QinQ Configuration PDF

1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 1/76
QinQ Configuration
Contents
1 QinQ Configuration
1.1 Introduction to QinQ
1.2 QinQ Principles
1.2.1 Basic Principles
1.2.2 Basic QinQ
1.2.3 Selective QinQ
1.2.4 TPID
1.3 Application Environment
1.4 Configuration Task Summary
1.5 Configuration Notes
1.6 Configuring QinQ
1.6.1 Configuring QinQ Tunneling
1.6.1.1 Configuring Basic QinQ
1.6.1.2 Configuring Selective QinQ
1.6.2 Configuring Termination Sub-interface to Access an L2VPN Network
1.6.2.1 Configuring a Sub-interface for Dot1q VLAN Tag Termination
1.6.2.2 Configuring a Sub-interface for QinQ VLAN Tag Termination
1.6.2.3 Configuring the L2VPN
1.6.2.4 Checking the Configuration
1.6.3 Configuring Termination Sub-interface to Access an L3VPN Network
1.6.3.1 Configuring a Sub-interface for Dot1q VLAN Tag Termination
1.6.3.2 Configuring a Sub-interface for QinQ VLAN Tag Termination
1.6.4 Configuring the TPID Value for an Outer VLAN Tag
1.7 Configuration Examples
1.7.1 Example for Configuring basic QinQ
1.7.2 Example for Configuring Selective QinQ
1.7.3 Example for Configuring VLL Access Through Dot1q Sub-interfaces
1.7.4 Example for Configuring a QinQ Sub-interface to Access a VLL Network
1.7.5 Example for Configuring a Sub-interface for Dot1q VLAN Tag Termination to Access
an L3VPN Network
1.7.6 Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to Access an
L3VPN Network
1.8 References
1 QinQ Configuration
This chapter describes the concepts and configuration procedure of 802.1Q-in-802.1Q (QinQ),
and provides configuration examples.
Context
NOTE:
Only the AR150, AR160, AR200 support QinQ.
Only the AR1200, AR2200, AR3200 support termination sub-interface access to the VPN.
Introduction to QinQ
This section describes definition, purpose and benefit of QinQ.
QinQ Principles
This section describes principles of QinQ.
Application Environment
This section describes the applicable environment of QinQ.
Configuration Task Summary
Configuration Notes
This section describes QinQ configuration notes.
Configuring QinQ
This section describes the QinQ configuration.
Configuration Examples
This section provides several configuration examples of QinQ.
References
This section describes references of QinQ.
Parent topic: Configuration Guide - Ethernet Switching
1.1 Introduction to QinQ
This section describes definition, purpose and benefit of QinQ.
Definition
802.1Q-in-802.1Q (QinQ) technology improves VLAN utilization by adding another 802.1Q
tag to a frame with an 802.1Q tag. In this case, frames from private VLAN tags can be
transparently transmitted on the public network. A frame transmitted on the backbone network
has double 802.1Q tags (one for the public network and the other for the private network), that
is, 802.1Q-in-802.1Q (QinQ).
Purpose
As Ethernet is widely used on networks, 802.1Q VLANs are not enough to identify and isolate
a large number of users on a network. The 12-bit VLAN tag field defined in IEEE 802.1Q
identifies a maximum of 4096 VLANs, which are insufficient for a large number of users on
the Ethernet network. QinQ technology is used to solve this problem.
QinQ technology encapsulates an 802.1Q tag to an 802.1Q packet. With this extra tag, the
number of VLANs is increased to 4094 x 4094.
As Ethernet develops and requirements for precise management emerge, QinQ has more
applications. The inner tag indicates the user; the outer tag indicates the service. QinQ packets
traverse the public network with double tags, and the inner tag is transparently transmitted.
Therefore, QinQ is also a simple and practical VPN technology, which is an extension to
Multi-Protocol Label Switching (MPLS) VPN on the core network. QinQ can be used with
MPLS VPN to form an end-to-end VPN solution.
Benefits
QinQ technology improves VLAN utilization by adding another 802.1Q VLAN tag to a frame
with an 802.1Q VLAN tag. It brings the following advantages:
QinQ expands the VLAN space so that user isolation and identification are not
limited.
In a QinQ packet, the inner 802.1Q tag identifies a user, and the outer 802.1Q tag
identifies a service. The inner and outer tags facilitate service deployment.
More QinQ encapsulation and termination modes are used for fine-grained service
management.
Parent topic: QinQ Configuration
1.2 QinQ Principles
This section describes principles of QinQ.
Basic Principles
Basic QinQ
Selective QinQ
TPID
1.2.1 Basic Principles
QinQ technology expands the VLAN space by adding another 802.1Q VLAN tag to a frame
with an 802.1Q tag. As the metro Ethernet develops, more QinQ encapsulation and
termination modes are used for fine-grained service management.
Format of a QinQ Frame
A QinQ frame has a fixed format, that is, the 802.1Q tag with another 802.1Q tag. A QinQ
frame has four more bytes than an 802.1Q frame.
Figure 1 802.1Q encapsulation
QinQ Encapsulation
QinQ encapsulation adds another 802.1Q tag to a frame with an 802.1Q tag.
QinQ is classified into basic QinQ and selective QinQ depending on encapsulation data. Basic
QinQ refers to interface-based QinQ, and selective QinQ includes VLAN ID-based QinQ and
802.1p priority-based QinQ.
Port-based QinQ encapsulation
In port-based QinQ encapsulation, the device adds the same outer VLAN tag to all
the frames sent to a specified port. Port-based QinQ encapsulation, also called QinQ
tunneling, is not flexible and cannot distinguish services.
VLAN ID-based QinQ
VLAN ID-based QinQ determines whether to encapsulate the outer VLAN tag and
the type of the outer VLAN tag into different data flows.
Traffic can be classified based on VLAN ID ranges if a user uses different VLAN
IDs for different services. For example, PC users access the Internet through VLANs
101 to 200, IPTV users through VLANs 201 to 300, and VoIPs through VLANs 301
to 400. When receiving service data, the UPE adds the outer tag 100 to frames from
PCs, outer tag 300 to frames from IPTV users, and outer tag 500 to frames from
VoIPs.
802.1p priority-based QinQ
802.1p priority-based QinQ determines whether to encapsulate the outer VLAN tag
and the type of the outer VLAN tag into data flows with different priorities.
For example, when different services of a user use different priorities, you can set up
different data transmission channels for these services based on priorities so that
services can be differentiated.
QinQ/Dot1q VLAN Tag Termination Sub-interface
In QinQ termination, a sub-interface identifies one tag or double tags of QinQ frames and then
removes one tag or double tags or sends the frames.
QinQ termination is usually performed on sub-interfaces, called VLAN tag termination sub-
interfaces.
Different termination modes are used in different situations when QinQ technology is applied
to the MPLS/IP core network.
A sub-interface that terminates a single tag in a frame is called a dot1q VLAN tag
termination sub-interface.
A sub-interface that terminates double tags in a frame is called a QinQ VLAN tag
termination sub-interface.
QinQ VLAN tag termination sub-interfaces have different functions in different scenarios
related with the specific scenario. The following explains it in different scenarios.
Parent topic: QinQ Principles
1.2.2 Basic QinQ
