Академический Документы
Профессиональный Документы
Культура Документы
V600R005C00
Issue 03
Date 2014-10-20
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Intended Audience
This document describes the principle, data planning, and procedure for configuring services in
the ATN+CX mobile broadband IDEAL (Seamless MPLS) solution.
This document uses the CX600 as an example. The configurations also apply to the
NetEngine40E (NE40E).
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in previous issues.
Issue 03(2014-10-20)
This issue is the third official release.
Updates include:
l Added description about change of MED values in sections 6.1.1 MPLS Tunnel
Deployment Solution, 6.2.1 Tunnel Deployment Solution, 8.1.1 E2E Ethernet Service
Deployment Solution, and 8.2.1 E2E Ethernet Service Deployment Solution.
l Added description about routing policies in sections 6.1.3 Configuring BGP LSPs and
6.2.3 Configuring BGP LSPs.
Issue 02 (2014-06-09)
This issue is the second official release.
Updates include:
l Modified the example loopback interface of a CSG in 7.1.1 Deploying Public DCN Using
IS-IS (U2000 Connected to the IPCore Network).
l Modified "apply tag 20000" into "apply tag 2000" for the routing policy with the name of
"2000" on an ASBR at the aggregation layer in 7.1.1 Deploying Public DCN Using IS-IS
(U2000 Connected to the IPCore Network).
Issue 01 (2014-04-30)
This issue is the first official release.
Contents
2 Introduction..................................................................................................................................11
3 Basic Configurations...................................................................................................................12
3.1 Configuring Device Information..................................................................................................................................13
3.2 Configuring User Interfaces.........................................................................................................................................13
3.3 Configuring AAA Users...............................................................................................................................................14
3.4 Configuring SNMP.......................................................................................................................................................16
3.5 Configuring Global BFD..............................................................................................................................................16
4 Configuring IGP..........................................................................................................................17
4.1 Configuring IS-IS.........................................................................................................................................................18
4.1.1 IS-IS Deployment Solution.......................................................................................................................................18
4.1.2 Configuration Principle.............................................................................................................................................19
4.1.3 Data Planning............................................................................................................................................................21
4.1.4 Configuring Basic IS-IS Functions and BFD for IGP...............................................................................................24
7 Deploying DCN...........................................................................................................................97
7.1 Deployment of a Public DCN.......................................................................................................................................98
7.1.1 Deploying Public DCN Using IS-IS (U2000 Connected to the IPCore Network)....................................................98
7.2 Deploying a DCN VRF Solution................................................................................................................................112
7.2.1 Deploying the DCN Automatically Available Solution (U2000 Connected to the IPCore Network)....................112
7.2.2 Deploying DCN VRF for a Large Network (U2000 Connected to the IPCore Network)......................................118
10 Deploying Clocks....................................................................................................................258
10.1 Configuration Roadmap...........................................................................................................................................259
11 Configuration Files.................................................................................................................261
11.1 Basic Configuration Files.........................................................................................................................................262
11.1.1 Basic Configuration Files (Deployed IGP in ISIS mode).....................................................................................262
11.1.1.1 CSG1 Configuration File....................................................................................................................................263
11.1.1.2 ASG3 Configuration File....................................................................................................................................266
11.1.1.3 ASG4 Configuration File....................................................................................................................................270
11.1.1.4 (Aggregation layer) ASBR1 Configuration File................................................................................................275
11.1.1.5 (Aggregation Layer) ASBR2 Configuration File...............................................................................................279
11.1.1.6 (Core Layer) ASBR3 Configuration File...........................................................................................................283
11.1.1.7 (Core Layer) ASBR4 Configuration File...........................................................................................................287
11.1.1.8 (Core Layer) RR3 Configuration File................................................................................................................291
11.1.1.9 (Core Layer) RR4 Configuration File................................................................................................................291
11.1.1.10 MASG1 Configuration File..............................................................................................................................292
11.1.1.11 MASG2 Configuration File..............................................................................................................................296
11.1.2 BGP LSP Configuration File (HVPN+Labeled BGP)..........................................................................................300
11.1.2.1 CSG1 Configuration File....................................................................................................................................301
11.1.2.2 ASG3 Configuration File....................................................................................................................................301
11.1.2.3 ASG4 Configuration File....................................................................................................................................302
11.1.2.4 (Aggregation Layer) RR1 Configuration File....................................................................................................303
11.1.2.5 (Aggregation Layer) RR2 Configuration File....................................................................................................303
11.1.2.6 (Aggregation Layer) ASBR1 Configuration File...............................................................................................304
11.1.2.7 (Aggregation Layer) ASBR2 Configuration File...............................................................................................305
11.1.2.8 (Core Layer) ASBR3 Configuration File...........................................................................................................306
11.1.2.9 (Core Layer) ASBR4 Configuration File...........................................................................................................307
11.1.2.10 (Core Layer) RR3 Configuration File..............................................................................................................308
11.1.2.11 (Core Layer) RR4 Configuration File..............................................................................................................309
11.1.2.12 MASG1 Configuration File..............................................................................................................................309
11.1.2.13 MASG2 Configuration File..............................................................................................................................310
11.1.3 BGP LSP Configuration File (Labeled BGP to Edge)..........................................................................................310
11.1.3.1 CSG1 Configuration File....................................................................................................................................311
11.1.3.2 ASG3 Configuration File....................................................................................................................................312
11.1.3.3 ASG4 Configuration File....................................................................................................................................313
11.1.3.4 (Aggregation Layer) RR1 Configuration File....................................................................................................314
11.1.3.5 (Aggregation Layer) RR2 Configuration File....................................................................................................315
11.1.3.6 (Aggregation Layer) ASBR1 Configuration File...............................................................................................316
11.1.3.7 (Aggregation Layer) ASBR2 Configuration File...............................................................................................317
1 Networking Requirements
Service Requirements
In the LTE architecture, there is no RNC. The positions of ePCs (MMEs or SGWs) are higher
than those of BSCs or RNCs. An ePC (MME/SGW) and the SGSN/GGSN of a GSM/UMTS
network belong to the core layer on a wireless network. Normally, they are deployed in the same
equipment room. Therefore, LTE services need to be transmitted across ASs/domains (IPRAN
and IPCore networks). Inter-AS/domain services are the basic drive for inter-AS/domain
streamlining.
Fixed Mobile Convergence (FMC) is a trend of wireless service bearer. More and more private
line and private network services need to be transmitted across metropolitan area networks. In
the private line and private network services, enterprise services are the most important services,
which include:
l P2P L2 enterprise services
l MP2MP L2 enterprise services
l L3 enterprise services
With deployment of an IPRAN, base stations are easy to be homed to base station controllers,
and more options are available for carriers to plan their networks and share resources. RNCs
generally belong to the core layer or other RANs (namely, remote RNC scenarios).
Solution Overview
The IDEAL solution supports E2E MPLS (Seamless MPLS), which eliminates boundaries
between ASs by opening and expanding the original topologies. This solution can significantly
decreases the workload on cooperation and negotiation between network layers during service
deployment, so that carriers can quickly deploy services at lower cost.
The core layer (IPCore) and the aggregation+access layers (IPRAN) belong to different ASs.
Currently, this networking is adopted by most carriers. This manual will mainly use this scenario
as an example. If the core, aggregation, and access layers belong to the same AS, refer to the
HVPN solution.
AS y AS x
eNodeB CSGAccesss layer ASG Aggregation layer ASBR 1 ASBR 3 Core layer MASG
IGP domain IGP domian IGP domain
SGW/MME
NOTE
Mobile Aggregation Site Gateway (MASG) is named in TR-221: Technical Specifications for MPLS in
Mobile Backhaul Networks.
l Sub-solution 2: Labeled BGP to Edge (E2E L3VPN): RFC 3107 (Option C) is configured
for CSGs to deploy host routes between CSGs and MASGs. E2E L3VPN is deployed at
the service layer.
AS y AS x
eNodeB CSG Access layer ASG Aggregation layer ASBR 1 ASBR 3 Core layer MASG
IGP domain IGP domain IGP domian
SGW/MME
Table 1-1 Mapping between solution versions and equipment models and versions
CX600-X3/X8 V600R008C00
Aggregation Node (ASG)
NE40E-X3/X8 V600R008C00
ATN 905/910/910B/910I/
950/950B
Cell Site Gateway (CSG) NOTE V200R003C10
ATN 905s are subordinate to
CSGs.
Network Management
iManager U2000 V200R001C00
System (NMS)
Network Topology
Create a network based on the topology, set NE names and NE IP addresses, and configure
service interfaces and user interfaces, as shown in Figure 1-3 and Figure 1-4.
AS 100 AS 200
Access Aggregation Core
RR1 RR3
Eth-Trunk 1
GE0/2/17 GE2/0/1 SGW/MME
GE1/0/0 GE2/0/1
GE1/1/2 GE1/0/0 GE1/0/0 GE1/0/0
GE2/1/0 GE1/0/1 GE1/0/1
GE0/2/16
CSG2 ASG4 ASBR2 ASBR4 MASG2
RR2
RR4
10.9.10.0/30
10.1.2.0/30
10.3.4.0/30
10.5.6.0/30
10.7.8.0/30
10.2.4.0/30 10.4.6.0/30
10.6.8.0/30 10.8.10.0/30
2.2.2.2/32 4.4.4.4/32 6.6.6.6/32 8.8.8.8/32 10.10.10.10/32
12.12.12.12//32 14.14.14.14//32
NOTE
l The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
l RRs are mainly used to set up BGP connection with other routers and to reflect BGP routes. The physical
connections to RRs are diversified. Therefore:
l In this document, only the network positions and loopback0 interface addresses of RRs are
provided. The physical connections, interface addresses, and physical addresses of RRs are not
described in details.
l This document only provides the BGP configuration of RRs. The basic configuration and IGP
configuration of RRs are not described.
2 Introduction
In this configuration guide, AS 100 and AS 200 are used as examples to describe how to configure
the HVPN+Labeled BGP and Labeled BGP to Edge sub-solutions of the IDEAL solution.
3 Basic Configurations
For HVPN+Labeled BGP solution and Labeled BGP to Edge solution, configuration is the same.
Data Planning
NOTE
Set parameter values based on the network conditions such as the network dimensioning and network
topology. The following parameter values are recommended ones in this example and only for reference.
Device information includes site names, device models, device roles, and device numbers. Each
device is named in the format of AA-BB-CC.
NOTE
Device roles are used to simplify description. For example, CSG1 stands for ATN910-AA-001. For details,
see "Network Topology" and "Data Planning" in "Service Requirements and Networking".
Configuration Procedure
sysname ATN910-AA-001
Data Planning
NOTE
Set parameter values based on the network conditions such as the network dimensioning and network
topology. The following parameter values are recommended ones in this example and only for reference.
Configuration Procedure
1. Set the maximum number of VTY user interfaces.
user-interface maximum-vty 15 //Set the maximum number of VTY user interfaces.
Data Planning
NOTE
Set parameter values based on the network conditions such as the network dimensioning and network
topology. The following parameter values are recommended ones in this example and only for reference.
Password Changeme_123 -
Configuration Procedure
Configure SSH as the login method for the AAA user.
#
undo nap slave enable
NOTE
Requirements on user names and passwords for ATN products:
l If user-security-policy command has been executed, a local user name has 1-253 characters.
Otherwise, a local user name has 6-253 characters.
l Requirements on passwords:
l A password must have eight characters at least.
l A password must contain digits, upper-case and lower-case letters, and special characters
(excluding question mark ? and spaces).
l The password cannot be the same as the user name or the user name inverted.
Enable the global BFD function on CSGs, ASGs, ASBRs and MASGs. The following
configuration uses CSG1 as an example.
bfd
4 Configuring IGP
Interior Gateway Protocol (IGP) can be deployed in two modes: IS-IS multi-processes and OSPF
multi-areas. This document uses the IS-IS multi-processes as an example. For HVPN+Labeled
BGP solution and Labeled BGP to Edge solution, IGP configuration is the same.
Cost 2000
Cost 25
Cost 10
IS-IS 1000
Cost 10
Cost 25
L2 L2 L2
SGW/MME
Use the following principles to configure IS-IS multi-process for the access layer and the
aggregation layer:
1. IS-IS process
l Enable IS-IS for routers in the access ring and configure IS-IS process 1 to advertise
Level-2 routes.
l Enable IS-IS for routers in the aggregation ring and configure IS-IS process 100 to
advertise Level-2 routes.
2. Setting of the cost ensures that routes on the local access ring or the local aggregation ring
are preferred for forwarding IP signaling packets and that IP signaling packets are not
looped through routes between ASGs or ASBRs.
l The cost of an access-layer link is 100. The cost of an aggregation-layer link (including
P devices) is 10. It is recommended that the cost be set to 50 for 1 Gbit/s links, 10 for
10 Gbit/s links, 2 for 40 Gbit/s links, and 1 for 100 Gbit/s links if links of these rates
coexist.
l An AS consists of multiple levels of rings. The cost value of a link on a lower level ring
must be higher than the total cost value of all links on an upper level ring. For example,
in Figure 4-1, the minimum cost value of a link on an access ring is 100, which is greater
that the total cost value (55) of all links on the aggregation ring. Rings in different AS
do not comply with this principle.
l Cost value of the link between the main and standby ASGs of an access ring is 2000,
which is greater than the total cost value of the other links on the ring, so that tunnels
from the CSG to the main and standby ASGs do not share the same path.
l The value cost of the link between the two ASBRs (on the aggregation ring side)
complies with the following principle: (n-1)*10 < cost < n*10, in which n (between
ASBRs) equals to the total number of links on the aggregation ring except for the link
between ASBRs. For example, in Figure 4-1, the cost value of the link between ASBRs
is 25, complying with: (3-1)*10 < 25 < 3*10.
NOTE
The number 10 is the cost vlaue of the links on the aggregation ring (excluding the links between
ASBRs) and is only for reference. Set parameter values based on the network conditions such as the
network dimensioning and network topology.
Use the following principles to configure IS-IS multi-process for the core layer:
1. Enable IS-IS for routers in the access ring and configure IS-IS process 1000 to advertise
Level-2 routes.
2. The value cost of the link between the two MASGs complies with the following principle:
(n-1)*10 < cost < n*10, in which n (between MASGs) equals to the total number of links
on the core ring except for the link between MASGs. For example, in Figure 4-1, the cost
value of the link between MASGs is 25, complying with: (3-1)*10 < 25 < 3*10.
NOTE
The number 10 is the cost vlaue of the links on the core ring (excluding the links between MASGs) and
is only for reference. Set parameter values based on the network conditions such as the network
dimensioning and network topology.
l Enable IS-IS for routers in the core area and configure IS-IS process 1000 to advertise
Level-2 routes.
l Enable NSR on routers in the aggregation area.
l Configure interface IP addresses and loopback interface addresses for devices
l Enable IS-IS and set the cost value for all interfaces
l Deploy BFD for IS-IS network-wide to accelerate IS-IS convergence.
NOTE
Set parameter values based on the network conditions such as the network dimensioning and network
topology. The following parameter values are recommended ones in this example and only for reference.
isis cost l The cost of links on the Link costs are specified for
access ring except links SPF calculation.
between ASGs is set to
100.
l The cost of links between
ASGs on the access ring
is set to 2000.
l The cost of links between
ASBRs on the
aggregation ring is set to
25 and the cost of other
links on the aggregation
ring is set to 10.
l The cost of links between
MASGs on the core ring
is set to 25 and the cost of
other links on the core
ring is set to 10.
NOTE
CSGs use ATN devices. ATN devices enable NSR by default.
l Enable IS-IS globally.
isis 1
is-level level-2 //Configure the device as a Level-2 router.
cost-style wide //Set the cost style of the received and sent IS-IS routes to
wide.
timer lsp-generation 1 50 50 level-2 //Set the delay in generating LSPs.
flash-flood level-2 //Enable LSP fast flooding to accelerate IS-IS network
convergence.
bfd all-interfaces enable //Configure BFD for IS-IS.
bfd all-interfaces min-tx-interval 100 min-rx-interval 100 //Configure the
BFD detection period as 100 ms.
network-entity 49.0001.0010.0100.1001.00 //Configure NET.
is-name CSG1 //Configure a dynamic host name for IS-IS processes.
timer spf 1 50 50 //Configure the delay in route computation using SPF.
traffic-eng level-2 //Enable IS-IS TE.
log-peer-change //Turn on the IS-IS peer state change output switch and write
the IS-IS peer state change in the log.
set-overload on-startup //Set IS-IS processes to be in the overload state when
IS-IS processes start up.
NOTE
The configurations of the other CSGs are similar to those of the CSG1 and are not mentioned here.
#
isis 100 //Configure an IS-IS process on the aggregation ring.
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0002.0030.0300.3003.00
is-name ASG3
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
#interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
l Configure a routing policy to advertise the Loopback0 route of ASG to the access area.
– Configure the ip-prefix list.
ip ip-prefix loopback0 index 10 permit 3.3.3.3 32
NOTE
The configurations of the master ASG (ASG3) are similar to those of the slave ASG (ASG4) and are not
mentioned here.
is-name ASBR1
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
NOTE
If the links between ASBRs are GE interfaces that work in full duplex mode or 10GE interfaces that do
not support 802.3ae, configure BFD for the interfaces on the links between ASBRs in the aggregation
layer and ASBRs in the core layer.
#
bfd link_01 bind peer-ip default-ip interface Gigabitethernet 1/0/1
discriminator local 507
discriminator remote 705
min-tx-interval 10
min-rx-interval 10
process-pst
process-interface-status
commit
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
interface GigabitEthernet2/0/1
isis enable 100
isis cost 25
interface LoopBack0
isis enable 100
NOTE
The configurations of the slave ASBR (ASBR2) are similar to those of the master ASBR (ASBR1) and are
not mentioned here.
NOTE
If the links between ASBRs are GE interfaces that work in full duplex mode or 10GE interfaces that do
not support 802.3ae, configure BFD for the interfaces on the links between ASBRs in the aggregation
layer and ASBRs in the core layer.
#
bfd link_01 bind peer-ip default-ip interface Gigabitethernet 1/0/0
discriminator local 705
discriminator remote 507
min-tx-interval 10
min-rx-interval 10
process-pst
process-interface-status
commit
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
NOTE
The configurations of the slave ASBR (ASBR4) are similar to those of the master ASBR (ASBR3) and are
not mentioned here.
NOTE
The configurations of the slave MASG (MASG2) are similar to those of the master MASG (MASG1) and
are not mentioned here.
This topic describes how to deploy MPLS and create MPLS tunnels to bear services. Configuring
both TE tunnels and LDP LSPs to bear services is recommended in this solution. End-to-end
services are carried over TE tunnels, and local switching services are carried over LDP LSPs.
For IDEAL solution, in the same AS, the outer tunnel is MPLS TE or LDP tunnel; There is no
outer MPLS TE or LDP tunnel between the ASBRs connecting different ASs.
1 2
4
7
3
E
5
C 6
Working Tunnel
Backup Tunnel
NOTE
Interfaces A through E in the preceding figure are constrained interfaces of TE tunnels 1 through 7.
TE1 A Loose
TE2 B Loose
TE3 C Loose
TE4 B Loose
TE5 D Loose
TE6 D Loose
TE7 E Strict
RSVP-TE is deployed network-wide, with IGP fast convergence and network-wide deployment
of BFD for IGP. to accelerate node protection.
l Configure loose explicit paths for MPLS TE tunnels.
l Configure hot standby for MPLS TE tunnel protection.
l Enable IGP fast convergence.
l Configure BFD FOR TE-LSP and BFD for TE on the access and aggregation rings. (BFD
FOR TE-LSP and BFD for TE needn't to be configured on the tunnel between ASGs and
the tunnel between ASBRs in the aggregation layer.)
l For the TE tunnel between an ASBR pair (TE7 in this example), configure a strictly
constrained interface for both the upstream and downstream directions only of the primary
LSP. In this example, configure the strictly constrained interface E for both the upstream
and downstream directions only of the primary LSP of TE tunnel 7.
1 2
4
7
3
5 E
C 6
Working Tunnel
Backup Tunnel
Basic LDP LSP configurations are performed, with IGP fast convergence to accelerate node
protection. And deployment of BFD for IGP on the access ring.
l Enable IGP fast convergence.
l BFD FOR LDP LSP is not required on the access and aggregation rings.
l Configure LDP-IGP synchronization to ensure synchronous revertive switching.
l Set prefix-priority to high for all host routes identified by LSR-IDs if LSP convergence is
too slow. This configuration is optional and not needed in most cases.
Core
ASBR3 I MASG1
10
12 13
F 9 H
11
ASBR4 G MASG2
Working Tunnel
Backup Tunnel
NOTE
Interfaces F through I in the preceding figure are constrained interfaces of TE tunnels 8 through 13.
TE8 I Loose
TE9 G Loose
TE10 I Loose
TE11 G Loose
TE12 F Strict
TE13 H Strict
RSVP-TE is deployed network-wide, with IGP fast convergence and network-wide deployment
of BFD for IGP. to accelerate node protection.
l Configure loose explicit paths for MPLS TE tunnels.
l Configure hot standby for MPLS TE tunnel protection.
l Enable IGP fast convergence.
l Configure BFD FOR TE-LSP and BFD for TE. (BFD FOR TE-LSP and BFD for TE needn't
to be configured on the tunnel between MASGs and the tunnel between ASBRs in the core
layer.)
l For the TE tunnel between an ASBR pair (TE12 and TE13in this example), configure a
strictly constrained interface for both the upstream and downstream directions only of the
primary LSP. In this example, configure the strictly constrained interface E for both the
upstream and downstream directions only of the primary LSP of TE tunnel 12 adn TE
tunnel13.
Core
ASBR3 MASG1
ASBR4 MASG2
Basic LDP LSP configurations are performed, with IGP fast convergence to accelerate node
protection.
l Enable IGP fast convergence.
l Configure LDP-IGP synchronization to ensure synchronous revertive switching.
l Set prefix-priority to high for all host routes identified by LSR-IDs if LSP convergence is
too slow. This configuration is optional and not needed in most cases.
Figure 5-5 Flowchart for configuring both MPLS TE tunnels and LDP LSPs to carry services
NOTE
Set parameter values based on the network conditions such as the network dimensioning and network topology.
The following parameter values are recommended ones in this example and only for reference.
MPLS label allocation mode non-null The ATN device at the egress
allocates the non-null label to
the penultimate hop.
Therefore, run this command
on the CX to ensure that the
ATN interconnects to the CX
device by using MPLS.
RSVP-TE Hello mechanism mpls rsvp-te hello Enable the RSVP-TE Hello
mechanism.
BFD for RSVP-TE mpls rsvp-te bfd all- Enable MPLS RSVP-TE
interfaces enable BFD.
Name of a tunnel interface Tunnel ID: interface Tunnel Create a tunnel interface.
0/0/XY
XY: device numbers for the
source and destination nodes
BFD for TE-LSP bfd bind mpls-te interface Configure BFD detection and
Tunnel0/0/XY te-lsp the active LSP bound to the
Local discriminator: active VPN tunnel.
discriminator local Set the local discriminator
Remote discriminator: and the remote discriminator
discriminator remote to the same value. For ATNs,
Set the BFD period to 10 ms: the value range of a local
min-tx-interval 10 , min-rx- discriminator is 1 to 255. For
interval 10. CX600s, the value range of a
local discriminator is 1 to
Modify the port status table 8191.
(PST): process-pst.
Set the minimum interval at
Commit the configurations: which BFD packets are sent
commit. as required. Detection period
= Detection multiplier x
Interval at which BFD
packets are sent (3 x 10 ms)
Allow the BFD session to
change the PST to speed up
the switching.
BFD for TE bfd bind mpls-te interface Configure the active VPN
Tunnel0/0/XY tunnel used for BFD.
Local discriminator: Set the local discriminator
discriminator local and the remote discriminator
Remote discriminator: to the same value. For ATNs,
discriminator remote the value range of a local
Set the BFD period to 50 ms: discriminator is 1 to 255. For
min-tx-interval 50 , min-rx- CX600s, the value range of a
interval 50. local discriminator is 1 to
8191.
Modify the PST: process-
pst. Set the minimum interval at
which BFD packets are sent
Commit the configurations: as required. Detection period
commit. = Detection multiplier x
Interval at which BFD
packets are sent (3 x 50 ms)
Allow the BFD session to
change the PST to speed up
the switching.
interface GigabitEthernet1/0/0
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
interface GigabitEthernet1/0/0.1
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
interface GigabitEthernet2/0/1
mpls
mpls ldp
interface GigabitEthernet1/0/1
mpls
mpls ldp
interface GigabitEthernet2/0/1
mpls
mpls ldp
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
1.1.1.1:0 Operational DU Active 0002:22:59
17038/17042
4.4.4.4:0 Operational DU Passive 0000:18:11 4365/4364
5.5.5.5:0 Operational DU Passive 0003:05:11
18525/18525
------------------------------------------------------------------------------
TOTAL: 3 session(s) Found.
mpls te record-route
label
mpls te path explicit-path
main_3to1
mpls te backup hot-standby mode revertive wtr
60
mpls te backup hot-standby overlap-
path
mpls te
reoptimization
mpls te
commit
#
interface Tunnel0/0/35
ip address unnumbered interface
LoopBack0
tunnel-protocol mpls
te
destination 5.5.5.5
mpls te tunnel-id 35
mpls te record-route
label
mpls te path explicit-path
main_3to5
mpls te backup hot-standby mode revertive wtr
60
mpls te backup hot-standby overlap-
path
mpls te
reoptimization
mpls te
commit
#
interface
Tunnel0/0/36
ip address unnumbered interface
LoopBack0
tunnel-protocol mpls
te
destination 6.6.6.6
mpls te tunnel-id
36
mpls te record-route
label
mpls te path explicit-path
main_3to6
mpls te backup hot-standby mode revertive wtr
60
mpls te backup hot-standby overlap-
path
mpls te
reoptimization
mpls te
commit
#
NOTE
The configurations of the slave ASG (ASG4) are similar to those of the master ASG (ASG3) and are not
mentioned here.
NOTE
Enable MPLS function on the interfaces between ASBR1 and ASBR3. Enable MPLS function on the
interfaces between ASBR2 and ASBR4.
4. Configure explicit paths.
explicit-path main_5to3 //Specify the primary CR-LSP that is from ASBR1 to
ASG3.
next hop 10.3.5.2 include loose //Set the next hop of the LSP to the IP address
of the interface that connects the master ASBR and the left side of the
aggregation ring.
//The path constraint mode is loose
constraint.
explicit-path main_5to4 //Specify the primary CR-LSP that is from ASBR1 to
ASG4.
next hop 10.3.5.2 include loose //Set the next hop of the LSP to the IP address
of the interface that connects the master ASBR and the left side of the
aggregation ring.
//The path constraint mode is loose
constraint.
explicit-path main_5to6 //Specify the primary CR-LSP that is from ASBR1 to
ASBR2.
next hop 10.5.6.2 include strict //Set the next hop of the LSP to the IP
address of the interface that connects the slave ASBR and the master ASBR.
//The path constraint mode is strict
constraint.
path
mpls te
reoptimization
mpls te
commit
#
NOTE
The configurations of the slave ASBR (ASBR2) are similar to those of the master ASBR (ASBR1) and are not
mentioned here.
NOTE
Enable MPLS function on the interfaces between ASBR1 and ASBR3. Enable MPLS function on the
interfaces between ASBR2 and ASBR4.
4. Configure explicit paths.
explicit-path main_7to9 //Specify the primary CR-LSP that is from ASBR3 to
MASG1.
next hop 10.7.9.2 include loose //Set the next hop of the LSP to the IP address
of the interface that connects the master MASG and the left side of the core
ring.
//The path constraint mode is loose
constraint.
explicit-path main_7to10 //Specify the primary CR-LSP that is from ASBR3 to
MASG2.
next hop 10.8.10.2 include loose //Set the next hop of the LSP to the IP
address of the interface that connects the slave MASG and the left side of the
core ring.
//The path constraint mode is loose
constraint.
explicit-path main_7to8 //Specify the primary CR-LSP that is from ASBR3 to
ASBR4.
next hop 10.7.8.2 include strict //Set the next hop of the LSP to the IP
address of the interface that connects the slave ASBR and the master ASBR.
//The path constraint mode is strict
constraint.
NOTE
The configurations of the slave ASBR (ASBR4) are similar to those of the master ASBR (ASBR3) and are not
mentioned here.
mpls rsvp-te
mpls rsvp-te hello
interface Eth-Trunk1.1
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls te
reoptimization
mpls te
commit
#
interface
Tunnel0/0/910
ip address unnumbered interface
LoopBack0
tunnel-protocol mpls
te
destination
10.10.10.10
mpls te tunnel-id
910
mpls te record-route
label
mpls te path explicit-path
main_9to10
mpls te backup hot-standby mode revertive wtr
60
mpls te backup hot-standby overlap-
path
mpls te
reoptimization
mpls te
commit
#
NOTE
The configuration of the slave MASG (MASG2) is similar to that of the master MASG (MASG1) and are not
mentioned here.
l Run the tracert lsp te Tunnel command to check the forwarding paths of LSPs.
l Run the display mpls te tunnel-interface Tunnel x/x/x command to check the tunnel
interface information on the local node.
NOTE
The configurations of the slave ASG (ASG4) are similar to those of the master ASG (ASG3) and are not
mentioned here.
bfd LSP53 bind mpls-te interface Tunnel0/0/53 te-lsp //Use the static BFD to detect
the status of the primary LSP of the tunnel 0/0/53.
discriminator local 1053
discriminator remote 1035
min-tx-interval 10
min-rx-interval 10
process-pst
commit
bfd LSP54 bind mpls-te interface Tunnel0/0/54 te-lsp //Use the static BFD to detect
the status of the primary LSP of the tunnel 0/0/54.
discriminator local 1054
discriminator remote 1045
min-tx-interval 10
min-rx-interval 10
process-pst
commit
NOTE
The configurations of the slave ASBR (ASBR2) are similar to those of the master ASBR (ASBR1) and are not
mentioned here.
