#ipran configuration

The public network tunnel of a Martini VLL can be an MPLS TE tunnel.

Networking Requirements

As shown in Figure 1, CE1 and CE2 belong to the same VPN. They access the MPLS backbone network through PE1 and PE2 respectively. OSPF is used as the IGP protocol on the MPLS backbone network.

In this scenario, you need to configure Martini VLL. An MPLS TE tunnel must be established between PE1 and PE2 through the dynamic signaling protocol RSVP-TE to forward the traffic of the VLL. The bandwidth of the tunnel is 20 Mbit/s. The maximum bandwidth of the link that the TE tunnel passes through is 100 Mbit/s, and the maximum reservable bandwidth is 50 Mbit/s.

Figure 1 Networking diagram of configuring Martini L2VPN using MPLS TE tunnels 

Configuration Roadmap

The configuration roadmap is as follows:

Configure a routing protocol and enable MPLS on related devices (PEs and P) in the backbone network to implement interworking.

Establish the MPLS TE tunnel and configure the tunnel policy. For the details of establishing an MPLS TE tunnel, refer to the chapter "MPLS TE Configuration" in the HUAWEI CX600 Metro Services Platform Configuration Guide - MPLS.

Enable VLL on the PEs and establish VCs.

Data Preparation

To complete the configuration, you need the following data:

OSPF area enabled with TE

Name of the tunnel policy

Number of tunnels involved in load balancing (if load balancing is not performed, the number of tunnels is 1)

Procedure

Configure an IP address for each interface and configure OSPF in the backbone network.

The configuration details are not mentioned here.

Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS TE CSPF.

Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and the interface view of each node along the tunnel, and enable MPLS TE CSPF in the MPLS view of the ingress of the tunnel.

# Configure PE1.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls

[PE1-mpls] mpls te

[PE1-mpls] mpls rsvp-te

[PE1-mpls] mpls te cspf

[PE1-mpls] quit

[PE1] interface pos1/0/0

[PE1-Pos1/0/0] mpls

[PE1-Pos1/0/0] mpls te

[PE1-Pos1/0/0] mpls rsvp-te

[PE1-Pos1/0/0] quit

# Configure P.

[P] mpls lsr-id 2.2.2.9

[P] mpls

[P-mpls] mpls te

[P-mpls] mpls rsvp-te

[P-mpls] quit

[P] interface pos1/0/0

[P-Pos1/0/0] mpls

[P-Pos1/0/0] mpls te

[P-Pos1/0/0] mpls rsvp-te

[P-Pos1/0/0] quit

[P] interface pos2/0/0

[P-Pos2/0/0] mpls

[P-Pos2/0/0] mpls te

[P-Pos2/0/0] mpls rsvp-te

[P-Pos2/0/0] quit

# Configure PE2.

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls

[PE2-mpls] mpls te

[PE2-mpls] mpls rsvp-te

[PE2-mpls] mpls te cspf

[PE2-mpls] quit

[PE2] interface pos1/0/0

[PE2-Pos1/0/0] mpls

[PE2-Pos1/0/0] mpls te

[PE2-Pos1/0/0] mpls rsvp-te

[PE2-Pos1/0/0] quit

Configure OSPF TE on the backbone network.

# Configure PE1.

[PE1] ospf

[PE1-ospf-1] opaque-capability enable

[PE1-ospf-1] area 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] mpls-te enable

# Configure P.

[P] ospf

[P-ospf-1] opaque-capability enable

[P-ospf-1] area 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] mpls-te enable

# Configure PE2.

[PE2] ospf

[PE2-ospf-1] opaque-capability enable

[PE2-ospf-1] area 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] mpls-te enable

Configure the MPLS TE attributes of the links.

Configure the maximum bandwidth and the maximum reservable bandwidth of the link on the interface of each CX device along the tunnel.

# Configure PE1.

[PE1] interface pos 1/0/0

[PE1-Pos1/0/0] mpls te bandwidth max-reservable-bandwidth 100000

[PE1-Pos1/0/0] mpls te bandwidth bc0 50000

[PE1-Pos1/0/0] quit

# Configure P.

[P] interface pos 1/0/0

[P-Pos1/0/0] mpls te bandwidth max-reservable-bandwidth 100000

[P-Pos1/0/0] mpls te bandwidth bc0 50000

[P-Pos1/0/0] quit

[P] interface pos 2/0/0

[P-Pos2/0/0] mpls te bandwidth max-reservable-bandwidth 100000

[P-Pos2/0/0] mpls te bandwidth bc0 50000

[P-Pos2/0/0] quit

# Configure PE2.

[PE2] interface pos 1/0/0

[PE2-Pos1/0/0] mpls te bandwidth max-reservable-bandwidth 100000

[PE2-Pos1/0/0] mpls te bandwidth bc0 50000

[PE2-Pos1/0/0] quit

Configure a tunnel interface.

# Create the tunnel interface on the PEs, specify the tunnel protocol as MPLS TE and the signaling protocol as RSVP-TE, and specify the bandwidth.

# Configure PE1.

<PE1> system-view

[PE1] interface tunnel 1/0/0

[PE1-Tunnel1/0/0] ip address unnumbered interface loopback1

[PE1-Tunnel1/0/0] tunnel-protocol mpls te

[PE1-Tunnel1/0/0] mpls te signal-protocol rsvp-te

[PE1-Tunnel1/0/0] destination 3.3.3.9

[PE1-Tunnel1/0/0] mpls te tunnel-id 100

[PE1-Tunnel1/0/0] mpls te bandwidth ct0 20000

[PE1-Tunnel1/0/0] mpls te commit

# Configure PE2.

<PE2> system-view

[PE2] interface tunnel 1/0/0

[PE2-Tunnel1/0/0] ip address unnumbered interface loopback1

[PE2-Tunnel1/0/0] tunnel-protocol mpls te

[PE2-Tunnel1/0/0] mpls te signal-protocol rsvp-te

[PE2-Tunnel1/0/0] destination 1.1.1.9

[PE2-Tunnel1/0/0] mpls te tunnel-id 101

[PE2-Tunnel1/0/0] mpls te bandwidth ct0 20000

[PE2-Tunnel1/0/0] mpls te commit

After the configuration, run the display this interface command in the tunnel interface view. You can view that the MPLS TE tunnel is established successfully. That is, Line protocol current state displays UP.

[PE1-Tunnel1/0/0] display this interface

Tunnel1/0/0 current state : UP

Line protocol current state : UP

Last line protocol up time : 2009-02-23 14:46:57

Description: Tunnel1/0/0 Interface

Route Port,The Maximum Transmit Unit is 1500

Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set

Tunnel destination 3.3.3.9

Tunnel up/down statistics 1

Tunnel protocol/transport MPLS/MPLS, ILM is available,

primary tunnel id is 0x1002002, secondary tunnel id is 0x0

300 seconds output rate 0 bytes/sec, 0 packets/sec

68 seconds output rate 0 bits/sec, 0 packets/sec

22894187 packets output, 2958834536 bytes

0 packets output error

ct0:0 packets output, 0 bytes

0 output error

Establish LDP sessions.

Establish a remote peer session between PE1 and PE2.

# Configure PE1.

[PE1] mpls ldp

[PE1-mpls-ldp] quit

[PE1] mpls ldp remote-peer 3.3.3.9

[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9

[PE1-mpls-ldp-remote-3.3.3.9] quit

# Configure PE2.

[PE2] mpls ldp

[PE2-mpls-ldp] quit

[PE2] mpls ldp remote-peer 1.1.1.9

[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9

[PE2-mpls-ldp-remote-1.1.1.9] quit

After the configuration, LDP sessions are established between the PEs.

Take the display on PE1 as an example:

[PE1] display mpls ldp session

LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------------ PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------------ 3.3.3.9:0 Operational DU Passive 000:00:07 31/31 ------------------------------------------------------------------------------ TOTAL: 1 session(s) Found.

Configure a tunnel policy and establish VC connections.

# Configure PE1.

[PE1] tunnel-policy policy1

[PE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1

[PE1-tunnel-policy-policy1] quit

[PE1] mpls l2vpn

[PE1-l2vpn] mpls l2vpn default martini

[PE1-l2vpn] quit

[PE1] interface pos2/0/0

[PE1-Pos2/0/0] mpls l2vc 3.3.3.9 100 tunnel-policy policy1

[PE1-Pos2/0/0] undo shutdown

[PE1-Pos2/0/0] quit

# Configure PE2.

[PE2] tunnel-policy policy1

[PE2-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1

[PE2-tunnel-policy-policy1] quit

[PE2] mpls l2vpn

[PE2-l2vpn] mpls l2vpn default martini

[PE2-l2vpn] quit

[PE2] interface pos2/0/0

[PE2-Pos2/0/0] mpls l2vc 1.1.1.9 100 tunnel-policy policy1

[PE2-Pos2/0/0] undo shutdown

[PE2-Pos2/0/0] quit

# Configure CE1.

<CE1> interface pos1/0/0

[CE1-Pos1/0/0] ip address 10.1.1.1 24

[CE1-Pos1/0/0] undo shutdown

[CE1-Pos1/0/0] quit

# Configure CE2.

<CE2> interface pos1/0/0

[CE2-Pos1/0/0] ip address 10.1.1.2 24

[CE2-Pos1/0/0] undo shutdown

[CE2-Pos1/0/0] quit

Verify the configuration.

