Professional Documents
Culture Documents
Version: 3.00.11
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright 2014 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided as is, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit the ZTE technical support website http://support.zte.com.cn to inquire for related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
Figures............................................................................................................. I
II
Intended Audience
This manual is intended for:
Chapter 1, MPLS L3VPN Provides the overview and principles of MPLS L3VPN configuration,
Configuration related configuration and maintenance commands, and configuration
examples.
Chapter 2, MPLS L2VPN Provides the overview and principles of MPLS L2VPN configuration,
Configuration related configuration and maintenance commands, and configuration
examples.
Conventions
This manual uses the following typographical conventions:
Italics Variables in commands. It may also refer to other related manuals and documents.
Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters, and commands.
Constant Text that you type, program codes, filenames, directory names, and function names.
width
[] Optional parameters.
{} Mandatory parameters.
II
1-1
Since label switching is used, the time for address search in each hop process is
shortened. In this way, the time of data transmission time is reduced in network, and
the network speed is improved.
4. Improve flexibility and expansibility
Since MPLS uses AnyToAny connection, the network flexibility and expansibility are
improved. With respect to the flexibility, special control policy can be customized to
meet special requirements of different users to realize value-added services. The
expansibility covers the following two points:
l More VPNs are contained by a network.
l Easy user expansion in the same VPN.
5. Convenience
MPLS is widely used in operator networks. It bring more convenience to enterprise
users establish global VPN.
6. Improve transmission security
MPLS serves as a channel mechanism to implement transparent packet transmission.
MPLS Link State Packet (LSP) have high reliability and security, similaring to frame
relay and Asynchronous Transfer Mode (ATM) Virtual Channel Connection (VCC).
7. Enhance service integration capability
A network can support the services integrating data, audio and video.
8. MPLS QoS guarantee
The related standards and drafts drawn byIETF for Border Gateway Protocol
(BGP)/MPLS VPN:
l RFC 4364, BGP/MPLS IP Virtual Private Networks
l RFC 4760, Multiprotocol Extensions for BGP-4
l RFC 2547, BGP/MPLS VPN
l Draft RFC 2547bis, BGP/MPLS VPN
l Request For Comments (RFC) 2283, multi-protocol extension BGP4
In a single VPN, PE routers are connected by tunnel. The tunnel can be a MPLS LSP
tunnel or a LDP tunnel.
l Provider (P)
1-2
Here, "P" refers a router in the core of an operator network, which does not connect
to any router in any customer site, but is a part of MPLS L3 VPN tunnel. "P" supports
MPLS LSP or LDP function, but it does not need to support VPN.
l CE
CE refers to a router or switch connected to an operator network in a customer site.
Normally, IP router act as CE device.
VPN function is provided by PE routers, while P and CE routers do not have special
requirements for VPN configuration.
1-3
CE advertises routing information on the user's network to the PE by means of static route,
default route, routing protocols RIP, OSPF, IS-IS or BGP.
CE sends the routing information to PE by static route, default router or routing protocol,
such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF) and
Intermediate System-to-Intermediate System (IS-IS).
Meanwhile extended multi-protocol BGP is used between PEs to transmit VPN-IP
information and the corresponding labels (VPN label, called inner label hereinafter).
1-4
The conventional IGP is used between PE and P to learn the routing information, and the
LDP is used to bind the routing information to label (a label on the backbone network,
called outer label hereinafter).
In this way, the basic network topology and routing information among CE, PE and P are
already formed. Thus, the PE has the routing information of backbone network and every
VPN.
When CE user data belonging to some VPN enters the network, the system can identify to
which VPN the CE belongs on the interface of CE that connects to PE, and will further read
the next-hop address information in the routing table of the VPN. In addition, the forwarded
packets will be marked with a VPN label (inner label). In this case, the obtained next-hop
address is the address of a PE that is the peer of this PE.
To reach the destination PE, routing information of backbone network is read from the
source PE , thus to obtain the address of the next P switch. Meanwhile, the forwarded
user packets are marked with a backbone network label (outer label).
In backbone network, all the P routers locating behind the source PE read the outer label
to determine the next hop. Therefore, the simple label switching is performed in backbone
network only.
When the packet reaches the last P switch before arriving at the destination PE, the outer
label will be removed. After the packet reaches the destination PE, the PE will read the
inner label, find the next-hop CE in the corresponding Virtual Routing Forwarding (VRF)
and send the packet to the related interface, and then transmit the packet to the CE network
of the VPN.
1-5
Parameter Description
<vrf-name> VRF name, 1-32 characters. The name is only valid locally, which
is used for binding an interface to the VPN.
1-6
3 ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name> This enters VRF address family
configuration mode.
Configuration Example
As shown in Figure 1-1, run static route between CE1 and PE1.
PE1 configuration,
PE1(config)#ip route vrf vpn_a 10.1.0.0 255.255.0.0 10.1.0.1
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
1-7
PE1(config-bgp-af-ipv4-vrf)#redistribute static
PE1(config-bgp-af-ipv4-vrf)#exit
4 ZXR10(config)#router bgp < as-number> This enters BGP route configuration mode.
Configuration Example
As shown in Figure 1-2, run RIP between CE1 and PE1.
1-8
Run RIP protocol on CE1 and PE1 respectively. Make sure that PE1 and CE1 can
distribute route to each other.
CE 1 configuration,
CE1(config)#router rip
CE1(config)#no auto-summary
CE1(config-rip)#version 2
CE1(config-rip)#network 10.1.0.0 0.0.0.3
CE1(config-rip)#redistribute connected
CE1(config-rip)#exit
PE1 configuration,
PE1(config)#router rip
PE1(config-rip)#version 2
PE1(config-rip)#address-family ipv4 vrf vpn_a
PE1(config-rip-af)#no auto-summary
PE1(config-rip-af)#version 2
PE1(config-rip-af)#network 10.1.0.0 0.0.0.3
PE1(config-rip-af)#redistribute bgp-int
PE1(config-rip-af)#exit
PE1(config-rip)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#redistribute rip
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit
1-9
1 ZXR10(config)#router ospf < process-id>[ vrf < vrf-name>] This enters OSPF VRF
configuration mode.
5 ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name> This enters VRF address family
configuration mode.
Configuration Example
As shown in Figure 1-3, enable the OSPF protocol on both CE1 and PE1 to distribute
routing information mutually.
1-10
Use similar methods to configure PE2 and CE2 and then verify the configuration.
Checking the routing information on CE1:
CE1#show ip forwarding route ospf
IPv4 Routing Table:
status codes: *valid, >best
Dest Gw Interface Owner Pri Metric
10.2.0.0/30 10.1.0.2 vlan1 ospf 110 1
10.2.1.0/24 10.1.0.2 vlan2 ospf 110 1
On CE2, ping the local area network where the CE1 is connected to:
CE2#ping 10.1.1.1
sending 5,100-byte ICMP echos to 10.1.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/0/10 ms.
1-11
Configuration Example
As shown in Figure 1-4, run EBGP between CE1 and PE1.
Configure BGP on CE1 and PE1 respectively. Make sure that CE1 and PE1 can distribute
route to each other.
