HP 10500 series User manual
HP 10500 Switch Series
MPLS
Configuration Guide
Part number: 5998-3861
Software version: Release 2105 and later
Document version: 6W100-20130515
Legal and notice information
© Copyright 2013 Hewlett-Packard Development Company, L.P.
No part of this documentation may be reproduced or transmitted in any form or by any means without
prior written consent of Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS
MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained
herein or for incidental or consequential damages in connection with the furnishing, performance, or
use of this material.
The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or omissions contained
herein.
i
Contents
Configuring MCE ························································································································································· 1
MCE overview ···································································································································································1
MPLS L3VPN overview·············································································································································1
MPLS L3VPN concepts ·············································································································································2
MCE···········································································································································································3
How MCE works ······················································································································································4
Configuring VPN instances on an MCE device·············································································································5
Configuring routing on an MCE device ·························································································································6
Configuration prerequisites ·····································································································································7
Configuring routing between an MCE and a VPN site························································································7
Configuring routing between an MCE and a PE ······························································································· 13
Displaying and maintaining MCE································································································································ 17
MCE configuration examples ······································································································································· 17
Using OSPF to advertise VPN routes to the PE··································································································· 17
Using BGP to advertise VPN routes to the PE····································································································· 23
Configuring IPv6 MCE···············································································································································28
Overview········································································································································································· 28
Configuring VPN instances on an IPv6 MCE device ································································································· 28
Creating a VPN instance······································································································································ 28
Associating a VPN instance with an interface ··································································································· 28
Configuring route attributes for a VPN instance ································································································ 29
Configuring routing on an IPv6 MCE device·············································································································· 30
Configuring routing between an IPv6 MCE and a VPN site ············································································ 30
Configuring routing between an IPv6 MCE and a PE······················································································· 35
Displaying information about IPv6 MCE ····················································································································· 38
IPv6 MCE configuration example································································································································· 38
Configuring basic MPLS ············································································································································45
Overview········································································································································································· 45
Basic concepts ······················································································································································· 45
MPLS network architecture ··································································································································· 46
LSP establishment··················································································································································· 47
MPLS forwarding ··················································································································································· 48
PHP·········································································································································································· 48
Protocols and standards ······································································································································· 49
MPLS configuration task list··········································································································································· 49
Enabling MPLS································································································································································ 49
Configuring MPLS MTU ················································································································································· 50
Specifying the label type advertised by the egress···································································································· 50
Configuring TTL propagation········································································································································ 51
Enabling sending MPLS TTL-expired messages··········································································································· 52
Displaying and maintaining MPLS ······························································································································· 53
Configuring a static LSP·············································································································································54
Overview········································································································································································· 54
Configuration prerequisites··········································································································································· 54
Configuration procedure··············································································································································· 54
Displaying static LSPs····················································································································································· 55
Static LSP configuration example ································································································································· 55
ii
Configuring LDP ·························································································································································58
Overview········································································································································································· 58
Terminology ··························································································································································· 58
LDP messages························································································································································· 58
LDP operation························································································································································· 59
Label distribution and control······························································································································· 60
LDP GR···································································································································································· 62
Protocols ································································································································································· 63
LDP configuration task list·············································································································································· 63
Enabling LDP··································································································································································· 64
Enabling LDP globally··········································································································································· 64
Enabling LDP on an interface······························································································································· 64
Configuring Hello parameters ······································································································································ 64
Configuring LDP session parameters···························································································································· 65
Configuring LDP backoff ··············································································································································· 66
Configuring LDP MD5 authentication ·························································································································· 67
Configuring an LSP generation policy ························································································································· 67
Configuring the LDP label distribution control mode·································································································· 68
Configuring a label advertisement policy ··················································································································· 68
Configuring a label acceptance policy ······················································································································· 69
Configuring LDP loop detection···································································································································· 70
Configuring LDP session protection······························································································································ 71
Configuring LDP GR······················································································································································· 72
Resetting LDP sessions···················································································································································· 72
Displaying and maintaining LDP ·································································································································· 72
LDP configuration examples·········································································································································· 73
LDP LSP configuration example···························································································································· 73
Label acceptance control configuration example ······························································································ 76
Label advertisement control configuration example ·························································································· 80
Configuring tunnel policies········································································································································85
Overview········································································································································································· 85
Configuring a tunnel policy ·········································································································································· 85
Displaying tunnel information ······································································································································· 86
Tunnel policy configuration example ··························································································································· 86
Configuring MPLS L3VPN··········································································································································87
Overview········································································································································································· 87
Basic MPLS L3VPN architecture··························································································································· 87
MPLS L3VPN concepts ·········································································································································· 87
MPLS L3VPN route advertisement························································································································ 89
MPLS L3VPN packet forwarding·························································································································· 90
MPLS L3VPN networking schemes······················································································································· 91
Inter-AS VPN ·························································································································································· 93
Carrier's carrier ····················································································································································· 96
Nested VPN ··························································································································································· 98
HoVPN··································································································································································100
OSPF VPN extension···········································································································································102
BGP AS number substitution·······························································································································103
MPLS L3VPN configuration task list····························································································································104
Configuring basic MPLS L3VPN ·································································································································104
Configuration prerequisites ································································································································105
Configuring VPN instances ································································································································105
