Configuring MPLS L3VPN inter-AS option B

Network requirements

Site 1 and Site 2 belong to the same VPN. CE 1 of Site 1 accesses the network through PE 1 in AS 100, and CE 2 of Site 2 accesses the network through PE 2 in AS 600.

PEs in the same AS run IS-IS.

PE 1 and ASBR-PE 1 exchange VPNv4 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv4 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv4 routes through MP-EBGP.

ASBRs do not perform route target filtering of received VPN-IPv4 routes.

Figure 75: Network diagram

Table 17: Interface and IP address assignment

Device

Interface

IP address

Device

Interface

IP address

PE 1

Loop0

2.2.2.9/32

PE 2

Loop0

5.5.5.9/32

GE2/1/1

30.0.0.1/8

GE2/1/1

20.0.0.1/8

S2/1/0

1.1.1.2/8

S2/1/0

9.1.1.2/8

ASBR-PE 1

Loop0

3.3.3.9/32

ASBR-PE 2

Loop0

4.4.4.9/32

S2/1/0

1.1.1.1/8

S2/1/0

9.1.1.1/8

S2/1/1

11.0.0.2/8

S2/1/1

11.0.0.1/8

Configuration procedure

  1. Configure PE 1:

    # Configure IS-IS on PE 1.

    <PE1> system-view
    [PE1] isis 1
    [PE1-isis-1] network-entity 10.111.111.111.111.00
    [PE1-isis-1] quit
    

    # Configure LSR ID, and enable MPLS and LDP.

    [PE1] mpls lsr-id 2.2.2.9
    [PE1] mpls ldp
    [PE1-ldp] quit
    

    # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.

    [PE1] interface serial 2/1/0
    [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.0
    [PE1-Serial2/1/0] isis enable 1
    [PE1-Serial2/1/0] mpls enable
    [PE1-Serial2/1/0] mpls ldp enable
    [PE1-Serial2/1/0] quit
    

    # Configure interface Loopback 0, and enable IS-IS on it.

    [PE1] interface loopback 0
    [PE1-LoopBack0] ip address 2.2.2.9 32
    [PE1-LoopBack0] isis enable 1
    [PE1-LoopBack0] quit
    

    # Create VPN instance vpn1, and configure the RD and route target attributes.

    [PE1] ip vpn-instance vpn1
    [PE1-vpn-instance-vpn1] route-distinguisher 11:11
    [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
    [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
    [PE1-vpn-instance-vpn1] quit
    

    # Bind the interface connected to CE 1 to the created VPN instance.

    [PE1] interface gigabitethernet 2/1/1
    [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1
    [PE1-GigabitEthernet2/1/1] ip address 30.0.0.1 8
    [PE1-GigabitEthernet2/1/1] quit
    

    # Enable BGP on PE 1.

    [PE1] bgp 100
    

    # Configure IBGP peer 3.3.3.9 as a VPNv4 peer.

    [PE1-bgp-default] peer 3.3.3.9 as-number 100
    [PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
    [PE1-bgp-default] address-family vpnv4
    [PE1-bgp-default-vpnv4] peer 3.3.3.9 enable
    [PE1-bgp-default-vpnv4] quit
    

    # Redistribute direct routes to the VPN routing table of vpn1.

    [PE1-bgp-default] ip vpn-instance vpn1
    [PE1-bgp-default-vpn1] address-family ipv4 unicast
    [PE1-bgp-default-ipv4-vpn1] import-route direct
    [PE1-bgp-default-ipv4-vpn1] quit
    [PE1-bgp-default-vpn1] quit
    [PE1-bgp-default] quit
    
  2. Configure ASBR-PE 1:

    # Enable IS-IS on ASBR-PE 1.

    <ASBR-PE1> system-view
    [ASBR-PE1] isis 1
    [ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00
    [ASBR-PE1-isis-1] quit
    

    # Configure LSR ID, and enable MPLS and LDP.

    [ASBR-PE1] mpls lsr-id 3.3.3.9
    [ASBR-PE1] mpls ldp
    [ASBR-PE1-ldp] quit
    

    # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.

    [ASBR-PE1] interface serial 2/1/0
    [ASBR-PE1-Serial2/1/0] ip address 1.1.1.1 255.0.0.0
    [ASBR-PE1-Serial2/1/0] isis enable 1
    [ASBR-PE1-Serial2/1/0] mpls enable
    [ASBR-PE1-Serial2/1/0] mpls ldp enable
    [ASBR-PE1-Serial2/1/0] quit
    

    # Configure interface Serial 2/1/1, and enable MPLS.

    [ASBR-PE1] interface serial 2/1/1
    [ASBR-PE1-Serial2/1/1] ip address 11.0.0.2 255.0.0.0
    [ASBR-PE1-Serial2/1/1] mpls enable
    [ASBR-PE1-Serial2/1/1] quit
    

    # Configure interface Loopback 0, and enable IS-IS on it.

    [ASBR-PE1] interface loopback 0
    [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
    [ASBR-PE1-LoopBack0] isis enable 1
    [ASBR-PE1-LoopBack0] quit
    

    # Enable BGP on ASBR-PE 1.

    [ASBR-PE1] bgp 100
    [ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100
    [ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
    [ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
    [ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface serial 2/1/1
    

    # Disable route target based filtering of received VPNv4 routes.

    [ASBR-PE1-bgp-default] address-family vpnv4
    [ASBR-PE1-bgp-default-vpnv4] undo policy vpn-target
    

    # Configure both IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv4 peers.

    [ASBR-PE1-bgp-default-vpnv4] peer 11.0.0.1 enable
    [ASBR-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable
    [ASBR-PE1-bgp-default-vpnv4] quit
    
  3. Configure ASBR-PE 2:

    # Enable IS-IS on ASBR-PE 2.

    <ASBR-PE2> system-view
    [ASBR-PE2] isis 1
    [ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00
    [ASBR-PE2-isis-1] quit
    

    # Configure LSR ID, and enable MPLS and LDP.

    [ASBR-PE2] mpls lsr-id 4.4.4.9
    [ASBR-PE2] mpls ldp
    [ASBR-PE2-ldp] quit
    

    # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.