CE1 configuration,
CE1(config)#router bgp 65001
CE1(config-bgp)#neighbor 10.1.0.2 remote-as 100
CE1(config-bgp)#neighbor 10.1.0.2 ebgp-multihop
CE1(config-bgp)#neighbor 10.1.0.2 activate
CE1(config-bgp)#redistribute connected
CE1(config-bgp)#exit
PE1 configuration,
PE1(config)#router bgp 100
1-12
Configuring MPBGP
To configure MPBGP, perform the following steps on ZXR10 5900E.
Configuration Example
As shown in Figure 1-5, run MPBGP between PE1 and PE2.
1-13
Caution!
Before perform the following configurations, make sure that PE1 and PE2 can be ping
each other by using their loopback addresses.
PE1 configuration,
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.3 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.3 activate
PE1(config-bgp)#neighbor 1.1.1.3 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.3 activate
PE1(config-bgp-af-vpnv4)#exit
PE2 configuration,
2 ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name> This enters IPv4 VRF address
family configuration mode.
1-14
l Import Map
VRF can save its concerned route prefix by means of import map.
l Export map
The export map is used to configure different RTs to route prefix. Different VRFs
can selective accept the prefixes with different RTs.
To configure export and import map, perform the following steps on ZXR10 5900E.
Configuration Example
As shown in Figure 1-6. P acts as router reflector (RR), the loopback1 address of PE1
is 61.139.36.34/32, the loopback2 address of PE2 is 61.139.36.35/32, and the loopback1
address of P is 61.139.36.31/32.
l Configuration Requirements
1-15
Make sure that PE1 and PE2 can learn loopback addresses between each other.
PE1 and PE2 establish LDP neighborhood with RR respectively.
RR establishes MP-IBGP neighborhood with PE1 and PE2 respectively. PE1
and PE2 are RR clients, their Loopback addresses are used to set up BGP
connection.
A VRF called ok is configured on PE1 and PE2. The RD is 1:1, and the RT is 1:1.
RR establishes MP-IBGP neighborhood with PE1 and PE2 respectively. PE1 and
PE2 are RR clients. Bind loopback IP addresses on PE1 and PE2 respectively. Make
sure that PE1 and PE2 can learn route between each other.
l Configuration Process
RR (P)configuration,
P(config)#router bgp 65190
P(config-bgp)#no bgp default route-target filter
P(config-bgp)#neighbor 61.139.36.34 remote-as 65190
P(config-bgp)#neighbor 61.139.36.34 update-source loopback1
P(config-bgp)#neighbor 61.139.36.35 remote-as 65190
P(config-bgp)#neighbor 61.139.36.35 update-source loopback1
P(config-bgp)#address-family vpnv4
P(config-bgp-af-vpnv4)#neighbor 61.139.36.34 activate
P(config-bgp-af-vpnv4)#neighbor 61.139.36.35 activate
P(config-bgp-af-vpnv4)#neighbor 61.139.36.34 route-reflector-client
P(config-bgp-af-vpnv4)#neighbor 61.139.36.35 route-reflector-client
PE1 configuration,
PE1(config)#ip vrf ok
PE1(config-vrf-ok)#rd 1:1
PE1(config-vrf-ok)#address-family ipv4
PE1(config-vrf-ok-af-ipv4)#route-target 1:1
PE1(config-vrf-ok-af-ipv4)#exit
PE1(config-vrf-ok)#exit
PE1(config)#router bgp 65190
PE1(config-bgp)#neighbor 61.139.36.31 remote-as 65190
PE1(config-bgp)#neighbor 61.139.36.31 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 61.139.36.31 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit
PE1(config)#interface loopback10
PE1(config-if-loopback10)#ip vrf forwarding ok
PE1(config-if-loopback10)#ip address 10.10.10.10 255.255.0.0
PE1(config-if-loopback10)#exit
PE1(config)#router bgp 65190
PE1(config-bgp)#address-family ipv4 vrf ok
1-16
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE2 configuration,
PE2(config)#ip vrf ok
PE2(config-vrf-ok)#rd 1:1
PE2(config-vrf-ok)#address-family ipv4
PE2(config-vrf-ok-af-ipv4)#route-target 1:1
PE2(config-vrf-ok-af-ipv4)#exit
PE2(config-vrf-ok)#exit
PE2(config)#router bgp 65190
PE2(config-bgp)#neighbor 61.139.36.31 remote-as 65190
PE2(config-bgp)#neighbor 61.139.36.31 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 61.139.36.31 active
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit
PE2(config)#interface loopback20
PE2(config-if-loopback20)#ip vrf forwarding ok
PE2(config-if-loopback20)#ip address 20.20.20.20 255.255.0.0
PE2(config-if-loopback20)#exit
PE2(config)#router bgp 65190
PE2(config-bgp)#address-family ipv4 vrf ok
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
l Configuration Check
View the route learning from PE2 on PE1,
PE1#show ip protocol routing vrf ok
Routes of vpn:
status codes: *valid, >best, s-stale
1-17
Command Function
ZXR10#show ip vrf [[[ brief | detail ][< vrf-name>]]| summary] This shows VRF information.
ZXR10#show ip protocol routing vrf <vrf-name>[network This shows VRF routing table.
<ip-address>[mask <net-mask>]]
Configuration Description
As shown in Figure 1-7, CE1 and CE2 belong to the same VPN. The loopback address of
CE1 is 100.1.1.1/24, and that of CE2 is 200.1.1.1/24.
Make sure that CE1 and CE2 can learn the loopback routes between each other by using
OSPF. The BGP runs between CE1 and PE1, while the OSPF runs between CE2 and PE2.
CE1 and CE2 can learn the routes from each other, and the ping is successful between
them.
1-18
Configuration Thought
1. Configure the IP addresses of loopback1 and physical interface on CE1. Establish
EBGP neighborhood between CE1 and PE1. Advertise the loopback address in BGP.
2. Configure the IP addresses of loopback 1 and vlan2 on PE1. Configure a VRF
called test1. Bind the interface vlan1 to the test 1 and configure IP address.
Configure OSPF and advertise the network segment 10.10.0.0/16 in OSPF. Establish
MPBGP neighborhood between PE1 and PE2, and enable VPNv4. Establish EBGP
neighborhood between PE1 and CE1. Enable LDP on the interface vlan2.
3. Configure the IP addresses of vlan2 and vlan3 on P. Configure OSPF and advertise
the network segment 10.10.0.0/16 in OSPF. Enable LDP on the interfaces vlan2 and
vlan3.
4. Configure the IP addresses of loopback 1 and vlan3. Configure a VRF called test1.
Bind the interface vlan4 to the test1 and configure IP address. Configure OSPF and
advertise the network segment 10.10.0.0/16 in OSPF. Establish MPBGP neighborhood
between PE1 and PE2, and enable VPNv4. Establish OSPF neighborhood between
CE2 and PE2. Enable LDP on the interface vlan3.
5. Configure the IP addresses of loopback1 and vlan4. Configure OSPF and advertise
the network segments 10.10.10.2 and loopback200.1.1.1 in OSPF.
