Configuring HoVPN

Network requirements

There are two levels of networks, the backbone and the MPLS VPN networks, as shown in Figure 57.

Figure 57: Network diagram

Table 14: Interface and IP address assignment

Device

Interface

IP address

Device

Interface

IP address

CE 1

Vlan-int12

10.2.1.1/24

CE 3

Vlan-int12

10.1.1.1/24

CE 2

Vlan-int13

10.4.1.1/24

CE 4

Vlan-int13

10.3.1.1/24

UPE 1

Loop0

1.1.1.9/32

UPE 2

Loop0

4.4.4.9/32

Vlan-int11

172.1.1.1/24

Vlan-int11

172.2.1.1/24

Vlan-int12

10.2.1.2/24

Vlan-int12

10.1.1.2/24

Vlan-int13

10.4.1.2/24

Vlan-int13

10.3.1.2/24

SPE 1

Loop0

2.2.2.9/32

SPE 2

Loop0

3.3.3.9/32

Vlan-int11

172.1.1.2/24

Vlan-int11

172.2.1.2/24

Vlan-int12

180.1.1.1/24

Vlan-int12

180.1.1.2/24

Configuration procedure

  1. Configure UPE 1:

    # Configure basic MPLS and MPLS LDP to establish LDP LSPs.

    <UPE1> system-view
    [UPE1] interface loopback 0
    [UPE1-LoopBack0] ip address 1.1.1.9 32
    [UPE1-LoopBack0] quit
    [UPE1] mpls lsr-id 1.1.1.9
    [UPE1] mpls ldp
    [UPE1-ldp] quit
    [UPE1] interface vlan-interface 11
    [UPE1-Vlan-interface11] ip address 172.1.1.1 24
    [UPE1-Vlan-interface11] mpls enable
    [UPE1-Vlan-interface11] mpls ldp enable
    [UPE1-Vlan-interface11] quit
    

    # Configure the IGP protocol (OSPF, in this example).

    [UPE1] ospf
    [UPE1-ospf-1] area 0
    [UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [UPE1-ospf-1-area-0.0.0.0] quit
    [UPE1-ospf-1] quit
    

    # Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1.

    [UPE1] ip vpn-instance vpn1
    [UPE1-vpn-instance-vpn1] route-distinguisher 100:1
    [UPE1-vpn-instance-vpn1] vpn-target 100:1 both
    [UPE1-vpn-instance-vpn1] quit
    [UPE1] ip vpn-instance vpn2
    [UPE1-vpn-instance-vpn2] route-distinguisher 100:2
    [UPE1-vpn-instance-vpn2] vpn-target 100:2 both
    [UPE1-vpn-instance-vpn2] quit
    [UPE1] interface vlan-interface 12
    [UPE1-Vlan-interface12] ip binding vpn-instance vpn1
    [UPE1-Vlan-interface12] ip address 10.2.1.2 24
    [UPE1-Vlan-interface12] quit
    [UPE1] interface vlan-interface 13
    [UPE1-Vlan-interface13] ip binding vpn-instance vpn2
    [UPE1-Vlan-interface13] ip address 10.4.1.2 24
    [UPE1-Vlan-interface13] quit
    

    # Establish an MP-IBGP peer relationship with SPE 1.

    [UPE1] bgp 100
    [UPE1-bgp] peer 2.2.2.9 as-number 100
    [UPE1-bgp] peer 2.2.2.9 connect-interface loopback 0
    [UPE1-bgp] address-family vpnv4
    [UPE1-bgp-vpnv4] peer 2.2.2.9 enable
    [UPE1-bgp-vpnv4] quit
    

    # Establish an EBGP peer relationship with CE 1, and redistribute VPN routes into BGP.

    [UPE1-bgp] ip vpn-instance vpn1
    [UPE1-bgp-vpn1] peer 10.2.1.1 as-number 65410
    [UPE1-bgp-vpn1] address-family ipv4 unicast
    [UPE1-bgp-ipv4-vpn1] peer 10.2.1.1 enable
    [UPE1-bgp-ipv4-vpn1] import-route direct
    [UPE1-bgp-ipv4-vpn1] quit
    [UPE1-bgp-vpn1] quit
    

    # Establish an EBGP peer relationship with CE 2, and redistribute VPN routes into BGP.

    [UPE1-bgp] ip vpn-instance vpn2
    [UPE1-bgp-vpn2] peer 10.4.1.1 as-number 65420
    [UPE1-bgp-vpn2] address-family ipv4 unicast
    [UPE1-bgp-ipv4-vpn2] peer 10.4.1.1 enable
    [UPE1-bgp-ipv4-vpn2] import-route direct
    [UPE1-bgp-ipv4-vpn2] quit
    [UPE1-bgp-vpn2] quit
    [UPE1-bgp] quit
    