NOTE
The configurations of the slave ASBR (ASBR4) are similar to those of the master ASBR (ASBR3) and are not
mentioned here.
min-tx-interval 10
min-rx-interval 10
process-pst
commit
NOTE
The configurations of the slave MASG (MASG2) are similar to those of the master MASG(MASG1) and are
not mentioned here.
discriminator remote 13
min-tx-interval 50
min-rx-interval 50
process-pst
commit
bfd te35 bind mpls-te interface Tunnel0/0/35 //Use the static BFD to detect the
status of the tunnel 0/0/35
discriminator local 35
discriminator remote 53
min-tx-interval 50
min-rx-interval 50
process-pst
commit
bfd te36 bind mpls-te interface Tunnel0/0/36 //Use the static BFD to detect the
status of the tunnel 0/0/36
discriminator local 36
discriminator remote 63
min-tx-interval 50
min-rx-interval 50
process-pst
commit
NOTE
The configurations of the slave ASG (ASG4) are similar to those of the master ASG (ASG3) and are not
mentioned here.
NOTE
The configurations of the slave ASBR (ASBR2) are similar to those of the master ASBR (ASBR1) and are not
mentioned here.
NOTE
The configurations of the slave ASBR (ASBR4) are similar to those of the master ASBR (ASBR3) and are not
mentioned here.
NOTE
The configurations of the slave MASG (MASG2) are similar to those of the master MASG (MASG) and are
not mentioned here.
If the Tunnels' BFD sessions of the S_TE_TNL are in the Up state, the BFD sessions have been
established successfully.
[CSG1]display bfd session all for-te
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
13 31 3.3.3.3 Up S_TE_TNL Tunnel0/0/13
14 41 4.4.4.4 Up S_TE_TNL Tunnel0/0/14
113 131 3.3.3.3 Up S_TE_LSP Tunnel0/0/13
114 141 4.4.4.4 Up S_TE_LSP Tunnel0/0/14
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 4/0
This section describes how to set up inter-AS BGP LSPs using Labeled BGP.
TE/LDP Label
push POP push POP push POP
TE/LDP LSP TE/LDP LSP TE/LDP LSP
upstream
BGP Label push swap swap POP
iBGP LSP eBGP LSP iBGP LSP
downstream
POP swap swap push
iBGP LSP eBGP LSP iBGP LSP
BGP Label
Set up full-mesh MP-iBGP peer relationship between ASBRs and the master and slave RRs
(RR3 and RR4).
Set up full-mesh MP-iBGP peer relationship between MASGs and the master and slave
RRs (RR3 and RR4).
2. Deploy Labeled MP-iBGP. Configure neighbor relationship in the BGP-IPv4 unicast
address family view and enable the transmission of labeled routes.
l Set up MP-eBGP peer relationship between ASBR1 and ASBR3 (which are directly
connected to each other).
l Set up MP-eBGP peer relationship between ASBR2 and ASBR4 (which are directly
connected to each other).
3. MED is used as the parameter to control routes.
l Advertisement of the Loopback0 address from a master ASG to an MASG
RR1 RR3
100
100 50
CSG1 ASG3 ASBR1 50 ASBR3 50 MASG1
10
50
10
50
0
- >2
00
0
10
0
10
0
10
0
10
100
ASG4 ASBR2 ASBR4 100 MASG2
100
RR4
RR2
When the master ASG advertises its loopback address to an RR at the aggregation layer,
the planned MED value is 100. The RR does not modify the MED value. When the
master ASBR at the aggregation layer advertises the address to the master ASBR at the
core layer, it modifies the MED value to 50. When the slave ASBR at the aggregation
layer advertises the value to the slave ASBR at the core layer, it modifies the value to
100. The master ASBR at the core layer does not modify the value (50) when it advertises
the address to the master RR at the core layer, and modifies the value to 200 when it
advertises the address to the slave RR. The slave ASBR at the core layer does not modify
the value (100) when it advertises the address to the master and slave RR at the core
layer. The master RR prefers the route from the master ASBR at the core layer, because
the MED value is 50. Similarly, the slave RR prefers the route from the slave ASBR at
the core layer because the MED value is 100. After the route is sent to the master and
slave MASGs, the master and slave paths are formed between the source MASGs and
destination ASGs. For example:
– The active route (plane) from the master MASG to the master ASG is: master MASG
-> ASBR3 (master ASBR at the core layer) -> ASBR1 (master ASBR at the
aggregation layer) -> ASG3;
– The standby route (plane) from the master MASG to the master ASG is: master
MASG -> ASBR4 (slave ASBR at the core layer) -> ASBR2 (slave ASBR at the
aggregation layer) -> ASG3.
l Advertisement of a loopback address from a slave ASG to an MASG
RR1 RR3
100 50
CSG1 ASG3 ASBR1 100 ASBR3 100 MASG1
10
50
0
10
0
0
100
10
50
0
10
0
10
50 50->
ASG4 ASBR2 ASBR4 200 MASG2
10
0 100
RR4
RR2
After the route is sent to the master and slave MASGs, the master and slave paths are
formed between the source MASGs and destination ASGs. For example:
– The active route from the master MASG to the slave ASG is: master MASG ->
ASBR4 (slave ASBR at the core layer) -> ASBR2 (slave ASBR at the aggregation
layer) -> ASG4;
– The standby route from the master MASG to the slave ASG is: master MASG ->
ASBR3 (master ASBR at the core layer) -> ASBR1 (master ASBR at the aggregation
layer) -> ASG4.
l Advertisement of a loopback address from a master MASG to an ASG
RR1 RR3
50 50 100
CSG1 ASG3 ASBR1 502 MASG1ASBR3 100 MASG1
50
0
—5
0
0<
10
10
20
10
10
0
0
10
0
0
10
100<--MASG1 10
ASG4 ASBR2 ASBR4 0 MASG2
10
0
RR4
RR2
After the route is sent to the master and slave ASGs, the master and slave paths are
formed between the source ASGs and destination MASGs. For example:
– The active route from the master ASG to the master MASG is: master ASG ->
ASBR1 (master ASBR at the aggregation layer) ->ASBR3 (master ASBR at the core
layer) -> MASG1;
– The standby route from the master ASG to the master MASG is: master ASG ->
ASBR2 (slave ASBR at the aggregation layer) ->ASBR4 (slave ASBR at the core
layer) -> MASG1.
l Advertisement of a loopback address from a slave MASG to an ASG
RR1 RR3
50 100
CSG1 ASG3 ASBR1 1004MASG2ASBR3 100 MASG1
50
0
10
10
10
10
50
0
10
0
-50
200<
504MASG2 10
ASG4 ASBR2 ASBR4 0 MASG2
0
10
0 10
RR4
RR2
After the route is sent to the master and slave ASGs, the master and slave paths are
formed between the source ASGs and destination MASGs. For example:
– The active route from the master ASG to the slave MASG is: master ASG -> ASBR2
(slave ASBR at the aggregation layer) ->ASBR4 (slave ASBR at the core layer) ->
MASG2;
– The active route from the master ASG to the slave MASG is: master ASG -> ASBR1
(master ASBR at the aggregation layer) ->ASBR3 (master ASBR at the core layer)
-> MASG2.
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
ASBR2: ASBR2:
6.6.6.6 6.6.6.6
Connect-retry - - - - - -
interval of peers
NOTE
l The routing policy with the name of label1 is applied on the egress direction from ASG3 to RR1.
l The routing policy with the name of label2 is applied on the egress direction from ASG3 to RR2.
l The policy names are only used as examples and can be named as required in actual projects, for
example, to Label_To_MRR or Label_To_SRR.
l Configure a tunnel selector.
#
tunnel-selector IPRAN permit node
10
apply tunnel-policy IPRAN
#
route-policy label1 permit node
10
apply cost
100
apply mpls-
label
#
route-policy label2 permit node
10
apply cost
100
apply mpls-
label
#
NOTE
l The routing policy with the name of label1 is applied on the egress direction from ASG4 to RR1.
l The routing policy with the name of label2 is applied on the egress direction from ASG4 to RR2.
l The policy names are only used as examples and can be named as required in actual projects, for
example, to Label_To_MRR or Label_To_SRR.
l Configure a tunnel selector.
#
tunnel-selector IPRAN permit node
10
apply tunnel-policy IPRAN
NOTE
NOTE
l The routing policy with the name of label1 is applied on the egress direction from ASBR1 to RR1.
l The routing policy with the name of label2 is applied on the egress direction from ASBR1 to ASBR3.
l The routing policy with the name of prefer is applied on the ingress direction of ASBR1 (from ASBR3
to ASBR1).
l The routing policy with the name of label3 is applied on the egress direction from ASBR1 to RR2.
l Configure a tunnel selector.
#
tunnel-selector IPRAN permit node
10
apply tunnel-policy IPRAN
#
route-policy label1 permit node
10
if-match mpls-
label
apply mpls-
label
#
route-policy label2 permit node
10
if-match mpls-
label
if-match ip-prefix
ASG3
apply cost
100
apply mpls-
label
#
route-policy label2 permit node
15
if-match mpls-
label
if-match ip-prefix
ASG4
apply cost
50
apply mpls-
label
#
route-policy label2 permit node
20
apply cost
100
apply mpls-
label
#
route-policy prefer permit node
10
apply preferred-value
32768
#
route-policy label3 permit node
10
if-match cost
50
if-match mpls-
label
apply cost
200
apply mpls-
label
#
route-policy label3 permit node
20
if-match mpls-
label
apply mpls-
label
#
NOTE
l The routing policy with the name of label1 is applied on the egress direction from ASBR2 to RR1.
l The routing policy with the name of label2 is applied on the egress direction from ASBR2 to ASBR4.
l The routing policy with the name of prefer is applied on the ingress direction of ASBR2 (from ASBR4
to ASBR2).
l The routing policy with the name of label3 is applied on the egress direction from ASBR2 to RR2.
#
route-policy label2 permit node
15
if-match mpls-
label
if-match ip-prefix
MASG2
apply cost
100
apply mpls-
label
#
route-policy label2 permit node
20
apply cost
50
apply mpls-
label
#
route-policy label3 permit node
10
if-match cost
50
if-match mpls-
label
apply cost
200
apply mpls-
label
#
route-policy label3 permit node
20
if-match mpls-
label
apply mpls-
label
#
route-policy prefer permit node
10
apply preferred-value
32768
#
NOTE
l The routing policy with the name of label1 is applied on the egress direction from ASBR3 to RR3.
l The routing policy with the name of label2 is applied on the egress direction from ASBR3 to ASBR1.
l The routing policy with the name of prefer is applied on the ingress direction of ASBR3 (from ASBR1
to ASBR3).
l The routing policy with the name of label3 is applied on the egress direction from ASBR3 to RR4.
l Configure a tunnel selector.
#
tunnel-selector IPRAN permit node
10
apply tunnel-policy IPRAN
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 13.13.13.13 255.255.255.255
network 14.14.14.14 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.5.7.1 enable
peer 10.5.7.1 route-policy prefer import
peer 10.5.7.1 route-policy label2 export
peer 10.5.7.1 label-route-capability
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label3 export
peer 14.14.14.14 label-route-capability
#
100
apply mpls-
label
#
route-policy prefer permit node
10
apply preferred-value
32768
#
route-policy label3 permit node
10
if-match cost
50
if-match mpls-
label
apply cost
200
apply mpls-
label
#
route-policy label3 permit node
20
if-match mpls-
label
apply mpls-label
#
NOTE
l The routing policy with the name of label1 is applied on the egress direction from ASBR4 to RR3.
l The routing policy with the name of label2 is applied on the egress direction from ASBR4 to ASBR2.
l The routing policy with the name of prefer is applied on the ingress direction of ASBR4 (from ASBR2
to ASBR4).
l The routing policy with the name of label3 is applied on the egress direction from ASBR4 to RR4.
l Configure a tunnel selector.
#
tunnel-selector IPRAN permit node
10
apply tunnel-policy IPRAN
NOTE
The routing policy with the name of label1 is applied on the egress direction from MASG1 to RR3 and
RR4.
l Configure a tunnel selector.
#
tunnel-selector IPRAN permit node
10
apply tunnel-policy IPRAN
NOTE
The routing policy with the name of label1 is applied on the egress direction from MASG2 to RR3 and
RR4.
l Configure a tunnel selector.
#
tunnel-selector IPRAN permit node
10
apply tunnel-policy IPRAN
l Configure MP-BGP.
#
bgp 200
router-id 10.10.10.10
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.10.10.10 255.255.255.255
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label1 export
peer 14.14.14.14 label-route-capability
#
NOTE
Configure the slave ASG (ASG4) similarly as the master ASG (ASG3).
NOTE
Configure the slave RR (RR2) similarly as the master RR (RR1).
NOTE
Configure the slave RR (RR4) similarly as the master RR (RR3).
NOTE
Configure the slave MASG (MASG2) similarly as the master MASG (MASG1).
------------------------------------------------------------------------------
--
Local Remote PeerIpAddr State Type InterfaceName
------------------------------------------------------------------------------
--
8192 8192 10.9.13.2 Up D_IP_IF GigabitEthernet2/0/2
8193 8192 10.9.10.2 Up D_IP_IF Eth-Trunk1.1
901 1090 10.10.10.10 Up S_TE_LSP Tunnel0/0/910
910 109 10.10.10.10 Up S_TE_TNL Tunnel0/0/910
907 709 7.7.7.7 Up S_TE_LSP Tunnel0/0/97
97 79 7.7.7.7 Up S_TE_TNL Tunnel0/0/97
908 809 8.8.8.8 Up S_TE_LSP Tunnel0/0/98
98 89 8.8.8.8 Up S_TE_TNL Tunnel0/0/98
8194 0 11.11.11.11 Up D_BGP_TUNNEL -
8195 8203 3.3.3.3 Up D_BGP_TUNNEL -
8198 0 12.12.12.12 Up D_BGP_TUNNEL -
8199 8204 4.4.4.4 Up D_BGP_TUNNEL -
8200 8202 4.4.4.4 Up E_Dynamic -
8201 8197 3.3.3.3 Up E_Dynamic -
------------------------------------------------------------------------------
--
Total UP/DOWN Session Number : 12/2
l Run the command on ASG3. Verify that the D_BGP_TUNNEL and E_Dynamic tunnels
between the ASG and the master and slave MASGs are in the Up state.
The D_BGP_TUNNEL type indicates that the local end is the active end and the
E_Dynamic type indicates that the local end is the passive end.
<ASG3>display bfd session all
------------------------------------------------------------------------------
--
Local Remote PeerIpAddr State Type InterfaceName
------------------------------------------------------------------------------
--
8192 8193 10.3.4.2 Up D_IP_IF
GigabitEthernet1/0/0.1
8193 8194 10.3.4.6 Up D_IP_IF GigabitEthernet1/0/0
36 63 6.6.6.6 Up S_TE_TNL Tunnel0/0/36
35 53 5.5.5.5 Up S_TE_TNL Tunnel0/0/35
305 503 5.5.5.5 Up S_TE_LSP Tunnel0/0/35
8197 8201 9.9.9.9 Up D_BGP_TUNNEL -
8198 0 13.13.13.13 Up D_BGP_TUNNEL -
8199 0 14.14.14.14 Up D_BGP_TUNNEL -
8200 8202 10.10.10.10 Up D_BGP_TUNNEL -
8201 513 10.1.3.1 Up D_IP_IF GigabitEthernet1/1/2
31 13 1.1.1.1 Up S_TE_TNL Tunnel0/0/31
301 103 1.1.1.1 Up S_TE_LSP Tunnel0/0/31
8202 8198 10.10.10.10 Up E_Dynamic -
8203 8195 9.9.9.9 Up E_Dynamic -
------------------------------------------------------------------------------
--
Total UP/DOWN Session Number : 13/0
Run the display mpls lsp protocol bgp command to query the status of a BGP LSP.
l Run the command on MASG1.
<MASG1>display mpls lsp protocol bgp
------------------------------------------------------------------------------
-
LSP Information: BGP LSP
------------------------------------------------------------------------------
-
FEC In/Out Label In/Out IF Vrf Name
9.9.9.9/32 155672/NULL -/-
11.11.11.11/32 NULL/155681 -/-
**BGP FRR** /155683 /-
3.3.3.3/32 NULL/155682 -/-
**BGP FRR** /155684 /-
4.4.4.4/32 NULL/155689 -/-
**BGP FRR** /155682 /-
12.12.12.12/32 NULL/155688 -/-
**BGP FRR** /155680 /-
------------------------------------------------------------------------------
-
LSP Information: BGP LSP
------------------------------------------------------------------------------
-
FEC In/Out Label In/Out IF Vrf Name
3.3.3.3/32 155677/NULL -/-
14.14.14.14/32 NULL/155722 -/-
**BGP FRR** /155668 /-
10.10.10.10/32 NULL/155723 -/-
**BGP FRR** /155667 /-
9.9.9.9/32 NULL/155720 -/-
**BGP FRR** /155677 /-
13.13.13.13/32 NULL/155721 -/-
**BGP FRR** /155678 /-
Run the display ip routing-table ip-address command to query the routing table of the remote
end.
------------------------------------------------------------------------------
Destination: 3.3.3.3/32
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 50
NextHop: 7.7.7.7 Neighbour: 13.13.13.13
State: Active Adv Relied Age: 00h54m53s
Tag: 0 Priority: low
Label: 155682 QoSInfo: 0x0
IndirectID: 0x2
RelayNextHop: 0.0.0.0 Interface:
Tunnel0/0/97
TunnelID: 0x60033c01 Flags: RD
BkNextHop: 8.8.8.8 BkInterface:
Tunnel0/0/98
BkLabel: 155684 SecTunnelID: 0x0
BkPETunnelID: 0x60033c02 BkPESecTunnelID: 0x0
BkIndirectID: 0x6
------------------------------------------------------------------------------
Destination: 9.9.9.9/32
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 50
NextHop: 5.5.5.5 Neighbour: 11.11.11.11
State: Active Adv Relied Age: 00h55m55s
Tag: 0 Priority: low
Label: 155720 QoSInfo: 0x0
IndirectID: 0x4
RelayNextHop: 0.0.0.0 Interface:
Tunnel0/0/35
TunnelID: 0x60033c02 Flags: RD
changes the next RR1 changes the next changes the next RR3
hop to itself hop to itself hop to itself
CSG1 ASG3 ASBR1 ASBR3 MASG1
TE/LDP Label
push POP push POP push POP
TE/LDP LSP TE/LDP LSP TE/LDP LSP
Upstream
BGP Label
push swap swap swap POP
iBGP LSP iBGP LSP eBGP LSP iBGP LSP
Downstream
swap
swap swap push
POP iBGP LSP iBGP LSP
eBGP LSP
BGP Label
In the Labeled BGP to Edge sub-solution, deploy an inter-AS BGP LSP as follows:
1. Deploy Labeled MP-iBGP. Configure neighbor relationship in the BGP-IPv4 unicast
address family view and enable the transmission of labeled routes.
In AS 100
l Set up MP-iBGP peer relationship between CSGs and the master and slave ASGs.
l Set up full-mesh MP-iBGP peer relationship between ASGs/ASBRs and the master and
slave RRs (RR1 and RR2).
In AS 200
Set up full-mesh MP-iBGP peer relationship between ASBRs and the master and slave RRs
(RR3 and RR4).
Set up full-mesh MP-iBGP peer relationship between MASGs and the master and slave
RRs (RR3 and RR4).
2. Deploy Labeled MP-iBGP. Configure neighbor relationship in the BGP-IPv4 unicast
address family view and enable the transmission of labeled routes.
l Set up MP-eBGP peer relationship between ASBR1 and ASBR3 (which are directly
connected to each other).
l Set up MP-eBGP peer relationship between ASBR2 and ASBR4 (which are directly
connected to each other).
3. MED is used as the parameter to control routes.
l Advertisement of the Loopback0 address from a CSG to an MASG
RR1 RR3
50
50 50
CSG1 ASG3 ASBR1 50 ASBR3 50 MASG1
50
50
50
50
- >2
50
00
- >2
100
00
0
10
0
10
0
10
100
10 0
0 10
100
ASG4 ASBR2 ASBR4 100 MASG2
100
RR4
RR2
A CSG advertises its Loopback0 route to the master and slave ASGs. The MED is set
to 50 and 100 for routes on the active and standby links respectively. The master ASG
reflects the loopback route to the master RR at the aggregation layer after changing the
next hop to itself, without modifying the MED value. The master ASG reflects the route
to the slave RR after modifying the MED value to 200 and changing the next hop to
itself. The slave ASG reflects the loopback route to the master and slave RRs after
changing the next hop to itself, without modifying the MED value. The master and slave
RRs at the aggregation layer reflect the route to the master and slave A-ASBRs without
modifying the MED value. The master ASBR at the aggregation layer advertises the
loopback route to the master ASBR at the core layer after modifying the MED value to
50 and changing the next hop to itself. The slave ASBR at the aggregation layer
advertises the loopback route to the slave ASBR at the core layer after modifying the
MED value to 100 and changing the next hop to itself. The master ASBR at the core
layer advertises the route to the master RR at the core layer without modifying the MED
value (50), and advertises the route to the slave RR after modifying the MED value to
200, after changing the next hop to itself. The slave ASBR at the core layer advertises
the route to the master and slave RRs after changing the next hop to itself, without
modifying the MED value (100). The master RR at the core layer prefers the route from
the master ASBR at thecore layer because its MED value is 50. The slave RR at the
core layer prefers the route from the slave ASBR at the core layer because its MED
value is 100. After the routes are sent to the MASGs, the master and slave paths are
formed. For example:
– The active path from the master MASG to a CSG is: master MASG -> ASBR3
(master ASBR at the core layer) -> ASBR1(master ASBR at the aggregation layer)
-> ASG3 -> CSG;
– The standby path from the master MASG to a CSG is: master MASG -> ASBR4
(slave ASBR at the core layer) -> ASBR2(slave ASBR at the aggregation layer)
-> ASG3 -> CSG.
l Figure 4-19 Advertisement of a loopback route from a master MASG to CSGs
RR1 RR3
50 50 100
CSG1 ASG3 ASBR1 50 ASBR3 100 MASG1
50
50
100
0
—5
100
0<
20
10
0
10
10
0
0
10
0
10
100 10
ASG4 ASBR2 ASBR4 0 MASG2
10
0
RR4
RR2
After the routes are sent to the CSGs, the master and slave paths are formed.
– The active path from a CSG to the master MASG: CSG -> ASG3 -> ASBR1(master
ASBR at the aggregation layer) -> ASBR3(master ASBR at the core layer) ->
master MASG;
– The standby path from a CSG to the master MASG: CSG -> ASG4 -> ASBR1
(master ASBR at the aggregation layer) -> ASBR3(master ASBR at the core layer)
-> master MASG.
l Advertisement of a loopback route from a slave MASG to CSGs
RR1 RR3
50 100
CSG1 ASG3 ASBR1 100 ASBR3 100 MASG1
100
50
100
0
10
50
10
50
10
0
0
0
10
0
20
50 10
ASG4 ASBR2 ASBR4 0 MASG2
10
0 100
RR4
RR2
After the routes are sent to the CSGs, the master and slave paths are formed.
– The active path from a CSG to the slave MASG: CSG -> ASG4 -> ASBR2(slave
ASBR at the aggregation layer) -> ASBR4(slave ASBR at the core layer) -> slave
MASG;
– The active path from a CSG to the slave MASG: CSG -> ASG3 -> ASBR2(slave
ASBR at the aggregation layer) -> ASBR4(slave ASBR at the core layer) -> slave
MASG.
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
ASBR2: ASBR2:
6.6.6.6 6.6.6.6
Connect-retry - - - - - -
interval of peers
Configuring CSGs
Configure the MP-BGP peer of CSG1.
l Configure a routing policy.
#
route-policy label1 permit node 10
apply mpls-label
#
route-policy label2 permit node 10
apply mpls-label
NOTE
l The routing policy with the name of label1 is applied on the egress direction from CSG1 to ASG3.
l The routing policy with the name of label2 is applied on the egress direction from CSG1 to ASG4.
l The policy names are only used as examples and can be named as required in actual projects, for
example, Label_To_ASG3和Label_To_ASG4.
l Configure a tunnel selector.
#
tunnel-selector IPRAN permit node
10
apply tunnel-policy IPRAN
#
l Configure MP-BGP.
#
bgp 100
router-id 1.1.1.1
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255 //Advertises the Loopback0 address, so that
it reaches MASGs through BGP LSPs.
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 3.3.3.3 enable
peer 3.3.3.3 route-policy label1 export
peer 3.3.3.3 label-route-capability
peer 4.4.4.4 enable
peer 4.4.4.4 route-policy label2 export
peer 4.4.4.4 label-route-capability
#
#
route-policy label2 permit node 5 //The routing policy is applied on the
egress direction from ASG3 to RR2.
if-match cost
50
if-match mpls-
label
if-match community-filter
csg
apply ip-address next-hop peer-address //Changes the next hop of a route to
the ASG itself.
apply cost
200
apply mpls-
label
#
route-policy ipv4-from-csg permit node 10
apply cost 50
apply community 1:1 additive
apply preferred-value 32768
#
route-policy ipv4-to-csg permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 50
apply mpls-label
#
route-policy ipv4-to-csg permit node 20
if-match mpls-label
if-match ip-prefix MASG2
apply cost 100
apply mpls-label
#
l Configure MP-BGP.
#bgp 100
router-id 3.3.3.3
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
group CSG internal
peer CSG connect-interface LoopBack0
peer 1.1.1.1 as-number 100
peer 1.1.1.1 group CSG
#
ipv4-family unicast
undo synchronization
reflector cluster-id 101
reflect change-path-attribute
auto-frr
tunnel-selector IPRAN //Configures outer tunnels for carrying BGP LSPs.
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
l Configure MP-BGP.
bgp 100
router-id 4.4.4.4
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
group CSG internal
peer CSG connect-interface LoopBack0
peer 1.1.1.1 as-number 100
peer 1.1.1.1 group CSG
#
ipv4-family unicast
undo synchronization
reflector cluster-id 102 //The cluster ID must be different from that of the
master ASG. Otherwise, routes from the slave ASG are discarded by a CSG and a
standby route cannot be generated.
reflect change-path-attribute
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy label1 export
peer 11.11.11.11 label-route-capability
peer 11.11.11.11 advertise-community
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy label2 export
peer 12.12.12.12 label-route-capability
peer 12.12.12.12 advertise-community
peer CSG enable
peer CSG route-policy ipv4-from-csg import
peer CSG route-policy ipv4-to-csg export
peer CSG reflect-client
peer CSG next-hop-local
peer CSG label-route-capability
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
Configuring CSGs
The following uses CSG1 as an example to illustrate the configuration.
bfd
mpls-passive //Enables the creation of a BFD session passively.
mpls
mpls bgp bfd enable
mpls bgp bfd-trigger-tunnel host
mpls bgp bfd min-tx-interval 100 min-rx-interval 100
NOTICE
l Enable dynamic BFD session setup in passive mode for CSGs and remote PEs (MASGs).
NOTE
Configure the slave RR (RR2) similarly as the master RR (RR1).
NOTE
Configure the slave RR (RR4) similarly as the master RR (RR3).
NOTE
Configure the slave MASG (MASG2) similarly as the master MASG (MASG1).
------------------------------------------------------------------------------
--
Local Remote PeerIpAddr State Type InterfaceName
------------------------------------------------------------------------------
--
8192 8192 10.9.13.2 Up D_IP_IF GigabitEthernet2/0/2
8193 8192 10.9.10.2 Up D_IP_IF Eth-Trunk1.1
901 1090 10.10.10.10 Up S_TE_LSP Tunnel0/0/910
910 109 10.10.10.10 Up S_TE_TNL Tunnel0/0/910
907 709 7.7.7.7 Up S_TE_LSP Tunnel0/0/97
97 79 7.7.7.7 Up S_TE_TNL Tunnel0/0/97
l Run the command on CSG1. Verify that the D_BGP_TUNNEL and E_Dynamic tunnels
between the CSG and the master and slave MASGs are in the Up state.
The D_BGP_TUNNEL type indicates that the local end is the active end and the
E_Dynamic type indicates that the local end is the passive end.
<CSG1>display bfd session all
------------------------------------------------------------------------------
--
Local Remote PeerIpAddr State Type InterfaceName
------------------------------------------------------------------------------
--
1024 514 10.1.2.1 Up D_IP_IF
GigabitEthernet0/2/2
1025 8215 10.2.4.2 Up D_IP_IF
GigabitEthernet0/2/1
204 402 4.4.4.4 Up S_TE_LSP Tunnel0/0/24
24 42 4.4.4.4 Up S_TE_TNL Tunnel0/0/24
23 32 3.3.3.3 Up S_TE_TNL Tunnel0/0/23
203 302 3.3.3.3 Up S_TE_LSP Tunnel0/0/23
1150 9221 10.10.10.10 Up E_Dynamic -
1151 9212 9.9.9.9 Up E_Dynamic -
1152 9233 10.10.10.10 Up D_BGP_TUNNEL -
1153 9221 9.9.9.9 Up D_BGP_TUNNEL -
------------------------------------------------------------------------------
--
Total UP/DOWN Session Number : 10/0
7 Deploying DCN
This section describes how to deploy DCN routes on a bearer network so that the NMS can
access the managed NEs through DCN routes.
DCN routes can be deployed in different modes according to the used BGP.
l If the MP-BGP and RRs are configured, and MED values are used to distinguish route
priorities, the available DCN deployment solutions are as follows:
Configuration Roadmap
1. A management VPN is created on the backbone network. A management loopback address
is created for each backbone device and bound to the management VPN.
2. New loopback addresses (different from the LSR IDs) are planned for devices in the
IPRAN. The addresses are used as the public network management addresses of the devices.
The loopback routes are added with tags and imported into the IGP.
3. Access-side management routes are imported to the aggregation side. A-ASBRs advertise
the public network IGP of the IPRAN (or aggregation routes between management
addresses of the IPRAN) to the management VPN of the backbone network. In addition,
the A-ASBRs advertise routes of the U2000 to the IGP of the IPRAN.
The following figure shows the typical public DCN deployment: the U2000 is dual-homed to
two MASGs, and an L2 network is deployed between the MASGs and the U2000. An L3 network
may be traversed in the actual application. You need to set static routes from the MASGs to the
U2000. The gateway is located at the ingress interface of a third-party.
AS 100 AS 200
Access Aggregation Core
LSW
U2000 Server
Data Plan
VRRP vrid: 22
virtual-ip: 130.10.100.10
NOTICE
The management IP addresses are different from the LSR IDs.
snmp-agent trap source Core layer equipment: Sets the LoopBack interfaces
LoopBack 65535 as the source interfaces for
sending Trap messages.
Configuring MASGs
1. Create management interfaces.
interface LoopBack65535
2. Configure SNMP.
lldp enable
#
snmp-agent
snmp-agent sys-info version all //Enables SNMP of all versions on the system.
snmp-agent mib-view included iso-view iso //The SNMP MIB view contains the iso
subtree.