Run the display mpls lsp verbose command on PE1. You can view that an MPLS RSVP-TE tunnel is established between 1.1.1.9 and 3.3.3.9. The LSP index of this tunnel is the same as the value in the MPLS forwarding table, which indicates that the local packets to 3.3.3.9 are forwarded through the MPLS TE tunnel.

<PE1> display mpls lsp verbose

----------------------------------------------------------------------

LSP Information: RSVP LSP

----------------------------------------------------------------------

No : 1

SessionID : 100

IngressLsrID : 1.1.1.9

LocalLspID : 1

Tunnel-Interface : Tunnel1/0/0

Fec : 3.3.3.9/32

TunnelTableIndex : 0x0

Nexthop : 100.1.1.2

In-Label : NULL

Out-Label : 13312

In-Interface : ----------

Out-Interface : Pos1/0/0

LspIndex : 4096

Token : 0x1002002

LsrType : Ingress

Mpls-Mtu : 1500

TimeStamp : 396sec

Bfd-State : ---

Run the display mpls te tunnel-interface command on the PEs. You can view detailed information about the tunnel. Take the display on PE1 as an example:

<PE1> display mpls te tunnel-interface

Tunnel Name : Tunnel1/0/0 Tunnel State Desc : CR-LSP is Up Tunnel Attributes : Session ID : 100 Ingress LSR ID : 1.1.1.9 Egress LSR ID: 3.3.3.9 Admin State : UP Oper State : UP Signaling Protocol : RSVP Tie-Breaking Policy : None Metric Type : None Car Policy : Disabled Bfd Cap : None BypassBW Flag : Not Supported BypassBW Type : - Bypass BW : - Retry Limit : 5 Retry Int : 2 sec Reopt : Disabled Reopt Freq : - Auto BW : Disabled Current Collected BW: - Auto BW Freq : - Min BW : - Max BW : - Tunnel Group : Primary Interfaces Protected: - Excluded IP Address : - Is On Radix-Tree : Yes Referred LSP Count: 0 Primary Tunnel : - Pri Tunn Sum : - Backup Tunnel : - Group Status : Up Oam Status : Up IPTN InLabel : - BackUp Type : None BestEffort : Disabled Secondary HopLimit : - BestEffort HopLimit : - Secondary Explicit Path Name: - Secondary Affinity Prop/Mask: 0x0/0x0 BestEffort Affinity Prop/Mask: 0x0/0x0 Primary LSP ID : 1.1.1.9:1 Setup Priority : 7 Hold Priority: 7 Affinity Prop/Mask : 0x0/0x0 Resv Style : SE CT0 Bandwidth(Kbit/sec) : 20000 CT1 Bandwidth(Kbit/sec) : 0 CT2 Bandwidth(Kbit/sec) : 0 CT3 Bandwidth(Kbit/sec) : 0 CT4 Bandwidth(Kbit/sec) : 0 CT5 Bandwidth(Kbit/sec) : 0 CT6 Bandwidth(Kbit/sec) : 0 CT7 Bandwidth(Kbit/sec) : 0 Actual Bandwidth(kbps): - Explicit Path Name : - Hop Limit : - Record Route : Disabled Record Label : Disabled Route Pinning : Disabled FRR Flag : Disabled IdleTime Remain : -

CE1 and CE2 can ping through each other.

<CE1> ping 10.1.1.2

PING 10.1.1.2: 56 data bytes, press CTRL_C to break

Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=125 ms

Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=125 ms

Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=94 ms

Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=125 ms

Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=125 ms

--- 10.1.1.2 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 94/118/125 ms

Configuration Files

Configuration file of CE1

#

sysname CE1

#

interface Pos1/0/0

link-protocol ppp

undo shutdown

ip address 10.1.1.1 255.255.255.0

#

return

Configuration file of PE1

#

sysname PE1

#

mpls lsr-id 1.1.1.9

mpls

mpls te

mpls rsvp-te

mpls te cspf

#

mpls l2vpn

mpls l2vpn default martini

#

mpls ldp

#

mpls ldp remote-peer 3.3.3.9

remote-ip 3.3.3.9

#

interface Pos1/0/0

link-protocol ppp

undo shutdown

ip address 100.1.1.1 255.255.255.0

mpls

mpls te

mpls te bandwidth max-reservable-bandwidth 100000

mpls te bandwidth bc0 50000

mpls rsvp-te

#

interface Pos2/0/0

link-protocol ppp

undo shutdown

mpls l2vc 3.3.3.9 100 tunnel-policy policy1

#

interface LoopBack1

ip address 1.1.1.9 255.255.255.255

#

interface Tunnel1/0/0

ip address unnumbered interface LoopBack1

tunnel-protocol mpls te

destination 3.3.3.9

mpls te tunnel-id 100

mpls te bandwidth ct0 20000

mpls te commit

#

ospf 1

opaque-capability enable

area 0.0.0.0

network 1.1.1.9 0.0.0.0

network 100.1.1.0 0.0.0.255

mpls-te enable

#

tunnel-policy policy1

tunnel select-seq cr-lsp load-balance-number 1

#

return

Configuration file of P

#

sysname P

#

mpls lsr-id 2.2.2.9

mpls

mpls te

mpls rsvp-te

#

interface Pos1/0/0

link-protocol ppp

undo shutdown

ip address 100.1.1.2 255.255.255.0

mpls

mpls te

mpls te bandwidth max-reservable-bandwidth 100000

mpls te bandwidth bc0 50000

mpls rsvp-te

#

interface Pos2/0/0

link-protocol ppp

undo shutdown

ip address 100.2.1.1 255.255.255.0

mpls

mpls te

mpls te bandwidth max-reservable-bandwidth 100000

mpls te bandwidth bc0 50000

mpls rsvp-te

#

interface LoopBack1

ip address 2.2.2.9 255.255.255.255

#

ospf 1

opaque-capability enable

area 0.0.0.0

network 2.2.2.9 0.0.0.0

network 100.1.1.0 0.0.0.255

network 100.2.1.0 0.0.0.255

mpls-te enable

#

return

Configuration file of PE2

#

sysname PE2

#

mpls lsr-id 3.3.3.9

mpls

mpls te

mpls rsvp-te

mpls te cspf

#

mpls l2vpn

mpls l2vpn default martini

#

mpls ldp

#

mpls ldp remote-peer 1.1.1.9

remote-ip 1.1.1.9

#

interface Pos1/0/0

link-protocol ppp

undo shutdown

ip address 100.2.1.2 255.255.255.0

mpls

mpls te

mpls te bandwidth max-reservable-bandwidth 100000

mpls te bandwidth bc0 50000

mpls rsvp-te

#

interface Pos2/0/0

link-protocol ppp

undo shutdown

mpls l2vc 1.1.1.9 100 tunnel-policy policy1

#

interface LoopBack1

ip address 3.3.3.9 255.255.255.255

#

interface Tunnel1/0/0

ip address unnumbered interface LoopBack1

tunnel-protocol mpls te

destination 1.1.1.9

mpls te tunnel-id 101

mpls te bandwidth ct0 20000

mpls te commit

#

ospf 1

opaque-capability enable

area 0.0.0.0

network 3.3.3.9 0.0.0.0

network 100.2.1.0 0.0.0.255

mpls-te enable

#

tunnel-policy policy1

tunnel select-seq cr-lsp load-balance-number 1

#

return

Configuration file of CE2

#

sysname CE2

#

interface Pos1/0/0

link-protocol ppp

undo shutdown

ip address 10.1.1.2 255.255.255.0

#

return

OSPF fast convergence is an extended feature of OSPF implemented to speed up the convergence of routes. It includes the following:

I-SPF

Incremental SPF (I-SPF) recalculates only the routes of the changed nodes rather than all the nodes when the network topology changes. This speeds up the calculation of routes.

PRC

Partial Route Calculation (PRC) calculates only the changed routes when the routes on the network change.

Intelligent timer

An Open Shortest Path First (OSPF) intelligent timer can dynamically adjust its value according to the user's configuration and the interval at which an event is triggered such as the route calculation interval, which ensures rapid and stable operation of a network.

The OSPF intelligent timer applies the exponential backoff technology so that the value of the timer can reach the millisecond level.

I-SPF (Incremental SPF)

In ISO 10589, the Dijkstra algorithm is adopted to calculate routes. When a node changes on the network, this algorithm is used to recalculate all routes. The calculation lasts a long time and consumes too many CPU resources, thus affecting the convergence speed.

I-SPF improves this algorithm. Except for the first time, only changed nodes instead of all nodes are involved in calculation. The SPT generated at last is the same as that generated by the previous algorithm. This decreases the CPU usage and speeds up the network convergence.

PRC (Partial Route Calculation)

Similar to I-SPF, PRC calculates only the changed routes. PRC, however, does not calculate the shortest path. It updates the routes based on the SPT calculated by I-SPF.

In route calculation, a leaf represents a route, and a node represents a router. The SPT change and leaf change cause the change of routing information, but the SPT change is irrelevant to the leaf change. PRC processes routing information based on SPT or leaf information.

If the SPT changes, PRC processes the routing information of all leaves on a changed node.

If the SPT does not change, PRC does not process the routing information on any node.

If the leaf changes, RPC processes the routing information on the leaf only.

If the leaf does not change, PRC does not process the routing information on any leaf.

For example, if OSPF is enabled on an interface of a node, the SPT calculated by I-SPF remains unchanged. In this case, PRC updates only the routes of this interface, thus consuming less CPU resources.

