This part describes how to configure a Martini VLL in IP interworking mode to access the L3VPN.
Networking Requirements
As shown in Figure 1, the NPE and PE2 serve as the PE of IP/MPLS backbone network, and the UPE works as the PE on the VLL access network. CE1 accesses the MPLS L3VPN on the IP/MPLS backbone network through the VLL, and communicates with CE2. VE 2/0/0 and VE 2/0/1 are created on the NPE. with VE 2/0/0 being the L2VE interface to terminate the VLL and VE 2/0/1 being the L3VE interface to access the MPLS L3VPN.
The networking requirements are:
- The PPP link is used between CE1 and the UPE.
- The VLL is in Martini mode (IP internetworking).
- VPN1 is the VPN instance of the MPLS L3VPN, with the route-distinguisher being 200:1, the vpn-target being 111:1, and the backbone network belonging to AS 100.
- The NPE exchanges the VPN routing information with the peer PE (PE2) of the MPLS L3VPN by means of IBGP.
- CE1 exchanges the VPN routing information with the NPE by means of EBGP; CE1 belongs to AS 65010.
- CE1 exchanges the VPN routing information with PE2 by means of EBGP; CE2 belongs to AS 65020.
Configuration Roadmap
The configuration roadmap is as follows:
- Configure the MPLS L3VPN backbone network.
- Create an L2VE interface on the NPE to terminate the VLL, and an L3VE interface on the NPE to access the L3VPN. Bind both interfaces to the same VE-group.
- Configure the Martini VLL, which involves:
- Configure a routing protocol for the devices including the UPE, P, and the NPE on access network to make them communicate, and then enable MPLS.
- Use a tunnel policy (The default tunnel policy is used in this configuration example, that is, LSPs are established to transmit user data.)
- Enable MPLS L2VPN on the UPE and NPE, and establish VCs.
- Configure the access of CE devices to the L3VPN. EBGP is used to exchange VPN routing information between CE1 and the NPE.
Data Preparations
To complete the configuration, you need the following data:
- VE-group number
- IP addresses of VE interfaces
- Name of the VPN instance for MPLS L3VPN
Procedure
- Configure an IP address for each interface. The configuration details are not mentioned here.Configure the IP addresses for physical interfaces and loopback interfaces according to the configurations in Figure 1. The configuration details are not mentioned here.
- Create VE 2/0/0 and VE 2/0/1 on the NPE, and bind them to the same VE-group.# Create VE 2/0/0 to terminate the MPLS L2VPN.
<HUAWEI> system-view[HUAWEI] sysname NPE[NPE] interface virtual-ethernet2/0/0
[NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate
[NPE-Virtual-Ethernet2/0/0] quit
# Create VE 2/0/1 to access the MPLS L3VPN.[NPE] interface virtual-ethernet2/0/1
[NPE-Virtual-Ethernet2/0/1] ve-group 1 l3-access
[NPE-Virtual-Ethernet2/0/1] quit
After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group.[NPE] display virtual-ethernet ve-group
Ve-groupID L2VE L3VE
1 Virtual-Ethernet2/0/0 Virtual-Ethernet2/0/1
Total 1, 1 printed
- Run an IGP on the VLL access network. OSPF is used in the example. The configuration details are not mentioned here.When configuring OSPF, advertise the 32-bit Loopback interface addresses of the UPE, the P, and the NPE.For specific configurations, see "Configuration Files".
- Configure basic MPLS functions and LDP on the VLL access network.# Configure the UPE.
<HUAWEI> system-view[HUAWEI] sysname UPE[UPE] mpls lsr-id 1.1.1.9
[UPE] mpls
[UPE-mpls] quit
[UPE] mpls ldp
[UPE-mpls-ldp] quit
[UPE] interface pos 2/0/0
[UPE-Pos2/0/0] mpls
[UPE-Pos2/0/0] mpls ldp
[UPE-Pos2/0/0] undo shutdown
[UPE-Pos2/0/0] quit
# Configure the P.<HUAWEI> system-view[HUAWEI] sysname P[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
# Configure the NPE.[NPE] mpls lsr-id 3.3.3.9
[NPE] mpls
[NPE-mpls] quit
[NPE] mpls ldp
[NPE-mpls-ldp] quit
[NPE] interface pos 2/0/0
[NPE-Pos2/0/0] mpls
[NPE-Pos2/0/0] mpls ldp
[NPE-Pos2/0/0] undo shutdown
[NPE-Pos2/0/0] quit
- Establish remote LDP sessions between the NPE and the UPE.# Configure the UPE.
[UPE] mpls ldp remote-peer 1
[UPE-mpls-ldp-remote-1] remote-ip 3.3.3.9
[UPE-mpls-ldp-remote-1] quit
# Configure the NPE.[NPE] mpls ldp remote-peer 1
[NPE-mpls-ldp-remote-1] remote-ip 1.1.1.9
[NPE-mpls-ldp-remote-1] quit
- Enable MPLS L2VPN on the PE, and establish VCs.# Configure the UPE.
