Hp 10500 series User manual

HP 10500 Switch Series

MPLS

Configuration Guide

Part number: 5998-3861

Software version: Release 2105 and later

Document version: 6W100-20130515

Legal and notice information

No part of this documentation may be reproduced or transmitted in any form or by any means without

prior written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS

MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained

herein or for incidental or consequential damages in connection with the furnishing, performance, or

use of this material.

The only warranties for HP products and services are set forth in the express warranty statements

accompanying such products and services. Nothing herein should be construed as constituting an

additional warranty. HP shall not be liable for technical or editorial errors or omissions contained

herein.

Contents

Configuring MCE ························································································································································· 1

MCE overview ···································································································································································1

MPLS L3VPN overview·············································································································································1

MPLS L3VPN concepts ·············································································································································2

MCE···········································································································································································3

How MCE works ······················································································································································4

Configuring VPN instances on an MCE device·············································································································5

Configuring routing on an MCE device ·························································································································6

Configuration prerequisites ·····································································································································7

Configuring routing between an MCE and a VPN site························································································7

Configuring routing between an MCE and a PE ······························································································· 13

Displaying and maintaining MCE································································································································ 17

MCE configuration examples ······································································································································· 17

Using OSPF to advertise VPN routes to the PE··································································································· 17

Using BGP to advertise VPN routes to the PE····································································································· 23

Configuring IPv6 MCE···············································································································································28

Overview········································································································································································· 28

Configuring VPN instances on an IPv6 MCE device ································································································· 28

Creating a VPN instance······································································································································ 28

Associating a VPN instance with an interface ··································································································· 28

Configuring route attributes for a VPN instance ································································································ 29

Configuring routing on an IPv6 MCE device·············································································································· 30

Configuring routing between an IPv6 MCE and a VPN site ············································································ 30

Configuring routing between an IPv6 MCE and a PE······················································································· 35

Displaying information about IPv6 MCE ····················································································································· 38

IPv6 MCE configuration example································································································································· 38

Configuring basic MPLS ············································································································································45

Basic concepts ······················································································································································· 45

MPLS network architecture ··································································································································· 46

LSP establishment··················································································································································· 47

MPLS forwarding ··················································································································································· 48

PHP·········································································································································································· 48

Protocols and standards ······································································································································· 49

MPLS configuration task list··········································································································································· 49

Enabling MPLS································································································································································ 49

Configuring MPLS MTU ················································································································································· 50

Specifying the label type advertised by the egress···································································································· 50

Configuring TTL propagation········································································································································ 51

Enabling sending MPLS TTL-expired messages··········································································································· 52

Displaying and maintaining MPLS ······························································································································· 53

Configuring a static LSP·············································································································································54

Configuration prerequisites··········································································································································· 54

Configuration procedure··············································································································································· 54

Displaying static LSPs····················································································································································· 55

Static LSP configuration example ································································································································· 55

Configuring LDP ·························································································································································58

Terminology ··························································································································································· 58

LDP messages························································································································································· 58

LDP operation························································································································································· 59

Label distribution and control······························································································································· 60

LDP GR···································································································································································· 62

Protocols ································································································································································· 63

LDP configuration task list·············································································································································· 63

Enabling LDP··································································································································································· 64

Enabling LDP globally··········································································································································· 64

Enabling LDP on an interface······························································································································· 64

Configuring Hello parameters ······································································································································ 64

Configuring LDP session parameters···························································································································· 65

Configuring LDP backoff ··············································································································································· 66

Configuring LDP MD5 authentication ·························································································································· 67

Configuring an LSP generation policy ························································································································· 67

Configuring the LDP label distribution control mode·································································································· 68

Configuring a label advertisement policy ··················································································································· 68

Configuring a label acceptance policy ······················································································································· 69

Configuring LDP loop detection···································································································································· 70

Configuring LDP session protection······························································································································ 71

Configuring LDP GR······················································································································································· 72

Resetting LDP sessions···················································································································································· 72

