Example for Configuring a Mixed Multi-Segment PW
Networking Requirements
As shown in Figure 11-15, the MPLS network of an ISP provides the L2VPN service for users. The S-PE has powerful functions, and U-PE1 and U-PE2 (U-PE2 supports only static PWs) function as access devices and cannot directly establish remote LDP session. Many users connect to the MPLS network through U-PE1 and U-PE2, and users on the U-PEs change frequently. A proper VPN solution is required to provide secure VPN services for users and simplify configuration and maintenance when new users connect to the network.
Configuration Roadmap
Because the S-PE has powerful functions, and U-PE1 and U-PE2 cannot directly establish remote LDP sessions, you can configure a multi-segment PW and PW switching on the S-PE to meet the customer requirements. U-PE2 supports only static PWs, so a mixed multi-segment PW is used.
The configuration roadmap is as follows:
Configure an IGP protocol on the backbone network so that backbone network devices can communicate.
Configure basic MPLS functions and establish LSP tunnels on the backbone network.
Set up a remote LDP session between U-PE1 and the S-PE.
Set up static or dynamic MPLS L2VC connections on the U-PEs.
Configure PW switching on the S-PE.
Procedure
- Configure an IP address for each interface on the devices according to Figure 11-15.
# Configure CE1. The configuration on U-PE1, P1, S-PE, P2, U-PE2, and CE2 is similar to the configuration on CE1 and is not mentioned here.
<Huawei> system-view [Huawei] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0] quit
- Configure an IGP protocol and Loopback address on the MPLS backbone network.
# Configure U-PE1. The configuration on P1, S-PE, P2, and U-PE2 is similar to the configuration on U-PE1 and is not mentioned here.
[U-PE1] interface loopback 0 [U-PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255 [U-PE1-LoopBack0] quit [U-PE1] ospf 1 [U-PE1-ospf-1] area 0 [U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] quit [U-PE1-ospf-1] quit
- Enable MPLS, set up tunnels, and set up a remote LDP session between U-PE1 and the S-PE.
Configure basic MPLS functions and set up tunnels on the MPLS backbone network. In this example, the LSP tunnel is used.
You need to set up a remote LDP session between U-PE1 and the S-PE. U-PE1 is used as an example.
# Configure U-PE1.
[U-PE1] mpls lsr-id 1.1.1.9 [U-PE1] mpls [U-PE1-mpls] quit [U-PE1] mpls ldp [U-PE1-mpls-ldp] quit [U-PE1] interface gigabitethernet 2/0/0 [U-PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 255.255.255.0 [U-PE1-GigabitEthernet2/0/0] mpls [U-PE1-GigabitEthernet2/0/0] mpls ldp [U-PE1-GigabitEthernet2/0/0] quit [U-PE1] mpls ldp remote-peer 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure P1
[P1] mpls lsr-id 2.2.2.9 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface gigabitethernet 1/0/0 [P1-GigabitEthernet1/0/0] mpls [P1-GigabitEthernet1/0/0] mpls ldp [P1-GigabitEthernet1/0/0] quit [P1] interface gigabitethernet 2/0/0 [P1-GigabitEthernet2/0/0] mpls [P1-GigabitEthernet2/0/0] mpls ldp [P1-GigabitEthernet2/0/0] quit
# Configure the S-PE.
[S-PE] mpls lsr-id 3.3.3.9 [S-PE] mpls [S-PE-mpls] quit [S-PE] mpls ldp [S-PE-mpls-ldp] quit [S-PE] interface gigabitethernet 1/0/0 [S-PE-GigabitEthernet1/0/0] mpls [S-PE-GigabitEthernet1/0/0] mpls ldp [S-PE-GigabitEthernet1/0/0] quit [S-PE] interface gigabitethernet 2/0/0 [S-PE-GigabitEthernet2/0/0] mpls [S-PE-GigabitEthernet2/0/0] mpls ldp [S-PE-GigabitEthernet2/0/0] quit [S-PE] mpls ldp remote-peer 1.1.1.9 [S-PE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [S-PE-mpls-ldp-remote-1.1.1.9] quit [S-PE] mpls ldp remote-peer 5.5.5.9 [S-PE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9 [S-PE-mpls-ldp-remote-5.5.5.9] quit
# Configure P2
[P2] mpls lsr-id 4.4.4.9 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface gigabitethernet 1/0/0 [P2-GigabitEthernet1/0/0] mpls [P2-GigabitEthernet1/0/0] mpls ldp [P2-GigabitEthernet1/0/0] quit [P2] interface gigabitethernet 2/0/0 [P2-GigabitEthernet2/0/0] mpls [P2-GigabitEthernet2/0/0] mpls ldp [P2-GigabitEthernet2/0/0] quit
# Configure U-PE2
[U-PE2] mpls lsr-id 5.5.5.9 [U-PE2] mpls [U-PE2-mpls] quit [U-PE2] mpls ldp [U-PE2-mpls-ldp] quit [U-PE2] interface gigabitethernet 1/0/0 [U-PE2-GigabitEthernet1/0/0] mpls [U-PE2-GigabitEthernet1/0/0] mpls ldp [U-PE2-GigabitEthernet1/0/0] quit [U-PE2] mpls ldp remote-peer 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] quit
- Create VCs.