[UPE] mpls l2vpn
[UPE-l2vpn] mpls l2vpn default martini
[UPE-l2vpn] quit
[UPE] interface pos 1/0/0
[UPE-Pos1/0/0] mtu 1500
[UPE-Pos1/0/0] shutdown
[UPE-Pos1/0/0] undo shutdown
[UPE-Pos1/0/0] mpls l2vc 3.3.3.9 101 ip-interworking
[UPE-Pos1/0/0] ip address 100.1.1.2 24
[UPE-Pos1/0/0] quit
# Configure the NPE.[NPE] mpls l2vpn
[NPE-l2vpn] mpls l2vpn default martini
[NPE-l2vpn] quit
[NPE] interface virtual-ethernet2/0/0.1 [NPE-Virtual-Ethernet2/0/0.1] vlan-type dot1q 1 [NPE-Virtual-Ethernet2/0/0.1] mpls l2vc 1.1.1.9 101 ip-interworking [NPE-Virtual-Ethernet2/0/0.1] local-ce ip 100.1.1.2 [NPE-Virtual-Ethernet2/0/0.1] quit
After the configuration is complete, check the VLL connection between the UPE and the NPE. You can find that a static L2VC is established.Take the display on the NPE as an example.[NPE] display mpls l2vc
Total ldp vc : 1 1 up 0 down
*Client Interface : Virtual-Ethernet2/0/0.1
Administrator PW : no
Session State : up
AC Status : up
VC State : up
VC ID : 101
VC Type : ip-interworking
Destination : 1.1.1.9
local VC label : 140288 remote VC label : 140292
control word : disable
forwarding entry : exist
local group ID : 0
manual fault : not set
active state : active
link state : up
local VC MTU : 1500 remote VC MTU : 1500
tunnel policy name : --
traffic behavior name: --
PW template name : --
primary or secondary : primary
create time : 0 days, 0 hours, 30 minutes, 18 seconds
up time : 0 days, 0 hours, 0 minutes, 0 seconds
last change time : 0 days, 0 hours, 30 minutes, 18 seconds VC last up time : 2008/07/24 12:31:31 VC total up time: 0 days, 2 hours, 12 minutes, 51 seconds
CKey : 11 NKey : 10
AdminPw interface : -- AdminPw link state : --
- Run an IGP on the MPLS backbone network. IS-IS is used as the IGP protocol in this example. The configuration details are not mentioned here.When configuring IS-IS, advertise the 32-bit loopback interface addresses of the PE2 and the NPE.For specific configurations, see "Configuration Files".
- Create VPN instances, and configure CEs to access the instances.# Configure the NPE.
[NPE] ip vpn-instance VPN1
[NPE-vpn-instance-VPN1] ipv4-family
[NPE-vpn-instance-VPN1-af-ipv4] route-distinguisher 200:1
[NPE-vpn-instance-VPN1-af-ipv4] vpn-target 111:1 both
[NPE-vpn-instance-VPN1-af-ipv4] quit
[NPE-vpn-instance-VPN1] quit
[NPE] interface virtual-ethernet2/0/1.1 [NPE-Virtual-Ethernet2/0/1.1] vlan-type dot1q 1 [NPE-Virtual-Ethernet2/0/1.1] ip binding vpn-instance VPN1 [NPE-Virtual-Ethernet2/0/1.1] ip address 100.1.1.2 24 [NPE-Virtual-Ethernet2/0/1.1] quit
# Configure CE1.<HUAWEI> system-view[HUAWEI] sysname CE1[CE1] interface pos 1/0/0
[CE1-Pos1/0/0] mtu 1500
[CE1-Pos1/0/0] shutdown
[CE1-Pos1/0/0] undo shutdown
[CE1-Pos1/0/0] ip address 100.1.1.1 24
[CE1-Pos1/0/0] quit
# Configure PE2.<HUAWEI> system-view[HUAWEI] sysname PE2[PE2] ip vpn-instance VPN1
[PE2-vpn-instance-VPN1] ipv4-family
[PE2-vpn-instance-VPN1-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-VPN1-af-ipv4] vpn-target 111:1 both
[PE2-vpn-instance-VPN1-af-ipv4] quit
[PE2-vpn-instance-VPN1] quit
[PE2] interface gigabitethernet1/0/0
[PE2-GigabitEthernet1/0/0] ip binding vpn-instance VPN1
[PE2-GigabitEthernet1/0/0] ip address 100.2.1.1 24
[PE2-GigabitEthernet1/0/0] undo shutdown
[PE2-GigabitEthernet1/0/0] quit
# Configure CE2.<HUAWEI> system-view[HUAWEI] sysname CE2[CE2] interface gigabitethernet1/0/0
[CE2-GigabitEthernet1/0/0] ip address 100.2.1.2 24
[CE2-GigabitEthernet1/0/0] undo shutdown
[CE2-GigabitEthernet1/0/0] quit
After the configuration is complete, run the display ip vpn-instance verbose command on the NPE and PE2. You can view the configurations of the VPN instance. In addition, the NPE and PE can successfully ping the CE devices that they are connected to.