Configuring routing between a PE and a CE···································································································107
Configuring routing between PEs ······················································································································111
iii
Configuring BGP VPNv4 route control ·············································································································112
Configuring inter-AS VPN ···········································································································································114
Configuring inter-AS option A····························································································································114
Configuring inter-AS option B ····························································································································114
Configuring inter-AS option C····························································································································115
Configuring nested VPN··············································································································································117
Configuring HoVPN·····················································································································································118
Specifying the VPN label processing mode on the egress PE·················································································119
Configuring BGP AS number substitution··················································································································119
Displaying and maintaining MPLS L3VPN ················································································································120
MPLS L3VPN configuration examples························································································································121
Configuring basic MPLS L3VPN ························································································································121
Configuring an MPLS L3VPN over a GRE tunnel·····························································································129
Configuring MPLS L3VPN inter-AS option A ····································································································133
Configuring MPLS L3VPN inter-AS option B·····································································································138
Configuring MPLS L3VPN inter-AS option C ····································································································143
Configuring MPLS L3VPN carrier's carrier ·······································································································149
Configuring nested VPN·····································································································································157
Configuring HoVPN ············································································································································167
Configuring BGP AS number substitution ·········································································································174
Configuring IPv6 MPLS L3VPN ······························································································································ 179
Overview·······································································································································································179
IPv6 MPLS L3VPN packet forwarding ···············································································································180
IPv6 MPLS L3VPN routing information advertisement ·····················································································180
IPv6 MPLS L3VPN network schemes and functions··························································································181
IPv6 MPLS L3VPN configuration task list ···················································································································181
Configuring basic IPv6 MPLS L3VPN·························································································································181
Configuring VPN instances ································································································································182
Configuring routing between a PE and a CE···································································································184
Configuring routing between PEs ······················································································································187
Configuring BGP VPNv6 route control ·············································································································188
Configuring inter-AS IPv6 VPN···································································································································189
Configuring inter-AS IPv6 VPN option A ··········································································································190
Configuring inter-AS IPv6 VPN option C ··········································································································190
Displaying and maintaining IPv6 MPLS L3VPN········································································································191
IPv6 MPLS L3VPN configuration examples ···············································································································193
Configuring IPv6 MPLS L3VPNs·························································································································193
Configuring an IPv6 MPLS L3VPN over a GRE tunnel ····················································································200
Configuring IPv6 MPLS L3VPN inter-AS option A····························································································204
Configuring IPv6 MPLS L3VPN inter-AS option C····························································································209
Configuring IPv6 MPLS L3VPN carrier's carrier·······························································································216
Configuring MPLS L2VPN······································································································································· 224
Hardware compatibility···············································································································································224
Overview·······································································································································································224
Basic concepts of MPLS L2VPN ·························································································································224
MPLS L2VPN network structure ··························································································································224
MPLS L2VPN connection establishment ············································································································225
Ethernet over MPLS··············································································································································226
PW redundancy···················································································································································226
Multi-segment PW················································································································································227
MPLS L2VPN configuration task list····························································································································229
Enabling L2VPN ···························································································································································230
Configuring an AC ······················································································································································230
iv
Configuring a Layer 2 Ethernet interface··········································································································230
Configuring a service instance on a Layer 2 Ethernet interface·····································································231
Configuring a cross-connect ·······································································································································231
Configuring a PW························································································································································232
Configuring a PW class······································································································································232
Configuring a static PW ·····································································································································232
Configuring an LDP PW······································································································································232
Binding an AC to a cross-connect······························································································································233
Configuring PW redundancy······································································································································233
Configure static PW redundancy ······················································································································234
Configure LDP PW redundancy ·························································································································234
Displaying and maintaining MPLS L2VPN ················································································································235
MPLS L2VPN configuration examples························································································································235
Configuring a static PW ·····································································································································235
Configuring an LDP PW (VLAN mode) ·············································································································240
Configuring an LDP PW (flexible mode)···········································································································244
Configuring LDP PW redundancy······················································································································248
Configuring an intra-domain multi-segment PW ······························································································253
Configuring an inter-domain multi-segment PW ······························································································257
Configuring VPLS ···················································································································································· 264
Hardware compatibility···············································································································································264
Overview·······································································································································································264
Basic VPLS architecture·······································································································································264
VPLS implementation···········································································································································265
PE dual homing····················································································································································267
VPLS configuration task list··········································································································································268
Enabling L2VPN ···························································································································································269
Configuring an AC ······················································································································································269
Configuring a VSI ························································································································································270
Configuring a PW························································································································································270
Configuring a PW class······································································································································270
Configuring a static PW ·····································································································································270
Configuring an LDP PW······································································································································271
Binding an AC to a VSI···············································································································································271
Configuring PE dual homing·······································································································································272
Configuring a dual-homed PE with redundant static PWs ··············································································272
Configuring a dual-homed PE with redundant LDP PWs·················································································273
Configuring MAC address learning···························································································································273
Displaying and maintaining VPLS ······························································································································273
VPLS configuration examples······································································································································274
Static PW configuration example ······················································································································274
LDP PW configuration example ·························································································································278
Support and other resources ·································································································································· 283
Contacting HP ······························································································································································283
Subscription service ············································································································································283
Related information······················································································································································283
Documents····························································································································································283
Websites·······························································································································································283
Conventions ··································································································································································284
Index ········································································································································································ 286
1
Configuring MCE
This chapter covers Multi-VPN-Instance CE (MCE) configuration only. For information about routing
protocols, see Layer 3—IP Services Configuration Guide.