Basic QinQ is implemented based on interfaces. Basic QinQ allows the device to add the outer
tag to a packet received on an interface. If the received packet carries a VLAN tag, the device
adds the outer VLAN tag to the packet. If the received packet does not carry any VLAN tag,
the device adds the inner VLAN tag and then the outer VLAN tag.
As shown in Figure 1, enterprise A has two branches that connect to the carrier network
through PE1 and PE2 respectively.
Figure 1 Networking diagram of basic QinQ
Enterprise A has different services, so different VLANs are assigned. Basic QinQ is
configured on the CE interface connected to the carrier network. The outer VLAN 20 is added
to the packet passing through the CE interface and removed after the packet reaches another
branch. Traffic between two branches is transparently transmitted on the public network so
that users using the same service in different branches of enterprise A can communicate and
users using different services are isolated.
1.2.3 Selective QinQ
Selective QinQ, also knonw as VLAN Stacking or QinQ Stacking, is performed based on ports
and VLAN IDs. Besides basic QinQ functions, selective QinQ has the following functions:
VLAN ID-based selective QinQ: adds outer VLAN tags based on VLAN IDs.
802.1p priority-based selective QinQ: adds outer VLAN tags based on 802.1p
priorities in inner VLAN tags.
Selective QinQ is an extension to basic QinQ and is more flexible. The difference is as
follows:
Basic QinQ: adds the same outer VLAN tag to all the frames entering a Layer 2 port.
Selective QinQ: adds different outer VLAN tags to the frames entering a Layer 2 port
based on the inner VLAN tags.
through PE1 and PE2 respectively.
Figure 1 Networking diagram of selective QinQ
Enterprise A has different services, so different VLANs are assigned. Data services are
transmitted in VLAN 10 to VLAN 30, and voice services are transmitted in VLAN 31 to
VLAN 50.
Selective QinQ is configured on the user-side interface of the CE to add outer VLAN 20 to
packets with VLAN IDs 10 to 30, and outer VLAN 21 to packets with VLAN IDs 31 to 50,
and the device is configured to increase the priority of voice packets. Traffic between two
branches can be transparently transmitted through the public network so that users using the
same service in different branches of enterprise A can communicate, users using different
services are isolated, and voice services are transmitted preferentially.
1.2.4 TPID
Tag Protocol Identifier (TPID), a field in a VLAN tag, specifies the protocol type of the tag.
The TPID value defined in IEEE 802.1Q is 0x8100.
Figure 1 shows the Ethernet frame format defined in IEEE 802.1Q. The 802.1Q Tag field
locates between the Source Address (SA) and Length/Type fields. The device checks the
TPID value in the received frame to determine whether the VLAN tag is the S-VLAN tag or
C-VLAN tag. The device compares the configured TPID value with the TPID value in the
frame. For example, a frame carries VLAN tags with TPID values 0x9100 and 0x8100. If the
TPID value of the S-VLAN tag is set to 0x9100 and that of the C-VLAN tag is 0x8200, the
device considers that the frame only carries the S-VLAN tag, but not the C-VLAN tag.
Figure 1 802.1Q encapsulation
Different carriers may use different TPID values in outer VLAN tags. You can set the same
TPID value to ensure compatibility among devices of different vendors. In this case, QinQ
frame sent to the public network carry the same TPID value with the carrier TPID value,
ensuring interoperability between the device and the carrier device. To prevent packet
forwarding and processing errors on the network, the TPID value can be none of values in
Table 1.
Table 1 Description of protocol types and values
Protocol Type Value
ARP 0x0806
RARP 0x8035
IP 0x0800
IPv6 0x86DD
PPPoE 0x8863/0x8864
MPLS 0x8847/0x8848
IPX/SPX 0x8137
LACP 0x8809
802.1x 0x888E
HGMP 0x88A7
Reserved 0xFFFD/0xFFFE/0xFFFF
1.3 Application Environment
This section describes the applicable environment of QinQ.
Basic QinQ
through PE1 and PE2 respectively. Enterprise A has different services, so different VLANs are
assigned. To save public VLAN IDs, it is required that traffic between two branches of
enterprise A be transparently transmitted through the public network, users using the same
service in different branches of enterprise A be allowed to communicate, and users using
different services be isolated. You can configure QinQ on the network-side interface of the CE
to meet the preceding requirements.
Figure 1 Typical networking of basic QinQ
Selective QinQ
assigned. Data services are transmitted in VLAN 10 to VLAN 30, and voice services are
transmitted in VLAN 31 to VLAN 50. To save public VLAN IDs, it is required that traffic
between two branches of enterprise A be transparently transmitted through the public network,
users using the same service in different branches of enterprise A be allowed to communicate,
users using different services be isolated, and voice services be transmitted preferentially. You
can configure selective QinQ on the user-side interface of the CE to meet the preceding
requirements.
Figure 2 Typical networking of selective QinQ
1.4 Configuration Task Summary
Table 1 describes the QinQ configuration tasks.
Table 1 QinQ configuration task summary
Scenario Description Task
Configuring QinQ Tunneling This section describes how to
configure QinQ tunneling,
including basic QinQ and
selective QinQ.
Configuring QinQ Tunneling
Configuring QinQ to Access an
L2VPN Network
A CE accesses the ISP network
through PEs. User data packets
sent by the CE to a PE contain
one or double tags. You need to
connect the sub-interfaces on the
PE to a VPN network to enable
CEs to communicate with each
other.
Configuring Termination Sub-
interface to Access an L2VPN
Network
Configuring QinQ to Access an A CE accesses the ISP network Configuring Termination Sub-
L3VPN Network through PEs. User data packets
sent by the CE to a PE contain
one or double tags. You need to
connect the sub-interfaces on the
PE to an L3VPN to enable CEs
to communicate with each other.
interface to Access an L3VPN
Network
Configuring the TPID Value for
an Outer VLAN Tag
To ensure that devices from
different vendors can
communicate with each other,
set the TPID value of an outer
VLAN tag.
Configuring the TPID Value for
an Outer VLAN Tag
1.5 Configuration Notes
This section describes QinQ configuration notes.
When deploying QinQ on the router, pay attention to the following:
Before configuring QinQ on an interface, add the interface to a network bridge. If the
interface is deleted from the network bridge, the QinQ configuration is also deleted
from the interface.
You can configure only one of QinQ, selective QinQ, and VLAN mapping on a sub-
interface.
1.6 Configuring QinQ
This section describes the QinQ configuration.
Configuring QinQ Tunneling
This section describes how to configure QinQ tunneling, including basic QinQ and
selective QinQ.
Configuring Termination Sub-interface to Access an L2VPN Network
A CE accesses the ISP network through PEs. User data packets sent by the CE to a PE
contain one or double tags. You need to connect the sub-interfaces on the PE to a VPN
network to enable CEs to communicate with each other.
