Configuring MPLS L3VPN inter-AS option C
Network requirements
Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.
PE 1 and ASBR-PE 1 exchange labeled IPv4 routes through IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes through IBGP. PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.
ASBR-PE 1 and ASBR-PE 2 use routing policies and label the routes received from each other.
ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes.
Figure 76: Network diagram
Table 18: Interface and IP address assignment
Device | Interface | IP address | Device | Interface | IP address |
---|---|---|---|---|---|
PE 1 | Loop0 | 2.2.2.9/32 | PE 2 | Loop0 | 5.5.5.9/32 |
GE2/1/1 | 30.0.0.1/24 | GE2/1/1 | 20.0.0.1/24 | ||
S2/1/0 | 1.1.1.2/8 | S2/1/0 | 9.1.1.2/8 | ||
ASBR-PE 1 | Loop0 | 3.3.3.9/32 | ASBR-PE 2 | Loop0 | 4.4.4.9/32 |
S2/1/0 | 1.1.1.1/8 | S2/1/0 | 9.1.1.1/8 | ||
S2/1/1 | 11.0.0.2/8 | S2/1/1 | 11.0.0.1/8 | ||
CE 1 | GE2/1/1 | 30.0.0.2/24 | CE 2 | GE2/1/1 | 20.0.0.2/24 |
Configuration procedure
Configure CE 1:
# Configure an IP address for GigabitEthernet 2/1/1.
<CE1> system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 30.0.0.2 24 [CE1-GigabitEthernet2/1/1] quit
# Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.
[CE1] bgp 65001 [CE1-bgp-default] peer 30.0.0.1 as-number 100 [CE1-bgp-default] address-family ipv4 unicast [CE1-bgp-default-ipv4] peer 30.0.0.1 enable [CE1-bgp-default-ipv4] import-route direct [CE1-bgp-default-ipv4] quit [CE1-bgp-default] quit
Configure PE 1:
# Configure IS-IS on PE 1.
<PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.
[PE1] interface serial 2/1/0 [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.0 [PE1-Serial2/1/0] isis enable 1 [PE1-Serial2/1/0] mpls enable [PE1-Serial2/1/0] mpls ldp enable [PE1-Serial2/1/0] quit
# Configure interface Loopback 0, and start IS-IS on it.
[PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit
# Associate interface GigabitEthernet 2/1/1 with VPN instance vpn1, and specify the IP address for the interface.
[PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 30.0.0.1 24 [PE1-GigabitEthernet2/1/1] quit
# Start BGP on PE 1.
[PE1] bgp 100
# Enable the capability to advertise labeled routes to IBGP peer 3.3.3.9 and to receive labeled routes from the peer.
[PE1-bgp-default] peer 3.3.3.9 as-number 100 [PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp-default] address-family ipv4 unicast [PE1-bgp-default-ipv4] peer 3.3.3.9 enable [PE1-bgp-default-ipv4] peer 3.3.3.9 label-route-capability [PE1-bgp-default-ipv4] quit
# Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.
[PE1-bgp-default] peer 5.5.5.9 as-number 600 [PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0 [PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10
# Configure peer 5.5.5.9 as a VPNv4 peer.
[PE1-bgp-default] address-family vpnv4 [PE1-bgp-default-vpnv4] peer 5.5.5.9 enable [PE1-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE1-bgp-default] ip vpn-instance vpn1 [PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001 [PE1-bgp-default-vpn1] address-family ipv4 unicast [PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable [PE1-bgp-default-ipv4-vpn1] quit [PE1-bgp-default-vpn1] quit [PE1-bgp-default] quit
Configure ASBR-PE 1:
# Start IS-IS on ASBR-PE 1.
<ASBR-PE1> system-view [ASBR-PE1] isis 1 [ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00 [ASBR-PE1-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface serial 2/1/0 [ASBR-PE1-Serial2/1/0] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Serial2/1/0] isis enable 1 [ASBR-PE1-Serial2/1/0] mpls enable [ASBR-PE1-Serial2/1/0] mpls ldp enable [ASBR-PE1-Serial2/1/0] quit
# Configure interface Serial 2/1/1, and enable MPLS on it.
[ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/1] mpls enable [ASBR-PE1-Serial2/1/1] quit
# Configure interface Loopback 0, and start IS-IS on it.
[ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit
# Create routing policies.
[ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy-policy1-1] apply mpls-label [ASBR-PE1-route-policy-policy1-1] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy-policy2-1] if-match mpls-label [ASBR-PE1-route-policy-policy2-1] apply mpls-label [ASBR-PE1-route-policy-policy2-1] quit
# Start BGP on ASBR-PE 1, and apply the routing policy policy2 to routes advertised to IBGP peer 2.2.2.9.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100 [ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0 [ASBR-PE1-bgp-default] address-family ipv4 unicast [ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 route-policy policy2 export
# Enable the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled routes from the peer.
[ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 label-route-capability
# Redistribute routes from IS-IS process 1 to BGP.
[ASBR-PE1-bgp-default-ipv4] import-route isis 1 [ASBR-PE1-bgp-default-ipv4] quit
# Apply the routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.
[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600 [ASBR-PE1-bgp-default] address-family ipv4 unicast [ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable [ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export
# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive labeled routes from the peer.
[ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability [ASBR-PE1-bgp-default-ipv4] quit [ASBR-PE1-bgp-default] quit
Configure ASBR-PE 2:
# Enable IS-IS on ASBR-PE 2.
<ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00 [ASBR-PE2-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls ldp [ASBR-PE2-ldp] quit
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface serial 2/1/0 [ASBR-PE2-Serial2/1/0] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Serial2/1/0] isis enable 1 [ASBR-PE2-Serial2/1/0] mpls enable [ASBR-PE2-Serial2/1/0] mpls ldp enable [ASBR-PE2-Serial2/1/0] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit
# Configure interface Serial 2/1/1, and enable MPLS on the interface.
[ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit
# Create routing policies.
[ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy-policy1-1] apply mpls-label [ASBR-PE2-route-policy-policy1-1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy-policy2-1] if-match mpls-label [ASBR-PE2-route-policy-policy2-1] apply mpls-label [ASBR-PE2-route-policy-policy2-1] quit
# Enable BGP on ASBR-PE 2, and enable the capability to advertise labeled routes to IBGP peer 5.5.5.9 and to receive labeled routes from the peer.
[ASBR-PE2] bgp 600 [ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0 [ASBR-PE2-bgp-default] address-family ipv4 unicast [ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 enable [ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 label-route-capability
# Apply the routing policy policy2 to routes advertised to IBGP peer 5.5.5.9.
[ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 route-policy policy2 export
# Redistribute routes from IS-IS process 1.
[ASBR-PE2-bgp-default-ipv4] import-route isis 1 [ASBR-PE2-bgp-default-ipv4] quit
# Apply the routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.
[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp-default] address-family ipv4 unicast [ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable [ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export
# Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.
[ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp-default-ipv4] quit [ASBR-PE2-bgp-default] quit
Configure PE 2:
# Enable IS-IS on PE 2.
<PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.111.111.111.111.00 [PE2-isis-1] quit
# Configure the LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9 [PE2] mpls ldp [PE2-ldp] quit
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface serial 2/1/0 [PE2-Serial2/1/0] ip address 9.1.1.2 255.0.0.0 [PE2-Serial2/1/0] isis enable 1 [PE2-Serial2/1/0] mpls enable [PE2-Serial2/1/0] mpls ldp enable [PE2-Serial2/1/0] quit
# Configure the interface Loopback 0, and enable IS-IS on it.
[PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 11:11 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit
# Associate interface GigabitEthernet 2/1/1 with VPN instance vpn1, and specify the IP address for the interface.
[PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 20.0.0.1 24 [PE2-GigabitEthernet2/1/1] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Enable the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer.
[PE2-bgp-default] peer 4.4.4.9 as-number 600 [PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp-default] address-family ipv4 unicast [PE2-bgp-default-ipv4] peer 4.4.4.9 enable [PE2-bgp-default-ipv4] peer 4.4.4.9 label-route-capability [PE2-bgp-default-ipv4] quit
# Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.
[PE2-bgp-default] peer 2.2.2.9 as-number 100 [PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10
# Configure peer 2.2.2.9 as a VPNv4 peer.
[PE2-bgp-default] address-family vpnv4 [PE2-bgp-default-vpnv4] peer 2.2.2.9 enable [PE2-bgp-default-vpnv4] quit
# Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.
[PE2-bgp-default] ip vpn-instance vpn1 [PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002 [PE2-bgp-default-vpn1] address-family ipv4 unicast [PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable [PE2-bgp-default-ipv4-vpn1] quit [PE2-bgp-default-vpn1] quit [PE2-bgp-default] quit
Configure CE 2:
# Configure an IP address for GigabitEthernet 2/1/1.
<CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 20.0.0.2 24 [CE2-GigabitEthernet2/1/1] quit
# Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.
[CE2] bgp 65002 [CE2-bgp-default] peer 20.0.0.1 as-number 600 [CE2-bgp-default] address-family ipv4 unicast [CE2-bgp-default-ipv4] peer 20.0.0.1 enable [CE2-bgp-default-ipv4] import-route direct [CE2-bgp-default-ipv4] quit [CE2-bgp-default] quit
Verifying the configuration
# Execute the display ip routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)