MCE overview
MPLS L3VPN overview
MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to
forward VPN packets over the service provider backbone.
MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS
QoS and MPLS TE.
MPLS L3VPN comprises the following types of devices:
•Customer edge (CE) device—A CE resides at the edge of a customer network and has one or more
interfaces directly connected to a service provider network. It can be a router, a switch, or a host.
It can neither "sense" the presence of any VPN nor does it need to support MPLS.
•Provider edge (PE) device—A PE resides at the edge of a service provider network and connects
one or more CEs. On an MPLS network, all VPN services are processed on the PEs.
•Provider (P) device—A P device is a core device on a service provider network. It is not directly
connected to any CE. It has only basic MPLS forwarding capability.
Figure 1 Network diagram for MPLS L3VPN
CEs and PEs mark the boundary between the service provider network and the customers.
After a CE establishes an adjacency with a directly connected PE, it advertises its VPN routes to the PE
and learns remote VPN routes from the PE. A CE and a PE can use BGP, an IGP, or static routing to
exchange routing information.
VPN 1
CE
Site 1
VPN 2
CE
CE
CE
Site 3
VPN 2
PE
VPN 1
Site 2
Site 4
PE
PE
PP
PP
2
After a PE learns VPN routing information from a CE, it uses BGP to advertise the VPN routing information
to other PEs. A PE maintains routing information for only directly connected VPNs, rather than all VPNs
on the provider network.
A P router maintains only routes to PEs and does not deal with VPN routing information.
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching
Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs.
MPLS L3VPN concepts
Site
A site has the following features:
•A site is a group of IP systems with IP connectivity that does not rely on any service provider network.
•The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions, though the devices at a site are, in most cases, adjacent to each other
geographically.
•The devices at a site can belong to multiple VPNs, which means a site can belong to multiple VPNs.
•A site is connected to a provider network through one or more CEs. A site can contain many CEs,
but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by policies. Only the
sites in the same set can access each other through the provider network. Such a set is called a VPN.
Address space overlapping
Each VPN independently manages its address space.
The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on
subnet 10.110.10.0/24, address space overlapping occurs.
VPN instance
In MPLS VPN, routes of different VPNs are identified by VPN instance.
A PE creates and maintains a separate VPN instance for each directly connected site. Each VPN instance
contains the VPN membership and routing rules of the corresponding site. If a user at a site belongs to
multiple VPNs at the same time, the VPN instance of the site contains information about all the VPNs.
For independence and security of VPN data, each VPN instance on a PE maintains a routing table and
a label forwarding information base (LFIB). VPN instance information contains the following items: the
LFIB, IP routing table, interfaces bound to the VPN instance, and administration information of the VPN
instance. The administration information of the VPN instance includes the route distinguisher (RD), route
filtering policy, and member interface list.
VPN-IPv4 address
MPLS L3VPN adds an RD field before an IPv4 address to change the IPv4 address to a VPN-IPv4 address.
PEs use MP-BGP to advertise VPN routes with VPN-IPv4 addresses.
A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte
IPv4 address prefix.
3
Figure 2 VPN-IPv4 address structure
The MCE device does not support advertising VPN routes through MP-BGP. However, to run BGP VPN
instances on the MCE device, you must configure a unique RD for each VPN instance to distinguish
between the VPN instances.
