Configuring the MCE that uses OSPF to advertise VPN routes to the PE

Network requirements

As shown in Figure 95, VPN 2 runs OSPF. Configure the MCE device to separate routes from different VPNs and to advertise the VPN routes to PE 1 through OSPF.

Figure 95: Network diagram

Configuration procedure

Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, and the system name of PE 1 is PE1.

Configure the VPN instances on the MCE and PE 1:

# On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

<MCE> system-view
[MCE] ip vpn-instance vpn1
[MCE-vpn-instance-vpn1] route-distinguisher 10:1
[MCE-vpn-instance-vpn1] vpn-target 10:1
[MCE-vpn-instance-vpn1] quit
[MCE] ip vpn-instance vpn2
[MCE-vpn-instance-vpn2] route-distinguisher 20:1
[MCE-vpn-instance-vpn2] vpn-target 20:1
[MCE-vpn-instance-vpn2] quit

# Create VLAN 10, add port Ten-GigabitEthernet 1/0/1 to VLAN 10, and create VLAN-interface 10.

[MCE] vlan 10
[MCE-vlan10] port ten-gigabitethernet 1/0/1
[MCE-vlan10] quit

# Bind VLAN-interface 10 to VPN instance vpn1, and configure an IP address for VLAN-interface 10.

[MCE] interface vlan-interface 10
[MCE-Vlan-interface10] ip binding vpn-instance vpn1
[MCE-Vlan-interface10] ip address 10.214.10.3 24 
[MCE-Vlan-interface10] quit

# Configure VLAN 20, add port Ten-GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 to VPN instance vpn2, and specify an IP address for VLAN-interface 20.

[MCE] vlan 20
[MCE-vlan20] port ten-gigabitethernet 1/0/2
[MCE-vlan20] quit
[MCE] interface vlan-interface 20
[MCE-Vlan-interface20] ip binding vpn-instance vpn2
[MCE-Vlan-interface20] ip address 10.214.20.3 24
[MCE-Vlan-interface20] quit

# On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 10:1
[PE1-vpn-instance-vpn1] vpn-target 10:1
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 20:1
[PE1-vpn-instance-vpn2] vpn-target 20:1
[PE1-vpn-instance-vpn2] quit

Configure routing between the MCE and VPN sites:

The MCE is connected to VPN 1 directly, and no routing protocol is enabled in VPN 1. Therefore, you can configure static routes.

# On VR 1, assign IP address 10.214.10.2/24 to the interface connected to MCE and 192.168.0.1/24 to the interface connected to VPN 1. Add ports to VLANs correctly. (Details not shown.)

# On VR 1, configure a default route with the next hop being 10.214.10.3.

<VR1> system-view
[VR1] ip route-static 0.0.0.0 0.0.0.0 10.214.10.3

# On the MCE, configure a static route to 192.168.0.0/24, specify the next hop as 10.214.10.2, and bind the static route to VPN instance vpn1.

[MCE] ip route-static vpn-instance vpn1 192.168.0.0 24 10.214.10.2

# On the MCE, display the routing information maintained for VPN instance vpn1.

[MCE] display ip routing-table vpn-instance vpn1

Destinations : 13        Routes : 13

Destination/Mask    Proto  Pre  Cost         NextHop         Interface
0.0.0.0/32          Direct 0    0            127.0.0.1       InLoop0
10.214.10.0/24      Direct 0    0            10.214.10.3     Vlan10
10.214.10.0/32      Direct 0    0            10.214.10.3     Vlan10
10.214.10.3/32      Direct 0    0            127.0.0.1       InLoop0
10.214.10.255/32    Direct 0    0            10.214.10.3     Vlan10
127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
127.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0
192.168.0.0/24      Static 60   0            10.214.10.2     Vlan10
224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0
224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0
255.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0

The output shows that the MCE has a static route for VPN instance vpn1.

# Run OSPF in VPN 2. Create OSPF process 20 and bind it to VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of the VPN instance vpn2.