  2. Configure CE 1.

    <CE1> system-view
    [CE1] interface vlan-interface 12
    [CE1-Vlan-interface12] ip address 10.2.1.1 255.255.255.0
    [CE1-Vlan-interface12] quit
    [CE1] bgp 65410
    [CE1-bgp] peer 10.2.1.2 as-number 100
    [CE1-bgp] address-family ipv4 unicast
    [CE1-bgp-ipv4] peer 10.2.1.2 enable
    [CE1-bgp-ipv4] import-route direct
    [CE1-bgp-ipv4] quit
    [CE1-bgp] quit
    
  3. Configure CE 2.

    <CE2> system-view
    [CE2] interface vlan-interface 13
    [CE2-Vlan-interface13] ip address 10.4.1.1 255.255.255.0
    [CE2-Vlan-interface13] quit
    [CE2] bgp 65420
    [CE2-bgp] peer 10.4.1.2 as-number 100
    [CE2-bgp] address-family ipv4 unicast
    [CE2-bgp-ipv4] peer 10.4.1.2 enable
    [CE2-bgp-ipv4] import-route direct
    [CE2-bgp-ipv4] quit
    [CE2-bgp] quit
    
  4. Configure UPE 2:

    # Configure basic MPLS and MPLS LDP to establish LDP LSPs.

    <UPE2> system-view
    [UPE2] interface loopback 0
    [UPE2-Loopback0] ip address 4.4.4.9 32
    [UPE2-Loopback0] quit
    [UPE2] mpls lsr-id 4.4.4.9
    [UPE2] mpls ldp
    [UPE2-ldp] quit
    [UPE2] interface vlan-interface 11
    [UPE2-Vlan-interface11] ip address 172.2.1.1 24
    [UPE2-Vlan-interface11] mpls enable
    [UPE2-Vlan-interface11] mpls ldp enable
    [UPE2-Vlan-interface11] quit
    

    # Configure the IGP protocol (OSPF, in this example).

    [UPE2] ospf
    [UPE2-ospf-1] area 0
    [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
    [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
    [UPE2-ospf-1-area-0.0.0.0] quit
    [UPE2-ospf-1] quit
    

    # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.

    [UPE2] ip vpn-instance vpn1
    [UPE2-vpn-instance-vpn1] route-distinguisher 300:1
    [UPE2-vpn-instance-vpn1] vpn-target 100:1 both
    [UPE2-vpn-instance-vpn1] quit
    [UPE2] ip vpn-instance vpn2
    [UPE2-vpn-instance-vpn2] route-distinguisher 400:2
    [UPE2-vpn-instance-vpn2] vpn-target 100:2 both
    [UPE2-vpn-instance-vpn2] quit
    [UPE2] interface vlan-interface 12
    [UPE2-Vlan-interface12] ip binding vpn-instance vpn1
    [UPE2-Vlan-interface12] ip address 10.1.1.2 24
    [UPE2-Vlan-interface12] quit
    [UPE2] interface vlan-interface 13
    [UPE2-Vlan-interface13] ip binding vpn-instance vpn2
    [UPE2-Vlan-interface13] ip address 10.3.1.2 24
    [UPE2-Vlan-interface13] quit
    

    # Establish an MP-IBGP peer relationship with SPE 2.

    [UPE2] bgp 100
    [UPE2-bgp] peer 3.3.3.9 as-number 100 
    [UPE2-bgp] peer 3.3.3.9 connect-interface loopback 0
    [UPE2-bgp] address-family vpnv4
    [UPE2-bgp-vpnv4] peer 3.3.3.9 enable
    [UPE2-bgp-vpnv4] quit
    

    # Establish an EBGP peer relationship with CE 3 and redistribute VPN routes.

    [UPE2-bgp] ip vpn-instance vpn1
    [UPE2-bgp-vpn1] peer 10.1.1.1 as-number 65430
    [UPE2-bgp-vpn1] address-family ipv4 unicast
    [UPE2-bgp-ipv4-vpn1] peer 10.1.1.1 enable
    [UPE2-bgp-ipv4-vpn1] import-route direct
    [UPE2-bgp-ipv4-vpn1] quit
    [UPE2-bgp-vpn1] quit
    