Configuration Commands
CE1 configuration,
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 100.1.1.1 255.255.255.0
CE1(config-if-loopback1)#exit
CE1(config)#interface vlan1
CE1(config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
CE1(config-if-vlan1)#exit
CE1(config)#router bgp 200
CE1(config-bgp)#network 100.1.1.0 255.255.255.0
CE1(config-bgp)#neighbor 10.1.1.1 remote-as 100
PE1 configuration,
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
1-19
P configuration,
P(config)#interface vlan2
P(config-if-vlan2)#ip address 10.10.12.2 255.255.255.0
P(config-if-vlan2)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#interface vlan2
P(config-ldp-1-if-vlan2)#exit
P(config-ldp-1)#exit
P(config)#mpls interface vlan2
1-20
1-21
PE2(config-ospf-2)#redistribute bgp-int
PE2(config-ospf-2)#exit
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 10.10.1.1 remote-as 100
PE2(config-bgp)#neighbor 10.10.1.1 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test1
PE2(config-bgp-af-ipv4-vrf)#redistribute ospf-int2
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 10.10.1.1 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp)#router-id loopback1
CE2 configuration,
CE2(config)#interface loopback1
CE2(config-if-loopback1)#ip address 200.1.1.1 255.255.255.0
CE2(config-if-loopback1)#exit
CE2(config)#interface vlan4
CE2(config-if-vlan4)#ip address 10.10.10.2 255.255.255.0
CE2(config-if-vlan4)#exit
CE2(config)#router ospf 1
CE2(config-ospf-1)#network 10.10.10.2 0.0.0.0 area 0
CE2(config-ospf-1)#network 200.1.1.1 0.0.0.0 area 0
Configuration Verification
View the EBGP connection running between CE1 and PE1,
ZXR10#show bgp vpnv4 unicast vrf vpn1 summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
10.1.1.1 4 100 0 12 00:00:09 0
View the routing table of CE1. Here, the BGP route is the VPN route learnt by CE1.
ZXR10#show ip forwarding route
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
10.1.1.0/24 10.1.1.2 vlan1 DIRECT 0 0
10.1.1.0/32 10.1.1.0 vlan1 MARTIAN 0 0
10.1.1.2/32 10.1.1.2 vlan1 ADDRESS 0 0
10.1.1.255/32 10.1.1.255 vlan1 BROADCAST 0 0
100.1.1.0/24 100.1.1.1 loopback1 DIRECT 0 0
100.1.1.0/32 100.1.1.0 loopback1 MARTIAN 0 0
100.1.1.1/32 100.1.1.1 loopback1 ADDRESS 0 0
100.1.1.255/32 100.1.1.255 loopback1 BROADCAST 0 0
1-22
Configuration Description
As shown in Figure 1-8, CE1 and CE2 belong to the same VPN. The loopback address of
CE1 is 100.1.1.1/24, and that of CE2 is 200.1.1.1/24.
Make sure that CE1 and CE2 can learn the loopback routes from each other through the
sham-link running between PE1 and PE2. CE1 and PE1 run OSPF VRF. CE2 and PE2
run OSPF VRF.
1-23
Configuration Thought
1. Configure the IP addresses of loopback and physical interfaces on CE1. Configure
OSPF route.
2. Advertise the loopback interface IP address and the direct-connected network
segment in OSPF.
3. Set up SHAM-LINK.
Configuration Commands
CE1 configuration,
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 100.1.1.1 255.255.255.0
CE1(config-if-loopback1)#exit
CE1(config)#interface vlan1
CE1(config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
CE1(config-if-vlan1)#exit
CE1(config)#interface vlan5
CE1(config-if-vlan5)#ip address 20.1.1.2 255.255.255.0
CE1(config-if-vlan5)#exit
CE1(config)#router ospf 1
CE1(config-ospf-1)#network 10.1.1.0 0.0.0.255 area 0
CE1(config-ospf-1)#network 20.1.1.0 0.0.0.255 area 0
CE1(config-ospf-1)#network 100.1.1.1 0.0.0.0 area 0
PE1 configuration,
PE1(config)#ip vrf test1
PE1(config-vrf-tes t1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 10.10.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface vlan2
PE1(config-if-vlan2)#ip address 10.10.12.1 255.255.255.0
PE1(config-if-vlan2)#exit
PE1(config)#interface loopback64
PE1(config-if-loopback64)#ip vrf forwarding test1
PE1(config-if-loopback64)#ip address 64.64.64.1 255.255.255.255
PE1(config-if-loopback64)#exit
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface vlan2
PE1(config-ldp-1-if-vlan2)#exit
1-24
PE1(config-ldp-1)#exit
PE1(config)#mpls interface vlan2
PE1(config)#interface vlan1
PE1(config-if-vlan1)#ip vrf forwarding test1
PE1(config-if-vlan1)#ip address 10.1.1.1 255.255.255.0
PE1(config-if-vlan1)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 10.10.1.1
PE1(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE1(config-ospf-1)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 10.10.3.3 remote-as 100
PE1(config-bgp)#neighbor 10.10.3.3 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#redistribute ospf-int100
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 10.10.3.3 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit
PE1(config)#router ospf 100 vrf test1
PE1(config-ospf-100)#network 10.1.1.0 0.0.0.255 area 0
PE1(config-ospf-100)#redistribute bgp-int
PE1(config-ospf-100)#area 0 sham-link 64.64.64.1 64.64.64.2
PE1(config-ospf-100)#exit
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#exit
P configuration,
P(config)#interface vlan2
P(config-if-vlan2)#ip address 10.10.12.2 255.255.255.0
P(config-if-vlan2)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#interface vlan2
P(config-ldp-1-if-vlan2)#exit
P(config-ldp-1)#exit
P(config)#interface vlan3
P(config-if-vlan3)#ip address 10.10.23.2 255.255.255.0
P(config-if-vlan3)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#interface vlan3
P(config-ldp-1-if-vlan3)#exit
P(config-ldp-1)#exit
1-25
1-26
PE2(config-ospf-100)#exit
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 10.10.1.1 remote-as 100
PE2(config-bgp)#neighbor 10.10.1.1 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test1
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#redistribute ospf-int 100
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 10.10.1.1 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#router-id loopback1 force
CE2 configuration,
CE2(config)#interface loopback1
CE2(config-if-loopback1)#ip address 200.1.1.1 255.255.255.0
CE2(config-if-loopback1)#exit
CE2(config)#interface vlan4
CE2(config-if-vlan4)#ip address 10.10.10.2 255.255.255.0
CE2(config-if-vlan4)#exit
CE2(config)#interface vlan5
CE2(config-if-vlan5)#ip address 20.1.1.1 255.255.255.0
CE2(config-if-vlan5)#exit
CE2(config)#router ospf 1
CE2(config-ospf-1)#network 10.10.10.2 0.0.0.0 area 0
CE2(config-ospf-1)#network 200.1.1.1 0.0.0.0 area 0
CE2(config-ospf-1)#network 20.1.1.1 0.0.0.0 area 0
Configuration Description
As shown in Figure 1-9, custom has two sites, site 1 and 2, and they need VPN connection.
