MPLS L3VPNs. Creating a VPN instance A VPN instance is associated with a site. such as its relationship with a certain VPN. All VPN instance configurations are performed on PEs or MCEs. description text Optional 352 . Enter system view. Configure a description for the VPN instance. you isolate not only VPN routes from public network routes.Task Remarks Configuring route related attributes for a VPN instance Optional Configuring a tunneling policy for a VPN instance Optional Configuring an LDP instance Optional Configuring routing between PE and CE Required Configuring routing between PEs Required Configuring routing features for the BGP-VPNv6 subaddress family Optional Configuration prerequisites Before configuring basic IPv6 MPLS L3VPN. Create a VPN instance and enter VPN instance view.

BGP associates it with a VPN target extended community attribute list. Set the maximum number of routes supported. interface interface-type interface-number N/A 3. Enter VPN instance view.” To associate a VPN instance with an interface: Step Command Remarks 1. Enter IPv6 VPN view. . NOTE: The ip binding vpn-instance command clears the IP address of the interface on which it is configured. Associate a VPN instance with the interface.Associating a VPN instance with an interface After creating and configuring a VPN instance. you need to associate the VPN instance with the interface for connecting the CE. routing-table limit number { warn-threshold | simply-alert } Optional 6. all routes matching the import target attribute are accepted. vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] Required 5. Enter system view. system-view N/A 2. For information about LDP-capable interfaces. Configure VPN targets. Apply an import routing policy. Enter interface view. Be sure to re-configure an IP address for the interface after configuring the command. Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows: • When a VPN route learned from a CE gets redistributed into BGP. Optional import route-policy route-policy 353 By default. • The VPN instance determines how to change the VPN targets attributes for routes to be advertised according to the export-extcommunity in the VPN target. To configure route related attributes for a VPN instance: Step Command Remarks 1. which is usually the export target attribute of the VPN instance associated with the CE. see the chapter “Configuring basic MPLS. Enter system view. • The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the VPN target. ip vpn-instance vpn-instance-name N/A 3. ipv6-family Optional 4. ip binding vpn-instance vpn-instance-name No VPN instance is associated with an interface by default. system-view N/A 2. Any LDP-capable interface can be associated with a VPN instance.

quit N/A 5. Specify the tunnel selection preference order and the number of tunnels for load balancing. • You can define the maximum number of routes for a VPN instance to support. the device cannot filter the routes to be received and advertised. Otherwise. Enter system view. tnl-policy tunnel-policy-name By default. CR-LSP tunnel. Those configured in IPv6 VPN view take precedence. 4. Apply the tunneling policy to the VPN instance. • A single vpn-target command can configure up to eight VPN targets. system-view N/A 2. Enter VPN instance view. 354 . Create a tunneling policy and enter tunneling policy view. Remarks Optional export route-policy route-policy By default. Configuring a tunneling policy for a VPN instance To configure a tunneling policy for a VPN instance: Step Command Remarks 1. tunnel-policy tunnel-policy-name Required 3. • You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view. NOTE: • Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 VPNs. preventing too many routes from being redistributed into the PE. CR-LSP tunnel.Step 7. only one tunnel is selected (no load balancing) in this order: LSP tunnel. tunnel select-seq { cr-lsp | lsp } * load-balance-number number By default. routes to be advertised are not filtered. You can configure up to 64 VPN targets for a VPN instance. Enter IPv6 VPN view. ipv6-family Optional 7. Command Apply an export routing policy. • Create a routing policy before associating it with a VPN instance. ip vpn-instance vpn-instance-name Required 6. only one tunnel is selected (no load balancing) in this order: LSP tunnel. Return to system view.

Configuration prerequisites Before you configure routing between PE and CE. OSPFv3. For LDP instance configuration information. a tunnel type closer to the select-seq keyword has a higher priority. and configure LDP parameters for the LDP instance. • You can configure a tunneling policy for IPv6 VPNs in both VPN instance view and IPv6 VPN view. For example. create an LDP instance for the VPN instance. RIPng.NOTE: • When you configure tunnel selection preference order by using the tunnel select-seq command. the default tunneling policy is used. On CEs. After an LSP is created. the VPN uses the LSP tunnel instead. Command Remarks system-view N/A ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] ipv6 route-static vpn-instance s-vpn-instance-name&<1-6> ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] 355 Required Use either command Perform this configuration on PEs. VPN uses a CR-LSP tunnel when no LSP exists. Configure static routes for a VPN instanceN/A. configure normal static routes. IPv6 IS-IS. . 2. Configuring an LDP instance LDP instances are for carrier’s carrier networking applications. • Create a tunneling policy before associating it with a VPN instance. Enter system view. • If you specify more than one tunnel type and the number of tunnels of a type is less than the specified number of tunnels for load balancing. with the tunnel select-seq lsp cr-lsp load-balance-number 1 command configured. or EBGP between PE and CE. Otherwise.” Configuring routing between PE and CE You can configure static routing. • A tunneling policy configured in VPN instance view is applicable to both IPv4 VPNs and IPv6 VPNs. This task is to enable LDP for an existing VPN instance. tunnels of different types may be used. A tunneling policy configured in IPv6 VPN view takes precedence. see the chapter “Configuring MPLS L3VPN. complete the following tasks: • Assign an IPv6 address to the CE-PE interface of the CE • Assign an IPv6 address to the PE-CE interface of the PE Configuring static routing between PE and CE To configure PE-CE route exchange through static routes: Step 1.

quit N/A 4. If you create an OSPF process without binding it to a VPN instance. create a normal RIPng process. 356 . see Layer 3—IP Routing Configuration Guide. Enable RIPng on the interface. If you create a RIPng process without binding it to a VPN instance. Enter system view. Enter interface view. • For more information about OSPFv3. create a normal OSPF process. see Layer 3—IP Routing Configuration Guide. Set the router ID. interface interface-type interface-number N/A 6. 3. On CEs. Enter system view. ripng [ process-id ] vpn-instance vpn-instance-name Perform this configuration on PEs. see Layer 3—IP Routing Configuration Guide. ripng process-id enable By default. Return to system view. router-id router-id Required 4. Configuring RIPng between PE and CE A RIPng process belongs to the public network or a single VPN instance. Enter interface view. Configuring OSPFv3 between PE and CE An OSPFv3 process belongs to the public network or a single VPN instance. Return to system view. Create a RIPng process for a VPN instance and enter RIPng view. system-view N/A 2. quit N/A 5. RIPng is disabled on an interface. To configure OSPFv3 between PE and CE: Step Command Remarks 1. Create an OSPFv3 process for a VPN instance and enter the OSPFv3 view. Enable OSPFv3 on the interface. 3. Perform this configuration on PEs. interface interface-type interface-number N/A 5. To configure RIPng between PE and CE: Step Command Remarks 1.NOTE: For information about IPv6 static routing. On CEs. OSPFv3 is disabled on an interface. NOTE: For more information about RIPng. the process belongs to the public network. NOTE: • Deleting a VPN instance will delete all related OSPFv3 processes at the same time. ospfv3 process-id area area-id [ instance instance-id ] By default. the process belongs to the public network. ospfv3 [ process-id ] vpn-instance vpn-instance-name Perform this configuration on PEs. system-view N/A 2.

isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on PEs. On CEs. ipv6 enable Disabled by default 5. Create an IPv6 IS-IS process for a VPN instance and enter IS-IS view. system-view N/A 2. Configuring EBGP between PE and CE 1. Return to system view. isis ipv6 enable [ process-id ] Disabled by default NOTE: For more information about IPv6 IS-IS. create a normal IPv6 IS-IS process. Enter interface view. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ direct | isisv6 process-id | ripng process-id | static ] 357 Optional By default. interface interface-type interface-number N/A 7. Configure the CE as the VPN EBGP peer. Configurations on a PE To configure EBGP between PE and CE: Step Command Remarks 1. Enter system view. network-entity net Not configured by default 4. Enable BGP and enter BGP view. Configure a filtering policy to filter the routes to be advertised. peer ipv6-address as-number as-number Required 5. see Layer 3—IP Routing Configuration Guide. . 3. quit N/A 6. 6. system-view N/A 2. the process belongs to the public network.Configuring IPv6 IS-IS between PE and CE An IPv6 IS-IS process belongs to the public network or a single VPN instance. Enter IPv6 BGP-VPN instance view. ipv6-family vpn-instance vpn-instance-name Required 4. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * A PE needs to redistribute the routes of the local CEs into its VPN routing table so that it can advertise them to the peer PE. To configure IPv6 IS-IS between PE and CE: Step Command Remarks 1. bgp as-number N/A 3. Enable the IPv6 capacity for the IS-IS process on the interface. Redistribute the routes of the local CEs. Enter system view. BGP does not filter routes to be advertised. Enable the IPv6 capacity for the IS-IS process. If you create an IPv6 IS-IS process without binding it to a VPN instance. Configure a network entity title for the IS-IS process.

