Configuring MPLS L3VPN inter-AS option C

Network requirements

Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS.

PE 1 and ASBR-PE 1 exchange labeled IPv4 routes through IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes through IBGP. PE 1 and PE 2 are MP-EBGP peers and exchange VPNv4 routes.

ASBR-PE 1 and ASBR-PE 2 use routing policies and label the routes received from each other.

ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes.

Figure 76: Network diagram

Table 18: Interface and IP address assignment

Device

Interface

IP address

Device

Interface

IP address

PE 1

Loop0

2.2.2.9/32

PE 2

Loop0

5.5.5.9/32

GE2/1/1

30.0.0.1/24

GE2/1/1

20.0.0.1/24

S2/1/0

1.1.1.2/8

S2/1/0

9.1.1.2/8

ASBR-PE 1

Loop0

3.3.3.9/32

ASBR-PE 2

Loop0

4.4.4.9/32

S2/1/0

1.1.1.1/8

S2/1/0

9.1.1.1/8

S2/1/1

11.0.0.2/8

S2/1/1

11.0.0.1/8

CE 1

GE2/1/1

30.0.0.2/24

CE 2

GE2/1/1

20.0.0.2/24

Configuration procedure

  1. Configure CE 1:

    # Configure an IP address for GigabitEthernet 2/1/1.

    <CE1> system-view
    [CE1] interface gigabitethernet 2/1/1
    [CE1-GigabitEthernet2/1/1] ip address 30.0.0.2 24
    [CE1-GigabitEthernet2/1/1] quit
    

    # Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.

    [CE1] bgp 65001
    [CE1-bgp-default] peer 30.0.0.1 as-number 100
    [CE1-bgp-default] address-family ipv4 unicast
    [CE1-bgp-default-ipv4] peer 30.0.0.1 enable
    [CE1-bgp-default-ipv4] import-route direct
    [CE1-bgp-default-ipv4] quit
    [CE1-bgp-default] quit
    
  2. Configure PE 1:

    # Configure IS-IS on PE 1.

    <PE1> system-view
    [PE1] isis 1
    [PE1-isis-1] network-entity 10.111.111.111.111.00
    [PE1-isis-1] quit
    

    # Configure LSR ID, and enable MPLS and LDP.

    [PE1] mpls lsr-id 2.2.2.9
    [PE1] mpls ldp
    [PE1-ldp] quit
    

    # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.

    [PE1] interface serial 2/1/0
    [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.0
    [PE1-Serial2/1/0] isis enable 1
    [PE1-Serial2/1/0] mpls enable
    [PE1-Serial2/1/0] mpls ldp enable
    [PE1-Serial2/1/0] quit
    

    # Configure interface Loopback 0, and start IS-IS on it.

    [PE1] interface loopback 0
    [PE1-LoopBack0] ip address 2.2.2.9 32
    [PE1-LoopBack0] isis enable 1
    [PE1-LoopBack0] quit
    

    # Create VPN instance vpn1, and configure the RD and route target attributes.

    [PE1] ip vpn-instance vpn1
    [PE1-vpn-instance-vpn1] route-distinguisher 11:11
    [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
    [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
    [PE1-vpn-instance-vpn1] quit
    

    # Associate interface GigabitEthernet 2/1/1 with VPN instance vpn1, and specify the IP address for the interface.

    [PE1] interface gigabitethernet 2/1/1
    [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1
    [PE1-GigabitEthernet2/1/1] ip address 30.0.0.1 24
    [PE1-GigabitEthernet2/1/1] quit
    

    # Start BGP on PE 1.

    [PE1] bgp 100
    

    # Enable the capability to advertise labeled routes to IBGP peer 3.3.3.9 and to receive labeled routes from the peer.

    [PE1-bgp-default] peer 3.3.3.9 as-number 100
    [PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
    [PE1-bgp-default] address-family ipv4 unicast
    [PE1-bgp-default-ipv4] peer 3.3.3.9 enable
    [PE1-bgp-default-ipv4] peer 3.3.3.9 label-route-capability
    [PE1-bgp-default-ipv4] quit
    

    # Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.

    [PE1-bgp-default] peer 5.5.5.9 as-number 600
    [PE1-bgp-default] peer 5.5.5.9 connect-interface loopback 0
    [PE1-bgp-default] peer 5.5.5.9 ebgp-max-hop 10
    

    # Configure peer 5.5.5.9 as a VPNv4 peer.

    [PE1-bgp-default] address-family vpnv4
    [PE1-bgp-default-vpnv4] peer 5.5.5.9 enable
    [PE1-bgp-default-vpnv4] quit
    

    # Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1.

    [PE1-bgp-default] ip vpn-instance vpn1
    [PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001
    [PE1-bgp-default-vpn1] address-family ipv4 unicast
    [PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable
    [PE1-bgp-default-ipv4-vpn1] quit
    [PE1-bgp-default-vpn1] quit
    [PE1-bgp-default] quit
    
  3. Configure ASBR-PE 1:

    # Start IS-IS on ASBR-PE 1.

    <ASBR-PE1> system-view
    [ASBR-PE1] isis 1
    [ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00
    [ASBR-PE1-isis-1] quit
    

    # Configure the LSR ID, and enable MPLS and LDP.

    [ASBR-PE1] mpls lsr-id 3.3.3.9
    [ASBR-PE1] mpls ldp
    [ASBR-PE1-ldp] quit
    

    # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.