PRC working with I-SPF further improves the convergence performance of the network. It is an improvement of the original SPF algorithm.

  OSPF Intelligent Timer

On an unstable network, routes are frequently calculated, which consumes a great number of CPU resources. In addition, LSPs that describe the unstable topology are generated and transmitted on the unstable network. Frequently processing such LSAs affects the rapid and stable operation of the entire network.

The OSPF intelligent timer controls route calculation, LSA generation, and LSA receiving to speed up route convergence on the entire network.

The OSPF intelligent timer speeds up route convergence in the following modes:

On a network where routes are repeatedly calculated, the OSPF intelligent timer dynamically adjusts the route calculation according to the user's configuration and the exponential backoff technology. In this manner, the number of route calculation times and the CPU resource consumption are decreased. Routes are calculated after the network topology becomes table.

On an unstable network, if a router generates or receives LSAs due to frequent topology changes, the OSPF intelligent timer can dynamically adjust its value. No LSA is generated or handled within an interval, which prevents invalid LSAs from being generated and advertised on the entire network.

By default, the OSPF intelligent timer is started and uses the default value.

Configuring Hierarchy Of VPN - HoVPN

We already explain the HoVPN before so now we will know how to configure it .

Networking Requirements

As shown in Figure 1:

CE1 and CE2 belong to VPN-A and the VPN target is 1:1.

CE1 accesses the backbone network through the UPE and CE2 accesses the network through the PE.

The UPE, the SPE and the PE are interconnected through OSPF.

Figure 1 Networking diagram of HoVPN

Configuration Roadmap

The configuration roadmap is as follows:

Configure IGP in the backbone network and ensure the PEs can learn the loopback address from each other.

Configure MPLS LSP between PEs.

Create the VPN instance on the UPE and set up the EBGP peer relationship between the UPE and the CE1.

Create the VPN instance on the PE and set up the EBGP peer relationship between the PE and the CE2.

Set up the MP-IBGP peer relationship between the UPE and the SPE, the PE and the SPE.

Create the VPN instance on the SPE. Specify the UPE as the underlayer PE, that is, the user layer PE. Advertise the default route of the VPN instance to the UPE.

Data Preparation

MPLS LSR-ID of the UPE, SPE and PE

VPN instance name, RD and VPN target created on the UPE, SPE and PE

Procedure

Configure OSPF on the MPLS backbone network to implement internetworking.

After the configuration, OSPF neighbors are established among UPE, SPE and PE. Run the display ospf peer command to see the status of the OSPF neighbor relationship is "Full". Run the display ip routing-table command to see that PEs know loopback routes from each other.

The specific configuration procedures are not mentioned here.

Configure basic MPLS capability and MPLS LDP on MPLS backbone networks and establish LDP LSP.

After the configuration, LDP session can be established among UPE, SPE and PE. Run the display mpls ldp session command to see that the session state is "Operational". Run the display mpls ldp lsp command to see LDP LSP is established.

The specific configuration procedures are not mentioned here.

Configure PEs and CEs.

# Configure UPE.

<UPE> system-view

[UPE] ip vpn-instance vpna

[UPE-vpn-instance-vpna] ipv4-family

[UPE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1

[UPE-vpn-instance-vpna-af-ipv4] vpn-target 1:1

[UPE-vpn-instance-vpna-af-ipv4] quit

[UPE-vpn-instance-vpna] quit

[UPE] interface gigabitethernet 1/0/0

[UPE-GigabitEthernet1/0/0] ip binding vpn-instance vpna

[UPE-GigabitEthernet1/0/0] ip address 10.1.1.2 24

[UPE-GigabitEthernet1/0/0] quit

[UPE] bgp 100

[UPE-bgp] ipv4-family vpn-instance vpna

[UPE-bgp-vpna] peer 10.1.1.1 as-number 65410

[UPE-bgp-vpna] import-route direct

[UPE-bgp-vpna] quit

[UPE-bgp] quit

# Configure CE1.

<HUAWEI> system-view

[HUAWEI] sysname CE1

[CE1] interface gigabitethernet 1/0/0

[CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24

[CE1-GigabitEthernet1/0/0] quit

[CE1] bgp 65410

[CE1-bgp] peer 10.1.1.2 as-number 100

[CE1-bgp] import-route direct

[CE1-bgp] quit

# Configure PE.

<PE> system-view

[PE] ip vpn-instance vpna

[PE-vpn-instance-vpna] ipv4-family

[PE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:2

[PE-vpn-instance-vpna-af-ipv4] vpn-target 1:1

[PE-vpn-instance-vpna-af-ipv4] quit

[PE-vpn-instance-vpna] quit

[PE] interface gigabitethernet 1/0/0

[PE-GigabitEthernet1/0/0] ip binding vpn-instance vpna

[PE-GigabitEthernet1/0/0] ip address 10.2.1.2 24

[PE-GigabitEthernet1/0/0] quit

[PE] bgp 100

[PE-bgp] ipv4-family vpn-instance vpna

[PE-bgp-vpna] peer 10.2.1.1 as-number 65420

[PE-bgp-vpna] import-route direct

[PE-bgp-vpna] quit

[PE-bgp] quit

# Configure CE2.

<HUAWEI> system-view

[HUAWEI] sysname CE2

[CE2] interface gigabitethernet 1/0/0

[CE2-GigabitEthernet1/0/0] ip address 10.2.1.1 24

[CE2-GigabitEthernet1/0/0] quit

[CE2] bgp 65420

[CE2-bgp] peer 10.2.1.2 as-number 100

[CE2-bgp] import-route direct

[CE2-bgp] quit

After the configuration, run the display ip vpn-instance verbose command on the PE or UPE to see the configurations of VPN instances. By running the command ping -vpn-instance, the PE and UPE can ping the CEs attached to themselves successfully.

Configure MP-IBGP peer relationship between UPE and SPE, and between PE and SPE.

# Configure UPE.

<UPE> system-view

[UPE] bgp 100

[UPE-bgp] peer 2.2.2.9 as-number 100

[UPE-bgp] peer 2.2.2.9 connect-interface loopback 1

[UPE-bgp] ipv4-family vpnv4

[UPE-bgp-af-vpnv4] peer 2.2.2.9 enable

[UPE-bgp-af-vpnv4] quit

[UPE-bgp] quit

# Configure SPE.

<SPE> system-view

[SPE] bgp 100

[SPE-bgp] peer 1.1.1.9 as-number 100

[SPE-bgp] peer 1.1.1.9 connect-interface loopback 1

[SPE-bgp] peer 3.3.3.9 as-number 100

[SPE-bgp] peer 3.3.3.9 connect-interface loopback 1

[SPE-bgp] ipv4-family vpnv4

[SPE-bgp-af-vpnv4] peer 1.1.1.9 enable

[SPE-bgp-af-vpnv4] peer 3.3.3.9 enable

[SPE-bgp-af-vpnv4] quit

[SPE-bgp] quit

# Configure PE.

<PE> system-view

[PE] bgp 100

[PE-bgp] peer 2.2.2.9 as-number 100

[PE-bgp] peer 2.2.2.9 connect-interface loopback 1

[PE-bgp] ipv4-family vpnv4

[PE-bgp-af-vpnv4] peer 2.2.2.9 enable

[PE-bgp-af-vpnv4] quit

[PE-bgp] quit

Configure SPE.

# Configure VPN instances.

[SPE] ip vpn-instance vpna

[SPE-vpn-instance-vpna] ipv4-family

[SPE-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1

[SPE-vpn-instance-vpna-af-ipv4] vpn-target 1:1

[SPE-vpn-instance-vpna-af-ipv4] quit

[SPE-vpn-instance-vpna] quit

# Specify a UPE for the SPE.

[SPE] bgp 100

[SPE-bgp] ipv4-family vpnv4

[SPE-bgp-af-vpnv4] peer 1.1.1.9 upe

# Advertise the default route of VPN instances to UPE.

[SPE-bgp-af-vpnv4] peer 1.1.1.9 default-originate vpn-instance vpna

[SPE-bgp-af-vpnv4] quit

Verify the configuration.

After the configuration, CE1 does not have a route to the network segment of the interface on CE2, but has a default route with the next hop to UPE. The CE2 has the route to the network segment of the interface on CE1. Therefore, CE1 and CE2 can ping through each other using the ping ip-addresscommand.

<CE1> display ip routing-table

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 5 Routes : 5

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0

10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0

10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0

127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

[CE1] ping 10.2.1.1

PING 10.2.1.1: 56 data bytes, press CTRL_C to break

Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=85 ms

Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=70 ms

Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=57 ms

Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=66 ms

Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=55 ms

--- 10.2.1.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 55/66/85 ms

[CE2] display ip routing-table

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 5 Routes : 5

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 BGP 255 0 D 10.2.1.2 GigabitEthernet1/0/0

10.2.1.0/24 Direct 0 0 D 10.2.1.1 GigabitEthernet1/0/0

10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0

127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display bgp vpnv4 all routing-table command on UPE to see a default route of VPN instances vpna with the next hop to SPE.

[UPE] display bgp vpnv4 all routing-table

Local AS number : 100

BGP Local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Total number of routes from all PE: 3 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 0.0.0.0 0 0 ? * 10.1.1.1 0 0 65410? Route Distinguisher: 200:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 0.0.0.0 2.2.2.9 0 100 0 i VPN-Instance vpn1, router ID 1.1.1.9: Total Number of Routes: 5 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 0.0.0.0 2.2.2.9 0 100 0 i *> 10.1.1.0/24 0.0.0.0 0 0 ? * 10.1.1.1 0 0 65410?