Site 1 connects to AS100, and site 2 connects to AS200. Both site 1 and site 2 provide
MPLS VPN. To set up MPLS VPN connection between site 1 and site 2, back-to-back
(VRFVRF) is used. This is the simplest mode to realize VPN between ASs.
1-27
Configuration Thought
1. All of PE1, PE2 and PE3, PE4 have VPN1. The RD is 1:1, and the RT is 1:1.
2. Establish LDP, IGP and MPIGP neighborhoods between PE1 and PE2. Establish LDP,
IGP and MP-IBGP neighborhoods between PE3 and PE4. Advertise the loopback
addresses by IGP.
Configuration Commands
1. Bind vpn1 to PE1. Establish EBGP connection between PE1 and CE1.
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#neighbor 100.1.1.2 remote-as 65000
2. Establish MP-IBGP neighborhood between PE1 and PE2 by using the loopback
interfaces 1.2.3.4 and 2.3.4.5.
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.2.3.4 remote-as 100
PE2(config-bgp)#neighbor 1.2.3.4 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.2.3.4 active
1-28
Configuration Verification
Use show bgp vpnv4 unicast vrf vpn1 summary on PE1 to view the EBGP neighborhood
establishing with 100.1.1.2.
PE1#show bgp vpnv4 unicast vrf vpn1 summary
1-29
Use show bgp vpnv4 unicast neighbor 1.2.3.4 on PE2 to view the configuration,
PE2#show bgp vpnv4 unicast neighbor 1.2.3.4
BGP neighbor is 1.2.3.4, remote AS 100, external link
BGP version 4, remote router ID 1.2.3.4
BGP state = Established, up for 1w0d
Last read update 1w0d, hold time is 180 seconds, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received
New ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Graceful Restart Capability: received
Address families preserved by peer :
Help peer is in normal state
Remote Restart timer is 0 seconds
External BGP neighbor may be up to 8 hops away.
All received 11593 messages
128 updates, 0 errs
2 opens, 0 errs
11462 keepalives
0 VPNv4 refreshes, 1 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes,
0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 0 errs
0 notifications, 0 other errs
After last established received 11480 messages
64 updates, 0 errs
0 opens, 0 errs
11415 keepalives
0 VPNv4 refreshes, 1 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 IPv6 vpn refreshe
s, 0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 0 errs
0 IPv4 end_of_ribs, 0 VPNv4 end_of_ribs, 0 IPv6 end_of_ribs,
0 VPNv6 end_of_ribs, 0 IPv4 route-target end_of_ribs
0 notifications, 0 other errs
All sent 11995 messages
548 updates, 2 opens, 11444 keepalives
0 VPNv4 refreshes, 0 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes,
0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 1 notifications
After last established sent 11812 messages
415 updates, 0 opens, 11397 keepalives
0 VPNv4 refreshes, 0 IPv4 refreshes, 0 IPv4 multicast refreshes,
1-30
1-31
Use show bgp vpnv4 unicast vrf vpn1 summary on PE4 to view the EBGP neighborhood
establishing with 200.1.1.2.
PE4#show bgp vpnv4 unicast vrf vpn1 summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
200.1.1.2 4 65000 0 0 00:15:00 0
1-32
1-33
1-34
Use show bgp vpnv4 unicast vrf vpn1 summary on PE2 to view the MP-EBGP neighborhood
establishing with 150.3.2.3 (PE3).
PE2#show bgp vpnv4 unicast vrf vpn1 summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
150.3.2.3 4 200 0 0 00:22:35
1-35
2 ZXR10(config-bgp)#address-family ipv4 vrf < vpn-name> This enters IPv4 VRF address
family configuration mode.
Parameter Description
< map-tag> The name of suppress map, the length is 1-32 characters.
Command Function
This example shows what will be displayed after show ip route vpn is used. Here, the
informations about route aggregation can be viewed.
ZXR10#show ip route vpn
Routes of vpn:
1-36
Type RD type
1-37
Configuration Thought
1. Establish MP-BGP neighborhood between PE1 and PE2. The loopback address of
PE1 is 1.1.1.1/32, and that of PE2 is 1.1.1.2/32.
2. Create a VRF called test1 on PE1 and PE2. Bind vlan1 and vlan2 to VPN1.
3. Establish EBGP neighborhood between CE2 and PE1, CE1 and PE1 respectively.
Configuration Process
CE1 configuration,
CE1(config)#interface vlan1
CE1(config-if-vlan1)#ip address 20.0.0.2 255.255.255.0
CE1(config-if-vlan1)#exit
CE1(config)#router bgp 200
CE1(config-bgp)#network 150.1.0.0 255.255.0.0
CE1(config-bgp)#neighbor 20.0.0.1 remote-as 100
CE2 configuration,
CE2(config)#interface vlan2
CE2(config-if-vlan2)#ip address 30.0.0.2 255.255.255.0
CE2(config-if-vlan2)#exit
CE2(config)#router bgp 300
CE2(config-bgp)#network 150.2.0.0 255.255.0.0
CE2(config-bgp)#neighbor 30.0.0.1 remote-as 100
PE1 configuration,
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface vlan3
PE1(config-if-vlan3)#ip address 10.0.0.1 255.255.255.0
1-38
PE1(config-if-vlan3)#exit
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface vlan3
PE1(config-ldp-1-if-vlan3)#exit
PE1(config-ldp-1)#exit
PE1(config)#mpls interface vlan3
PE1(config)#interface vlan1
PE1(config-if-vlan1)#ip vrf forwarding test1
PE1(config-if-vlan1)#ip address 20.0.0.1 255.255.255.0
PE1(config-if-vlan1)#exit
PE1(config)#interface vlan2
PE1(config-if-vlan2)#ip vrf forwarding test1
PE1(config-if-vlan2)#ip address 30.0.0.1 255.255.255.0
PE1(config-if-vlan2)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.1.1.1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.2 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.2 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af-ipv4-vrf)#aggregate-address 150.0.0.0 255.0.0.0 summary-only
PE1(config-bgp-af-ipv4-vrf)#neighbor 20.0.0.2 remote-as 200
PE1(config-bgp-af-ipv4-vrf)#neighbor 30.0.0.2 remote-as 300
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.2 activate
PE1(config-bgp-af-vpnv4)#exit
PE2 configuration,
PE2(config)#ip vrf test1
PE2(config-vrf-test1)#rd 100:1
PE2(config-vrf-test1)#address-family ipv4
PE2(config-vrf-test1-af-ipv4)#route-target import 100:1
PE2(config-vrf-test1-af-ipv4)#route-target export 100:1
PE2(config-vrf-test1-af-ipv4)#exit
PE2(config-vrf-test1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface vlan3
1-39
Configuration Check
View VRF routing table on PE1. Here, both the sub-routes and the aggregated route can
be viewed.
PE1(config)#show ip protocol routing vrf test1
Routes of vpn:
status codes: *valid, >best, s-stale
View PE2 routing table. Here, only the aggregated route can be viewed.
1-40
l Direct connection
l Static
l Dynamic unicast route protocol
The function of VPN Route Limit controls the routes to access to PE from CE through many
methods.