    [ASBR-PE1] interface serial 2/1/0
    [ASBR-PE1-Serial2/1/0] ip address 1.1.1.1 255.0.0.0
    [ASBR-PE1-Serial2/1/0] isis enable 1
    [ASBR-PE1-Serial2/1/0] mpls enable
    [ASBR-PE1-Serial2/1/0] mpls ldp enable
    [ASBR-PE1-Serial2/1/0] quit
    

    # Configure interface Serial 2/1/1, and enable MPLS on it.

    [ASBR-PE1] interface serial 2/1/1
    [ASBR-PE1-Serial2/1/1] ip address 11.0.0.2 255.0.0.0
    [ASBR-PE1-Serial2/1/1] mpls enable
    [ASBR-PE1-Serial2/1/1] quit
    

    # Configure interface Loopback 0, and start IS-IS on it.

    [ASBR-PE1] interface loopback 0
    [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
    [ASBR-PE1-LoopBack0] isis enable 1
    [ASBR-PE1-LoopBack0] quit
    

    # Create routing policies.

    [ASBR-PE1] route-policy policy1 permit node 1
    [ASBR-PE1-route-policy-policy1-1] apply mpls-label
    [ASBR-PE1-route-policy-policy1-1] quit
    [ASBR-PE1] route-policy policy2 permit node 1
    [ASBR-PE1-route-policy-policy2-1] if-match mpls-label
    [ASBR-PE1-route-policy-policy2-1] apply mpls-label
    [ASBR-PE1-route-policy-policy2-1] quit
    

    # Start BGP on ASBR-PE 1, and apply the routing policy policy2 to routes advertised to IBGP peer 2.2.2.9.

    [ASBR-PE1] bgp 100
    [ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100
    [ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
    [ASBR-PE1-bgp-default] address-family ipv4 unicast
    [ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 enable
    [ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 route-policy policy2 export
    

    # Enable the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled routes from the peer.

    [ASBR-PE1-bgp-default-ipv4] peer 2.2.2.9 label-route-capability
    

    # Redistribute routes from IS-IS process 1 to BGP.

    [ASBR-PE1-bgp-default-ipv4] import-route isis 1
    [ASBR-PE1-bgp-default-ipv4] quit
    

    # Apply the routing policy policy1 to routes advertised to EBGP peer 11.0.0.1.

    [ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
    [ASBR-PE1-bgp-default] address-family ipv4 unicast
    [ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 enable
    [ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 route-policy policy1 export
    

    # Enable the capability to advertise labeled routes to EBGP peer 11.0.0.1 and to receive labeled routes from the peer.

    [ASBR-PE1-bgp-default-ipv4] peer 11.0.0.1 label-route-capability
    [ASBR-PE1-bgp-default-ipv4] quit
    [ASBR-PE1-bgp-default] quit
    
  4. Configure ASBR-PE 2:

    # Enable IS-IS on ASBR-PE 2.

    <ASBR-PE2> system-view
    [ASBR-PE2] isis 1
    [ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00
    [ASBR-PE2-isis-1] quit
    

    # Configure the LSR ID, and enable MPLS and LDP.

    [ASBR-PE2] mpls lsr-id 4.4.4.9
    [ASBR-PE2] mpls ldp
    [ASBR-PE2-ldp] quit
    

    # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.

    [ASBR-PE2] interface serial 2/1/0
    [ASBR-PE2-Serial2/1/0] ip address 9.1.1.1 255.0.0.0
    [ASBR-PE2-Serial2/1/0] isis enable 1
    [ASBR-PE2-Serial2/1/0] mpls enable
    [ASBR-PE2-Serial2/1/0] mpls ldp enable
    [ASBR-PE2-Serial2/1/0] quit
    

    # Configure interface Loopback 0, and enable IS-IS on it.

    [ASBR-PE2] interface loopback 0
    [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
    [ASBR-PE2-LoopBack0] isis enable 1
    [ASBR-PE2-LoopBack0] quit
    

    # Configure interface Serial 2/1/1, and enable MPLS on the interface.

    [ASBR-PE2] interface serial 2/1/1
    [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0
    [ASBR-PE2-Serial2/1/1] mpls enable
    [ASBR-PE2-Serial2/1/1] quit
    

    # Create routing policies.

    [ASBR-PE2] route-policy policy1 permit node 1
    [ASBR-PE2-route-policy-policy1-1] apply mpls-label
    [ASBR-PE2-route-policy-policy1-1] quit
    [ASBR-PE2] route-policy policy2 permit node 1
    [ASBR-PE2-route-policy-policy2-1] if-match mpls-label
    [ASBR-PE2-route-policy-policy2-1] apply mpls-label
    [ASBR-PE2-route-policy-policy2-1] quit
    

    # Enable BGP on ASBR-PE 2, and enable the capability to advertise labeled routes to IBGP peer 5.5.5.9 and to receive labeled routes from the peer.