Configuration Files

Configuration file of CE1

#

sysname CE1

#

interface GigabitEthernet1/0/0

undo shutdown

ip address 10.1.1.1 255.255.255.0

#

bgp 65410

peer 10.1.1.2 as-number 100

#

ipv4-family unicast

undo synchronization

import-route direct

peer 10.1.1.2 enable

#

return

Configuration file of UPE

#

sysname UPE

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:1

vpn-target 1:1 export-extcommunity

vpn-target 1:1 import-extcommunity

#

mpls lsr-id 1.1.1.9

mpls

#

mpls ldp

#

interface GigabitEthernet1/0/0

undo shutdown

ip binding vpn-instance vpna

ip address 10.1.1.2 255.255.255.0

#

interface Pos2/0/0

link-protocol ppp

undo shutdown

ip address 172.1.1.1 255.255.255.0

mpls

mpls ldp

#

interface LoopBack1

ip address 1.1.1.9 255.255.255.255

#

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface LoopBack1

#

ipv4-family unicast

undo synchronization

peer 2.2.2.9 enable

#

ipv4-family vpnv4

policy vpn-target

peer 2.2.2.9 enable

#

ipv4-family vpn-instance vpna

peer 10.1.1.1 as-number 65410

import-route direct

#

ospf 1

area 0.0.0.0

network 1.1.1.9 0.0.0.0

network 172.1.1.0 0.0.0.255

#

return

Configuration file of SPE

#

sysname SPE

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 200:1

vpn-target 1:1 export-extcommunity

vpn-target 1:1 import-extcommunity

#

mpls lsr-id 2.2.2.9

mpls

#

mpls ldp

#

interface Pos1/0/0

link-protocol ppp

undo shutdown

ip address 172.1.1.2 255.255.255.0

mpls

mpls ldp

#

interface Pos2/0/0

link-protocol ppp

undo shutdown

ip address 172.2.1.1 255.255.255.0

mpls

mpls ldp

#

interface LoopBack1

ip address 2.2.2.9 255.255.255.255

#

bgp 100

peer 1.1.1.9 as-number 100

peer 3.3.3.9 as-number 100

peer 1.1.1.9 connect-interface LoopBack1

peer 3.3.3.9 connect-interface LoopBack1

#

ipv4-family unicast

undo synchronization

peer 1.1.1.9 enable

peer 3.3.3.9 enable

#

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.9 enable

peer 1.1.1.9 upe

peer 1.1.1.9 default-originate vpn-instance vpna

peer 3.3.3.9 enable

#

ospf 1

area 0.0.0.0

network 2.2.2.9 0.0.0.0

network 172.1.1.0 0.0.0.255

network 172.2.1.0 0.0.0.255

#

return

Configuration file of PE

#

sysname PE

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:2

vpn-target 1:1 export-extcommunity

vpn-target 1:1 import-extcommunity

#

mpls lsr-id 3.3.3.9

mpls

#

mpls ldp

#

interface GigabitEthernet1/0/0

undo shutdown

ip binding vpn-instance vpna

ip address 10.2.1.2 255.255.255.0

#

interface Pos2/0/0

link-protocol ppp

undo shutdown

ip address 172.2.1.2 255.255.255.0

mpls

mpls ldp

#

interface LoopBack1

ip address 3.3.3.9 255.255.255.255

#

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface LoopBack1

#

ipv4-family unicast

undo synchronization

peer 2.2.2.9 enable

#

ipv4-family vpnv4

policy vpn-target

peer 2.2.2.9 enable

#

ipv4-family vpn-instance vpna

peer 10.2.1.1 as-number 65420

import-route direct

#

ospf 1

area 0.0.0.0

network 3.3.3.9 0.0.0.0

network 172.2.1.0 0.0.0.255

#

return

Configuration file of CE2

#

sysname CE2

#

interface GigabitEthernet1/0/0

undo shutdown

ip address 10.2.1.1 255.255.255.0

#

bgp 65420

peer 10.2.1.2 as-number 100

#

ipv4-family unicast

undo synchronization

import-route direct

peer 10.2.1.2 enable

#

return

Networking Requirements

The integrated L2VPN access to L3VPN solution allows Ethernet NodeBs to communicate with Radio Network Controllers (RNCs). It terminates the L2VPN and connects the L3VPN on a SR by creating a Virtual Ethernet group (VE-group). PW redundancy is configured to protect PWs on the L2VPN and VPN FRR is configured to protect links on the L3VPN, providing reliable connections for services. H-VPLS or PWE3 can be used to construct the L2VPN. This example uses PWE3. This scheme has the following characteristics.

L2VPN Type PWE3 PW Redundancy Mode Independent mode Type of the PW Between SR1 and SR2 Bypass PW Tunnel Type and Tunnel Protection TE tunnel with tunnel protection Implementation Characteristics Two-level protection (tunnel protection and PW protection) is provided, improving reliability. PW redundancy in independent mode allows a public network fault to trigger only the public network link switchover. MAC address learning is not required. IP-interworking is supported.

Figure 1 Networking diagram for configuring an integrated IP RAN (PWE3 + L3VPN) with Ethernet NodeBs

Device Interface Peer Device IP Address CSG GE1/0/1 SR1 172.0.1.1/24   GE1/0/2 SR2 172.0.4.1/24   GE1/0/3 NodeB - SR1 GE1/0/0 SR2 172.0.2.2/24   GE1/0/1 CSG 172.0.1.2/24   GE1/0/3 RSG1 172.0.3.1/24   GE1/0/4 RSG2 172.0.8.0/24 SR2 GE1/0/0 SR1 172.0.2.1/24   GE1/0/2 CSG 172.0.4.2/24   GE1/0/3 RSG2 172.0.6.1/24   GE1/0/4 RSG1 172.0.7.1/24 RSG1 GE1/0/0 RSG2 -   GE1/0/1 SR1 172.0.3.2/24   GE1/0/2 SR2 172.0.7.2/24   GE1/0/3 RNC - RSG2 GE1/0/0 RSG1 -   GE1/0/1 SR2 172.0.6.2/24   GE1/0/2 SR1 172.0.8.2/24/24   GE1/0/3 RNC -

Configuration Roadmap

The configuration roadmap is as follows:

Configure IP addresses and routes.

Configure MPLS and public network tunnels:

Configure a TE tunnel protection group on the CSG and SRs.

Configure LSPs between SRs and RSGs.

Configure PW redundancy in independent mode:

Configure MPLS LDP remote sessions between the CSG and SRs.

Configure service PWs.

Configure an mPW and associate the bypass PW with the mPW.

Configure BFD to monitor the mPW.

Configure VRRP to determine the primary PW.

Configure an L3VPN.

Configure VPN instances on SR1 and RSGs.

Configure a VE group on SRs and bind the VPN instance to the L3VE sub-interfaces.

Establish MP-IBGP peer relationships between SRs and RSGs.

Import direct VPN routes to SRs and RSGs.

Configure VPN FRR.

Configure BFD to detect faults on public network links.

Configure VRRP on RSGs to determine their roles in the VRRP backup group.

Data Preparation

To complete the configuration, you need the following data:

Interface number, interface IP address, and OSPF process ID

LSR ID

L2VC destination address, VC ID, and VC type

BFD session name, local discriminator, and remote discriminator

VE group number

VRRP backup group number and priority

Procedure

Assign an IP address to and configure a routing protocol on each interface.

Assign an IP address to each interface.

Configure a routing protocol on the CSG, SR1, SR2, RSG1, and RSG2 to make them routable. In this example, OSPF is used.

After the configuration is complete, run the display ip routing-table command on the CSG, SRs, and RSGs. You can view the routes learned from each other. Note that when configuring OSPF, you need to advertise 32-bit loopback interface addresses (LSR IDs) of the CSG, SRs, and RSGs.

The detailed configuration is not mentioned here.

Configure basic MPLS functions and public network tunnels.

 NOTE:

Configure explicit paths between the CSG and SR1 and between the CSG and SR2.

Configure LSPs between SRs and between SRs and RSGs.

Enable RSVP GR, LDP GR, and OSPF GR to enhance the switching performance.

Enable MPLS TE and RSVP-TE and configure CSPF and OSPF TE.

