I. Network requirements
This networking scheme requires that tunneling policies be configured on the PEs and the tunnel type for VPN traffic be specified as GRE.
II. Network diagram
III. Configuration procedure
1) Configure IGP on the MPLS backbone, enabling the PEs and the P device to communicate
This example uses OSPF. The detailed configuration steps are omitted.
After you complete the above configurations, OSPF adjacency should be established between PE 1, P, and PE 2. Issuing the display ospf peer command, you can see that the adjacency status is Full. Issuing the display ip routing-table command, you can see that the PEs have learned the loopback route of each other.
2) Enable MPLS basic capability on the PEs
# Configure PE 1.
<PE1> system-view
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
# Configure PE 2.
<PE2> system-view
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
3) Configure VPN instances on PEs to allow CEs to access and apply tunneling policies to the PEs, specifying to use a GRE tunnel for VPN packet forwarding
# Configure PE 1.
[PE1] tunnel-policy gre1
[PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE1-tunnel-policy-gre1] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] tnl-policy gre1
[PE1-vpn-instance-vpn1] quit
[PE1] interface vlan-interface 1
[PE1-Vlan-interface1] ip binding vpn-instance vpn1
[PE1-Vlan-interface1] ip address 10.1.1.2 24
[PE1-Vlan-interface1] quit
# Configure PE 2.
[PE2] tunnel-policy gre1
[PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE2-tunnel-policy-gre1] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] tnl-policy gre1
[PE2-vpn-instance-vpn1] quit
[PE2] interface vlan-interface 1
[PE2-Vlan-interface1] ip binding vpn-instance vpn1
[PE2-Vlan-interface1] ip address 10.2.1.2 24
[PE2-Vlan-interface1] quit
# Configure CE 1.
<CE1> system-view
[CE1] interface vlan-interface 1
[CE1-Vlan-interface1] ip address 10.1.1.1 24
[CE1-Vlan-interface1] quit
# Configure CE 2.
<CE2> system-view
[CE2] interface vlan-interface 1
[CE2-Vlan-interface1] ip address 10.2.1.1 24
[CE2-Vlan-interface1] quit
After completing the above configurations, you can issue the display ip vpn-instance command on the PEs to view the configuration of the VPN instance. The PEs should be capable of pinging their respective CEs. The following takes PE 1 as an example:
[PE1] display ip vpn-instance
VPN-Instance Name RD Create Time
vpn1 100:1 2006/08/13 09:32:45
[PE1] ping -vpn-instance vpn1 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=27 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=33 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=7 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=29 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 7/21/33 ms
4) Establish EBGP peer relationship between PEs and CEs to allow VPN routes to be injected
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpn1] peer 10.1.1.1 next-hop-local
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] quit
Note:
The configurations for CE 2 are similar to those for CE 1 and the configurations for PE 2 are similar to those for PE 1. The detailed configuration steps are omitted.
After completing the above configuration, if you issue the display bgp vpnv4 vpn-instance peer command on the PEs, you should see that BGP peer relationship has been established between PE and CE, and has reached the state of Established.
The following takes PE 1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.1.1.1 4 65410 5 5 0 1 00:02:03 Established
5) Configure MP-IBGP peers between PEs
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
Note:
The configurations for PE 2 are similar to those for PE 1. The detailed configuration steps are omitted.
After completing the above configuration, if you issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs, you should see that BGP peer relationship has been established between the PEs, and has reached the state of Established.
[PE1] display bgp vpnv4 all peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2.2.2.9 4 100 3 3 0 1 00:00:34 Established
6) Configure a GRE tunnel
# Configure PE 1.
[PE1] interface tunnel 0
[PE1-Tunnel0] tunnel-protocol gre
[PE1-Tunnel0] source loopback 0
[PE1-Tunnel0] destination 2.2.2.9
[PE1-Tunnel0] ip address 20.1.1.1 24
[PE1-Tunnel0] mpls
[PE1-Tunnel0] quit
# Configure PE 2.
[PE2] interface tunnel 0
[PE2-Tunnel0] tunnel-protocol gre
[PE2-Tunnel0] source loopback 0
[PE2-Tunnel0] destination 1.1.1.9
[PE2-Tunnel0] ip address 20.1.1.2 24
[PE2-Tunnel0] mpls
[PE2-Tunnel0] quit
7) Verify your configurations
After you complete the above configurations, the CEs should be able to learn the interface routes from each other.
The following takes CE 1 as an example:
[CE1] display ip routing-table
Routing Tables: Public
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.1 Vlan1
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.0/24 BGP 255 0 10.1.1.2 Vlan1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
The following takes PE 1 as an example:
[PE1] display ip routing-table
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.9/32 OSPF 10 3125 172.1.1.2 Vlan2
10.2.1.0/24 Static 60 0 20.1.1.1 Tunnel0
20.1.1.0/24 Direct 0 0 20.1.1.1 Tunnel0
20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.1.1.0/24 Direct 0 0 172.1.1.1 Vlan2
172.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.1.1.2/32 Direct 0 0 172.1.1.2 Vlan2
172.2.1.0/24 OSPF 10 3124 172.1.1.2 Vlan2
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.2 Vlan1
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.0/24 BGP 255 0 2.2.2.9 NULL0
The CEs should be able to ping each other.
[CE1] ping 10.2.1.1
PING 10.2.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=41 ms
Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=69 ms
Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=68 ms
Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=68 ms
Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=67 ms
--- 10.2.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 41/62/69 ms
- CE 1 and CE 2 belong to VPN 1. On the service provider backbone, the PEs support MPLS, while the P device does not support MPLS and provides pure IP functions.
