I. Network requirements
- CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200.
- Inter-provider MPLS L3VPN is implemented using option A. That is, the VRF-to-VRF method is used to manage VPN routes.
- The MPLS backbone in each AS runs OSPF.
II. Network diagram
III. Configuration procedure
1) Configure IGP on the MPLS backbone, implementing the connectivity in the backbone
This example uses OSPF. The detailed configuration steps are omitted.
Note:
The 32-bit loopback interface address used as the LSR ID needs to be advertised by OSPF.
- After you complete the above configurations, each ASBR PE and the PE in the same AS should be able to establish OSPF adjacencies. Issuing the display ospf peer command, you can see that the adjacencies reach the state of Full, and that PEs can learn the loopback addresses of each other.
2) Configure MPLS basic capability and MPLS LDP on the MPLS backbone to establish LDP LSPs
# Configure MPLS basic capability on PE 1 and enable MPLS LDP on the interface connected to ASBR PE 1.
<PE1> system-view
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 5/0
[PE1-POS5/0] mpls
[PE1-POS5/0] mpls ldp
[PE1-POS5/0] quit
# Configure MPLS basic capability on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1.
<ASBR-PE1> system-view
[ASBR-PE1] mpls lsr-id 2.2.2.9
[ASBR-PE1] mpls
[ASBR-PE1-mpls] quit
[ASBR-PE1] mpls ldp
[ASBR-PE1-mpls-ldp] quit
[ASBR-PE1] interface pos 5/0
[ASBR-PE1-POS5/0] mpls
[ASBR-PE1-POS5/0] mpls ldp
[ASBR-PE1-POS5/0] quit
# Configure MPLS basic capability on ASBR PE 2 and enable MPLS LDP on the interface connected to PE 2.
<ASBR-PE2> system-view
[ASBR-PE2] mpls lsr-id 3.3.3.9
[ASBR-PE2] mpls
[ASBR-PE2-mpls] quit
[ASBR-PE2] mpls ldp
[ASBR-PE2-mpls-ldp] quit
[ASBR-PE2] interface pos 5/0
[ASBR-PE2-POS5/0] mpls
[ASBR-PE2-POS5/0] mpls ldp
[ASBR-PE2-POS5/0] quit
# Configure MPLS basic capability on PE 2 and enable MPLS LDP on the interface connected to ASBR PE 2.
<PE2> system-view
[PE2] mpls lsr-id 4.4.4.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 5/0
[PE2-POS5/0] mpls
[PE2-POS5/0] mpls ldp
[PE2-POS5/0] quit
After you complete the above configurations, each PE and the ASBR PE in the same AS should be able to establish neighbor relationship. Issuing the display mpls ldp session command on the devices, you can see that the Session State field has a value of Operational in the output information.
3) Configure VPN instances on PEs to allow CEs to access the network
Note:
The VPN targets for the VPN instances of the PEs must match those for the VPN instances of the ASBR-PEs in the same AS. It is not required for PEs in different ASs.
# Configure CE 1.
<CE1> system-view
[CE1] interface ethernet 1/0
[CE1-Ethernet1/0] ip address 10.1.1.1 24
[CE1-Ethernet1/0] quit
# Configure PE 1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] quit
[PE1] interface ethernet 1/1
[PE1-Ethernet1/1] ip binding vpn-instance vpn1
[PE1-Ethernet1/1] ip address 10.1.1.2 24
[PE1-Ethernet1/1] quit
# Configure CE 2.
<CE2> system-view
[CE2] interface ethernet 1/0
[CE2-Ethernet1/0] ip address 10.2.1.1 24
[CE2-Ethernet1/0] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:2
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] quit
[PE2] interface ethernet 1/1
[PE2-Ethernet1/1] ip binding vpn-instance vpn1
[PE2-Ethernet1/1] ip address 10.2.1.2 24
[PE2-Ethernet1/1] quit
# Configure ASBR PE 1, creating a VPN instance and binding the instance to the interface connected with ASBR PE 2. Note that ASBR PE 1 considers ASBR PE 2 its CE.
[ASBR-PE1] ip vpn-instance vpn1
[ASBR-PE1-vpn-vpn1] route-distinguisher 100:1
[ASBR-PE1-vpn-vpn1] vpn-target 100:1 both
[ASBR-PE1-vpn-vpn1] quit
[ASBR-PE1] interface pos 5/1
[ASBR-PE1-POS5/1] ip binding vpn-instance vpn1
[ASBR-PE1-POS5/1] ip address 192.1.1.1 24
[ASBR-PE1-POS5/1] quit
# Configure ASBR PE 2, creating a VPN instance and binding the instance to the interface connected with ASBR PE 1. Note that ASBR PE 2 considers ASBR PE 1 its CE.
[ASBR-PE2] ip vpn-instance vpn1
[ASBR-PE2-vpn-vpn1] route-distinguisher 200:1
[ASBR-PE2-vpn-vpn1] vpn-target 100:1 both
[ASBR-PE2-vpn-vpn1] quit
[ASBR-PE2] interface pos 5/1
[ASBR-PE2-POS5/1] ip binding vpn-instance vpn1
[ASBR-PE2-POS5/1] ip address 192.1.1.2 24
[ASBR-PE2-POS5/1] quit
After completing the above configurations, you should see the VPN instance configurations by issuing the display ip vpn-instance command.
The PEs should be able to ping their respective CEs and the ASBR PEs should be able to ping each other.
4) Establish EBGP peer relationship between PEs and CEs to allow VPN routes to be injected
# Configure CE 1.
[CE1] bgp 65001
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] quit
# Configure CE 2.
[CE2] bgp 65002
[CE2-bgp] peer 10.2.1.2 as-number 200
[CE2-bgp] import-route direct
[CE2-bgp] quit
# Configure PE 2.
[PE2] bgp 200
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] peer 10.2.1.1 as-number 65002
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
[PE2-bgp] quit
5) Establish IBGP peer relationship between each PE and the ASBR PE in the same AS and EBGP peer relationship between the ASBR PEs
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4] peer 2.2.2.9 next-hop-local
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# Configure ASBR PE 1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] ipv4-family vpn-instance vpn1
[ASBR-PE1-bgp-vpn1] peer 192.1.1.2 as-number 200
[ASBR-PE1-bgp-vpn1] quit
[ASBR-PE1-bgp] peer 1.1.1.9 as-number 100
[ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0
[ASBR-PE1-bgp] ipv4-family vpnv4
[ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 enable
[ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 next-hop-local
[ASBR-PE1-bgp-af-vpnv4] quit
[ASBR-PE1-bgp] quit
# Configure ASBR PE 2.
[ASBR-PE2] bgp 200
[ASBR-PE2-bgp] ipv4-family vpn-instance vpn1
[ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100
[ASBR-PE2-bgp-vpn1] quit
[ASBR-PE2-bgp] peer 4.4.4.9 as-number 200
[ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0
[ASBR-PE2-bgp] ipv4-family vpnv4
[ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 enable
[ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 next-hop-local
[ASBR-PE2-bgp-af-vpnv4] quit
[ASBR-PE2-bgp] quit
# Configure PE 2.
[PE2] bgp 200
[PE2-bgp] peer 3.3.3.9 as-number 200
[PE2-bgp] peer 3.3.3.9 connect-interface loopback 0
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE2-bgp-af-vpnv4] peer 3.3.3.9 next-hop-local
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
6) Verify your configurations
After you complete the above configurations, the CEs should be able to learn the interface routes from each other and ping each other.
Thanks for sharing this interesting and knowledgeable blog.
ReplyDeleteBest VPN Service UK
IPVanish VPN Review
VPN Express for PC