[MCE] ospf 2 vpn-instance vpn2

# Advertise subnet 10.214.20.0.

[MCE-ospf-2] area 0
[MCE-ospf-2-area-0.0.0.0] network 10.214.20.0 0.0.0.255
[MCE-ospf-2-area-0.0.0.0] quit
[MCE-ospf-2] quit

# On VR 2, assign IP address 10.214.20.2/24 to the interface connected to MCE and 192.168.10.1/24 to the interface connected to VPN 2. (Details not shown.)

# Configure OSPF process 2, and advertise subnets 192.168.10.0 and 10.214.20.0.

<VR2> system-view
[VR2] ospf 2
[VR2-ospf-2] area 0
[VR2-ospf-2-area-0.0.0.0] network 192.168.10.0 0.0.0.255
[VR2-ospf-2-area-0.0.0.0] network 10.214.20.0 0.0.0.255
[VR2-ospf-2-area-0.0.0.0] quit
[VR2-ospf-2] quit

# On the MCE, display the routing information maintained for VPN instance vpn2.

[MCE] display ip routing-table vpn-instance vpn2

Destinations : 13        Routes : 13

Destination/Mask    Proto  Pre  Cost         NextHop         Interface
0.0.0.0/32          Direct 0    0            127.0.0.1       InLoop0
10.214.20.0/24      Direct 0    0            10.214.20.3     Vlan20
10.214.20.0/32      Direct 0    0            10.214.20.3     Vlan20
10.214.20.3/32      Direct 0    0            127.0.0.1       InLoop0
10.214.20.255/32    Direct 0    0            10.214.20.3     Vlan20
127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
127.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0
192.168.10.0/24     OSPF   10   2            10.214.20.2     Vlan20
224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0
224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0
255.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0

The output shows that the MCE has learned the private routes of VPN 2. The MCE maintains the routes of VPN 1 and those of VPN2 in two different routing tables. In this way, routes from different VPNs are separated.

Configure routing between the MCE and PE 1:

# The MCE uses port Ten-GigabitEthernet 1/0/3 to connect to PE's port Ten-GigabitEthernet 1/0/1. Configure the two ports as trunk ports, and configure them to permit packets carrying VLAN tags 30 and 40 to pass.

[MCE] interface ten-gigabitethernet 1/0/3
[MCE-Ten-GigabitEthernet1/0/3] port link-type trunk
[MCE-Ten-GigabitEthernet1/0/3] port trunk permit vlan 30 40
[MCE-Ten-GigabitEthernet1/0/3] quit

# Configure port Ten-GigabitEthernet 1/0/1 on the PE.

[PE1] interface ten-gigabitethernet 1/0/1
[PE1-Ten-GigabitEthernet1/0/1] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 30 40
[PE1-Ten-GigabitEthernet1/0/1] quit

# On the MCE, create VLAN 30 and VLAN-interface 30, bind the VLAN interface to VPN instance vpn1, and configure an IP address for the VLAN interface.

[MCE] vlan 30
[MCE-vlan30] quit
[MCE] interface vlan-interface 30
[MCE-Vlan-interface30] ip binding vpn-instance vpn1
[MCE-Vlan-interface30] ip address 30.1.1.1 24
[MCE-Vlan-interface30] quit

# On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface to VPN instance vpn2, and configure an IP address for the VLAN interface.

[MCE] vlan 40
[MCE-vlan40] quit
[MCE] interface vlan-interface 40
[MCE-Vlan-interface40] ip binding vpn-instance vpn2
[MCE-Vlan-interface40] ip address 40.1.1.1 24
[MCE-Vlan-interface40] quit

# On PE 1, create VLAN 30 and VLAN-interface 30, bind the VLAN interface to VPN instance vpn1, and configure an IP address for the VLAN interface.