    # Establish an EBGP peer relationship with CE 4, and redistribute VPN routes into BGP.

    [UPE2-bgp] ip vpn-instance vpn2
    [UPE2-bgp-vpn2] peer 10.3.1.1 as-number 65440
    [UPE2-bgp-vpn2] address-family ipv4 unicast
    [UPE2-bgp-ipv4-vpn2] peer 10.3.1.1 enable
    [UPE2-bgp-ipv4-vpn2] import-route direct
    [UPE2-bgp-ipv4-vpn2] quit
    [UPE2-bgp-vpn2] quit
    [UPE2-bgp] quit
    
  5. Configure CE 3.

    <CE3> system-view
    [CE3] interface vlan-interface 12
    [CE3-Vlan-interface12] ip address 10.1.1.1 255.255.255.0
    [CE3-Vlan-interface12] quit
    [CE3] bgp 65430
    [CE3-bgp] peer 10.1.1.2 as-number 100
    [CE3-bgp] address-family ipv4 unicast
    [CE3-bgp-ipv4] peer 10.1.1.2 enable
    [CE3-bgp-ipv4] import-route direct
    [CE3-bgp-ipv4] quit
    [CE3-bgp] quit
    
  6. Configure CE 4.

    <CE4> system-view
    [CE4] interface vlan-interface 13
    [CE4-Vlan-interface13] ip address 10.3.1.1 255.255.255.0
    [CE4-Vlan-interface13] quit
    [CE4] bgp 65440
    [CE4-bgp] peer 10.3.1.2 as-number 100
    [CE4-bgp] address-family ipv4 unicast
    [CE4-bgp-ipv4] peer 10.3.1.2 enable
    [CE4-bgp-ipv4] import-route direct
    [CE4-bgp-ipv4] quit
    [CE4-bgp] quit
    
  7. Configure SPE 1:

    # Configure basic MPLS and MPLS LDP to establish LDP LSPs.

    <SPE1> system-view
    [SPE1] interface loopback 0
    [SPE1-LoopBack0] ip address 2.2.2.9 32
    [SPE1-LoopBack0] quit
    [SPE1] mpls lsr-id 2.2.2.9
    [SPE1] mpls ldp
    [SPE1-ldp] quit
    [SPE1] interface vlan-interface 11
    [SPE1-Vlan-interface11] ip address 172.1.1.2 24
    [SPE1-Vlan-interface11] mpls enable
    [SPE1-Vlan-interface11] mpls ldp enable
    [SPE1-Vlan-interface11] quit 
    [SPE1] interface vlan-interface 12
    [SPE1-Vlan-interface12] ip address 180.1.1.1 24
    [SPE1-Vlan-interface12] mpls enable
    [SPE1-Vlan-interface12] mpls ldp enable
    [SPE1-Vlan-interface12] quit 
    

    # Configure the IGP protocol (OSPF, in this example).

    [SPE1] ospf
    [SPE1-ospf-1] area 0
    [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
    [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255
    [SPE1-ospf-1-area-0.0.0.0] quit
    [SPE1-ospf-1] quit
    

    # Configure VPN instances vpn1 and vpn2.

    [SPE1] ip vpn-instance vpn1
    [SPE1-vpn-instance-vpn1] route-distinguisher 500:1
    [SPE1-vpn-instance-vpn1] vpn-target 100:1 both
    [SPE1-vpn-instance-vpn1] quit
    [SPE1] ip vpn-instance vpn2
    [SPE1-vpn-instance-vpn2] route-distinguisher 700:1
    [SPE1-vpn-instance-vpn2] vpn-target 100:2 both
    [SPE1-vpn-instance-vpn2] quit
    

    # Establish MP-IBGP peer relationships with SPE 2 and UPE 1, and specify UPE 1 as a UPE.

    [SPE1] bgp 100
    [SPE1-bgp] peer 1.1.1.9 as-number 100
    [SPE1-bgp] peer 1.1.1.9 connect-interface loopback 0
    [SPE1-bgp] peer 3.3.3.9 as-number 100
    [SPE1-bgp] peer 3.3.3.9 connect-interface loopback 0
    [SPE1-bgp] address-family vpnv4
    [SPE1-bgp-vpnv4] peer 3.3.3.9 enable
    [SPE1-bgp-vpnv4] peer 1.1.1.9 enable
    [SPE1-bgp-vpnv4] peer 1.1.1.9 upe
    [SPE1-bgp-vpnv4] peer 1.1.1.9 next-hop-local
    [SPE1-bgp-vpnv4] quit
    

    # Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

    [SPE1-bgp] ip vpn-instance vpn1
    [SPE1-bgp-vpn1] quit
    [SPE1-bgp] ip vpn-instance vpn2
    [SPE1-bgp-vpn2] quit
    [SPE1-bgp] quit
    

    # Advertise to UPE 1 the routes permitted by a routing policy (the routes of CE 3).

    [SPE1] ip prefix-list hope index 10 permit 10.1.1.1 24
    [SPE1] route-policy hope permit node 0
    [SPE1-route-policy-hope-0] if-match ip address prefix-list hope
    [SPE1-route-policy-hope-0] quit
    [SPE1] bgp 100
    [SPE1-bgp] address-family vpnv4
    [SPE1-bgp-vpnv4] peer 1.1.1.9 upe route-policy hope export
    
  8. Configure SPE 2:

    # Configure basic MPLS and MPLS LDP to establish LDP LSPs.

    <SPE2> system-view
    [SPE2] interface loopback 0
    [SPE2-LoopBack0] ip address 3.3.3.9 32
    [SPE2-LoopBack0] quit
    [SPE2] mpls lsr-id 3.3.3.9
    [SPE2] mpls ldp
    [SPE2-ldp] quit
    [SPE2] interface vlan-interface 12
    [SPE2-Vlan-interface12] ip address 180.1.1.2 24
    [SPE2-Vlan-interface12] mpls enable
    [SPE2-Vlan-interface12] mpls ldp enable
    [SPE2-Vlan-interface12] quit 
    [SPE2] interface vlan-interface 11
    [SPE2-Vlan-interface11] ip address 172.2.1.2 24
    [SPE2-Vlan-interface11] mpls enable
    [SPE2-Vlan-interface11] mpls ldp enable
    [SPE2-Vlan-interface11] quit 
    

    # Configure the IGP protocol (OSPF, in this example).

    [SPE2] ospf
    [SPE2-ospf-1] area 0
    [SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
    [SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
    [SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255
    [SPE2-ospf-1-area-0.0.0.0] quit
    [SPE2-ospf-1] quit
    

    # Configure VPN instances vpn1 and vpn2.

    [SPE2] ip vpn-instance vpn1
    [SPE2-vpn-instance-vpn1] route-distinguisher 600:1
    [SPE2-vpn-instance-vpn1] vpn-target 100:1 both
    [SPE2-vpn-instance-vpn1] quit
    [SPE2] ip vpn-instance vpn2
    [SPE2-vpn-instance-vpn2] route-distinguisher 800:1
    [SPE2-vpn-instance-vpn2] vpn-target 100:2 both
    [SPE2-vpn-instance-vpn2] quit
    

    # Establish MP-IBGP peer relationships with SPE 1 and UPE 2, and specify UPE 2 as a UPE.

    [SPE2] bgp 100
    [SPE2-bgp] peer 4.4.4.9 as-number 100
    [SPE2-bgp] peer 4.4.4.9 connect-interface loopback 0
    [SPE2-bgp] peer 2.2.2.9 as-number 100
    [SPE2-bgp] peer 2.2.2.9 connect-interface loopback 0
    [SPE2-bgp] address-family vpnv4
    [SPE2-bgp-vpnv4] peer 2.2.2.9 enable
    [SPE2-bgp-vpnv4] peer 4.4.4.9 enable
    [SPE2-bgp-vpnv4] peer 4.4.4.9 upe
    [SPE2-bgp-vpnv4] peer 4.4.4.9 next-hop-local
    [SPE2-bgp-vpnv4] quit
    

    # Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

    [SPE2-bgp] ip vpn-instance vpn1
    [SPE2-bgp-vpn1] quit
    [SPE2-bgp] ip vpn-instance vpn2
    [SPE2-bgp-vpn2] quit
    [SPE2-bgp] quit
    

    # Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1).

    [SPE2] ip prefix-list hope index 10 permit  10.2.1.1 24
    [SPE2] route-policy hope permit node 0
    [SPE2-route-policy-hope-0] if-match ip address prefix-list hope
    [SPE2-route-policy-hope-0] quit
    [SPE2] bgp 100
    [SPE2-bgp] address-family vpnv4
    [SPE2-bgp-vpnv4] peer 4.4.4.9 upe route-policy hope export
    

Verifying the configuration

# Verify that CE 1 and CE3 can learn each other's interface routes and can ping each other. CE 2 and CE 4 cannot learn each other's interface routes and cannot ping each other. (Details not shown.)