Configuring Termination Sub-interface to Access an L3VPN Network
A CE accesses the ISP network through PEs. User data packets sent by the CE to a PE
contain one or double tags. You need to connect the sub-interfaces on the PE to an
L3VPN to enable CEs to communicate with each other.
Configuring the TPID Value for an Outer VLAN Tag
To ensure that devices from different vendors can communicate with each other, set the
TPID value of an outer VLAN tag.
1.6.1 Configuring QinQ Tunneling
This section describes how to configure QinQ tunneling, including basic QinQ and selective
QinQ.
Configuring Basic QinQ
Configuring Selective QinQ
Parent topic: Configuring QinQ
1.6.1.1 Configuring Basic QinQ
Background Information
Dot1q tunnel isolates a carrier network from a user network and is widely used when users
connect to a carrier network. When private networks connect to a carrier network through CEs
and PEs, run the vlan dot1q-tunnel command on CE interfaces connected to PEs so that the
CE interfaces add the outer VLAN tag allocated by the carrier to user packets. This
implementation saves VLAN IDs and allows user packets to be transparently transmitted on
the carrier network.
Procedure
1. Run:
system-view
The system view is displayed.
2. Run:
bridge bridge-id
A bridge group is created and the bridge group view is displayed.
3. Run:
quit
Exit from the bridge group view.
4. Run:
interface { ethernet | gigabitethernet } interface-number.subinterface-nu
mber
The Ethernet sub-interface view is displayed.
NOTE:
Sub-interfaces can only be created on Layer 3 Ethernet interfaces. If an interface works in Layer 2
mode and supports switching between Layer 2 and Layer 3 modes, run the undo portswitch
command to switch the interface in Layer 3 mode before creating a sub-interface on the interface.
5. Run:
bridge bridge-id
The Ethernet sub-interface is added to the bridge group.
6. Run:
bridge vlan-transmit enable
The interface is enabled to transparently transmit VLAN IDs.
7. Run:
vlan allow-pass { vid vlan-id1 [ to vlan-id2 ] | default }
The VLAN allowed by the Ethernet sub-interface is configured.
NOTE:
VLANs allowed by all sub-interfaces of a main interface cannot overlap.
The vlan allow-pass default command can be executed only on a sub-interface among all sub-
interfaces of each main interface. Packets are forwarded through the default sub-interface when the
packets do not match other QinQ or VLAN mapping entries on a sub-interface.
8. Run:
vlan dot1q-tunnel tunnel-vlan-id [ native vid native-vlan-id ]
The basic QinQ function is configured on a sub-interface.
The vlan dot1q-tunnel command can be only executed at one time on a sub-
interface and the VLAN specified by tunnel-vlan-id must be allowed by the sub-
interface.
Parent topic: Configuring QinQ Tunneling
1.6.1.2 Configuring Selective QinQ
Context
You can configure selective QinQ based on the VLAN ID or 802.1p priority.
VLAN ID-based selective QinQ
When private networks connect to a carrier network through CEs and PEs, run the
vlan stacking command on CE interfaces connected to PEs so that the CE interfaces
add the outer VLAN tag allocated by the carrier to user packets. This implementation
saves VLAN IDs and allows user packets to be transparently transmitted on the
carrier network.
802.1p priority-based selective QinQ
An 802.1p priority indicates a packet priority. Generally, different services of a user
use different priorities. A carrier can establish different data transmission networks
for different services based on 802.1p priorities so that services on the carrier
network can be differentiated.
Procedure
Configuring VLAN ID-based selective QinQ
1. Run:
system-view
2. Run:
bridge bridge-id
3. Run:
quit
4. Run:
interface { ethernet | gigabitethernet } interface-number.subinte
rface-number
NOTE:
Sub-interfaces can only be created on Layer 3 Ethernet interfaces. If an interface works in
Layer 2 mode and supports switching between Layer 2 and Layer 3 modes, run the undo
portswitch command to switch the interface in Layer 3 mode before creating a sub-
interface on the interface.
5. Run:
bridge bridge-id
6. Run:
7. Run:
vlan stacking { default | vid low-ce-vid [ to high-ce-vid ] } pe-
vid pe-vid [ remark-8021p 8021p-value2 ]
VLAN ID-based selective QinQ is configured.
NOTE:
The vlan stacking default command can be executed only on a sub-interface among all
sub-interfaces of each main interface. Packets are forwarded through the default sub-
interface when the packets do not match other QinQ entries on a sub-interface.
Configuring 802.1p priority-based selective QinQ
1. Run:
system-view
2. Run:
bridge bridge-id
3. Run:
quit
4. Run:
interface { ethernet | gigabitethernet } interface-number.subinte
rface-number
NOTE:
Sub-interfaces can only be created on Layer 3 Ethernet interfaces. If an interface works in
Layer 2 mode and supports switching between Layer 2 and Layer 3 modes, run the undo
portswitch command to switch the interface in Layer 3 mode before creating a sub-
interface on the interface.
5. Run:
bridge bridge-id
6. Run:
7. Run:
vlan allow-pass { vid vlan-id1 [ to vlan-id2 ] | default }
The VLAN allowed by the Ethernet sub-interface is configured.
NOTE:
The vlan allow-pass default command can be executed only on a sub-interface among all
sub-interfaces of each main interface. Packets are forwarded through the default sub-
interface when the packets do not match other QinQ or VLAN mapping entries on a sub-
interface.
8. Run:
vlan stacking 8021p 8021p-value1 pe-vid pe-vid [ remark-8021p 802
1p-value2 ]
802.1p priority-based selective QinQ is configured.
Parent topic: Configuring QinQ Tunneling
1.6.2 Configuring Termination Sub-interface
to Access an L2VPN Network
A CE accesses the ISP network through PEs. User data packets sent by the CE to a PE contain
one or double tags. You need to connect the sub-interfaces on the PE to a VPN network to
enable CEs to communicate with each other.
Configuring a Sub-interface for Dot1q VLAN Tag Termination
Configuring a Sub-interface for QinQ VLAN Tag Termination
Configuring the L2VPN
Checking the Configuration
1.6.2.1 Configuring a Sub-interface for Dot1q
VLAN Tag Termination
Context
A sub-interface for dot1q VLAN tag termination can terminate single-tagged user packets. The
following operations are performed on a user-side interface of a PE.
Procedure
1. Run:
system-view
2. Run:
mber
3. Run:
dot1q termination vid vid
The sub-interface is configured to terminate single-tagged packets.
NOTE:
After a sub-interface for VLAN tag termination is configured, ensure that ARP broardcast is enabled
on the sub-interface. For details, see the arp broadcast enable command.
Parent topic: Configuring Termination Sub-interface to Access an L2VPN Network
1.6.2.2 Configuring a Sub-interface for QinQ
Context
A sub-interface for QinQ VLAN tag termination can terminate double-tagged user packets.
Sub-interfaces for QinQ termination access an L2VPN in symmetrical mode or in
asymmetrical mode. User packets access an L2VPN in different modes. PEs process these
packets in the ways described in the following tables.
Table 1 Packet processing on the inbound interface
Type of the Inbound Interface VLL/PWE3
Ethernet Encapsulation VLAN Encapsulation
