Configuring MPLS L3VPN carrier's carrier
Network requirements
Configure carrier's carrier for the scenario shown in Figure 55. In this scenario:
PE 1 and PE 2 are the provider carrier's PE switches. They provide VPN services for the customer carrier.
CE 1 and CE 2 are the customer carrier's switches. They are connected to the provider carrier's backbone as CE switches.
PE 3 and PE 4 are the customer carrier's PE switches. They provide MPLS L3VPN services for the end customers.
CE 3 and CE 4 are customers of the customer carrier.
The key to carrier's carrier deployment is to configure exchange of two kinds of routes:
Exchange of the customer carrier's internal routes on the provider carrier's backbone.
Exchange of the end customers' VPN routes between PE 3 and PE 4, the PEs of the customer carrier. In this process, an MP-IBGP peer relationship must be established between PE 3 and PE 4.
Figure 55: Network diagram
Table 12: Interface and IP address assignment
Device | Interface | IP address | Device | Interface | IP address |
|---|---|---|---|---|---|
CE 3 | Vlan-int11 | 100.1.1.1/24 | CE 4 | Vlan-int11 | 120.1.1.1/24 |
PE 3 | Loop0 | 1.1.1.9/32 | PE 4 | Loop0 | 6.6.6.9/32 |
Vlan-int11 | 100.1.1.2/24 | Vlan-int11 | 120.1.1.2/24 | ||
Vlan-int12 | 10.1.1.1/24 | Vlan-int12 | 20.1.1.2/24 | ||
CE 1 | Loop0 | 2.2.2.9/32 | CE 2 | Loop0 | 5.5.5.9/32 |
Vlan-int12 | 10.1.1.2/24 | Vlan-int11 | 21.1.1.2/24 | ||
Vlan-int11 | 11.1.1.1/24 | Vlan-int12 | 20.1.1.1/24 | ||
PE 1 | Loop0 | 3.3.3.9/32 | PE 2 | Loop0 | 4.4.4.9/32 |
Vlan-int11 | 11.1.1.2/24 | Vlan-int12 | 30.1.1.2/24 | ||
Vlan-int12 | 30.1.1.1/24 | Vlan-int11 | 21.1.1.1/24 |
Configuration procedure
Configure MPLS L3VPN on the provider carrier backbone. Enable IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs:
# Configure PE 1.
<PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.3.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] mpls ldp transport-address interface [PE1-Vlan-interface12] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 4.4.4.9 enable [PE1-bgp-vpnv4] quit [PE1-bgp] quit
# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)
# Verify that an LDP session in Operational state has been established between PE 1 and PE 2. This example uses PE 1.
[PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State LAM Role GR MD5 KA Sent/Rcvd 4.4.4.9:0 Operational DU Active Off Off 8/8
# Verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2. This example uses PE 1.
[PE1] display bgp peer vpnv4 BGP local router ID: 3.3.3.9 Local AS number: 100 Total number of peers: 1 Peers in established state: 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 4.4.4.9 100 3 6 0 0 00:00:32 Established
# Verify that the IS-IS neighbor relationship has been established between PE 1 and PE 2. This example uses PE 1.
[PE1] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0005 Interface: Vlan-interface12 Circuit Id: 0000.0000.0005.02 State: Up HoldTime: 8s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0005 Interface: Vlan-interface12 Circuit Id: 0000.0000.0005.02 State: Up HoldTime: 8s Type: L2(L1L2) PRI: 64Configure the customer carrier network. Enable IS-IS as the IGP and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2:
# Configure PE 3.
<PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp [PE3-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface vlan-interface 12 [PE3-Vlan-interface12] ip address 10.1.1.1 24 [PE3-Vlan-interface12] isis enable 2 [PE3-Vlan-interface12] mpls enable [PE3-Vlan-interface12] mpls ldp enable [PE3-Vlan-interface12] mpls ldp transport-address interface [PE3-Vlan-interface12] quit
# Configure CE 1.
<CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls ldp [CE1-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.1.1.2 24 [CE1-Vlan-interface12] isis enable 2 [CE1-Vlan-interface12] mpls enable [CE1-Vlan-interface12] mpls ldp enable [CE1-Vlan-interface12] mpls ldp transport-address interface [CE1-Vlan-interface12] quit
PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.
# Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.)
Perform configurations to allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp [PE1-ldp] vpn-instance vpn1 [PE1-ldp-vpn-instance-vpn1] quit [PE1-ldp] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp [PE1-isis-2] quit [PE1] interface vlan-interface11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 11.1.1.2 24 [PE1-Vlan-interface11] isis enable 2 [PE1-Vlan-interface11] mpls enable [PE1-Vlan-interface11] mpls ldp enable [PE1-Vlan-interface11] mpls ldp transport-address interface [PE1-Vlan-interface11] quit [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] import isis 2 [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit
# Configure CE 1.
[CE1] interface vlan-interface11 [CE1-Vlan-interface11] ip address 11.1.1.1 24 [CE1-Vlan-interface11] isis enable 2 [CE1-Vlan-interface11] mpls enable [CE1-Vlan-interface11] mpls ldp enable [CE1-Vlan-interface11] mpls ldp transport-address interface [CE1-Vlan-interface11] quit
PE 1 and CE 1 can establish an LDP session and an IS-IS neighbor relationship between them.
# Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.)