Displaying and maintaining LDP ·································································································································· 72

LDP configuration examples·········································································································································· 73

LDP LSP configuration example···························································································································· 73

Label acceptance control configuration example ······························································································ 76

Label advertisement control configuration example ·························································································· 80

Configuring tunnel policies········································································································································85

Configuring a tunnel policy ·········································································································································· 85

Displaying tunnel information ······································································································································· 86

Tunnel policy configuration example ··························································································································· 86

Configuring MPLS L3VPN··········································································································································87

Basic MPLS L3VPN architecture··························································································································· 87

MPLS L3VPN route advertisement························································································································ 89

MPLS L3VPN packet forwarding·························································································································· 90

MPLS L3VPN networking schemes······················································································································· 91

Inter-AS VPN ·························································································································································· 93

Carrier's carrier ····················································································································································· 96

Nested VPN ··························································································································································· 98

HoVPN··································································································································································100

OSPF VPN extension···········································································································································102

BGP AS number substitution·······························································································································103

MPLS L3VPN configuration task list····························································································································104

Configuring basic MPLS L3VPN ·································································································································104

Configuring VPN instances ································································································································105

Configuring routing between a PE and a CE···································································································107

Configuring routing between PEs ······················································································································111

iii

Configuring BGP VPNv4 route control ·············································································································112

Configuring inter-AS VPN ···········································································································································114

Configuring inter-AS option A····························································································································114

Configuring inter-AS option B ····························································································································114

Configuring inter-AS option C····························································································································115

Configuring nested VPN··············································································································································117

Configuring HoVPN·····················································································································································118

Specifying the VPN label processing mode on the egress PE·················································································119

Configuring BGP AS number substitution··················································································································119

Displaying and maintaining MPLS L3VPN ················································································································120

MPLS L3VPN configuration examples························································································································121

Configuring basic MPLS L3VPN ························································································································121

Configuring an MPLS L3VPN over a GRE tunnel·····························································································129

Configuring MPLS L3VPN inter-AS option A ····································································································133

Configuring MPLS L3VPN inter-AS option B·····································································································138

Configuring MPLS L3VPN inter-AS option C ····································································································143

Configuring MPLS L3VPN carrier's carrier ·······································································································149

Configuring HoVPN ············································································································································167

Configuring BGP AS number substitution ·········································································································174

Configuring IPv6 MPLS L3VPN ······························································································································ 179

IPv6 MPLS L3VPN packet forwarding ···············································································································180

IPv6 MPLS L3VPN routing information advertisement ·····················································································180

IPv6 MPLS L3VPN network schemes and functions··························································································181

IPv6 MPLS L3VPN configuration task list ···················································································································181

Configuring basic IPv6 MPLS L3VPN·························································································································181

Configuring routing between a PE and a CE···································································································184

Configuring routing between PEs ······················································································································187

Configuring BGP VPNv6 route control ·············································································································188

Configuring inter-AS IPv6 VPN···································································································································189

Configuring inter-AS IPv6 VPN option A ··········································································································190

Configuring inter-AS IPv6 VPN option C ··········································································································190

Displaying and maintaining IPv6 MPLS L3VPN········································································································191

IPv6 MPLS L3VPN configuration examples ···············································································································193

Configuring IPv6 MPLS L3VPNs·························································································································193

Configuring an IPv6 MPLS L3VPN over a GRE tunnel ····················································································200

Configuring IPv6 MPLS L3VPN inter-AS option A····························································································204

Configuring IPv6 MPLS L3VPN inter-AS option C····························································································209

Configuring IPv6 MPLS L3VPN carrier's carrier·······························································································216

Configuring MPLS L2VPN······································································································································· 224

Hardware compatibility···············································································································································224

Basic concepts of MPLS L2VPN ·························································································································224

MPLS L2VPN network structure ··························································································································224

MPLS L2VPN connection establishment ············································································································225

Ethernet over MPLS··············································································································································226

PW redundancy···················································································································································226

Multi-segment PW················································································································································227