Symmetrical Strips the outer tag. Reserves the double tags, and no
action is required.
Asymmetrical Strips the double tags. Strips two tags and then adds
one tag.
Table 2 Packet processing on the outbound interface
Type of the Outbound Interface VLL/PWE3
Ethernet Encapsulation VLAN Encapsulation
Symmetrical Adds the outer tag. Replaces the outer tag.
Asymmetrical Adds double tags. Strips one tag and then adds
double tags
The following operations are performed on a user-side interface of a PE.
Procedure
1. Run:
system-view
2. Run:
mber
3. Run:
qinq termination l2 { symmetry | asymmetry }
The attributes of the QinQ termination sub-interface are configured.
By default, the QinQ termination sub-interface uses the asymmetrical mode.
4. Run:
qinq termination pe-vid pe-vid ce-vid ce-vid
The sub-interface is configured to terminate double-tagged packets.
NOTE:
Termination sub-interfaces support VLL access. You can configure L2VPN on the CE, PE,
and P. For details, see "VLL Configuration" in the Huawei
AR150&AR160&AR200&AR1200&AR2200&AR3200 Series Enterprise Routers
Configuration Guide - VPN.
Procedure
Run the display dot1q information termination [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about a
dot1q sub-interface.
Run the display qinq information termination [ interface interface-type interface-
number [.subinterface-number ] ] command to check information about a QinQ sub-
interface.
Run the display vll ccc [ ccc-name | type local ] command to check information
about a CCC connection.
Run the display mpls static-l2vc command to check information about an SVC
L2VPN VC.
Run the display mpls l2vc command on the PE to check information about the
Martini VLL on the local PE.
Run the display mpls l2vc remote-info command on the PE to check information
about the Martini VLL on the remote PE.
1.6.3 Configuring Termination Sub-interface
to Access an L3VPN Network
A CE accesses the ISP network through PEs. User data packets sent by the CE to a PE contain
one or double tags. You need to connect the sub-interfaces on the PE to an L3VPN to enable
CEs to communicate with each other.
Configuring a Sub-interface for Dot1q VLAN Tag Termination
Configuring a Sub-interface for QinQ VLAN Tag Termination
Configuring the L3VPN
Checking the Configuration
1.6.3.1 Configuring a Sub-interface for Dot1q
Context
A sub-interface for dot1q VLAN tag termination can terminate single-tagged user packets. The
following operations are performed on a user-side interface of a PE.
Procedure
1. Run:
system-view
2. Run:
mber
3. Run:
ip binding vpn-instance vpn-instance-name
The sub-interface is bound to the VPN instance.
4. Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is configured for the Ethernet sub-interface.
NOTE:
When two or more IP addresses are configured for an Ethernet interface, the keyword sub must be
used to indicate the second IP address and subsequent IP addresses.
5. Run:
dot1q termination vid vid
The sub-interface is configured to terminate single-tagged packets.
NOTE:
1.6.3.2 Configuring a Sub-interface for QinQ
Context
A sub-interface for QinQ VLAN tag termination can terminate double-tagged user packets.
The following operations are performed on a user-side interface of a PE.
Procedure
1. Run:
system-view
2. Run:
mber
3. Run:
ip binding vpn-instance vpn-instance-name
The sub-interface is bound to the VPN instance.
4. Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is configured for the Ethernet sub-interface.
NOTE:
When two or more IP addresses are configured for an Ethernet interface, the keyword sub must be
used to indicate the second IP address and subsequent IP addresses.
5. Run:
qinq termination pe-vid pe-vid ce-vid ce-vid
The sub-interface is configured to terminate double-tagged packets.
NOTE:
The access of a sub-interface for VLAN tag termination to the L3VPN means that the sub-
interface for VLAN tag termination supports L3VPN functions.
Configure L3VPN functions on the CE, PE, and P. For details, see "BGP/MPLS IP VPN
Configuration" in the Huawei AR150&AR160&AR200&AR1200&AR2200&AR3200 Series
Enterprise Routers Configuration Guide - VPN.
Procedure
Run the display dot1q information termination [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the
sub-interface with the encapsulation mode as dot1q.
Run the display qinq information termination [ interface interface-type interface-
number [.subinterface-number ] ] command to check information about the sub-
interface with the encapsulation mode as QinQ.
Run the display ip vpn-instance [ verbose ] [ vpn-instance-name ] command to
check information about the VPN instance.
1.6.4 Configuring the TPID Value for an Outer
VLAN Tag
To ensure that devices from different vendors can communicate with each other, set the TPID
value of an outer VLAN tag.
Context
Devices from different vendors or different network plans may use different values for TPID
fields in outer VLAN tags of QinQ packets. To be compatible with an existing network plan,
the AR router supports configuration of the TPID value. You can set the TPID value on the
AR router to be the same as the TPID value in the network plan so that the AR router can be
compatible on the existing network.
NOTE:
To implement the connectivity between the devices of different vendors, ensure that the protocol type
in the outer VLAN tag can be identified by the peer device.
The qinq protocol command identifies incoming packets, and adds or changes the TPID value of
outgoing packets.
The protocol IDs set by the qinq protocol command cannot be the same as well-known protocol IDs.
Otherwise, the interface cannot distinguish packets of these protocols. For example, protocol-id cannot
be set to 0x0806, which is the ARP protocol ID.
Procedure
1. Run:
system-view
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
qinq protocol protocol-id
The protocol type in the outer VLAN tag is set.
By default, the TPID value in the outer VLAN tag is 0x8100.
1.7 Configuration Examples
This section provides several configuration examples of QinQ.
Example for Configuring basic QinQ
Example for Configuring Selective QinQ
Example for Configuring VLL Access Through Dot1q Sub-interfaces
Example for Configuring a QinQ Sub-interface to Access a VLL Network
Example for Configuring a Sub-interface for Dot1q VLAN Tag Termination to
Access an L3VPN Network
Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to
Access an L3VPN Network
1.7.1 Example for Configuring basic QinQ
Networking Requirements
assigned.
The requirements are as follows:
VLANs are assigned independently in enterprise A, and are independent of carrier
VLANs or VLANs of other enterprises.
Traffic between two branches of enterprise A is transparently transmitted through the
public network, users using the same service in different branches of enterprise A are
allowed to communicate, and users using different services must be isolated.
Figure 1 Networking diagram for configuring basic QinQ
Configuration Roadmap
The configuration roadmap is as follows:
You can configure the basic QinQ function on the CE connected to the PE and implement
communication between two branches of enterprise A through VLAN 20 provided by the
carrier.
1. Create a bridge group and add a sub-interface to the bridge group.
2. Configure VLANs allowed by a sub-interface.