7. Configurations on a CE To configure EBGP between PE and CE: Step Command Remarks 1. see Layer 3—IP Routing Configuration Guide. Enter BGP view. Configure the remote PE as the peer. Enter IPv6 BGP subaddress family view. A CE needs to advertise its VPN routes to the connected PE so that the PE can advertise them to the peer CE. Command Remarks filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import Optional By default. BGP uses the outbound interface of the best route to the BGP peer. peer ip-address as-number as-number Required 4. exchange of BGP routes for the VPN instance is the same as exchange of ordinary BGP routes. ipv6-family vpnv6 Required 358 . bgp as-number N/A 3. Enter BGP view. 2. system-view N/A 2. • The configuration commands available in IPv6 BGP-VPN instance view are the same as those in IPv6 BGP subaddress family view. Enter system view. NOTE: • After an IPv6 BGP-VPN instance is configured. 5. Enter system view. For more configuration commands in the two views. bgp as-number Required 3. peer { group-name | ip-address } connect-interface interface-type interface-number By default. Configure the PE as the EBGP peer. peer ipv6-address as-number as-number Required Configure route redistribution and advertisement. Specify the source interface for route update packets. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Optional 5. Configuring routing between PEs To configure routing between PEs: Step Command Remarks 1. the PE does not filter received routes. ipv6-family Required 4. Enter BGP-VPNv6 subaddress family view.Step Configure a filtering policy to filter received routes. system-view N/A 2.

Set the default value for the system MED. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ direct | isisv6 process-id | ripng process-id | static ] Optional 9. Optional 0 by default . peer ip-address as-number as-number Required 4. Command Remarks peer ip-address enable By default. Enter BGP-VPNv6 subaddress family view. the default value of the system MED is 0. default med med-value By default. ipv6-family vpnv6 N/A 6. Configuring routing features for the BGP-VPNv6 subaddress family A variety of routing features for the BGP-VPNv6 subaddress family are the same as those for BGP IPv6 unicast routing. Specify the interface for TCP connections. Optional By default. Apply an IPv6-prefix list for the peer to filter received/advertised routes. the PE does not filter routes to be advertised. By default. BGP peers exchange only IPv4 routing information. no IPv6 prefix list is applied for a peer. Set the default value of the local preference. peer ip-address connect-interface interface-type interface-number Required 5. default local-preference value Optional 100 by default Optional 7. the PE does not filter received routes. Configure the remote PE as the peer. Configure a filtering policy to filter received routes. 8. bgp as-number N/A 3. Enter BGP view. Enter system view. system-view N/A 2. no filtering policy is applied for a peer. Optional By default. Apply a filtering policy for the peer. Configure a filtering policy to filter routes to be advertised. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import Optional 10. peer ip-address preferred-value value 359 By default. peer ip-address ipv6-prefix prefix-name { export | import } 12. Specify the preference value for the routes received from the peer.Step 6. You can select any of the features as required. peer ip-address filter-policy acl6-number { export | import } 11. To configure routing features for the BGP-VPNv6 subaddress family: Step Command Remarks 1. Enable the exchange of BGP-VPNv6 routing information with the specified peer.

Configure the local PE as the route reflector and specify the peer as the client. 14. Configure a cluster ID for the route reflector. Optional Enabled by default Optional By default. IPv6 MPLS L3VPN supports only inter-AS VPN option A and option C. Optional NOTE: For information about IPv6 BGP routing features. Enable VPN target filtering for received BGP-VPNv6 subaddress family routes. Create an RR reflection policy. reflect between-clients 18. Optional Enabled by default Optional 16. Configure BGP updates to the peer to not carry private AS numbers. Apply a routing policy for the peer. 360 . see Layer 3—IP Routing Configuration Guide. peer ip-address route-policy route-policy-name { export | import } Optional 15. reflector cluster-id { cluster-id | ip-address } 19. complete these tasks: • Configuring an IGP for the MPLS backbone in each AS to implement IP connectivity • Configuring basic MPLS capabilities for the MPLS backbone of each AS • Configuring MPLS LDP for the MPLS backbones so that LDP LSPs can be established NOTE: The following sections describe inter-AS IPv6 VPN option A and option C. Configuring inter-AS IPv6 VPN If the MPLS backbone that carries the IPv6 VPN routes spans multiple ASs. policy vpn-target By default. Enable route reflection between clients. peer ip-address public-as-only By default. rr-filter extended-community-list-number No route reflector or client is configured by default. no routing policy is applied for a peer. a route reflector uses its router ID as the cluster ID. a BGP update carries private AS numbers.Step Command Remarks Optional 13. you need to configure inter-AS IPv6 VPN. see the chapter “Configuring MPLS L3VPN”). There are three inter-AS VPN solutions (for more information. Configuration prerequisites Before configuring inter-AS IPv6 VPN. Select one according to your networking scenario. peer ip-address reflect-client 17.

while those on ASBR PEs are for access of the peer ASBR PEs. 5. It is easy to implement. Enable the PE to exchange labeled routes with the ASBR PE in the same AS. • Configure each ASBR. you need to: • Perform basic IPv6 MPLS L3VPN configuration on each AS.” NOTE: In the inter-AS IPv6 VPN option A solution. system-view N/A 2. peer { group-name | ip-address } as-number as-number Required 6. Enable the PE to exchange BGP VPNv6 routing information with the EBGP peer. Enter BGP-VPNv6 subaddress family view. the VPN targets configured on the PEs must match those configured on the ASBR-PEs in the same AS to make sure that VPN routes sent by the PEs (or ASBR-PEs) can be received by the ASBR-PEs (or PEs). Enter system view. To configure a PE for inter-AS IPv6 VPN option C: Step Command Remarks 1. peer ip-address enable Required 361 .Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. the PE does not advertise labeled routes to the IPv4 peer/peer group. configure VPN instances on both PEs and ASBR PEs. peer { group-name | ip-address } as-number as-number Required 4. peer { group-name | ip-address } label-route-capability By default. Configure the ASBR PE in the same AS as the IBGP peer. In other words. Configuring inter-AS IPv6 VPN option C Configuring the PEs You need to establish ordinary IBGP peer relationships between PEs and ASBR PEs in an AS and MP-EBGP peer relationships between PEs in different ASs. The PEs and ASBR PEs in an AS must be able to exchange labeled routes. taking the peer ASBR PE as its CE. To configure inter-AS IPv6 option A. Enter BGP view. The VPN instances on PEs allow CEs to access the network. ipv6-family vpnv6 N/A 7. bgp as-number N/A 3. see the chapter “Configuring basic IPv6 MPLS L3VPN. Configure the PE of another AS as the EBGP peer. For configuration information. for the same IPv6 VPN. VPN targets configured on the PEs in different ASs do not have such requirements.

disable routing loop detection to avoid route loss during route calculation and disable route redistribution between routing protocols to save system resources. complete the following tasks: • On the MCE. The configuration is the same as that in the Inter-AS IPv4 VPN option C solution (see the chapter “Configuring MPLS L3VPN”). Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. and bind the VPN instances with the interfaces connected to the VPN sites and those connected to the PE. Configuring routing on an MCE An MCE implements service isolation through route isolation. • Assigns new MPLS labels to the labeled routes to be advertised to the PEs in the same AS. Perform this configuration on the MCE. ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] 362 Use either command. MCE routing configuration includes: • MCE-VPN site routing configuration • MCE-PE routing configuration On the PE in an MCE network environment. it: • Assigns MPLS labels to routes received from the PEs in the same AS before advertising them to the peer ASBR PE. Configuring the routing policy After you configure and apply a routing policy on an ASBR PE. Command Remarks Enter system view. The configuration is the same as that in the Inter-AS IPv4 VPN option C solution (see the chapter “Configuring MPLS L3VPN”). 2. To configure static routing between MCE and VPN site: Step 1. so that the static routes of different IPv6 VPN instances can be isolated from each other. • Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity. and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information. system-view N/A Required Configure IPv6 static routes for an IPv6 VPN instanceN/A. . Configuring routing between MCE and VPN site Configuring static routing between MCE and VPN site An MCE can reach a VPN site through a static route.Configuring the ASBR PEs In the inter-AS IPv6 VPN option C solution. Configuration prerequisites Before you configure routing on an MCE. configure VPN instances. An MCE supports binding a static route with an IPv6 VPN instance. On a VPN site. an inter-AS LSP is required.

Return to system view. To configure RIPng between MCE and VPN site: Step Command Remarks 1. 3. configure normal RIPng. no route of any other routing protocol is redistributed into RIPng. 4. If you create an OSPFv3 process without binding it to an IPv6 VPN instance. ripng process-id enable Disabled by default Optional 0 by default NOTE: For more information about RIPng. ipv6 route-static default-preference default-preference-value Optional 60 by default Configuring RIPng between MCE and VPN site A RIPng process belongs to the public network or a single IPv6 VPN instance. the process belongs to the public network. By configuring OSPFv3 process-to-IPv6 VPN instance bindings on a MCE. interface interface-type interface-number N/A 7. default cost value 5. you allow routes of different IPv6 VPNs to be exchanged between the MCE and the sites through different OSPFv3 processes. Redistribute remote site routes advertised by the PE. the process belongs to the public network. you allow routes of different VPNs to be exchanged between the MCE and the sites through different RIPng processes. By configuring RIPng process-to-IPv6 VPN instance bindings on a MCE. ensuring the separation and security of IPv6 VPN routes. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name ] * By default.Step 3. Create a RIPng process for a VPN instance and enter RIPng view. quit N/A 6. Enter system view. Enter interface view. ensuring the separation and security of IPv6 VPN routes. system-view N/A 2. On a VPN site. ripng [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. If you create a RIPng process without binding it to an IPv6 VPN instance. Configure the default cost value for the redistributed routes. Enable RIPng on the interface. Command Remarks ipv6 route-static vpn-instance s-vpn-instance-name&<1-6> ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] configure normal static routes. see Layer 3—IP Routing Configuration Guide. Configure the default precedence for IPv6 static routes. Configuring OSPFv3 between MCE and VPN site An OSPFv3 process belongs to the public network or a single IPv6 VPN instance. To configure OSPFv3 between MCE and VPN site: 363 .