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view //The write
attribute contains the read and right permission.
If the read
attribute community name and the write attribute community name are the same,
the read attribute
command will be overwritten by the write attribute command.
snmp-agent trap enable //Enables the SNMP agent to send trap messages.
snmp-agent trap source LoopBack65535 //Sets the source interface of Trap
messages.
snmp-agent target-host trap address udp-domain 130.10.100.20 vpn-instance
__dcn_ideal__ params securityname Huawei@123 v2c private-netmanager ext-vb
//Allows the transmission of SNMP Trap messages to
the NMS server (130.10.100.20). The community name of Huawei@123 is used. If
the NMS is a Huawei NMS, it is recommended to set the private-netmanager and
ext-vb parameters.
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable//Enables the extend error-code function
for equipment.
l Bind the interfaces connected to the U2000 to the management VRF instance.
#
interface
GigabitEthernet7/1/11
undo
shutdown
ip binding vpn-instance
__dcn_ideal__
ip address 130.10.100.1 255.255.255.0 //Sets the IP address, which must be
in the same network segment as the U2000 IP address.
5. (When the NE is connected to the U2000 through an L2 network) Configure a route policy
and route importing.
l Configure a routing policy.
#
ip ip-prefix U2000 index 10 permit 130.10.100.0 24
ip ip-prefix DCN index 10 permit 200.0.100.9 32
#
route-policy U2000-DCN permit node
10
if-match ip-prefix U2000
apply community
2000:2000
#
route-policy U2000-DCN permit node
20
if-match ip-prefix
DCN
#
6. (When the NE is connected to the U2000 through an L3 network) Configure a route policy
and route importing.
l Configure a routing policy.
#
ip ip-prefix U2000 index 10 permit 130.10.100.0 24
ip ip-prefix DCN index 10 permit 200.0.100.9 32
#
route-policy U2000 permit node
10
if-match ip-prefix
U2000
apply community 2000:2000
#
route-policy DCN permit node
10
if-match ip-prefix
DCN
#
NOTE
123.1.2.2 is the IP address of the ingress interface of the L3 network between the core layer and the
U2000.
7. Configure VRRP.
Configure VRRP for MASG1 (master) and MASG2 (slave), to ensure that NEs do not
become unreachable if MASG1 is faulty. After the configuration, run the display ip
routing-tablecommand to query routes to the U2000, aggregation ring routes, and access
ring routes.
Configure MASG1 as follows:
interface GigabitEthernet7/1/11
vrrp vrid 22 virtual-ip 130.10.100.10
vrrp vrid 22 priority 120
vrrp vrid 22 preempt-mode timer delay 300
NOTE
If DCN has been enabled globally, check whether DCN has been enabled for the master interface connected
to the U2000. If yes, disable the DCN function. The configurations are as follows:
interface GigabitEthernet7/1/11
undo dcn
8. For details about adding NEs on the U2000, see the Singe-OSS IPRAN ATN+CX (HVPN
& FMC) Network Design.
2. Configure SNMP.
lldp enable
#
snmp-agent
snmp-agent sys-info version all//Enables SNMP of all versions on the system.
snmp-agent mib-view included iso-view iso//The SNMP MIB view contains the iso
subtree.
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view//The write
attribute contains the read and right permission. If the read attribute
community name and the write attribute community name are the same, the read
attribute command will be overwritten by the write attribute command.
snmp-agent trap enable//Enables the SNMP agent to send trap messages.
snmp-agent trap source LoopBack65535//Sets the source interface of Trap
messages.
snmp-agent target-host trap address udp-domain 130.10.100.20 vpn-instance
__dcn_ideal__ params securityname Huawei@123 v2c private-netmanager ext-vb
//Allows the transmission of SNMP Trap messages to
the NMS server (130.10.100.20). The community name of Huawei@123 is used. If
the NMS is a Huawei NMS, it is recommended to set the private-netmanager and
ext-vb parameters.
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable//Enables the extend error-code function
for equipment.
#
ipv4-family vpn-instance
__dcn_ideal__
import-route direct route-policy DCN
#
l Configure BGP.
#
bgp
200
#
ipv4-family
vpnv4
reflector cluster-id
200
peer 7.7.7.7
enable
peer 7.7.7.7 route-policy U2000
export
peer 7.7.7.7 reflect-
client
peer 7.7.7.7 advertise-
community
peer 8.8.8.8
enable
peer 8.8.8.8 route-policy U2000
export
peer 8.8.8.8 reflect-
client
peer 8.8.8.8 advertise-community
#
2. Configure SNMP.
lldp enable
#
snmp-agent
snmp-agent sys-info version all//Enables SNMP of all versions on the system.
snmp-agent mib-view included iso-view iso//The SNMP MIB view contains the iso
subtree.
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view//The write
attribute contains the read and right permission. If the read attribute
community name and the write attribute community name are the same, the read
attribute command will be overwritten by the write attribute command.
snmp-agent trap enable//Enables the SNMP agent to send trap messages.
snmp-agent trap source LoopBack65535//Sets the source interface of Trap
messages.
snmp-agent target-host trap address udp-domain 130.10.100.20 vpn-instance
__dcn_ideal__ params securityname Huawei@123 v2c private-netmanager ext-vb
//Allows the transmission of SNMP Trap messages to
the NMS server (130.10.100.20). The community name of Huawei@123 is used. If
the NMS is a Huawei NMS, it is recommended to set the private-netmanager and
ext-vb parameters.
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable//Enables the extend error-code function
for equipment.
l Bind sub-interfaces connected to AS 100 (of the IPRAN) to the management VRF
instance.
#
interface
GigabitEthernet1/0/0.1
vlan-type dot1q
1
ip binding vpn-instance
__dcn_ideal__
ip address 23.5.7.2 255.255.255.252 #
l Configure BGP.
#
bgp
200
#
ipv4-family
vpnv4
undo policy vpn-
target
peer 13.13.13.13
enable
peer 14.14.14.14
enable
#
#
ipv4-family vpn-instance
__dcn_ideal__
import-route direct route-policy DCN
peer 23.5.7.1 as-number
100
peer 23.5.7.1 route-policy U2000
export
peer 23.5.7.1 advertise-community
#
interface LoopBack65535
ip address 200.0.100.5
255.255.255.255
isis enable
100
2. Configure SNMP.
lldp enable
#
snmp-agent
snmp-agent sys-info version all//Enables SNMP of all versions on the system.
snmp-agent mib-view included iso-view iso//The SNMP MIB view contains the iso
subtree.
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view//The write
attribute contains the read and right permission. If the read attribute
community name and the write attribute community name are the same, the read
attribute command will be overwritten by the write attribute command.
snmp-agent trap enable//Enables the SNMP agent to send trap messages.
snmp-agent trap source LoopBack65535//Sets the source interface of Trap
messages.
snmp-agent target-host trap address udp-domain 130.10.100.20 params
securityname Huawei@123 v2c private-netmanager ext-vb
//Allows the transmission of SNMP Trap messages to
the NMS server (130.10.100.20). The community name of Huawei@123 is used. If
the NMS is a Huawei NMS, it is recommended to set the private-netmanager and
ext-vb parameters.
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable//Enables the extend error-code function
for equipment.
5. Configure BGP.
#
bgp
100
router-id
5.5.5.5
10
if-match ip-prefix ipran
#
route-policy ipran-out permit node
10
if-match ip-prefix ipran
#
route-policy U2000 permit node
10
if-match community-filter
U2000
interface
LoopBack65535
ip address 200.0.100.11
255.255.255.255
isis enable
100
2. Configure SNMP.
lldp enable
#
snmp-agent
snmp-agent sys-info version all//Enables SNMP of all versions on the system.
snmp-agent mib-view included iso-view iso//The SNMP MIB view contains the iso
subtree.
Configuring ASGs
1. Configure management interface.
#
interface
LoopBack65535
ip address 200.0.100.3
255.255.255.255
isis enable
100
2. Configure SNMP.
lldp enable
#
snmp-agent
snmp-agent sys-info version all//Enables SNMP of all versions on the system.
snmp-agent mib-view included iso-view iso//The SNMP MIB view contains the iso
subtree.
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view//The write
attribute contains the read and right permission. If the read attribute
community name and the write attribute community name are the same, the read
attribute command will be overwritten by the write attribute command.
snmp-agent trap enable//Enables the SNMP agent to send trap messages.
snmp-agent trap source LoopBack65535//Sets the source interface of Trap
messages.
snmp-agent target-host trap address udp-domain 130.10.100.20 params
securityname Huawei@123 v2c private-netmanager ext-vb
//Allows the transmission of SNMP Trap messages to
the NMS server (130.10.100.20). The community name of Huawei@123 is used. If
the NMS is a Huawei NMS, it is recommended to set the private-netmanager and
ext-vb parameters.
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable//Enables the extend error-code function
for equipment.
Configuring CSGs
1. Configure management interface.
#
interface
LoopBack1000
ip address 200.0.100.1
255.255.255.255
isis enable
1
2. Configure SNMP.
lldp enable
#
snmp-agent
l Check the connectivity between the devices at the access layer and U2000. Run the ping
command on the CSG.
l Check the connectivity between the devices at the aggregation layer and U2000. Run the
ping command on the ASGs and ASBRs at the aggregation layer.
l Check the connectivity between the devices at the core layer and U2000. Run the ping
command on the MASGs and ASBRs at the core layer.
Configuration Principle
l Configure SNMP on each NE to be managed.
l Query and record the NE ID and NE IP address of each NE. If the default NE ID and NE
IP address of an NE are not used, you can plan and configure an NE ID and an NE IP
address for the NE.
l Enable DCN in the system view and interface view for each NE.
l Configure STelnet parameters for each NE.
l On the interface connecting the gateway NE and the U2000, configure a DCN VPN instance
and an IP address.
l Enable the DCN auto-reporting function on the gateway NE.
l Configure a static route leading to the IP address of the NE to be loaded on the U2000
server and ensure that the route is available.
The following figure shows how a public DCN is deployed. As shown in the figure, the U2000
server is dual-homed to two MASGs, and in the middle is the Layer 2 network. Such networking
is typical. In practice, a Layer 3 network may be deployed. If this is the case, a static route
destined to the U2000 server must be configured for each MASG, and the gateway on the static
route must be represented by the IP address of the ingress interface on a third-party router.
AS 100 AS 200
Access Aggregation Core
Eth-Trunk 1
LSW
U2000 Server
DCN Interfaces
Data Planning
Parameter Value Remarks
Configuration Procedure
DCN automatically available solution: The U2000 uses the DCN automatically available
function to manage NEs.
1. Enable DCN in the system view and interface view for each NE.
After DCN is enabled globally for ATN devices, all interfaces are enabled with DCN by
default. After DCN is enabled globally for CX devices, however, not all interfaces are
enabled with DCN by default. To query whether an interface is enabled with DCN, run the
display this command in the interface view.
The following shows the configuration of CSG1 as an example:
dcn //Enable DCN in the system view.
ETH-trunk interfaces are used between MASGs and the interfaces are in port-switch mode
(that is, a service VLAN that can pass is configured). A DCN VLAN needs to be configured
at the main member interface and it can be set to 4094. The DCN VLAN cannot be the
same as the service VLAN.
interface GigabitEthernet2/0/1
dcn
dcn vlan 4094
interface GigabitEthernet1/0/1
dcn
dcn vlan 4094
2. Configure SNMP.
l Query the management loopback interface used by a DCN. By default, the ATN device
uses loopback1023 and the CX device uses loopback2147483647.
Run the following command to query the management loopback interface used by a
DCN.
display dcn brief
NOTE
Previous commands indicate that the equipment uses VPN channels for interworking with the
U2000. If the equipment needs to set up an FTP connection with a public network address, the
ftp command must be run with the public-net parameter. Otherwise, the equipment uses VPN
channels for FTP communication.
3. Query and record the NE ID and NE IP address of each NE.
In this example, MASG1 and MASg2 are gateway NEs.
display dcn brief
If the default NE ID and NE IP address of an NE are not used, you can plan and configure
an NE ID and an NE IP address for the NE. The following shows the configuration of
MASG1:
Configure the NE ID in the user view.
set neid 9a0009
4. Configure user login parameters on each NE, with the STelnet as the login mode.
The following shows the configuration of STelnet parameters on MASG1:
user-interface maximum-vty 15
user-interface vty 0 14
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
aaa
local-user Root password cipher Changeme_123//Configure the user name and
password.
local-user Root service-type ssh//Configure SSH as the login method for the
user.
local-user Root level 15//Configure the user level.
#
stelnet server enable//Enable the STelnet service on the SSH server.
ssh user root//Add an SSH user.
ssh user root authentication-type password//Configure an authentication mode
for the SSH user.
ssh user root service-type stelnet//Configure STelnet as the login method for
the SSH user.
#
undo nap slave enable
5. Bind the DCN VPN instance (__dcn_vpn__) to the interface connecting the gateway
NE and DCN network.
The configuration of MASG1 is provided below:
interface GigabitEthernet7/1/11
negotiation auto
description to-NMS-U2000
ip binding vpn-instance __dcn_vpn__
ip address 130.10.100.1 255.255.255.0
vrrp vrid 22 virtual-ip 130.10.100.10
vrrp vrid 22 priority 120
vrrp vrid 22 preempt-mode timer delay 300
ospf cost 50 //Set the cost values on MASG1 and MASG2 to 50 and 100
respectively to control route selection.
NOTE
If DCN has been enabled globally, check whether DCN has been enabled for the active port connected to
the U2000. If yes, disable the DCN function.
interface GigabitEthernet7/1/11
undo dcn
ospf 65534 vpn-instance __dcn_vpn__
silent-interface GigabitEthernet7/1/11 //Set the interface that connected to
U2000 network as an silent-interface.
NOTE
If DCN has been enabled globally, check whether DCN has been enabled for the active port connected to
the U2000. If yes, disable the DCN function.
interface GigabitEthernet7/1/11
undo dcn
ospf 65534 vpn-instance __dcn_vpn__
silent-interface GigabitEthernet7/1/11
6. Enable the DCN auto-reporting function on the gateway NE. Then, you can query the
route to the U2000 by running the disp ip routing-table vpn-instance
__dcn_vpn__command.
The following shows the configuration of MASG1:
dcn
auto-report //Enable the DCN auto-reporting function.
7. Configure static routes on the U2000 server and ensure that the route between the
U2000 and the gateway NE is available.
AS 100 AS 200
Access Aggregation Core
130.10.100.11/24
Eth-Trunk 1
U2000 Server
130.10.101.1/24
GE7/1/11
130.10.100.2/24
CSG2 ASG4 ASBR2 ASBR4 MASG2
DCN Interfaces
b. onfigure the MASG to import U2000 routes. The following uses MASG1 as an
example.
ip ip-prefix U2000 index 10 permit 130.10.101.1 32
#
route-policy U2000 permit node 10
if-match ip-prefix U2000
#
ospf 65534
import-route static cost 1000 route-policy U2000 //Configure the master
MASG to import routes and set the cost value to 1000.
//Note that the cost
value must be set to 2000 for routes imported by the slave MASG.
c. Configure remaining data in the same way as data is configured for a Layer-2 DCN.
Configuration Roadmap
l Configure SNMP for all NEs to be managed.
l Query and record NE IDs and IP addresses. If the default NE IDs and IP addresses are not
used, plan new NE IDs and IP addresses.
l Enable DCN for all NEs and interfaces.
l Configure user login parameters for all NEs.
l Configure a VPN for the gateway NEs and interfaces connected to the U2000, bind the
VPN to the DCN. and configure related IP addresses.
l Enable the DCN auto-report function for the MASGs, which function as the gateway NEs.
l Configure static routes between the U2000 server and the IP addresses of the NEs to be
loaded, to make the NEs reachable to the U2000.
l On ASBRs at the core layer:
– Create an OSPF process for each connected IPRAN area.
– Bind the interfaces connected to different IPRAN areas to the corresponding OSPF
process configured with DCN VRF.
– Configure route importing for the ASBRs: import routes of the U2000 to the OSPF
process of the aggregation ring in the IPRAN area, and import routes of the OSPF
process into the core ring.
l On ASGs at the core layer of the IPRAN:
– Create an OSPF process for each connected access ring.
– Bind the interfaces connected to different access rings to the corresponding OSPF
process configured with DCN VRF.
– Configure route importing on the ASGs: import routes of the U2000 to OSPF processes
for access rings, and import routes of the OSPF processes into the aggregation ring.
The following figure shows the typical public DCN deployment: the U2000 is dual-homed to
two MASGs, and an L2 network is deployed between the MASGs and the U2000. An L3 network
may be traversed in the actual application. You need to set static routes from the MASGs to the
U2000. The gateway is located at the ingress interface of a third-party router.
AS 100 AS 200
Access Aggregation Core
LSW
U2000 Server
DCN Interfaces
Data Plan
Parameter Value Remarks
Configuration Procedure
DCN VRF solution: The U2000 manages NEs using a private network configured with DCN
VRF.
MASGs interconnect through Eth-Trunk interfaces. The port-switch command has been
run on the interfaces and the VLAN is configured to support transmission of allowed
services. In this case, DCN VLAN must be configured for the interfaces that home the Eth-
Trunk interfaces. Set the DCN VLAN ID to 4094. The DCN VLAN must be different from
the service VLAN.
interface GigabitEthernet2/0/1
dcn
dcn vlan 4094
interface GigabitEthernet1/0/1
dcn
dcn vlan 4094
2. Configure SNMP.
l Query the loopback interfaces used for DCN management. By default, the
loopback1023 interface is used on an ATN, and the loopback2147483647 interface is
used on a CX.
Run the following command to query the used interface:
display dcn brief
l Configure a VPN instance for all NEs to facilitate management by the U2000.
set net-manager vpn-instance __dcn_vpn__//Sets the VPN instance for the NMS
to management equipment.
NOTE
Configuring the preceding commands indicates that communication between the devices and the
NMS is implemented over VPN channels. If the devices require the FTP client to access a public
network address, add the public-net parameter in the FTP command; otherwise, the devices will
use VPN channels for FTP access.
3. Query and record NE IDs and IP addresses.
In this example, MASG1 and MASG2 are gateway NEs.
display dcn brief
Plan NE IDs and IP addresses if you do not want to use the factory defaults. The following
uses MASG1 as an example to illustrate the configuration.
Enable BFD in the user view.
set neid 9a0005
NOTE
If an NE ID is manually set, the NE IP address changes with the NE ID, and there is no need to manually
modify the NE IP address.
Set NE IP addresses in the DCN view.
dcn
ne-ip 128.154.0.5 255.255.255.255
NOTE
After an NE IP address is set manually, it no longer changes when the correlated NE ID is changed.
4. Configure an OSPF process enabled with DCN VRF.
l Configure an OSPF process enabled with DCN VRF on MASGs at the core layer.
The default OSPF process enabled with DCN VRF is used. The default process ID is
65534.
The following uses MASG1 as an example to illustrate the configuration.
#
ospf 65534 vpn-instance
__dcn_vpn__
opaque-capability
enable
vpn-instance-capability
simple
area
0.0.0.0
network 0.0.0.0 255.255.255.255
l Configure an OSPF process enabled with DCN VRF on ASBRs at the core layer.
Use the default OSPF process enabled with DCN VRF. In addition, create an OSPF
process for each IPRAN area connected to an ASBR pair. The default process ID is
65534.
The following uses ASBR3 as an example to illustrate the configuration.
#
ospf 65534 vpn-instance
__dcn_vpn__
opaque-capability
enable
hostname
vpn-instance-capability
simple
area
0.0.0.0
network 0.0.0.0
255.255.255.255
#
#
ospf 65533 vpn-instance
__dcn_vpn__
description DCN ospf for
IPRAN_200
opaque-capability
enable
area
0.0.0.0
#
#
interface GigabitEthernet1/0/0 //Adds an interface in the IPRAN into the
OSPF65533 process.
undo
shutdown
dcn
dcn ospf enable 65533 area 0.0.0.0
#
l Configure an OSPF process enabled with DCN VRF on ASGs at the aggregation
layer.
Use the default OSPF process enabled with DCN VRF. In addition, create an OSPF
process for each access ring connected to an ASG pair. The default process ID is 65534.
The following uses ASG3 as an example to illustrate the configuration.
#
ospf 65534 vpn-instance
__dcn_vpn__
opaque-capability
enable
hostname
vpn-instance-capability
simple
area
0.0.0.0
network 0.0.0.0
255.255.255.255
#
#
ospf 65533 vpn-instance
__dcn_vpn__
description DCN ospf for
access_1
opaque-capability
enable
area
0.0.0.0
#
#
interface GigabitEthernet1/1/2 //Adds an interface connected to an access
ring into the OSPF65533 process.
undo
shutdown
dcn
dcn ospf enable 65533 area 0.0.0.0
#
#
route-policy pref-nms permit node
10
if-match tag
2000
apply preference
255
#
#
ospf 65533 vpn-instance
__dcn_vpn__
default cost inherit-
metric
import-route ospf 65534 route-policy U2000-
tag
preference ase route-policy pref-nms
150
#
ospf 65534 vpn-instance
__dcn_vpn__
default cost inherit-
metric
import-route direct tag
2000
import-route ospf 65533 route-policy ipran-loopback
preference ase route-policy pref-nms 150 //Prevents
loops.
6. Configure user login parameters for each NE to enable users to log in to the equipment
in STelnet mode.
The following uses MASG1 as an example to illustrate the configuration.
user-interface maximum-vty 15
user-interface vty 0 14
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
aaa
local-user root password cipher Changeme_123//Configures the user name and
password.
local-user root service-type ssh//Sets the user login mode to SSH.
local-user root level 15//Sets the user level.
#
stelnet server enable//Enables the STelent server.
ssh user root//Configures an SSH user.
ssh user root authentication-type password//Sets the authentication mode for
the SSH user.
ssh user root service-type stelnet//Sets the login mode of the SSH user to
STelnet.
#
undo nap slave enable
7. Bind gateway NEs' interfaces that are connected to the DCN network to the VPN
instance __dcn_vpn__.
Configure MASG1 as follows:
interface GigabitEthernet7/1/11
negotiation auto
description to-NMS-U2000
ip binding vpn-instance __dcn_vpn__
ip address 130.10.100.1 255.255.255.0
vrrp vrid 22 virtual-ip 130.10.100.10
vrrp vrid 22 priority 120
vrrp vrid 22 preempt-mode timer delay 300
ospf cost 50 //Sets the cost to 50 for routes of MASG1 and to 100 for routes
of MASG2, to implement path selection.
NOTE
If DCN has been enabled globally, check whether DCN has been enabled for the master interface connected
to the U2000. If yes, disable the DCN function. The configurations are as follows:
interface GigabitEthernet7/1/11
undo dcn
ospf 65534 vpn-instance __dcn_vpn__
silent-interface GigabitEthernet7/1/11 //Configures the interface connected
to the U2000 as a silent interface.
NOTE
If DCN has been enabled globally, check whether DCN has been enabled for the master interface connected
to the U2000. If yes, disable the DCN function. The configurations are as follows:
interface GigabitEthernet7/1/11
undo dcn
ospf 65534 vpn-instance __dcn_vpn__
silent-interface GigabitEthernet7/1/11
8. Configure the DCN auto-report function for gateway NEs. After the configuration, run the
disp ip routing-table vpn-instance __dcn_vpn__ command to query routes on the U2000
server.
The following uses MASG1 as an example to illustrate the configuration.
dcn
auto-report//Enables the DCN auto-report function.
9. Configure static routes on the U2000 server, so that the gateway NEs are reachable
to the U2000 server.
10. For details about adding NEs on the U2000, see the Singe-OSS IPRAN ATN+CX (HVPN
& FMC) Network Design.
11. (Optional): When an L3 network needs to be passed through, you need to set static routes
destined for the U2000 for the MASGs. The gateway is located at the ingress interface of
a third-party router.
AS 100 AS 200
Access Aggregation Core
130.10.100.11/24
Eth-Trunk 1
U2000 Server
130.10.101.1/24
GE7/1/11
130.10.100.2/24
CSG2 ASG4 ASBR2 ASBR4 MASG2
DCN Interfaces
b. Other configurations are similar to the scenario when the DCN network is an L2
network and are not illustrated here.
Total Number: 5
For a mobile backhaul network that carries various types of wireless services, proper network
planning and deployment are very important.
8.3 Deploying Local Switching Ethernet Service Bearer and Protection (HVPN+Labeled BGP)
This section describes how to configure local switching Ethernet service bearer and protection
in the HVPN+Labeled BGP solution.
8.4 Deploying Local Switching Ethernet Service Bearer and Protection (Labeled BGP to Edge)
This section describes how to configure local switching Ethernet service bearer and protection
in the Labeled BGP to Edge solution.
VPNv4
In the HVPN+Labeled BGP sub-solution, the roadmap for configuring Ethernet service bearer
and protection is as follows:
1. Deploy MP-iBGP. Configure neighbor relationship in the VPNv4 address family view.
In AS 100
l Set up MP-iBGP peer relationship between CSGs and the master and slave ASGs.
l Set up full-mesh MP-iBGP peer relationship between ASGs and the master and slave
RRs (RR1 and RR2).
l An ASG selectively reflects VPNv4 routes: for a route within the local access ring, the
ASG does not change the next hop; for a route destined for a node on another ring or
domain, the ASG changes the next hop of the route to itself.
In AS 200
Set up full-mesh MP-iBGP peer relationship between MASGs and the master and slave
RRs (RR3 and RR4).
2. Deploy MP-eBGP. Configure neighbor relationship in the VPNv4 address family view.
l Set up MP-eBGP peer relationship between the master RR (RR1) in AS 100 and the
master RR (RR3) in AS 200 (not directly connected).
l Set up MP-eBGP peer relationship between the slave RR (RR2) in AS 100 and the slave
RR (RR4) in AS 200 (not directly connected).
3. Configure VPN services.
l Configure a VPN instance for CSGs and MASGs.
4. Configure protection switching.
l Enable BGP Auto FRR on MASGs, ASBRs, and ASGs.
l Configure VPN FRR on MASGs and CSGs.
5. Two MASG dual-homing protection methods are available: configuring VRRP and
configuring active and standby routes. Configuring VRRP is recommended.
l Configure VRRP.
If SGWs/MMEs connect to MASGs through master and slave interfaces, VRRP over
VLANIF must be configured for the master and slave MASGs for service protection.
– Configure the interconnect interfaces between the master and slave MASGs and the
AC interface as VLANIF interfaces.
– When an MASG pair is connected to multiple pairs of SGW/MME interfaces, deploy
one or more VLANIF interfaces on the MASGs based on the SGW/MME network
segments.
l Deploy active and standby routes.
If an SGW/MME uses its logical interface (similar to the loopback interface of a router)
for communication and must support dual-receiving through master and standby
interfaces, it can support interconnection using active and standby routes.
– In this mode, configure static routes with the same priority from the master and slave
MASGs to SGW/MME, and configure static routes to be advertised to private
network IGP instances. For example, you can set the preference in static routes to
5.
– Enable the private network IGP on the subinterfaces of the interconnected interfaces
between the master and slave MASGs. Configure private network static routes and
IGP routes to be advertised to BGP.
6. MED is used as the parameter to control routes.
l Advertisement of a private network route from a CSG to an MASG
103 103
10
3->
203
50
203
3
203
A private network route from an eNodeB is dually homed to the master and slave ASGs.
The MED value is set to 103 by the master ASG and to 203 by the slave ASG. The
master ASG sends the route to the master RR without modifying the MED value, and
to the slave RR after modifying the MED value from 103 to 503. The slave ASG sends
the route to the master and slave RRs without modifying the MED values. In this case,
the master RR prefers the route from the master ASG, and the slave RR prefers the route
from the slave ASG. The master and slave RRs at the aggregation layer advertise the
routes to the core layer based on the eBGP neighbor relationship. When the core layer
RRs forward the routes to the MASGs, an export policy is configured for the RRs or an
import policy is configured for the MASGs, so that the MASGs can select a route
according to the MED values.
l Advertisement of a private network route from an MASG to a CSG
RR1 RR3
103
103
CSG1 ASG3 ASBR1 ASBR3 MASG1
3
50
103 103
20
3
203
203
The roadmap for configuring E2E Ethernet service bearer and protection is as follows:
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
Label allocation mode apply-label per-instance Enables one VPN route label
to be allocated for each VPN.
Configuring CSGs
Configure the MP-iBGP peer of CSG1.
l Configure MP-BGP.
#
bgp 100
router-id 1.1.1.1
peer 3.3.3.3 as-number 100 //Sets up peer relationship between a CSG and the
master ASG.
peer 3.3.3.3 connect-interface LoopBack0
peer 3.3.3.3 tracking delay 30 //Enables BGP Peer Tracking, to implement FRR
on a network by enabling an NE to quickly detect a fault on a neighbor.
peer 4.4.4.4 as-number 100 //Sets up peer relationship between a CSG and the
slave ASG.
peer 4.4.4.4 connect-interface LoopBack0
peer 4.4.4.4 tracking delay 30
#
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
if-match community-filter
default
#
route-policy vpnv4-to-SRR permit node
20
if-match cost
103
apply ip-address next-hop peer-address //Changes the next hop of a route to
the ASG itself.
apply cost
503
#
route-policy vpnv4-to-SRR permit node
100
apply ip-address next-hop peer-address //Changes the next hop of a route to
the ASG itself.
#
l Configure MP-iBGP.
#
bgp 100
group CSG internal //Sets up an iBGP peer group. Different group names can
be configured for different access rings.
peer CSG connect-interface LoopBack0
peer 1.1.1.1 as-number 100
peer 1.1.1.1 group CSG
peer CSG tracking delay 30
peer CSG timer connect-retry 300 //Sets the connect-retry time to set up BGP
neighbor relationship with a CSG.
#
ipv4-family unicast
undo peer CSG enable
undo peer 1.1.1.1 enable
#
ipv4-family vpnv4
reflect change-path-attribute //Sets an RR to modify the route attributes of
BGP routes by using the export policy.
undo policy vpn-target //Configures the receiving of all VPNv4 routes.
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy vpnv4-to-MRR export
peer 11.11.11.11 advertise-community
peer 11.11.11.11 route-policy vpnv4-from-MRR import
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy vpnv4-to-SRR export
peer 12.12.12.12 advertise-community
peer CSG enable
peer CSG route-policy from-csg-as-master import
peer CSG route-policy to-csg-as-master export
peer CSG reflect-client
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
ipv4-family vpn-target
peer 1.1.1.1 enable
l Configure MP-BGP.
