Configuring IPv6 MPLS L3VPNs
Network requirements
CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2.
VPN 1 uses route target attributes 111:1. VPN 2 uses route target attributes 222:2. Users of different VPNs cannot access each other.
Run EBGP between CEs and PEs to exchange VPN routing information.
PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.
Figure 90: Network diagram
Table 29: Interface and IP address assignment
Device | Interface | IP address | Device | Interface | IP address | ||||
|---|---|---|---|---|---|---|---|---|---|
CE 1 | GE2/1/1 | 2001:1::1/96 | P | Loop0 | 2.2.2.9/32 | ||||
PE 1 | Loop0 | 1.1.1.9/32 | POS2/1/0 | 172.1.1.2/24 | |||||
GE2/1/1 | 2001:1::2/96 | POS2/1/1 | 172.2.1.1/24 | ||||||
GE2/1/2 | 2001:2::2/96 | PE 2 | Loop0 | 3.3.3.9/32 | |||||
POS2/1/0 | 172.1.1.1/24 | GE2/1/1 | 2001:3::2/96 | ||||||
CE 2 | GE2/1/1 | 2001:2::1/96 | GE2/1/2 | 2001:4::2/96 | |||||
CE 3 | GE2/1/1 | 2001:3::1/96 | POS2/1/0 | 172.2.1.2/24 | |||||
CE 4 | GE2/1/1 | 2001:4::1/96 | |||||||
Configuration procedure
Configure OSPF on the MPLS backbone to ensure IP connectivity among the PEs and the P router:
# Configure PE 1.
<PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface pos 2/1/0 [PE1-Pos2/1/0] ip address 172.1.1.1 24 [PE1-Pos2/1/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure the P router.
<P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos 2/1/0 [P-Pos2/1/0] ip address 172.1.1.2 24 [P-Pos2/1/0] quit [P] interface pos 2/1/1 [P-Pos2/1/1] ip address 172.2.1.1 24 [P-Pos2/1/1] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE 2.
<PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.3.3.9 32 [PE2-LoopBack0] quit [PE2] interface pos 2/1/0 [PE2-Pos2/1/0] ip address 172.2.1.2 24 [PE2-Pos2/1/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
# Execute the display ospf peer command to verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. Execute the display ip routing-table command to verify that the PEs have learned the routes to the loopback interfaces of each other. (Details not shown.)
Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 2/1/0 [PE1-Pos2/1/0] mpls enable [PE1-Pos2/1/0] mpls ldp enable [PE1-Pos2/1/0] quit
# Configure the P router.
[P] mpls lsr-id 2.2.2.9 [P] mpls ldp [P-ldp] quit [P] interface pos 2/1/0 [P-Pos2/1/0] mpls enable [P-Pos2/1/0] mpls ldp enable [P-Pos2/1/0] quit [P] interface pos 2/1/1 [P-Pos2/1/1] mpls enable [P-Pos2/1/1] mpls ldp enable [P-Pos2/1/1] quit
# Configure PE 2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls ldp [PE2-ldp] quit [PE2] interface pos 2/1/0 [PE2-Pos2/1/0] mpls enable [PE2-Pos2/1/0] mpls ldp enable [PE2-Pos2/1/0] quit
# Execute the display mpls ldp peer command to verify that LDP sessions in Operational state have been established between PE 1, P, and PE 2. Execute the display mpls ldp lsp command to verify that the LSPs have been established by LDP. (Details not shown.)
Configure IPv6 VPN instances on the PEs to allow CE access:
# Configure PE 1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/1/2] ipv6 address 2001:2::2 96 [PE1-GigabitEthernet2/1/2] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ipv6 address 2001:3::2 96 [PE2-GigabitEthernet2/1/1] quit [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet2/1/2] ipv6 address 2001:4::2 96 [PE2-GigabitEthernet2/1/2] quit
# Configure IP addresses for the CEs according to Figure 90. (Details not shown.)
# Execute the display ip vpn-instance command on the PEs to display information about the VPN instances, for example, on PE 1.