On a VPN site. Set the router ID. system-view N/A 2. 5. Configuring IPv6 IS-IS between MCE and VPN site An IPv6 IS-IS process belongs to the public network or a single IPv6 VPN instance. configure normal IPv6 IS-IS. interface interface-type interface-number N/A 7. ipv6 enable Disabled by default Optional 5. import-route protocol [ process-id | allow-ibgp ] [ cost value | route-policy route-policy-name | type type ] * By default. . Create an IPv6 IS-IS process for a VPN instance and enter IS-IS view. 3.Step Command Remarks 1.. On a VPN site. NOTE: • Deleting a VPN instance will delete all related OSPFv3 processes at the same time. ipv6 import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 364 By default. isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. Redistribute remote site routes advertised by the PE. ospfv3 [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. Enter system view. Redistribute remote site routes advertised by the PE. • For more information about OSPFv3. If you create an IPv6 IS-IS process without binding it to an IPv6 VPN instance. To configure IPv6 IS-IS between MCE and VPN site: Step Command Remarks 1. Enter system view. ensuring the separation and security of IPv6 VPN routes. Enable the IPv6 capacity for the IPv6 IS-IS process. redistributed routes are added to the level-2 routing table by default. Create an OSPFv3 process for a VPN instance and enter OSPFv3 view. Configure a network entity title for the IS-IS process. no route of any other routing protocol is redistributed into OSPFv3. quit N/A 6. If you do not specify the route level in the command. Return to system view. By configuring IPv6 IS-IS process-to-IPv6 VPN instance bindings on a MCE. 3. ospfv3 process-id area area-id [ instance instance-id ] By default. router-id router-id Required 4. system-view N/A 2. OSPFv3 is disabled on an interface. you allow routes of different IPv6 VPNs to be exchanged between the MCE and the sites through different IPv6 IS-IS processes. Enter interface view. network-entity net Not configured by default 4. Enable OSPFv3 on the interface. see Layer 3—IP Routing Configuration Guide. configure normal OSPFv3. no routes from any other routing protocol are redistributed to IPv6 IS-IS. the process belongs to the public network.

quit N/A 7. Configure a filtering policy to filter the routes to be advertised. Redistribute remote site routes advertised by the PE. system-view N/A 2. see Layer 3—IP Routing Configuration Guide. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } export [ direct | isisv6 process-id | ripng process-id | static ] Configure a filtering policy to filter the received routes. you also can configure filtering policies to filter the received routes and the routes to be advertised. ipv6-family vpn-instance vpn-instance-name Required 4. you must configure a BGP peer for each IPv6 VPN instance on the MCE. Optional By default. Enter BGP view. Return to system view. Optional By default. interface interface-type interface-number N/A 8.Step Command Remarks 6. NOTE: After you configure an IPv6 BGP VPN instance. Specify an IPv6 BGP peer in an AS. Configuring EBGP between MCE and VPN site To use EBGP for exchanging routing information between an MCE and IPv6 VPN sites. Enter system view. and redistribute the IGP routes of each VPN instance on the IPv6 VPN sites. Enter IPv6 BGP-VPN instance view. bgp as-number N/A 3. 6. 2. isis ipv6 enable [ process-id ] Disabled by default NOTE: For more information about IPv6 IS-IS. For more information about IPv6 BGP. peer ipv6-address as-number as-number Required 5. the MCE does not filter the received routes. Enable the IPv6 IS-IS process on the interface. Enter interface view. see Layer 3—IP Routing Configuration Guide. If EBGP is used for route exchange. 1. import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] By default. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } import 7. Configurations on the MCE To configure EBGP between MCE and VPN site: Step Command Remarks 1. Configurations on a VPN site To configure EBGP between MCE and VPN site: 365 . the MCE does not filter the routes to be advertised. No route redistribution is configured. the IPv6 BGP route exchange for the IPv6 VPN instance is the same with the normal IPv6 BGP VPN route exchange.

Configuring IPv6 static routing between MCE and PE To configure static routing between MCE and PE: Step 1. NOTE: Configurations in this section are configured on the MCE. Configure the default precedence for static routes. Enter BGP view. Configure static routes for an IPv6 VPN instanceN/A. A VPN site must advertise the IPv6 VPN network addresses it can reach to the connected MCE. Configurations on the PE are similar to those on the PE in common IPv6 MPLS L3VPN network solutions (see “Configuring routing between PE and CE”). import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] By default. no route redistribution is configured. 5. peer ipv6-address as-number as-number Required Optional Redistribute the IGP routes of the VPN. Enter system view. bgp as-number N/A 3. Optional 60 by default . 2. Command Remarks system-view N/A ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] Required ipv6 route-static vpn-instance s-vpn-instance-name&<1-6> ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] ipv6 route-static default-preference default-preference-value 366 User either command. 3. Enter system view. Configuring routing between MCE and PE MCE-PE routing configuration includes these tasks: • Bind the MCE-PE interfaces to IPv6 VPN instances • Perform routing configurations • Redistribute IPv6 VPN routes into the routing protocol running between the MCE and the PE. ipv6-family N/A 4. system-view N/A 2.Step Command Remarks 1. Enter IPv6 address family view. Configure the MCE as the EBGP peer.

367 Optional By default. interface interface-type interface-number N/A 7. no route of any other routing protocol is redistributed into OSPFv3. ripng [ process-id ] vpn-instance vpn-instance-name Required 3. Configuring OSPFv3 between MCE and PE To configure OSPFv3 between MCE and PE: Step Command Remarks 1. router-id router-id Required Redistribute the VPN routes. interface interface-type interface-number N/A 3. import-route protocol [ process-id | allow-ibgp ] [ cost value | route-policy route-policy-name | type type ] * By default. default cost value 5. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name ] * By default. Return to system view. system-view N/A 2. Enter interface view. ripng process-id enable Disabled by default. no route of any other routing protocol is redistributed into RIPng. Configure a filtering policy to filter the redistributed routes. ospfv3 [ process-id ] vpn-instance vpn-instance-name Required Set the router ID. Return to system view. Enter system view. Optional 0 by default NOTE: For more information about RIPng. 5. . Redistribute the VPN routes. quit N/A 6. Enable the RIPng process on the interface. Create an OSPFv3 process for an IPv6 VPN instance and enter OSPFv3 view. see Layer 3—IP Routing Configuration Guide. 4. Configure the default cost value for the redistributed routes. 4. Enter system view. Enter interface view. system-view N/A 2.Configuring RIPng between MCE and PE To configure RIPng between MCE and PE: Step Command Remarks 1. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ bgp4+ | direct | isisv6 process-id | ospfv3 process-id | ripng process-id | static ] 6. Create a RIPng process for an IPv6 VPN instance and enter RIPng view. quit N/A 7. redistributed routes are not filtered.

NOTE: For more information about OSPFv3. Optional By default.Step 8. IPv6 IS-IS does not filter redistributed routes. If you do not specify the route level in the command. Create an IS-IS process for an IPv6 VPN instance and enter IS-IS view. network-entity net Not configured by default. see Layer 3—IP Routing Configuration Guide. 6. 4. Command Remarks ospfv3 process-id area area-id [ instance instance-id ] Disabled by default. isis ipv6 enable [ process-id ] Disabled by default. system-view N/A 2. NOTE: For more information about IPv6 IS-IS. isis [ process-id ] vpn-instance vpn-instance-name Required 3. Redistribute the VPN routes. Enter interface view. 5. IS-IS does not redistribute routes of any other routing protocol. quit N/A 8. ipv6 enable Disabled by default. ipv6 import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * Configure a filtering policy to filter the redistributed routes. Enable the IPv6 capacity for the IS-IS process. ipv6 filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name | route-policy route-policy-name } export [ protocol [ process-id ] ] Optional 7. interface interface-type interface-number N/A 9. Configuring IPv6 IS-IS between MCE and PE To configure IPv6 IS-IS between MCE and PE: Step Command Remarks 1. Enable the OSPFv3 process on the interface. see Layer 3—IP Routing Configuration Guide. Enter system view. Configure a network entity title. Return to system view. Configuring EBGP between MCE and PE To configure EBGP between MCE and PE: 368 . the command will redistribute routes to the level-2 routing table by default. Enable IPv6 for the IS-IS process on the interface. By default.

