Вы находитесь на странице: 1из 12

Internal

ODC011002 MPLS L3 VPN Configuration


ISSUE 1.3
www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

This slides will introduce MPLS L3 VPN configuration commands, typical cases, debugging and troubleshooting.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 2

Upon completion of this course, you will be able to: Know configuration of MPLS L3 VPN Know how to debug MPLS L3 VPN Know how to troubleshoot MPLS L3 VPN

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 3

Chapter 1 MPLS L3 VPN Configuration Chapter 2 MPLS L3 VPN Configuration Example Chapter 3 MPLS L3 VPN Debugging Chapter 4 MPLS L3 VPN Troubleshooting

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 4

MPLS L3 VPN Configuration Steps


Basic Configuration MPLS Function
Enable LDP with system and interface IP address, IGP, make sure that PE-PE IP reachable

Enable MPLS with system and interface

LDP Function

Define VPN

PE-PE MP-BGP Function PE-CE Routing Protocol

BGP Peer, Active remote PE and route import Static, EBGP, OSPF, or RIP

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 5

MPLS VPN (L3) Configuration Steps


To configure BGP/MPLS VPN, you need to: Configure basic information on PE, CE and P. Establish the logical or physical link with IP capabilities from PE to PE. Advertise and update VPN information. BGP/MPLS VPN configuration includes: Define VPN Instance Configure PE-CE Routing Protocol Configure PE-PE Routing Protocol

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 6

VPN name and RD RT, bind to interface

Define VPN Instance


Establish and enter VPN instance view [system-view] ip vpn-instance vpn_name Establish RD [vrf-view] for vpn-instance route-distinguisher route-distinguisher Establish vpn-target community for vpn-instance [vrf-view] vpn-target vpn-target-ext-community [ import-extcommunity | export-extcommunity | both ] Associate the interface with vpn-instance [interface-view] ip binding vpn-instance vpn-instance-name

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 7

Configure PE-PE Routing Protocol


Establish public network BGP neighbor (refer BGP configuration) Using Loopback address to create TCP connection between PEs [BGP-view] peer peer-address connect-interface loopback interfacenumber Enter MBGP VPNv4 address-family view [BGP-view] ipv4-family vpnv4 [ unicast ] Activate MBGP peer entity [vpnv4 family view] peer { group-name | peer-address } enable

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 8

Configure PE-CE Routing Protocol


Configure link between PE and CE via static routing ip route-static vpn-instance vpn-instance-name prefix mask [ next-hop-address ] [ interface { interface-number } ] [ public | preference preference | blackhole | reject ] Configure route information exchange between PE and CE via EBGP Enter BGP VPN address family view ipv4-family vpn-instance vpn-instance-name Configure the AS number of the specific neighbour peer peer-address as-number as-number Import direct routing import-route direct Allow route loopback peer ip-address allow-as-loop asn-limit
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 9

Configure PE-CE Routing Protocol


Configure route information exchange between PE and CE via RIP Create PE-CE RIP instance and enter RIP view rip [ process-id ] vpn-instance vpn-instance-name Configure route information exchange between PE and CE via OSPF Create PE-CE OSPF instance and enter OSPF view ospf [ process-id ] [ router-id router-id ] [ vpn-instance vpninstance-name ] By default, one router can run 1024 OSPF processes at most; one VPN can start 10 OSPF processes at most.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 10

Chapter 1 MPLS L3 VPN Configuration Chapter 2 MPLS L3 VPN Configuration Example Chapter 3 MPLS L3 VPN Debugging Chapter 4 MPLS L3 VPN Troubleshooting

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 11

MPLS/VPN Configuration (1)


Ethernet 2/0/0: Pos1/0/0: 172.1.1.1/16
Loopback0:

Pos1/0/0

P Loopback 0: PE-2

168.1.1.2/16 -1 PE
Ethernet 1/0/0: 168.1.1.1/16
CE-1

202.100.0.1/32

200.10.0.1/16
CE-2

AS100
AS 2

AS 1

PE1 Configuration

Configure vpn-instance.
[PE1] ip vpn-instance vpna [PE1-vpn-instance] routedistinguisher 100:1 [PE1-vpn-instance] vpn-target 100:1 both [PE1-vpn-instance] vpn-target 100:2 import-extcommunity [PE1-vpn-instance] vpn-target 100:3 export-extcommunity
Page 12

Configure MPLS basic function.


[PE1] mpls lsr-id 172.1.1.1 [PE1] mpls [PE1] mpls ldp [PE1] interface Pos 1/0/0 [PE1-Pos/0/0] mpls [PE1-Pos/0/0] mpls ldp
All rights reserved

HUAWEI TECHNOLOGIES CO., LTD.