# Configure the CSG.

[CSG] mpls lsr-id 1.1.1.1

[CSG] mpls

[CSG-mpls] mpls te

[CSG-mpls] mpls rsvp-te

[CSG-mpls] mpls rsvp-te hello

[CSG-mpls] mpls rsvp-te hello full-gr

[CSG-mpls] mpls te cspf

[CSG-mpls] quit

[CSG] interface GigabitEthernet1/0/1

[CSG-GigabitEthernet1/0/1] mpls

[CSG-GigabitEthernet1/0/1] mpls te

[CSG-GigabitEthernet1/0/1] mpls rsvp-te

[CSG-GigabitEthernet1/0/1] mpls rsvp-te hello

[CSG-GigabitEthernet1/0/1] quit

[CSG] interface GigabitEthernet1/0/2

[CSG-GigabitEthernet1/0/2] mpls

[CSG-GigabitEthernet1/0/2] mpls te

[CSG-GigabitEthernet1/0/2] mpls rsvp-te

[CSG-GigabitEthernet1/0/2] mpls rsvp-te hello

[CSG-GigabitEthernet1/0/2] quit

[CSG] ospf 100

[CSG-ospf-100] opaque-capability enable

[CSG-ospf-100] graceful-restart

[CSG-ospf-100] area 0

[CSG-ospf-100-area-0.0.0.0] mpls-te enable

[CSG-ospf-100-area-0.0.0.0] quit

[CSG-ospf-100] quit

# Configure SR1.

[SR1] mpls lsr-id 2.2.2.2

[SR1] mpls

[SR1-mpls] mpls te

[SR1-mpls] mpls rsvp-te

[SR1-mpls] mpls rsvp-te hello

[SR1-mpls] mpls rsvp-te hello full-gr

[SR1-mpls] mpls te cspf

[SR1-mpls] quit

[SR1] mpls ldp

[SR1-mpls-ldp] graceful-restart

[SR1-mpls-ldp] quit

[SR1] interface gigabitEthernet1/0/1

[SR1-GigabitEthernet1/0/1] mpls

[SR1-GigabitEthernet1/0/1] mpls te

[SR1-GigabitEthernet1/0/1] mpls rsvp-te

[SR1-GigabitEthernet1/0/1] mpls rsvp-te hello

[SR1-GigabitEthernet1/0/1] quit

[SR1] interface gigabitEthernet1/0/3

[SR1-GigabitEthernet1/0/3] mpls

[SR1-GigabitEthernet1/0/3] mpls ldp

[SR1-GigabitEthernet1/0/3] quit

[SR1] interface GigabitEthernet1/0/0

[SR1-GigabitEthernet1/0/0] mpls

[SR1-GigabitEthernet1/0/0] mpls ldp

[SR1-GigabitEthernet1/0/0] quit

[SR1] interface GigabitEthernet1/0/4

[SR1-GigabitEthernet1/0/4] mpls

[SR1-GigabitEthernet1/0/4] mpls ldp

[SR1-GigabitEthernet1/0/4] quit

[SR1] ospf 100

[SR1-ospf-100] opaque-capability enable

[SR1-ospf-100] graceful-restart

[SR1-ospf-100] area 0

[SR1-ospf-100-area-0.0.0.0] mpls-te enable

[SR1-ospf-100-area-0.0.0.0] quit

[SR1-ospf-100] quit

# Configure SR2.

[SR2] mpls lsr-id 3.3.3.3

[SR2] mpls

[SR2-mpls] mpls te

[SR2-mpls] mpls rsvp-te

[SR2-mpls] mpls rsvp-te hello

[SR2-mpls] mpls rsvp-te hello full-gr

[SR2-mpls] mpls te cspf

[SR2-mpls] quit

[SR2-mpls-ldp] mpls ldp

[SR2] graceful-restart

[SR2-mpls-ldp] quit

[SR2] interface gigabitEthernet1/0/2

[SR2-GigabitEthernet1/0/2] mpls

[SR2-GigabitEthernet1/0/2] mpls te

[SR2-GigabitEthernet1/0/2] mpls rsvp-te

[SR2-GigabitEthernet1/0/2] mpls rsvp-te hello

[SR2-GigabitEthernet1/0/2] quit

[SR2] interface gigabitEthernet1/0/3

[SR2-GigabitEthernet1/0/3] mpls

[SR2-GigabitEthernet1/0/3] mpls ldp

[SR2-GigabitEthernet1/0/3] quit

[SR2] interface GigabitEthernet1/0/0

[SR2-GigabitEthernet1/0/0] mpls

[SR2-GigabitEthernet1/0/0] mpls ldp

[SR2-GigabitEthernet1/0/0] quit

[SR2] interface GigabitEthernet1/0/4

[SR2-GigabitEthernet1/0/4] mpls

[SR2-GigabitEthernet1/0/4] mpls ldp

[SR2-GigabitEthernet1/0/4] quit

[SR2] ospf 100

[SR2-ospf-100] opaque-capability enable

[SR2-ospf-100] graceful-restart

[SR2-ospf-100] area 0

[SR2-ospf-100-area-0.0.0.0] mpls-te enable

[SR2-ospf-100-area-0.0.0.0] quit

[SR2-ospf-100] quit

# Configure RSG1.

[RSG1] mpls lsr-id 4.4.4.4

[RSG1] mpls

[RSG1-mpls] quit

[RSG1] mpls ldp

[RSG1-mpls-ldp] graceful-restart

[RSG1-mpls-ldp] quit

[RSG1] interface GigabitEthernet1/0/1

[RSG1-GigabitEthernet1/0/1] mpls

[RSG1-GigabitEthernet1/0/1] mpls ldp

[RSG1-GigabitEthernet1/0/1] quit

[RSG1] interface GigabitEthernet1/0/2

[RSG1-GigabitEthernet1/0/2] mpls

[RSG1-GigabitEthernet1/0/2] mpls ldp

[RSG1-GigabitEthernet1/0/2] quit

[RSG1] ospf 100

[RSG1-ospf-100] opaque-capability enable

[RSG1-ospf-100] graceful-restart

[RSG1-ospf-100] quit

# Configure RSG2.

[RSG2] mpls lsr-id 5.5.5.5

[RSG2] mpls

[RSG2-mpls] quit

[RSG2] mpls ldp

[RSG2-mpls-ldp] graceful-restart

[RSG2-mpls-ldp] quit

[RSG2] interface GigabitEthernet1/0/1

[RSG2-GigabitEthernet1/0/1] mpls

[RSG2-GigabitEthernet1/0/1] mpls ldp

[RSG2-GigabitEthernet1/0/1] quit

[RSG2] interface GigabitEthernet1/0/2

[RSG2-GigabitEthernet1/0/2] mpls

[RSG2-GigabitEthernet1/0/2] mpls ldp

[RSG2-GigabitEthernet1/0/2] quit

[RSG2] ospf 100

[RSG2-ospf-100] opaque-capability enable

[RSG2-ospf-100] graceful-restart

[RSG2-ospf-100] quit

Configure explicit paths for the primary and backup MPLS TE tunnels.

# Configure the CSG.

[CSG] explicit-path to_sr1

[CSG-explicit-path-to_sr1] next hop 172.0.1.2

[CSG-explicit-path-to_sr1] next hop 2.2.2.2

[CSG-explicit-path-to_sr1] quit

[CSG] explicit-path to_sr2

[CSG-explicit-path-to_sr2] next hop 172.0.4.2

[CSG-explicit-path-to_sr2] next hop 3.3.3.3

[CSG-explicit-path-to_sr2] quit

# Configure SR1.

[SR1] explicit-path to_csg

[SR1-explicit-path-to_csg] next hop 172.0.1.1

[SR1-explicit-path-to_csg] next hop 1.1.1.1

[SR1-explicit-path-to_csg] quit

# Configure SR2.

[SR2] explicit-path to_csg

[SR2-explicit-path-to_csg] next hop 172.0.4.1

[SR2-explicit-path-to_csg] next hop 1.1.1.1

[SR2-explicit-path-to_csg] quit

Configure MPLS TE tunnel interfaces and hot backup.

# Configure the CSG.

[CSG] interface tunnel 1/0/1

[CSG-Tunnel1/0/1] ip address unnumbered interface loopback 0

[CSG-Tunnel1/0/1] tunnel-protocol mpls te

[CSG-Tunnel1/0/1] destination 2.2.2.2

[CSG-Tunnel1/0/1] mpls te tunnel-id 100

[CSG-Tunnel1/0/1] mpls te record-route

[CSG-Tunnel1/0/1] mpls te signal-protocol rsvp-te

[CSG-Tunnel1/0/1] mpls te path explicit-path to_sr1

[CSG-Tunnel1/0/1] mpls te backup hot-standby wtr 15

[CSG-Tunnel1/0/1] mpls te reserved-for-binding

[CSG-Tunnel1/0/1] mpls te commit

[CSG-Tunnel1/0/1] quit

[CSG] interface tunnel 1/0/2

[CSG-Tunnel1/0/2] ip address unnumbered interface loopback 0

[CSG-Tunnel1/0/2] tunnel-protocol mpls te

[CSG-Tunnel1/0/2] destination 3.3.3.3

[CSG-Tunnel1/0/2] mpls te tunnel-id 200

[CSG-Tunnel1/0/2] mpls te record-route

[CSG-Tunnel1/0/2] mpls te signal-protocol rsvp-te

[CSG-Tunnel1/0/2] mpls te path explicit-path to_sr2

[CSG-Tunnel1/0/2] mpls te backup hot-standby wtr 15

[CSG-Tunnel1/0/2] mpls te reserved-for-binding

[CSG-Tunnel1/0/2] mpls te commit

[CSG-Tunnel1/0/2] quit

# Configure SR1.

[SR1] interface tunnel 1/0/1

[SR1-Tunnel1/0/1] ip address unnumbered interface loopback 0

[SR1-Tunnel1/0/1] tunnel-protocol mpls te

[SR1-Tunnel1/0/1] destination 1.1.1.1

[SR1-Tunnel1/0/1] mpls te tunnel-id 100

[SR1-Tunnel1/0/1] mpls te record-route

[SR1-Tunnel1/0/1] mpls te signal-protocol rsvp-te

[SR1-Tunnel1/0/1] mpls te path explicit-path to_csg

[SR1-Tunnel1/0/1] mpls te backup hot-standby wtr 15

[SR1-Tunnel1/0/1] mpls te reserved-for-binding

[SR1-Tunnel1/0/1] mpls te commit

[SR1-Tunnel1/0/1] quit

# Configure SR2.

[SR2] interface tunnel 1/0/2

[SR2-Tunnel1/0/2] ip address unnumbered interface loopback 0

[SR2-Tunnel1/0/2] tunnel-protocol mpls te

[SR2-Tunnel1/0/2] destination 1.1.1.1

[SR2-Tunnel1/0/2] mpls te tunnel-id 200

[SR2-Tunnel1/0/1] mpls te record-route

[SR2-Tunnel1/0/2] mpls te signal-protocol rsvp-te

[SR2-Tunnel1/0/2] mpls te path explicit-path to_csg

[SR2-Tunnel1/0/1] mpls te backup hot-standby wtr 15

[SR2-Tunnel1/0/2] mpls te reserved-for-binding

[SR2-Tunnel1/0/2] mpls te commit

[SR2-Tunnel1/0/2] quit

Configure a tunnel policy.

