B-20-Odc011002 Mpls l3 VPN Configuration Issue1

1

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

www.huawei.com

Internal

ODC011002 MPLS L3 VPN Configuration

ISSUE 1.3

HUAWEI TECHNOLOGIES CO., LTD. Page 2All rights reserved

This slides will introduce MPLS L3 VPN

configuration commands, typical cases,

debugging and troubleshooting.

2


Upon completion of this course, you will be

able to:

�Know configuration of MPLS L3 VPN

�Know how to debug MPLS L3 VPN

�Know how to troubleshoot MPLS L3 VPN


Chapter 1 MPLS L3 VPN ConfigurationChapter 1 MPLS L3 VPN Configuration

Chapter 2 MPLS L3 VPN Configuration ExampleChapter 2 MPLS L3 VPN Configuration Example

Chapter 3 MPLS L3 VPN DebuggingChapter 3 MPLS L3 VPN Debugging

Chapter 4 MPLS L3 VPN TroubleshootingChapter 4 MPLS L3 VPN Troubleshooting

3


MPLS L3 VPN Configuration Steps

Basic Configuration

IP address, IGP,

make sure that PE-PE

IP reachable

MPLS Function

LDP Function

Enable MPLS with system and interface

Enable LDP with

system and interface

Define VPN

PE-PE MP-BGP Function

PE-CE Routing Protocol

VPN name and RD，RT, bind to interface

BGP Peer, Active

remote PE and route

import

Static, EBGP, OSPF,

or RIP


MPLS VPN (L3) Configuration Steps

� To configure BGP/MPLS VPN, you need to:

�Configure basic information on PE, CE and P.

�Establish the logical or physical link with IP capabilities from

PE to PE.

�Advertise and update VPN information.

� BGP/MPLS VPN configuration includes:

�Define VPN Instance

�Configure PE-CE Routing Protocol

�Configure PE-PE Routing Protocol

4


Define VPN Instance

� Establish and enter VPN instance view [system-view]

� ip vpn-instance vpn_name

� Establish RD [vrf-view] for vpn-instance

� route-distinguisher route-distinguisher

� Establish vpn-target community for vpn-instance [vrf-view]

�vpn-target vpn-target-ext-community [ import-extcommunity |

export-extcommunity | both ]

� Associate the interface with vpn-instance [interface-view]

� ip binding vpn-instance vpn-instance-name


Configure PE-PE Routing Protocol

� Establish public network BGP neighbor (refer BGP configuration)

� Using Loopback address to create TCP connection between

PEs [BGP-view]

�peer peer-address connect-interface loopback interface-

number

� Enter MBGP VPNv4 address-family view [BGP-view]

� ipv4-family vpnv4 [ unicast ]

� Activate MBGP peer entity [vpnv4 family view]

�peer { group-name | peer-address } enable

5


Configure PE-CE Routing Protocol

� Configure link between PE and CE via static routing

� ip route-static vpn-instance vpn-instance-name prefix mask[ next-hop-address ] [ interface { interface-number } ] [ public | preference preference | blackhole | reject ]

� Configure route information exchange between PE and CE via EBGP

�Enter BGP VPN address family view

− ipv4-family vpn-instance vpn-instance-name

�Configure the AS number of the specific neighbour

− peer peer-address as-number as-number

� Import direct routing

− import-route direct

�Allow route loopback

− peer ip-address allow-as-loop asn-limit


Configure PE-CE Routing Protocol

� Configure route information exchange between PE and CE via RIP

�Create PE-CE RIP instance and enter RIP view

− rip [ process-id ] vpn-instance vpn-instance-name

� Configure route information exchange between PE and CE via

OSPF

�Create PE-CE OSPF instance and enter OSPF view

− ospf [ process-id ] [ router-id router-id ] [ vpn-instance vpn-

instance-name ]

�By default, one router can run 1024 OSPF processes at most;

one VPN can start 10 OSPF processes at most.

6







MPLS/VPN Configuration (1)

�PE1 Configuration

�Configure MPLS basic function.

− [PE1] mpls lsr-id 172.1.1.1

− [PE1] mpls

− [PE1] mpls ldp

− [PE1] interface Pos 1/0/0

− [PE1-Pos/0/0] mpls

− [PE1-Pos/0/0] mpls ldp

�Configure vpn-instance.

− [PE1] ip vpn-instance vpna

− [PE1-vpn-instance] route-distinguisher 100:1

− [PE1-vpn-instance] vpn-target 100:1 both

− [PE1-vpn-instance] vpn-target 100:2 import-extcommunity

− [PE1-vpn-instance] vpn-target 100:3 export-extcommunity

PE

Ethernet 1/0/0:

168.1.1.1/16

PE-2

CE-1

Ethernet 2/0/0:

168.1.1.2/16 -1

CE-2

PPos1/0/0:

172.1.1.1/16 Pos1/0/0

AS100

AS 1 AS 2

Loopback0:

202.100.0.1/32

Loopback 0:

200.10.0.1/16

7



� Interface Configuration

− [PE1] interface loopback0

− [PE1-LoopBack 0] ip address 202.100.0.1 255.255.255.255

− [PE1] interface ethernet 1/0/0

− [PE1-Ethernet1/0/0] ip binding vpn-instance vpna

− [PE1-Ethernet1/0/0] ip address 168.1.1.2 255.255.0.0

− [PE1] interface pos1/0/0

− [PE1-Pos1/0/0] ip address 172.1.1.1 255.255.0.0

�Configure PE-CE BGP.

