Configuring IPv6 MPLS L3VPNs
Network requirements
CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2.
VPN 1 uses route target attributes 111:1. VPN 2 uses route target attributes 222:2. Users of different VPNs cannot access each other.
Run EBGP between CE and PE switches to exchange VPN routing information.
PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.
Figure 62: Network diagram
Table 17: Interface and IP address assignment
Device | Interface | IP address | Device | Interface | IP address |
|---|---|---|---|---|---|
CE 1 | Vlan-int11 | 2001:1::1/96 | P | Loop0 | 2.2.2.9/32 |
PE 1 | Loop0 | 1.1.1.9/32 | Vlan-int12 | 172.2.1.1/24 | |
Vlan-int11 | 2001:1::2/96 | Vlan-int13 | 172.1.1.2/24 | ||
Vlan-int13 | 172.1.1.1/24 | PE 2 | Loop0 | 3.3.3.9/32 | |
Vlan-int12 | 2001:2::2/96 | Vlan-int12 | 172.2.1.2/24 | ||
CE 2 | Vlan-int12 | 2001:2::1/96 | Vlan-int11 | 2001:3::2/96 | |
CE 3 | Vlan-int11 | 2001:3::1/96 | Vlan-int13 | 2001:4::2/96 | |
CE 4 | Vlan-int13 | 2001:4::1/96 |
Configuration procedure
Configure OSPF on the MPLS backbone to ensure IP connectivity among the PEs and the P switch:
# Configure PE 1.
<PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface13] ip address 172.1.1.1 24 [PE1-Vlan-interface13] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure the P switch.
<P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE 2.
<PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.3.3.9 32 [PE2-LoopBack0] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip address 172.2.1.2 24 [PE2-Vlan-interface12] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
# Verify that the PEs have learned the routes to the loopback interfaces of each other. This example uses PE 1.
[PE1] display ip routing-table display ip routing-table protocol ospf Summary Count : 5 OSPF Routing table Status : <Active> Summary Count : 3 Destination/Mask Proto Pre Cost NextHop Interface 2.2.2.9/32 OSPF 10 1 172.1.1.2 Vlan13 3.3.3.9/32 OSPF 10 2 172.1.1.2 Vlan13 172.2.1.0/24 OSPF 10 2 172.1.1.2 Vlan13 OSPF Routing table Status : <Inactive> Summary Count : 2 Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.9/32 OSPF 10 0 1.1.1.9 Loop0 172.1.1.0/24 OSPF 10 1 172.1.1.1 Vlan13
# Verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. This example uses PE 1.
[PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 172.1.1.2 BDR: 172.1.1.1 MTU: 0 Options is 0x02 (-|-|-|-|-|-|E|-) Dead timer due in 39 sec Neighbor is up for 00:00:29 Authentication Sequence: [ 0 ] Neighbor state change count: 6Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs:
# Configure PE 1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface13] mpls enable [PE1-Vlan-interface13] mpls ldp enable [PE1-Vlan-interface13] quit
# Configure the P switch.
[P] mpls lsr-id 2.2.2.9 [P] mpls ldp [P-ldp] quit [P] interface vlan-interface 13 [P-Vlan-interface13] mpls enable [P-Vlan-interface13] mpls ldp enable [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] mpls enable [P-Vlan-interface12] mpls ldp enable [P-Vlan-interface12] quit
# Configure PE 2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls ldp [PE2-ldp] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] mpls enable [PE2-Vlan-interface12] mpls ldp enable [PE2-Vlan-interface12] quit
# Verify that LDP sessions in Operational state have been established between PE 1, P, and PE 2. This example uses PE 1.
[PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State LAM Role GR MD5 KA Sent/Rcvd 2.2.2.9:0 Operational DU Passive Off Off 5/5