3. Configure basic QinQ on the CE interface connected to the PE so that the CE can
the S-VLAN tag to user packets.
4. Add interfaces of the PE and P to VLAN 20 so that packets from VLAN 20 are
allowed to pass through.
Procedure
<Huawei> system-view
[Huawei] sysname CE1
[CE1] bridge 1
[CE1-bridge1] quit
[CE1] interface gigabitethernet 0/0/0.1
[CE1-GigabitEthernet0/0/0.1] bridge 1
[CE1-GigabitEthernet0/0/0.1] bridge vlan-transmit enable
The configuration of CE2 is similar to that of CE1, and is not mentioned here.
2. Configure VLANs allowed by a sub-interface.
[CE1-GigabitEthernet0/0/0.1] vlan allow-pass vid 10 to 50
3. Configure CE1 interface connected to the PE to add a VLAN tag to user packets.
[CE1-GigabitEthernet0/0/0.1] vlan dot1q-tunnel 20
[CE1-GigabitEthernet0/0/0.1] quit
4. Add GE0/0/0 and GE0/0/1 on PE1 to VLAN 20 in trunk mode.
[Huawei] sysname PE1
[PE1] vlan batch 20
[PE1] interface gigabitethernet 0/0/0
[PE1-GigabitEthernet0/0/0] port link-type trunk
[PE1-GigabitEthernet0/0/0] port trunk allow-pass vlan 20
[PE1-GigabitEthernet0/0/0] quit
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
The configurations of PE2 and P are similar to the configuration of PE1, and are not
mentioned here.
5. Verify the configuration.
On a PC in a VLAN of a branch in enterprise A, ping a PC in the same VLAN of
the other branch in enterprise A. The ping operation succeeds, indicating that users
using the same service can communicate with each other.
Configuration Files
Configuration file of CE1
#
sysname CE1
#
bridge 1
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0.1
bridge 1
vlan allow-pass vid 10 to 50
vlan dot1q-tunnel 20
#
return
#
sysname CE2
#
bridge 1
#
#
bridge 1
vlan allow-pass vid 10 to 50
vlan dot1q-tunnel 20
#
return
Configuration file of PE1
#
sysname PE1
#
vlan batch 20
#
port link-type trunk
port trunk allow-pass vlan 20
#
#
return
#
sysname PE2
#
vlan batch 20
#
#
#
return
Configuration file of P
#
sysname P
#
vlan batch 20
#
#
#
return
Parent topic: Configuration Examples
1.7.2 Example for Configuring Selective QinQ
assigned. Data services are transmitted in VLAN 10 to VLAN 30, and voice services are
transmitted in VLAN 31 to VLAN 50.
The requirements are as follows:
VLANs are assigned independently in enterprise A, and are independent of carrier
VLANs or VLANs of other enterprises.
Traffic between two branches of enterprise A is transparently transmitted through the
public network, users using the same service in different branches of enterprise A are
allowed to communicate, and users using different services must be isolated.
Voice services with high priority are transmitted first.
Figure 1 Networking diagram for configuring selective QinQ
You can configure selective QinQ on the CE user-side interface and implement
communication between two branches of enterprise A through VLAN 20 and VLAN 21
provided by the carrier.
2. Configure VLANs allowed by the sub-interface on the user side of the CE,
configure the CE user-side interface to add different outer VLAN tags to packets
with different user VLAN IDs, and re-mark voice services with high priority.
3. Add the CE interface connected to the PE, PE interface, and P interface to VLAN
20 and VLAN 21 so that packets from VLAN 20 and VLAN 21 are allowed to pass
through.
Procedure
[CE1] bridge 1
[CE1-bridge1] quit
2. Configure CE1 user-side interface to add VLAN tags to user packets and re-mark
voice services with high priority.
[CE1-GigabitEthernet0/0/1.1] vlan stacking vid 10 to 30 pe-vid 20
[CE1-GigabitEthernet0/0/1.2] vlan stacking vid 31 to 50 pe-vid 21 remark-
8021p 7
3. Add GE0/0/0 on CE1, and GE0/0/0 and GE0/0/1 on PE1 to VLAN 20 and VLAN
21 in trunk mode.
# Add GE10/0/0 on CE1 to VLAN 20 and VLAN 21 in trunk mode. The
configuration of CE2 is similar to that of CE1, and is not mentioned here.
[CE1] vlan batch 20 to 21
[CE1] interface gigabitethernet 0/0/0
[CE1-GigabitEthernet0/0/0] port link-type trunk
[CE1-GigabitEthernet0/0/0] port trunk allow-pass vlan 20 21
[CE1-GigabitEthernet0/0/0] quit
# Add GE0/0/0 and GE0/0/1 on PE1 to VLAN 20 and VLAN 21 in trunk mode. The
configurations of PE2 and P are similar to the configuration of PE1, and are not
mentioned here.
[PE1] vlan batch 20 to 21
[PE1-GigabitEthernet0/0/0] port trunk allow-pass vlan 20 21
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 20 21
On a PC in a VLAN of a branch in enterprise A, ping a PC in the same VLAN of
the other branch in enterprise A. The ping operation succeeds, indicating that users
using the same service can communicate with each other.
Configuration Files
#
sysname CE1
#
vlan batch 20 to 21
#
bridge 1
#
port trunk allow-pass vlan 20 to 21
#
#
bridge 1
vlan stacking vid 10 to 30 pe-vid 20
#
bridge 1
vlan stacking vid 31 to 50 pe-vid 21 remark 8021p 7
#
return
#
sysname CE2
#
vlan batch 20 to 21
#
bridge 1
#
#
#
bridge 1
vlan stacking vid 10 to 30 pe-vid 20
#
bridge 1
vlan stacking vid 31 to 50 pe-vid 21 remark 8021p 7
#
return
#
sysname PE1
#
vlan batch 20 to 21
#
#
#
return
#
sysname PE2
#
vlan batch 20 to 21
#
#
#
return
#
sysname P
#
vlan batch 20 to 21
#
#
#
return
1.7.3 Example for Configuring VLL Access
Through Dot1q Sub-interfaces
As shown in Figure 1, CE1 and CE2 are connected to PE1 and PE2 respectively through
VLANs.
A Martini VLL is created between CE1 and CE2 so that user networks connected to CE1 and
CE2 can communicate.
Figure 1 Networking diagram for configuring a sub-interface for dot1q VLAN tag termination to
access a VLL network
1. Configure an IGP on the PE and P devices on the backbone network to ensure
reachability between them, and enable MPLS.
2. Use the default tunnel policy to create an LSP and configure the LSP as the tunnel
for data transmission.
3. Enable MPLS L2VPN and create VC connections on the PEs.
4. Configure the dot1q sub-interfaces on the PE interfaces connecting to CEs to
implement VLL access.
Procedure
1. Configure IP addresses for interfaces on the CE, PE and P devices according to
Figure 1.
CE1 is used as an example.
# Configure CE1.
[CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
The configuration details of other devices are not mentioned here.
2. Configure packets sent from CEs to PEs carry a VLAN tag.
This example uses VLAN 10.
# Configure CE1.
[CE1-GigabitEthernet1/0/0.1] dot1q termination vid 10
# Configure CE2.
3. Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on
PEs and P. The loopback interface addresses are the LSR IDs.
PE1 is used as an example.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
4. Configure the basic MPLS capabilities and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-GigabitEthernet2/0/0] mpls
[PE1-GigabitEthernet2/0/0] mpls ldp
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface gigabitethernet 2/0/0
[P-GigabitEthernet2/0/0] mpls
[P-GigabitEthernet2/0/0] mpls ldp
[P-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
5. Set up a remote LDP session between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
After the configuration, run the display mpls ldp session command on PE1 to view
the establishment of the LDP session. You can find that an LDP session is set up
between PE1 and PE2.
Take the display on PE1 for example.
[PE1] display mpls ldp session