#
bgp 100
group CSG internal
peer CSG connect-interface LoopBack0
peer 1.1.1.1 as-number 100
peer 1.1.1.1 group CSG
peer CSG tracking delay 30
peer CSG timer connect-retry 300
#
ipv4-family unicast
undo peer CSG enable
undo peer 1.1.1.1 enable
#
ipv4-family vpnv4
reflect change-path-attribute
undo policy vpn-target
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy vpnv4-to-MRR export
peer 11.11.11.11 advertise-community
peer 11.11.11.11 route-policy vpnv4-from-MRR import
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy vpnv4-to-SRR export
peer 12.12.12.12 advertise-community
peer CSG enable
peer CSG route-policy from-csg-as-slave import
peer CSG route-policy to-csg-as-slave export
peer CSG reflect-client
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
ipv4-family vpn-target
peer 1.1.1.1 enable
l Configure MP-BGP.
#
bgp 100
peer 13.13.13.13 as-number 200 //Sets up eBGP peer relationship with the
master RR (RR3) in AS 200.
peer 13.13.13.13 ebgp-max-hop 10 //Configures BGP to set up eBGP peer
relationships with the peers on the non-directly-connected network and
specifies the maximum number of hops.
peer 13.13.13.13 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 13.13.13.13 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 3.3.3.3 next-hop-invariable
peer 3.3.3.3 advertise-community
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 next-hop-invariable
peer 4.4.4.4 advertise-community
peer 13.13.13.13 enable
peer 13.13.13.13 next-hop-invariable
peer 13.13.13.13 advertise-community
#
l Configure MP-BGP.
#
bgp 100
peer 14.14.14.14 as-number 200 //Sets up eBGP peer relationship with the slave
RR in AS 200.
l Configure MP-BGP.
#
bgp 200
peer 11.11.11.11 as-number 100
peer 11.11.11.11 ebgp-max-hop 10
peer 11.11.11.11 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 11.11.11.11 enable
#
ipv4-family vpnv4
reflector cluster-id 200
undo policy vpn-target
peer 11.11.11.11 enable
peer 11.11.11.11 next-hop-invariable
peer 11.11.11.11 advertise-community
peer 11.11.11.11 route-policy vpnv4_epc_x2 export //Advertises routes
matching with the EPC to RRs at the aggregation layer, and filters out NMS
routes or other routes with unknown sources.
peer 9.9.9.9 enable
peer 9.9.9.9 reflect-client
peer 9.9.9.9 next-hop-invariable
peer 9.9.9.9 advertise-community
peer 10.10.10.10 enable
peer 10.10.10.10 reflect-client
peer 10.10.10.10 next-hop-invariable
peer 10.10.10.10 advertise-community
#
l Configure MP-BGP.
#
bgp 200
peer 12.12.12.12 as-number 100
peer 12.12.12.12 ebgp-max-hop 10
peer 12.12.12.12 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 12.12.12.12 enable
#
ipv4-family vpnv4
reflector cluster-id 200
undo policy vpn-target
peer 12.12.12.12 enable
peer 12.12.12.12 next-hop-invariable
peer 12.12.12.12 advertise-community
peer 12.12.12.12 route-policy vpnv4_epc_x2 export //Advertises routes
matching with the EPC to RRs at the aggregation layer, and filters out NMS
routes or other routes with unknown sources.
peer 9.9.9.9 enable
peer 9.9.9.9 reflect-client
peer 9.9.9.9 next-hop-invariable
peer 9.9.9.9 advertise-community
peer 10.10.10.10 enable
peer 10.10.10.10 reflect-client
peer 10.10.10.10 next-hop-invariable
peer 10.10.10.10 advertise-community
#
default
#
route-policy vpnv4-to-MRR permit node 100
#
route-policy vpnv4-to-SRR deny node
10
if-match community-filter
default
#
route-policy vpnv4-to-SRR permit node
20
if-match cost
103
apply cost
503
#
route-policy vpnv4-to-SRR permit node 100
#
l Configure MP-BGP.
#
bgp 200
#
ipv4-family vpnv4
policy vpn-target
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy vpnv4-from-MRR import
peer 13.13.13.13 route-policy vpnv4-to-MRR export
peer 13.13.13.13 advertise-community
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy vpnv4-from-SRR import
peer 14.14.14.14 route-policy vpnv4-to-SRR export
peer 14.14.14.14 advertise-community
#
#
route-policy vpnv4-to-SRR deny node
10
if-match community-filter
default
#
route-policy vpnv4-to-SRR permit node
20
if-match cost
103
apply cost
503
#
route-policy vpnv4-to-SRR permit node 100
#
l Configure MP-BGP.
#
bgp 200
#
ipv4-family vpnv4
policy vpn-target
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy vpnv4-from-MRR import
peer 13.13.13.13 route-policy vpnv4-to-MRR export
peer 13.13.13.13 advertise-community
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy vpnv4-from-SRR import
peer 14.14.14.14 route-policy vpnv4-to-SRR export
peer 14.14.14.14 advertise-community
#
Configuring CSGs
Configuring a CSG as follows:
NOTE
If DCN is enabled networkwide, check whether DCN is enabled for the interface connected to the BSC.
If yes, disable the DCN function. The configurations are as follows:
interface Ethernet0/3/0
undo dcn
3. If the eNodeB uses a logical IP address, configure a static route destined to the logical IP
address on the CSG and import the static route to the related VPN instance.
ip route-static vpn-instance LTE-RAN 120.16.1.2 255.255.255.255 192.168.1.2 //
A VPN instance must be configured before the destination IP address. Otherwise,
BGP cannot be imported.
//120.16.1.2 is the logical IP address
of the eNodeB. 192.168.1.2 is the IP address of the eNodeB connected to the
backhaul network.
Configuring ASGs
Because VPN ORF is enabled for the CSGs, VRF must be enabled for the ASGs. If VRF is not
enabled for the ASGs, CSGs cannot receive routes from MASGs. The following uses ASG3 as
an example to illustrate the configuration.
#
ip vpn-instance LTE-RAN
ipv4-family
route-distinguisher 100:100
tnl-policy IPRAN
apply-label per-instance
vpn-target 200:1 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
#
bgp 100
#
ipv4-family vpn-target
peer 1.1.1.1 enable
#
Configuring MASGs
The configuration of L3VPN services for an MASG is correlated with the protection mode. For
details, see Deploying Bearer and Protection for Services Between MASGs and SGWs/
MMEs.
This mode applies to the scenario in which an EPC exchanges (transmits and receives)
packets with MASGs only through one interface but provides two interfaces that work in
master/slave mode for ensuring connection between the SGW/MME and MASGs. The
master and slave interfaces share a common IP address but have different MAC addresses.
– Deploy VRRP on VLANIF interfaces of MASGs, and configure each SGW/MME to
be dual-homed to the MASGs.
– Configure the interfaces that connect an SGW/MME to the master and slave MASGs
to work in master/slave mode and configure the virtual IP address of the VRRP group
as the default gateway IP address. Of the two interfaces, only one interface can receive
packets.
l Active/Standby static routes are configured for protection.
This protection mode applies to the scenario in which an SGW/MME uses a logical interface
(similar to the loopback interface of a router) as its communication address and both the
master/slave interfaces of the SGW/MME can receive packets.
– Deploy private network IGP (either OSPF or IS-IS) between MASGs.
– Configure a static route from MASG1 and MASG2 to the logical address of an SGW/
MME respectively. The two static routes have the same priority.
– Import the static routes to private network IGP for advertisement. Advertise the static
routes and private network IGP routes to BGP.
– Ensure that an SGW/MME can receive packets from both master and slave physical
interfaces. Otherwise, packet loss is serious in the case of a protection switchback.
12.12.12.1/32
virtual-ip
IPRAN
Vla SGW
n1 /MME
00
ASBR4 MASG2
Vlanif 100
192.168.2.2/30
NOTE
This section uses the VRRP group between one pair of devices at the core layer as an example. VRRP groups
can be configured in the same way for other devices at the core layer that require the protection.
1. Create a VLAN.
vlan 100//Creates VLAN 100.
3. Configure a VLAN Trunk between the master MASG and the BSC.
interface GigabitEthernet1/1/2
negotiation auto //Sets a GE interface connected to wireless equipment to work
in auto-negotiation mode (recommended).
portswitch
port-tx-enabling-delay 300000 //Sets the delay of switchback. This command
must be run. If the SGW/MME does not support the delay of switchback, or if
this command is not run, services will fail to be forwarded because of a
restart of the master MASG.
undo shutdown
port link-type trunk//Configures the link type consistently at both ends. The
trunk type is used in this example.
port trunk allow-pass vlan 100
vrrp vrid 100 preempt-mode timer delay 180//Sets the preempt-mode delay on the
router in a VRRP backup group to 180s.
7. Configure BFD.
l Configure BFD for VRRP.
bfd vrrp bind peer-ip 192.168.2.2 vpn-instance LTE-RAN interface Vlanif100
source-ip 192.168.2.1
discriminator local 300
discriminator remote 300
min-tx-interval 50
min-rx-interval 50
commit
9. If an EPC uses a logical IP address, configure a static route destined to the logical IP address.
If the EPC does not use a logical IP address, configure a static route destined to the IP
address of a port on the EPC.
ip route-static vpn-instance LTE-RAN 12.12.12.1 32 192.168.2.101 preference 5
description TO EPC
//A VPN instance must be
configured before the destination IP address. Otherwise, the importing will
fail.
//12.12.12.1 is the logical
IP address of the EPC. 192.168.2.101 is the IP address the EPC uses to directly
connect to the backhaul network.
NOTE
If there are multiple pairs of interconnected devices at the core layer, configure mutiple static routes as
required.
10. Configure route importing to the VPN instance.
The importing of directly-connected routes and static routes is used as an example. In actual
scenarios, routing protocols can be imported as required.
l The configuration is as follows if the non-load sharing mode is used:
ip ip-prefix EPC-Master index 10 permit 12.12.12.0 24 greater-equal 24 less-
equal 32 //12.12.12.1 is the logical IP address of EPC1. The IP addresses
of interfaces on the EPCs can also be used as the routing prefix table.
ip ip-prefix EPC-Master index 20 permit 12.12.13.0 24 greater-equal 24 less-
equal 32 //12.12.13.1 is the logical IP address of EPC2.
route-policy EPC permit node 10
if-match ip-prefix EPC-Master
apply cost 103
apply community 1000:1 additive //Defines the community attribute of routes
on the EPC side.
apply preferred-value 32768 //Sets the MED to 103 for routes imported from
the EPC side and sets the local priority to 32768.
#
route-policy EPC permit node 100
bgp 100
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
1. Create a VLAN.
vlan 100.
3. Configure a VLAN Trunk between the slave MASG and the BSC.
interface GigabitEthernet1/1/2
negotiation auto
portswitch
port-tx-enabling-delay 300000
undo shutdown
port link-type trunk
port trunk allow-pass vlan 100
7. Configure BFD.
l Configure BFD for VRRP.
bfd vrrp bind peer-ip 192.168.2.1 vpn-instance LTE-RAN interface Vlanif100
source-ip 192.168.2.2
discriminator local 300
discriminator remote 300
min-tx-interval 50
min-rx-interval 50
commit
8. Configure VRRP on the slave MASG to track the status of the BFD session. If the BFD
session detects a fault and goes Down, the VRRP group is notified of the status change and
changes VRRP priorities of devices. In this manner, a fast VRRP switchover is
implemented.
interface Vlanif100
vrrp vrid 100 track bfd-session 300 increased 40//Configures the VBRRP to
track the status of BFD sessions, to implement fast switchover between the
master router and the slave router.
10. If an EPC uses a logical IP address, configure a static route destined to the logical IP address.
If the EPC does not use a logical IP address, configure a static route destined to the IP
address of a port on the EPC.
ip route-static vpn-instance LTE-RAN 12.12.12.1 32 192.168.2.101 preference 5
description TO EPC //The preference value is the same as that of the master
MASG, to prevent VPN FRR flapping on ASGs because of an AC-side fault of the
MASG.
11. Configure route importing to a VPN instance and VPN auto FRR.
The importing of directly-connected routes and static routes is used as an example. In actual
scenarios, routing protocols can be imported as required.
l The configuration is as follows if the non-load sharing mode is used:
ip ip-prefix EPC-Slave index 10 permit 12.12.12.0 24 greater-equal 24 less-
equal 32
ip ip-prefix EPC-Slave index 20 permit 12.12.13.0 24 greater-equal 24 less-
equal 32
route-policy EPC permit node 10
if-match ip-prefix EPC-Slave
apply cost 203
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 100
bgp 100
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
#
route-policy EPC permit node 20
if-match ip-prefix EPC-Master
apply cost 103
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 100
bgp 200
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
3. Run the <MASG1> display bfd session peer-ip 192.168.2.2 vpn-instance LTE-RAN
command. The result shows that the BFD session status is UP.
------------------------------------------------------------------------------
--
Local Remote PeerIpAddr State Type InterfaceName
------------------------------------------------------------------------------
--
300 300 192.168.2.2 Up S_IP_IF Vlanif100
------------------------------------------------------------------------------
--
Total UP/DOWN Session Number : 1/0
4. Run the display bgp vpnv4 vpn-instance LTE-RAN routing-table command. The ASG
performs display bgp vpnv4 all routing-table. The result shows that the MED values used
for BGP route advertisement can distinguish active and standby routes.
[CSG1]display bgp vpnv4 vpn-instance LTE-RAN routing-
table
NOTE
When a PE has multiple interfaces bound to the same VPN instance, specify the source IP address
in the ping -vpn-instance command to ping the remote PE. Otherwise, the ping may fail.
6. Run the display ip vpn-instance verbose command to check VPN instance configurations.
7. Run the display ip routing-table vpn-instance XXX command to view the routing table
of the VPN instance.
[CSG1]display ip routing-table vpn-instance LTE-
RAN
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: LTE-RAN
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 Direct 0 0 D 192.168.1.1
GigabitEthernet0/3/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1
GigabitEthernet0/3/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1
GigabitEthernet0/3/0
192.168.2.0/24 IBGP 255 103 RD 3.3.3.3 Tunnel0/0/13
192.168.2.100/32 IBGP 255 103 RD 3.3.3.3 Tunnel0/0/13
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[MASG1]display ip routing-table vpn-instance LTE-RAN
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: LTE-RAN
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 IBGP 255 103 RD 3.3.3.3 Tunnel0/0/97
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif100
192.168.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif100
192.168.2.2/32 Direct 0 0 D 192.168.2.2 Vlanif100
192.168.2.7/32 Direct 0 0 D 192.168.2.7 Vlanif100
192.168.2.100/32 Direct 0 0 D 127.0.0.1 Vlanif100
192.168.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif100
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
8. Run the display bgp vpnv4 vpn-instance LTE-RAN routing-table community 1000:1
command on the MASGs to query advertisement of community attributes of routes on the
EPC side.
[MASG1]display bgp vpnv4 vpn-instance LTE-RAN routing-table community
1000:1
Destination: 192.168.2.0/24
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 103
NextHop: 3.3.3.3 Neighbour: 3.3.3.3
State: Active Adv Relied Age: 00h14m36s
Tag: 0 Priority: low
Label: 155695 QoSInfo: 0x0
IndirectID: 0x24
RelayNextHop: 0.0.0.0 Interface: Tunnel0/0/13
TunnelID: 0x1 Flags: RD
BkNextHop: 4.4.4.4 BkInterface: Tunnel0/0/14
BkLabel: 155702 SecTunnelID: 0x0
kPETunnelID: 0x2 BkPESecTunnelID: 0x0
BkIndirectID: 0x21
NOTICE
Unlike VRRP configuration, when you configure active and standby routes, VPN instances are
imported through physical interfaces rather than VLANIF interfaces.
4. Bind sub-interfaces between MASGs to the VPN instance and enable private network IGP.
interface Eth-trunk 1.5
vlan-type dot1q 5
description to MASG2
undo shutdown
ip binding vpn-instance LTE-RAN
ip address 192.168.2.9 30
isis enable 2
5. Configure BFD for IP to speed up service switching between the MASG and EPC.
bfd master-route bind peer-ip 192.168.2.2 vpn-instance LTE-RAN interface
GigabitEthernet 1/1/2 source-ip 192.168.2.1
//192.168.2.2 is the IP addresses
EPC1 uses to directly connect to MASG1.
discriminator local 10
discriminator remote 10
commit
4. Configure BFD for IP to speed up service switching between the MASG and EPC.
bfd slave-route bind peer-ip 192.168.2.6 vpn-instance LTE-RAN interface
GigabitEthernet 1/1/2 source-ip 192.168.2.5
//192.168.2.6 is the IP addresses
EPC1 uses to directly connect to MASG2.
discriminator local 10
discriminator remote 10
commit
5. Bind sub-interfaces between MASGs to the VPN instance and enable private network IGP.
interface Eth-trunk 1.5
vlan-type dot1q 5
description to MASG1
undo shutdown
ip binding vpn-instance LTE-RAN
ip address 192.168.2.10 30
isis enable 2
Configuring CSGs
The following uses CSG1 as an example to illustrate the configuration.
NOTE
Deploy BFD for TE to speed up VPN FRR. For details about the configuration, see the chapter about
MPLS.
Configuring MASGs
The following uses MASG1 as an example to illustrate the configuration.
NOTE
Deploy BFD for BGP Tunnel to speed up VPN FRR. For details about the configuration, see the
section about configuring MPLS tunnels (BGP LSPs).
Destination: 192.168.2.0/24
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 103
NextHop: 3.3.3.3 Neighbour: 3.3.3.3
State: Active Adv Relied Age: 00h38m39s
Tag: 0 Priority: low
Label: 4177 QoSInfo: 0x0
IndirectID: 0x12
RelayNextHop: 0.0.0.0 Interface: Tunnel0/0/13
TunnelID: 0x1 Flags: RD
BkNextHop: 4.4.4.4 BkInterface: Tunnel0/0/14
BkLabel: 4108 SecTunnelID: 0x0
BkPETunnelID: 0x2 BkPESecTunnelID: 0x0
BkIndirectID: 0xf
VPNv4
In the Labeled BGP to Edge sub-solution, the roadmap for configuring Ethernet service bearer
and protection is as follows:
1. Deploy MP-iBGP. Configure neighbor relationship in the VPNv4 address family view.
In AS 100
l Set up MP-iBGP peer relationship between CSGs and the master and slave ASGs.
l Set up full-mesh MP-iBGP peer relationship between ASGs and the master and slave
RRs (RR1 and RR2).
l During route reflection, no node changes the next hop of routes.
In AS 200
Set up full-mesh MP-iBGP peer relationship between MASGs and the master and slave
RRs (RR3 and RR4).
2. Deploy MP-eBGP.
l Set up MP-eBGP peer relationship between the master RR (RR1) in AS 100 and the
master RR (RR3) in AS 200 (not directly connected).
l Set up MP-eBGP peer relationship between the slave RR (RR2) in AS 100 and the slave
RR (RR4) in AS 200 (not directly connected).
l Set up MP-eBGP peer relationship between ASBR1 and ASBR3 (which are directly
connected to each other).
l Set up MP-eBGP peer relationship between ASBR2 and ASBR4 (which are directly
connected to each other).
3. Configure VPN services.
l Configure a VPN instance for CSGs and MASGs.
4. Configure protection switching.
l Enable BGP FRR on CSGs, MASGs, ASBRs, and ASGs.
l Configure VPN FRR on MASGs and CSGs.
5. Two MASG dual-homing protection methods are available: configuring VRRP and
configuring active and standby routes. Configuring VRRP is recommended.
l Configure VRRP.
To protect the links between MASGs and the MBB core (base station controller side),
configure VRRP over VLANIF between the master and slave MASGs.
a. Configure the interfaces that connect the master and slave MASGs and the
interfaces that connect to the RNC to be Layer 2 switch interfaces, and add these
interfaces to a VLAN.
b. Create a VLANIF interface on the master and slave MASGs and configure VRRP.
c. Deploy BFD between the master and slave MASGs, to detect Layer 2
interconnection links and peer-end private network addresses, and to enable faster
protection switching.
d. Configure the hold-off time of VRRP switchback for the master MASG.
l Deploy active and standby routes.
If an SGW/MME uses its logical interface (similar to the loopback interface of a router)
for communication and must support dual-receiving through master and standby
interfaces, it can support interconnection using active and standby routes.
– In this mode, configure static routes with the same priority from the master and slave
MASGs to SGW/MME, and configure static routes to be advertised to private
network IGP instances. For example, you can set the preference in static routes to
5.
– Enable the private network IGP on the subinterfaces of the interconnected interfaces
between the master and slave MASGs. Configure private network static routes and
IGP routes to be advertised to BGP.
6. MED is used as the parameter to control routes.
l Advertisement of a private network route from a CSG to an MASG
103 103
10
3->
203
50
203
3
203
A private network route from an eNodeB is dually homed to the master and slave ASGs.
The MED value is set to 103 by the master ASG and to 203 by the slave ASG. The
master ASG sends the route to the master RR without modifying the MED value, and
to the slave RR after modifying the MED value from 103 to 503. The slave ASG sends
the route to the master and slave RRs without modifying the MED values. In this case,
the master RR prefers the route from the master ASG, and the slave RR prefers the route
from the slave ASG. The master and slave RRs at the aggregation layer advertise the
routes to the core layer based on the eBGP neighbor relationship. When the core layer
RRs forward the routes to the MASGs, an export policy is configured for the RRs or an
import policy is configured for the MASGs, so that the MASGs can select a route
according to the MED values.
l Advertisement of a private network route from an MASG to a CSG
RR1 RR3
103
103
CSG1 ASG3 ASBR1 ASBR3 MASG1
3
50
103 103
20
3
203
203
The roadmap for configuring E2E Ethernet service bearer and protection is as follows:
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
Label allocation mode apply-label per-instance Enables one VPN route label
to be allocated for each VPN.
Setting the - - - - -
next hop to the
local IP
address
Configuring CSGs
In the Labeled BGP to Edge sub-solution, the basic BGP configuration (such as router IDs and
the unicast address family) for CSGs have been completed during MPLS tunnel deployment.
The following uses CSG1 as an example to describe how to configure MP-BGP for a CSG.
l Configure MP-BGP.
#
bgp100
#
peer 3.3.3.3 tracking delay 30 //Enables BGP Peer Tracking, to implement FRR
on a network by enabling an NE to quickly detect a fault on a neighbor.
peer 4.4.4.4 tracking delay 30
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ipv4-family vpn-instance LTE-RAN
import-route direct
#
apply preferred-value 10
#
l Configure MP-BGP.
#
bgp 100
#
peer CSG tracking delay 30
peer CSG timer connect-retry 300 //Sets the connect-retry time to set up BGP
neighbor relationship with a CSG.
#
ipv4-family vpnv4
reflect change-path-attribute
undo policy vpn-target
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy vpnv4-to-MRR export
peer 11.11.11.11 advertise-community
peer 11.11.11.11 route-policy vpnv4-from-MRR import
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy vpnv4-to-SRR export
peer 12.12.12.12 advertise-community
peer CSG enable
peer CSG route-policy from-csg-as-master import
peer CSG route-policy to-csg-as-master export
peer CSG reflect-client
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
#
route-policy prefer permit node
10
apply preferred-value 32768
#
route-policy vpnv4-from-MRR permit node 10 //Sets the ingress routing policy
for receiving routes from the master RR, to increase the priority of EPC routes
sent from the master MASG.
if-match community-filter epc
apply preferred-value 10
#
l Configure MP-BGP.
#
bgp 100
#
peer CSG tracking delay 30
peer CSG timer connect-retry 300
#
ipv4-family vpnv4
reflect change-path-attribute
undo policy vpn-target
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy vpnv4-to-MRR export
peer 11.11.11.11 advertise-community
peer 11.11.11.11 route-policy vpnv4-from-MRR import
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy vpnv4-to-SRR export
peer 12.12.12.12 route-policy prefer import
peer 12.12.12.12 advertise-community
peer CSG enable
peer CSG route-policy from-csg-as-slave import
peer CSG route-policy to-csg-as-slave export
peer CSG reflect-client
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
Configuring CSGs
Configuring a CSG as follows:
NOTE
If DCN is enabled networkwide, check whether DCN is enabled for the interface connected to the BSC.
If yes, disable the DCN function. The configurations are as follows:
interface Ethernet0/3/0
undo dcn
3. If the eNodeB uses a logical IP address, configure a static route destined to the logical IP
address on the CSG and import the static route to the related VPN instance.
ip route-static vpn-instance LTE-RAN 120.16.1.2 255.255.255.255 192.168.1.2 //
A VPN instance must be configured before the destination IP address. Otherwise,
BGP cannot be imported.
//120.16.1.2 is the logical IP address
of the eNodeB. 192.168.1.2 is the IP address of the eNodeB connected to the
backhaul network.
Configuring MASGs
The configuration of L3VPN services for an MASG is correlated with the protection mode. For
details, see Deploying Bearer and Protection for Services Between MASGs and SGWs/
MMEs.
192.168.2.100
12.12.12.1/32
virtual-ip
IPRAN
Vla SGW
n1 /MME
00
ASBR4 MASG2
Vlanif 100
192.168.2.2/30
NOTE
This section uses the VRRP group between one pair of devices at the core layer as an example. VRRP groups
can be configured in the same way for other devices at the core layer that require the protection.
1. Create a VLAN.
vlan 100//Creates VLAN 100.
3. Configure a VLAN Trunk between the master MASG and the BSC.
interface GigabitEthernet1/1/2
negotiation auto //Sets a GE interface connected to wireless equipment to work
in auto-negotiation mode (recommended).
portswitch
port-tx-enabling-delay 300000 //Sets the delay of switchback. This command
must be run. If the SGW/MME does not support the delay of switchback, or if
this command is not run, services will fail to be forwarded because of a
restart of the master MASG.
undo shutdown
port link-type trunk//Configures the link type consistently at both ends. The
trunk type is used in this example.
port trunk allow-pass vlan 100
7. Configure BFD.
l Configure BFD for VRRP.
bfd vrrp bind peer-ip 192.168.2.2 vpn-instance LTE-RAN interface Vlanif100
source-ip 192.168.2.1
discriminator local 300
discriminator remote 300
min-tx-interval 50
min-rx-interval 50
commit
9. If an EPC uses a logical IP address, configure a static route destined to the logical IP address.
If the EPC does not use a logical IP address, configure a static route destined to the IP
address of a port on the EPC.
ip route-static vpn-instance LTE-RAN 12.12.12.1 32 192.168.2.101 preference 5
description TO EPC
//A VPN instance must be
configured before the destination IP address. Otherwise, the importing will
fail.
//12.12.12.1 is the logical
IP address of the EPC. 192.168.2.101 is the IP address the EPC uses to directly
connect to the backhaul network.
NOTE
If there are multiple pairs of interconnected devices at the core layer, configure mutiple static routes as
required.
10. Configure route importing to the VPN instance.
The importing of directly-connected routes and static routes is used as an example. In actual
scenarios, routing protocols can be imported as required.
l The configuration is as follows if the non-load sharing mode is used:
ip ip-prefix EPC-Master index 10 permit 12.12.12.0 24 greater-equal 24 less-
equal 32 //12.12.12.1 is the logical IP address of EPC1. The IP addresses
of interfaces on the EPCs can also be used as the routing prefix table.
ip ip-prefix EPC-Master index 20 permit 12.12.13.0 24 greater-equal 24 less-
equal 32 //12.12.13.1 is the logical IP address of EPC2.
route-policy EPC permit node 10
if-match ip-prefix EPC-Master
apply cost 103
apply community 1000:1 additive //Defines the community attribute of routes
on the EPC side.
apply preferred-value 32768 //Sets the MED to 103 for routes imported from
the EPC side and sets the local priority to 32768.
#
route-policy EPC permit node 100
bgp 100
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
1. Create a VLAN.
vlan 100.
3. Configure a VLAN Trunk between the slave MASG and the BSC.
interface GigabitEthernet1/1/2
negotiation auto
portswitch
port-tx-enabling-delay 300000
undo shutdown
port link-type trunk
port trunk allow-pass vlan 100
7. Configure BFD.
l Configure BFD for VRRP.
bfd vrrp bind peer-ip 192.168.2.1 vpn-instance LTE-RAN interface Vlanif100
source-ip 192.168.2.2
discriminator local 300
discriminator remote 300
min-tx-interval 50
min-rx-interval 50
commit
8. Configure VRRP on the slave MASG to track the status of the BFD session. If the BFD
session detects a fault and goes Down, the VRRP group is notified of the status change and
changes VRRP priorities of devices. In this manner, a fast VRRP switchover is
implemented.
interface Vlanif100
vrrp vrid 100 track bfd-session 300 increased 40//Configures the VBRRP to
track the status of BFD sessions, to implement fast switchover between the
master router and the slave router.
10. If an EPC uses a logical IP address, configure a static route destined to the logical IP address.
If the EPC does not use a logical IP address, configure a static route destined to the IP
address of a port on the EPC.
11. Configure route importing to a VPN instance and VPN auto FRR.
The importing of directly-connected routes and static routes is used as an example. In actual
scenarios, routing protocols can be imported as required.
l The configuration is as follows if the non-load sharing mode is used:
ip ip-prefix EPC-Slave index 10 permit 12.12.12.0 24 greater-equal 24 less-
equal 32
ip ip-prefix EPC-Slave index 20 permit 12.12.13.0 24 greater-equal 24 less-
equal 32
route-policy EPC permit node 10
if-match ip-prefix EPC-Slave
apply cost 203
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 100
bgp 100
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
3. Run the <MASG1> display bfd session peer-ip 192.168.2.2 vpn-instance LTE-RAN
command. The result shows that the BFD session status is UP.
------------------------------------------------------------------------------
--
Local Remote PeerIpAddr State Type InterfaceName
------------------------------------------------------------------------------
--
300 300 192.168.2.2 Up S_IP_IF Vlanif100
------------------------------------------------------------------------------
--
Total UP/DOWN Session Number : 1/0
4. Run the display bgp vpnv4 vpn-instance LTE-RAN routing-table command. The ASG
performs display bgp vpnv4 all routing-table. The result shows that the MED values used
for BGP route advertisement can distinguish active and standby routes.
[CSG1]display bgp vpnv4 vpn-instance LTE-RAN routing-
table
NOTE
When a PE has multiple interfaces bound to the same VPN instance, specify the source IP address
in the ping -vpn-instance command to ping the remote PE. Otherwise, the ping may fail.