An RD can be in one of the following formats distinguished by a 2-byte Type field:
•When the value of the Type field is 0, the Administrator subfield occupies two bytes, the Assigned
number subfield occupies four bytes, and the RD format is 16 - b i t A S n u m b e r :32-bit user-defined
number. For example, 100:1.
•When the value of the Type field is 1, the Administrator subfield occupies four bytes, the Assigned
number subfield occupies two bytes, and the RD format is 32-bit IPv4 address:16-bit user-defined
number. Fo r e xa m p l e , 172.1.1.1:1.
•When the value of the Type field is 2, the Administrator subfield occupies four bytes, the Assigned
number subfield occupies two bytes, and the RD format is 32-bit AS number:16-bit user-defined
number, where the minimum value of the AS number is 65536. For example, 65536:1.
To guarantee global uniqueness for an RD, do not set the Administrator subfield to any private AS
number or private IP address.
Route target attributes
MPLS L3VPN uses the BGP extended community attributes called route target attributes or route target
attributes, to control the advertisement of VPN routing information.
A VPN instance on a PE supports the following types of route target attributes:
•Export target attribute—A PE sets the export attribute for VPN-IPv4 routes learned from directly
connected sites before advertising them to other PEs.
•Import target attribute—A PE checks the export target attribute of VPN-IPv4 routes received from
other PEs. If the export target attribute matches the import target attribute of the VPN instance, the
PE adds the routes to the VPN routing table.
In other words, route target attributes define which sites can receive a VPN-IPv4 route, and from which
sites that a PE can receive routes.
Similar to RDs, route target attributes can be one of the following formats:
•16 - b i t A S n u m b e r :32-bit user-defined number. For example, 100:1.
•32-bit IPv4 address:16-bit user-defined number. Fo r e x a mp l e , 172.1.1.1:1.
•32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536.
For example, 65536:1.
MCE
BGP/MPLS VPN transmits private network data through MPLS tunnels over the public network. However,
the traditional MPLS L3VPN architecture requires each VPN instance use an exclusive CE to connect to a
PE, as shown in Figure 1.
4
For better services and higher security, a private network is usually divided into multiple VPNs to isolate
services. To meet these requirements, you can configure a CE for each VPN, which increases device
expenses and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same
routing table, which sacrifices data security.
Using the Multi-VPN-Instance CE (MCE) function, you can remove the contradiction of low cost and high
security in multi-VPN networks. MCE allows you to bind each VPN with a VLAN interface. The MCE
creates and maintains a separate routing table for each VPN. This separates the forwarding paths for
packets of different VPNs and, in conjunction with the PE, can correctly advertise the routes of each VPN
to the peer PE, ensuring the normal transmission of VPN packets over the public network.
How MCE works
Figure 3 describes how an MCE maintains the routing tables for multiple VPNs and exchanges VPN
routes with PEs.
Figure 3 Network diagram for the MCE function
On the left-side network, there are two VPN sites, both of which are connected to the MPLS backbone
through the MCE device. VPN 1 and VPN 2 on the left-side network must establish a tunnel with VPN 1
and VPN 2 on the right-side network, respectively.
The MCE creates a routing table for VPN 1 and VPN 2 respectively. VLAN-interface 2 is bound to VPN
1 and VLAN-interface 3 is bound to VPN 2. Upon receiving a route, the MCE determines the source of
the route according to the number of the receiving interface, and adds it to the corresponding routing
table.
You must also bind PE 1' interfaces connected to the MCE to the VPNs in the same way. The MCE
connects to PE 1 through a trunk link, which permits packets of VLAN 2 and VLAN 3 with VLAN tags
carried. In this way, PE 1 can determine the VPN a received packet belongs to according to the VLAN
tag of the packet and sends the packet through the corresponding tunnel.
NOTE:
You can configure the DHCP server or DHCP relay agent on the MCE to assign IP addresses for private
DHCP clients, but the IP address spaces for different private networks cannot overlap.
5
Configuring VPN instances on an MCE device
Configuring VPN instances is required in all MCE networking schemes.
VPN instances isolate not only VPN routes from public network routes, but also routes among VPNs. This
feature allows VPN instances to be used in networking scenarios besides MCE.
Creating a VPN instance
You can configure a description for a VPN instance to record its related information, such as its
relationship with a certain VPN.
To create and configure a VPN instance:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Create a VPN instance and
enter VPN instance view. ip vpn-instance vpn-instance-name
By default, no VPN instance is
created.
3. Configure an RD for the VPN
instance.
route-distinguisher
route-distinguisher
By default, no RD is specified for
the VPN instance.
4. (Optional) Configure a
description for the VPN
instance.
description text By default, no description is
configured for the VPN instance.