Parameter Description
warning-only When the total number of VRF routes exceeds the threshold
value, give an alarm but not restrict the routes.
1-41
Command Function
When the detailed information of the VRF is displayed, the information related to route
restriction and alarm is displayed. The following is a sample output of the show ip vrf detail
command:
ZXR10(config)#show ip vrf detail
VRF mng (VRF Id = 2048); default RD not set
Address family ipv4:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Mpls label mode:
ipv4 VRF label allocation mode: per-prefix
ipv6 VRF label allocation mode: per-prefix
Interface:
mgmt_eth
VRF 1 (VRF Id = 1); default RD 1:1
Description: abcd
Address family ipv4:
Export VPN route-target communities
1:1
Import VPN route-target communities
1:1
No import route-map
No export route-map
Route warning limit 100000
priority: 2
No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6:
Export VPN route-target communities
3:4
Import VPN route-target communities
3:4
Import route-map: 4
1-42
Export route-map: 3
Mpls label mode:
ipv4 VRF label allocation mode: per-vrf
ipv6 VRF label allocation mode: per-prefix
per-vrf inlabel: 213059
Interface:
vlan10
vlan21
vlan501
Export VPN route-target Exports the RT attributes included in the VPN route.
communities
Import VPN route-target Imports the RT attributes included in the VPN route.
communities
The IP address of int 1 is 10.1.1.1/24, and that of port 1 is 10.1.1.2/24. CE1 accesses to
PE1 through EBGP.
Configuration Process
1. To establish EBGP neighborhood between PE1 and CE1, configure PE1 as follows,
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.1.2 remote-as 200
1-43
Use show bgp vpnv4 unicast vrf zte summary on PE1 to view whether the neighborhood
between PE1 and CE1 is established.
2. Configure the maximum value of VRF zte routes is 100 on PE1, and the route alarm
threshold value is 60%.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 60
Use show ip vrf detail zte to view the configuration result of maximum routes.
Enable alarm and terminal monitor functions on PE1 to view the alarm if the number
of routes exceeds the threshold.
PE1#terminal monitor
PE1#configure terminal
PE1(config)#logging on
3. CE1 advertises 50 EBGP route entries to PE1 (it does not exceed the 60% of alarm
threshold value). Use show ip protocol routing vrf zte to view the 50 VRF EBGP route
entries on PE1. PE1 does not give any alarm.
4. CE1 continues to advertise 20 EBGP route entries to PE1. There are 70 EBGP route
entries now (It exceeds 60% of alarm threshold value). Use show ip protocol routing
vrf-summary zte on PE1 to view the 70 VRF EBGP route entries. PE1 gives an alarm.
PE1(config)#show ip protocol routing vrf-summary zte
VRF Source Count
connected: 4
static: 0
ospf: 0
rip: 0
bgp: 1
isis: 0
icmp: 0
snmp: 0
nat: 0
natpt: 0
vrrp: 0
ppp: 0
asbr_vpn: 0
rsvpte: 0
usr-ipaddr: 0
usr-net: 0
ipsec: 0
ps-user: 0
ps-busi: 0
ves: 0
ldp: 0
user-special: 0
1-44
dhcp-dft: 0
dhcp-static: 0
sl_nat64_v4: 0
Total: 5
1-45
The alarm that the number of VRF routes exceeds the threshold value is displayed by
PE1.
An alarm 200310 ID 160 level 3 occurred at 09:47:09 06-06-2014
sent by ZXR10 MP-0/T1/0
%L3VPN% Routes limit is reached.
Error data:The routes limit of 105 is reached
xAn alarm 200311 ID 161 level 5 occurred
at 09:47:09 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes warning limit is reached.
Warning data:The routes warning limit of 105 is reached
6. CE1 cancels the route entries that it advertised to PE1 before, and it advertises another
50 EBGP route entries to PE1. Use show ip protocol routing vrf-summary zte on PE1
to view the 50 VRF EBGP routes. PE1 does not give any alarm.
7. Modify the route alarm threshold of VRF zte to 40% on PE1. The upper limitation of
route is still 100 entries.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 40
Use show ip vrf detail zte to view the configuration result of maximum routes. It shows
that there are 50 route entries and PE1 does not give any alarm.
8. CE1 cancels the 50 EBGP route entries that it advertised to PE1 before, and it
advertises to PE1 again. PE1 gives an alarm to prompt that the route alarm threshold
is exceeded.
An alarm 200310 ID 162 level 3 cleared at
09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes limit is reached.
Error data:The routes limit of 105 is reached
An alarm 200311 ID 163 level 5 cleared at
09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes warning limit is reached.
Warning data:The routes warning limit of 105 is reached
9. Configure warning-only function of VPN route restriction alarm on vrf zte on PE1.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 warning-only
PE1(config-vrf-zte-af-ipv4)#exit
View the number of current routes, route restriction value, and alarm threshold value
of vrf zte on PE1. The total number of routes is 50, there is no alarm appears because
the route threshold value is not exceeded.
1-46
1:1
Import VPN route-target communities
1:1
No import route-map
No export route-map
priority: 2
No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6 not active.
Mpls label mode:
ipv4 VRF label allocation mode: per-vrf
ipv6 VRF label allocation mode: per-prefix
per-vrf inlabel: 212999
Interface:
vlan1
Advertise another 60 routes from CE1. The number of routes exceeds the threshold
value. PE1 displays the corresponding alarm. VRF zte of PE1 does not restrict extra
routes.
An alarm 200310 ID 162 level 3 cleared at
09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes limit is reached.
Error data:The routes limit of zte is reached
An alarm 200311 ID 163 level 5 cleared at
09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes warning limit is reached.
Warning data:The routes warning limit of zte is reached
1-47
1-48
To connect all the user LANs and provide L2 switch service, it emulates operator
network to a LAN switch or bridge. The difference between VPLS and VPWS is that
VPWS provides point to point service only while VPLS provides point to multi-points
2-1
services. That is, CE device on VPWS selects a virtual wire to send data to a user
site, while CE device on VPLS sends all data to its PE device connecting only.
2-2
L2VPN instance and member information can be configured only when the L2VPN service
is enabled.