LDP Session(s) in Public Network

Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)

A '*' before a session means the session is being deleted.

------------------------------------------------------------------------
------
PeerID Status LAM SsnRole SsnAge KASent/Rcv

------------------------------------------------------------------------
------
2.2.2.9:0 Operational DU Passive 0000:00:11 46/45


------------------------------------------------------------------------
------
TOTAL: 2 session(s) Found.

6. Enable MPLS L2VPN and create VCs on the PEs.
# Configure PE1: Create a VC on GE1/0/0.1, which is connected to CE1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] dot1q termination vid 10
[PE1-GigabitEthernet1/0/0.1] mpls l2vc 3.3.3.9 101
[PE1-GigabitEthernet1/0/0.1] quit
[PE2] mpls l2vpn
[PE2-l2vpn] quit
View the L2VPN connection information on the PEs, and you can see that an L2VC
is set up and is in Up state.
[PE1] display mpls l2vc interface gigabitethernet 1/0/0.1
*client interface : GigabitEthernet1/0/0.1 is up

Administrator PW : no

session state : up

AC status : up

VC state : up

Label state : 0

Token state : 0

VC ID : 101

VC type : VLAN

destination : 3.3.3.9

local group ID : 0 remote group ID : 0

local VC label : 1024 remote VC label : 1024

local AC OAM State : up

local PSN OAM State : up

local forwarding state : forwarding

local status code : 0x0

remote AC OAM state : up

remote PSN OAM state : up

remote forwarding state: forwarding

remote status code : 0x0

ignore standby state : no

BFD for PW : unavailable

VCCV State : up

manual fault : not set

active state : active

forwarding entry : exist

link state : up

local VC MTU : 1500 remote VC MTU : 1500

local VCCV : alert ttl lsp-ping bfd

remote VCCV : alert ttl lsp-ping bfd

local control word : disable remote control word : disable

tunnel policy name : --

PW template name : --

primary or secondary : primary

load balance type : flow

Access-port : false

Switchover Flag : false

VC tunnel/token info : 1 tunnels/tokens

NO.0 TNL type : lsp , TNL ID : 0x5

Backup TNL type : lsp , TNL ID : 0x0

create time : 0 days, 0 hours, 27 minutes, 15 seconds

up time : 0 days, 0 hours, 2 minutes, 22 seconds

last change time : 0 days, 0 hours, 2 minutes, 22 seconds

VC last up time : 2011/09/26 15:29:03

VC total up time : 0 days, 0 hours, 2 minutes, 22 seconds

CKey : 5

NKey : 4

PW redundancy mode : frr

AdminPw interface : --

AdminPw link state : --

Diffserv Mode : uniform

Service Class : --

Color : --

DomainId : --

Domain Name : --


CE1 and CE2 can ping each other.
Take the display on CE1 for example.
[CE1] ping 100.1.1.2
PING 100.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
--- 100.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/15/31 ms
Configuration Files
#
sysname CE1
#
#
dot1q termination vid 10
ip address 100.1.1.1 255.255.255.0
#
return
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
#
mpls l2vc 3.3.3.9 101
#
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
#
sysname PE2
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 1.1.1.9
#
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
#
mpls l2vc 1.1.1.9 101
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
#
sysname CE2
#
#
ip address 100.1.1.2 255.255.255.0
#
return
1.7.4 Example for Configuring a QinQ Sub-
interface to Access a VLL Network
As shown in Figure 1, CE1 and CE2 are connected to PE1 and PE2 respectively through
VLANs.
A Martini VLL is created between CE1 and CE2 so that user networks connected to CE1 and
CE2 can communicate.
access a VLL network
1. Configure an IGP on the PE and P devices on the backbone network to ensure
reachability between them, and enable MPLS.
2. Use the default tunnel policy to create an LSP and configure the LSP as the tunnel
for data transmission.
3. Enable MPLS L2VPN and create VC connections on the PEs.
4. Configure the QinQ sub-interfaces on the PE interfaces connecting to CEs to
implement VLL access.
Procedure
1. Configure IP addresses for interfaces on the CE, PE and P devices according to
Figure 1.
CE1 is used as an example.
# Configure CE1.
[CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0
2. Configure the CE to send double-tagged packets to the PE.
Here, the inner VLAN ID is VLAN 10 and outer VLAN ID is VLAN 100.
# Configure CE1.
[CE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10
# Configure CE2.
3. Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on
PEs and P. The loopback interface addresses are the LSR IDs.
PE1 is used as an example.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
4. Configure the basic MPLS capabilities and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# Configure the P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
5. Set up a remote LDP session between PEs.
# Configure PE1.
# Configure PE2.
After the configuration, run the display mpls ldp session command on PE1 to view
the establishment of the LDP session. You can find that an LDP session is set up
between PE1 and PE2.




------------------------------------------------------------------------
------

------------------------------------------------------------------------
------


------------------------------------------------------------------------
------

6. Enable MPLS L2VPN and create VCs on the PEs.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE2] mpls l2vpn
[PE2-l2vpn] quit
View the L2VPN connection information on the PEs, and you can see that an L2VC
is set up and is in Up state.
[PE1] display mpls l2vc interface gigabitethernet 1/0/0.1
*client interface : GigabitEthernet1/0/0.1 is up

Administrator PW : no

session state : up

AC status : up

VC state : up

Label state : 0

Token state : 0

VC ID : 101

VC type : VLAN

destination : 3.3.3.9

local group ID : 0 remote group ID : 0

local VC label : 1024 remote VC label : 1024

local AC OAM State : up

local PSN OAM State : up

local forwarding state : forwarding

local status code : 0x0

remote AC OAM state : up

remote PSN OAM state : up

remote forwarding state: forwarding

remote status code : 0x0

ignore standby state : no

BFD for PW : unavailable

VCCV State : up

manual fault : not set

active state : active

forwarding entry : exist

link state : up

local VC MTU : 1500 remote VC MTU : 1500

local VCCV : alert ttl lsp-ping bfd

remote VCCV : alert ttl lsp-ping bfd

local control word : disable remote control word : disable

tunnel policy name : --

PW template name : --

primary or secondary : primary

load balance type : flow

Access-port : false

Switchover Flag : false

VC tunnel/token info : 1 tunnels/tokens

NO.0 TNL type : lsp , TNL ID : 0x5

Backup TNL type : lsp , TNL ID : 0x0

create time : 0 days, 0 hours, 27 minutes, 15 seconds

up time : 0 days, 0 hours, 2 minutes, 22 seconds

last change time : 0 days, 0 hours, 2 minutes, 22 seconds

VC last up time : 2011/09/26 15:29:03

VC total up time : 0 days, 0 hours, 2 minutes, 22 seconds

CKey : 5

NKey : 4

PW redundancy mode : frr

AdminPw interface : --

AdminPw link state : --

Diffserv Mode : uniform

Service Class : --

Color : --

DomainId : --

Domain Name : --


CE1 and CE2 can ping each other.
Take the display on CE1 for example.
[CE1] ping 100.1.1.2
0.00% packet loss
Configuration Files
#
sysname CE1
#
#
qinq termination pe-vid 100 ce-vid 10
ip address 100.1.1.1 255.255.255.0
#
return
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 3.3.3.9
#
#
mpls l2vc 3.3.3.9 101
#
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
#
sysname PE2
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
remote-ip 1.1.1.9
#
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
#
mpls l2vc 1.1.1.9 101
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
#
sysname CE2
#
#
ip address 100.1.1.2 255.255.255.0
#
return
1.7.5 Example for Configuring a Sub-interface
for Dot1q VLAN Tag Termination to Access an
L3VPN Network
As shown in Figure 1, CE1 and CE3 belong to VPN-A and CE2 and CE4 belong to VPN-B.
The VPN target of VPN-A is 111:1, and VPN target of VPN-B is 222:2. Users in different
VPNs cannot communicate with each other.
access an L3VPN network
1. Configure VPN instances on the PEs connecting to the CE on the backbone
network, bind the interfaces connected to CEs to the corresponding VPN instances,
and specify the IP address of the interfaces connected to the CE.
2. Configure OSPF on the PEs to implement interconnection between PEs.
3. Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs.
4. Configure the Multi-protocol Extensions for Interior Border Gateway Protocol (MP-
IBGP) on PEs to exchange VPN routing information.
5. Configure EBGP on CEs and PEs to exchange VPN routing information.
6. Configure dot1q sub-interfaces on the PE interfaces connected to CEs to connect the
dot1q sub-interfaces to the L3VPN network.
Procedure
1. Configure OSPF on the MPLS backbone network so that the PEs and Ps can
communicate with each other.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1-GigabitEthernet3/0/0] ip address 172.1.1.1 24
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure P.
[Huawei] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P-GigabitEthernet1/0/0] ip address 172.1.1.2 24
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
After the configuration is complete, OSPF neighbor relationships can be set up
between PE1, P, and PE2. Run the display ospf peer command. The command
output shows that the neighbor status is Full. Run the display ip routing-table
command. The command output shows that PEs have learned the routes to
Loopback1 of each other.
The information displayed on PE1 is used as an example.
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
-------------------------------------------------------------------------
-----
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interfac
e
1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack
1
2.2.2.9/32 OSPF 10 1 D 172.1.1.2 GigabitE
thernet3/0/0
3.3.3.9/32 OSPF 10 2 D 172.1.1.2 GigabitE
thernet3/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBa
ck0
ck0
ck0
172.1.1.0/24 Direct 0 0 D 172.1.1.1 GigabitE
thernet3/0/0
thernet3/0/0
thernet3/0/0
172.2.1.0/24 OSPF 10 2 D 172.1.1.2 GigabitE
thernet3/0/0
ck0
[PE1] display ospf peer
OSPF Process 1 with Router ID 1.1.1.9
Neighbors
Area 0.0.0.0 interface 172.1.1.1(GigabitEthernet3/0/0)'s neighbors
Router ID: 2.2.2.9 Address: 172.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:16:21
Authentication Sequence: [ 0 ]
2. Configure basic MPLS capabilities and MPLS LDP on the MPLS backbone
network to set up LDP LSPs.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# Configure P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
After the configuration is complete, LDP sessions can be set up between PE1 and
the P and between the P and PE2. Run the display mpls ldp session command. The
command output shows that the Status field is Operational. Run the display mpls
ldp lsp command. Information about the established LDP LSPs is displayed.
------------------------------------------------------------------------
------
------------------------------------------------------------------------
------
2.2.2.9:0 Operational DU Active 0000:00:01 6/6
------------------------------------------------------------------------
------
[PE1] display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------------
-------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterfa
ce
------------------------------------------------------------------------
-------
1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0