# Configure the CSG.

[CSG] tunnel-policy policy1

[CSG-tunnel-policy-policy1] tunnel binding destination 2.2.2.2 te Tunnel1/0/1

[CSG-tunnel-policy-policy1] tunnel binding destination 3.3.3.3 te Tunnel1/0/2

[CSG-tunnel-policy-policy1] quit

# Configure SR1.

[SR1] tunnel-policy policy1

[SR1-tunnel-policy-policy1] tunnel binding destination 1.1.1.1 te Tunnel1/0/1

[SR1-tunnel-policy-policy1] quit

# Configure SR2.

[SR2] tunnel-policy policy1

[SR2-tunnel-policy-policy1] tunnel binding destination 1.1.1.1 te Tunnel1/0/2

[SR2-tunnel-policy-policy1] quit

Configure PW redundancy.

Configure MPLS LDP remote sessions between the CSG and SRs.

 NOTE:

In this configuration example, TE tunnels are configured between the CSG and SRs, and thus MPLS LDP is not required. PWE3, however, uses extended LDP signaling to distribute VPN labels. Therefore, MPLS LDP remote sessions have to be configured between the CSG and SRs. An LDP LSP is configured to directly connect SRs, and thus no LDP remote session needs to be configured between SRs.

# Configure the CSG.

[CSG] mpls ldp

[CSG-mpls-ldp] quit

[CSG] mpls ldp remote-peer 2.2.2.2

[CSG-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2

[CSG-mpls-ldp-remote-2.2.2.2] quit

[CSG] mpls ldp remote-peer 3.3.3.3

[CSG-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3

[CSG-mpls-ldp-remote-3.3.3.3] quit

# Configure SR1.

[SR1] mpls ldp

[SR1-mpls-ldp] quit

[SR1] mpls ldp remote-peer 1.1.1.1

[SR1-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1

[SR1-mpls-ldp-remote-1.1.1.1] quit

# Configure SR2.

[SR2] mpls ldp

[SR2-mpls-ldp] quit

[SR2] mpls ldp remote-peer 1.1.1.1

[SR2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1

[SR2-mpls-ldp-remote-1.1.1.1] quit

# Verify the configuration. Run the display mpls ldp session all command on the CSG and SRs to check whether the LDP session status is Operational. If the LDP session status is Operational, the LDP session is established. Use the CSG as an example.

[CSG] display mpls ldp session all

LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------------ PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------------ 2.2.2.2:0 Operational DU Passive 0000:00:47 190/190 3.3.3.3:0 Operational DU Passive 0000:00:47 190/190 ------------------------------------------------------------------------------ TOTAL: 2 session(s) Found.

Configure service PWs.

# Configure the CSG.

[CSG] mpls l2vpn

[CSG-l2vpn] quit

[CSG] interface GigabitEthernet1/0/3

[CSG-GigabitEthernet1/0/3] undo shutdown

[CSG-GigabitEthernet1/0/3] quit

[CSG] interface GigabitEthernet1/0/3.10

[CSG-GigabitEthernet1/0/3.10] vlan-type dot1q 10

[CSG-GigabitEthernet1/0/3.10] mpls l2vc 2.2.2.2 100 tunnel-policy policy1

[CSG-GigabitEthernet1/0/3.10] mpls l2vc 3.3.3.3 200 secondary tunnel-policy policy1

[CSG-GigabitEthernet1/0/3.10] mpls l2vpn redundancy independent

[CSG-GigabitEthernet1/0/3.10] mpls l2vpn stream-dual-receiving

[CSG-GigabitEthernet1/0/3.10] quit

# Configure SR1.

[SR1] mpls l2vpn

[SR1-l2vpn] quit

[SR1] interface virtual-ethernet 1/0/0

[SR1-Virtual-Ethernet1/0/0] ve-group 1 l2-terminate

[SR1-Virtual-Ethernet1/0/0] quit

[SR1] interface virtual-ethernet 1/0/0.1

[SR1-Virtual-Ethernet1/0/0.1] vlan-type dot1q 10

[SR1-Virtual-Ethernet1/0/0.1] mpls l2vc 1.1.1.1 100 tunnel-policy policy1

[SR1-Virtual-Ethernet1/0/0.1] mpls l2vc 3.3.3.3 300 bypass

[SR1-Virtual-Ethernet1/0/0.1] quit

# Configure SR2.

[SR2] mpls l2vpn

[SR2-l2vpn] quit

[SR2] interface virtual-ethernet 1/0/0

[SR2-Virtual-Ethernet1/0/0] ve-group 1 l2-terminate

[SR1-Virtual-Ethernet1/0/0] quit

[SR2] interface virtual-ethernet 1/0/0.1

[SR2-Virtual-Ethernet1/0/0.1] mpls l2vc 1.1.1.1 200 tunnel-policy policy1

[SR2-Virtual-Ethernet1/0/0.1] mpls l2vc 2.2.2.2 300 bypass

[SR2-Virtual-Ethernet1/0/0.1] quit

Configure an mPW and a bypass PW, and then associate the bypass PW with the mPW.

# Configure SR1.

[SR1] interface loopback 1

[SR1-LoopBack1] mpls l2vc 3.3.3.3 400 control-word admin

[SR1-LoopBack1] quit

[SR1] interface virtual-ethernet 1/0/0.1

[SR1-Virtual-Ethernet1/0/0.1] mpls l2vc bypass track admin-vc interface LoopBack1

[SR1-Virtual-Ethernet1/0/0.1] quit

# Configure SR2.

[SR2] interface loopback 1

[SR2-LoopBack1] mpls l2vc 2.2.2.2 400 control-word admin

[SR2-LoopBack1] quit

[SR2] interface virtual-ethernet 1/0/0.1

[SR2-Virtual-Ethernet1/0/0.1] mpls l2vc bypass track admin-vc interface LoopBack1

[SR2-Virtual-Ethernet1/0/0.1] quit

# Verify the configuration. Run the display mpls l2vc brief command on the CSG and SRs. You can view that service PWs and the mPW are in the Up state. Use SR1 as an example.

[SR1] display mpls l2vc brief

Total ldp vc : 3 3 up 0 down *Client Interface : Virtual-Ethernet1/0/0.1 Administrator PW : no AC status : up VC State : up Label state : 0 Token state : 0 VC ID : 100 VC Type : VLAN session state : up Destination : 1.1.1.1 link state : up *Client Interface : Virtual-Ethernet1/0/0.1 Administrator PW : no AC status : up VC State : up Label state : 0 Token state : 0 VC ID : 300 VC Type : VLAN session state : up Destination : 3.3.3.3 link state : up *Client Interface : LoopBack1 Administrator PW : yes AC status : up VC State : up Label state : 0 Token state : 0 VC ID : 400 VC Type : IP-interworking session state : up Destination : 3.3.3.3 link state : up

Configure BFD to monitor the mPW.

# Configure SR1.

[SR1] bfd

[SR1-bfd] quit

[SR1] bfd bypass bind pw interface loopback 1

[SR1-bfd-lsp-session-SR1] discriminator local 2

[SR1-bfd-lsp-session-SR1] discriminator remote 2

[SR1-bfd-lsp-session-SR1] commit

[SR1-bfd-lsp-session-SR1] quit

# Configure SR2.

[SR2] bfd

[SR2-bfd] quit

[SR2] bfd bypass bind pw interface loopback 1

[SR2-bfd-lsp-session-SR2] discriminator local 2

[SR2-bfd-lsp-session-SR2] discriminator remote 2

[SR2-bfd-lsp-session-SR2] commit

[SR2-bfd-lsp-session-SR2] quit

# Verify the configuration. Run the display bfd session all command on SRs. You can view that BFD sessions are in the Up state. Use SR1 as an example.

[SR1] display bfd session all

-------------------------------------------------------------------------------- Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------- 2 2 --.--.--.-- Up S_PW(M) LoopBack1 -------------------------------------------------------------------------------- Total UP/DOWN Session Number : 1/0

Configure VRRP to determine the primary PW.

 NOTE:

If PW redundancy in independent mode is used, VRRP has to be configured on SRs to determine which SR is the master in the VRRP backup group. After PWs are associated with mVRRP, the primary PW is determined.