# Verify that the LSPs have been established by LDP. This example uses PE 1.
[PE1] display mpls ldp lsp Status codes: * - stale, L - liberal Statistics: FECs: 3 Ingress LSPs: 2 Transit LSPs: 2 Egress LSPs: 1 FEC In/Out Label Nexthop OutInterface 1.1.1.9/32 3/- -/1151(L) 2.2.2.9/32 -/3 172.1.1.2 Vlan-interface13 1151/3 172.1.1.2 Vlan-interface13 3.3.3.9/32 -/1150 172.1.1.2 Vlan-interface13 1150/1150 172.1.1.2 Vlan-interface13Configure VPN instances on the PEs:
# Configure PE 1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ipv6 address 2001:1::2 96 [PE1-Vlan-interface11] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn2 [PE1-Vlan-interface12] ipv6 address 2001:2::2 96 [PE1-Vlan-interface12] quit
# Configure PE 2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ipv6 address 2001:3::2 96 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ipv6 address 2001:4::2 96 [PE2-Vlan-interface13] quit
# Configure IP addresses for the CEs according to Figure 62. (Details not shown.)
# Display information about the VPN instances on PEs. This example uses PE 1.
[PE1] display ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpn1 100:1 2012/02/13 12:49:08 vpn2 100:2 2012/02/13 12:49:20
# Verify that the PEs can ping their attached CEs. This example uses PE 1.
[PE1] ping ipv6 -vpn-instance vpn1 2001:1::1 Ping6(56 bytes) 2001:1::2 --> 2001:1::1, press CTRL_C to break 56 bytes from 2001:1::1, icmp_seq=0 hlim=64 time=9.000 ms 56 bytes from 2001:1::1, icmp_seq=1 hlim=64 time=1.000 ms 56 bytes from 2001:1::1, icmp_seq=2 hlim=64 time=0.000 ms 56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=0.000 ms 56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms --- Ping6 statistics for 2001:1::1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/2.000/9.000/3.521 ms
Establish EBGP peer relationships between the PEs and CEs to exchange VPN routes:
# Configure CE 1.
<CE1> system-view [CE1] bgp 65410 [CE1-bgp] peer 2001:1::2 as-number 100 [CE1-bgp] address-family ipv6 unicast [CE1-bgp-ipv6] peer 2001:1::2 enable [CE1-bgp-ipv6] import-route direct [CE1-bgp-ipv6] quit [CE1-bgp] quit
# Configure the other three CEs (CE 2 through CE 4) in the same way that CE 1 is configured. (Details not shown.)
# Configure PE 1.
[PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 2001:1::1 as-number 65410 [PE1-bgp-vpn1] address-family ipv6 unicast [PE1-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] ip vpn-instance vpn2 [PE1-bgp-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-vpn2] address-family ipv6 unicast [PE1-bgp-ipv6-vpn2] peer 2001:2::1 enable [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp-vpn2] quit [PE1-bgp] quit
# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.)
# Execute the display bgp peer ipv6 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE. (Details not shown.)
Configure an MP-IBGP peer relationship between the PEs:
# Configure PE 1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv6 [PE1-bgp-af-vpnv6] peer 3.3.3.9 enable [PE1-bgp-af-vpnv6] quit [PE1-bgp] quit
# Configure PE 2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.1.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit
# Execute the display bgp peer vpnv6 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.)
Verifying the configuration
# Execute the display ipv6 routing-table vpn-instance command on the PEs. The output shows the routes to the CEs. This example uses PE 1.
[PE1] display ipv6 routing-table vpn-instance vpn1 Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:1::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : Vlan11 Cost : 0 Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:3::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.9 Preference: 255 Interface : Vlan13 Cost : 0 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 [PE1] display ipv6 routing-table vpn-instance vpn2 Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:2::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : Vlan12 Cost : 0 Destination: 2001:2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:4::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.9 Preference: 255 Interface : Vlan13 Cost : 0 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0
# Verify that CEs of the same VPN can ping each other, and CEs of different VPNs cannot ping each other. For example, CE 1 can ping CE 3 (2001:3::1), but cannot ping CE 4 (2001:4::1). (Details not shown.)