[x]

IPv6 MPLS L3VPN configuration examples > Configuring multirole host

 

 Next

Configuring multirole host

Network requirements

Configure the multirole host feature to allow Host A to access VPN 1 and VPN 2 and Host B to access only VPN 1.

Figure 96: Network diagram

Configuration procedure

  1. Configure CE 1:

    # Configure IPv6 addresses for interfaces.

    <CE1> system-view
[CE1] interface gigabitethernet 2/1/1
[CE1-GigabitEthernet2/1/1] ipv6 address 100::1 64
[CE1-GigabitEthernet2/1/1] quit
[CE1] interface serial 2/1/0
[CE1-Serial2/1/0] ipv6 address 1::2 64
[CE1-Serial2/1/0] quit

    # Configure an IPv6 default route to PE 1.

    [CE1] ipv6 route-static :: 0 1::1

  2. Configure PE 1:

    # Create VPN instances vpn1 and vpn2 for VPN 1 and VPN 2, respectively, and configure different RDs and route targets for the VPN instances.

    <PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 100:2 both
[PE1-vpn-instance-vpn2] quit

    # Associate VPN instance vpn1 with Serial 2/1/1 (the interface connected to CE 1).

    [PE1] interface serial 2/1/1
[PE1-Serial2/1/1] ip binding vpn-instance vpn1
[PE1-Serial2/1/1] ipv6 address 1::1 64
[PE1-Serial2/1/1] quit

    # Configure an IPv6 static route for VPN 2 to reach Host A and redistribute the route to BGP. This configuration ensures that packets from VPN 2 to Host A can be forwarded through the correct route in the routing table of VPN instance vpn1.

    [PE1] ipv6 route-static vpn-instance vpn2 100:: 64 vpn-instance vpn1 1::2
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn2
[PE1-bgp-default-vpn2] address-family ipv6
[PE1-bgp-default-ipv6-vpn2] import-route static
[PE1-bgp-default-ipv6-vpn2] quit
[PE1-bgp-default-vpn2] quit
[PE1-bgp-default] quit

    # Configure PBR to route packets from Host A according to the routing tables of both VPN instances vpn1 and vpn2.

    [PE1] acl ipv6 advanced 3001
[PE1-acl-ipv6-adv-3001] rule 0 permit ipv6 vpn-instance vpn1 source 100::2 128
[PE1-acl-ipv6-adv-3001] quit
[PE1] ipv6 policy-based-route policy1 permit node 10
[PE1-policy-based-route] if-match acl 3001
[PE1-policy-based-route] apply access-vpn vpn-instance vpn1 vpn2
[PE1-policy-based-route] quit

    # Apply policy policy1 to Serial 2/1/1.

    [PE1] interface serial 2/1/1
[PE1-Serial2/1/1] ipv6 policy-based-route policy1

  3. Configure basic IPv6 MPLS L3VPN. (Details not shown.)

Verifying the configuration

# Verify that Host A can ping Host C, and that Host B cannot ping Host C. (Details not shown.)

prev

 

up

 next

Configuring IPv6 MPLS L3VPN carrier's carrier in the same AS 

home

 Configuring an OSPFv3 sham link

© Copyright 2017 Hewlett Packard Enterprise Development LP