Configuring MPLS L3VPN inter-AS option B
Network requirements
Site 1 and Site 2 belong to the same VPN. CE 1 of Site 1 accesses the network through PE 1 in AS 100, and CE 2 of Site 2 accesses the network through PE 2 in AS 600.
PEs in the same AS run IS-IS.
PE 1 and ASBR-PE 1 exchange VPNv4 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv4 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv4 routes through MP-EBGP.
ASBRs do not perform route target filtering of received VPN-IPv4 routes.
Figure 75: Network diagram
Table 17: Interface and IP address assignment
Device | Interface | IP address | Device | Interface | IP address |
---|---|---|---|---|---|
PE 1 | Loop0 | 2.2.2.9/32 | PE 2 | Loop0 | 5.5.5.9/32 |
GE2/1/1 | 30.0.0.1/8 | GE2/1/1 | 20.0.0.1/8 | ||
S2/1/0 | 1.1.1.2/8 | S2/1/0 | 9.1.1.2/8 | ||
ASBR-PE 1 | Loop0 | 3.3.3.9/32 | ASBR-PE 2 | Loop0 | 4.4.4.9/32 |
S2/1/0 | 1.1.1.1/8 | S2/1/0 | 9.1.1.1/8 | ||
S2/1/1 | 11.0.0.2/8 | S2/1/1 | 11.0.0.1/8 |
Configuration procedure
Configure PE 1:
# Configure IS-IS on PE 1.
<PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.
[PE1] interface serial 2/1/0 [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.0 [PE1-Serial2/1/0] isis enable 1 [PE1-Serial2/1/0] mpls enable [PE1-Serial2/1/0] mpls ldp enable [PE1-Serial2/1/0] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit
# Bind the interface connected to CE 1 to the created VPN instance.
[PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 30.0.0.1 8 [PE1-GigabitEthernet2/1/1] quit
# Enable BGP on PE 1.
[PE1] bgp 100
# Configure IBGP peer 3.3.3.9 as a VPNv4 peer.
[PE1-bgp-default] peer 3.3.3.9 as-number 100 [PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp-default] address-family vpnv4 [PE1-bgp-default-vpnv4] peer 3.3.3.9 enable [PE1-bgp-default-vpnv4] quit
# Redistribute direct routes to the VPN routing table of vpn1.
[PE1-bgp-default] ip vpn-instance vpn1 [PE1-bgp-default-vpn1] address-family ipv4 unicast [PE1-bgp-default-ipv4-vpn1] import-route direct [PE1-bgp-default-ipv4-vpn1] quit [PE1-bgp-default-vpn1] quit [PE1-bgp-default] quit
Configure ASBR-PE 1:
# Enable IS-IS on ASBR-PE 1.
<ASBR-PE1> system-view [ASBR-PE1] isis 1 [ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00 [ASBR-PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface serial 2/1/0 [ASBR-PE1-Serial2/1/0] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Serial2/1/0] isis enable 1 [ASBR-PE1-Serial2/1/0] mpls enable [ASBR-PE1-Serial2/1/0] mpls ldp enable [ASBR-PE1-Serial2/1/0] quit
# Configure interface Serial 2/1/1, and enable MPLS.
[ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/1] mpls enable [ASBR-PE1-Serial2/1/1] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit
# Enable BGP on ASBR-PE 1.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100 [ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0 [ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600 [ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface serial 2/1/1
# Disable route target based filtering of received VPNv4 routes.
[ASBR-PE1-bgp-default] address-family vpnv4 [ASBR-PE1-bgp-default-vpnv4] undo policy vpn-target
# Configure both IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv4 peers.
[ASBR-PE1-bgp-default-vpnv4] peer 11.0.0.1 enable [ASBR-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-default-vpnv4] quit
Configure ASBR-PE 2:
# Enable IS-IS on ASBR-PE 2.
<ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00 [ASBR-PE2-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls ldp [ASBR-PE2-ldp] quit
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface serial 2/1/0 [ASBR-PE2-Serial2/1/0] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Serial2/1/0] isis enable 1 [ASBR-PE2-Serial2/1/0] mpls enable [ASBR-PE2-Serial2/1/0] mpls ldp enable [ASBR-PE2-Serial2/1/0] quit
# Configure interface Serial 2/1/1, and enable MPLS.
[ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit
# Enable BGP on ASBR-PE 2.
[ASBR-PE2] bgp 600 [ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface serial 2/1/1 [ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0
# Disable route target based filtering of received VPNv4 routes.
[ASBR-PE2-bgp-default] address-family vpnv4 [ASBR-PE2-bgp-default-vpnv4] undo policy vpn-target
# Configure both IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv4 peers.
[ASBR-PE2-bgp-default-vpnv4] peer 11.0.0.2 enable [ASBR-PE2-bgp-default-vpnv4] peer 5.5.5.9 enable [ASBR-PE2-bgp-default-vpnv4] quit [ASBR-PE2-bgp-default] quit
Configure PE 2:
# Enable IS-IS on PE 2.
<PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.111.111.111.111.00 [PE2-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9 [PE2] mpls ldp [PE2-ldp] quit
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface serial 2/1/0 [PE2-Serial2/1/0] ip address 9.1.1.2 255.0.0.0 [PE2-Serial2/1/0] isis enable 1 [PE2-Serial2/1/0] mpls enable [PE2-Serial2/1/0] mpls ldp enable [PE2-Serial2/1/0] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit
# Bind the interface connected to CE 1 to the created VPN instance.
[PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 20.0.0.1 8 [PE2-GigabitEthernet2/1/1] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Configure IBGP peer 4.4.4.9 as a VPNv4 peer.
[PE2-bgp-default] peer 4.4.4.9 as-number 600 [PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp-default] address-family vpnv4 [PE2-bgp-default-vpnv4] peer 4.4.4.9 enable [PE2-bgp-default-vpnv4] quit
# Redistribute direct routes to the VPN routing table of vpn1.
[PE2-bgp-default] peer 4.4.4.9 as-number 600 [PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp-default] address-family vpnv4 [PE2-bgp-default-vpnv4] peer 4.4.4.9 enable [PE2-bgp-default-vpnv4] quit
Verifying the configuration
# Use the following command on PE 1 to verify its connectivity to PE 2.
[PE1] ping -a 30.0.0.1 -vpn-instance vpn1 20.0.0.1 Ping 20.0.0.1 (20.0.0.1) from 30.0.0.1: 56 data bytes, press CTRL_C to break 56 bytes from 20.0.0.1: icmp_seq=0 ttl=255 time=1.208 ms 56 bytes from 20.0.0.1: icmp_seq=1 ttl=255 time=0.867 ms 56 bytes from 20.0.0.1: icmp_seq=2 ttl=255 time=0.551 ms 56 bytes from 20.0.0.1: icmp_seq=3 ttl=255 time=0.566 ms 56 bytes from 20.0.0.1: icmp_seq=4 ttl=255 time=0.570 ms --- Ping statistics for 20.0.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.551/0.752/1.208/0.257 ms