NOTE:
To configure BGP for a VPN instance on the MCE, you must configure an RD for the VPN instance.
Associating a VPN instance with an interface
After configuring a VPN instance, you must associate the VPN instance with the interfaces connected to
the VPN site or the PE.
To associate a VPN instance with an interface:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enter interface view. interface interface-type
interface-number N/A
3. Associate the current interface
with a VPN instance.
ip binding vpn-instance
vpn-instance-name
By default, no VPN instance is
associated with an interface.
The ip binding vpn-instance
command deletes the IP address of
the current interface. You must
reconfigure an IP address for the
interface after configuring the
command.
Configuring route attributes for a VPN instance
The MCE controls VPN route advertisement as follows:
6
•When a VPN route learned from a site gets redistributed into BGP, BGP associates it with a route
target extended community attribute list, which is usually the export target attribute list of the VPN
instance associated with the site.
•The VPN instance determines which routes it can accept and redistribute according to the
import-extcommunity in the route target.
•The VPN instance determines how to change the route target attributes for advertised routes
according to the export-extcommunity in the route target.
To configure route attributes for a VPN instance:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enter VPN instance view
or IPv4 VPN view
•Enter VPN instance view:
ip vpn-instance vpn-instance-name
•Enter IPv4 VPN view:
a. ip vpn-instance
vpn-instance-name
b. ipv4-family
Configurations in VPN instance
view apply to both IPv4 VPN and
IPv6 VPN.
IPv4 VPN prefers the
configurations in IPv4 VPN view
over the configurations in VPN
instance view.
3. Configure route targets
for the VPN instance.
vpn-target vpn-target&<1-8> [ both |
export-extcommunity |
import-extcommunity ]
By default, no route target is
configured for the VPN instance.
4. (Optional.) Configure
the maximum number of
routes for the VPN
instance.
routing-table limit number
{ warn-threshold | simply-alert }
By default, the maximum route
number is not configured.
This command prevents the VPN
instance from storing too many
routes.
5. (Optional.) Apply a
routing policy to filter
incoming routes for the
VPN instance.
import route-policy route-policy
By default, all routes matching the
import target attribute are
accepted.
Make sure the routing policy has
been configured. For more
information about routing policies,
see Layer 3—IP Routing
Configuration Guide.
6. (Optional.) Apply a
routing policy to filter
outgoing routes for the
VPN instance.
export route-policy route-policy
By default, all routes matching the
export target attribute are
accepted.
Make sure the routing policy has
been configured. For more
information about routing policies,
see Layer 3—IP Routing
Configuration Guide.
Configuring routing on an MCE device
MCE implements service isolation through route isolation. MCE routing configuration includes:
•MCE-VPN site routing configuration
7
•MCE-PE routing configuration
Configuration prerequisites
Before you configure routing on an MCE, complete the following tasks:
•Configure VPN instances, and bind the VPN instances with the interfaces connected to the VPN
sites and the PE.
•Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity.
Configuring routing between an MCE and a VPN site
Configuring static routing between an MCE and a VPN site
An MCE can reach a VPN site through a static route. Static routing on a traditional CE is globally
effective and thus does not support address overlapping among VPNs. An MCE supports binding a static
route with a VPN instance, so that the static routes of different VPN instances can be isolated from each
other.
To configure a static route to a VPN site:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Configure a static route
for a VPN instance.
ip route-static vpn-instance s-vpn-instance-name
dest-address { mask | mask-length } { next-hop-address
[ public ] [ track track-entry-number ] | interface-type
interface-number [ next-hop-address ] | vpn-instance
d-vpn-instance-name next-hop-address [ track
track-entry-number ] } [ permanent ] [ preference
preference-value ] [ tag tag-value ] [ description
description-text ]
Perform this
configuration on the
MCE. On the VPN
site, configure a
normal static route.
3. (Optional.) Configure
the default preference
for static routes.
ip route-static default-preference
default-preference-value
The default setting is
60.
Configuring RIP between an MCE and a VPN site
A RIP process belongs to the public network or a single VPN instance. If you create a RIP process without
binding it to a VPN instance, the process belongs to the public network. Binding RIP processes to VPN
instances can isolate routes of different VPNs.
For more information about RIP, see Layer 3—IP Routing Configuration Guide.
To configure RIP between an MCE and a VPN site:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
8
Ste
p
Command
Remarks
2. Create a RIP process for a
VPN instance and enter RIP
view.
rip [ process-id ]vpn-instance
vpn-instance-name
Perform this configuration on the
MCE. On the VPN site, create a
normal RIP process.
3. Enable RIP on the interface
attached to the specified
network.
network network-address By default, RIP is disabled on an
interface.