    [ASBR-PE2] bgp 600
    [ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600
    [ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0
    [ASBR-PE2-bgp-default] address-family ipv4 unicast
    [ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 enable
    [ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 label-route-capability
    

    # Apply the routing policy policy2 to routes advertised to IBGP peer 5.5.5.9.

    [ASBR-PE2-bgp-default-ipv4] peer 5.5.5.9 route-policy policy2 export
    

    # Redistribute routes from IS-IS process 1.

    [ASBR-PE2-bgp-default-ipv4] import-route isis 1
    [ASBR-PE2-bgp-default-ipv4] quit
    

    # Apply the routing policy policy1 to routes advertised to EBGP peer 11.0.0.2.

    [ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
    [ASBR-PE2-bgp-default] address-family ipv4 unicast
    [ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 enable
    [ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 route-policy policy1 export
    

    # Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.

    [ASBR-PE2-bgp-default-ipv4] peer 11.0.0.2 label-route-capability
    [ASBR-PE2-bgp-default-ipv4] quit 
    [ASBR-PE2-bgp-default] quit
    
  5. Configure PE 2:

    # Enable IS-IS on PE 2.

    <PE2> system-view
    [PE2] isis 1
    [PE2-isis-1] network-entity 10.111.111.111.111.00
    [PE2-isis-1] quit
    

    # Configure the LSR ID, and enable MPLS and LDP.

    [PE2] mpls lsr-id 5.5.5.9
    [PE2] mpls ldp
    [PE2-ldp] quit
    

    # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface.

    [PE2] interface serial 2/1/0
    [PE2-Serial2/1/0] ip address 9.1.1.2 255.0.0.0
    [PE2-Serial2/1/0] isis enable 1
    [PE2-Serial2/1/0] mpls enable
    [PE2-Serial2/1/0] mpls ldp enable
    [PE2-Serial2/1/0] quit
    

    # Configure the interface Loopback 0, and enable IS-IS on it.

    [PE2] interface loopback 0
    [PE2-LoopBack0] ip address 5.5.5.9 32
    [PE2-LoopBack0] isis enable 1
    [PE2-LoopBack0] quit
    

    # Create VPN instance vpn1, and configure the RD and route target attributes.

    [PE2] ip vpn-instance vpn1
    [PE2-vpn-instance-vpn1] route-distinguisher 11:11
    [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
    [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
    [PE2-vpn-instance-vpn1] quit
    

    # Associate interface GigabitEthernet 2/1/1 with VPN instance vpn1, and specify the IP address for the interface.

    [PE2] interface gigabitethernet 2/1/1
    [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1
    [PE2-GigabitEthernet2/1/1] ip address 20.0.0.1 24
    [PE2-GigabitEthernet2/1/1] quit
    

    # Enable BGP on PE 2.

    [PE2] bgp 600
    

    # Enable the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer.

    [PE2-bgp-default] peer 4.4.4.9 as-number 600
    [PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
    [PE2-bgp-default] address-family ipv4 unicast
    [PE2-bgp-default-ipv4] peer 4.4.4.9 enable
    [PE2-bgp-default-ipv4] peer 4.4.4.9 label-route-capability
    [PE2-bgp-default-ipv4] quit
    

    # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.

    [PE2-bgp-default] peer 2.2.2.9 as-number 100
    [PE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0
    [PE2-bgp-default] peer 2.2.2.9 ebgp-max-hop 10
    

    # Configure peer 2.2.2.9 as a VPNv4 peer.

    [PE2-bgp-default] address-family vpnv4
    [PE2-bgp-default-vpnv4] peer 2.2.2.9 enable
    [PE2-bgp-default-vpnv4] quit
    

    # Establish an EBGP peer relationship with CE 2, and add the learned BGP routes to the routing table of VPN instance vpn1.

    [PE2-bgp-default] ip vpn-instance vpn1
    [PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002
    [PE2-bgp-default-vpn1] address-family ipv4 unicast
    [PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable
    [PE2-bgp-default-ipv4-vpn1] quit
    [PE2-bgp-default-vpn1] quit
    [PE2-bgp-default] quit
    
  6. Configure CE 2:

    # Configure an IP address for GigabitEthernet 2/1/1.

    <CE2> system-view
    [CE2] interface gigabitethernet 2/1/1
    [CE2-GigabitEthernet2/1/1] ip address 20.0.0.2 24
    [CE2-GigabitEthernet2/1/1] quit
    

    # Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.

    [CE2] bgp 65002
    [CE2-bgp-default] peer 20.0.0.1 as-number 600
    [CE2-bgp-default] address-family ipv4 unicast
    [CE2-bgp-default-ipv4] peer 20.0.0.1 enable
    [CE2-bgp-default-ipv4] import-route direct
    [CE2-bgp-default-ipv4] quit
    [CE2-bgp-default] quit
    

Verifying the configuration

# Execute the display ip routing table command on CE 1 and CE 2 to verify that CE 1 and CE 2 have a route to each other. Verify that CE 1 and CE 2 can ping each other. (Details not shown.)