*1.1.1.9/32 Liberal/1024 DS/2.2.2.9
2.2.2.9/32 NULL/3 - 172.1.1.2 GE3/0/0

2.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 GE3/0/0

3.3.3.9/32 NULL/1025 - 172.1.1.2 GE3/0/0

3.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 GE3/0/0

------------------------------------------------------------------------
-------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established

A '*' before a Label means the USCB or DSCB is stale

A '*' before a UpstreamPeer means the session is stale

A '*' before a DS means the session is stale

A '*' before a NextHop means the LSP is FRR LSP
3. Configure packets sent from CEs to PEs carry a VLAN tag.
Here, the VLAN ID in packets sent by CE1 and CE3 is VLAN 10, and the VLAN
ID in packets sent by CE2 and CE4 is VLAN 20.
# Configure CE1.
[CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 255.255.255.0
# Configure CE2.
# Configure CE3.
# Configure CE4.
4. Configure VPN instances on PEs and bind the instances to the interfaces connected
to CEs.
# Configure PE1.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] ipv4-family
[PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE1-vpn-instance-vpna-af-ipv4] quit
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] ipv4-family
[PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE1-vpn-instance-vpnb] quit
[PE1-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna
[PE1-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[PE1-GigabitEthernet2/0/0.1] ip binding vpn-instance vpnb
# Configure PE2.
[PE2-vpn-instance-vpnb-af-ipv4] quit
After the configuration is complete, run the display ip vpn-instance verbose
command on the PEs to check the configuration of VPN instances. Each PE can
ping its connected CE.
NOTE:
If a PE has multiple interfaces bound to the same VPN instance, specify a source IP addresses by
setting -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-
ip-address command to ping the remote CE. If the source IP address is not specified, the ping
operation fails.
[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
VPN-Instance Name and ID : vpna, 1
Interfaces : GigabitEthernet1/0/0.1
Address family ipv4
Create date : 2012/07/25 00:58:17
Up time : 0 days, 22 hours, 24 minutes and 53 seconds
Route Distinguisher : 100:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label Policy : label per route
Log Interval : 5
VPN-Instance Name and ID : vpnb, 2
Address family ipv4
Create date : 2012/07/25 00:58:17
Log Interval : 5

[PE1] ping -vpn-instance vpna 10.1.1.1
0.00% packet loss
5. Set up an MP-IBGP peer relationship between the PEs.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] quit
After the configuration is complete, run the display bgp peer or display bgp vpnv4
all peer command on the PEs. The command output shows that BGP peer
relationships have been established between the PEs.
[PE1] display bgp peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State
PrefRcv
3.3.3.9 4 100 12 6 0 00:02:21 Establi
shed 0
[PE1] display bgp vpnv4 all peer
PrefRcv
3.3.3.9 4 100 12 18 0 00:09:38 Establish
ed 0
6. Set up EBGP peer relationships between the PEs and CEs and import VPN routes
into BGP.
# Configure CE1.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
NOTE:
The configuration on other CEs is similar to the configuration on CE1 and is not mentioned here.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
[PE1-bgp] quit
NOTE:
The configuration on PE2 is similar to the configuration on PE1 and is not mentioned here.
After the configuration is complete, run the display bgp vpnv4 vpn-instance peer
command on the PEs. The command output shows that BGP peer relationships have
been established between the PEs and CEs.
The peer relationship between PE1 and CE1 is used as an example.
[PE1] display bgp vpnv4 vpn-instance vpna peer



VPN-Instance vpna, Router ID 1.1.1.9:


Peer V AS MsgRcvd MsgSent OutQ Up/Down St
ate PrefRcv

10.1.1.1 4 65410 6 3 0 00:00:02 Establis
hed 4
Run the display ip routing-table vpn-instance command on the PEs to view the
routes to the remote CEs.
[PE1] display ip routing-table vpn-instance vpna
-------------------------------------------------------------------------
-----
Routing Tables: vpna
e

thernet1/0/0
thernet1/0/0
thernet1/0/0
10.3.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitE
thernet3/0/0
ck0
[PE1] display ip routing-table vpn-instance vpnb
-------------------------------------------------------------------------
-----
Routing Tables: vpnb
e
thernet2/0/0
thernet2/0/0
thernet2/0/0
10.4.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitE
thernet3/0/0
ck0
CEs in the same VPN can ping each other, whereas CEs in different VPNs cannot.
For example, CE1 can ping CE3 at 10.3.1.1 but cannot ping CE4 at 10.4.1.1.
[CE1] ping 10.3.1.1
0.00% packet loss
[CE1] ping 10.4.1.1
Request time out
Request time out
Request time out
Request time out
Request time out
100.00% packet loss
Configuration Files
#
sysname PE1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
#
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
#
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpna
import-route direct
#
ipv4-family vpn-instance vpnb
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
return
#
sysname PE2
#

ipv4-family
#

ipv4-family
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
#
ip address 10.3.1.2 255.255.255.0
#
#
ip address 10.4.1.2 255.255.255.0
#
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
import-route direct
#
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 172.2.1.0 0.0.0.255
#
return
#
sysname CE1
#
#
ip address 10.1.1.1 255.255.255.0
#
bgp 65410
#
ipv4-family unicast
import-route direct
peer 10.1.1.2 enable
#
return
#
sysname CE2
#
#
ip address 10.2.1.1 255.255.255.0
#
bgp 65420
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE3
#
#
ip address 10.3.1.1 255.255.255.0
#
bgp 65430
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE4
#
#
ip address 10.4.1.1 255.255.255.0
#
bgp 65440
#
ipv4-family unicast
import-route direct
#
return
1.7.6 Example for Configuring a Sub-interface
for QinQ VLAN Tag Termination to Access an
L3VPN Network
As shown in Figure 1, CE1 and CE3 belong to VPN-A and CE2 and CE4 belong to VPN-B.
The VPN target of VPN-A is 111:1, and VPN target of VPN-B is 222:2. Users in different
VPNs cannot communicate with each other.
Figure 1 Networking diagram for configuring a sub-interface for QinQ VLAN tag termination to
access an L3VPN network
1. Configure VPN instances on the PEs connecting to the CE on the backbone
network, bind the interfaces connected to CEs to the corresponding VPN instances,
and specify the IP address of the interfaces connected to the CE.
2. Configure OSPF on the PEs to implement interconnection between PEs.
3. Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs.
4. Configure the Multi-protocol Extensions for Interior Border Gateway Protocol (MP-
IBGP) on PEs to exchange VPN routing information.
5. Configure EBGP on CEs and PEs to exchange VPN routing information.
6. Configure QinQ sub-interfaces on the PE interfaces connected to CEs to connect the
QinQ sub-interfaces to the L3VPN network.
Procedure
1. Configure OSPF on the MPLS backbone network so that the PEs and Ps can
communicate with each other.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1] quit
# Configure P.
[Huawei] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1] quit
After the configuration is complete, OSPF neighbor relationships can be set up
between PE1, P, and PE2. Run the display ospf peer command. The command
output shows that the neighbor status is Full. Run the display ip routing-table
command. The command output shows that PEs have learned the routes to
Loopback1 of each other.
[PE1] display ip routing-table
-------------------------------------------------------------------------
-----
Routing Tables: Public
e
1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack
1
2.2.2.9/32 OSPF 10 1 D 172.1.1.2 GigabitE
thernet3/0/0
3.3.3.9/32 OSPF 10 2 D 172.1.1.2 GigabitE
thernet3/0/0
ck0
ck0
ck0
thernet3/0/0
thernet3/0/0
thernet3/0/0
172.2.1.0/24 OSPF 10 2 D 172.1.1.2 GigabitE
thernet3/0/0
ck0
[PE1] display ospf peer
OSPF Process 1 with Router ID 1.1.1.9
Neighbors
Area 0.0.0.0 interface 172.1.1.1(GigabitEthernet3/0/0)'s neighbors
Router ID: 2.2.2.9 Address: 172.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0
Dead timer due in 37 sec
Retrans timer interval: 5
Neighbor is up for 00:16:21
Authentication Sequence: [ 0 ]
2. Configure basic MPLS capabilities and MPLS LDP on the MPLS backbone
network to set up LDP LSPs.
# Configure PE1.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# Configure P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
After the configuration is complete, LDP sessions can be set up between PE1 and
the P and between the P and PE2. Run the display mpls ldp session command. The
command output shows that the Status field is Operational. Run the display mpls
ldp lsp command. Information about the established LDP LSPs is displayed.
------------------------------------------------------------------------
------
------------------------------------------------------------------------
------
2.2.2.9:0 Operational DU Active 0000:00:01 6/6
------------------------------------------------------------------------
------
[PE1] display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------------
-------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterfa
ce
------------------------------------------------------------------------
-------
1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0