4. Redistribute remote site routes
advertised by the PE.
import-route protocol [process-id
| all-processes | allow-ibgp ] [ cost
cost | route-policy
route-policy-name | tag tag ] *
By default, no route is redistributed
into RIP.
5. (Optional.) Configure the
default cost value for the
redistributed routes.
default cost value If you do not specify a default cost
value, the default cost value is 0.
Configuring OSPF between an MCE and a VPN site
An OSPF process can belong to a single VPN instance. If you create an OSPF process without binding
it to a VPN instance, the process belongs to the public network.
Binding OSPF processes to VPN instances can isolate routes of different VPNs.
For more information about OSPF, see Layer 3—IP Routing Configuration Guide.
To configure OSPF between an MCE and a VPN site:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Create an OSPF process for a
VPN instance and enter OSPF
view.
ospf [ process-id | router-id
router-id | vpn-instance
vpn-instance-name ] *
Perform this configuration on the
MCE. On the VPN site, create a
normal OSPF process.
An OSPF process that is bound
with a VPN instance does not use
the public network router ID
configured in system view.
Therefore, you must configure a
router ID when starting the OSPF
process.
An OSPF process can belong to
only one VPN instance, but one
VPN instance can use multiple
OSPF processes to advertise VPN
routes.
9
Ste
p
Command
Remarks
3. (Optional.) Configure the
OSPF domain ID. domain-id domain-id [ secondary ]
The default domain ID is 0.
Perform this configuration only on
the MCE.
The domain ID of an OSPF process
is included in the routes generated
by the process. When an OSPF
route is redistributed into BGP, the
OSPF domain ID is included in the
BGP VPN route and delivered as a
BGP extended community
attribute.
An OSPF process can be
configured with only one domain
ID. Domain IDs of different OSPF
processes are independent of each
other.
All OSPF processes of a VPN must
be configured with the same
domain ID for routes to be correctly
advertised. OSPF processes on PEs
in different VPNs can be
configured with domain IDs as
desired.
4. (Optional.) Configure the type
codes of OSPF extended
community attributes.
ext-community-type { domain-id
type-code1 | router-id type-code2
|route-type type-code3 }
The defaults are as follows:
•0x0005 for Domain ID.
•0x0107 for Router ID.
•0x0306 for Route Type.
5. (Optional.) Configure the
external route tag for
imported VPN routes.
route-tag tag-value
By default, no route tag is
configured.
In some networks, a VPN might be
connected to multiple MCEs.
When one MCE advertise the
routes learned from BGP to the
VPN, the other MCEs might learn
the routes, resulting in routing
loops. To avoid such routing loops,
you can configure route tags for
VPN instances on an MCE. HP
recommends that you configure the
same route tag for the same VPN
on the MCEs.
6. Redistribute remote site routes
advertised by the PE.
import-route protocol [ process-id
|all-processes | allow-ibgp ] [ cost
cost | route-policy
route-policy-name | tag tag | type
type ] *
By default, OSPF does not
redistribute routes from any other
routing protocol.
10
Ste
p
Command
Remarks
7. (Optional.) Configure OSPF
to redistribute the default
route.
default-route-advertise summary
cost cost
By default, OSPF does not
redistribute the default route.
This command redistributes the
default route in a Type-3 LSA. The
MCE advertises the default route to
the site.
8. Create an OSPF area and
enter OSPF area view. area area-id By default, no OSPF area is
created.
9. Enable OSPF on the interface
attached to the specified
network in the area.
network ip-address wildcard-mask By default, an interface does not
run OSPF.
Configuring IS-IS between an MCE and a VPN site
An IS-IS process belongs to the public network or a single VPN instance. If you create an IS-IS process
without binding it to a VPN instance, the process belongs to the public network.
Binding IS-IS processes to VPN instances can isolate routes of different VPNs.
For more information about IS-IS, see Layer 3—IP Routing Configuration Guide.
To configure IS-IS between an MCE and a VPN site:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Create an IS-IS process for a
VPN instance and enter IS-IS
view.
isis [ process-id ]vpn-instance
vpn-instance-name
Perform this configuration on the
MCE. On the VPN site, configure a
normal IS-IS process.
3. Configure a network entity
title. network-entity net By default, no NET is configured.
4. (Optional.) Redistribute
remote site routes advertised
by the PE.
import-route protocol [ process-id
|all-processes |allow-ibgp ] [ cost
cost | cost-type { external |
internal } | [ level-1 | level-1-2 |
level-2 ] | route-policy
route-policy-name | tag tag ] *
By default, IS-IS does not
redistribute routes of any other
routing protocol.
If you do not specify the route level
in the command, the command
redistributes routes to the level-2
routing table by default.
5. Return to system view. quit N/A
6. Enter interface view. interface interface-type
interface-number N/A
7. Enable the IS-IS process on
the interface. isis enable [ process-id ] By default, IS-IS is disabled.