6. Run the display ip vpn-instance verbose command to check VPN instance configurations.
7. Run the display ip routing-table vpn-instance XXX command to view the routing table
of the VPN instance.
[CSG1]display ip routing-table vpn-instance LTE-
RAN
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: LTE-RAN
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 Direct 0 0 D 192.168.1.1
GigabitEthernet0/3/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1
GigabitEthernet0/3/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1
GigabitEthernet0/3/0
192.168.2.0/24 IBGP 255 103 RD 3.3.3.3 Tunnel0/0/13
192.168.2.100/32 IBGP 255 103 RD 3.3.3.3 Tunnel0/0/13
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[MASG1]display ip routing-table vpn-instance LTE-RAN
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: LTE-RAN
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 IBGP 255 103 RD 3.3.3.3 Tunnel0/0/97
8. Run the display bgp vpnv4 vpn-instance LTE-RAN routing-table community 1000:1
command on the MASGs to query advertisement of community attributes of routes on the
EPC side.
[MASG1]display bgp vpnv4 vpn-instance LTE-RAN routing-table community
1000:1
Destination: 192.168.2.0/24
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 103
NextHop: 3.3.3.3 Neighbour: 3.3.3.3
State: Active Adv Relied Age: 00h14m36s
Tag: 0 Priority: low
Label: 155695 QoSInfo: 0x0
IndirectID: 0x24
RelayNextHop: 0.0.0.0 Interface: Tunnel0/0/13
TunnelID: 0x1 Flags: RD
BkNextHop: 4.4.4.4 BkInterface: Tunnel0/0/14
BkLabel: 155702 SecTunnelID: 0x0
kPETunnelID: 0x2 BkPESecTunnelID: 0x0
BkIndirectID: 0x21
not functioning properly. In this case, the EPC uses the IP address of a logical interface as the
destination address. Static routes advertised by the master and slave interfaces of the EPC have
different priorities.
NOTICE
Unlike VRRP configuration, when you configure active and standby routes, VPN instances are
imported through physical interfaces rather than VLANIF interfaces.
4. Bind sub-interfaces between MASGs to the VPN instance and enable private network IGP.
interface Eth-trunk 1.5
vlan-type dot1q 5
description to MASG2
undo shutdown
ip binding vpn-instance LTE-RAN
ip address 192.168.2.9 30
isis enable 2
5. Configure BFD for IP to speed up service switching between the MASG and EPC.
bfd master-route bind peer-ip 192.168.2.2 vpn-instance LTE-RAN interface
GigabitEthernet 1/1/2 source-ip 192.168.2.1
//192.168.2.2 is the IP addresses
EPC1 uses to directly connect to MASG1.
discriminator local 10
discriminator remote 10
commit
4. Configure BFD for IP to speed up service switching between the MASG and EPC.
bfd slave-route bind peer-ip 192.168.2.6 vpn-instance LTE-RAN interface
GigabitEthernet 1/1/2 source-ip 192.168.2.5
//192.168.2.6 is the IP addresses
EPC1 uses to directly connect to MASG2.
discriminator local 10
discriminator remote 10
commit
5. Bind sub-interfaces between MASGs to the VPN instance and enable private network IGP.
interface Eth-trunk 1.5
vlan-type dot1q 5
description to MASG1
undo shutdown
ip binding vpn-instance LTE-RAN
ip address 192.168.2.10 30
isis enable 2
Configuring CSGs
The following uses CSG1 as an example to illustrate the configuration.
NOTE
Deploy BFD for TE to speed up VPN FRR. For details about the configuration, see the chapter about
MPLS.
Configuring MASGs
The following uses MASG1 as an example to illustrate the configuration.
NOTE
Deploy BFD for BGP Tunnel to speed up VPN FRR. For details about the configuration, see the
section about configuring MPLS tunnels (BGP LSPs).
Destination: 192.168.2.0/24
Protocol: IBGP Process ID: 0
Preference: 255 Cost: 103
NextHop: 3.3.3.3 Neighbour: 3.3.3.3
State: Active Adv Relied Age: 00h38m39s
Local switching Ethernet services are also called LTE X2 services. An IP tunnel is set up between
eNodeBs to transmit LTE X2 packets along the shortest path. LTE X2 packets make up
approximately 5% of total traffic.
LTE X2 services are subordinate to LTE S1 services and cannot be independently deployed.
LTE X2 services can be deployed only after LTE S1 services are deployed.
LTE X2 services are mainly carried over LDP LSPs. It is recommended to configure the same
VPN instance for LTE X2 and LTE S1 services. Separate VPN instances can also be configured.
CSG2 ASG4
CSG3
CSGn ASGm
LTE X2 service forwarding between CSGs
LTE X2 service forwarding over ASG
LTE X2 service forwarding between ASGs
l Exchanged between CSGs on the same ring along the shortest path
l Exchanged between access rings connected to the same ASG pair through the ASGs along
the shortest path
l Exchanged between access rings connected to different ASG pairs through the ASGs
l LTE X2 services are forwarded along the shortest paths within an access ring or across
access rings. LTE X2 services are transmitted through specific routes within an access ring
from the source CSG to the destination CSG directly.
l LTE X2 services are transmitted across access rings through default routes. Services are
forwarded to an ASG connected to the local ring and then to the ASG on the destination
ring through a specific route between the two ASGs. Then, the ASG on the destination ring
forwards services to the destination CSG.
l Private network routes advertised by a CSG are reflected by an ASG (with inline RR) to
another CSG on the same ring based on the RT value carried by the route. The ASG does
not change the next hop of the route.
l For a route destined for a node on another access ring, the ASG changes the next hop to
itself, and forwards the route to an RR, which reflects the route to another ASG.
l The ASG advertises a default route to all subordinate CSGs, to support transmission of
LTE X2 services across access rings. Therefore, VRF (IP forwarding) must be configured
for the ASG to support the advertisement of default routes.
l Use RT values to control routes of CSGs. RT values are planned by access ring (or ASG
pair) to control the advertisement of LTE X2 service routes.
l Deploy BGP ORF for the CSGs and ASGs to reduce route advertisement load and restrict
routes advertised by other rings to the local ring.
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
It is recommended to configure the same VPN instance for LTE X2 and S1 services and plan
VPN parameters consistently for both types of services. To prevent CSGs from receiving
network-wide private network routes, RT filtering is preferred to control CSG routes. In this
case, you need to plan different RT values for CSGs connected to one ASG pair. The design can
be performed by ASG pair or by access ring.
The workload for planning RTs by access ring is heavy. Therefore, it is recommended to plan
RTs by ASG pair. The planning details are as follows:
Acc
RT- RT- AS RT-
ess AS RT-
impo expor G impo RT-export RT-import
Rin G export
rt t Pair rt
g
Acce
ASG
ss 1:1; 1:1; ASG 200:1;
pair 100:1
ring 200:1 100:1 3 100:1
1
1
Acce
ASG
ss 1:1; 1:1; ASG 200:1;
pair 100:1
ring 200:1 100:1 4 100:1
1
2
Acce
ASG
ss 1:m; 1:m; ASG 200:1;
pair 100:1
ring 200:1 100:1 5 100:1
m
m
Acce
ASG
ss 1:m; 1:m; ASG 200:1;
pair 100:1
ring 200:1 100:1 6 100:1
m
n
Configuring CSGs
The VPN instance and VPN route advertisement have been configured. In this section, you only
need to bind service interfaces to the VPN instance.
The following uses CSG1 as an example to illustrate the configuration.
l Configure service interfaces.
interface Ethernet0/3/0.100
vlan-type dot1q 100
ip binding vpn-instance LTE-RAN//Binds a VPN instance with the corresponding
service interfaces.
ip address 192.168.3.1 255.255.255.0
ip vpn-instance LTE-RAN
ipv4-family
vpn-target 1:1 100:1 export-extcommunity
Configuring ASGs
Configure the master and slave ASGs. The following uses ASG3 (the master ASG) as an example
to illustrate the configuration.
1. Configure a VPN instance.
Create a VPN instance based on the carried services.
ip vpn-instance LTE-RAN//Creates a VPN instance for ETH services.
ipv4-family
route-distinguisher 100:100//A VPN instance IPv4 address family takes effect
only after being configured with an RD.
tnl-policy IPRAN
apply-label per-instance
vpn-target 100:1 200:1 export-extcommunity
vpn-target 100:1 import-extcommunity
3. Configure linkage for the default routes to prevent a black hole route.
ip route-static vpn-instance LTE-RAN 0.0.0.0 0 192.168.21.21//Associates the
default route to the private network loopback IP address of an MASG.
NOTE
Before running this command, verify that tunnels have been set up successfully between all ASGs and the
loopback IP addresses of all associated MASGs.
4. Configure VPN routes for ASGs.
route-policy preferred-value permit node 10 //Configures a routing policy so
that local default routes are preferred and sets the community attribute.
apply community 1000:2 additive
apply preferred-value 32768
bgp 100
ipv4-family vpn-instance LTE-RAN
network 0.0.0.0 route-policy preferred-value//Advertises the default route
in the VPN.
NOTE
Configure the slave ASG (ASG4) similarly as the master ASG (ASG3).
Configuring MASGs
The VPN instance and VPN route advertisement have been configured. Configure the MASGs
similar as configuring MASGs for S1 services. In addition, configure the network to prevent
black hole routes.
The following uses MASG1 as an example. Configure the private network loopback interface
and bind the the loopback interface to the VPN instance.
interface LoopBack5
ip binding vpn-instance LTE-RAN
ip address 192.168.21.21 255.255.255.255//Sets the private network loopback IP
addresses to the same for the master and slave MASGs.
2. Run the display bgp vpnv4 vpn-instance LTE-RAN routing-table community 1000:2
command on ASGs to query advertisement of community attributes of routes.
[ASG3]display bgp vpnv4 vpn-instance LTE-RAN routing-table community 1000:2
BGP Local router ID is
3.3.3.3
Status codes: * - valid, > - best, d -
damped,
h - history, i - internal, s - suppressed, S -
Stale
Origin : i - IGP, e - EGP, ? -
incomplete
VPN-Instance LTE-RAN, Router ID
3.3.3.3:
Local switching Ethernet services are also called LTE X2 services. An IP tunnel is set up between
eNodeBs to transmit LTE X2 packets along the shortest path. LTE X2 packets make up
approximately 5% of total traffic.
LTE X2 services are subordinate to LTE S1 services and cannot be independently deployed.
LTE X2 services can be deployed only after LTE S1 services are deployed.
LTE X2 services are mainly carried over LDP LSPs. It is recommended to configure the same
VPN instance for LTE X2 and LTE S1 services. Separate VPN instances can also be configured.
CSG2 ASG4
CSG3
CSGn ASGm
LTE X2 service forwarding between CSGs
LTE X2 service forwarding over ASG
LTE X2 service forwarding between ASGs
Aggregation
VRF
VRF
ASG
ASG
Access 1 Inter-ring X2
VRF Access 2
VRF
ASG
ASG
VRF Intra-ring X2
VRF VRF
CSG
eNodeB CSG CSG
eNodeB eNodeB
In addition, inter-AS BGP LSPs must be set up between CSGs on different rings. The loopback
addresses of the CSGs are advertised to each other using the Labeled BGP. Routing policies
must be configured for ASGs, to control public network routes and filter routes from access
rings irrelevant to the X2 services.
Within an access ring, there are specific routes by nature. For LTE X2 services across rings,
specific routes must be configured. Therefore, based on RT design, the import RT values must
include the RT values of the neighbor rings.
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
It is recommended to configure the same VPN instance for LTE X2 and S1 services and plan
the VPN parameters consistently.
Acc
RT- RT- AS RT-
ess AS RT-
impo expor G impo RT-export RT-import
Rin G export
rt t Pair rt
g
Acce ASG
1:1;1: ASG
ss 1:1;10 3,
5;200: pair - -
ring 0:1 ASG
1 1
1 4
- -
Acce ASG
1:5;1: ASG
ss 1:5;10 53,
1;200: pair - -
ring 0:1 ASG
1 5
50 54
Configuring CSG1
The following uses CSG1 as an example to illustrate the configuration.
l Configure service interfaces.
interface Ethernet0/3/0.100
vlan-type dot1q 100
Configuring CSG50
The following uses CSG50 as an example to illustrate the configuration.
l Configure service interfaces.
interface Ethernet0/3/0.100
vlan-type dot1q 100
ip binding vpn-instance LTE-RAN//Binds a VPN instance with the corresponding
service interfaces.
ip address 192.168.50.1 255.255.255.0
ip vpn-instance LTE-RAN
ipv4-family
vpn-target 1:5 100:1 export-extcommunity //Adds an RT value for the exported
VPN routes to home them to ASG pair 5 (ASG53 and ASG54), so that the CSGs homed
to ASG pair 1 (ASG3 and ASG4) can receive the routes.
vpn-target 1:5 1:1 200:1 import-extcommunity //Enables an NE to receive VPN
routes from CSGs homed to ASG pair 5 and ASG pair 1.
Configuring ASG3
Configure the master and slave ASGs. The following uses ASG3 (the master ASG) as an example
to illustrate the configuration.
1. Configure MP-BGP. Configure a routing policy to control public network routes, and filter
routes from access rings irrelevant to the exchange of the X2 services, to ensure that inter-
AS BGP LSPs are set up between CSGs on different access rings.
#
ip ip-prefix MASG1 index 10 permit 9.9.9.9 32
ip ip-prefix MASG2 index 10 permit 10.10.10.10
32
#
ip community-filter access1 permit 1:1
ip community-filter access50 permit 1:50 //Allows the receiving of routes from
CSG50.
#
route-policy ipv4-from-csg permit node 10
apply cost 50
apply community 1:1 additive //Adds the community attribute 1:1 to routes from
CSG1.
apply preferred-value 32768
#
route-policy ipv4-to-csg permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 50
apply mpls-label
#
route-policy ipv4-to-csg permit node 20
if-match mpls-label
if-match ip-prefix MASG2
apply cost 100
apply mpls-label
#
#
bgp 100
#
ipv4-family unicast
peer CSG enable
peer CSG route-policy ipv4-from-csg import
peer CSG route-policy ipv4-to-csg export
peer CSG reflect-client
peer CSG next-hop-local
peer CSG label-route-capability
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
NOTE
Configure the slave ASG (ASG4) similarly as the master ASG (ASG3).
Configuring ASG53
For basic configurations of ASG53, see the previous part of this manual. Configure the master
and slave ASGs. The following uses ASG53 (the master ASG) as an example to illustrate the
configuration.
1. Configure MP-BGP. Configure a routing policy to control public network routes, and filter
routes from access rings irrelevant to the exchange of the X2 services, to ensure that inter-
AS BGP LSPs are set up between CSGs on different access rings.
#
ip ip-prefix MASG1 index 10 permit 9.9.9.9 32
ip ip-prefix MASG2 index 10 permit 10.10.10.10
32
#
ip community-filter access1 permit 1:1
ip community-filter access50 permit 1:50
#
route-policy ipv4-from-csg permit node 10
apply cost 50
apply community 1:50 additive
apply preferred-value 32768
#
route-policy ipv4-to-csg permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 50
apply mpls-label
#
route-policy ipv4-to-csg permit node 20
if-match mpls-label
if-match ip-prefix MASG2
apply cost 100
apply mpls-label
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match community-filter access50
#
bgp 100
#
ipv4-family unicast
peer CSG enable
peer CSG route-policy ipv4-from-csg import
peer CSG route-policy ipv4-to-csg export
peer CSG reflect-client
peer CSG next-hop-local
peer CSG label-route-capability
peer 50.50.50.50 enable
peer 50.50.50.50 group CSG
#
The scheduling requirements on different services from base stations are different. On an
IPRAN, the transmission of high-priority services must be ensured, so it is recommended to use
the uniform mode in a DiffServ domain and disable the write-back of priorities to wireless
services according to priorities on the bearer network at egress interfaces, to ensure consistency
of DSCP values of wireless packets from end to end.
For Ethernet services on a mobile backhaul network, configure priority-based scheduling after
configuring DSCP-based simple traffic classification and priority mapping. Deploy the DiffServ
domain according to the desired priority mapping rules.
NOTE
For Ethernet services, 802.1p-based simple traffic classification be also be configured. DSCP-based simple
traffic classification is recommended in the MBB solution and is used as an example in this section.
QoS must be configured on interfaces that carry services to schedule the services by
priority. For example, configure QoS for an interface or sub-interface that carries services.
Configure QoS in the same way if an NNI or a network-side sub-interface carries services.
The major roadmap for configuring QoS in the case of simple traffic classification is as follows:
l CSG: After a DiffServ domain is deployed for a CSG according to the priority mapping
rules, the CSG performs traffic classification and priority mapping based on DSCP values,
and performs priority-based scheduling.
l ASG: An ASG performs priority mapping based on MPLS EXP values and then performs
priority-based scheduling.
l MASG: After a DiffServ domain is deployed for an MASG according to the priority
mapping rules, the MASG performs traffic classification and priority mapping based on
DSCP values, and performs priority-based scheduling.
NOTICE
Base stations and RNCs do not allow any modification to DSCP values included in IP packets
sent between them. If DSCP values are modified during transmission, base stations or RNCs
will report alarms. The DSCP has 64 optional values while the MPLS EXP has only 8 optional
values (namely, 0, 10, 18, 26, 34, 46, 48, and 56). If an IP packet from a base station or RNC
takes a DSCP value other than the eight MPLS EXP values, the DSCP value will be changed to
one of the eight MPLS EXP values at the egress interface of the router on the network. It is
recommended to set the DSCP values of IP packets from a base station or RNC to the standard
values. PHB mapping can be disabled in some scenarios.
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
Real-time voice 46 5 EF PQ
services,
signaling (R99
conversational,
R99 streaming),
and clock
signals
Non-real-time 0 0 BE PQ+WFQ
HSDPA
services
(HSDPA
interactive,
HSDPA
background)
IMS 5 46 (EF) 5 PQ
signaling
OM - MML 46 (EF) 5 PQ
IP clock - - 46 (EF) 5 PQ
Passing-by - - - - -
traffic
Configuring CSGs
The following uses CSG1 as an example to illustrate the configuration.
Configuring ASGs
The following uses ASG3 as an example to illustrate the configuration.
For details, see the CSG design guidelines. If a new DiffServ domain is created, it is
recommended to configure the same priority mapping rules network-wide.
2. Bind the NNI to the DiffServ domain.
interface GigabitEthernet1/0/1
trust upstream default
qos phb disable
interface GigabitEthernet1/0/0
trust upstream default
qos phb disable
interface GigabitEthernet2/0/1
trust upstream default
qos phb disable
3. Users can copy the EXP values of outer labels to EXP of inner labels as desired.
#
bgp 100
peer 10.5.7.2 exp-mode uniform //Copies the EXP values on TE tunnels
or LDP LSPs in an AS to the EXP fields of BGP LSPs based on the BGP neighbor
relationship.
3. (Optional) Users can copy the EXP values of outer labels to EXP of inner labels as desired.
#
bgp 200
peer 10.5.7.1 exp-mode uniform //Copies the EXP values on TE tunnels
or LDP LSPs in an AS to the EXP fields of BGP LSPs based on the BGP neighbor
relationship.
Configuring MASGs
The following uses MASG1 as an example to illustrate the configuration.
1. Configure a DiffServ domain.
For details, see the CSG design guidelines. If a new DiffServ domain is created, it is
recommended to configure the same priority mapping rules network-wide.
2. Bind the service ingress interface to the DiffServ domain.
l If the MASGs interconnect with the BSC in VRRP mode, configure QoS for the service
interface as follows:
interface Eth-Trunk 1
trust upstream default vlan 100
qos phb disable vlan 100
interface GigabitEthernet1/1/2
trust upstream default vlan 100
qos phb disable vlan 100
l If the MASGs interconnect with the BSC through active and standby routes, configure
QoS for the service interface as follows:
interface GigabitEthernet1/1/2
trust upstream default
qos phb disable
interface GigabitEthernet2/0/0.1
trust upstream default
qos phb disable
After simple traffic classification is configured, if traffic shaping and bandwidth must be
configured for queues, configure HQoS as follows:
Configuring CSGs
1. Configure a flow queue profile and a QoS profile.
flow-queue csg-uni//Creates a flow queue profile. The default mapping will be
used if the mapping is not modified in the domain. Run the display flow-queue
configuration command to view default priority mappings.
queue ef pq shaping 200//Modifies the scheduling mode of a flow queue. In this
example, priority queuing (PQ) is used for EF queues, and the traffic shaping
rate is 200 kbit/s.
queue cs6 pq shaping 70
#
qos-profile csg-uni//Configures a QoS profile.
user-queue cir 4000 pir 4000 flow-queue csg-uni//Configures queue bandwidth
and binds the bandwidth to a flow queue.
Configuring MASGs
1. Configure a flow queue profile and a QoS profile.
flow-queue masg-uni//Creates a flow queue profile. The default mapping will be
used if the mapping is not modified in the domain. Run the display flow-queue
configuration command to view default priority mappings.
queue ef pq shaping 2000//Modifies the scheduling mode of a flow queue. In
this example, priority queuing (PQ) is used for EF queues, and the traffic
If active and standby routes are configured on the MASG side, configure QoS for service
interfaces as follows:
interface GigabitEthernet1/1/2
qos-profile masg-uni inbound
Enterprise services are common in an IDEAL solution. The hierarchical VPN architecture
supports the access of massive amount of enterprise services. Most enterprise services are L2
enterprise services, including P2P enterprise services and MP2MP enterprise services.
As shown in Figure 9-1, an MS-PW is set up between CSG1 and CSG31, and the intermediate
ASG is the switching node, to transmit P2P enterprise services.
CSG2 CSG32
ASG4 ASBR 2 ASBR 4 ASBR6 ASBR 8 ASG34
Secondary
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
CSG1 CSG31
GigabitEthernet0/2/19.1 GigabitEthernet0/2/19.1
Local discriminator 51 51
Remote discriminator 51 51
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3//PWs use extended LDP signaling to distribute VPN
labels. Therefore, a remote MPLS LDP session needs to be configured between the
two ends of a PW.
remote-ip 3.3.3.3
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
2. Configure a PW profile.
#
pw-template
eth
vlan-type dot1q
11
mpls l2vpn stream-dual-receiving //Allows both the active and standby PWs to
receive packets.
#
2. Configure PW switching.
#
2. Configure PW switching.
#
2. Configure PW switching.
#
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 31.31.31.31
remote-ip 31.31.31.31
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
2. Configure PW switching.
#
2. Configure a PW profile.
#
pw-template
eth
vlan-type dot1q
11
mpls l2vpn stream-dual-receiving //Allows both the active and standby PWs to
receive packets.
#
session state :
up
AC status :
up
VC state :
up
Label state :
0
Token state :
0
VC ID :
500
VC type :
VLAN
destination :
3.3.3.3
BFD for PW :
available
active state :
active
forwarding entry :
exist
OAM Protocol :
--
OAM Status :
--
PW APS ID :
0
PW APS Status :
--
TTL Value :
1
link state :
up
PW template name :
eth
primary or secondary :
primary
Access-port :
false
Switchover Flag :
false
NKey :
71
PW redundancy mode :
master
AdminPw interface :
--
Diffserv Mode :
uniform
Service Class :
--
Color :
--
DomainId :
--
Domain Name :
--
session state :
up
AC status :
up
VC state :
up
Label state :
0
Token state :
0
VC ID :
501
VC type :
VLAN
destination :
4.4.4.4
BFD for PW :
unavailable
VCCV State :
up
active state :
inactive
forwarding entry :
exist
OAM Protocol :
--
OAM Status :
--
PW APS ID :
0
PW APS Status :
--
TTL Value :
1
link state :
up
PW template name :
eth
primary or secondary :
secondary
Access-port :
false
NKey :
73
PW redundancy mode :
master
AdminPw interface :
--
--
Diffserv Mode :
uniform
Service Class :
--
Color :
--
DomainId :
--
Domain Name :
--
Protect Resource :
available
VC ID : 502,
500
VC Type :
VLAN
VC State :
up
Switch-l2vc tunnel
info :
NKey : 1,
3
Control-Word transparent :
YES
NOTICE
The planned detection period of BFD for PW is 150 ms.
Configuring CSG1
l Configure BFD for the active PW on CSG1.
bfd eth_primary_pw bind pw interface GigabitEthernet0/2/19.1
discriminator local 51
discriminator remote 51
min-tx-interval 150
min-rx-interval 150
commit
Configuring CSG31
l Configure BFD for the active PW on CSG31.
bfd eth_primary_pw bind pw interface GigabitEthernet0/2/19.1
discriminator local 51
discriminator remote 51
min-tx-interval 150
min-rx-interval 150
commit
The BFD session of the S_PW (M) type is in the Up state. The BFD session has been established
successfully.
<CSG1>display bfd session all for-pw
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
51 51 --.--.--.-- Up S_PW(M) GigabitEthernet0/2/19.1
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
<CSG31>display bfd session all for-pw
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
51 51 --.--.--.-- Up S_PW(M) GigabitEthernet0/2/19.1
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
As shown in Figure 9-2, an MS-PW is set up between CSG1 and CSG31, and the intermediate
ASG is the switching node, to transmit P2P enterprise services.
CSG2 CSG32
ASG4 ASBR 2 ASBR 4 ASBR6 ASBR 8 ASG34
Secondary
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
mpls ldp remote-peer Set the value to the name of a Create a remote LDP session.
remote LDP session between
an ASG and a CSG.
Local discriminator 52 52
Remote discriminator 52 52
3. Configure a PW profile.
pw-template tdm//Creates a PW profile for TDM services.
control-word//Enables the control word for TDM services to help transmit alarm
and clock information.
tnl-policy IPRAN//Configures the tunnel policy used by the PW.
jitter-buffer depth 4//Sets the depth of the jitter buffer to 4 ms.
tdm-encapsulation-number 8//Sets the number of TDM frames to be encapsulated
into a PW-carried packet to 8. The number must be the same on both ends of a
PW.
5. Configure PWs.
interface Serial0/2/3:0
mpls l2vc 3.3.3.3 pw-template tdm 1000//Sets up the active PW (between a CSG
and the master ASG).
mpls l2vc 4.4.4.4 pw-template tdm 1001 secondary//Sets up the standby PW
(between a CSG and the slave ASG).
mpls l2vpn oam-mapping//Enable status mapping between the AC side and the
network side.
mpls l2vpn redundancy master//Configures PW redundancy in the active/standby
mode.
mpls l2vpn reroute delay 500//Sets the PW switchback delay to 500s.
mpls l2vpn stream-dual-receiving//Allows both the active and standby PWs to
receive packets. This prevents packet loss during traffic switchback to the
primary PW.
3. Configure PW switching.
3. Configure PW switching.
#
3. Configure a PW profile.
pw-template tdm//Creates a PW profile for TDM services.
control-word//Enables the control word for TDM services to help transmit alarm
and clock information.
tnl-policy IPRAN//Configures the tunnel policy used by the PW.
jitter-buffer depth 4//Sets the depth of the jitter buffer to 4 ms.
tdm-encapsulation-number 8//Sets the number of TDM frames to be encapsulated
into a PW-carried packet to 8. The number must be the same on both ends of a
PW.
5. Configure PWs.
interface Serial0/2/3:0
mpls l2vc 33.33.33.33 pw-template tdm 1004//Sets up the active PW (between a
CSG and the master ASG).
3. Configure PW switching.
#
3. Configure PW switching.
#
NOTICE
The planned detection period of BFD for PW is 150 ms.
The BFD session of the S_PW (M) type is in the Up state. The BFD session has been established
successfully.
<CSG1>display bfd session all for-pw
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
52 21 --.--.--.-- Up S_PW(M) Serial0/2/3:0
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
<CSG31>display bfd session all for-pw
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
52 52 --.--.--.-- Up S_PW(M) Serial0/2/3:0
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
CSG2 CSG32
ASG4 ASBR 2 ASBR 4 ASBR6 ASBR 8 ASG34
SS-PW
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
PW 600 600
2. Configure a PW profile.
#
pw-template
eth
3. Configure SS-PWs.
#
interface GigabitEthernet0/2/19.20
vlan-type dot1q 12
mpls l2vc 31.31.31.31 pw-template eth 600
#
NOTE
Configure the slave ASG (ASG4) similarly as the master ASG (ASG3).
NOTE
Configure the slave ASG (ASG34) similarly as the master ASG (ASG3).
2. Configure a PW profile.
#
pw-template
eth
control-word
tnl-policy IPRAN
#
3. Configure SS-PWs.
#
interface GigabitEthernet0/2/19.20
vlan-type dot1q 12
mpls l2vc 1.1.1.1 pw-template eth 600
#
CSG2 CSG32
ASG4 ASBR 2 ASBR 4 ASBR6 ASBR 8 ASG34
SS-PW
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
mpls ldp remote-peer Set the value to the name of a Create a remote LDP session.
remote LDP session between
an ASG and a CSG.
PW 1000 1000
3. Configure a PW profile.
pw-template tdm//Creates a PW profile for TDM services.
control-word//Enables the control word for TDM services to help transmit alarm
and clock information.
tnl-policy IPRAN//Configures the tunnel policy used by the PW.
jitter-buffer depth 4//Sets the depth of the jitter buffer to 4 ms.
tdm-encapsulation-number 8//Sets the number of TDM frames to be encapsulated
into a PW-carried packet to 8. The number must be the same on both ends of a
PW.
5. Configure PWs.
interface Serial0/2/3:0
mpls l2vc 31.31.31.31 pw-template tdm 1000//Sets up a PW (from CSG1 to
CSG31).
mpls l2vpn oam-mapping//Enables status mapping between the AC side and the
network side.
if-match mpls-label
if-match ip-prefix CSG1
apply mpls-label
#
3. Configure a PW profile.
pw-template tdm//Creates a PW profile for TDM services.
control-word//Enables the control word for TDM services to help transmit alarm
and clock information.
tnl-policy IPRAN//Configures the tunnel policy used by the PW.
jitter-buffer depth 4//Sets the depth of the jitter buffer to 4 ms.
tdm-encapsulation-number 8//Sets the number of TDM frames to be encapsulated
into a PW-carried packet to 8. The number must be the same on both ends of a
PW.
5. Configure PWs.
interface Serial0/2/3:0
mpls l2vc 1.1.1.1 pw-template tdm 1000//Sets up a PW (from CSG1 to CSG31).
mpls l2vpn oam-mapping//Enables status mapping between the AC side and the
network side.
