Configuring routing between a PE and a CE

You can configure static routing, RIP, OSPF, IS-IS, EBGP, or IBGP between a PE and a CE.

Configuring static routing between a PE and a CE

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Configure a static route for a VPN instance.

ip route-static vpn-instance s-vpn-instance-name dest-address { mask-length | mask } { interface-type interface-number [ next-hop-address ] |next-hop-address [ public ] [ track track-entry-number ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ permanent ] [ preference preference-value ] [ tag tag-value ] [ description description-text ]

By default, no static route is configured for a VPN instance.

Perform this configuration on the PE. On the CE, configure a common static route.

For more information about static routing, see Layer 3—IP Routing Configuration Guide.

Configuring RIP between a PE and a CE

A RIP process belongs to the public network or a single VPN instance. If you create a RIP process without binding it to a VPN instance, the process belongs to the public network.

To configure RIP between a PE and a CE:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create a RIP process for a VPN instance and enter RIP view.

rip [ process-id ] vpn-instance vpn-instance-name

Perform this configuration on the PE. On the CE, create a common RIP process.

3. Enable RIP on the interface attached to the specified network.

network network-address

By default, RIP is disabled on an interface.

Configuring OSPF between a PE and a CE

An OSPF process that is bound to a VPN instance does not use the public network router ID configured in system view. Therefore, you must specify a router ID when starting a process or configure an IP address for at least one interface of the VPN instance.

An OSPF process belongs to the public network or a single VPN instance. If you create an OSPF process without binding it to a VPN instance, the process belongs to the public network.

To configure OSPF between a PE and a CE:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create an OSPF process for a VPN instance and enter the OSPF view.

ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] *

Perform this configuration on the PE. On the CE, create a common OSPF process.

Deleting a VPN instance also deletes all related OSPF processes.

3. (Optional.) Configure an OSPF domain ID.

domain-id domain-id [ secondary ]

The default domain ID is 0.

Perform this configuration on the PE. On the CE, configure common OSPF.

The domain ID is carried in the routes of the OSPF process. When redistributing routes from the OSPF process, BGP adds the domain ID as an extended community attribute into BGP routes.

An OSPF process can be configured with only one domain ID. Domain IDs of different OSPF processes can be the same.

All OSPF processes of a VPN must be configured with the same domain ID.

4. (Optional.) Configure the type codes of OSPF extended community attributes.

ext-community-type { domain-id type-code1 | router-id type-code2 | route-type type-code3 }

The defaults are as follows:

  • 0x0005 for Domain ID.

  • 0x0107 for Router ID.

  • 0x0306 for Route Type.

Perform this configuration on the PE.

5. Create an OSPF area and enter area view.

area area-id

By default, no OSPF area is created.

6. Enable OSPF on the interface attached to the specified network in the area.

network ip-address wildcard-mask

By default, an interface neither belongs to any area nor runs OSPF.

Configuring IS-IS between a PE and a CE

An IS-IS process belongs to the public network or a single VPN instance. If you create an IS-IS process without binding it to a VPN instance, the process belongs to the public network.

To configure IS-IS between a PE and a CE:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create an IS-IS process for a VPN instance and enter IS-IS view.

isis [ process-id ] vpn-instance vpn-instance-name

Perform this configuration on the PE. On the CE, configure common IS-IS.

3. Configure a network entity title for the IS-IS process.

network-entity net

By default, no NET is configured.

4. Return to system view.

quit

N/A

5. Enter interface view.

interface interface-type interface-number

N/A

6. Enable the IS-IS process on the interface.

isis enable [ process-id ]

By default, no IS-IS process is enabled on the interface.

Configuring EBGP between a PE and a CE

  1. Configure the PE:

    Step

    Command

    Remarks

    1. Enter system view.

    system-view

    N/A

    2. Enable BGP and enter BGP view.

    bgp as-number

    N/A

    3. Enter BGP-VPN instance view.

    ip vpn-instance vpn-instance-name

    Configuration commands in BGP-VPN instance view are the same as those in BGP view. For details, see Layer 3—IP Routing Configuration Guide.

    4. Configure the CE as the VPN EBGP peer.

    peer { group-name | ip-address } as-number as-number

    By default, no BGP peer is configured.

    For more information about BGP peers and peer groups, see Layer 3—IP Routing Configuration Guide.

    5. Create the BGP-VPN IPv4 unicast family and enter its view.

    address-family ipv4 [ unicast ]

    By default, the BGP-VPN IPv4 unicast family is not created.

    6. Enable IPv4 unicast route exchange with the specified peer or peer group.

    peer { group-name | ip-address } enable

    By default, BGP does not exchange IPv4 unicast routes with any peer.