# Configure SR1.

[SR1] interface gigabitethernet 1/0/0

[SR1-GigabitEthernet1/0/0] vrrp vrid 20 virtual-ip 172.0.2.3

[SR1-GigabitEthernet1/0/0] admin-vrrp vrid 20 ignore-if-down

[SR1-GigabitEthernet1/0/0] vrrp vrid 20 priority 150

[SR1-GigabitEthernet1/0/0] quit

[SR1] interface virtual-ethernet 1/0/0.1

[SR1-Virtual-Ethernet1/0/0.1] mpls l2vc track admin-vrrp interface gigabitethernet 1/0/0 vrid 20 pw-redundancy

[SR1-Virtual-Ethernet1/0/0.1] quit

# Configure SR2.

[SR2] interface gigabitethernet 1/0/0

[SR2-GigabitEthernet1/0/0] vrrp vrid 20 virtual-ip 172.0.2.3

[SR2-GigabitEthernet1/0/0] admin-vrrp vrid 20 ignore-if-down

[SR2-GigabitEthernet1/0/0] quit

[SR2] interface virtual-ethernet 1/0/0.1

[SR2-Virtual-Ethernet1/0/0.1] mpls l2vc track admin-vrrp interface gigabitethernet 1/0/0 vrid 20 pw-redundancy

[SR2-Virtual-Ethernet1/0/0.1] quit

# Verify the configuration. Run the display vrrp command on SRs. You can view the role of each SR in the VRRP backup group. Use SR1 as an example. The default VRRP priority value is 100, and thus SR1 whose VRRP priority value is set to 150 functions as the master in the VRRP backup group.

[SR1] display vrrp

GigabitEthernet1/0/0 | Virtual Router 1 State : Master Virtual IP : 172.0.2.3 Master IP : 172.0.2.2 PriorityRun : 150 PriorityConfig : 150 MasterPriority : 150 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Create time : 2010-09-05 15:25:47 Last change time : 2010-09-05 15:25:51

[RSG1] display vrrp

Vlanif10 | Virtual Router 1 State : Master Virtual IP : 120.0.1.3 Master IP : 120.0.1.1 PriorityRun : 150 PriorityConfig : 150 MasterPriority : 150 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2010-09-14 19:39:27 Last change time : 2010-09-14 19:39:30

Configure an L3VPN.

Configure a VPN instance on SR1 and RSG1, and then bind the VPN instance to interfaces.

# The configuration on SR1 is as follows, the same as the configuration on SR2.

[SR1] ip vpn-instance vpna

[SR1-vpn-instance-vpna] ipv4-family

[SR1-vpn-instance-vpna-af-ipv4] route-distinguisher 1:1

[SR1-vpn-instance-vpna-af-ipv4] vpn-target 1:1

[SR1-vpn-instance-vpna-af-ipv4] quit

[SR1] interface virtual-ethernet 1/0/1

[SR1-Virtual-Ethernet1/0/1] ve-group 1 l3-access

[SR1-Virtual-Ethernet1/0/1] quit

[SR1] interface virtual-ethernet 1/0/1.1

[SR1-Virtual-Ethernet1/0/1.1] vlan-type dot1q 10

[SR1-Virtual-Ethernet1/0/1.1] ip binding vpn-instance vpna

[SR1-Virtual-Ethernet1/0/1.1] ip address 120.0.0.2 24

[SR1-Virtual-Ethernet1/0/1.1] quit

# The configuration on RSG1 is as follows, the same as the configuration on RSG2.

[RSG1] ip vpn-instance vpna

[RSG1-vpn-instance-vpna] ipv4-family

[RSG1-vpn-instance-vpna-af-ipv4] route-distinguisher 1:1

[RSG1-vpn-instance-vpna-af-ipv4] vpn-target 1:1

[RSG1-vpn-instance-vpna-af-ipv4] quit

[RSG1] interface GigabitEthernet1/0/3

[RSG1-GigabitEthernet1/0/3] portswitch

[RSG1-GigabitEthernet1/0/3] port link-type trunk

[RSG1-GigabitEthernet1/0/3] port trunk allow-pass vlan 10

[RSG1-GigabitEthernet1/0/3] quit

[RSG1] interface GigabitEthernet1/0/0

[RSG1-GigabitEthernet1/0/0] portswitch

[RSG1-GigabitEthernet1/0/0] port link-type trunk

[RSG1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10

[RSG1-GigabitEthernet1/0/0] quit

[RSG1] vlan 10

[RSG1-vlan10] quit

[RSG1] interface Vlanif 10

[RSG1-Vlanif10] ip binding vpn-instance vpna

[RSG1-Vlanif10] ip address 120.0.1.1 24

[RSG1-Vlanif10] quit

Establish MP-IBGP peer relationships between SRs and RSGs.

# The configuration on SR2 is as follows, the same as the configuration on SR1.

[SR2] bgp 100

[SR2-bgp] graceful-restart

[SR2-bgp] peer 2.2.2.2 as-number 100

[SR2-bgp] peer 2.2.2.2 connect-interface LoopBack0

[SR2-bgp] peer 4.4.4.4 as-number 100

[SR2-bgp] peer 4.4.4.4 connect-interface LoopBack0

[SR2-bgp] peer 5.5.5.5 as-number 100

[SR2-bgp] peer 5.5.5.5 connect-interface LoopBack0

[SR2-bgp] ipv4-family vpnv4

[SR2-bgp-af-vpnv4] peer 2.2.2.2 enable

[SR2-bgp-af-vpnv4] peer 4.4.4.4 enable

[SR2-bgp-af-vpnv4] peer 5.5.5.5 enable

[SR2-bgp-af-vpnv4] quit

# The configuration on RSG1 is as follows, the same as the configuration on RSG2.

[RSG1] bgp 100

[RSG1-bgp] graceful-restart

[RSG1-bgp] peer 2.2.2.2 as-number 100

[RSG1-bgp] peer 2.2.2.2 connect-interface LoopBack0

[RSG1-bgp] peer 3.3.3.3 as-number 100

[RSG1-bgp] peer 3.3.3.3 connect-interface LoopBack0

[RSG1-bgp] peer 5.5.5.5 as-number 100

[RSG1-bgp] peer 5.5.5.5 connect-interface LoopBack0

[RSG1-bgp] ipv4-family vpnv4

[RSG1-bgp-af-vpnv4] peer 2.2.2.2 enable

[RSG1-bgp-af-vpnv4] peer 3.3.3.3 enable

[RSG1-bgp-af-vpnv4] peer 5.5.5.5 enable

[RSG1-bgp-af-vpnv4] quit

Import direct VPN routes to SRs and RSGs.

# The configuration on SR2 is as follows, the same as the configuration on SR1.

[SR2-bgp] ipv4-family vpn-instance vpna

[SR2-bgp-vpna] import-route direct

[SR2-bgp-vpna] quit

[SR2-bgp] quit

# The configuration on RSG1 is as follows, the same as the configuration on RSG2.

[RSG1-bgp] ipv4-family vpn-instance vpna

[RSG1-bgp-vpna] import-route direct

[RSG1-bgp-vpna] quit

[RSG1-bgp] quit

Configure VPN FRR.

# The configuration of RSG1 is as follows, the same as the configuration on SRs and RSG2.

[RSG1] ip vpn-instance vpna

[RSG1-vpn-instance-vpna-af-ipv4] vpn frr route-policy vpna

[RSG1-vpn-instance-vpna-af-ipv4] quit

[RSG1-vpn-instance-vpna] route-policy vpna permit node 5

[RSG1-route-policy] apply backup-nexthop auto

[RSG1-route-policy] quit

Configure VRRP on SR1 and SR2 to determine a gateway for Ethernet NodeBs.

# Configure SR1.

[SR1] interface virtual-ethernet 1/0/1.1

[SR1-Virtual-Ethernet1/0/1.1] vrrp vrid 10 virtual-ip 120.0.0.3

[SR1-Virtual-Ethernet1/0/1.1] vrrp vrid 10 track admin-vrrp interface gigabitethernet1/0/0 vrid 20

[SR1-Virtual-Ethernet1/0/1.1] quit

# Configure SR2.

[SR2] interface virtual-ethernet 1/0/1.1

[SR1-Virtual-Ethernet1/0/1.1] vrrp vrid 10 virtual-ip 120.0.0.3

[SR2-Virtual-Ethernet1/0/1.1] vrrp vrid 10 track admin-vrrp interface gigabitethernet1/0/0 vrid 20

[SR2-Virtual-Ethernet1/0/1.1] quit

Configure VRRP on RSGs to determine their roles in the VRRP backup group.

# Configure RSG1.

[RSG1] interface Vlanif 10

[RSG1-Vlanif10] vrrp vrid 1 virtual-ip 120.0.1.3

[RSG1-Vlanif10] vrrp vrid 1 priority 150

[RSG1-Vlanif10] quit

# Configure RSG2.

[RSG2] interface Vlanif 10

[RSG2-Vlanif10] vrrp vrid 1 virtual-ip 120.0.1.3

[RSG2-Vlanif10] quit

 NOTE:

Configure the RNC as follows:

Configure an Eth-Trunk link to determine the active and standby links.

Configure a VLANIF interface and assign an IP address to the VLANIF interface. Ensure that the IP address is in the same network segment with the virtual IP addresses configured on RSGs.

On an Ethernet NodeB, you need to create a sub-interface on an Ethernet interface, encapsulate 802.1Q on the sub-interface, and associate a VLAN ID with the sub-interface.