VC state :
up
Label state :
0
Token state :
0
VC ID :
1011
VC type : SAT E1 over
Packet
destination :
31.31.31.31
local group ID : 0 remote group ID :
0
local VC label : 129 remote VC label :
129
local TDM Encap Num : 8 remote TDM Encap Num :
8
jitter-buffer :
4
idle-code :
ff
local rtp-header : disable remote rtp-header :
disable
local bit-rate : 32 remote bit-rate :
32
local AC OAM State :
up
local PSN OAM State :
up
local forwarding state :
forwarding
local status code :
0x0
remote AC OAM state :
up
remote PSN OAM state :
up
remote forwarding state:
forwarding
remote status code :
0x0
ignore standby state :
no
BFD for PW :
unavailable
VCCV State :
up
manual fault : not
set
active state :
active
forwarding entry :
exist
OAM Protocol :
--
OAM Status :
--
OAM Fault Type :
--
PW APS ID :
0
PW APS Status :
--
TTL Value :
1
link state :
up
local VC MTU : -- remote VC MTU :
--
local VCCV : cw alert ttl lsp-ping
bfd
remote VCCV : cw alert ttl lsp-ping
bfd
local control word : enable remote control word :
enable
tunnel policy name :
IPRAN
PW template name :
tdm
primary or secondary :
primary
load balance type :
flow
Access-port :
false
Switchover Flag :
false
VC tunnel/token info : 1 tunnels/
tokens
NO.0 TNL type : lsp , TNL ID :
0x1e
Backup TNL type : lsp , TNL ID :
0x1f
create time : 0 days, 23 hours, 45 minutes, 50
seconds
up time : 0 days, 0 hours, 0 minutes, 32
seconds
last change time : 0 days, 0 hours, 0 minutes, 32
seconds
VC last up time : 2014/02/20
10:45:42
VC total up time : 0 days, 23 hours, 30 minutes, 10
seconds
CKey :
19
NKey :
11
PW redundancy mode :
frr
AdminPw interface :
--
AdminPw link state :
--
Diffserv Mode :
pipe
Service Class :
ef
Color :
green
DomainId :
--
Domain Name : --
Enterprise
CSG1 ASG3 ASBR 1 ASBR 3 Core
layer ASBR5 ASBR7 ASG33 CSG31 Enterprise
customer
Aggregation layer IGP domain Aggregation layer customer
IGP domain IGP domain
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
In the HVPN+Labeled BGP sub-solution, the H-VPLS (VLLs for VPLS) solution is used to
carry MP2MP L2 enterprise services.
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
CSG2-ASG3: 603
CSG2-ASG4: 604
CSG31-ASG33: 605
CSG31-ASG34: 606
Configuring CSG1
1. Enable MPLS L2VPN globally.
#
mpls l2vpn
#
4. Configure PWs.
#
interface GigabitEthernet0/2/19.600
mpls l2vc 3.3.3.3 601 tunnel-policy IPRAN//Configures the PW from a CSG to
the master ASG.
mpls l2vc 4.4.4.4 602 tunnel-policy IPRAN secondary//Configures the PW from
a CSG to the slave ASG.
mpls l2vpn redundancy master//Configures PW redundancy in the active/standby
mode.
mpls l2vpn reroute delay 500//Configures the WTR time for a PW.
#
Configuring CSG2
1. Enable MPLS L2VPN globally.
#
mpls l2vpn
#
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
4. Configure PWs.
#
interface GigabitEthernet0/2/19.600
mpls l2vc 3.3.3.3 603 tunnel-policy IPRAN//Configures the PW from a CSG to
the master ASG.
mpls l2vc 4.4.4.4 604 tunnel-policy IPRAN secondary//Configures the PW from
a CSG to the slave ASG.
mpls l2vpn redundancy master//Configures PW redundancy in the active/standby
mode.
mpls l2vpn reroute delay 500//Configures the WTR time for a PW.
#
Configuring ASG3
1. Enable MPLS L2VPN globally.
mpls l2vpn
Configuring ASG4
1. Enable MPLS L2VPN globally.
mpls l2vpn
Configuring ASG33
1. Enable MPLS L2VPN globally.
mpls l2vpn
remote-ip 34.34.34.34
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
Configuring ASG34
1. Enable MPLS L2VPN globally.
mpls l2vpn
Configuring CSG31
1. Enable MPLS L2VPN globally.
#
mpls l2vpn
#
4. Configure PWs.
#
interface GigabitEthernet0/2/19.600
mpls l2vc 33.33.33.33 605 tunnel-policy IPRAN//Configures the PW from a CSG
to the master ASG.
mpls l2vc 34.34.34.34 606 tunnel-policy IPRAN secondary//Configures the PW
from a CSG to the slave ASG.
mpls l2vpn redundancy master//Configures PW redundancy in the active/standby
mode.
mpls l2vpn reroute delay 500//Configures the WTR time for a PW.
#
Label state : 0
Token state : 0
VC ID : 602
VC Type : VLAN
session state : up
Destination : 4.4.4.4
link state : up
l Run the display vsi name vsi-name verbose command on an ASG to query the VSI
information. The result shows that the VSI is in the Up state.
<ASG3>display vsi name vsi_600 verbose
VSI ID : 600
LDP MAC-WITHDRAW : mac-withdraw Enable
: upe-npe Enable
*Peer Router ID : 4.4.4.4
primary or secondary : primary
ignore-standby-state : no
VC Label : 155736
Peer Type : dynamic
Session : up
Tunnel ID : 0x4200400f
Broadcast Tunnel ID : 0x4200400f
Broad BackupTunnel ID : 0x0
Tunnel Policy Name : IPRAN
CKey : 32
NKey : 33
Stp Enable : 0
PwIndex : 0
Control Word : disable
*Peer Router ID : 9.9.9.9
primary or secondary : primary
ignore-standby-state : no
VC Label : 155737
Peer Type : dynamic
Session : up
Tunnel ID : 0x60033c0c
Broadcast Tunnel ID : 0x60033c0c
Broad BackupTunnel ID : 0x60033c0d
Tunnel Policy Name : IPRAN
CKey : 6
NKey : 31
Stp Enable : 0
PwIndex : 0
Control Word : disable
*Peer Router ID : 10.10.10.10
**PW Information:
PW Type : MEHVPLS
Tunnel ID : 0x60033c11
Broadcast Tunnel ID : 0x60033c11
Broad BackupTunnel ID : 0x0
Ckey : 0x42
Nkey : 0x41
Main PW Token : 0x4000401a
Slave PW Token : 0x4000401b
Tnl Type : CR-LSP
OutInterface : Tunnel0/0/31
Backup OutInterface :
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2014/02/12 10:19:41
PW Total Up Time : 0 days, 14 hours, 1 minutes, 58 seconds
Configuring CSG1
Configure BFD for the active PW on CSG1.
bfd pw_601 bind pw interface GigabitEthernet0/2/19.600 remote-peer 3.3.3.3 pw-ttl
auto-calculate//Configures BFD for the active PW.
discriminator local 45
discriminator remote 46
min-tx-interval 50
min-rx-interval 50
commit
Configuring CSG2
Configure BFD for the active PW on CSG2.
bfd pw_603 bind pw interface GigabitEthernet0/2/19.600 remote-peer 3.3.3.3 pw-ttl
auto-calculate//Configures BFD for the active PW.
discriminator local 55
discriminator remote 56
min-tx-interval 50
min-rx-interval 50
commit
Configuring ASG3
Configure BFD for the active PW on ASG3.
bfd pw_601 bind pw vsi vsi_600 peer 1.1.1.1 vc-id 601 remote-peer 1.1.1.1 pw-ttl
auto-calculate
discriminator local 46
discriminator remote 45
min-tx-interval 50
min-rx-interval 50
commit
bfd pw_603 bind pw vsi vsi_600 peer 2.2.2.2 vc-id 603 remote-peer 2.2.2.2 pw-ttl
auto-calculate
discriminator local 56
discriminator remote 55
min-tx-interval 50
min-rx-interval 50
commit
Configuring CSG31
Configure BFD for the active PW on CSG31.
bfd pw_605 bind pw interface GigabitEthernet0/2/19.600 remote-peer 33.33.33.33 pw-
ttl auto-calculate//Configures BFD for the active PW.
discriminator local 45
discriminator remote 46
min-tx-interval 50
min-rx-interval 50
commit
Configuring ASG33
Configure BFD for the active PW on ASG33.
bfd pw_605 bind pw vsi vsi_600 peer 31.31.31.31 vc-id 605 remote-peer 31.31.31.31
pw-ttl auto-calculate
discriminator local 46
discriminator remote 45
min-tx-interval 50
min-rx-interval 50
commit
The BFD session of the S_PW (M) type is in the Up state. The BFD session has been established
successfully. The result of the query on the ASG shows that the BFD session of the S_VSI_PW
type is in the Up state.
<CSG1>display bfd session all for-pw
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
45 46 3.3.3.3 Up S_PW(M) GigabitEthernet0/2/19.600
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
<ASG3>display bfd session all for-vsi-pw
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
46 45 1.1.1.1 Up S_VSI_PW -
56 55 2.2.2.2 Up S_VSI_PW -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 2/0
Enterprise ASG
CSG1 ASG ASBR 1 ASBR 3 ASBR5 ASBR 1 CSG31
customer Access layer Aggregation layer Access layer Enterprise
Aggregation layer Core layer
IGP domain IGP domain IGP domain customer
IGP domain IGP domain
VPLS
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP
The VPLS solution is adopted for MP2MP L2 enterprise services. It is recommended to receive
and transmit MP2MP services at ASGs. CSGs can be used to receive and transmit a small amount
of the services (when the network contains less than 10 nodes).
NOTE
The data provided in this section is used as an example, which may differ in practice due to the difference
of the network scale and topology.
Configuring CSG1
1. Enable MPLS L2VPN globally.
#
mpls l2vpn
#
4. Configure L2 interfaces.
#
interface GigabitEthernet0/2/19.700
vlan-type dot1q 700
Configuring CSG2
1. Enable MPLS L2VPN globally.
#
mpls l2vpn
#
4. Configure L2 interfaces.
#
interface GigabitEthernet0/2/19.700
vlan-type dot1q 700
l2 binding vsi vsi_700 //Binds an interface to a VSI instance.
#
Configuring CSG31
1. Enable MPLS L2VPN globally.
#
mpls l2vpn
#
pwsignal ldp
vsi-id 700
peer 1.1.1.1 negotiation-vc-id 702 tnl-policy IPRAN
peer 2.2.2.2 negotiation-vc-id 704 tnl-policy IPRAN
peer 32.32.32.32 negotiation-vc-id 706 tnl-policy IPRAN
#
4. Configure L2 interfaces.
#
interface GigabitEthernet0/2/19.700
vlan-type dot1q 700
l2 binding vsi vsi_700
#
Configuring CSG32
1. Enable MPLS L2VPN globally.
#
mpls l2vpn
#
4. Configure L2 interfaces.
#
interface GigabitEthernet0/2/19.700
vlan-type dot1q 700
l2 binding vsi vsi_700
#
***VSI Name :
vsi_700
Administrator VSI :
no
Isolate Spoken :
disable
VSI Index :
0
PW Signaling :
ldp
Member Discovery Style :
static
PW MAC Learn Style :
unqualify
Encapsulation Type :
vlan
MTU :
1500
Diffserv Mode :
uniform
Service Class :
--
Color :
--
DomainId :
255
Domain
Name :
Ignore AcState :
disable
P2P VSI :
disable
Create Time : 1 days, 18 hours, 26 minutes, 2
seconds
VSI State :
up
VSI ID :
700
*Peer Router ID :
2.2.2.2
Negotiation-vc-id :
701
primary or secondary :
primary
ignore-standby-state :
no
VC Label :
71
Peer Type :
dynamic
Session :
up
Tunnel ID :
0x35
Broadcast Tunnel ID :
0x35
Broad BackupTunnel ID :
0x0
Tunnel Policy Name :
IPRAN
CKey :
39
NKey :
40
Stp Enable :
0
PwIndex :
0
Control Word :
disable
*Peer Router ID :
31.31.31.31
Negotiation-vc-id :
702
primary or secondary :
primary
ignore-standby-state :
no
VC Label :
74
Peer Type :
dynamic
Session :
up
Tunnel ID :
0x14
Broadcast Tunnel ID :
0x14
Broad BackupTunnel ID :
0x15
Tunnel Policy Name :
IPRAN
CKey :
15
NKey :
11
Stp Enable :
0
PwIndex :
0
Control Word :
disable
*Peer Router ID :
32.32.32.32
Negotiation-vc-id :
703
primary or secondary :
primary
ignore-standby-state :
no
VC Label :
76
Peer Type :
dynamic
Session :
up
Tunnel ID :
0x36
Broadcast Tunnel ID :
0x36
Broad BackupTunnel ID :
0x17
Tunnel Policy Name :
IPRAN
CKey :
18
NKey :
13
Stp Enable :
0
PwIndex :
0
Control Word : disable
Interface Name :
GigabitEthernet0/2/19.700
State :
up
Access Port :
false
Last Up Time : 2014/02/19
11:30:39
Total Up Time : 0 days, 22 hours, 20 minutes, 32
seconds
**PW
Information:
*Peer Ip Address :
2.2.2.2
PW State :
up
Local VC Label :
71
Remote VC Label :
320
Remote Control Word :
disable
PW Type :
label
Tunnel ID :
0x35
Broadcast Tunnel ID :
0x35
Broad BackupTunnel ID :
0x0
Ckey :
0x27
Nkey :
0x28
Main PW Token :
0x35
Slave PW Token :
0x0
Tnl Type :
LSP
OutInterface :
GigabitEthernet0/2/17
Backup
OutInterface :
Stp Enable :
0
PW Last Up Time : 2014/02/19
20:55:38
PW Total Up Time : 1 days, 17 hours, 44 minutes, 58
seconds
*Peer Ip Address :
31.31.31.31
PW State :
up
Local VC Label :
74
Remote VC Label :
111
Remote Control Word :
disable
PW Type :
label
Tunnel ID :
0x14
Broadcast Tunnel ID :
0x14
Broad BackupTunnel ID :
0x15
Ckey :
0xf
Nkey :
0xb
Main PW Token :
0x14
Slave PW Token :
0x0
Tnl Type :
LSP
OutInterface :
Tunnel0/0/13
Backup OutInterface :
Tunnel0/0/14
Stp Enable :
0
PW Last Up Time : 2014/02/20
09:33:17
PW Total Up Time : 0 days, 23 hours, 47 minutes, 25 seconds
*Peer Ip Address :
32.32.32.32
PW State :
up
Local VC Label :
75
Remote VC Label :
113
Remote Control Word :
disable
PW Type :
label
Tunnel ID :
0x25
Broadcast Tunnel ID :
0x25
Broad BackupTunnel ID :
0x17
Ckey :
0xa
Nkey :
0xc
Main PW Token :
0x19
Slave PW Token :
0x0
Tnl Type :
LSP
OutInterface :
Tunnel0/0/13
Backup OutInterface :
Tunnel0/0/14
Stp Enable :
0
PW Last Up Time : 2014/02/20
09:33:28
PW Total Up Time : 0 days, 23 hours, 47 minutes, 36 seconds
10 Deploying Clocks
This section describes how to configure IEEE 1588v2 and synchronous Ethernet for time and
frequency synchronization. For details, see the MBB V600R005C00 ATN+CX (HVPN+)
Solution Configuration Guide (CLI).
IPRAN Area
Multiple technologies can be used to transparently transmit clock signals. The recommended
solution is: using 1588v2 for time synchronization, using synchronous Ethernet for frequency
synchronization, and selecting sources according to Synchronization Status Message (SSM).
The deployment is the same as that in the HVPN solution. For details, see the MBB
V600R005C00 ATN+CX (HVPN+) Solution Configuration Guide (CLI).
Clock pri 10
CSG1 Clock pri 10 ASG3 Clock pri 10 P11 Clock pri 10 RSG5
FE0/3/0 GE0/2/17 GE1/1/2 GE2/1/0 GE1/0/1
GE1/0/0 GE1/0/0
Clock pri 20
GE0/2/16 GE1/0/0 GE2/0/1
Clock pri 20 Clock pri 20 Clock pri 20
Based on the networking shown in Figure 10-1, the configuration roadmap is as follows:
l Connect the master BITS to the master RSG and the slave BITS to the slave RSG to form
1+1 protection for clock sources. This can prevent interruption of clock signals due to a
single node failure.
l Enable the RSG5 to input the master clock and time signals to the network. Verify that
configurations on the master RSG and slave RSG are synchronous.
– Configure synchronous Ethernet to achieve frequency synchronization.
– Configure 1588v2 to achieve time synchronization.
l Enable synchronous Ethernet and 1588v2 time synchronization on ASGs and set them to
trace the upstream clock and time. The configurations of devices other than RSGs on the
aggregation ring are similar to those of the ASGs.
l Enable synchronous Ethernet and 1588v2 time synchronization on CSGs, and set them to
trace the upstream clock and time and sent the clock and time signals to base stations.
An ATN and a base station are connected in the following ways to achieve time
synchronization:
– The clock port on the ATN device is directly connected to the base station.
– Synchronization Ethernet or 1588v2 is used on the Ethernet interface to transmit clock
information to the base station. The base station is required to support synchronous
Ethernet or 1588v2. The configuration on the base station is the same as that on the
network-side interface.
– Run the clock master command (default configuration) on the E1 and ATM interfaces
to transmit clock information to the peer.
In this example, Ethernet interfaces are used to transmit clock signals. In the networking
diagram, the connection between CSG1 and the base station is used as an example. The
configurations for each CSG are identical.
11 Configuration Files
11.3 E2E Mobile Backhaul Services Configuration File (Labeled BGP to Edge)
11.5 Local Switching Ethernet Service Configuration File (Labeled BGP to Edge)
AS 100 AS 200
Access Aggregation Core
RR1 RR3
Eth-Trunk 1
GE0/2/17 GE2/0/1 SGW/MME
GE1/0/0 GE2/0/1
GE1/1/2 GE1/0/0 GE1/0/0 GE1/0/0
GE2/1/0 GE1/0/1 GE1/0/1
GE0/2/16
CSG2 ASG4 ASBR2 ASBR4 MASG2
RR2
RR4
10.3.4.0/30
10.5.6.0/30
10.7.8.0/30
10.2.4.0/30 10.4.6.0/30
10.6.8.0/30 10.8.10.0/30
2.2.2.2/32 4.4.4.4/32 6.6.6.6/32 8.8.8.8/32 10.10.10.10/32
12.12.12.12//32 14.14.14.14//32
Cost 2000
Cost 25
Cost 10
IS-IS 1000
Cost 10
Cost 25
L2 L2 L2
SGW/MME
#
sysname ATN910-CSG1-001
#
lldp enable
#
bfd
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_1to3
next hop 10.1.3.2 include loose
#
explicit-path main_1to4
next hop 10.2.4.2 include loose
#
mpls ldp
#
diffserv domain default
#
aaa
local-user root password cipher Changeme_123
local-user root service-type ssh
local-user root level 15
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default0
accounting-scheme default1
#
domain default0
domain default1
domain default_admin
#
#
isis 1
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0001.0010.0100.1001.00
is-name CSG1
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
#
interface GigabitEthernet0/2/16
description To asg3
undo shutdown
ip address 10.1.3.1 255.255.255.252
isis enable 1
isis cost 100
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
#
interface GigabitEthernet0/2/17
description To csg2
undo shutdown
ip address 10.1.2.1 255.255.255.252
isis enable 1
isis cost 100
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
interface LoopBack1000
ip address 200.0.100.1 255.255.255.255
isis enable 1
#
interface Tunnel0/0/13
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 3.3.3.3
mpls te tunnel-id 13
mpls te record-route label
mpls te path explicit-path main_1to3
mpls te backup hot-standby mode revertive wtr 60
mpls te reoptimization
mpls te backup hot-standby overlap-path
mpls te commit
#
interface Tunnel0/0/14
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.4
mpls te tunnel-id 14
mpls te record-route label
mpls te path explicit-path main_1to4
mpls te backup hot-standby mode revertive wtr 60
mpls te reoptimization
mpls te backup hot-standby overlap-path
mpls te commit
#
snmp-agent
snmp-agent sys-info version all
snmp-agent mib-view included iso-view iso
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view
snmp-agent trap enable
snmp-agent trap source LoopBack1000
snmp-agent target-host trap address udp-domain 130.10.100.20 params securityname
Huawei@123 v2c private-netmanager ext-vb
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable
#
stelnet server enable
ssh user root
ssh user root authentication-type password
ssh user root service-type stelnet
#
bfd LSP13 bind mpls-te interface Tunnel0/0/13 te-lsp
discriminator local 113
discriminator remote 131
min-tx-interval 10
min-rx-interval 10
process-pst
commit
#
bfd LSP14 bind mpls-te interface Tunnel0/0/14 te-lsp
discriminator local 114
discriminator remote 141
min-tx-interval 10
min-rx-interval 10
process-pst
commit
#
bfd te13 bind mpls-te interface Tunnel0/0/13
discriminator local 13
discriminator remote 31
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
bfd te14 bind mpls-te interface Tunnel0/0/14
discriminator local 14
discriminator remote 41
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
tunnel-policy IPRAN
tunnel select-seq cr-lsp lsp load-balance-number 1
#
user-interface maximum-vty 15
user-interface vty 0 14
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
#
#
sysname CX600-X3-ASG3-003
#
switchover mode nonstop-routing
#
diffserv domain default
#
lldp enable
#
bfd
#
mpls lsr-id 3.3.3.3
mpls
mpls te
mpls bfd enable
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
label advertise non-null
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_3to1
next hop 10.1.3.2 include loose
#
explicit-path main_3to5
next hop 10.3.5.2 include loose
#
explicit-path main_3to6
next hop 10.4.6.2 include loose
#
mpls ldp
#
aaa
local-user root password irreversible-cipher Changeme_123
local-user root service-type ssh
local-user root level 15
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default0
accounting-scheme default1
#
domain default0
domain default1
domain default_admin
#
#
isis 1
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0001.0030.0300.3003.00
import-route direct cost 10000 route-policy LoopBack0
import-route isis 100 inherit-cost route-policy U2000
preference route-policy pref-nms
is-name ASG3
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup allow external
#
isis 100
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0002.0030.0300.3003.00
import-route isis 1 inherit-cost route-policy acc
preference route-policy pref-nms
is-name ASG3
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
#
interface GigabitEthernet1/1/2
description To csg1
undo shutdown
ip address 10.1.3.2 255.255.255.252
isis enable 1
isis cost 100
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet2/1/0
description To asbr1
undo shutdown
ip address 10.3.5.1 255.255.255.252
isis enable 100
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/0
description To asg4
undo shutdown
ip address 10.3.4.5 255.255.255.252
isis enable 100
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/0.1
vlan-type dot1q 1
description To asg4
undo shutdown
ip address 10.3.4.1 255.255.255.252
isis enable 1
isis cost 2000
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 100
#
interface
LoopBack65535
ip address 200.0.100.3
255.255.255.255
mpls te tunnel-id 36
mpls te record-route label
mpls te path explicit-path main_3to6
mpls te backup hot-standby mode revertive wtr 60
mpls te reoptimization
mpls te backup hot-standby overlap-path
mpls te commit
#
route-policy looplack0 permit node 10
if-match ip-prefix LoopBack0
#
route-policy U2000 permit node 10
if-match tag 2000
apply tag 2
#
route-policy acc deny node 10
if-match ip-prefix LoopBack0
#
route-policy acc permit node 20
if-match ip-prefix acc
apply tag 2
#
route-policy pref-nms permit node 10
if-match tag 2
apply preference 255
#
ip ip-prefix LoopBack0 index 10 permit 3.3.3.3 32
ip ip-prefix acc index 10 permit 200.0.100.0 24 greater-equal 24 less-equal 32
#
snmp-agent
snmp-agent sys-info version all
snmp-agent mib-view included iso-view iso
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view
snmp-agent trap enable
snmp-agent trap source LoopBack65535
snmp-agent target-host trap address udp-domain 130.10.100.20 params securityname
Huawei@123 v2c private-netmanager ext-vb
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable
#
stelnet server enable
ssh user root
ssh user root authentication-type password
ssh user root service-type stelnet
#
undo nap slave enable
#
bfd LSP31 bind mpls-te interface Tunnel0/0/31 te-lsp
discriminator local 131
discriminator remote 113
min-tx-interval 10
min-rx-interval 10
process-pst
commit
#
bfd LSP35 bind mpls-te interface Tunnel0/0/35 te-lsp
discriminator local 1035
discriminator remote 1053
min-tx-interval 10
min-rx-interval 10
process-pst
commit
#
bfd LSP36 bind mpls-te interface Tunnel0/0/36 te-lsp
discriminator local 1036
discriminator remote 1063
min-tx-interval 10
min-rx-interval 10
process-pst
commit
#
bfd te31 bind mpls-te interface Tunnel0/0/31
discriminator local 31
discriminator remote 13
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
bfd te35 bind mpls-te interface Tunnel0/0/35
discriminator local 35
discriminator remote 53
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
bfd te36 bind mpls-te interface Tunnel0/0/36
discriminator local 36
discriminator remote 63
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
tunnel-policy IPRAN
tunnel select-seq cr-lsp lsp load-balance-number 1
#
user-interface maximum-vty 15
user-interface vty 0 14
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
#
#
sysname CX600-X3-ASG4-004
#
switchover mode nonstop-routing
#
diffserv domain default
#
lldp enable
#
bfd
#
mpls lsr-id 4.4.4.4
mpls
mpls te
mpls bfd enable
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
label advertise non-null
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_4to1
ip address 200.0.100.4
255.255.255.255
idle-timeout 5 0
protocol inbound ssh
#
#
sysname CX600-X8-ASBR1-005
#
switchover mode nonstop-routing
#
diffserv domain default
#
lldp enable
#
bfd
#
mpls lsr-id 5.5.5.5
mpls
mpls te
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
label advertise non-null
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_5to3
next hop 10.3.5.2 include loose
#
explicit-path main_5to4
next hop 10.3.5.2 include loose
#
explicit-path main_5to6
next hop 10.5.6.2 include strict
#
mpls ldp
#
aaa
local-user root password irreversible-cipher Changeme_123
local-user root service-type ssh
local-user root level 15
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default0
accounting-scheme default1
#
domain default0
domain default1
domain default_admin
#
#
isis 100
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0002.0050.0500.5005.00
is-name ASBR1
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
import-route bgp route-policy U2000
#
interface GigabitEthernet1/0/0
description To asg3
undo shutdown
ip address 10.3.5.2 255.255.255.252
isis enable 100
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet2/0/1
description To asbr2
undo shutdown
ip address 10.5.6.1 255.255.255.252
isis enable 100
isis cost 25
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/1
description To asbr3
port-tx-enabling-delay 300000
undo shutdown
ip address 10.5.7.1 255.255.255.252
mpls
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/1.1
description To asbr3
vlan-type dot1q 1
ip address 23.5.7.1 255.255.255.252
#
interface LoopBack0
isis enable 100
#
interface LoopBack65535
ip address 200.0.100.5
255.255.255.255
#
route-policy pref-nms permit node 10
if-match community-filter U2000
apply preference 10
#
route-policy ipran-local permit node
10
if-match ip-prefix ipran
#
route-policy ipran-out permit node
10
if-match ip-prefix ipran
#
route-policy U2000 permit node
10
if-match community-filter
U2000
apply tag 2000
#
ip community-filter basic U2000 permit 2000:2000
ip ip-prefix ipran index 10 permit 200.0.100.0 24 greater-equal 24 less-equal
32
#
snmp-agent
snmp-agent sys-info version all
snmp-agent mib-view included iso-view iso
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view
snmp-agent trap enable
snmp-agent trap source LoopBack65535
snmp-agent target-host trap address udp-domain 130.10.100.20 params securityname
Huawei@123 v2c private-netmanager ext-vb
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable
#
stelnet server enable
ssh user root
ssh user root authentication-type password
ssh user root service-type stelnet
#
undo nap slave enable
#
tunnel-policy IPRAN
tunnel select-seq cr-lsp lsp load-balance-number 1
#
bfd LSP53 bind mpls-te interface Tunnel0/0/53 te-lsp
discriminator local 1053
discriminator remote 1035
min-tx-interval 10
min-rx-interval 10
process-pst
commit
#
bfd LSP54 bind mpls-te interface Tunnel0/0/54 te-lsp
discriminator local 1054
discriminator remote 1045
min-tx-interval 10
min-rx-interval 10
process-pst
commit
#
bfd te53 bind mpls-te interface Tunnel0/0/53
discriminator local 53
discriminator remote 35
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
bfd te54 bind mpls-te interface Tunnel0/0/54
discriminator local 54
discriminator remote 45
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
bfd link_01 bind peer-ip default-ip interface gigabitethernet 1/0/1 //(Optional. If
10GE links do not support 802.3ae or GE links
work in full-
duplex mode, BFD needs to be configured.)