Configuring an MSPW
The Multi-Segment Pseudo-Wire (MSPW) is an emulational end-to-end pseudo wire
established between two PEs. To configure an MSPW on the ZXR10 5900E, perform the
following steps:
2-3
Parameter Description
Parameter Description
<pw-name> PW name
Parameter Description
Parameter Description
2-4
Command Function
Parameter Description
The following is sample output from the show l2vpn brief command:
ZXR10(config)#show l2vpn brief
VPLS count:1 VPWS count:1 MSPW count:1
name type Default-VCID PW AC description
test VPLS 0 1 0
ts MSPW - 0 0
zte VPWS - 0 0
For a description of the parameters in the execution result, refer to the following table:
Parameter Description
PW Number of PWs
AC Number of ACs
The following is sample output from the show l2vpn summary command:
ZXR10(config)#show l2vpn summary
2-5
For a description of the parameters in the execution result, refer to the following table:
Parameter Description
The following is sample output from the show l2vpn forwardinfo detail command:
ZXR10#show l2vpn forwardinfo detail
Headers : ALLOK - Pseudowire Forwarding
PWNF - Pseudowire Not Forwarding
AR - Local AC (ingress) Receive Fault
AT - Local AC (egress) Transmit Fault
PSNR - Local PSN-facing PW (ingress) Receive Fault
PSNT - Local PSN-facing PW (egress) Transmit Fault
PWFS - Pseudowire forwarding standby
RS - Request switchover to this PW
PWSA - Pseudowire Status All Fault
Codes : -unknown, *yes, .no
-----------------------------------------------------------------------------
Service type and instance name:[VPLS zte]
Peer IP address : 172.168.9.190 VC status : UP
Connection mode : HUB VC ID : 3
Signaling protocol : Static PW VC type : VLAN
Last status change time : 2d 21:25:45 Create time : 2d 23:17
MPLS VC local label : 100 Remote label : 200
SDU name : sdu3 Control Word : DISABLE
Remote status : - PW FRR type : NULL
Tunnel label : { 16389 }
Output interface : vlan314
Imposed label stack : { 200 16389 }
For a description of the parameters in the execution result, refer to the following table:
2-6
VC ID PW VC ID
VC type VC type
Imposed label stack Information about imposed label stack when the PW sends
data
It is a link between user and service provider, that is to say, the connection between
CE and PE. Ethernet interfaces are usually used in access circuit.
l TAG
TAG is added by service provider to distinguish users. It is called Service Delimiting
(SDT), also called PTAG.
2-7
There are two modes for PW emulating Ethernet, Raw and Tagged modes.
l In Raw mode, the type of PW is Ethernet. The packets are transmitted in PW without
PTAG. PTAG will be removed if an AC packet containing PTAG is transmitted in PW.
The information of VLAN tag will not be changed in PW transmission if the AC packet
is transmitted without PTAG.
l In Tag mode, the type of PW is Ethernet-VLAN. The packets are transmitted in PW
with PTAG. PTAG will be kept with the AC packet to transmit to the peer PE if the AC
packet contains PTAG. A PTAG or a special PTAG-Vlan 0tag is encapsulated into the
AC packet if the AC packet is transmitted in PW without PTAG.
Caution!
In both of RAW and Tag modes, the user VLAN tags locating at frame headers are
transmitted transparently without any changing.
2-8
PW has two transmission modes, Spoke and Hub modes. To solve the full-connection
broadcast loop and realize the hierarchical accessing, people define PW transmission
attributes Spoke and Hub modes and AC Server/Client mode. In VPLS working
mechanism, PE broadcasts (flooding) broadcast, multicast and unknow frames to other
network members. The broadcast rules of different modes are described below.
l Broadcast the broadcast packets received from a Spoke mode PW to all ACs (Client
and Server), Hub mode PWs and other Spoke mode PWs.
l Broadcast the broadcast packets received from a Server (Server-AC) to other ACs
(Client and Server), all Spoke mode PWs and Hub mode PWs.
l Broadcast the broadcast packets received from a Hub mode PW to all Server-ACs
and Spoke mode PWs, but not broadcast to other Hub mode PWs and all Client-ACs.
l Broadcast the broadcast packets received from a Client (Client-AC) to all Server-ACs
and Spoke mode PWs, but not broadcast to Hub mode PWs and other Client-ACs.
2-9
Parameter Description
Parameter Description
2-10
Parameter Description
Parameter Description
[<1-4294967295>] VC ID
Parameter Description
Parameter Description
<pw-name> PW name
Command Function
ZXR10#show l2vpn brief Displays the list of L2VPN instances and the
number of AC and PW interfaces bound to
L2VPN instances.
ZXR10#show l2vpn forwardinfo {[vpnname Displays the valid PW list in accordance with
<instance-name>]|[peer <ipv4-address>]}[detail] the instance name.
ZXR10#show pwe3 signal Displays the brief information about the PW.
ZXR10#show pwe3 signal fec128 {detail [local-label Displays the detailed information of the PW.
<16-1048575>| peer <peerip>]
2-11
Command Function
The following is sample output from the show l2vpn brief command:
VPLS count:1 VPWS count:1 MSPW count:1
name type Default-VCID PW AC description
test VPLS 0 1 0
ts MSPW - 0 0
zte VPWS - 0 0
For a description of the parameters in the execution result, refer to the following table:
Parameter Description
The following is sample output from the show l2vpn summary command:
ZXR10(config-vpls)#show l2vpn summary
The summary information about configured L2VPN:
vpn type configure/maximum
VPLS 1/4095
VPWS 1/4095
MSPW 1/8192
For a description of the parameters in the execution result, refer to the following table:
The following is sample output from the show l2vpn forwordinfo command:
ZXR10(config)#show l2vpn forwardinfo
Headers: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label
2-12
For a description of the parameters in the execution result, refer to the following table:
VCID PW vcid
PWType PW type
State PW state
The following is sample output from the show pwe3 signal command:
ZXR10(config)#show pwe3 signal
The signal information of FEC 128/129 PWs in brief:
Headers:
Neighbourhood - neighbour's IP address, LDP state and related PW name;
Service - PW encapsulation mode and service instance's type and index;
AIIs - target AII and source AII (FEC129 only);
Descriptions - remote description and local description (FEC128 only);
Labels - local label (in label) and remote label (out label)
Codes : L - Local configured; M - Mapping received; N - Negotiated;
S - mapping Sent; A - AC ready (VPWS) or service Attached (VPLS/MSPW);
C - Control word used;
Up - PW signal procedures succeeded and both VC-LSPs formed;
Down - PW not UP;
Vague - session state is not UP;
Ready - session state is UP;
GR1 - session state is not UP and PW's remote label is staling;
GR2 - session state is UP but PW's remote label is staling as before
Marks : ?unknown; .placeholder; ^decimal vcid; $auto_; *ellipsis
---------------------------------------------------------------------------
Neighbourhood AGI/VC-ID Service AIIs/Descriptions Labels Status
--------------------------------------------------------------------------
100.100.1.2 00000064 ethernet 100.100.1.2 1684275458 81922 UP
Ready $pw1 00000064 VPLS:1 100.100.1.1 1684275457 81923 LMNSA.
100.100.1.2 80 ethernet vpls_zte2222222222***22222 81921 UP
Ready pw55901 ^^^^^^^ VPLS:2 vpls_zte1111111111***11111 81922 LMNSA.
2-13
For a description of the parameters in the execution result, refer to the following table:
The following is sample output from the show pwe3 signal fec128 detail command:
ZXR10#show pwe3 signal fec128 detail
The detailed signal information of dynamic PWs or PW-segments:
Some signal information are referred to as follows:
NON - the LDP session is absent,
UP - the LDP session is OPERATIONAL,
GR1 - the LDP session is reconnecting,
GR2 - the LDP session's remote mappings are recovering,
DOWN - not UP(or NON,or GR1,or GR2).
2-14
local-description : vlan200
remote-description : ??