MPLS L2VPN configuration task list····························································································································229

Enabling L2VPN ···························································································································································230

Configuring an AC ······················································································································································230

Configuring a Layer 2 Ethernet interface··········································································································230

Configuring a service instance on a Layer 2 Ethernet interface·····································································231

Configuring a cross-connect ·······································································································································231

Configuring a PW························································································································································232

Configuring a PW class······································································································································232

Configuring a static PW ·····································································································································232

Configuring an LDP PW······································································································································232

Binding an AC to a cross-connect······························································································································233

Configuring PW redundancy······································································································································233

Configure static PW redundancy ······················································································································234

Configure LDP PW redundancy ·························································································································234

Displaying and maintaining MPLS L2VPN ················································································································235

MPLS L2VPN configuration examples························································································································235

Configuring an LDP PW (VLAN mode) ·············································································································240

Configuring an LDP PW (flexible mode)···········································································································244

Configuring LDP PW redundancy······················································································································248

Configuring an intra-domain multi-segment PW ······························································································253

Configuring an inter-domain multi-segment PW ······························································································257

Configuring VPLS ···················································································································································· 264

Basic VPLS architecture·······································································································································264

VPLS implementation···········································································································································265

PE dual homing····················································································································································267

VPLS configuration task list··········································································································································268

Configuring a VSI ························································································································································270

Binding an AC to a VSI···············································································································································271

Configuring PE dual homing·······································································································································272

Configuring a dual-homed PE with redundant static PWs ··············································································272

Configuring a dual-homed PE with redundant LDP PWs·················································································273

Configuring MAC address learning···························································································································273

Displaying and maintaining VPLS ······························································································································273

VPLS configuration examples······································································································································274

Static PW configuration example ······················································································································274

LDP PW configuration example ·························································································································278

Support and other resources ·································································································································· 283

Contacting HP ······························································································································································283

Subscription service ············································································································································283

Related information······················································································································································283

Documents····························································································································································283

Websites·······························································································································································283

Conventions ··································································································································································284

Index ········································································································································································ 286

Configuring MCE

This chapter covers Multi-VPN-Instance CE (MCE) configuration only. For information about routing

protocols, see Layer 3—IP Services Configuration Guide.

MCE overview

MPLS L3VPN overview

MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to

forward VPN packets over the service provider backbone.

MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS

QoS and MPLS TE.

MPLS L3VPN comprises the following types of devices:

•Customer edge (CE) device—A CE resides at the edge of a customer network and has one or more

interfaces directly connected to a service provider network. It can be a router, a switch, or a host.

It can neither "sense" the presence of any VPN nor does it need to support MPLS.

•Provider edge (PE) device—A PE resides at the edge of a service provider network and connects

one or more CEs. On an MPLS network, all VPN services are processed on the PEs.

•Provider (P) device—A P device is a core device on a service provider network. It is not directly

connected to any CE. It has only basic MPLS forwarding capability.

Figure 1 Network diagram for MPLS L3VPN

CEs and PEs mark the boundary between the service provider network and the customers.

After a CE establishes an adjacency with a directly connected PE, it advertises its VPN routes to the PE

and learns remote VPN routes from the PE. A CE and a PE can use BGP, an IGP, or static routing to

exchange routing information.

VPN 1

Site 1

VPN 2

Site 3

VPN 2

VPN 1

Site 2

Site 4

After a PE learns VPN routing information from a CE, it uses BGP to advertise the VPN routing information

to other PEs. A PE maintains routing information for only directly connected VPNs, rather than all VPNs

on the provider network.

A P router maintains only routes to PEs and does not deal with VPN routing information.

When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching

Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs.

MPLS L3VPN concepts

Site

A site has the following features:

•A site is a group of IP systems with IP connectivity that does not rely on any service provider network.

•The classification of a site depends on the topology relationship of the devices, rather than the

geographical positions, though the devices at a site are, in most cases, adjacent to each other

geographically.

•The devices at a site can belong to multiple VPNs, which means a site can belong to multiple VPNs.