MPLS/VPN Configuration (2)


Interface Configuration [PE1] interface loopback0 [PE1-LoopBack 0] ip address 202.100.0.1 255.255.255.255 [PE1] interface ethernet 1/0/0 [PE1-Ethernet1/0/0] ip binding vpn-instance vpna [PE1-Ethernet1/0/0] ip address 168.1.1.2 255.255.0.0 [PE1] interface pos1/0/0 [PE1-Pos1/0/0] ip address 172.1.1.1 255.255.0.0 Configure PE-CE BGP. [PE1] bgp 100 [PE1-bgp] import-route direct [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-af-vpn-instance] peer 168.1.1.1 as-number 1

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 13

MPLS/VPN Configuration (3)


Configure PE-PE BGP [PE1] bgp 100 [PE1-bgp] peer 200.10.0.1 as-number 100 [PE1-bgp] peer 200.10.0.1 connect-interface loopback0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 200.10.0.1 enable Configure OSPF [PE1] ospf [PE1-ospf] area 0 [PE1-ospf-area-0.0.0.0] network 172.1.0.0 0.0.255.255 [PE1-ospf-area-0.0.0.0] network 202.10.0.1 0.0.0.0 [PE1-ospf] import-route direct
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 14

Chapter 1 MPLS L3 VPN Configuration Chapter 2 MPLS L3 VPN Configuration Example Chapter 3 MPLS L3 VPN Debugging Chapter 4 MPLS L3 VPN Troubleshooting

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 15

Display VPN address information from BGP table


display bgp [ vpnv4 { all | route-distinguisher rd-value | vpninstance vpn-instance-name } ] peer

[NE80]display bgp vpnv4 all peer Peer AS-number Ver Queued-Tx Msg-Rx Msg-Tx Up/Down State 40.0.0.8 100 4 0 1 0 100h48m Established

Check the state

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 16

Display the IP routing table of vpn-instance


display ip routing-table vpn-instance vpn-instance-name [ verbose ] [NE80] display ip routing-table vpn-instance vpn-instance1 Routing Table: vpn-instance1 RD: 1233:11 Destination/Mask Proto Pre Metric Nexthop Interface 192.1.1.0/24 Direct 0 0 192.1.1.1 GigabitEthernet1/0/0 192.1.1.1/32 Direct 0 0 127.0.0.1 InLoopBack0 192.1.1.255/32 Direct 0 0 127.0.0.1 InLoopBack0

VPN instance name

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 17

Chapter 1 MPLS L3 VPN Configuration Chapter 2 MPLS L3 VPN Configuration Example Chapter 3 MPLS L3 VPN Debugging Chapter 4 MPLS L3 VPN Troubleshooting

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 18

MPLS/VPN Trouble-shooting
MPLS/VPN message forwarding is based on LSP, and LSP is attached to the route, so you should locate the fault in this way: check route first and then label; check private network first and then public network.
N N N Y N N N
Check private network route Check BGP neighbourhood Check public network route Check public network IGP configuration

Check private network label

Dial 800 hotline for help

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 19

MPLS/VPN Trouble-shooting
N
Check private network route Check BGP neighbourhood Check public network route Check public network IGP configuration

Check private network route: Check the VRF of the PE routers of two ends respectively to check whether there is a VRF route of the opposite end. Command display ip routing-table vpn-instance Check BGP neighborhood: Whether neighbor state machine is in Established state Command: display bgp vpnv4 all peer Check public network route: Does every device in public network LSP path have an accurate route of the opposite end PE loopback address? (It must be a 32-bit mask) Check the IGP configuration of the public network: Whether the route of PE loopback address is released via IGP
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 20

Check public network label

Check LDP neighbour

Check MPLS configuration

Check MBGP and the opposite end PE-CE routing protocol configuration

Check BGP configuration

Y Y Y

Y Y Y

Y Y N

10

MPLS/VPN Trouble-shooting
N N N
Check private network label Check MBGP and the opposite end PE-CE routing protocol configuration Check BGP configuration

Check private network label: Check whether the private network label of the local PE router is distributed by the opposite PE? Check MBGP and the opposite end PE-CE routing protocol configuration For every VRF, should the VRF route be released into BGP? Whether to enable ordinary neighbors to transmit vpnv4 route? Check BGP configuration: Check whether the ordinary BGP configures BGP neighbors correctly?

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 21

MPLS/VPN Trouble-shooting
N
Check public network label Check LDP neighbors Check MPLS configuration

Check public network label: Check whether every device in LSP is distributed by the two PE loopback addresses Public network label, related commands: display mpls lsp brief Check whether the in-label of every device is the out-label of its next-hop? Check LDP neighbors: Check whether LDP session is correctly established between two adjacent PE or P routers. Related command: display mpls ldp session Session State: Operational Check MPLS configuration Check whether the device enables MPLS globally and enables LDP at corresponding interface. Global command: mpls lsr-id 10.5.80.250 mpls ldp Start LDP Session at interface interface Ethernet4/1/0 mpls ldp enable

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 22

11

Summary
This chapter describes the configuration, debugging and troubleshooting of MPLS VPN (L3).

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 23

Thank You
www.huawei.com

12