For a description of the parameters in the execution result, refer to the following table:
Sent Whether local end sends a mapping message to the peer end
The following is sample output from the show pwe3 signal statistics command:
ZXR10(config)#show pwe3 signal statistics
The statistics of dynamic PWs or PW-segments:
Headers : APP - application instance of PW,
C-bit - the PWs using control word,
ether - the ethernet raw PWs,
2-15
For a description of the parameters in the execution result, refer to the following table:
Parameter Description
the used dynamic PWs Information of dynamic PWs used on the data layer
the unused dynamic PWs Information of PWs unused on the data layer
2-16
Configuration Thought
1. Configure interface addresses so that PE1 interconnects to PE2.
2. Configure loopback interfaces as the LDP Router-IDs.
3. Configure OSPF to advertise the loopback interface addresses.
4. Configure an LDP instance. It is unnecessary to establish a target-session on the
direct-connected link.
5. Configure an L2VPN instance.
Configuration Commands
PE1 configuration,
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 206.206.206.206 255.255.255.0
PE1(config-if-loopback1)#exit
PE1(config)#switchvlan-configuration
PE1(config-swvlan)#interface gei-0/1/1/2
PE1(config-swvlan-if-gei-0/1/1/2)#switchport access vlan 100
PE1(config-swvlan-if-gei-0/1/1/2)#exit
PE1(config-swvlan)#exit
PE1(config)#interface vlan100
PE1(config-if-vlan100)#ip address 100.0.0.1 255.255.255.0
PE1(config-if-vlan100)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#network 206.206.206.206 0.0.0.0 area 0
PE1(config-ospf-1)#network 100.0.0.0 0.0.0.255 area 0
PE1(config-ospf-1)#exit
PE1(config)#interface gei-0/1/1/1.1
PE1(config-if-gei-0/1/1/1.1)#exit
PE1(config)#vlan-configuration
PE1(config-vlan)#interface gei-0/1/1/1.1
PE1(config-vlan-if-gei-0/1/1/1.1)#encapsulation-dot1q range 10
2-17
PE1(config-vlan-if-gei-0/1/1/1.1)#exit
PE1(config-vlan)#exit
PE1(config)#
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface vlan100
PE1(config-ldp-1-if-vlan100)#$
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#$
PE1(config)#mpls l2vpn enable
PE1(config)#pw pw1
PE1(config)#vpls 128
PE1(config-vpls-128)#access-point gei-0/1/1/1.1
PE1(config-vpls-128-ac-gei-0/1/1/1.1)#access-params ethernet
PE1(config-vpls-128-ac-gei-0/1/1/1.1-eth)#$
PE1(config-vpls-128-ac-gei-0/1/1/1.1)#$
PE1(config-vpls-128)#pseudo-wire pw1
PE1(config-vpls-128-pw-pw1)#neighbour 207.207.207.207 vcid 1
PE1(config-vpls-128-pw-pw1-neighbour)#$
PE1(config-vpls-128-pw-pw1)#$
PE1(config-vpls-128)#$
PE1(config)#mpls interface vlan100
PE1(config)#$
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 207.207.207.207 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#switchvlan-configuration
PE2(config-swvlan)#interface gei-0/1/1/2
PE2(config-swvlan-if-gei-0/1/1/2)#switchport access vlan 100
PE2(config-swvlan-if-gei-0/1/1/2)#exit
PE2(config-swvlan)#exit
PE2(config)#interface vlan100
PE2(config-if-vlan100)#ip address 100.0.0.2 255.255.255.0
PE2(config-if-vlan100)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#network 207.207.207.207 0.0.0.0 area 0
PE2(config-ospf-1)#network 100.0.0.0 0.0.0.255 area 0
PE2(config-ospf-1)#exit
PE2(config)#interface gei-0/1/1/1.1
PE2(config-if-gei-0/1/1/1.1)#exit
PE2(config)#vlan-configuration
PE2(config-vlan)#interface gei-0/1/1/1.1
PE2(config-vlan-if-gei-0/1/1/1.1)#encapsulation-dot1q 10
PE2(config-vlan-if-gei-0/1/1/1.1)#exit
2-18
PE2(config-vlan)#exit
PE2(config)#
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#interface vlan100
PE2(config-ldp-1-if-vlan100)#$
PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#$
PE2(config)#mpls l2vpn enable
PE2(config)#pw pw1
PE2(config)#vpls 128
PE2(config-vpls-128)#access-point gei-0/1/1/1.1
PE2(config-vpls-128-ac-gei-0/1/1/1.1)#access-params ethernet
PE2(config-vpls-128-ac-gei-0/1/1/1.1-eth)#$
PE2(config-vpls-128-ac-gei-0/1/1/1.1)#$
PE2(config-vpls-128)#pseudo-wire pw1
PE2(config-vpls-128-pw-pw1)#neighbour 206.206.206.206 vcid 1
PE2(config-vpls-128-pw-pw1-neighbour)#$
PE2(config-vpls-128-pw-pw1)#$
PE2(config-vpls-128)#$
PE2(config)#mpls interface vlan100
PE2(config)#$
Configuration Verification
After the configuration, a VPLS PW can be established successfully. The following
information shows the result of configuration check.
PE1:
PE1(config-vpls-test)#show l2vpn forwardinfo
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
$pw - auto_pw
2-19
PE2:
PE2(config)#show l2vpn forwardinfo
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
$pw - auto_pw
2-20
2-21
Parameter Description
Parameter Description
Parameter Description
Parameter Description
Parameter Description
2-22
Parameter Description
Parameter Description
status BFD has both the detection capability and the status
advertisement capability
ip BFD PDU uses the encapsulation with both the IP and UDP
header (control-word encapsulation)
2-23
Command Function
ZXR10#show pwe3 signal fec128 {detail [local-label <16-1048575>| Displays the PW information in
peer <peerip>] detail.
The following is sample output from the show l2vpn brief command:
ZXR10(config)#show l2vpn brief
VPLS count:1 VPWS count:1 MSPW count:0
name type Default-VCID PW AC description
test VPLS 0 1 0
zte VPWS - 0 0
For a description of the parameters in the execution result, refer to the following table:
The following is sample output from the show l2vpn summary command:
ZXR10(config)#show l2vpn summary
The summary information about configured L2VPN:
vpn type configure/maximum
2-24
VPLS 1/4095
VPWS 1/4095
MSPW 0/8192
For a description of the parameters in the execution result, refer to the following table:
The following is sample output from the show l2vpn forwordinfo command:
ZXR10(config-vpws-sdu-pw)#show l2vpn forwardinfo
Headers: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - owner type and instance name
Codes: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
For a description of the parameters in the execution result, refer to the following table:
VCID PW vcid
PWType PW type
State PW state
The following is sample output from the show pwe3 signal command:
ZXR10#show pwe3 signal
The signal information of FEC 128/129 PWs in brief:
2-25
---------------------------------------------------------------------------
Neighbourhood AGI/VC-ID Service AIIs/Descriptions Labels Status
--------------- ---------- ---------- ------------------------------ ------
1.1.1.2 100 Ethernet vlan2 81920 UP
Ready pw1 ^^^^^^^^^^ VPWS:1 vlan2 81920 LMNSA.
