Configuring MPLS L3VPNs Using a GRE Tunnel on Routers

I. Network requirements

  •  CE 1 and CE 2 belong to VPN 1. On the service provider backbone, the PEs support MPLS, while the P device does not support MPLS and provides pure IP functions.
  • On the backbone, a GRE tunnel is used to encapsulate and forward VPN packets to implement MPLS L3VPN.

This networking scheme requires that tunneling policies be configured on the PEs and the tunnel type for VPN traffic be specified as GRE.

II. Network diagram










III. Configuration procedure

1) Configure IGP on the MPLS backbone, enabling the PEs and the P device to communicate
This example uses OSPF. The detailed configuration steps are omitted.
After you complete the above configurations, OSPF adjacency should be established between PE 1, P, and PE 2. Issuing the display ospf peer command, you can see that the adjacency status is Full. Issuing the display ip routing-table command, you can see that the PEs have learned the loopback route of each other.

2) Enable MPLS basic capability on the PEs

# Configure PE 1.

<PE1> system-view
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit

# Configure PE 2.

<PE2> system-view
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit

3) Configure VPN instances on PEs to allow CEs to access and apply tunneling policies to the PEs, specifying to use a GRE tunnel for VPN packet forwarding

# Configure PE 1.

[PE1] tunnel-policy gre1
[PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE1-tunnel-policy-gre1] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] tnl-policy gre1
[PE1-vpn-instance-vpn1] quit
[PE1] interface ethernet 1/0
[PE1-Ethernet1/0] ip binding vpn-instance vpn1
[PE1-Ethernet1/0] ip address 10.1.1.2 24
[PE1-Ethernet1/0] quit

# Configure PE 2.

[PE2] tunnel-policy gre1
[PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE2-tunnel-policy-gre1] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] tnl-policy gre1
[PE2-vpn-instance-vpn1] quit
[PE2] interface ethernet 1/0
[PE2-Ethernet1/0] ip binding vpn-instance vpn1
[PE2-Ethernet1/0] ip address 10.2.1.2 24
[PE2-Ethernet1/0] quit

# Configure CE 1.

<CE1> system-view
[CE1] interface ethernet 1/0
[CE1-Ethernet1/0] ip address 10.1.1.1 24
[CE1-Ethernet1/0] quit

# Configure CE 2.

<CE2> system-view
[CE2] interface ethernet 1/0
[CE2-Ethernet1/0] ip address 10.2.1.1 24
[CE2-Ethernet1/0] quit

After completing the above configurations, you can issue the display ip vpn-instance command on the PEs to view the configuration of the VPN instance. The PEs should be capable of pinging their respective CEs. The following takes PE 1 as an example:

[PE1] display ip vpn-instance

Total VPN-Instances configured : 1
VPN-Instance Name   RD     Create Time
vpn1                           100:1   2006/08/13 09:32:45

[PE1] ping -vpn-instance vpn1 10.1.1.1

PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=27 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=33 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=7 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=29 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 7/21/33 ms

4) Establish EBGP peer relationship between PEs and CEs to allow VPN routes to be injected

# Configure CE 1.

[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit

# Configure PE 1.

[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpn1] peer 10.1.1.1 next-hop-local
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] quit

Note:

The configurations for CE 2 are similar to those for CE 1 and the configurations for PE 2 are similar to those for PE 1. The detailed configuration steps are omitted.

After completing the above configuration, if you issue the display bgp vpnv4 vpn-instance peer command on the PEs, you should see that BGP peer relationship has been established between PE and CE, and has reached the state of Established.

The following takes PE 1 as an example:

[PE1] display bgp vpnv4 vpn-instance vpn1 peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer         V  AS      MsgRcvd MsgSent OutQ PrefRcv Up/Down   State
10.1.1.1   4  65410        5               5          0          1        00:02:03   Established

5) Configure MP-IBGP peers between PEs

# Configure PE 1.

[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4] quit

[PE1-bgp] quit

Note:

The configurations for PE 2 are similar to those for PE 1. The detailed configuration steps are omitted.

After completing the above configuration, if you issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs, you should see that BGP peer relationship has been established between the PEs, and has reached the state of Established.

[PE1] display bgp vpnv4 all peer

BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer     V   AS   MsgRcvd MsgSent OutQ PrefRcv Up/Down   State
2.2.2.9 4   100          3              3           0         1        00:00:34   Established

6) Configure a GRE tunnel

# Configure PE 1.

[PE1] interface tunnel 0

[PE1-Tunnel0] tunnel-protocol gre
[PE1-Tunnel0] source loopback 0
[PE1-Tunnel0] destination 2.2.2.9
[PE1-Tunnel0] ip address 20.1.1.1 24
[PE1-Tunnel0] mpls
[PE1-Tunnel0] quit

# Configure PE 2.

[PE2] interface tunnel 0
[PE2-Tunnel0] tunnel-protocol gre
[PE2-Tunnel0] source loopback 0
[PE2-Tunnel0] destination 1.1.1.9
[PE2-Tunnel0] ip address 20.1.1.2 24
[PE2-Tunnel0] mpls
[PE2-Tunnel0] quit

The CEs should be able to ping each other.

[CE1] ping 10.2.1.1
PING 10.2.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=41 ms
Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=69 ms
Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=68 ms
Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=68 ms
Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=67 ms
--- 10.2.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 41/62/69 ms

No comments:

Post a Comment