user-interface maximum-vty 15
user-interface vty 0 14
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
#
#
sysname CX600-X8-ASBR2-006
#
switchover mode nonstop-routing
#
diffserv domain default
#
lldp enable
#
bfd
#
mpls lsr-id 6.6.6.6
mpls
mpls te
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
label advertise non-null
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_6to3
next hop 10.4.6.2 include loose
#
explicit-path main_6to4
next hop 10.4.6.2 include loose
#
explicit-path main_6to5
next hop 10.5.6.2 include strict
#
mpls ldp
#
aaa
local-user root password irreversible-cipher Changeme_123
local-user root service-type ssh
local-user root level 15
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default0
accounting-scheme default1
#
domain default0
domain default1
domain default_admin
#
#
isis 100
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0002.0060.0600.6006.00
is-name ASBR2
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
import-route bgp route-policy U2000
#
interface GigabitEthernet1/0/0
description To asg4
undo shutdown
ip address 10.4.6.2 255.255.255.252
isis enable 100
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet2/0/1
description To asbr1
undo shutdown
ip address 10.5.6.2 255.255.255.252
isis enable 100
isis cost 25
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/1
description To asbr3
port-tx-enabling-delay 300000
undo shutdown
ip address 10.6.8.1 255.255.255.252
mpls
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/1.1
description To asbr3
vlan-type dot1q 1
ip address 23.6.8.1 255.255.255.252
#
interface LoopBack0
isis enable 100
#
interface LoopBack65535
ip address 200.0.100.6
255.255.255.255
tunnel-protocol mpls te
destination 3.3.3.3
mpls te tunnel-id 63
mpls te record-route label
mpls te path explicit-path main_6to3
mpls te backup hot-standby mode revertive wtr 60
mpls te reoptimization
mpls te backup hot-standby overlap-path
mpls te commit
#
interface Tunnel0/0/64
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.4
mpls te tunnel-id 64
mpls te record-route label
mpls te path explicit-path main_6to4
mpls te backup hot-standby mode revertive wtr 60
mpls te reoptimization
mpls te backup hot-standby overlap-path
mpls te commit
#
interface Tunnel0/0/65
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 5.5.5.5
mpls te tunnel-id 65
mpls te record-route label
mpls te path explicit-path main_6to5
mpls te backup hot-standby mode revertive wtr 60
mpls te reoptimization
mpls te backup hot-standby overlap-path
mpls te commit
#
bgp 100
router-id 6.6.6.6
peer 23.6.8.2 as-number 200
#
ipv4-family unicast
undo synchronization
preference route-policy pref-
nms
import-route isis 100 route-policy ipran-local
peer 23.6.8.2 enable
peer 23.6.8.2 route-policy ipran-out export
#
route-policy pref-nms permit node 10
if-match community-filter U2000
apply preference 10
#
route-policy ipran-local permit node
10
if-match ip-prefix ipran
#
route-policy ipran-out permit node
10
if-match ip-prefix ipran
#
route-policy U2000 permit node
10
if-match community-filter
U2000
apply tag 2000
#
process-interface-status
commit
#
user-interface maximum-vty 15
user-interface vty 0 14
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
#
#
sysname CX600-X8-ASBR3-003
#
switchover mode nonstop-routing
#
diffserv domain default
#
lldp enable
#
ip vpn-instance __dcn_ideal__
ipv4-family
route-distinguisher 65535:65535
vpn-target 65535:65535 export-extcommunity
vpn-target 65535:65535 import-extcommunity
#
bfd
#
mpls lsr-id 7.7.7.7
mpls
mpls te
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
label advertise non-null
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_7to9
next hop 10.7.9.2 include loose
explicit-path main_7to10
next hop 10.8.10.2 include loose
explicit-path main_7to8
next hop 10.7.8.2 include strict
#
mpls ldp
#
aaa
local-user root password irreversible-cipher Changeme_123
local-user root service-type ssh
local-user root level 15
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default0
accounting-scheme default1
#
domain default0
domain default1
domain default_admin
#
#
isis 1000
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0003.0070.0700.7007.00
is-name ASBR3
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
import-route bgp route-policy U2000
#
interface GigabitEthernet1/0/0
description To asbr1
undo shutdown
port-tx-enabling-delay 300000
undo shutdown
ip address 10.5.7.2 255.255.255.252
mpls
trust upstream default
qos phb disable
#
interface GigabitEthernet2/0/1
description To asbr4
undo shutdown
ip address 10.7.8.1 255.255.255.252
isis enable 1000
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/1
description To masg1
undo shutdown
ip address 10.7.9.1 255.255.255.252
isis enable 1000
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/1.1
description To asbr1
vlan-type dot1q 1
ip binding vpn-instance __dcn_ideal__
ip address 23.5.7.2 255.255.255.252
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
isis enable 100
#
interface LoopBack65535
ip binding vpn-instance __dcn_ideal__
ip address 200.0.100.7 255.255.255.255
#
interface Tunnel0/0/79
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 9.9.9.9
mpls te tunnel-id 79
mpls te record-route label
mpls te path explicit-path main_7to9
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
interface Tunnel0/0/710
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 10.10.10.10
mpls te tunnel-id 710
mpls te record-route label
mpls te path explicit-path main_7to10
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
interface Tunnel0/0/78
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 8.8.8.8
mpls te tunnel-id 78
mpls te record-route label
mpls te path explicit-path main_7to8
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
bgp 200
router-id 7.7.7.7
#
ipv4-family vpnv4
undo policy vpn-target
peer 13.13.13.13 enable
peer 14.14.14.14 enable
#
ipv4-family vpn-instance __dcn_ideal__
import-route direct route-policy DCN
peer 23.5.7.1 as-number 100
peer 23.5.7.1 route-policy U2000 export
peer 23.5.7.1 advertise-community
#
#
route-policy U2000 permit node 10
if-match community-filter U2000
#
route-policy DCN permit node 10
if-match ip-prefix DCN
#
ip community-filter basic U2000 permit 2000:2000
ip ip-prefix DCN index 10 permit 200.0.100.7 32
#
snmp-agent
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
#
#
sysname CX600-X8-ASBR4-004
#
switchover mode nonstop-routing
#
diffserv domain default
#
lldp enable
#
ip vpn-instance __dcn_ideal__
ipv4-family
route-distinguisher 65535:65535
vpn-target 65535:65535 export-extcommunity
vpn-target 65535:65535 import-extcommunity
#
bfd
#
mpls lsr-id 8.8.8.8
mpls
mpls te
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
label advertise non-null
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_8to10
next hop 10.8.10.2 include loose
explicit-path main_8to9
next hop 10.7.9.2 include loose
explicit-path main_8to7
next hop 10.7.8.2 include strict
#
mpls ldp
#
aaa
local-user root password irreversible-cipher Changeme_123
local-user root service-type ssh
local-user root level 15
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default0
accounting-scheme default1
#
domain default0
domain default1
domain default_admin
#
#
isis 1000
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0003.0080.0800.8008.00
is-name ASBR4
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
import-route bgp route-policy U2000
#
interface GigabitEthernet1/0/0
description To asbr2
undo shutdown
port-tx-enabling-delay 300000
undo shutdown
ip address 10.6.8.2 255.255.255.252
mpls
trust upstream default
qos phb disable
#
interface GigabitEthernet2/0/1
description To asbr3
undo shutdown
ip address 10.7.8.2 255.255.255.252
isis enable 1000
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/1
description To masg1
undo shutdown
ip address 10.8.10.1 255.255.255.252
isis enable 1000
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/1.1
description To asbr1
vlan-type dot1q 1
ip binding vpn-instance __dcn_ideal__
ip address 23.6.8.2 255.255.255.252
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
isis enable 100
#
interface LoopBack65535
ip binding vpn-instance __dcn_ideal__
ip address 200.0.100.8 255.255.255.255
#
interface Tunnel0/0/89
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 9.9.9.9
mpls te tunnel-id 89
mpls te record-route label
mpls te path explicit-path main_8to9
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
interface Tunnel0/0/810
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 10.10.10.10
mpls te tunnel-id 810
mpls te record-route label
mpls te path explicit-path main_8to10
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
interface Tunnel0/0/87
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 7.7.7.7
mpls te tunnel-id 87
mpls te record-route label
mpls te path explicit-path main_8to7
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
bgp 200
router-id 8.8.8.8
#
ipv4-family vpnv4
undo policy vpn-target
peer 13.13.13.13 enable
peer 14.14.14.14 enable
#
ipv4-family vpn-instance __dcn_ideal__
import-route direct route-policy DCN
peer 23.6.8.1 as-number 100
peer 23.6.8.1 route-policy U2000 export
peer 23.6.8.1 advertise-community
#
#
route-policy U2000 permit node 10
if-match community-filter U2000
#
route-policy DCN permit node 10
if-match ip-prefix DCN
#
ip community-filter basic U2000 permit 2000:2000
ip ip-prefix DCN index 10 permit 200.0.100.8 32
#
snmp-agent
snmp-agent sys-info version all
snmp-agent mib-view included iso-view iso
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view
snmp-agent trap enable
#
route-policy U2000 permit node 10
if-match community-filter U2000
#
route-policy DCN permit node 10
if-match ip-prefix DCN
#
ip community-filter basic U2000 permit 2000:2000
ip ip-prefix DCN index 10 permit 200.0.100.13 32
#
#
route-policy U2000 permit node 10
if-match community-filter U2000
#
route-policy DCN permit node 10
if-match ip-prefix DCN
#
ip community-filter basic U2000 permit 2000:2000
ip ip-prefix DCN index 10 permit 200.0.100.14 32
#
#
sysname CX600-X8-MASG1-001
#
switchover mode nonstop-routing
#
diffserv domain default
#
lldp enable
#
ip vpn-instance __dcn_ideal__
ipv4-family
route-distinguisher 65535:65535
vpn-target 65535:65535 export-extcommunity
vpn-target 65535:65535 import-extcommunity
#
bfd
#
mpls lsr-id 9.9.9.9
mpls
mpls te
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
label advertise non-null
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_9to7
next hop 10.7.9.2 include loose
#
explicit-path main_9to8
next hop 10.7.9.2 include loose
#
explicit-path main_9to10
next hop 10.9.10.2 include strict
#
mpls ldp
#
aaa
local-user root password irreversible-cipher Changeme_123
local-user root service-type ssh
local-user root level 15
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default0
accounting-scheme default1
#
domain default0
domain default1
domain default_admin
#
#
ip vpn-instance __dcn_ideal__
ipv4-family
route-distinguisher 65535:65535
vpn-target 65535:65535 export-extcommunity
vpn-target 65535:65535 import-extcommunity
#
#
isis 1000
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0003.0090.0900.9009.00
is-name MASG1
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
#
interface Eth-trunk 1
#
interface Eth-trunk 1.1
vlan-type dot1q 1
undo shutdown
ip address 10.9.10.1 255.255.255.252
isis enable 1000
isis cost 25
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/0
description To asbr3
undo shutdown
ip address 10.7.9.2 255.255.255.252
isis enable 1000
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
#
bfd te98 bind mpls-te interface Tunnel0/0/98
discriminator local 98
discriminator remote 89
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
//(when the NE is connected to the U2000 through an L2 network) Configure a routing
policy and route importing
#
ip ip-prefix U2000 index 10 permit 130.10.100.0 24
ip ip-prefix DCN index 10 permit 200.0.100.9 32
#
route-policy U2000 permit node 10
if-match ip-prefix U2000
apply community 2000:2000
#
route-policy DCN permit node 10
if-match ip-prefix DCN
#
#
ipv4-family vpn-instance __dcn_ideal__
import-route direct route-policy DCN
import-route static route-policy U2000
#
ip route-static vpn-instance __dcn_ideal__ 130.10.100.0 255.255.255.0 123.1.2.2
description dcn-ideal
#
sysname CX600-X8-MASG2-002
#
switchover mode nonstop-routing
#
ftp client-source -a 10.10.10.10
#
diffserv domain default
#
bfd
#
mpls lsr-id 10.10.10.10
mpls
mpls te
mpls rsvp-te
mpls rsvp-te bfd all-interfaces enable
mpls rsvp-te bfd all-interfaces min-tx-interval 100 min-rx-interval 100
mpls rsvp-te hello
label advertise non-null
mpls te cspf
mpls rsvp-te srefresh
#
explicit-path main_10to7
next hop 10.8.10.2 include loose
#
explicit-path main_10to8
next hop 10.8.10.2 include loose
#
explicit-path main_10to9
next hop 10.9.10.2 include strict
#
mpls ldp
#
aaa
local-user root password irreversible-cipher Changeme_123
local-user root service-type ssh
local-user root level 15
authentication-scheme default0
authentication-scheme default1
authentication-scheme default
authentication-mode local radius
#
authorization-scheme default
#
accounting-scheme default0
accounting-scheme default1
#
domain default0
domain default1
domain default_admin
#
#
ip vpn-instance __dcn_ideal__
ipv4-family
route-distinguisher 65535:65535
vpn-target 65535:65535 export-extcommunity
vpn-target 65535:65535 import-extcommunity
#
isis 1000
is-level level-2
cost-style wide
timer lsp-generation 1 50 50 level-2
flash-flood level-2
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 100 min-rx-interval 100
network-entity 49.0003.0100.1001.0010
is-name MASG2
timer spf 1 50 50
traffic-eng level-2
log-peer-change
set-overload on-startup
#
interface Eth-trunk 1
#
interface Eth-trunk 1.1
vlan-type dot1q 1
undo shutdown
ip address 10.9.10.2 255.255.255.252
isis enable 1000
isis cost 25
isis ldp-sync
isis timer ldp-sync hold-max-cost 60
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls ldp
trust upstream default
qos phb disable
#
interface GigabitEthernet1/0/0
description To asbr2
undo shutdown
ip address 10.7.9.2 255.255.255.252
#
interface GigabitEthernet1/0/1
description To masg1
undo shutdown
eth-trunk 1
#
interface GigabitEthernet2/0/1
description To masg1
undo shutdown
eth-trunk 1
#
interface GigabitEthernet7/1/11
undo shutdown
ip address 130.10.100.2 255.255.255.0
vrrp vrid 22 virtual-ip 130.10.100.10
isis enable 1000
isis silent
#
Tunnel0/0/108
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 8.8.8.8
mpls te tunnel-id 108
mpls te record-route label
mpls te path explicit-path main_10to8
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
interface Tunnel0/0/107
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 7.7.7.7
mpls te tunnel-id 107
mpls te record-route label
mpls te path explicit-path main_10to7
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
interface Tunnel0/0/109
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 9.9.9.9
mpls te tunnel-id 109
mpls te record-route label
mpls te path explicit-path main_10to9
mpls te backup hot-standby mode revertive wtr 60
mpls te backup hot-standby overlap-path
mpls te reoptimization
mpls te commit
#
interface LoopBack0
ip address 10.10.10.10 255.255.255.255
isis enable 1000
#
snmp-agent
snmp-agent sys-info version all
snmp-agent mib-view included iso-view iso
snmp-agent community read cipher Huawei123! mib-view iso-view
snmp-agent community write cipher Huawei@123 mib-view iso-view
snmp-agent trap enable
snmp-agent trap source LoopBack0
snmp-agent target-host trap address udp-domain 130.10.100.20 params securityname
Huawei@123 v2c private-netmanager ext-vb
snmp-agent trap enable feature-name lldp
snmp-agent extend error-code enable
#
#
bfd te107 bind mpls-te interface Tunnel0/0/107
discriminator local 107
discriminator remote 710
min-tx-interval 50
min-rx-interval 50
process-pst
commit
#
#
ip ip-prefix U2000 index 10 permit 130.10.100.0 24
ip ip-prefix DCN index 10 permit 200.0.100.10 32
#
route-policy U2000-DCN permit node
10
if-match ip-prefix U2000
apply community 2000:2000
#
route-policy U2000-DCN permit node
20
if-match ip-prefix DCN
#
ipv4-family vpn-instance __dcn_ideal__
import-route direct route-policy U2000-DCN
#
lldp enable
#
user-interface maximum-vty 15
user-interface vty 0 14
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
#
TE/LDP Label
push POP push POP push POP
TE/LDP LSP TE/LDP LSP TE/LDP LSP
upstream
BGP Label push swap swap POP
iBGP LSP eBGP LSP iBGP LSP
downstream
POP swap swap push
iBGP LSP eBGP LSP iBGP LSP
BGP Label
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bfd
mpls-passive
#
mpls
mpls bgp bfd enable
mpls bgp bfd-trigger-tunnel host
mpls bgp bfd min-tx-interval 100 min-rx-interval 100
#
bgp 100
router-id 3.3.3.3
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 3.3.3.3 255.255.255.255
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy label1 export
peer 11.11.11.11 label-route-capability
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy label2 export
peer 12.12.12.12 label-route-capability
#
#
route-policy label1 permit node 10
apply cost 100
apply mpls-label
#
route-policy label2 permit node 10
apply cost 100
apply mpls-label
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bfd
mpls-passive
#
mpls
mpls bgp bfd enable
mpls bgp bfd-trigger-tunnel host
mpls bgp bfd min-tx-interval 100 min-rx-interval 100
#
bgp 100
router-id 4.4.4.4
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 4.4.4.4 255.255.255.255
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy label1 export
peer 11.11.11.11 label-route-capability
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy label2 export
peer 12.12.12.12 label-route-capability
#
#
route-policy label1 permit node 10
apply cost 100
apply mpls-label
#
route-policy label2 permit node 10
#
bfd
mpls-passive
#
bgp 100
router-id 11.11.11.11
peer 3.3.3.3 as-number 100
peer 3.3.3.3 tracking delay 30
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 tracking delay 30
peer 4.4.4.4 connect-interface LoopBack0
peer 5.5.5.5 as-number 100
peer 5.5.5.5 tracking delay 30
peer 5.5.5.5 connect-interface LoopBack0
peer 6.6.6.6 as-number 100
peer 6.6.6.6 tracking delay 30
peer 6.6.6.6 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
reflector cluster-id 100
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 3.3.3.3 label-route-capability
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 label-route-capability
peer 5.5.5.5 enable
peer 5.5.5.5 reflect-client
peer 5.5.5.5 label-route-capability
peer 6.6.6.6 enable
peer 6.6.6.6 reflect-client
peer 6.6.6.6 label-route-capability
#
#
bfd
mpls-passive
#
bgp 100
router-id 12.12.12.12
peer 3.3.3.3 as-number 100
peer 3.3.3.3 tracking delay 30
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 tracking delay 30
peer 4.4.4.4 connect-interface LoopBack0
peer 5.5.5.5 as-number 100
peer 5.5.5.5 tracking delay 30
peer 5.5.5.5 connect-interface LoopBack0
peer 6.6.6.6 as-number 100
peer 6.6.6.6 tracking delay 30
peer 6.6.6.6 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
reflector cluster-id 100
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 3.3.3.3 label-route-capability
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 label-route-capability
peer 5.5.5.5 enable
peer 5.5.5.5 reflect-client
peer 5.5.5.5 label-route-capability
peer 6.6.6.6 enable
peer 6.6.6.6 reflect-client
peer 6.6.6.6 label-route-capability
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 100
router-id 5.5.5.5
peer 10.5.7.2 as-number 200
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 11.11.11.11 255.255.255.255
network 12.12.12.12 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.5.7.2 enable
peer 10.5.7.2 route-policy prefer import
peer 10.5.7.2 route-policy label2 export
peer 10.5.7.2 label-route-capability
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy label1 export
peer 11.11.11.11 label-route-capability
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy label3 export
peer 12.12.12.12 label-route-capability
#
#
route-policy label1 permit node 10
if-match mpls-label
apply mpls-label
#
route-policy label2 permit node 10
if-match mpls-label
if-match ip-prefix ASG3
apply cost 50
apply mpls-label
#
route-policy label2 permit node 15
if-match mpls-label
if-match ip-prefix ASG4
apply cost 100
apply mpls-label
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 100
router-id 6.6.6.6
peer 10.6.8.2 as-number 200
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 11.11.11.11 255.255.255.255
network 12.12.12.12 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.6.8.2 enable
peer 10.6.8.2 route-policy prefer import
peer 10.6.8.2 route-policy label2 export
peer 10.6.8.2 label-route-capability
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy label1 export
peer 11.11.11.11 label-route-capability
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy label3 export
peer 12.12.12.12 label-route-capability
#
#
route-policy label1 permit node 10
if-match mpls-label
apply mpls-label
#
route-policy label2 permit node 10
if-match mpls-label
if-match ip-prefix ASG3
apply cost 100
apply mpls-label
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 200
router-id 7.7.7.7
peer 10.5.7.1 as-number 100
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 13.13.13.13 255.255.255.255
network 14.14.14.14 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.5.7.1 enable
peer 10.5.7.1 route-policy prefer import
peer 10.5.7.1 route-policy label2 export
peer 10.5.7.1 label-route-capability
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label3 export
peer 14.14.14.14 label-route-capability
#
#
route-policy label1 permit node 10
if-match mpls-label
apply mpls-label
#
route-policy label2 permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 50
apply mpls-label
#
route-policy label2 permit node 15
if-match mpls-label
if-match ip-prefix MASG2
apply cost 100
apply mpls-label
#
route-policy label2 permit node 20
apply cost 50
apply mpls-label
#
route-policy label3 permit node 10
if-match cost 50
if-match mpls-label
apply cost 200
apply mpls-label
#
route-policy label3 permit node 20
if-match mpls-label
apply mpls-label
#
route-policy prefer permit node 10
apply preferred-value 32768
#
ip ip-prefix MASG1 index 10 permit 9.9.9.9 32
ip ip-prefix MASG2 index 10 permit 10.10.10.10 32
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 200
router-id 8.8.8.8
peer 10.6.8.1 as-number 100
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 13.13.13.13 255.255.255.255
network 14.14.14.14 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.6.8.1 enable
peer 10.6.8.1 route-policy prefer import
peer 10.6.8.1 route-policy label2 export
peer 10.6.8.1 label-route-capability
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label3 export
peer 14.14.14.14 label-route-capability
#
#
#
bfd
mpls-passive
#
bgp 200
router-id 13.13.13.13
peer 7.7.7.7 as-number 200
peer 7.7.7.7 tracking delay 30
peer 7.7.7.7 connect-interface LoopBack0
peer 8.8.8.8 as-number 200
peer 8.8.8.8 tracking delay 30
peer 8.8.8.8 connect-interface LoopBack0
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
reflector cluster-id 200
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 label-route-capability
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
peer 8.8.8.8 label-route-capability
peer 9.9.9.9 enable
#
bfd
mpls-passive
#
bgp 200
router-id 14.14.14.14
peer 7.7.7.7 as-number 200
peer 7.7.7.7 tracking delay 30
peer 7.7.7.7 connect-interface LoopBack0
peer 8.8.8.8 as-number 200
peer 8.8.8.8 tracking delay 30
peer 8.8.8.8 connect-interface LoopBack0
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
reflector cluster-id 200
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 label-route-capability
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
peer 8.8.8.8 label-route-capability
peer 9.9.9.9 enable
peer 9.9.9.9 reflect-client
peer 9.9.9.9 label-route-capability
peer 10.10.10.10 enable
peer 10.10.10.10 reflect-client
peer 10.10.10.10 label-route-capability
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bfd
mpls-passive
#
mpls
mpls bgp bfd enable
mpls bgp bfd-trigger-tunnel host
mpls bgp bfd min-tx-interval 100 min-rx-interval 100
#
bgp 200
router-id 9.9.9.9
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 9.9.9.9 255.255.255.255
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label1 export
peer 14.14.14.14 label-route-capability
#
#
route-policy label1 permit node 10
apply mpls-label
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bfd
mpls-passive
#
mpls
mpls bgp bfd enable
mpls bgp bfd-trigger-tunnel host
mpls bgp bfd min-tx-interval 100 min-rx-interval 100
#
bgp 200
router-id 10.10.10.10
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.10.10.10 255.255.255.255
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label1 export
peer 14.14.14.14 label-route-capability
#
#
route-policy label1 permit node 10
apply mpls-label
#
changes the next RR1 changes the next changes the next RR3
hop to itself hop to itself hop to itself
CSG1 ASG3 ASBR1 ASBR3 MASG1
TE/LDP Label
push POP push POP push POP
TE/LDP LSP TE/LDP LSP TE/LDP LSP
Upstream
BGP Label
push swap swap swap POP
iBGP LSP iBGP LSP eBGP LSP iBGP LSP
Downstream
swap
swap swap push
POP iBGP LSP iBGP LSP
eBGP LSP
BGP Label
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bfd
mpls-passive
#
mpls
mpls bgp bfd enable
mpls bgp bfd-trigger-tunnel host
mpls bgp bfd min-tx-interval 100 min-rx-interval 100
#
bgp 100
router-id 1.1.1.1
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 3.3.3.3 tracking delay 30
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
peer 4.4.4.4 tracking delay 30
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 3.3.3.3 enable
peer 3.3.3.3 route-policy label1 export
peer 3.3.3.3 label-route-capability
peer 4.4.4.4 enable
peer 4.4.4.4 route-policy label2 export
peer 4.4.4.4 label-route-capability
#
#
route-policy label1 permit node 10
apply mpls-label
#
route-policy label2 permit node 10
apply mpls-label
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 100
router-id 3.3.3.3
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
group CSG internal
peer CSG connect-interface LoopBack0
peer CSG tracking delay 30
peer CSG timer connect-retry 300
peer 1.1.1.1 as-number 100
peer 1.1.1.1 group CSG
#
ipv4-family unicast
undo synchronization
reflector cluster-id 101
reflect change-path-attribute
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy label1 export
peer 11.11.11.11 label-route-capability
peer 11.11.11.11 advertise-community
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy label2 export
peer 12.12.12.12 label-route-capability
peer 12.12.12.12 advertise-community
peer CSG enable
peer CSG route-policy ipv4-from-csg import
peer CSG route-policy ipv4-to-csg export
peer CSG reflect-client
peer CSG next-hop-local
peer CSG label-route-capability
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
#
if-match mpls-label
if-match community-filter
csg
apply ip-address next-hop peer-address
apply mpls-label
#
route-policy label2 permit node 5
if-match cost 50
if-match mpls-label
if-match community-filter csg
apply ip-address next-hop peer-address
apply cost 200
apply mpls-label
#
route-policy ipv4-from-csg permit node 10
apply cost 50
apply community 1:1 additive
apply preferred-value 32768
#
route-policy ipv4-to-csg permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 50
apply mpls-label
#
route-policy ipv4-to-csg permit node 20
if-match mpls-label
if-match ip-prefix MASG2
apply cost 100
apply mpls-
label
#
ip ip-prefix MASG1 index 10 permit 9.9.9.9 32
ip ip-prefix MASG2 index 10 permit 10.10.10.10 32
ip community-filter basic csg permit 1:1
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 100
router-id 4.4.4.4
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
group CSG internal
peer CSG connect-interface LoopBack0
peer CSG tracking delay 30
peer CSG timer connect-retry 300
peer 1.1.1.1 as-number 100
peer 1.1.1.1 group CSG
#
ipv4-family unicast
undo synchronization
reflector cluster-id 102
reflect change-path-attribute
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
#
bfd
mpls-passive
#
bgp 100
router-id 11.11.11.11
peer 3.3.3.3 as-number 100
peer 3.3.3.3 tracking delay 30
peer 3.3.3.3 connect-interface LoopBack0
#
bfd
mpls-passive
#
bgp 100
router-id 12.12.12.12
peer 3.3.3.3 as-number 100
peer 3.3.3.3 tracking delay 30
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 tracking delay 30
peer 4.4.4.4 connect-interface LoopBack0
peer 5.5.5.5 as-number 100
peer 5.5.5.5 tracking delay 30
peer 5.5.5.5 connect-interface LoopBack0
peer 6.6.6.6 as-number 100
peer 6.6.6.6 tracking delay 30
peer 6.6.6.6 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
reflector cluster-id 100
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 3.3.3.3 label-route-capability
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 label-route-capability
peer 5.5.5.5 enable
peer 5.5.5.5 reflect-client
peer 5.5.5.5 label-route-capability
peer 6.6.6.6 enable
peer 6.6.6.6 reflect-client
peer 6.6.6.6 label-route-capability
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 100
router-id 5.5.5.5
peer 10.5.7.2 as-number 200
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 11.11.11.11 255.255.255.255
network 12.12.12.12 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.5.7.2 enable
peer 10.5.7.2 route-policy prefer import
peer 10.5.7.2 route-policy label2 export
peer 10.5.7.2 label-route-capability
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy label1 export
peer 11.11.11.11 label-route-capability
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy label3 export
peer 12.12.12.12 label-route-capability
#
#
route-policy label1 permit node 10
if-match mpls-label
apply mpls-label
#
route-policy label2 permit node 10
if-match mpls-label
if-match ip-prefix ASG3
apply cost 50
apply mpls-label
#
route-policy label2 permit node 15
if-match mpls-label
if-match ip-prefix ASG4