Step Command Remarks Soft reset the IPv6 BGP connections of a VPN instance. Optional By default. see Layer 3—IP Routing Configuration Guide. BGP does not filter the routes to be advertised. Reset the IPv6 BGP connections of a VPN instance. Redistribute the VPN routes. 6. reset bgp ipv6 vpn-instance vpn-instance-name { as-number | ipv6-address | all | external } Available in user view Reset BGP VPNv6 connections. No route redistribution is configured. Enter system view. use the soft reset function or reset BGP connections to make the changes take effect. which means supporting Route-Refresh messages. 4. Enter IPv6 BGP-VPN instance view. Displaying and maintaining IPv6 MPLS L3VPN Resetting BGP connections When BGP configuration changes. Soft reset the BGP VPNv6 connections. Soft reset requires that BGP peers have the route refreshment capability. Optional By default. import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] By default. system-view N/A 2. bgp as-number N/A 3. reset bgp vpnv6 { as-number | ip-address | all | external | internal } Available in user view 1. BGP does not filter the received routes. refresh bgp ipv6 vpn-instance vpn-instance-name { ipv6-address | all | external } { export | import } Available in user view 2. Displaying information about IPv6 MPLS L3VPN 369 . Enter BGP view. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } export [ direct | isisv6 process-id | ripng process-id | static ] Configure a filtering policy to filter the received routes. refresh bgp vpnv6 { ip-address | all | external | internal } { export | import } Available in user view 3. Configure the PE as the EBGP peer. ipv6-family vpn-instance vpn-instance-name Required 4.Step Command Remarks 1. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } import 7. peer ipv6-address as-number as-number Required 5. For more information about IPv6 BGP. Configure a filtering policy to filter the routes to be advertised. NOTE: IPv6 BGP runs within a VPN in the same way as it runs within a public network.

see Layer 3—IP Routing Command Reference. display bgp vpnv6 all routing-table [ network-address prefix-length [ longer-prefixes ] | peer ip-address { advertised-routes | received-routes } [ statistic ] | statistic ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the BGP VPNv6 routing information of an RD. 370 . display ipv6 routing-table vpn-instance vpn-instance-name [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about a specific VPN instance or all VPN instances. display bgp vpnv6 all peer [ ipv4-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about IPv6 BGP peers established between the PE and CE in a VPN instance. display ipv6 fib vpn-instance vpn-instance-name [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display a VPN instance’s FIB entries that match the specified destination IPv6 address. display bgp vpnv6 vpn-instance vpn-instance-name routing-table [ network-address prefix-length [ longer-prefixes ] | peer ipv6-address { advertised-routes | received-routes } ] [ | { begin | exclude | include } regular-expression ] Available in any view NOTE: For commands that display information about a routing table. display bgp vpnv6 vpn-instance vpn-instance-name peer [ ipv6-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view Display all BGP VPNv6 routing information. display ipv6 fib vpn-instance vpn-instance-name ipv6-address [ prefix-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about BGP VPNv6 peers established between PEs. display ip vpn-instance [ instance-name vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view Display information about the IPv6 FIB of a VPN instance. display bgp vpnv6 route-distinguisher route-distinguisher routing-table [ network-address prefix-length ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the BGP VPNv6 routing information of a VPN instance.Task Command Remarks Display information about the IPv6 routing table associated with a VPN instance.

2. Configure OSPF on the MPLS backbone to achieve IP connectivity among the PEs and the P router.9/32 PE 1 Loop0 1.1.1/24 GE4/1/2 2001:2::2/96 Loop0 3.1.1.9 32 371 .2/24 GE4/1/1 2001:1::2/96 POS2/1/2 172.1.3.1.2/24 CE 4 GE4/1/1 2001:4::1/96 Configuration procedure 1. CE 2 and CE 4 belong to VPN 2. • PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information. # Configure PE 1. Users of different VPNs cannot access each other. VPN 2 uses VPN target attributes 222:2.2.1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.9/32 POS2/1/1 172.1/24 GE4/1/1 2001:3::2/96 CE 2 GE4/1/1 2001:2::1/96 GE4/1/2 2001:4::2/24 CE 3 GE4/1/1 2001:3::1/96 POS2/1/1 172.1.1.1.IPv6 MPLS L3VPN configuration examples Configuring IPv6 MPLS L3VPNs Network requirements • CE 1 and CE 3 belong to VPN 1.9/32 PE 2 POS2/1/1 172.1.3.2. • EBGP is used to exchange VPN routing information between CEs and PEs. Figure 87 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 3 CE 1 GE4/1/1 GE4/1/1 Loop0 GE4/1/1 PE 2 PE 1 POS2/1/1 POS2/1/1 Loop0 GE4/1/2 GE4/1/1 POS2/1/2 POS2/1/1 Loop0 GE4/1/2 P MPLS backbone GE4/1/1 GE4/1/1 CE 2 CE 4 VPN 2 VPN 2 AS 65420 AS 65440 Device Interface IP address Device Interface IP address CE 1 GE4/1/1 2001:1::1/96 P Loop0 2.2. • VPN 1 uses VPN target attributes 111:1.

3.0.0] network 1.0.0] network 2.2.0 0.0] network 172.1.3.0 0.1. Issue the display ip routing-table command.0.2.0.0.1 24 [P-POS2/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0] network 3.1.0.1.3.0.1.0.2. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.1.0.2.0 [P-ospf-1-area-0.0.2.255 [PE2-ospf-1-area-0.2.0.0] quit [PE2-ospf-1] quit After you complete the configurations.0. The output shows that the PEs have learned the routes to the loopback interfaces of each other. and PE 2.0.0.2 24 [P-POS2/1/1] quit [P] interface POS 2/1/2 [P-POS2/1/2] ip address 172.0 0.2. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.0. P.255 [PE1-ospf-1-area-0.9 0.3.0.1.1.1.1.0] network 172.9 32 [PE2-LoopBack0] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] ip address 172.0.1.1 24 [PE1-POS2/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0] quit [P-ospf-1] quit # Configure PE 2.0] network 172.[PE1-LoopBack0] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] ip address 172.255 [P-ospf-1-area-0.9 32 [P-LoopBack0] quit [P] interface pos2/1/1 [P-POS2/1/1] ip address 172.1.0.1.0.0.0] quit [PE1-ospf-1] quit # Configure the P router.0 0.255 [P-ospf-1-area-0. The output shows that the adjacency is in Full state.1.2.2 24 [PE2-POS2/1/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0. Issue the display ospf peer command.9 0.0.0.0.0.9 0. OSPF adjacencies are established between PE 1.0. The following takes PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public 372 .0.0 [PE1-ospf-1-area-0.0 [PE2-ospf-1-area-0.0.0.0] network 172.0.0.0.

1/32 Direct 0 0 127.1.0 interface 172. [PE1] mpls lsr-id 1.2.1(POS2/1/1)'s neighbors Router ID: 172.1.2.2.1.1.1.0.1.2 POS2/1/1 10 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.0/24 Direct 0 0 172. Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs.1/32 Direct 0 0 127.1.1.1 InLoop0 OSPF 10 1 172.3.1 InLoop0 127.1.1.1.0.0.9 Neighbors Area 0.1.0/24 OSPF 1 172.9/32 2.1.0.1.1.1.1.0.9/32 OSPF 10 2 172.2 Mode:Nbr is BDR: None Dead timer due in 38 Master GR State: Normal Priority: 1 MTU: 1500 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 2.0.2 POS2/1/1 172.2 POS2/1/1 3.0.1.0.1.1 InLoop0 172.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit # Configure the P router.1.1.1.0.1 POS2/1/1 172. 373 .1.Destinations : 9 Destination/Mask Proto 1.9/32 Routes : 9 Pre Cost NextHop Interface Direct 0 0 127.1.2.1 InLoop0 172.0. # Configure PE 1.0/8 Direct 0 0 127.3.0. [P] mpls lsr-id 2.1.1.1.2 POS2/1/1 127.0.2 State: Full DR: None Address: 172.2.0.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos2/1/1 [P-POS2/1/1] mpls [P-POS2/1/1] mpls ldp [P-POS2/1/1] quit [P] interface POS 2/1/2 [P-POS2/1/2] mpls [P-POS2/1/2] mpls ldp [P-POS2/1/2] quit # Configure PE 2.0.2/32 Direct 0 0 172.1.1.

1.2 -------/POS2/1/1 -----------------------------------------------------------------A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale 3. The following takes PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv --------------------------------------------------------------2.2.9:0 Operational DU Passive Off Off 5/5 --------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1. and PE 2.9/32 3/NULL 127.9/32 NULL/3 172.2. Issue the display mpls ldp lsp command.1.2.1.3. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet4/1/1] quit [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 374 .3. # Configure PE 1.3.2 -------/POS2/1/1 3 3.1.3.9/32 NULL/1024 172.0.1 POS2/1/1/InLoop0 2 2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations.[PE2] mpls lsr-id 3.1. The output shows that the session status is Operational. P.2. The output shows the LSPs established by LDP. LDP sessions are established between PE 1. Configure IPv6 VPN instances on the PEs to allow the CEs to access.0.1. Issue the display mpls ldp session command.