[PE1] vlan 30
[PE1-vlan30] quit
[PE1] interface vlan-interface 30
[PE1-Vlan-interface30] ip binding vpn-instance vpn1
[PE1-Vlan-interface30] ip address 30.1.1.2 24
[PE1-Vlan-interface30] quit

# On PE 1, create VLAN 40 and VLAN-interface 40, bind the VLAN interface to VPN instance vpn2, and configure an IP address for the VLAN interface.

[PE1] vlan 40
[PE1-vlan40] quit
[PE1] interface vlan-interface 40
[PE1-Vlan-interface40] ip binding vpn-instance vpn2
[PE1-Vlan-interface40] ip address 40.1.1.2 24
[PE1-Vlan-interface40] quit

# Configure the IP address of the interface Loopback 0 as 101.101.10.1 for the MCE and as 100.100.10.1 for PE 1. Specify the loopback interface address as the router ID for the MCE and PE 1. (Details not shown.)

# Enable OSPF process 10 on the MCE, bind the process to VPN instance vpn1, disable OSPF routing loop detection, and set the domain ID to 10.

[MCE] ospf 10 router-id 101.101.10.1 vpn-instance vpn1
[MCE-ospf-10] vpn-instance-capability simple
[MCE-ospf-10] domain-id 10

# On the MCE, advertise subnet 30.1.1.0 in area 0, and redistribute the static route of VPN 1.

[MCE-ospf-10] area 0
[MCE-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[MCE-ospf-10-area-0.0.0.0] quit
[MCE-ospf-10] import-route static

# On PE 1, enable OSPF process 10, bind the process to VPN instance vpn1, set the domain ID to 10, and advertise subnet 30.1.1.0 in area 0.

[PE1] ospf 10 router-id 100.100.10.1 vpn-instance vpn1
[PE1-ospf-10] domain-id 10
[PE1-ospf-10] area 0
[PE1-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[PE1-ospf-10-area-0.0.0.0] quit
[PE1-ospf-10] quit

# Use similar procedures to configure OSPF process 20 between MCE and PE 1 and redistribute VPN 2's routing information. (Details not shown.)

Verifying the configuration

# On PE 1, display the routing information for VPN 1. The output shows that the static route of VPN 1 has been redistributed to the OSPF routing table of PE 1.

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 13        Routes : 13

Destination/Mask    Proto  Pre  Cost         NextHop         Interface
0.0.0.0/32          Direct 0    0            127.0.0.1       InLoop0
30.1.1.0/24         Direct 0    0            30.1.1.2        Vlan30
30.1.1.0/32         Direct 0    0            30.1.1.2        Vlan30
30.1.1.2/32         Direct 0    0            127.0.0.1       InLoop0
30.1.1.255/32       Direct 0    0            30.1.1.2        Vlan30
127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
127.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0
192.168.0.0/24      OSPF   150  1            30.1.1.1        Vlan30
224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0
224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0
255.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0

# On PE 1, display the routing information for VPN 2. The output shows that the routes of OSPF process 2 in VPN 2 have been redistributed to the OSPF routing table of PE 1.

[PE1] display ip routing-table vpn-instance vpn2

Destinations : 13        Routes : 13

Destination/Mask    Proto  Pre  Cost         NextHop         Interface
0.0.0.0/32          Direct 0    0            127.0.0.1       InLoop0
40.1.1.0/24         Direct 0    0            40.1.1.2        Vlan40
40.1.1.0/32         Direct 0    0            40.1.1.2        Vlan40
40.1.1.2/32         Direct 0    0            127.0.0.1       InLoop0
40.1.1.255/32       Direct 0    0            40.1.1.2        Vlan40
127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
127.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0
192.168.10.0/24     OSPF   150  1            40.1.1.1        Vlan40
224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0
224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0
255.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0

Now, the routing information for the two VPNs has been redistributed into the routing tables on PE 1.

prev	up	next
MCE configuration examples	home	Configuring the MCE that uses EBGP to advertise VPN routes to the PE