For a description of the parameters in the execution result, refer to the following table:
vcid PW vcid
pw-type PW type
The following is sample output from the show pwe3 signal fec128 detail command:
ZXR10#show pwe3 signal fec128 detail
The detailed signal information of dynamic PWs or PW-segments:
Some signal information are referred to as follows:
NON - the LDP session is absent,
UP - the LDP session is OPERATIONAL,
GR1 - the LDP session is reconnecting,
GR2 - the LDP session's remote mappings are recovering,
DOWN - not UP(or NON,or GR1,or GR2).
PW entity : < 1.1.1.1 , 1 , Ethernet >
LSPs formed : NO ( LDP session absent )
C-bits : local : NO , remote : ??
negotiated : ??
MTU : local : 1500 , remote : ??
2-26
negotiated : ??
labels : local : 81920 , remote : ??
signal : Configured : YES , Received : NO
Negotiated : NO , Sent : NO
AC ready : YES
oam status : local : PSN rcv(0),snd(0); AC rcv(1),snd(1); Error(0)
remote : PSN rcv(?),snd(?); AC rcv(?),snd(?); Error(?)
redundancy : local : ?? , remote : ??
negotiated : ??
application : service-type : VPWS , instance-id: 1
MAC-withdraw : received : 0 , sent : 0
local-VCCV : CC-type : NO , CV-type : NO
remote-VCCV : CC-type : ?? , CV-type : ??
actual-VCCV : CC-type : ?? , CV-type : ??
LDP session : The LDP session's state is NON, please check it.
attachment-circuit : vlan200
local-description : vlan200
remote-description : ??
For a description of the parameters in the execution result, refer to the following table:
Sent Whether local end sends a mapping message to the peer end
2-27
Configuration Thought
1. Configure an interface address for the switch so that PE1 can interconnect to PE2.
2. Configure a loopback interface and use it as the Router-ID of the LDP.
3. Configure the static route protocol and advertise the loopback interface mutually.
4. Configure an LDP instance. It is unnecessary to establish a target-session for the
direct-connected link.
5. Configure an L2VPN instance.
Configuration Commands
Run the following commands on PE1:
ZXR10(config)#interface gei-0/1/1/1
ZXR10(config-if-gei-0/1/1/1)#no shutdown
ZXR10(config-if-gei-0/1/1/1)#exit
ZXR10(config)#interface vlan1
ZXR10(config-if-vlan1)#ip address 10.1.1.1 255.255.255.0
ZXR10(config-if-vlan1)#no shutdown
ZXR10(config-if-vlan1)#exit
2-28
ZXR10(config)#interface loopback1
ZXR10(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
ZXR10(config-if-loopback1)#exit
ZXR10(config)#ip route 1.1.1.2 255.255.255.255 10.1.1.2
ZXR10(config)#mpls ldp instance 1
ZXR10(config-ldp-1)#router-id loopback1
ZXR10(config-ldp-1)#interface vlan1
ZXR10(config-ldp-1-if-vlan1)#exit
ZXR10(config-ldp-1)#exit
ZXR10(config)#pw pw1
ZXR10(config)#interface vlan2
ZXR10(config-if-vlan2)#exit
ZXR10(config)#mpls l2vpn enable
ZXR10(config)#vpws test
ZXR10(config-vpws-test)#mtu 100
ZXR10(config-vpws-test)#access-point vlan2
ZXR10(config-vpws-test-ac-vlan2)#access-params ethernet
ZXR10(config-vpws-test-ac-vlan2-eth)#exit
ZXR10(config-vpws-test-ac-vlan2)#exit
ZXR10(config-vpws-test)#pseudo-wire pw1
ZXR10(config-vpws-test-pw-pw1)#neighbour 1.1.1.2 vcid 100
ZXR10(config-vpws-test-pw-pw1-neighbour-1.1.1.2)#exit
ZXR10(config-vpws-test-pw-pw1)#exit
ZXR10(config-vpws-test)#exit
ZXR10(config)#
ZXR10(config)#interface gei-0/1/1/1
ZXR10(config-if-gei-0/1/1/1)#no shutdown
ZXR10(config-if-gei-0/1/1/1)#exit
ZXR10(config)#interface vlan1
ZXR10(config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
ZXR10(config-if-vlan1)#no shutdown
ZXR10(config-if-vlan1)#exit
ZXR10(config)#interface loopback1
ZXR10(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
ZXR10(config-if-loopback1)#exit
ZXR10(config)#ip route 1.1.1.1 255.255.255.255 10.1.1.1
ZXR10(config)#mpls ldp instance 1
ZXR10(config-ldp-1)#router-id loopback1
ZXR10(config-ldp-1)#interface vlan1
ZXR10(config-ldp-1-if-vlan1)#exit
ZXR10(config-ldp-1)#exit
ZXR10(config)#pw pw1
ZXR10(config)#interface vlan2
2-29
ZXR10(config-if-vlan2)#exit
ZXR10(config)#mpls l2vpn enable
ZXR10(config)#vpws test
ZXR10(config-vpws-test)#mtu 100
ZXR10(config-vpws-test)#access-point vlan2
ZXR10(config-vpws-test-ac-vlan2)#access-params ethernet
ZXR10(config-vpws-test-ac-vlan2-eth)#exit
ZXR10(config-vpws-test-ac-vlan2)#exit
ZXR10(config)#pseudo-wire pw1
ZXR10(config-vpws-test-pw-pw1)#neighbour 1.1.1.1 vcid 100
ZXR10(config-vpws-test-pw-pw1-neighbour-1.1.1.1)#exit
ZXR10(config-vpws-test-pw-pw1)#exit
ZXR10(config-vpws-test)#exit
ZXR10(config)#
Configuration Verification
Run the show l2vpn forwardinfo command to verify that the VPWS PW is configured
successfully on the switch. The execution result is displayed as follows:
ZXR10(config)#show l2vpn forwardinfo
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
$pw - auto_pw
2-30
II
III
IV
IANA
- Internet Assigned Number Authority
IETF
- Internet Engineering Task Force
ILMI
- Interim Local Management Interface
IP
- Internet Protocol
IS-IS
- Intermediate System-to-Intermediate System
ISP
- Internet Service Provider
LAN
- Local Area Network
LMI
- Local Management Interface
LSP
- Label Switched Path
LSP
- Link State Packet
MAN
- Metropolitan Area Network
MC-ELAM
- Multi-Chassis Ethernet Link Aggregation Manager
MPLS
- Multiprotocol Label Switching
NAT
- Network Address Translation
OSPF
- Open Shortest Path First
PE
- Provider Edge
PW
- Pseudo Wire
PWE3
- Pseudo Wire Emulation Edge-to-Edge
RD
- Route Distinguisher
RFC
- Request For Comments
RIP
- Routing Information Protocol
SP
- Service Provider
TDM
- Time Division Multiplexing
VC
- Virtual Connection
VC
- Virtual Circuit
VCC
- Virtual Channel Connection
VFI
- Virtual Forwarding Instance
VPLS
- Virtual Private LAN Service
VI
VPN
- Virtual Private Network
VPWS
- Virtual Private Wire Service
VRF
- Virtual Route Forwarding
WAN
- Wide Area Network
VII