[PE1-GigabitEthernet4/1/2] ipv6 address 2001:2::2 96 [PE1-GigabitEthernet4/1/2] quit # Configure PE 2. Use the ping command to test connectivity between the PEs and their attached CEs.2001:1::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ipv6 address 2001:3::2 96 [PE2-GigabitEthernet4/1/1] quit [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet4/1/2] ipv6 address 2001:4::2 24 [PE2-GigabitEthernet4/1/2] quit # Configure IP addresses for the CEs as required in Figure 87. (Details not shown) After completing the configurations.00% packet loss round-trip min/avg/max = 1/1/1 ms 375 time = 1 ms . press CTRL_C to break Reply from 2001:1::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=5 hop limit=64 --. The PEs can ping their attached CEs. The following takes PE 1 and CE 1 as an example: [PE1] display ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create Time vpn1 100:1 2006/08/13 09:32:45 vpn2 100:2 2006/08/13 09:42:59 [PE1] ping ipv6 -vpn-instance vpn1 2001:1::1 PING 2001:1::1 : 56 data bytes. issue the display ip vpn-instance command on the PEs to view information about the VPN instances.

and have reached Established state.1. AS Peers in established state : 1 MsgRcvd MsgSent OutQ 65410 11 9 0 PrefRcv Up/Down State 1 00:06:37 Established Configure an MP-IBGP peer relationship between the PEs. BGP peer relationships have been established between the PEs and CEs.3. [PE1] bgp 100 [PE1-bgp] peer 3.3. # Configure CE 1.3.9 Local AS number : 100 Total number of peers : 1 Peer 2001:1::1 5. (Details not shown) After completing the configurations.9 connect-interface loopback 0 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 3.3. (Details not shown) # Configure PE 1.4. issue the display bgp vpnv6 vpn-instance peer command on the PEs. Establish EBGP peer relationships between the PEs and CEs to allow them to exchange VPN routes.1.3. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit NOTE: The configurations for the CE 2 through CE 4 are similar.3. The following takes the PE 1-CE 1 BGP peer relationship as an example: [PE1] display bgp vpnv6 vpn-instance vpn1 peer BGP local router ID : 1. # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] ipv6-family vpn-instance vpn2 [PE1-bgp-ipv6-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp] quit NOTE: The configurations for PE 2 are similar to those for PE 1. 376 .9 as-number 100 [PE1-bgp] peer 3.9 enable [PE1-bgp-af-vpnv6] quit [PE1-bgp] quit # Configure PE 2.

1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.9 as-number 100 [PE2-bgp] peer 1.1.1.1.9 Local AS number : 100 Total number of peers : 1 6. and has reached Established state. The output shows the routes to the CEs.[PE2] bgp 100 [PE2-bgp] peer 1.3. Peer AS 3.1.9 100 MsgRcvd Peers in established state : 1 MsgSent 2 6 OutQ PrefRcv 0 0 Up/Down State 00:00:12 Established Verify your configurations # Issue the display ipv6 routing-table vpn-instance command on the PEs. [PE1] display bgp peer BGP local router ID : 1. The following takes PE 1 as an example: [PE1] display ipv6 routing-table vpn-instance vpn1 Routing Table : Destinations : 3 Routes : 3 Destination: 2001:1::/96 Protocol NextHop : 2001:1::2 Preference: 0 : Direct Interface : GE4/1/1 Cost : 0 Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:2::/96 Protocol : BGP4+ NextHop : ::FFFF:303:309 Preference: 0 Interface : NULL0 Cost : 0 Destination: 2001:3::/96 Protocol : Direct NextHop : 2001:3::2 Preference: 0 Interface : GE4/1/2 Cost : 0 Destination: 2001:3::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:4::/96 Protocol : BGP4+ NextHop Preference: 0 [PE1] display ipv6 routing-table vpn-instance vpn2 Routing Table : Destinations : 3 Routes : 3 : ::FFFF:303:309 377 .3.1. issue the display bgp peer command or the display bgp vpnv6 all peer command on the PEs. You can see a BGP peer relationship has been established between the PEs.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit After completing the configurations.

• An inter-AS IPv6 MPLS L3VPN is implemented using option A. but cannot ping CE 4 (2001:4::1): [CE1] ping ipv6 2001:3::1 PING 2001:3::1 : 56 data bytes. 378 .2001:3::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200.00% packet loss round-trip min/avg/max = 0/0/0 ms Configuring inter-AS IPv6 VPN option A Network requirements • CE 1 and CE 2 belong to the same VPN. CEs of the same VPN can ping each other. • The MPLS backbone in each AS runs OSPF.00% packet loss round-trip min/avg/max = 1/1/1 ms [CE1] ping ipv6 2001:4::1 PING 2001:4::1 : 56 data bytes. press CTRL_C to break Reply from 2001:3::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms --. the VRF-to-VRF method is used to manage VPN routes. ping other CEs. That is. press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --.Interface : NULL0 Cost : 0 # From each CE. whereas those of different VPNs should not. CE 1 can ping CE 3 (2001:3::1).2001:4::1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100. For example.

# Configure basic MPLS on PE 1 and enable MPLS LDP for both PE 1 and the interface connected to ASBR-PE 1.1.3. <PE1> system-view [PE1] mpls lsr-id 1.9/32 PE 2 Loop0 4.1.1. and that the PE and ASBR PE in the same AS have learned the routes to the loopback interfaces of each other and can ping each other. Configure basic MPLS and enable MPLS LDP on each MPLS backbone to establish LDP LSPs.Figure 88 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 POS2/1/2 POS2/1/1 Loop0 POS2/1/2 ASBR-PE 2 ASBR-PE 1 POS2/1/1 POS2/1/1 Loop0 POS2/1/1 PE 2 PE 1 GE4/1/1 GE4/1/1 GE4/1/1 GE4/1/1 CE 1 CE 2 AS 65001 Device AS 65002 Interface IP address CE 1 GE4/1/1 2001:1::1/96 CE 2 GE4/1/1 2001:2::1/96 PE 1 Loop0 1. Configure an IGP (such as OSPF) on each MPLS backbone to ensure IP connectivity within the backbone.2/24 POS2/1/1 162.9/32 GE4/1/1 2001:1::2/96 GE4/1/1 2001:2::2/96 POS2/1/1 172.9/32 POS2/1/1 172.1.1.1/24 POS2/1/2 2002:1::1/96 POS2/1/2 2002:1::2/96 ASBR-PE1 Device ASBR-PE2 Interface IP address Configuration procedure 1.1.4.1.3. The loopback interface address of a router is to be used as the router’s LSR ID. (Details not shown) NOTE: Be sure to advertise the route to the 32-bit loopback interface address of each router through OSPF.1.1.9/32 Loop0 3. the output shows that the adjacencies are in Full state.1. 2.2.1/24 POS2/1/1 162.1. each ASBR PE and the PE in the same AS can establish an OSPF adjacency.2/24 Loop0 2.4.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp 379 .2.1. Issue the display ospf peer command and ping command. After you complete the configurations.

<ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2. Configure a VPN instance on the PEs to allow the CEs to access 380 . Issue the display mpls ldp session command on the routers.4. each PE and the ASBR PE in the same AS can establish the LDP neighbor relationship.[PE1-mpls-ldp] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit # Configure basic MPLS on ASBR-PE 1 and enable MPLS LDP for both ASBR-PE 1 and the interface connected to PE 1.3. <ASBR-PE2> system-view [ASBR-PE2] mpls lsr-id 3. <PE2> system-view [PE2] mpls lsr-id 4.4.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos2/1/1 [ASBR-PE1-POS2/1/1] mpls [ASBR-PE1-POS2/1/1] mpls ldp [ASBR-PE1-POS2/1/1] quit # Configure basic MPLS on ASBR-PE 2 and enable MPLS LDP for both ASBR-PE 2 and the interface connected to PE 2.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface pos2/1/1 [ASBR-PE2-POS2/1/1] mpls [ASBR-PE2-POS2/1/1] mpls ldp [ASBR-PE2-POS2/1/1] quit # Configure basic MPLS on PE 2 and enable MPLS LDP for both PE 2 and the interface connected to ASBR-PE 2.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations.3. The output shows that the session status is Operational. 3.

[ASBR-PE1] ip vpn-instance vpn1 [ASBR-PE1-vpn-vpn1] route-distinguisher 100:1 [ASBR-PE1-vpn-vpn1] vpn-target 100:1 both [ASBR-PE1-vpn-vpn1] quit [ASBR-PE1] interface POS 2/1/2 [ASBR-PE1-POS2/1/2] ip binding vpn-instance vpn1 [ASBR-PE1-POS2/1/2] ipv6 address 2002:1::1 96 [ASBR-PE1-POS2/1/2] quit # Configure ASBR-PE 2. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet4/1/1] quit # Configure CE 2. creating a VPN instance and binding the VPN instance to the interface connected to ASBR-PE 2 (ASBR-PE 1 considers ASBR-PE 2 its attached CE). creating a VPN instance and binding the VPN instance to the interface connected to ASBR-PE 1 (ASBR-PE 2 considers ASBR-PE 1 its attached CE). the VPN targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:2 [PE2-vpn-instance-vpn1] vpn-target 100:1 both [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ipv6 address 2001:2::2 96 [PE2-GigabitEthernet4/1/1] quit # Configure ASBR-PE 1. # Configure CE 1. <CE2> system-view [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ipv6 address 2001:2::1 96 [CE2-GigabitEthernet4/1/1] quit # Configure PE 2. <CE1> system-view [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ipv6 address 2001:1::1 96 [CE1-GigabitEthernet4/1/1] quit # Configure PE 1. This is not required for PEs in different ASs. [ASBR-PE2] ip vpn-instance vpn1 [ASBR-PE2-vpn-vpn1] route-distinguisher 200:1 [ASBR-PE2-vpn-vpn1] vpn-target 100:1 both 381 .NOTE: For the same VPN.