Enable MPLS L2VPN on U-PE1, U-PE2, and the S-PE.
Configure a dynamic VC on U-PE1 and a static VC on U-PE2, and configure mixed PW switching on the S-PE.
# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface gigabitethernet 1/0/0 [U-PE1-GigabitEthernet1/0/0] mpls l2vc 3.3.3.9 100 [U-PE1-GigabitEthernet1/0/0] quit
NOTE:
When you configure mixed PW switching, ip-address vc-id before between specifies the VC ID of a dynamic PW and ip-address vc-id after between specifies the VC ID of a static PW. The two values cannot be interchanged.
# Configure the S-PE.
[S-PE] mpls l2vpn [S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ethernet
# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] pw-template pwt [U-PE2-pw-template-pwt] peer-address 3.3.3.9 [U-PE2-pw-template-pwt] quit [U-PE2] interface gigabitethernet 2/0/0 [U-PE2-GigabitEthernet2/0/0] mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200 [U-PE2-GigabitEthernet2/0/0] quit
- Verify the configuration.
# View information about L2VPN connections on the PEs. The command output shows that an L2VC is set up and the VC status is Up.
# The display on U-PE1 and the S-PE is used as an example.
[U-PE1] display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up Administrator PW : no session state : up AC status : up Ignore AC state : disable VC state : up Label state : 0 Token state : 0 VC ID : 100 VC type : Ethernet destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 1029 remote VC label : 1033 local AC OAM State : up local PSN OAM State : up local forwarding state : forwarding local status code : 0x0 remote AC OAM state : up remote PSN OAM state : up remote forwarding state: forwarding remote status code : 0x0 ignore standby state : no BFD for PW : unavailable VCCV State : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : alert ttl lsp-ping bfd remote VCCV : alert ttl lsp-ping bfd local control word : disable remote control word : disable tunnel policy name : -- PW template name : -- primary or secondary : primary load balance type : flow Access-port : false Switchover Flag : false VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x4 Backup TNL type : lsp , TNL ID : 0x0 create time : 0 days, 0 hours, 3 minutes, 32 seconds up time : 0 days, 0 hours, 2 minutes, 36 seconds last change time : 0 days, 0 hours, 2 minutes, 36 seconds VC last up time : 2013/12/04 16:32:08 VC total up time : 0 days, 0 hours, 2 minutes, 36 seconds CKey : 6 NKey : 5 PW redundancy mode : frr AdminPw interface : -- AdminPw link state : -- Diffserv Mode : uniform Service Class : -- Color : -- DomainId : -- Domain Name : -- BFD for PW : unavailable
[S-PE] display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : LDP<---->SVC Peer IP Address : 1.1.1.9, 5.5.5.9 VC ID : 100, 200 VC Type : Ethernet VC State : up Session State : up, None Local(In)/Remote(Out) Label : 1033/1029, 100/200 InLabel Status : 0 , 0 Local/Remote MTU : 1500/1500, 1500 Local/Remote Control Word : Disable/Disable, Disable Local/Remote VCCV Capability : alert ttl lsp-ping bfd /alert ttl lsp-ping bfd , alert ttl lsp-ping bfd Switch-l2vc tunnel info : 1 tunnels for peer 1.1.1.9 NO.0 TNL Type : lsp , TNL ID : 0xe 1 tunnels for peer 5.5.5.9 NO.0 TNL Type : lsp , TNL ID : 0x10 CKey : 18, 20 NKey : 17, 19 Tunnel policy : --, -- Create time : 0 days, 0 hours, 6 minutes, 8 seconds UP time : 0 days, 0 hours, 6 minutes, 7 seconds Last change time : 0 days, 0 hours, 6 minutes, 7 seconds VC last up time : 2013/12/01 23:25:03 VC total up time : 0 days, 0 hours, 6 minutes, 7 seconds
# CE1 and CE2 can ping each other successfully.
# The display on CE1 is used as an example.
[CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=270 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=220 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 160/206/270 ms
Configuration Files
Configuration file of CE1
# sysname CE1 # interface GigabitEthernet1/0/0 ip address 100.1.1.1 255.255.255.0 # return
Configuration file of U-PE1
# sysname U-PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0 mpls l2vc 3.3.3.9 100 # interface GigabitEthernet2/0/0 ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return
Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
Configuration file of the S-PE
# sysname S-PE # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ethernet # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # mpls ldp remote-peer 5.5.5.9 remote-ip 5.5.5.9 # interface GigabitEthernet1/0/0 ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return
Configuration file of P2
# sysname P2 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return
Configuration file of U-PE2
# sysname U-PE2 # mpls lsr-id 5.5.5.9 mpls # mpls l2vpn # pw-template pwt peer-address 3.3.3.9 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0 ip address 40.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200 # interface LoopBack0 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 40.1.1.0 0.0.0.255 # return
Configuration file of CE2
# sysname CE2 # interface GigabitEthernet1/0/0 ip address 100.1.1.2 255.255.255.0 # return