*1.1.1.9/32 Liberal/1024 DS/2.2.2.9
2.2.2.9/32 NULL/3 - 172.1.1.2 GE3/0/0

2.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 GE3/0/0

3.3.3.9/32 NULL/1025 - 172.1.1.2 GE3/0/0

3.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 GE3/0/0

------------------------------------------------------------------------
-------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established

A '*' before a Label means the USCB or DSCB is stale

A '*' before a UpstreamPeer means the session is stale

A '*' before a DS means the session is stale

A '*' before a NextHop means the LSP is FRR LSP
3. Configure the CE to send double-tagged packets to the PE.
Here, the inner VLAN ID in packets sent by CE1 and CE3 is VLAN 10, and outer
VLAN ID is VLAN 100; the inner VLAN ID in packets sent by CE2 and CE4 is
VLAN 20, and outer VLAN ID is VLAN 200.
# Configure CE1.
# Configure CE2.
# Configure CE3.
# Configure CE4.
4. Configure VPN instances on PEs and bind the instances to the interfaces connected
to CEs.
# Configure PE1.
# Configure PE2.
[PE2-vpn-instance-vpnb-af-ipv4] quit
After the configuration is complete, run the display ip vpn-instance verbose
command on the PEs to check the configuration of VPN instances. Each PE can
ping its connected CE.
NOTE:
If a PE has multiple interfaces bound to the same VPN instance, specify a source IP addresses by
setting -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-
ip-address command to ping the remote CE. If the source IP address is not specified, the ping
operation fails.
[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
VPN-Instance Name and ID : vpna, 1
Address family ipv4
Create date : 2012/07/25 00:58:17
Log Interval : 5
VPN-Instance Name and ID : vpnb, 2
Address family ipv4
Create date : 2012/07/25 00:58:17
Log Interval : 5

[PE1] ping -vpn-instance vpna 10.1.1.1
0.00% packet loss
5. Set up an MP-IBGP peer relationship between the PEs.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] quit
After the configuration is complete, run the display bgp peer or display bgp vpnv4
all peer command on the PEs. The command output shows that BGP peer
relationships have been established between the PEs.
[PE1] display bgp peer
PrefRcv
3.3.3.9 4 100 12 6 0 00:02:21 Establi
shed 0
[PE1] display bgp vpnv4 all peer
PrefRcv
3.3.3.9 4 100 12 18 0 00:09:38 Establish
ed 0
6. Set up EBGP peer relationships between the PEs and CEs and import VPN routes
into BGP.
# Configure CE1.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
NOTE:
The configuration on other CEs is similar to the configuration on CE1 and is not mentioned here.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
[PE1-bgp] quit
NOTE:
The configuration on PE2 is similar to the configuration on PE1 and is not mentioned here.
After the configuration is complete, run the display bgp vpnv4 vpn-instance peer
command on the PEs. The command output shows that BGP peer relationships have
been established between the PEs and CEs.
The peer relationship between PE1 and CE1 is used as an example.
[PE1] display bgp vpnv4 vpn-instance vpna peer



VPN-Instance vpna, Router ID 1.1.1.9:


Peer V AS MsgRcvd MsgSent OutQ Up/Down St
ate PrefRcv

10.1.1.1 4 65410 6 3 0 00:00:02 Establis
hed 4
Run the display ip routing-table vpn-instance command on the PEs to view the
routes to the remote CEs.
[PE1] display ip routing-table vpn-instance vpna
-------------------------------------------------------------------------
-----
Routing Tables: vpna
e

thernet1/0/0
thernet1/0/0
thernet1/0/0
10.3.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitE
thernet3/0/0
ck0
[PE1] display ip routing-table vpn-instance vpnb
-------------------------------------------------------------------------
-----
Routing Tables: vpnb
e
thernet2/0/0
thernet2/0/0
thernet2/0/0
10.4.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitE
thernet3/0/0
ck0
CEs in the same VPN can ping each other, whereas CEs in different VPNs cannot.
For example, CE1 can ping CE3 at 10.3.1.1 but cannot ping CE4 at 10.4.1.1.
[CE1] ping 10.3.1.1
0.00% packet loss
[CE1] ping 10.4.1.1
Request time out
Request time out
Request time out
Request time out
Request time out
100.00% packet loss
Configuration Files
#
sysname PE1
#
ipv4-family
#
ipv4-family
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
#
ip address 10.1.1.2 255.255.255.0
#
#
ip address 10.2.1.2 255.255.255.0
#
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
import-route direct
#
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
return
#
sysname PE2
#

ipv4-family
#

ipv4-family
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
#
ip address 10.3.1.2 255.255.255.0
#
#
ip address 10.4.1.2 255.255.255.0
#
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
import-route direct
#
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 172.2.1.0 0.0.0.255
#
return
#
sysname CE1
#
#
ip address 10.1.1.1 255.255.255.0
#
bgp 65410
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE2
#
#
ip address 10.2.1.1 255.255.255.0
#
bgp 65420
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE3
#
#
ip address 10.3.1.1 255.255.255.0
#
bgp 65430
#
ipv4-family unicast
import-route direct
#
return
#
sysname CE4
#
#
ip address 10.4.1.1 255.255.255.0
#
bgp 65440
#
ipv4-family unicast
import-route direct
#
return
1.8 References
This section describes references of QinQ.
The references of this feature are as follows:
Document Description Remarks
IEEE 802.1Q IEEE standard for local and metropolitan area
networks: Virtual Bridged Local Area Networks
-
IEEE 802.1ad IEEE 802.1ad, "Virtual Bridged Local Area
Networks: Provider Bridges"
-

QinQ Configuration PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

QinQ Configuration PDF

Загружено:

Авторское право:

Доступные форматы

1/10/2014 QinQ Configuration

Вам также может понравиться