•A site is connected to a provider network through one or more CEs. A site can contain many CEs,

but a CE can belong to only one site.

Sites connected to the same provider network can be classified into different sets by policies. Only the

sites in the same set can access each other through the provider network. Such a set is called a VPN.

Address space overlapping

Each VPN independently manages its address space.

The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on

subnet 10.110.10.0/24, address space overlapping occurs.

VPN instance

In MPLS VPN, routes of different VPNs are identified by VPN instance.

A PE creates and maintains a separate VPN instance for each directly connected site. Each VPN instance

contains the VPN membership and routing rules of the corresponding site. If a user at a site belongs to

multiple VPNs at the same time, the VPN instance of the site contains information about all the VPNs.

For independence and security of VPN data, each VPN instance on a PE maintains a routing table and

a label forwarding information base (LFIB). VPN instance information contains the following items: the

LFIB, IP routing table, interfaces bound to the VPN instance, and administration information of the VPN

instance. The administration information of the VPN instance includes the route distinguisher (RD), route

filtering policy, and member interface list.

VPN-IPv4 address

MPLS L3VPN adds an RD field before an IPv4 address to change the IPv4 address to a VPN-IPv4 address.

PEs use MP-BGP to advertise VPN routes with VPN-IPv4 addresses.

A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte

IPv4 address prefix.

Figure 2 VPN-IPv4 address structure

The MCE device does not support advertising VPN routes through MP-BGP. However, to run BGP VPN

instances on the MCE device, you must configure a unique RD for each VPN instance to distinguish

between the VPN instances.

An RD can be in one of the following formats distinguished by a 2-byte Type field:

•When the value of the Type field is 0, the Administrator subfield occupies two bytes, the Assigned

number subfield occupies four bytes, and the RD format is 16 - b i t A S n u m b e r :32-bit user-defined

number. For example, 100:1.

•When the value of the Type field is 1, the Administrator subfield occupies four bytes, the Assigned

number subfield occupies two bytes, and the RD format is 32-bit IPv4 address:16-bit user-defined

number. Fo r e xa m p l e , 172.1.1.1:1.

•When the value of the Type field is 2, the Administrator subfield occupies four bytes, the Assigned

number subfield occupies two bytes, and the RD format is 32-bit AS number:16-bit user-defined

number, where the minimum value of the AS number is 65536. For example, 65536:1.

To guarantee global uniqueness for an RD, do not set the Administrator subfield to any private AS

number or private IP address.

Route target attributes

MPLS L3VPN uses the BGP extended community attributes called route target attributes or route target

attributes, to control the advertisement of VPN routing information.

A VPN instance on a PE supports the following types of route target attributes:

•Export target attribute—A PE sets the export attribute for VPN-IPv4 routes learned from directly

connected sites before advertising them to other PEs.

•Import target attribute—A PE checks the export target attribute of VPN-IPv4 routes received from

other PEs. If the export target attribute matches the import target attribute of the VPN instance, the

PE adds the routes to the VPN routing table.

In other words, route target attributes define which sites can receive a VPN-IPv4 route, and from which

sites that a PE can receive routes.

Similar to RDs, route target attributes can be one of the following formats:

•16 - b i t A S n u m b e r :32-bit user-defined number. For example, 100:1.

•32-bit IPv4 address:16-bit user-defined number. Fo r e x a mp l e , 172.1.1.1:1.

•32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536.

For example, 65536:1.

MCE

BGP/MPLS VPN transmits private network data through MPLS tunnels over the public network. However,

the traditional MPLS L3VPN architecture requires each VPN instance use an exclusive CE to connect to a

PE, as shown in Figure 1.

For better services and higher security, a private network is usually divided into multiple VPNs to isolate

services. To meet these requirements, you can configure a CE for each VPN, which increases device

expenses and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same

routing table, which sacrifices data security.