Configuring EBGP between an MCE and a VPN site
To run EBGP between an MCE and VPN sites, you must configure a BGP peer for each VPN instance on
the MCE, and redistribute the IGP routes of each VPN instance on the VPN sites.
Routes redistributed from OSPF to BGP on the MCE do not carry OSPF attributes. To enable BGP to
distinguish routes redistributed from different OSPF domains, you must enable the redistributed routes to
11
carry the OSPF domain ID by configuring the domain-id command in OSPF view. The domain ID is
added to BGP VPN routes as an extended community attribute.
1. Configure the MCE:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enter BGP view. bgp as-number N/A
3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name
N/A
4. Specify an EBGP peer or peer
group.
peer { group-name |ip-address }
as-number as-number
By default, no BGP peer or peer
group is specified.
5. Create and enter BGP-VPN
IPv4 address family view. ipv4-family [unicast ]N/A
6. Enable exchange of IPv4
unicast routes with the
specified peer or peer group.
peer { group-name |ip-address }
enable
BGP cannot exchange IPv4 unicast
routes with any peer or peer
group.
7. Allow routing loops: allow the
local AS number to appear in
the AS_PATH attribute of
routes received from the peer
or peer group and specify the
maximum appearance times.
peer { group-name |ip-address }
allow-as-loop [ number ]
By default, the local AS number is
not allowed to appear in the
AS_PATH attribute of routes from a
peer or peer group.
BGP checks routing loops by
examining AS numbers. When
EBGP is used, the MCE advertises
routing information carrying the
local AS number to the site and
then receives routing updates from
the site. The routing updates carry
the AS number of the MCE, so the
MCE discards them to avoid
routing loops. To enable the MCE
to receive such routes, configure
the MCE to allow routing loops.
8. Redistribute remote site routes
advertised by the PE.
import-route protocol [ { process-id
|all-processes } [ med med-value |
route-policy route-policy-name ] * ]
By default, BGP does not
redistribute routes from any other
routing protocol.
9. (Optional.) Configure a
filtering policy to filter
advertised routes.
filter-policy { acl-number |
prefix-list ip-prefix-name } export
[ direct | isis process-id | ospf
process-id | rip process-id | static ]
By default, BGP does not filter
advertised routes.
10. (Optional.) Configure a
filtering policy to filter
received routes.
filter-policy { acl-number |
prefix-list ip-prefix-name } import
By default, BGP does not filter
received routes.
2. Configure the VPN site:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enable BGP and enter BGP
view. bgp as-number By default, BGP is disabled.
12
Ste
p
Command
Remarks
3. Configure the MCE as an
EBGP peer.
peer { group-name |ip-address }
as-number as-number
By default, no BGP peer or peer
group is configured.
4. Create and enter BGP-VPN
IPv4 address family view. ipv4-family [unicast ]N/A
5. Enable BGP to exchange IPv4
unicast routing information
with the specified peer or
peer group.
peer { group-name |ip-address }
enable
By default, BGP does not exchange
IPv4 unicast routing information
with any peer or peer group.
6. Redistribute the IGP routes of
the VPN.
import-route protocol [ process-id ]
[ med med-value | route-policy
route-policy-name ] *
By default, BGP does not
redistribute any IGP routes.
A VPN site must advertise the VPN
network addresses it can reach to
the connected MCE.
Configuring IBGP between an MCE and a VPN site
To run IBGP between an MCE and VPN sites, you must configure a BGP peer for each VPN instance on
the MCE, and redistribute the IGP routes of each VPN instance on the VPN sites.
1. Configure the MCE:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enter BGP view. bgp as-number N/A
3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name
N/A
4. Specify an EBGP peer or peer
group.
peer { group-name |ip-address }
as-number as-number
By default, no BGP peer or peer
group is specified.
5. Create and enter BGP-VPN
IPv4 address family view. ipv4-family [unicast ]N/A
6. Enable exchange of IPv4
unicast routes with the
specified peer or peer group.
peer { group-name |ip-address }
enable
BGP cannot exchange IPv4 unicast
routes with any peer or peer
group.
7. (Optional.) Configure the
MCE as a route reflector and
configure the peer or peer
group (VPN site) as a client.
peer { group-name |ip-address }
reflect-client
By default, no RR or RR client is
configured.
To enable the MCE to forward
routes received from the VPN site to
other IBGP peers (including VPNv4
peers), you must configure the MCE
as a route reflector and configure
the VPN site as a client.
8. Redistribute remote site routes
advertised by the PE.
import-route protocol [ { process-id
|all-processes } [ med med-value |
route-policy route-policy-name ] * ]
By default, BGP does not
redistribute routes from any other
routing protocol.