# Configure CE 1. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65001 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] quit # Configure CE 2. 4.2. you can view the VPN instance information by issuing the display ip vpn-instance command. [CE2] bgp 65002 [CE1-bgp] ipv6-family [CE2-bgp-af-ipv6] peer 2001:2::2 as-number 200 [CE2-bgp-af-ipv6] import-route direct [CE2-bgp-af-ipv6] quit # Configure PE 2.9 connect-interface loopback 0 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 2.2.2.2. [PE1] bgp 100 [PE1-bgp] peer 2. Each PE can ping its attached CE. Establish EBGP peer relationships between PEs and CEs to allow them to exchange VPN routes.2.9 enable [PE1-bgp-af-vpnv6] quit [PE1-bgp] quit # Configure ASBR-PE 1. [CE1] bgp 65001 [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit # Configure PE 1.2. Establish an IBGP peer relationship between each PE and the ASBR PE in the same AS and an EBGP peer relationship between the ASBR PEs # Configure PE 1. [PE2] bgp 200 [PE2-bgp] ipv6-family vpn-instance vpn1 [PE2-bgp-ipv6-vpn1] peer 2001:2::1 as-number 65002 [PE2-bgp-ipv6-vpn1] import-route direct [PE2-bgp-ipv6-vpn1] quit [PE2-bgp] quit 5.9 as-number 100 [PE1-bgp] peer 2.[ASBR-PE2-vpn-vpn1] quit [ASBR-PE2] interface POS 2/1/2 [ASBR-PE2-POS2/1/2] ip binding vpn-instance vpn1 [ASBR-PE2-POS2/1/2] ipv6 address 2002:1::2 96 [ASBR-PE2-POS2/1/2] quit After completing the configurations. and ASBR-PE 1 and ASBR-PE 2 can ping each other. 382 .

Site 1 accesses the network through PE 1 in AS 100 and Site 2 accesses the network through PE 2 in AS 600. display the routing table and use the ping command.9 as-number 200 [ASBR-PE2-bgp] peer 4. • ASBR-PE 1 and ASBR-PE 2 use their respective routing policies and label the routes received from each other.4.4.1. The CEs have learned the route to each other and can ping each other.4. • PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP.3. [PE2] bgp 200 [PE2-bgp] peer 3. • ASBR-PE 1 and ASBR-PE 2 use MP-EBGP to exchange labeled IPv4 routes.3.3.1.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1.3.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit 6.9 as-number 200 [PE2-bgp] peer 3.9 as-number 100 [ASBR-PE1-bgp] peer 1. • PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP.1.4. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE2-bgp-ipv6-vpn1] peer 2002:1::1 as-number 100 [ASBR-PE2-bgp-ipv6-vpn1] quit [ASBR-PE2-bgp] peer 4.4.3.1.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv6-family vpnv6 [ASBR-PE2-bgp-af-vpnv6] peer 4.[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 as-number 200 [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp] peer 1. 383 .3. Verify your configurations After you complete the configurations.4.1. Configuring inter-AS IPv6 VPN option C Network requirements • Site 1 and Site 2 belong to the same VPN. • PEs in the same AS run IS-IS.9 connect-interface loopback 0 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 3.9 enable [ASBR-PE2-bgp-af-vpnv6] quit [ASBR-PE2-bgp] quit # Configure PE 2. • PE 1 and PE 2 are MP-EBGP peers.

1.1.2 255.1/8 POS4/1/1 9.2. [PE1] mpls lsr-id 2.1.111.1. and enable MPLS and LDP.1.9 32 [PE1-LoopBack0] isis enable 1 384 . [PE1] interface POS 4/1/1 [PE1-POS4/1/1] ip address 1.0.9/32 ASBR-PE 1 ASBR-PE 2 POS4/1/1 1. Configure PE 1 # Configure IS-IS on PE 1. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.0.0.111.9/32 PE 2 Loop0 5.3.9 [PE1] mpls [PE1-mpls] label advertise non-null [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface POS 4/1/1.2.0.2/8 POS4/1/2 11.5.0 [PE1-POS4/1/1] isis enable 1 [PE1-POS4/1/1] mpls [PE1-POS4/1/1] mpls ldp [PE1-POS4/1/1] quit # Configure interface Loopback 0 and start IS-IS on it.0.Figure 89 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.111.00 [PE1-isis-1] quit # Configure an LSR ID.1. and start IS-IS and enable MPLS and LDP on the interface.4. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.3.2.1.1.5.9/32 Loop0 4.1.2/8 POS4/1/1 9.4.2.1/8 POS4/1/2 11.9/32 Loop1 2001:1::1/128 Loop1 2001:1::2/12 8 POS4/1/1 1.1/8 Configuration procedure 1.2.1.0.2/8 Loop0 3.

9 as 10.9.9 as-number 600 [PE1-bgp] peer 5. and configure the RD and VPN target attributes for it. 385 . [PE1-bgp] peer 3.3.3. and enable MPLS and LDP.9 label-route-capability # Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 connect-interface loopback 0 [PE1-bgp] peer 3.5. [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] quit 2.9 as a VPNv6 peer.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] label advertise non-null [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit # Configure interface POS 4/1/1.3.3.5.222.222.[PE1-LoopBack0] quit # Create VPN instance vpn1.00 [ASBR-PE1-isis-1] quit # Configure an LSR ID. <ASBR-PE1> system-view [ASBR-PE1] isis 1 [ASBR-PE1-isis-1] network-entity 10.5.3.5.3.9 ebgp-max-hop 10 # Configure peer 5. and start IS-IS and enable MPLS and LDP on the interface.5.9 enable [PE1-bgp-af-vpnv6] quit # Redistribute direct routes to the routing table of vpn1.5.3. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ipv6 address 2001:1::1 128 [PE1-LoopBack1] quit # Start BGP on PE 1.3.5.3.222. [ASBR-PE1] mpls lsr-id 3.9 connect-interface loopback 0 [PE1-bgp] peer 5.3.5.5. [PE1] bgp 100 # Configure the capability to advertise labeled routes to and receive labeled routes from IBGP peer 3.5. [PE1-bgp] peer 5. [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 5. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1.222. Configure ASBR-PE 1 # Start IS-IS on ASBR-PE 1.9 as-number 100 [PE1-bgp] peer 3.

3.2.9 label-route-capability # Apply routing policy policy1 to filter routes advertised to EBGP peer 11.2. Configure ASBR-PE 2 # Start IS-IS on ASBR-PE 2.[ASBR-PE1] interface POS 4/1/1 [ASBR-PE1-POS4/1/1] ip address 1.1.2.0.0.9 as-number 100 [ASBR-PE1-bgp] peer 2.0.2 255. [ASBR-PE1-bgp] peer 11.0.0.2.0.0.2.2.0.3. <ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.9 route-policy policy2 export # Configure the capability to advertise labeled routes to and receive labeled routes from IBGP peer 2.0 [ASBR-PE1-POS4/1/2] mpls [ASBR-PE1-POS4/1/2] quit # Configure interface Loopback 0 and start IS-IS on it.0 [ASBR-PE1-POS4/1/1] isis enable 1 [ASBR-PE1-POS4/1/1] mpls [ASBR-PE1-POS4/1/1] mpls ldp [ASBR-PE1-POS4/1/1] quit # Configure interface POS 4/1/2 and enable MPLS on it.1 label-route-capability [ASBR-PE1-bgp] quit 3. [ASBR-PE1-bgp] peer 11.1.2.1 route-policy policy1 export # Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0. [ASBR-PE1] interface POS 4/1/2 [ASBR-PE1-POS4/1/2] ip address 11.1. [ASBR-PE1-bgp] peer 2. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] import-route isis 1 # Apply routing policy policy2 to filter routes advertised to IBGP peer 2.2.9.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Create routing policies.222.1.222.0.2.0.1 255.2.0.9.2.00 386 . [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy1] apply mpls-label [ASBR-PE1-route-policy1] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy2] if-match mpls-label [ASBR-PE1-route-policy2] apply mpls-label [ASBR-PE1-route-policy2] quit # Start BGP on ASBR-PE 1 and redistribute routes from IS-IS process 1.0.222.222. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3. [ASBR-PE1-bgp] peer 2.2.1 as-number 600 [ASBR-PE1-bgp] peer 11.0.0.9 connect-interface loopback 0 [ASBR-PE1-bgp] peer 2.0.

5.1.1 255.1. [ASBR-PE2] interface POS 4/1/2 [ASBR-PE2-POS4/1/2] ip address 11.0.9 connect-interface loopback 0 [ASBR-PE2-bgp] peer 5.5. [ASBR-PE2] mpls lsr-id 4.5. and enable MPLS and LDP.5.0.4.4.0.5.0.0.1 255.0 [ASBR-PE2-POS4/1/2] mpls [ASBR-PE2-POS4/1/2] quit # Create routing policies.0.5.0.5. [ASBR-PE2] interface POS 4/1/1 [ASBR-PE2-POS4/1/1] ip address 9.5.0.5.5. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] import-route isis 1 # Configure the capability to advertise labeled routes to and receive labeled routes from IBGP peer 5.2 as-number 100 [ASBR-PE2-bgp] peer 11. and start IS-IS and enable MPLS and LDP on the interface.2 route-policy policy1 export 387 . [ASBR-PE2-bgp] peer 5.9.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.0.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface POS 4/1/1. [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy1] apply mpls-label [ASBR-PE2-route-policy1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy2] if-match mpls-label [ASBR-PE2-route-policy2] apply mpls-label [ASBR-PE2-route-policy2] quit # Start BGP on ASBR-PE 2 and redistribute routes from IS-IS process 1.[ASBR-PE2-isis-1] quit # Configure an LSR ID.9 label-route-capability # Apply routing policy policy2 to filter routes advertised to IBGP peer 5. [ASBR-PE2-bgp] peer 5.9. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.0.2.9 route-policy policy2 export # Apply routing policy policy1 to filter routes advertised to EBGP peer 11.0.5.0 [ASBR-PE2-POS4/1/1] isis enable 1 [ASBR-PE2-POS4/1/1] mpls [ASBR-PE2-POS4/1/1] mpls ldp [ASBR-PE2-POS4/1/1] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2-bgp] peer 11.0.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Configure interface POS 4/1/2 and enable MPLS on it.4.