Using the Multi-VPN-Instance CE (MCE) function, you can remove the contradiction of low cost and high

security in multi-VPN networks. MCE allows you to bind each VPN with a VLAN interface. The MCE

creates and maintains a separate routing table for each VPN. This separates the forwarding paths for

packets of different VPNs and, in conjunction with the PE, can correctly advertise the routes of each VPN

to the peer PE, ensuring the normal transmission of VPN packets over the public network.

How MCE works

Figure 3 describes how an MCE maintains the routing tables for multiple VPNs and exchanges VPN

routes with PEs.

Figure 3 Network diagram for the MCE function

On the left-side network, there are two VPN sites, both of which are connected to the MPLS backbone

through the MCE device. VPN 1 and VPN 2 on the left-side network must establish a tunnel with VPN 1

and VPN 2 on the right-side network, respectively.

The MCE creates a routing table for VPN 1 and VPN 2 respectively. VLAN-interface 2 is bound to VPN

1 and VLAN-interface 3 is bound to VPN 2. Upon receiving a route, the MCE determines the source of

the route according to the number of the receiving interface, and adds it to the corresponding routing

table.

You must also bind PE 1' interfaces connected to the MCE to the VPNs in the same way. The MCE

connects to PE 1 through a trunk link, which permits packets of VLAN 2 and VLAN 3 with VLAN tags

carried. In this way, PE 1 can determine the VPN a received packet belongs to according to the VLAN

tag of the packet and sends the packet through the corresponding tunnel.

NOTE:

You can configure the DHCP server or DHCP relay agent on the MCE to assign IP addresses for private

DHCP clients, but the IP address spaces for different private networks cannot overlap.

Other manuals for 10500 series

Table of contents

Other HP Network Router manuals

HP MSR SERIES User manual

HP ProCurve 1410-24G User manual

HP VSR1000 User manual

HP FlexNetwork HSR6800 User manual

HP FlexNetwork MSR3064 User manual

HP Pavilion 8800 - Desktop PC User manual

HP Compaq Presario,Presario 650 User manual

HP StorageWorks SR2122-2 How to use

HP Pavilion a6600 User manual

HP FlexNetwork 6616 User manual

HP MSR2000 Series User manual

HP StorageWorks SR2122 User manual

HP N1200 - StorageWorks Network Storage Router User manual

HP A8800 Series User manual

HP A5830 Series User manual

HP StorageWorks M2402 User manual

HP ProCurve 2510G Series User manual

HP R100-Series Instruction Manual

HP MSR930 Series Assembly instructions

HP A8800 Series Installation manual

HP FlexNetwork HSR6800 User manual

HP SCSI-Fibre Channel Router User manual

HP FlexNetwork HSR6802 User manual

HP MSR ASM User manual

Popular Network Router manuals by other brands

TRENDnet

TRENDnet TEW-435BRM - 54MBPS 802.11G Adsl Firewall M Quick installation guide

Siemens

Siemens SIMOTICS CONNECT 400 manual

Alfa Network

Alfa Network ADS-R02 Specifications

Barracuda Networks

Barracuda Networks Link Balancer quick start guide

ZyXEL Communications

ZyXEL Communications ES-2024PWR Support notes

HPE

HPE FlexNetwork 5510 HI Series Openflow configuration guide

Allied Telesis

Allied Telesis AT-AR236E quick start guide

ADTRAN

ADTRAN NetVanta 3458-PoE quick start

C&H Technologies

C&H Technologies EM405-8 manual

Huawei

Huawei WiFi Mesh 3 Product description

Addonics Technologies

Addonics Technologies ISC8P2G-S Quick install guide

Atel

Atel W02 Arch+ Faqs

Allnet

Allnet ALL0333AU user guide

Sercomm

Sercomm Genesis OC3505D Quick installation guide

Billion

Billion BIPAC 5102 Series user manual

TP-Link

TP-Link TD-8817 QIG

Motorola

Motorola MR1900 user guide

Cisco

Cisco SOHO Series Regulatory compliance and safety information

HP 10500 series User manual

Popular Network Router manuals by other brands