Perform configuration to connect the CEs of the end customers to the PEs of the customer carrier:
# Configure CE 3.
<CE3> system-view [CE3] interface vlan-interface11 [CE3-Vlan-interface11] ip address 100.1.1.1 24 [CE3-Vlan-interface11] quit [CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 100.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit
# Configure PE 3.
[PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface Vlan-interface11 [PE3-Vlan-interface11] ip binding vpn-instance vpn1 [PE3-Vlan-interface11] ip address 100.1.1.2 24 [PE3-Vlan-interface11] quit [PE3] bgp 100 [PE3-bgp] ip vpn-instance vpn1 [PE3-bgp-vpn1] peer 100.1.1.1 as-number 65410 [PE3-bgp-vpn1] address-family ipv4 unicast [PE3-bgp-ipv4-vpn1] peer 100.1.1.1 enable [PE3-bgp-ipv4-vpn1] import-route direct [PE3-bgp-ipv4-vpn1] quit [PE3-bgp-vpn1] quit [PE3-bgp] quit
# Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.)
Configure MP-IBGP peer relationship between the PEs of the customer carrier to exchange the end customers' VPN routes:
# Configure PE 3.
[PE3] bgp 100 [PE3-bgp] peer 6.6.6.9 as-number 100 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 0 [PE3-bgp] address-family vpnv4 [PE3-bgp-vpnv4] peer 6.6.6.9 enable [PE3-bgp-vpnv4] quit [PE3-bgp] quit
# Configure PE 4 in the same way that PE 3 is configured. (Details not shown.)
Verifying the configuration
# Execute the display ip routing-table command on PE 1 and PE 2. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2. This example uses PE 1.
[PE1] display ip routing-table
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0
4.4.4.9/32 ISIS 15 10 30.1.1.2 Vlan12
30.1.1.0/24 Direct 0 0 30.1.1.1 Vlan12
30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
30.1.1.2/32 Direct 0 0 30.1.1.2 Vlan12
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
# Execute the display ip routing-table vpn-instance command on PE 1 and PE 2. The output shows that the internal routes of the customer carrier network are present in the VPN routing tables, but the VPN routes that the customer carrier maintains are not. This example uses PE 1.
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 ISIS 15 20 11.1.1.1 Vlan11
2.2.2.9/32 ISIS 15 10 11.1.1.1 Vlan11
5.5.5.9/32 BGP 255 0 4.4.4.9 NULL0
6.6.6.9/32 BGP 255 0 4.4.4.9 NULL0
10.1.1.0/24 ISIS 15 20 11.1.1.1 Vlan11
11.1.1.0/24 Direct 0 0 11.1.1.1 Vlan11
11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.2/32 Direct 0 0 11.1.1.2 Vlan11
20.1.1.0/24 BGP 255 0 4.4.4.9 NULL0
21.1.1.0/24 BGP 255 0 4.4.4.9 NULL0
21.1.1.2/32 BGP 255 0 4.4.4.9 NULL0
# Execute the display ip routing-table command on CE 1 and CE 2. The output shows that the internal routes of the customer carrier network are present in the public network routing tables, but the VPN routes that the customer carrier maintains are not. This example uses CE 1.
[CE1] display ip routing-table
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 ISIS 15 10 10.1.1.2 Vlan12
2.2.2.9/32 Direct 0 0 127.0.0.1 InLoop0
5.5.5.9/32 ISIS 15 74 11.1.1.2 Vlan11
6.6.6.9/32 ISIS 15 74 11.1.1.2 Vlan11
10.1.1.0/24 Direct 0 0 10.1.1.2 Vlan12
10.1.1.1/32 Direct 0 0 10.1.1.1 Vlan12
10.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 Direct 0 0 11.1.1.1 Vlan11
11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.2/32 Direct 0 0 11.1.1.2 Vlan11
20.1.1.0/24 ISIS 15 74 11.1.1.2 Vlan11
21.1.1.0/24 ISIS 15 74 11.1.1.2 Vlan11
21.1.1.2/32 ISIS 15 74 11.1.1.2 Vlan11
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
# Execute the display ip routing-table command on PE 3 and PE 4. The output shows that the internal routes of the customer carrier network are present in the public network routing tables. This example uses PE 3.
[PE3] display ip routing-table
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.9/32 ISIS 15 10 10.1.1.2 Vlan12
5.5.5.9/32 ISIS 15 84 10.1.1.2 Vlan12
6.6.6.9/32 ISIS 15 84 10.1.1.2 Vlan12
10.1.1.0/24 Direct 0 0 10.1.1.1 Vlan12
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.2/32 Direct 0 0 10.1.1.2 Vlan12
11.1.1.0/24 ISIS 15 20 10.1.1.2 Vlan12
20.1.1.0/24 ISIS 15 84 10.1.1.2 Vlan12
21.1.1.0/24 ISIS 15 84 10.1.1.2 Vlan12
21.1.1.2/32 ISIS 15 84 10.1.1.2 Vlan12
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
# Execute the display ip routing-table vpn-instance command on PE 3 and PE 4. The output shows that the routes of the remote VPN customers are present in the VPN routing tables. This example uses PE 3.
[PE3] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 Direct 0 0 100.1.1.2 Vlan11
100.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
120.1.1.0/24 BGP 255 0 6.6.6.9 NULL0
# Verify that PE 3 and PE 4 can ping each other. (Details not shown.)
# Verify that CE 3 and CE 4 can ping each other. (Details not shown.)