9. (Optional.) Configure a
filtering policy to filter
advertised routes.
filter-policy { acl-number |
prefix-list prefix-list-name } export
[ protocol process-id ]
By default, BGP does not filter
advertised routes.
13
Ste
p
Command
Remarks
10. (Optional.) Configure a
filtering policy to filter
received routes.
filter-policy { acl-number |
prefix-list prefix-list-name } import
By default, BGP does not filter
received routes.
2. Configure the VPN site:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enable BGP and enter BGP
view. bgp as-number By default, BGP is disabled.
3. Configure the MCE as an
IBGP peer.
peer { group-name |ip-address }
as-number as-number
By default, no BGP peer or peer
group is configured.
4. Create and enter BGP-VPN
IPv4 address family view. ipv4-family [unicast ]N/A
5. Enable BGP to exchange IPv4
unicast routing information
with the specified peer or
peer group.
peer { group-name |ip-address }
enable
By default, BGP does not exchange
IPv4 unicast routing information
with any peer or peer group.
6. Redistribute the IGP routes of
the VPN.
import-route protocol [ { process-id
|all-processes } [ med med-value |
route-policy route-policy-name ] * ]
By default, BGP does not
redistribute any IGP routes.
A VPN site must advertise the VPN
network addresses it can reach to
the connected MCE.
Configuring routing between an MCE and a PE
MCE-PE routing configuration includes these tasks:
•Bind the MCE-PE interfaces to VPN instances
•Perform route configurations
•Redistribute VPN routes into the routing protocol running between the MCE and the PE.
Configuring static routing between an MCE and a PE
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Configure a static route
for a VPN instance.
ip route-static vpn-instance s-vpn-instance-name
dest-address { mask | mask-length } { next-hop-address
[ public ] [ track track-entry-number ] | interface-type
interface-number [ next-hop-address ] | vpn-instance
d-vpn-instance-name next-hop-address [ track
track-entry-number ] } [ permanent ] [ preference
preference-value ] [ tag tag-value ] [ description
description-text ]
By default, no static
route is configured.
3. (Optional.) Configure
the default preference for
static routes.
ip route-static default-preference
default-preference-value
The default setting
is 60.
14
Configuring RIP between an MCE and a PE
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Create a RIP process for
a VPN instance and
enter RIP view.
rip [ process-id ]vpn-instance
vpn-instance-name N/A
3. Enable RIP on the
interface attached to
the specified network.
network network-address By default, RIP is disabled on
an interface.
4. Redistribute the VPN
routes.
import-route protocol [process-id |
all-processes | allow-ibgp ] [ cost cost |
route-policy route-policy-name | tag tag ] *
By default, no route of any
other routing protocol is
redistributed into RIP.
5. (Optional.) Configure
the default cost value
for the redistributed
routes.
default cost value If you do not specify a default
cost, the default cost is 0.
Configuring OSPF between an MCE and a PE
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Create an OSPF process for a
VPN instance and enter OSPF
view.
ospf [ process-id | router-id
router-id | vpn-instance
vpn-instance-name ] *
N/A
3. Disable routing loop
detection. vpn-instance-capability simple
Routing loop detection is enabled.
You must disable routing loop
detection for a VPN OSPF process
on the MCE. Otherwise, the MCE
cannot receive OSPF routes from
the PE.
4. (Optional.) Configure the
OSPF domain ID. domain-id domain-id [ secondary ]
By default, the domain ID is 0.
5. (Optional.) Configure the type
codes of OSPF extended
community attributes.
ext-community-type { domain-id
type-code1 | router-id type-code2
|route-type type-code3 }
The defaults are as follows:
•0x0005 for Domain ID.
•0x0107 for Router ID.
•0x0306 for Route Type.
Other manuals for 10500 series
13
Table of contents
Other HP Network Router manuals
HP
HP ProCurve J9065A User manual
HP
HP VSR1000 User manual
HP
HP MSR SERIES Installation manual
HP
HP A8800 Series User manual
HP
HP A-MSR Series User manual
HP
HP A6602 User manual
HP
HP MSR SERIES Installation manual
HP
HP 1810 series User manual
HP
HP StoreOnce 2900 Manual
HP
HP Pavilion 8800 - Desktop PC User manual
HP
HP Wireless TV Connect Specification sheet
HP
HP 6125XLG User manual
HP
HP HP ProCurve Series 6600 User manual
HP
HP 12500 Series User manual
HP
HP MSR20-20 User manual
HP
HP A8800 Series Installation manual
HP
HP MSR930 3G User manual
HP
HP ProCurve Secure 7102dl Assembly instructions
HP
HP J8726A User manual
HP
HP 7000dl Series User manual