apply cost 100
apply mpls-label
#
route-policy label2 permit node 20
apply cost 50
apply mpls-label
#
route-policy label3 permit node 10
if-match cost 50
if-match mpls-label
apply cost 200
apply mpls-label
#
route-policy label3 permit node 20
if-match mpls-label
apply mpls-label
#
route-policy prefer permit node 10
apply preferred-value
32768
#
ip ip-prefix ASG3 index 10 permit 3.3.3.3 32
ip ip-prefix ASG4 index 10 permit 4.4.4.4 32
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 100
router-id 6.6.6.6
peer 10.6.8.2 as-number 200
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack0
peer 12.12.12.12 as-number 100
peer 12.12.12.12 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 11.11.11.11 255.255.255.255
network 12.12.12.12 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.6.8.2 enable
peer 10.6.8.2 route-policy prefer import
peer 10.6.8.2 route-policy label2 export
peer 10.6.8.2 label-route-capability
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy label1 export
peer 11.11.11.11 label-route-capability
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy label3 export
peer 12.12.12.12 label-route-capability
#
#
route-policy label1 permit node 10
if-match mpls-label
apply mpls-label
#
route-policy label2 permit node 10
if-match mpls-label
if-match ip-prefix ASG3
apply cost 100
apply mpls-label
#
route-policy label2 permit node 15
if-match mpls-label
if-match ip-prefix ASG4
apply cost 50
apply mpls-label
#
route-policy label2 permit node 20
apply cost 100
apply mpls-label
#
route-policy prefer permit node 10
apply preferred-value 32768
#
route-policy label3 permit node 10
if-match cost 50
if-match mpls-label
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 200
router-id 7.7.7.7
peer 10.5.7.1 as-number 100
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 13.13.13.13 255.255.255.255
network 14.14.14.14 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.5.7.1 enable
peer 10.5.7.1 route-policy prefer import
peer 10.5.7.1 route-policy label2 export
peer 10.5.7.1 label-route-capability
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label3 export
peer 14.14.14.14 label-route-capability
#
#
route-policy label1 permit node 10
if-match mpls-label
apply mpls-label
#
route-policy label2 permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 50
apply mpls-label
#
route-policy label2 permit node 15
if-match mpls-label
if-match ip-prefix MASG2
apply cost 100
apply mpls-label
#
route-policy label2 permit node 20
apply cost 50
apply mpls-label
#
route-policy label3 permit node 10
if-match cost 50
if-match mpls-label
apply cost 200
apply mpls-label
#
route-policy label3 permit node 20
if-match mpls-label
apply mpls-label
#
route-policy prefer permit node 10
apply preferred-value 32768
#
ip ip-prefix MASG1 index 10 permit 9.9.9.9 32
ip ip-prefix MASG2 index 10 permit 10.10.10.10 32
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bgp 200
router-id 8.8.8.8
peer 10.6.8.1 as-number 100
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo ebgp-interface-sensitive
network 13.13.13.13 255.255.255.255
network 14.14.14.14 255.255.255.255
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 10.6.8.1 enable
peer 10.6.8.1 route-policy prefer import
peer 10.6.8.1 route-policy label2 export
peer 10.6.8.1 label-route-capability
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label3 export
peer 14.14.14.14 label-route-capability
#
#
route-policy label1 permit node 10
if-match mpls-label
apply mpls-label
#
route-policy label2 permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 100
apply mpls-label
#
route-policy label2 permit node 15
if-match mpls-label
if-match ip-prefix MASG2
apply cost 50
apply mpls-label
#
#
bfd
mpls-passive
#
bgp 200
router-id 13.13.13.13
peer 7.7.7.7 as-number 200
peer 7.7.7.7 tracking delay 30
peer 7.7.7.7 connect-interface LoopBack0
peer 8.8.8.8 as-number 200
peer 8.8.8.8 tracking delay 30
peer 8.8.8.8 connect-interface LoopBack0
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
reflector cluster-id 200
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 label-route-capability
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
peer 8.8.8.8 label-route-capability
peer 9.9.9.9 enable
peer 9.9.9.9 reflect-client
peer 9.9.9.9 label-route-capability
peer 10.10.10.10 enable
peer 10.10.10.10 reflect-client
peer 10.10.10.10 label-route-capability
#
#
bfd
mpls-passive
#
bgp 200
router-id 14.14.14.14
peer 7.7.7.7 as-number 200
peer 7.7.7.7 tracking delay 30
peer 7.7.7.7 connect-interface LoopBack0
peer 8.8.8.8 as-number 200
peer 8.8.8.8 tracking delay 30
peer 8.8.8.8 connect-interface LoopBack0
peer 9.9.9.9 as-number 200
peer 9.9.9.9 connect-interface LoopBack0
peer 10.10.10.10 as-number 200
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
reflector cluster-id 200
peer 7.7.7.7 enable
peer 7.7.7.7 reflect-client
peer 7.7.7.7 label-route-capability
peer 8.8.8.8 enable
peer 8.8.8.8 reflect-client
peer 8.8.8.8 label-route-capability
peer 9.9.9.9 enable
peer 9.9.9.9 reflect-client
peer 9.9.9.9 label-route-capability
peer 10.10.10.10 enable
peer 10.10.10.10 reflect-client
peer 10.10.10.10 label-route-capability
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bfd
mpls-passive
#
mpls
mpls bgp bfd enable
mpls bgp bfd-trigger-tunnel host
mpls bgp bfd min-tx-interval 100 min-rx-interval 100
#
bgp 200
router-id 9.9.9.9
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 9.9.9.9 255.255.255.255
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label1 export
peer 14.14.14.14 label-route-capability
#
#
route-policy label1 permit node 10
apply mpls-label
#
#
tunnel-selector IPRAN permit node 10
apply tunnel-policy IPRAN
#
bfd
mpls-passive
#
mpls
mpls bgp bfd enable
mpls bgp bfd-trigger-tunnel host
mpls bgp bfd min-tx-interval 100 min-rx-interval 100
#
bgp 200
router-id 10.10.10.10
peer 13.13.13.13 as-number 200
peer 13.13.13.13 connect-interface LoopBack0
peer 14.14.14.14 as-number 200
peer 14.14.14.14 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.10.10.10 255.255.255.255
auto-frr
tunnel-selector IPRAN
ingress-lsp protect-mode bgp-frr
bestroute nexthop-resolved tunnel
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy label1 export
peer 13.13.13.13 label-route-capability
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy label1 export
peer 14.14.14.14 label-route-capability
#
#
route-policy label1 permit node 10
apply mpls-label
#
VPNv4
import-route static
#
ipv4-family vpn-target
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
#
route-policy nms-vpn-frr permit node 10
apply backup-nexthop auto
#
ip route-static vpn-instance LTE-RAN 120.16.1.2 255.255.255.255 192.168.1.2
#
#
ipv4-family vpnv4
reflect change-path-attribute
undo policy vpn-target
auto-frr
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy vpnv4-to-MRR export
peer 11.11.11.11 advertise-community
peer 11.11.11.11 route-policy vpnv4-from-MRR import
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy vpnv4-to-SRR export
peer 12.12.12.12 advertise-community
peer CSG enable
peer CSG route-policy from-csg-as-slave import
peer CSG route-policy to-csg-as-slave export
peer CSG reflect-client
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
ipv4-family vpn-target
peer 1.1.1.1 enable
#
route-policy to-csg-as-slave permit node 10
if-match community-filter epc
apply ip-address next-hop peer-address
apply cost 203
#
route-policy to-csg-as-slave permit node 100
apply cost 203
#
route-policy from-csg-as-slave permit node 10
apply cost 203
apply preferred-value 10
#
#
route-policy vpnv4-to-MRR deny node
10
if-match community-filter default
#
route-policy vpnv4-to-MRR permit node
100
apply ip-address next-hop peer-address
#
route-policy vpnv4-to-SRR deny node
10
if-match community-filter default
#
route-policy vpnv4-to-SRR permit node
20
if-match cost 103
apply ip-address next-hop peer-address
apply cost 503
#
route-policy vpnv4-to-SRR permit node
100
apply ip-address next-hop peer-address
#
route-policy vpnv4-from-MRR permit node 10
if-match community-filter epc
apply preferred-value 10
#
ip community-filter basic epc permit 1000:1
ip community-filter basic default permit 1000:2
#
vrrp recover-delay 60
#
ip vpn-instance LTE-RAN
ipv4-family
route-distinguisher 100:100
tnl-policy IPRAN
vpn frr route-policy nms-vpn-frr
apply-label per-instance
vpn-target 100:1 200:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
interface Eth-Trunk 1
portswitch
port link-type trunk
port trunk allow-pass vlan 100
trust upstream default vlan 100
qos phb disable vlan 100
#
interface Vlanif 100
ip binding vpn-instance LTE-RAN
ip address 192.168.2.1 255.255.255.0
vrrp vrid 100 virtual-ip 192.168.2.100
vrrp vrid 100 priority 120
vrrp vrid 100 preempt-mode timer delay 180
#
interface GigabitEthernet1/1/2
portswitch
port-tx-enabling-delay 300000
undo shutdown
port link-type trunk
port trunk allow-pass vlan 100
trust upstream default vlan 100
qos phb disable vlan 100
undo dcn
#
bgp 200
router-id 9.9.9.9
#
ipv4-family vpnv4
policy vpn-target
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy vpnv4-from-MRR import
peer 13.13.13.13 route-policy vpnv4-to-MRR export
peer 13.13.13.13 advertise-community
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy vpnv4-from-SRR import
peer 14.14.14.14 route-policy vpnv4-to-SRR export
peer 14.14.14.14 advertise-community
#
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
#
#
route-policy vpnv4-from-MRR permit node
10
apply cost 103
#
route-policy vpnv4-from-SRR permit node
10
apply cost 203
#
route-policy vpnfrr permit node 10
apply backup-nexthop auto
#
route-policy vpnv4-to-MRR deny node
10
#
interface Eth-Trunk 1
portswitch
port link-type trunk
port trunk allow-pass vlan 100
trust upstream default vlan 100
qos phb disable vlan 100
#
interface Vlanif 100
ip binding vpn-instance LTE-RAN
ip address 192.168.2.2 255.255.255.0
vrrp vrid 100 virtual-ip 192.168.2.100
#
interface GigabitEthernet1/1/2
portswitch
port-tx-enabling-delay 300000
undo shutdown
port link-type trunk
port trunk allow-pass vlan 100
trust upstream default vlan 100
qos phb disable vlan 100
undo dcn
#
bgp 200
router-id 10.10.10.10
#
ipv4-family vpnv4
policy vpn-target
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy vpnv4-from-MRR import
peer 13.13.13.13 route-policy vpnv4-to-MRR export
peer 13.13.13.13 advertise-community
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy vpnv4-from-SRR import
peer 14.14.14.14 route-policy vpnv4-to-SRR export
peer 14.14.14.14 advertise-community
#
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
#
#
route-policy vpnv4-from-MRR permit node
10
apply cost 103
#
route-policy vpnv4-from-SRR permit node
10
apply cost 203
#
route-policy vpnfrr permit node 10
apply backup-nexthop auto
#
route-policy vpnv4-to-MRR deny node
10
if-match community-filter default
#
route-policy vpnv4-to-MRR permit node 100
#
route-policy vpnv4-to-SRR deny node
10
if-match community-filter default
#
route-policy vpnv4-to-SRR permit node
20
if-match cost 103
apply cost 503
#
route-policy vpnv4-to-SRR permit node 100
#
route-policy EPC permit node 10
if-match ip-prefix EPC-Slave
apply cost 203
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 20
if-match ip-prefix EPC-Master
apply cost 103
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 100
#
route-policy nms-vpn-frr permit node 10
apply backup-nexthop auto
#
ip community-filter basic default permit 1000:2
#
ip ip-prefix EPC-Master index 10 permit 12.12.12.0 24 greater-equal 24 less-equal
32
ip ip-prefix EPC-Slave index 10 permit 12.12.13.0 24 greater-equal 24 less-equal
32
#
ip route-static vpn-instance LTE-RAN 12.12.12.1 32 192.168.2.101 preference 5
description TO EPC
#
bfd vrrp bind peer-ip 192.168.2.1 vpn-instance LTE-RAN interface Vlanif100 source-
ip 192.168.2.2
discriminator local 300
discriminator remote 300
min-tx-interval 50
min-rx-interval 50
commit
#
VPNv4
#
bgp 100
#
ipv4-family vpnv4
reflect change-path-attribute
undo policy vpn-target
tunnel-selector IPRAN
bestroute nexthop-resolved tunnel
peer 11.11.11.11 enable
peer 11.11.11.11 route-policy vpnv4-to-MRR export
peer 11.11.11.11 advertise-community
peer 11.11.11.11 route-policy vpnv4-from-MRR import
peer 12.12.12.12 enable
peer 12.12.12.12 route-policy vpnv4-to-SRR export
peer 12.12.12.12 advertise-community
peer CSG enable
peer CSG route-policy from-csg-as-master import
peer CSG route-policy to-csg-as-master export
peer CSG reflect-client
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
#
route-policy to-csg-as-master permit node 10
if-match community-filter epc
apply cost 103
#
route-policy to-csg-as-master permit node 100
apply cost 103
#
route-policy from-csg-as-master permit node 10
apply cost 103
apply community 11:11 additive
apply preferred-value 10
#
route-policy vpnv4-to-MRR deny node 10
if-match community-filter default
#
route-policy vpnv4-to-MRR permit node 15
if-match community-filter csg-vpn
#
route-policy vpnv4-to-SRR deny node 10
if-match community-filter default
#
route-policy vpnv4-to-SRR permit node
15
if-match community-filter csg-vpn
#
route-policy vpnv4-from-MRR permit node 10
if-match community-filter epc
apply preferred-value 10
#
ip community-filter basic epc permit 1000:1
ip community-filter basic default permit 1000:2
ip community-filter basic csg-vpn permit 11:11 //Defines the community attribute
table for identifying CSG-side private network VPNv4 routes.
#
#
bgp 100
#
ipv4-family vpnv4
reflect change-path-attribute
undo policy vpn-target
tunnel-selector IPRAN
ipv4-family vpnv4
reflector cluster-id 100
undo policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 3.3.3.3 next-hop-invariable
peer 3.3.3.3 advertise-community
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
peer 4.4.4.4 next-hop-invariable
peer 4.4.4.4 advertise-community
peer 13.13.13.13 enable
peer 13.13.13.13 next-hop-invariable
peer 13.13.13.13 advertise-community
#
portswitch
port link-type trunk
port trunk allow-pass vlan 100
#
interface Vlanif 100
ip binding vpn-instance LTE-RAN
ip address 192.168.2.1 255.255.255.0
vrrp vrid 100 virtual-ip 192.168.2.100
vrrp vrid 100 priority 120
vrrp vrid 100 preempt-mode timer delay 180
#
interface GigabitEthernet1/1/2
portswitch
port-tx-enabling-delay 300000
undo shutdown
port link-type trunk
port trunk allow-pass vlan 100
trust upstream default vlan 100
qos phb disable vlan 100
undo dcn
#
bgp 200
router-id 9.9.9.9
#
ipv4-family vpnv4
policy vpn-target
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy vpnv4-from-MRR import
peer 13.13.13.13 route-policy vpnv4-to-MRR export
peer 13.13.13.13 advertise-community
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy vpnv4-from-SRR import
peer 14.14.14.14 route-policy vpnv4-to-SRR export
peer 14.14.14.14 advertise-community
#
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
#
#
route-policy vpnv4-from-MRR permit node
10
apply cost 103
#
route-policy vpnv4-from-SRR permit node
10
apply cost 203
#
route-policy vpnfrr permit node 10
apply backup-nexthop auto
#
route-policy vpnv4-to-MRR deny node
10
if-match community-filter default
#
route-policy vpnv4-to-MRR permit node 100
#
route-policy vpnv4-to-SRR deny node
10
if-match community-filter default
#
route-policy vpnv4-to-SRR permit node
20
if-match cost 103
apply cost 503
#
route-policy vpnv4-to-SRR permit node 100
#
route-policy EPC permit node 10
if-match ip-prefix EPC-Master
apply cost 103
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 20
if-match ip-prefix EPC-Slave
apply cost 203
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 100
#
route-policy nms-vpn-frr permit node 10
apply backup-nexthop auto
#
ip community-filter basic default permit 1000:2
#
ip ip-prefix EPC-Master index 10 permit 12.12.12.0 24 greater-equal 24 less-equal
32
ip ip-prefix EPC-Slave index 10 permit 12.12.13.0 24 greater-equal 24 less-equal
32
#
ip route-static vpn-instance LTE-RAN 12.12.12.1 32 192.168.2.101 preference 5
description TO EPC
#
bfd vrrp bind peer-ip 192.168.2.2 vpn-instance LTE-RAN interface Vlanif100 source-
ip 192.168.2.1
discriminator local 300
discriminator remote 300
min-tx-interval 50
min-rx-interval 50
commit
#
portswitch
port-tx-enabling-delay 300000
undo shutdown
port link-type trunk
port trunk allow-pass vlan 100
trust upstream default vlan 100
qos phb disable vlan 100
undo dcn
#
bgp 200
router-id 10.10.10.10
#
ipv4-family vpnv4
policy vpn-target
peer 13.13.13.13 enable
peer 13.13.13.13 route-policy vpnv4-from-MRR import
peer 13.13.13.13 route-policy vpnv4-to-MRR export
peer 13.13.13.13 advertise-community
peer 14.14.14.14 enable
peer 14.14.14.14 route-policy vpnv4-from-SRR import
peer 14.14.14.14 route-policy vpnv4-to-SRR export
peer 14.14.14.14 advertise-community
#
ipv4-family vpn-instance LTE-RAN
import-route direct route-policy EPC
import-route static route-policy EPC
#
#
route-policy vpnv4-from-MRR permit node
10
apply cost 103
#
route-policy vpnv4-from-SRR permit node
10
apply cost 203
#
route-policy vpnfrr permit node 10
apply backup-nexthop auto
#
route-policy vpnv4-to-MRR deny node
10
if-match community-filter default
#
route-policy vpnv4-to-MRR permit node 100
#
route-policy vpnv4-to-SRR deny node
10
if-match community-filter default
#
route-policy vpnv4-to-SRR permit node
20
if-match cost 103
apply cost 503
#
route-policy vpnv4-to-SRR permit node 100
#
route-policy EPC permit node 10
if-match ip-prefix EPC-Slave
apply cost 203
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 20
if-match ip-prefix EPC-Master
apply cost 103
apply community 1000:1 additive
apply preferred-value 32768
#
route-policy EPC permit node 100
#
route-policy nms-vpn-frr permit node 10
apply backup-nexthop auto
#
ip community-filter basic default permit 1000:2
#
ip ip-prefix EPC-Master index 10 permit 12.12.12.0 24 greater-equal 24 less-equal
32
ip ip-prefix EPC-Slave index 10 permit 12.12.13.0 24 greater-equal 24 less-equal
32
#
ip route-static vpn-instance LTE-RAN 12.12.12.1 32 192.168.2.101 preference 5
description TO EPC
#
bfd vrrp bind peer-ip 192.168.2.1 vpn-instance LTE-RAN interface Vlanif100 source-
ip 192.168.2.2
discriminator local 300
discriminator remote 300
min-tx-interval 50
min-rx-interval 50
commit
#
#
route-policy nms-vpn-frr permit node 10
apply backup-nexthop auto
#
route-policy preferred-value permit node 10
apply community 1000:2 additive
apply preferred-value 32768
#
ip route-static vpn-instance LTE-RAN 0.0.0.0 0 192.168.21.21
#
In this example, the same VPN instance is created for LTE X2 and LTE S1 services.
#
bgp 100
#
ipv4-family unicast
peer CSG enable
peer CSG route-policy ipv4-from-csg import
peer CSG route-policy ipv4-to-csg export
peer CSG reflect-client
peer CSG next-hop-local
peer CSG label-route-capability
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
#
ip community-filter basic access1 permit 1:1
ip community-filter basic access50 permit 1:50 //Allows the receiving of routes
from CSG50.
#
route-policy ipv4-from-csg permit node 10
apply cost 50
apply community 1:1 additive
apply preferred-value 32768
#
route-policy ipv4-to-csg permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 50
apply mpls-label
#
route-policy ipv4-to-csg permit node 20
if-match mpls-label
if-match ip-prefix MASG2
apply cost 100
apply mpls-label
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match community-filter access1
if-match community-filter access50
apply cost 100
apply mpls-label
#
#
bgp 100
#
ipv4-family unicast
peer CSG enable
peer CSG route-policy ipv4-from-csg import
peer CSG route-policy ipv4-to-csg export
peer CSG reflect-client
peer CSG next-hop-local
peer CSG label-route-capability
peer 1.1.1.1 enable
peer 1.1.1.1 group CSG
#
#
ip community-filter basic access1 permit 1:1
ip community-filter basic access50 permit 1:50 //Allows the receiving of routes
from CSG50.
#
route-policy ipv4-from-csg permit node 10
apply cost 100
apply community 1:1 additive
apply preferred-value 32768
#
route-policy ipv4-to-csg permit node 10
if-match mpls-label
if-match ip-prefix MASG1
apply cost 100
apply mpls-label
#
route-policy ipv4-to-csg permit node 20
if-match mpls-label
if-match ip-prefix MASG2
apply cost 50
apply mpls-label
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match community-filter access1
if-match community-filter access50
apply cost 50
apply mpls-label
#
ip ip-prefix MASG1 index 10 permit 9.9.9.9 32
ip ip-prefix MASG2 index 10 permit 10.10.10.10 32
#
As shown in Figure 11-8, an MS-PW is set up between CSG1 and CSG31, and the intermediate
ASG is the switching node, to transmit P2P enterprise services.
CSG2 CSG32
ASG4 ASBR 2 ASBR 4 ASBR6 ASBR 8 ASG34
Secondary
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
mpls l2vpn
#
pw-template eth
control-word
tnl-policy IPRAN
#
interface
GigabitEthernet0/2/19.1
vlan-type dot1q
11
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
mpls ldp remote-peer 33.33.33.33
remote-ip 33.33.33.33
#
mpls l2vpn
#
mpls switch-l2vc 33.33.33.33 502 tunnel-policy IPRAN between 1.1.1.1 500 tunnel-
policy IPRAN encapsulation vlan control-word-transparent
#
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
mpls ldp remote-peer 34.34.34.34
remote-ip 34.34.34.34
#
mpls l2vpn
#
mpls switch-l2vc 34.34.34.34 503 tunnel-policy IPRAN between 1.1.1.1 501 tunnel-
policy IPRAN encapsulation vlan control-word-transparent
#
#
mpls ldp
#
mpls ldp remote-peer 31.31.31.31
remote-ip 31.31.31.31
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
mpls l2vpn
#
mpls switch-l2vc 3.3.3.3 502 tunnel-policy IPRAN between 31.31.31.31 504 tunnel-
policy IPRAN encapsulation vlan control-word-transparent
#
#
mpls ldp
#
mpls ldp remote-peer 31.31.31.31
remote-ip 31.31.31.31
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
mpls l2vpn
#
mpls switch-l2vc 4.4.4.4 503 tunnel-policy IPRAN between 31.31.31.31 505 tunnel-
policy IPRAN encapsulation vlan control-word-transparent
#
#
mpls ldp
#
mpls ldp remote-peer 33.33.33.33
remote-ip 33.33.33.33
#
mpls ldp remote-peer 34.34.34.34
remote-ip 34.34.34.34
#
mpls l2vpn
#
pw-template
eth
control-word
tnl-policy IPRAN
#
interface
GigabitEthernet0/2/19.1
vlan-type dot1q
11
CSG2 CSG32
ASG4 ASBR 2 ASBR 4 ASBR6 ASBR 8 ASG34
Secondary
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
mpls l2vpn
#
pw-template tdm
control-word
tnl-policy IPRAN
jitter-buffer depth 4
tdm-encapsulation-number 8
#
controller E1 0/2/3
using e1
#
interface Serial0/2/3:0
link-protocol tdm
mpls l2vc 3.3.3.3 pw-template tdm 1000
mpls l2vc 4.4.4.4 pw-template tdm 1001 secondary
mpls l2vpn oam-mapping
mpls l2vpn redundancy master
mpls l2vpn reroute delay 500
mpls l2vpn stream-dual-receiving
#
bfd tdm_primary_pw bind pw interface Serial0/2/3:0
discriminator local 52
discriminator remote 52
min-tx-interval 150
min-rx-interval 150
commit
#
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
mpls ldp remote-peer 33.33.33.33
remote-ip 33.33.33.33
#
mpls l2vpn
#
mpls switch-l2vc 33.33.33.33 1002 tunnel-policy IPRAN between 1.1.1.1 1000 tunnel-
policy IPRAN encapsulation satop-e1 control-word-transparent
#
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
mpls ldp remote-peer 34.34.34.34
remote-ip 34.34.34.34
#
mpls l2vpn
#
mpls switch-l2vc 34.34.34.34 1003 tunnel-policy IPRAN between 1.1.1.1 1001 tunnel-
policy IPRAN encapsulation satop-e1 control-word-transparent
#
#
mpls ldp
#
mpls ldp remote-peer 31.31.31.31
remote-ip 31.31.31.31
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
mpls l2vpn
#
mpls switch-l2vc 3.3.3.3 1002 tunnel-policy IPRAN between 31.31.31.31 1004 tunnel-
policy IPRAN encapsulation satop-e1 control-word-transparent
#
#
mpls ldp
#
mpls ldp remote-peer 31.31.31.31
remote-ip 31.31.31.31
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
mpls l2vpn
#
mpls switch-l2vc 4.4.4.4 1003 tunnel-policy IPRAN between 31.31.31.31 1005 tunnel-
policy IPRAN encapsulation satop-e1 control-word-transparent
#
#
mpls ldp
#
mpls ldp remote-peer 33.33.33.33
remote-ip 33.33.33.33
#
mpls ldp remote-peer 34.34.34.34
remote-ip 34.34.34.34
#
mpls l2vpn
#
pw-template tdm
control-word
tnl-policy IPRAN
jitter-buffer depth 4
tdm-encapsulation-number 8
#
controller E1 0/2/3
using e1
#
interface Serial0/2/3:0
link-protocol tdm
mpls l2vc 33.33.33.33 pw-template tdm 1004
mpls l2vc 34.34.34.34 pw-template tdm 1005 secondary
mpls l2vpn oam-mapping
mpls l2vpn redundancy master
mpls l2vpn reroute delay 500
mpls l2vpn stream-dual-receiving
#
bfd tdm_primary_pw bind pw interface Serial0/2/3:0
discriminator local 52
discriminator remote 52
min-tx-interval 150
min-rx-interval 150
commit
#
CSG2 CSG32
ASG4 ASBR 2 ASBR 4 ASBR6 ASBR 8 ASG34
SS-PW
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
#
mpls ldp
#
mpls ldp remote-peer 31.31.31.31
remote-ip 31.31.31.31
#
mpls l2vpn
#
pw-template eth
control-word
tnl-policy IPRAN
#
interface GigabitEthernet0/2/19.20
vlan-type dot1q 12
mpls l2vc 31.31.31.31 pw-template eth 600
#
#
ip ip-prefix CSG31 index 10 permit 31.31.31.31 32
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match ip-prefix CSG31
apply mpls-label
#
#
ip ip-prefix CSG31 index 10 permit 31.31.31.31 32
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match ip-prefix CSG31
apply mpls-label
#
#
ip ip-prefix CSG1 index 10 permit 1.1.1.1 32
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match ip-prefix CSG1
apply mpls-label
#
#
ip ip-prefix CSG1 index 10 permit 1.1.1.1 32
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match ip-prefix CSG1
apply mpls-label
#
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
mpls l2vpn
#
pw-template
eth
control-word
tnl-policy IPRAN
#
interface GigabitEthernet0/2/19.20
vlan-type dot1q 12
mpls l2vc 1.1.1.1 pw-template eth 600
#
CSG2 CSG32
ASG4 ASBR 2 ASBR 4 ASBR6 ASBR 8 ASG34
SS-PW
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match ip-prefix CSG31
apply mpls-label
#
#
ip ip-prefix CSG1 index 10 permit 1.1.1.1 32
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match ip-prefix CSG1
apply mpls-label
#
#
ip ip-prefix CSG1 index 10 permit 1.1.1.1 32
#
route-policy ipv4-to-csg permit node 30
if-match mpls-label
if-match ip-prefix CSG1
apply mpls-label
#
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
mpls l2vpn
#
pw-template tdm
control-word
tnl-policy IPRAN
jitter-buffer depth 4
tdm-encapsulation-number 8
#
controller E1 0/2/3
using e1
#
interface Serial0/2/3:0
link-protocol tdm
mpls l2vc 1.1.1.1 pw-template tdm 1000
mpls l2vpn oam-mapping
#
In the HVPN+Labeled BGP sub-solution, the H-VPLS (VLLs for VPLS) solution is used to
carry MP2MP L2 enterprise services.
Enterprise
CSG1 ASG3 ASBR 1 ASBR 3 Core
layer ASBR5 ASBR7 ASG33 CSG31 Enterprise
customer
Aggregation layer IGP domain Aggregation layer customer
IGP domain IGP domain
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP VPN
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
mpls l2vpn
#
interface GigabitEthernet0/2/19
undo dcn
#
interface GigabitEthernet0/2/19.600
undo shutdown
vlan-type dot1q 600
mpls l2vc 3.3.3.3 603 tunnel-policy IPRAN
mpls l2vc 4.4.4.4 604 tunnel-policy IPRAN secondary
mpls l2vpn redundancy master
mpls l2vpn reroute delay 500
#
bfd pw_603 bind pw interface GigabitEthernet0/2/19.600 remote-peer 3.3.3.3 pw-ttl
auto-calculate
discriminator local 55
discriminator remote 56
min-tx-interval 50
min-rx-interval 50
commit
#
#
vsi vsi_600 static
pwsignal ldp
vsi-id 600
mac-withdraw enable
upe-npe mac-withdraw enable
peer 4.4.4.4 tnl-policy IPRAN
peer 33.33.33.33 tnl-policy IPRAN
peer 34.34.34.34 tnl-policy IPRAN
peer 1.1.1.1 negotiation-vc-id 601 tnl-policy IPRAN upe ignore-standby-state
peer 2.2.2.2 negotiation-vc-id 603 tnl-policy IPRAN upe ignore-standby-state
ignore-ac-state
isolate spoken
#
bfd pw_601 bind pw vsi vsi_600 peer 1.1.1.1 vc-id 601 remote-peer 1.1.1.1 pw-ttl
auto-calculate
discriminator local 46
discriminator remote 45
min-tx-interval 50
min-rx-interval 50
commit
#
bfd pw_603 bind pw vsi vsi_600 peer 2.2.2.2 vc-id 603 remote-peer 2.2.2.2 pw-ttl
auto-calculate
discriminator local 56
discriminator remote 55
min-tx-interval 50
min-rx-interval 50
commit
#
#
vsi vsi_600 static
pwsignal ldp
vsi-id 600
mac-withdraw enable
upe-npe mac-withdraw enable
peer 3.3.3.3 tnl-policy IPRAN
peer 33.33.33.33 tnl-policy IPRAN
peer 34.34.34.34 tnl-policy IPRAN
peer 1.1.1.1 negotiation-vc-id 602 tnl-policy IPRAN upe ignore-standby-state
peer 2.2.2.2 negotiation-vc-id 604 tnl-policy IPRAN upe ignore-standby-state
ignore-ac-state
isolate spoken
#
remote-ip 34.34.34.34
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
mpls
l2vpn
#
vsi vsi_600 static
pwsignal ldp
vsi-id 600
mac-withdraw enable
upe-npe mac-withdraw enable
peer 34.34.34.34 tnl-policy IPRAN
peer 3.3.3.3 tnl-policy IPRAN
peer 4.4.4.4 tnl-policy IPRAN
peer 31.31.31.31 negotiation-vc-id 605 tnl-policy IPRAN upe ignore-standby-state
ignore-ac-state
isolate spoken
#
bfd pw_605 bind pw vsi vsi_600 peer 31.31.31.31 vc-id 605 remote-peer 31.31.31.31
pw-ttl auto-calculate
discriminator local 46
discriminator remote 45
min-tx-interval 50
min-rx-interval 50
commit
#
#
vsi vsi_600 static
pwsignal ldp
vsi-id 600
mac-withdraw enable
upe-npe mac-withdraw enable
peer 33.33.33.33 tnl-policy IPRAN
peer 3.3.3.3 tnl-policy IPRAN
peer 4.4.4.4 tnl-policy IPRAN
peer 31.31.31.31 negotiation-vc-id 606 tnl-policy IPRAN upe ignore-standby-state
ignore-ac-state
isolate spoken
#
Enterprise ASG
CSG1 ASG ASBR 1 ASBR 3 ASBR5 ASBR 1 CSG31
customer Access layer Aggregation layer Access layer Enterprise
Aggregation layer Core layer
IGP domain IGP domain IGP domain customer
IGP domain IGP domain
VPLS
VPN TE / LDP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP BGP LSP TE/ LDP LSP TE / LDP LSP
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
#
mpls ldp remote-peer 32.32.32.32
remote-ip 32.32.32.32
#
mpls l2vpn
#
vsi vsi_700 static
pwsignal ldp
vsi-id 700
peer 1.1.1.1 negotiation-vc-id 702 tnl-policy IPRAN
peer 2.2.2.2 negotiation-vc-id 704 tnl-policy IPRAN
peer 32.32.32.32 negotiation-vc-id 706 tnl-policy IPRAN
#
interface GigabitEthernet0/2/19.700
vlan-type dot1q 700
l2 binding vsi vsi_700
#