[PE1] display ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpn1 100:1 2012/02/13 12:49:08 vpn2 100:2 2012/02/13 12:49:20
# Use the ping command on the PEs to verify that the PEs can ping their attached CEs, for example, on PE 1.
[PE1] ping ipv6 -vpn-instance vpn1 2001:1::1 Ping6(56 bytes) 2001:1::2 --> 2001:1::1, press CTRL_C to break 56 bytes from 2001:1::1, icmp_seq=0 hlim=64 time=9.000 ms 56 bytes from 2001:1::1, icmp_seq=1 hlim=64 time=1.000 ms 56 bytes from 2001:1::1, icmp_seq=2 hlim=64 time=0.000 ms 56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=0.000 ms 56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms --- Ping6 statistics for 2001:1::1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/2.000/9.000/3.521 ms
Establish EBGP peer relationships between the PEs and CEs to allow them to exchange VPN routes:
# Configure CE 1.
<CE1> system-view [CE1] bgp 65410 [CE1-bgp-default] peer 2001:1::2 as-number 100 [CE1-bgp-default] address-family ipv6 unicast [CE1-bgp-default-ipv6] peer 2001:1::2 enable [CE1-bgp-default-ipv6] import-route direct [CE1-bgp-default-ipv6] quit [CE1-bgp-default] quit
# Configure the other CEs (CE 2 through CE 4) in the same way that CE 1 is configured. (Details not shown.)
# Configure PE 1.
[PE1] bgp 100 [PE1-bgp-default] ip vpn-instance vpn1 [PE1-bgp-default-vpn1] peer 2001:1::1 as-number 65410 [PE1-bgp-default-vpn1] address-family ipv6 unicast [PE1-bgp-default-ipv6-vpn1] peer 2001:1::1 enable [PE1-bgp-default-ipv6-vpn1] quit [PE1-bgp-default-vpn1] quit [PE1-bgp-default] ip vpn-instance vpn2 [PE1-bgp-default-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-default-vpn2] address-family ipv6 unicast [PE1-bgp-default-ipv6-vpn2] peer 2001:2::1 enable [PE1-bgp-default-ipv6-vpn2] quit [PE1-bgp-default-vpn2] quit [PE1-bgp-default] quit
# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)
# Execute the display bgp peer ipv6 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)
Configure an MP-IBGP peer relationship between the PEs:
# Configure PE 1.
[PE1] bgp 100 [PE1-bgp-default] peer 3.3.3.9 as-number 100 [PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp-default] address-family vpnv6 [PE1-bgp-default-vpnv6] peer 3.3.3.9 enable [PE1-bgp-default-vpnv6] quit [PE1-bgp-default] quit
# Configure PE 2.
[PE2] bgp 100 [PE2-bgp-default] peer 1.1.1.9 as-number 100 [PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp-default] address-family vpnv6 [PE2-bgp-default-vpnv6] peer 1.1.1.9 enable [PE2-bgp-default-vpnv6] quit [PE2-bgp-default] quit
# Execute the display bgp peer vpnv6 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)
Verifying the configuration
# Execute the display ipv6 routing-table vpn-instance command on the PEs.
[PE1] display ipv6 routing-table vpn-instance vpn1 Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:1::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/1 Cost : 0 Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:3::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.9 Preference: 255 Interface : POS2/1/0 Cost : 0 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 [PE1] display ipv6 routing-table vpn-instance vpn2 Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:2::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/2 Cost : 0 Destination: 2001:2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:4::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.9 Preference: 255 Interface : POS2/1/0 Cost : 0 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0
The output shows that PE 1 has routes to the remote CEs. Output on PE 2 is similar.
# Verify that CEs of the same VPN can ping each other, whereas those of different VPNs cannot. For example, CE 1 can ping CE 3 (2001:3::1), but cannot ping CE 4 (2001:4::1). (Details not shown.)