    7. Redistribute the routes of the local CE.

    import-route protocol [ { process-id | all-processes } [ med med-value | route-policy route-policy-name ] * ]

    A PE must redistribute the routes of the local CE into its VPN routing table so it can advertise them to the peer PE.

    8. (Optional.) Allow the local AS number to appear in the AS_PATH attribute of a received route, and set the maximum number of repetitions.

    peer { group-name | ip-address } allow-as-loop [ number ]

    By default, BGP discards incoming route updates that contain the local AS number.

    BGP detects routing loops by examining AS numbers. In a hub-spoke network where EBGP is running between a PE and a CE, the routing information the PE advertises to a CE carries the AS number of the PE. Therefore, the route updates that the PE receives from the CE also include the AS number of the PE. This causes the PE to be unable to receive the route updates. In this case, you must configure this command to allow routing loops.

  2. Configure the CE:

    Step

    Command

    Remarks

    1. Enter system view.

    system-view

    N/A

    2. Enter BGP view.

    bgp as-number

    N/A

    3. Configure the PE as a BGP peer.

    peer { group-name | ip-address } as-number as-number

    By default, no BGP peer is created.

    4. Create the BGP IPv4 unicast family and enter its view.

    address-family ipv4 [ unicast ]

    By default, the BGP IPv4 unicast family is not created.

    5. Enable IPv4 unicast route exchange with the specified peer or peer group.

    peer { group-name | ip-address } enable

    By default, BGP does not exchange IPv4 unicast routes with any peer.

    6. (Optional.) Configure route redistribution.

    import-route protocol [ { process-id | all-processes } [ med med-value | route-policy route-policy-name ] * ]

    A CE must redistribute its routes to the PE so the PE can advertise them to the peer CE.

Configuring IBGP between a PE and a CE

Use IBGP between PE and CE only in a basic MPLS L3VPN network. In networks such as Hub&Spoke, Extranet, inter-AS VPN, carrier's carrier, nested VPN, and HoVPN, you cannot use IBGP between PE and CE.

  1. Configure the PE:

    Step

    Command

    Remarks

    1. Enter system view.

    system-view

    N/A

    2. Enter BGP view.

    bgp as-number

    N/A

    3. Enter BGP-VPN instance view.

    ip vpn-instance vpn-instance-name

    Configuration commands in BGP-VPN instance view are the same as those in BGP view. For details, see Layer 3—IP Routing Configuration Guide.

    4. Configure the CE as the VPN IBGP peer.

    peer { group-name | ip-address } as-number as-number

    By default, no BGP peer is created.

    5. Create the BGP-VPN IPv4 unicast family and enter its view.

    address-family ipv4 [ unicast ]

    By default, the BGP-VPN IPv4 unicast family is not created.

    6. Enable IPv4 unicast route exchange with the specified peer.

    peer { group-name | ip-address } enable

    By default, BGP does not exchange IPv4 unicast routes with any peer.

    7. Configure the CE as a client of the RR.

    peer { group-name | ip-address } reflect-client

    By default, no RR or RR client is configured, and the PE does not advertise routes learned from the IBGP peer CE to other IBGP peers, including VPNv4 IBGP peers. The PE advertises routes learned from the CE to other IBGP peers only when you configure the IBGP peer CE as a client of the RR.

    Configuring an RR does not change the next hop of a route. To change the next hop of a route, configure an inbound policy on the receiving side.

    8. (Optional.) Enable route reflection between clients.

    reflect between-clients

    Route reflection between clients is enabled by default.

    9. (Optional.) Configure the cluster ID for the RR.

    reflector cluster-id { cluster-id | ip-address }

    By default, the RR uses its own router ID as the cluster ID.

    If multiple RRs exist in a cluster, use this command to configure the same cluster ID for all RRs in the cluster to avoid routing loops.

  2. Configure the CE:

    Step

    Command

    Remarks

    1. Enter system view.

    system-view

    N/A

    2. Enter BGP view.

    bgp as-number

    N/A

    3. Configure the PE as an IBGP peer.

    peer { group-name | ip-address } as-number as-number

    By default, no BGP peer is created.

    4. Create the BGP IPv4 unicast family and enter its view.

    address-family ipv4 [ unicast ]

    By default, the BGP IPv4 unicast family is not created.

    5. Enable IPv4 unicast route exchange with the specified peer or peer group.

    peer { group-name | ip-address } enable

    By default, BGP does not exchange IPv4 unicast routes with any peer.

    6. (Optional.) Configure route redistribution.

    import-route protocol [ { process-id | all-processes } [ med med-value | route-policy route-policy-name ] * ]

    A CE must redistribute its routes to the PE so the PE can advertise them to the peer CE.