- On the backbone, a GRE tunnel is used to encapsulate and forward VPN packets to implement MPLS L3VPN.
This networking scheme requires that tunneling policies be configured on the PEs and the tunnel type for VPN traffic be specified as GRE.
II. Network diagram
III. Configuration procedure
1) Configure IGP on the MPLS backbone, enabling the PEs and the P device to communicate
This example uses OSPF. The detailed configuration steps are omitted.
After you complete the above configurations, OSPF adjacency should be established between PE 1, P, and PE 2. Issuing the display ospf peer command, you can see that the adjacency status is Full. Issuing the display ip routing-table command, you can see that the PEs have learned the loopback route of each other.
2) Enable MPLS basic capability on the PEs
# Configure PE 1.
<PE1> system-view
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
# Configure PE 2.
<PE2> system-view
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
3) Configure VPN instances on PEs to allow CEs to access and apply tunneling policies to the PEs, specifying to use a GRE tunnel for VPN packet forwarding
# Configure PE 1.
[PE1] tunnel-policy gre1
[PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE1-tunnel-policy-gre1] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] tnl-policy gre1
[PE1-vpn-instance-vpn1] quit
[PE1] interface vlan-interface 1
[PE1-Vlan-interface1] ip binding vpn-instance vpn1
[PE1-Vlan-interface1] ip address 10.1.1.2 24
[PE1-Vlan-interface1] quit
# Configure PE 2.
[PE2] tunnel-policy gre1
[PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
[PE2-tunnel-policy-gre1] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] tnl-policy gre1
[PE2-vpn-instance-vpn1] quit
[PE2] interface vlan-interface 1
[PE2-Vlan-interface1] ip binding vpn-instance vpn1
[PE2-Vlan-interface1] ip address 10.2.1.2 24
[PE2-Vlan-interface1] quit
# Configure CE 1.
<CE1> system-view
[CE1] interface vlan-interface 1
[CE1-Vlan-interface1] ip address 10.1.1.1 24
[CE1-Vlan-interface1] quit
# Configure CE 2.
<CE2> system-view
[CE2] interface vlan-interface 1
[CE2-Vlan-interface1] ip address 10.2.1.1 24
[CE2-Vlan-interface1] quit
After completing the above configurations, you can issue the display ip vpn-instance command on the PEs to view the configuration of the VPN instance. The PEs should be capable of pinging their respective CEs. The following takes PE 1 as an example:
[PE1] display ip vpn-instance
VPN-Instance Name RD Create Time
vpn1 100:1 2006/08/13 09:32:45
[PE1] ping -vpn-instance vpn1 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=27 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=33 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=7 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=29 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 7/21/33 ms
4) Establish EBGP peer relationship between PEs and CEs to allow VPN routes to be injected
# Configure CE 1.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpn1] peer 10.1.1.1 next-hop-local
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] quit
Note:
The configurations for CE 2 are similar to those for CE 1 and the configurations for PE 2 are similar to those for PE 1. The detailed configuration steps are omitted.
After completing the above configuration, if you issue the display bgp vpnv4 vpn-instance peer command on the PEs, you should see that BGP peer relationship has been established between PE and CE, and has reached the state of Established.
The following takes PE 1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.1.1.1 4 65410 5 5 0 1 00:02:03 Established
5) Configure MP-IBGP peers between PEs
# Configure PE 1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
Note:
The configurations for PE 2 are similar to those for PE 1. The detailed configuration steps are omitted.
After completing the above configuration, if you issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs, you should see that BGP peer relationship has been established between the PEs, and has reached the state of Established.
[PE1] display bgp vpnv4 all peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2.2.2.9 4 100 3 3 0 1 00:00:34 Established
6) Configure a GRE tunnel
# Configure PE 1.
[PE1] interface tunnel 0
[PE1-Tunnel0] tunnel-protocol gre
[PE1-Tunnel0] source loopback 0
[PE1-Tunnel0] destination 2.2.2.9
[PE1-Tunnel0] ip address 20.1.1.1 24
[PE1-Tunnel0] mpls
[PE1-Tunnel0] quit
# Configure PE 2.
[PE2] interface tunnel 0
[PE2-Tunnel0] tunnel-protocol gre
[PE2-Tunnel0] source loopback 0
[PE2-Tunnel0] destination 1.1.1.9
[PE2-Tunnel0] ip address 20.1.1.2 24
[PE2-Tunnel0] mpls
[PE2-Tunnel0] quit
7) Verify your configurations
After you complete the above configurations, the CEs should be able to learn the interface routes from each other.
The following takes CE 1 as an example:
[CE1] display ip routing-table
Routing Tables: Public
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.1 Vlan1
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.0/24 BGP 255 0 10.1.1.2 Vlan1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
The following takes PE 1 as an example:
[PE1] display ip routing-table
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.9/32 OSPF 10 3125 172.1.1.2 Vlan2
10.2.1.0/24 Static 60 0 20.1.1.1 Tunnel0
20.1.1.0/24 Direct 0 0 20.1.1.1 Tunnel0
20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.1.1.0/24 Direct 0 0 172.1.1.1 Vlan2
172.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.1.1.2/32 Direct 0 0 172.1.1.2 Vlan2
172.2.1.0/24 OSPF 10 3124 172.1.1.2 Vlan2
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.2 Vlan1
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.0/24 BGP 255 0 2.2.2.9 NULL0
The CEs should be able to ping each other.
[CE1] ping 10.2.1.1
PING 10.2.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=41 ms
Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=69 ms
Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=68 ms
Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=68 ms
Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=67 ms
--- 10.2.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 41/62/69 ms
No comments:
Post a Comment