NOTE:If the PE has multiple interfaces bound to the same VPN, and the ping -vpn-instance command is used to ping the CE device that the peer PE accesses, you need to specify the source IP address; that is, specify the -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address command; otherwise, the ping command fails.Take the display on the NPE as an example:[NPE] display ip vpn-instance verbose
Total VPN-Instances configured : 1
VPN-Instance Name and ID : VPN1, 1
Address family ipv4
Create date : 2007-09-21 11:30:35
Up time : 0 days, 00 hours, 05 minutes and 19 seconds
Route Distinguisher : 200:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label policy: label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
Log Interval : 5
Interfaces : Virtual-Ethernet2/0/1.1
[NPE] ping -vpn-instance VPN1 100.1.1.1
PING 100.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms
Reply from 100.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms
Reply from 100.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms
Reply from 100.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms
Reply from 100.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms
--- 100.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/23/56 ms
- Set up EBGP peer relationships between PEs and CEs, and import VPN routes.# Configure CE1.
[CE1] bgp 65010
[CE1-bgp] peer 100.1.1.2 as-number 100
[CE1-bgp] import-route direct
# Configure CE2.[CE2] bgp 65020
[CE2-bgp] peer 100.2.1.1 as-number 100
[CE2-bgp] import-route direct
# Configure the NPE.[NPE] bgp 100
[NPE-bgp] ipv4-family vpn-instance VPN1
[NPE-bgp-VPN1] peer 100.1.1.1 as-number 65010
[NPE-bgp-VPN1] import-route direct
[NPE-bgp-VPN1] quit
# Configure PE2.[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance VPN1
[PE2-bgp-VPN1] peer 100.2.1.2 as-number 65020
[PE2-bgp-VPN1] import-route direct
[PE2-bgp-VPN1] quit
- Set up MP-IBGP peer relationships between the NPE and PE2.# Configure the NPE.
[NPE] bgp 100
[NPE-bgp] peer 4.4.4.9 as-number 100
[NPE-bgp] peer 4.4.4.9 connect-interface loopback 1
[NPE-bgp] ipv4-family vpnv4
[NPE-bgp-af-vpnv4] peer 4.4.4.9 enable
[NPE-bgp-af-vpnv4] quit
# Configure PE2.[PE2] bgp 100
[PE2-bgp] peer 3.3.3.9 as-number 100
[PE2-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE2-bgp-af-vpnv4] quit
- Verify the configuration.CE1 and CE2 can ping each other successfully. Take the display on CE1 as example:
[CE1] ping 100.2.1.2
PING 100.2.1.2: 56 data bytes, press CTRL_C to break
Reply from 100.2.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
Reply from 100.2.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 100.2.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
Reply from 100.2.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 100.2.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
--- 100.2.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms
Configuration Files
- Configuration file of the UPE
#
sysname UPE
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1
remote-ip 3.3.3.9
#
interface Pos1/0/0
mtu 1500
undo shutdown
link-protocol ppp
ip address 100.1.1.2 255.255.255.0
mpls l2vc 3.3.3.9 101 ip-interworking
#
interface Pos2/0/0
undo shutdown
link-protocol ppp
ip address 10.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.2.1.0 0.0.0.255
#
return
- Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
undo shutdown
link-protocol ppp
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface Pos2/0/0
undo shutdown
link-protocol ppp
ip address 10.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
- Configuration file of the NPE
#
sysname NPE
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1
remote-ip 1.1.1.9
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Pos1/0/0
undo shutdown
link-protocol ppp
ip address 10.3.3.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Pos2/0/0
undo shutdown
link-protocol ppp
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate
# interface Virtual-Ethernet2/0/0.1 vlan-type dot1q 1 local-ce ip 100.1.1.2 mpls l2vc 1.1.1.9 101 ip-interworking
#
interface Virtual-Ethernet2/0/1
ve-group 1 l3-access
# interface Virtual-Ethernet2/0/1.1 vlan-type dot1q 1 ip binding vpn-instance VPN1 ip address 100.1.1.2 255.255.255.0
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
bgp 100
peer 4.4.4.9 as-number 100
peer 4.4.4.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.9 enable
#
ipv4-family vpn-instance VPN1
peer 100.1.1.1 as-number 65010
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
- Configuration file of PE2
#
sysname PE2
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance VPN1
ip address 100.2.1.1 255.255.255.0
#
interface Pos1/0/0
undo shutdown
link-protocol ppp
ip address 10.3.3.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance VPN1
peer 100.2.1.2 as-number 65020
import-route direct
#
return
- Configuration file of CE1
#
sysname CE1
#
interface Pos1/0/0
mtu 1500
undo shutdown
link-protocol ppp
ip address 100.1.1.1 255.255.255.0
#
bgp 65010
peer 100.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 100.1.1.2 enable
#
Return
- Configuration file of CE2
#
sysname CE2
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 100.2.1.2 255.255.255.0
#
bgp 65020
peer 100.2.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 100.2.1.1 enable
#
return
No comments:
Post a Comment