Configuration Files

Configuration file of the CSG

# sysname CSG # mpls lsr-id 1.1.1.1 mpls mpls te mpls rsvp-te mpls rsvp-te hello mpls rsvp-te hello full-gr mpls te cspf # mpls l2vpn # # explicit-path to_sr1 next hop 172.0.1.2 next hop 2.2.2.2 # explicit-path to_sr2 next hop 172.0.4.2 next hop 3.3.3.3 # mpls ldp graceful-restart # # mpls ldp remote-peer 2.2.2.2 remote-ip 2.2.2.2 # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # interface GigabitEthernet1/0/1 undo shutdown ip address 172.0.1.1 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface GigabitEthernet1/0/2 undo shutdown ip address 172.0.4.1 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # interface GigabitEthernet1/0/3 undo shutdown # interface GigabitEthernet1/0/3.10 vlan-type dot1q 10 mpls l2vc 2.2.2.2 100 tunnel-policy policy1 mpls l2vc 3.3.3.3 200 tunnel-policy policy1 secondary mpls l2vpn redundancy independent mpls l2vpn stream-dual-receiving # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface Tunnel1/0/1 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 100 mpls te record-route mpls te signal-protocol rsvp-te mpls te path explicit-path to_sr1 mpls te backup hot-standby wtr 15 mpls te reserved-for-binding mpls te commit # interface Tunnel1/0/2 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 200 mpls te record-route mpls te signal-protocol rsvp-te mpls te path explicit-path to_sr2 mpls te backup hot-standby wtr 15 mpls te reserved-for-binding mpls te commit # ospf 100 opaque-capability enable graceful-restart area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 172.0.1.0 0.0.0.255 network 172.0.4.0 0.0.0.255 mpls-te enable # tunnel-policy policy1 tunnel binding destination 2.2.2.2 te Tunnel1/0/1 tunnel binding destination 3.3.3.3 te Tunnel1/0/2 # bfd master bind pw interface GigabitEthernet1/0/3.10 remote-peer 2.2.2.2 pw-ttl auto-calculate discriminator local 2 discriminator remote 2 commit # return

Configuration file of SR1

# sysname SR1 # ip vpn-instance vpna ipv4-family route-distinguisher 1:1 vpn frr route-policy vpna vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # bfd # mpls lsr-id 2.2.2.2 mpls mpls te mpls rsvp-te mpls rsvp-te hello mpls rsvp-te hello full-gr mpls te cspf # mpls l2vpn # explicit-path to_csg next hop 172.0.1.1 next hop 1.1.1.1 # mpls ldp graceful-restart # # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface GigabitEthernet1/0/0 undo shutdown ip address 172.0.2.2 255.255.255.0 vrrp vrid 20 virtual-ip 172.0.2.3 admin-vrrp vrid 20 ignore-if-down vrrp vrid 20 priority 150 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 172.0.1.2 255.255.255.0 mpls mpls te mpls rsvp-te mpls rsvp-te hello # # interface GigabitEthernet1/0/3 undo shutdown ip address 172.0.3.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/4 undo shutdown ip address 172.0.8.1 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet1/0/0 ve-group 1 l2-terminate # interface Virtual-Ethernet1/0/0.1 mpls l2vc 1.1.1.1 100 tunnel-policy policy1 mpls l2vc track admin-vrrp interface GigabitEthernet1/0/0 vrid 20 pw-redundancy mpls l2vc 3.3.3.3 300 bypass mpls l2vc bypass track admin-vc interface LoopBack1 # interface Virtual-Ethernet1/0/1 ve-group 1 l3-access # interface Virtual-Ethernet1/0/1.1 vlan-type dot1q 10 ip binding vpn-instance vpna ip address 120.0.0.2 255.255.255.0 vrrp vrid 10 virtual-ip 120.0.0.3 vrrp vrid 10 track admin-vrrp interface GigabitEthernet1/0/0 vrid 20 # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface LoopBack1 mpls l2vc 3.3.3.3 400 control-word admin # interface Tunnel1/0/1 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 100 mpls te record-route mpls te signal-protocol rsvp-te mpls te path explicit-path to_csg mpls te backup hot-standby wtr 15 mpls te reserved-for-binding mpls te commit # bgp 100 graceful-restart peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack0 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable peer 4.4.4.4 enable peer 5.5.5.5 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable peer 5.5.5.5 enable # ipv4-family vpn-instance vpna import-route direct # ospf 100 opaque-capability enable graceful-restart area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 172.0.1.0 0.0.0.255 network 172.0.3.0 0.0.0.255 network 172.0.2.0 0.0.0.255 network 172.0.8.0 0.0.0.255 mpls-te enable # route-policy vpna permit node 5 apply backup-nexthop auto # tunnel-policy policy1 tunnel binding destination 1.1.1.1 te Tunnel1/0/1 # bfd bypass bind pw interface LoopBack1 discriminator local 2 discriminator remote 2 commit # return

Configuration file of SR2

# sysname SR2 # ip vpn-instance vpna ipv4-family route-distinguisher 1:1 vpn frr route-policy vpna vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # bfd # mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te mpls rsvp-te hello mpls rsvp-te hello full-gr mpls te cspf # mpls l2vpn # explicit-path to_csg next hop 172.0.4.1 next hop 1.1.1.1 # mpls ldp graceful-restart # # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface GigabitEthernet1/0/0 undo shutdown ip address 172.0.2.1 255.255.255.0 vrrp vrid 20 virtual-ip 172.0.2.3 admin-vrrp vrid 20 ignore-if-down mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/2 undo shutdown ip address 172.0.4.2 255.255.255.0 mpls mpls te mpls rsvp-te # interface GigabitEthernet1/0/3 undo shutdown ip address 172.0.6.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/4 undo shutdown ip address 172.0.7.1 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet1/0/0 ve-group 1 l2-terminate # interface Virtual-Ethernet1/0/0.1 mpls l2vc 1.1.1.1 200 tunnel-policy policy1 mpls l2vc track admin-vrrp interface GigabitEthernet1/0/0 vrid 20 pw-redundancy mpls l2vc 2.2.2.2 300 bypass mpls l2vc bypass track admin-vc interface LoopBack1 # interface Virtual-Ethernet1/0/1 ve-group 1 l3-access # interface Virtual-Ethernet1/0/1.1 vlan-type dot1q 10 ip binding vpn-instance vpna ip address 120.0.0.4 255.255.255.0 vrrp vrid 10 virtual-ip 120.0.0.3 vrrp vrid 10 track admin-vrrp interface GigabitEthernet1/0/0 vrid 20 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # interface LoopBack1 mpls l2vc 2.2.2.2 400 control-word admin # interface Tunnel1/0/2 ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 200 mpls te record-route mpls te signal-protocol rsvp-te mpls te path explicit-path to_csg mpls te backup hot-standby wtr 15 mpls te reserved-for-binding mpls te commit # bgp 100 graceful-restart peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack0 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 4.4.4.4 enable peer 5.5.5.5 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 4.4.4.4 enable peer 5.5.5.5 enable # ipv4-family vpn-instance vpna import-route direct # ospf 100 opaque-capability enable graceful-restart area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 172.0.2.0 0.0.0.255 network 172.0.7.0 0.0.0.255 network 172.0.4.0 0.0.0.255 network 172.0.6.0 0.0.0.255 mpls-te enable # tunnel-policy policy1 tunnel binding destination 1.1.1.1 te Tunnel1/0/2 # route-policy vpna permit node 5 apply backup-nexthop auto # tunnel-policy policy1 tunnel binding destination 1.1.1.1 te Tunnel1/0/2 # bfd bypass bind pw interface LoopBack1 discriminator local 2 discriminator remote 2 commit # return

Configuration file of RSG1

# sysname RSG1 # vlan batch 10 # ip vpn-instance vpna ipv4-family route-distinguisher 1:1 vpn frr route-policy vpna vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.4 # mpls l2vpn # mpls ldp graceful-restart # interface Vlanif10 ip binding vpn-instance vpna ip address 120.0.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 120.0.1.3 vrrp vrid 1 priority 150 # interface GigabitEthernet1/0/0 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 undo shutdown ip address 172.0.3.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown ip address 172.0.7.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/3 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 10 # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # bgp 100 graceful-restart peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 3.3.3.3 enable peer 5.5.5.5 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 3.3.3.3 enable peer 5.5.5.5 enable # ipv4-family vpn-instance vpna import-route direct # ospf 100 opaque-capability enable graceful-restart area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 172.0.3.0 0.0.0.255 network 172.0.7.0 0.0.0.255 mpls-te enable # route-policy vpna permit node 5 apply backup-nexthop auto # return

Configuration file of RSG2

# sysname RSG2 # vlan batch 10 # ip vpn-instance vpna ipv4-family route-distinguisher 11 vpn frr route-policy vpna vpn-target 11 export-extcommunity vpn-target 11 import-extcommunity # mpls lsr-id 5.5.5.5 # mpls l2vpn # mpls ldp graceful-restart # interface Vlanif10 ip binding vpn-instance vpna ip address 120.0.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 120.0.1.3 # interface GigabitEthernet1/0/0 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 undo shutdown ip address 172.0.6.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown ip address 172.0.8.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/3 portswitch undo shutdown port link-type trunk port trunk allow-pass vlan 10 # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 # bgp 100 graceful-restart peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 3.3.3.3 enable peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 3.3.3.3 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct # ospf 100 opaque-capability enable graceful-restart area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 172.0.8.0 0.0.0.255 network 172.0.6.0 0.0.0.255 mpls-te enable # route-policy vpna permit node 5 apply backup-nexthop auto # return