− [PE1] bgp 100

− [PE1-bgp] import-route direct

− [PE1-bgp] ipv4-family vpn-instance vpna

− [PE1-bgp-af-vpn-instance] peer 168.1.1.1 as-number 1



� Configure PE-PE BGP

− [PE1] bgp 100

− [PE1-bgp] peer 200.10.0.1 as-number 100

− [PE1-bgp] peer 200.10.0.1 connect-interface loopback0

− [PE1-bgp] ipv4-family vpnv4

− [PE1-bgp-af-vpn] peer 200.10.0.1 enable

� Configure OSPF

− [PE1] ospf

− [PE1-ospf] area 0

− [PE1-ospf-area-0.0.0.0] network 172.1.0.0 0.0.255.255

− [PE1-ospf-area-0.0.0.0] network 202.10.0.1 0.0.0.0

− [PE1-ospf] import-route direct

8







[NE80]display bgp vpnv4 all peer

Peer AS-number Ver Queued-Tx Msg-Rx Msg-Tx Up/Down State

40.0.0.8 100 4 0 1 0 100h48m Established

Display VPN address information from BGP table

� display bgp [ vpnv4 { all | route-distinguisher rd-value | vpn-

instance vpn-instance-name } ] peer

Check the

state

9


Display the IP routing table of vpn-instance

� display ip routing-table vpn-instance vpn-instance-name

[ verbose ]

[NE80] display ip routing-table vpn-instance vpn-instance1

Routing Table: vpn-instance1 RD: 1233:11Destination/Mask Proto Pre Metric Nexthop Interface

192.1.1.0/24 Direct 0 0 192.1.1.1 GigabitEthernet1/0/0

192.1.1.1/32 Direct 0 0 127.0.0.1 InLoopBack0

192.1.1.255/32 Direct 0 0 127.0.0.1 InLoopBack0

VPN instance name






10


MPLS/VPN Trouble-shooting

� MPLS/VPN message forwarding is based on LSP, and LSP is attached to the

route, so you should locate the fault in this way: check route first and then label;

check private network first and then public network.

Check private

network routeYCheck private

network labelYCheck public

network labelYN Check BGP

neighbourhoodN Check public

network route

Check MBGP and the opposite

end PE-CE routing protocol

configuration

N Check public

network IGP configuration

Check LDP

neighbourY N Check MPLS

configuration

Y YN Check BGP

configurationNN Y YYYDial 800 hotline for help



� Check private network route:

� Check the VRF of the PE routers of two ends respectively to check whether

there is a VRF route of the opposite end.

� Command display ip routing-table vpn-instance

� Check BGP neighborhood:

� Whether neighbor state machine is in Established state

� Command: display bgp vpnv4 all peer

� Check public network route:

� Does every device in public network LSP path have an accurate route of the

opposite end PE loopback address? (It must be a 32-bit mask)

� Check the IGP configuration of the public network:

� Whether the route of PE loopback address is released via IGP

Check private

network routeY N Check BGP

neighbourhoodN Check public

network route N Check public

network IGP

configurationY Y

11



� Check private network label:

�Check whether the private network label of the local PE router is distributed by the opposite PE?

� Check MBGP and the opposite end PE-CE routing protocol configuration

�For every VRF, should the VRF route be released into BGP?

�Whether to enable ordinary neighbors to transmit vpnv4 route?

� Check BGP configuration:

�Check whether the ordinary BGP configures BGP neighbors correctly?

Check private

network labelCheck MBGP and the opposite end

PE-CE routing protocol

configuration

Check BGP

configurationN N



� Check public network label:

� Check whether every device in LSP is distributed by the two PE loopback addresses Public network label, related commands: display mpls lsp brief

� Check whether the in-label of every device is the out-label of its next-hop?

� Check LDP neighbors:

� Check whether LDP session is correctly established between two adjacent PE or P routers.

� Related command: display mpls ldp session

� Session State: Operational

� Check MPLS configuration

� Check whether the device enables MPLS globally and enables LDP at corresponding interface.

� Global command:

� mpls lsr-id 10.5.80.250

� mpls ldp

� Start LDP Session at interface

� interface Ethernet4/1/0

� mpls ldp enable

Check public

network labelCheck LDP

neighbors N Check MPLS

configurationN

12


� This chapter describes the configuration, debugging

and troubleshooting of MPLS VPN (L3).

SummarySummary

www.huawei.com

Thank You

Documents

B-20-Odc011002 Mpls l3 VPN Configuration Issue1