1.# Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11. [PE2] mpls lsr-id 5.1.4. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 11:11 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [ASBR-PE2-bgp] peer 11.9 [PE2] mpls [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface POS 4/1/1.0.4.5. and start IS-IS and enable MPLS and LDP on the interface. [PE2-bgp] peer 4.4.5. Configure PE 2 # Start IS-IS on PE 2.4.0.9.2 label-route-capability [ASBR-PE2-bgp] quit 4.0. and enable MPLS and LDP.111.5.0 [PE2-POS4/1/1] isis enable 1 [PE2-POS4/1/1] mpls [PE2-POS4/1/1] mpls ldp [PE2-POS4/1/1] quit # Configure interface Loopback 0 and start IS-IS on it.111.5. [PE2] interface loopback 1 [PE2-LoopBack1] ip binding vpn-instance vpn1 [PE2-LoopBack1] ipv6 address 2001:1::2 128 [PE2-LoopBack1] quit # Start BGP.111. [PE2] bgp 600 # Configure the capability to advertise labeled routes to and receive labeled routes from IBGP peer 4.0.00 [PE2-isis-1] quit # Configure an LSR ID. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.2.4.9 as-number 600 [PE2-bgp] peer 4.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes for it.4.0.0. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5. [PE2] interface POS 4/1/1 [PE2-POS4/1/1] ip address 9.2 255.9 connect-interface loopback 0 388 .111.

9 enable [PE2-bgp-af-vpnv6] quit # Redistribute direct routes to the routing table of vpn1.9 ebgp-max-hop 10 # Configure peer 2.2. [PE2-bgp] ipv6-family vpn-instance vpn1 [PE2-bgp-ipv6-vpn1] import-route direct [PE2-bgp-ipv6-vpn1] quit [PE2-bgp] quit 5.2.2001:1::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.2.2.9 as a VPNv6 peer. Verify your configurations # From each PE. press CTRL_C to break Reply from 2001:1::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms --. press CTRL_C to break Reply from 2001:1::2 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:1::2 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:1::2 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::2 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::2 bytes=56 Sequence=5 hop limit=64 --.2001:1::2 ping statistics --- 389 time = 1 ms . ping the other PE.2.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.[PE2-bgp] peer 4.00% packet loss round-trip min/avg/max = 1/1/1 ms [PE1] ping ipv6 –vpn-instance vpn1 2001:1::2 PING 2001:1::2 : 56 data bytes. PE 1 and PE 2 can ping each other: [PE2] ping ipv6 –vpn-instance vpn1 2001:1::1 PING 2001:1::1 : 56 data bytes. [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 2.2.2.4.4.9 as-number 100 [PE2-bgp] peer 2.9 as 10. [PE2-bgp] peer 2.2.2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.

They provide VPN services to the customer carrier. The key to the carrier’s carrier deployment is to configure exchange of two kinds of routes: • Exchange of the customer carrier’s internal routes on the provider carrier’s backbone. • Exchange of the end customers’ internal routes between PE 3 and PE 4.1.1.9/32 GE4/1/1 2001:1::2/96 GE4/1/1 2001:2::2/96 POS2/1/2 20.9/32 CE 1 POS2/1/2 10. • PE 3 and PE 4 are the customer carrier’s PE routers. .9/32 POS2/1/1 10.1.9/32 PE 4 Loop0 6.1.1.1/24 CE 2 390 . They are connected to the provider carrier’s backbone as CE routers.2/24 Loop0 5.1.5 packet(s) transmitted 5 packet(s) received 0. • CE 3 and CE 4 are customers of the customer carrier.5.1.1.2/24 POS2/1/1 21. the PEs of the customer carrier. They provide IPv6 MPLS L3VPN services to end customers.1/24 Loop0 2.1/24 POS2/1/2 20. Figure 90 Network diagram Device Interface IP address Device Interface IP address CE 3 GE4/1/1 2001:1::1/96 CE 4 GE4/1/1 2001:2::1/96 PE 3 Loop0 1.1. In this process.In this scenario: • PE 1 and PE 2 are the provider carrier’s PE routers.2.2/24 POS2/1/2 11.1. an MP-IBGP peer relationship must be established between PE 3 and PE 4.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring carrier’s carrier Network requirements Configure carrier’s carrier for the scenario shown in Figure 90.1.1. • CE 1 and CE 2 are the customer carrier’s routers.6.1.2.1.5.6.

1/24 POS2/1/2 21.9 as-number 100 [PE1-bgp] peer 4.1/24 Configuration procedure 1.1.1 24 [PE1-POS2/1/2] isis enable 1 [PE1-POS2/1/2] mpls [PE1-POS2/1/2] mpls ldp [PE1-POS2/1/2] mpls ldp transport-address interface [PE1-POS2/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.3. Issue the display bgp peer command.1.PE 1 Loop0 3.2/24 POS2/1/2 30.4. Issue the display isis peer command. the output shows that the BGP peer relationship has been established and has reached the Established state.0000.1.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit NOTE: The configurations for PE 2 are similar to those for PE 1.3.0000. the output shows that an IS-IS neighbor relationship has been set up.4.1.4. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.0004.1.9/32 Loop0 4. Take PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network 391 .4.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface POS 2/1/2 [PE1-POS2/1/2] ip address 30. Configure MPLS L3VPN on the provider carrier backbone: start IS-IS as the IGP.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.3. and establish an MP-IBGP peer relationship between the PEs.0000.3. issue the display mpls ldp session command on PE 1 or PE 2.1.4.1. # Configure PE 1.1. enable LDP on PE 1 and PE 2.1. (Details not shown) After completing the configurations.3.1. the output shows that the LDP session has been established successfully.4.3.2/24 PE 2 POS2/1/1 30.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.9/32 POS2/1/1 11.

and between PE 4 and CE 2. <CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.4.4.1.4.0005 POS2/1/2 2.1.0000. # Configure PE 3.---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ---------------------------------------------------------------4.0001.0000.1.1 24 [PE3-POS2/1/2] isis enable 2 [PE3-POS2/1/2] mpls [PE3-POS2/1/2] mpls ldp [PE3-POS2/1/2] mpls ldp transport-address interface [PE3-POS2/1/2] quit # Configure CE 1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.9 Local AS number : 100 Total number of peers : 1 Peer AS 4.1.4. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.0000. 001 State HoldTime Type Up 29s L1L2 PRI -- Configure the customer carrier network: start IS-IS as the IGP.3.1.2.2.2.0000.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.9:0 Operational DU Active Off Off 378/378 ---------------------------------------------------------------LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.9 392 .9 100 Peers in established state : 1 MsgRcvd MsgSent 162 145 OutQ PrefRcv 0 Up/Down 0 State 02:12:47 Established [PE1] display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id 0000.3.1.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface POS 2/1/2 [PE3-POS2/1/2] ip address 10. and enable LDP between PE 3 and CE 1.2.

0002.2 24 [PE1-POS2/1/1] isis enable 2 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] mpls ldp transport-address interface [PE1-POS2/1/1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import isis 2 [PE1-bgp-vpn1] quit [PE1-bgp] quit 393 .1.0000.0000. PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. (Details not shown) 3.0000.0003. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.2 24 [CE1-POS2/1/1] isis enable 2 [CE1-POS2/1/1] mpls [CE1-POS2/1/1] mpls ldp [CE1-POS2/1/1] mpls ldp transport-address interface [CE1-POS2/1/1] quit After you complete the configurations. # Configure PE 1.1.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface POS2/1/1 [CE1-POS2/1/1] ip address 10.0000.0000. NOTE: The configurations for PE 4 and CE 2 are similar to those for PE 3 and CE 1.1.1.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] ip binding vpn-instance vpn1 [PE1-POS2/1/1] ip address 11.[CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10. Connect the customer carrier to the provider carrier.

NOTE: The configurations for PE 2 and CE 2 are similar to those for PE 1 and CE 1.1. [CE1] interface POS 2/1/2 [CE1-POS2/1/2] ip address 11. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface GigabitEthernet 4/1/1 [PE3-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet4/1/1] ipv6 address 2001:1::2 96 [PE3-GigabitEthernet4/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv6-family vpn-instance vpn1 [PE3-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-ipv6-vpn1] import-route direct [PE3-bgp-ipv6-vpn1] quit [PE3-bgp] quit NOTE: The configurations for PE 4 and CE 4 are similar to those for PE 3 and CE 3.1. <CE3> system-view [CE3] interface GigabitEthernet 4/1/1 [CE3-GigabitEthernet4/1/1] ipv6 address 2001:1::1 96 [CE3-GigabitEthernet4/1/1] quit [CE3] bgp 65410 [CE3-bgp] ipv6-family [CE3-bgp] peer 2001:1::2 as-number 100 [CE3-bgp] import-route direct [CE3-bgp] quit # Configure PE 3. [PE3] bgp 100 394 . (Details not shown) 5. Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers. # Configure PE 3.# Configure CE 1. # Configure CE 3. (Details not shown) 4.1 24 [CE1-POS2/1/2] isis enable 2 [CE1-POS2/1/2] mpls [CE1-POS2/1/2] mpls ldp [CE1-POS2/1/2] mpls ldp transport-address interface [CE1-POS2/1/2] quit After you complete the configurations. PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. Connect end customers to the customer carrier.