    [ASBR-PE2] interface serial 2/1/0
    [ASBR-PE2-Serial2/1/0] ip address 9.1.1.1 255.0.0.0
    [ASBR-PE2-Serial2/1/0] isis enable 1
    [ASBR-PE2-Serial2/1/0] mpls enable
    [ASBR-PE2-Serial2/1/0] mpls ldp enable
    [ASBR-PE2-Serial2/1/0] quit
    

    # Configure interface Serial 2/1/1, and enable MPLS.

    [ASBR-PE2] interface serial 2/1/1
    [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0
    [ASBR-PE2-Serial2/1/1] mpls enable
    [ASBR-PE2-Serial2/1/1] quit
    

    # Configure interface Loopback 0, and enable IS-IS on it.

    [ASBR-PE2] interface loopback 0
    [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
    [ASBR-PE2-LoopBack0] isis enable 1
    [ASBR-PE2-LoopBack0] quit
    

    # Enable BGP on ASBR-PE 2.

    [ASBR-PE2] bgp 600
    [ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
    [ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface serial 2/1/1
    [ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600
    [ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0
    

    # Disable route target based filtering of received VPNv4 routes.

    [ASBR-PE2-bgp-default] address-family vpnv4
    [ASBR-PE2-bgp-default-vpnv4] undo policy vpn-target
    

    # Configure both IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv4 peers.

    [ASBR-PE2-bgp-default-vpnv4] peer 11.0.0.2 enable
    [ASBR-PE2-bgp-default-vpnv4] peer 5.5.5.9 enable
    [ASBR-PE2-bgp-default-vpnv4] quit
    [ASBR-PE2-bgp-default] quit
    
  4. Configure PE 2:

    # Enable IS-IS on PE 2.

    <PE2> system-view
    [PE2] isis 1
    [PE2-isis-1] network-entity 10.111.111.111.111.00
    [PE2-isis-1] quit
    

    # Configure the LSR ID, and enable MPLS and LDP.

    [PE2] mpls lsr-id 5.5.5.9
    [PE2] mpls ldp
    [PE2-ldp] quit
    

    # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.

    [PE2] interface serial 2/1/0
    [PE2-Serial2/1/0] ip address 9.1.1.2 255.0.0.0
    [PE2-Serial2/1/0] isis enable 1
    [PE2-Serial2/1/0] mpls enable
    [PE2-Serial2/1/0] mpls ldp enable
    [PE2-Serial2/1/0] quit
    

    # Configure interface Loopback 0, and enable IS-IS on it.

    [PE2] interface loopback 0
    [PE2-LoopBack0] ip address 5.5.5.9 32
    [PE2-LoopBack0] isis enable 1
    [PE2-LoopBack0] quit
    

    # Create VPN instance vpn1, and configure the RD and route target attributes.

    [PE2] ip vpn-instance vpn1
    [PE2-vpn-instance-vpn1] route-distinguisher 12:12
    [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
    [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
    [PE2-vpn-instance-vpn1] quit
    

    # Bind the interface connected to CE 1 to the created VPN instance.

    [PE2] interface gigabitethernet 2/1/1
    [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1
    [PE2-GigabitEthernet2/1/1] ip address 20.0.0.1 8
    [PE2-GigabitEthernet2/1/1] quit
    

    # Enable BGP on PE 2.

    [PE2] bgp 600
    

    # Configure IBGP peer 4.4.4.9 as a VPNv4 peer.

    [PE2-bgp-default] peer 4.4.4.9 as-number 600
    [PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
    [PE2-bgp-default] address-family vpnv4
    [PE2-bgp-default-vpnv4] peer 4.4.4.9 enable
    [PE2-bgp-default-vpnv4] quit
    

    # Redistribute direct routes to the VPN routing table of vpn1.

    [PE2-bgp-default] peer 4.4.4.9 as-number 600
    [PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
    [PE2-bgp-default] address-family vpnv4
    [PE2-bgp-default-vpnv4] peer 4.4.4.9 enable
    [PE2-bgp-default-vpnv4] quit
    

Verifying the configuration

# Use the following command on PE 1 to verify its connectivity to PE 2.

[PE1] ping -a 30.0.0.1 -vpn-instance vpn1 20.0.0.1
Ping 20.0.0.1 (20.0.0.1) from 30.0.0.1: 56 data bytes, press CTRL_C to break 
56 bytes from 20.0.0.1: icmp_seq=0 ttl=255 time=1.208 ms
56 bytes from 20.0.0.1: icmp_seq=1 ttl=255 time=0.867 ms
56 bytes from 20.0.0.1: icmp_seq=2 ttl=255 time=0.551 ms
56 bytes from 20.0.0.1: icmp_seq=3 ttl=255 time=0.566 ms
56 bytes from 20.0.0.1: icmp_seq=4 ttl=255 time=0.570 ms

--- Ping statistics for 20.0.0.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.551/0.752/1.208/0.257 ms