0/24 30.1.1.4. The output shows that their VPN routing tables do not contain the VPN routes that the customer carrier maintains.4.6.9 connect-interface loopback 0 [PE3-bgp] ipv6-family vpnv6 [PE3-bgp-af-vpnv6] peer 6.1.1 InLoop0 30.5.1.1.2/32 Direct 0 0 11.0/24 BGP 255 0 4.3.4.1.9/32 BGP 255 0 4.1.1/32 Direct 0 0 127.1/32 Direct 0 0 127.1 InLoop0 ISIS 10 30. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost NextHop Interface 1.0.2 POS2/1/1 20.1.2 POS2/1/2 Direct 0 0 30.1 InLoop0 11.0. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.1.0.4.1.1.1.0/8 Direct 0 0 127.9 NULL0 6.1.[PE3-bgp] peer 6.9/32 ISIS 15 20 11.6.6.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 127.1.1.1. The output shows that the internal routes of the customer carrier network are present in the VPN routing tables.1 POS2/1/1 11.6. Issue the display ip routing-table command on CE 1 and CE 2.1.9 NULL0 10.4.1.4.0.2/32 Direct 0 0 30.0.0.6.4.2 POS2/1/2 127.9/32 4.1 POS2/1/1 11.9/32 BGP 255 0 4.9 enable [PE3-bgp-af-vpnv6] quit [PE3-bgp] quit NOTE: The configurations for PE 4 are similar to those for PE 3.0.2.9/32 ISIS 15 10 11.1.1 InLoop0 127.9 NULL0 # Issue the display ipv6 routing-table vpn-instance command on PE 1 and PE 2.1.0/24 Direct 0 0 11.1.9 NULL0 21.1.0.1 POS2/1/1 2.1.0. (Details not shown) 6.4.1.1.0.1.4.1 POS2/1/1 5.0.0/24 ISIS 15 20 11.6.4.1.1.9 as-number 100 [PE3-bgp] peer 6.4.0.1 POS2/1/2 Direct 0 0 127.6. Take CE 1 as an example: 395 .1.1.2.1.1.3.1. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 3.1.2/32 BGP 255 0 4.0.1.9/32 30.1.0/24 BGP 255 0 4.0. Verify your configurations # Issue the display ip routing-table command on PE 1 and PE 2.1.1 InLoop0 15 # Issue the display ip routing-table vpn-instance command on PE 1 and PE 2.4.1.6.9 NULL0 21.5.

5.0/8 Direct 0 0 127.1.2: bytes=56 Sequence=3 ttl=252 time=83 ms Reply from 20.0.0.1. PE 3 and PE 4 can ping each other: [PE3] ping 20.1.0.2 POS2/1/2 21.1.5.1.0.0. press CTRL_C to break Reply from 20.2 POS2/1/2 21.2: bytes=56 Sequence=2 ttl=252 time=97 ms Reply from 20.1.1.6.1.1.1.9/32 ISIS 15 84 10.0.1.0.0.1/32 Direct 0 0 10. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.9/32 ISIS 15 10 10.2: bytes=56 Sequence=1 ttl=252 time=127 ms Reply from 20.1.2 POS2/1/2 10.6.1.1.1.1.1.1 InLoop0 11.1.2 POS2/1/2 21.1.0.1.1 InLoop0 127.0.6.1.1 POS2/1/2 10.0.2: bytes=56 Sequence=4 ttl=252 time=70 ms 396 .1.1.1.1.2 POS2/1/2 20.1.1.1.1 InLoop0 # Issue the display ipv6 routing-table vpn-instance command on CE 1 and CE 2.0/24 ISIS 15 74 11.1.1.1 InLoop0 10.1.2 POS2/1/2 127.1.2 POS2/1/2 6.1.5.0.1.1 POS2/1/1 10.1.2/32 Direct 0 0 10.0/24 ISIS 15 84 10.0/24 Direct 0 0 10.2 POS2/1/2 10.1 InLoop0 # Ping PE 3 from PE 4 and ping PE 4 from PE 3.2/32 Direct 0 0 127.2 POS2/1/2 6.1.5.1. The output shows that the VPN routing tables do not contain the VPN routes that the customer carrier maintains.1.1.1.9/32 ISIS 15 74 11.1.1.[CE1] display ip routing-table Routing Tables: Public Destinations : 16 Routes : 16 Destination/Mask Proto Pre Cost NextHop Interface 1.2 POS2/1/1 10.1.1/32 Direct 0 0 127.1.1.1.0.0.2 POS2/1/2 127.0.1.1.0.1 POS2/1/2 11.1 InLoop0 5.0.2/32 Direct 0 0 11.2 POS2/1/2 21.1.1.2 POS2/1/2 11.0.1.1.9/32 Direct 0 Pre 0 127.0.2 POS2/1/2 20.1.0.1.0.1.1.1.2 POS2/1/1 2.0/24 ISIS 15 74 11.1.1 InLoop0 127.1.1.0/24 ISIS 15 84 10.1.1.1.1.0/24 Direct 0 0 10.1.1.1.2.1.2 PING 20.1.1.2 POS2/1/2 5.1/32 Direct 0 0 127.1.1.0/24 ISIS 15 20 10.2: 56 data bytes.9/32 ISIS 15 10 10.1 InLoop0 2.2. # Issue the display ip routing-table command on PE 3 and PE 4.1. Take PE 3 as an example: [PE3] display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Cost NextHop Interface 1.1.1.0.2/32 ISIS 15 84 10.1.0.9/32 ISIS 15 74 11.1.1.1/32 Direct 0 0 127.0.2.0.1.1/32 Direct 0 0 127.2/32 ISIS 15 74 11.1.0/24 Direct 0 0 11.0/8 Direct 0 0 127.1.6.9/32 ISIS 15 84 10.1.1.1.2.1.0.1.9/32 Direct 0 0 127.1 InLoop0 11.

press CTRL_C to break Reply from 2001:2::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=5 hop limit=64 --.20.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.Reply from 20.1.1.00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping ipv6 2001:2::1 PING 2001:2::1 : 56 data bytes.1.00% packet loss round-trip min/avg/max = 1/1/1 ms 397 time = 1 ms .2001:2::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.2: bytes=56 Sequence=5 ttl=252 time=60 ms --.1.

221 398 .193 Establishing dynamic LSPs through LDP.162 M Configuring MAC address learning.276 Enabling the MPLS function.20 Configuring Martini MPLS L2VPN.244 Configuring protection switching.222 Configuring routing on an MCE.195 MPLS TE overview.77 Configuring DiffServ-aware TE.360 IPv6 MPLS L3VPN configuration examples.58 T D Troubleshooting MPLS L2VPN.196 Managing and optimizing MPLS forwarding.257 IPv6 MPLS L3VPN configuration task list.167 Maintaining LDP sessions.12 Configuring CR-LSP backup.11 Displaying and maintaining MPLS TE.73 Configuring traffic forwarding tuning parameters.351 Configuring Kompella MPLS L2VPN.193 MPLS configuration examples.78 Inspecting an MPLS TE tunnel.Index BCDEIMSTV Displaying and maintaining IPv6 MPLS L3VPN.168 Specifying the VPN label processing mode.192 MPLS L2VPN overview.84 Configuring an OSPF sham link.41 Configuring traffic forwarding.21 Configuring MPLS L2VPN.199 IPv6 MPLS L3VPN overview.29 Configuring BGP AS number substitution.1 Configuring routing on an MCE.203 C Displaying and maintaining MPLS L3VPN.349 Configuring LDP VPLS.55 Configuring SVC MPLS L2VPN.263 Inspecting LSPs.202 Configuring CCC MPLS L2VPN.164 Enabling the MPLS L2VPN mix function.59 MPLS L2VPN configuration task list.369 B Displaying and maintaining MPLS.275 Creating MPLS TE tunnel over static CR-LSP.189 Configuring multi-role host.57 I Configuring FRR.276 Configuring a static LSP.26 Configuring inter-AS IPv6 VPN.204 Configuring MPLS TE tunnel with dynamic signaling protocol.165 Displaying and maintaining MPLS L2VPN.362 MPLS overview.261 MPLS L3VPN configuration task list.75 S Configuring VPLS attributes.351 E Configuring basic MPLS L3VPN.87 Configuring RSVP-TE advanced features.10 Configuring MPLS TE basic capabilities.32 Configuring MPLS statistics.168 Configuring basic IPv6 MPLS L3VPN.371 Configuring inter-AS VPN.81 Configuring HoVPN.11 Configuring BGP VPLS.245 Enabling MPLS trap.264 Displaying and maintaining VPLS.266 MPLS TE configuration examples.56 MPLS L2VPN configuration examples.65 MPLS TE configuration task list.84 MPLS L3VPN overview.26 MPLS configuration task list.29 Binding a VPLS instance.280 Configuring nested VPN.262 MPLS L3VPN configuration examples.

153 399 .151 V Troubleshooting VPLS.161 Tuning MPLS TE tunnel setup.169 Tuning CR-LSP setup.187 VPLS configuration examples.71 VPLS overview.Troubleshooting MPLS TE.69 VPLS configuration task list.