HP FlexFabric 5940 User manual
HPE FlexFabric 5940 Switch Series
MCE Configuration Guide
Part number: 5200-1024a
Software version: Release 2508 and later verison
Document version: 6W101-20161101
© Copyright 2016 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are trademarks of the Microsoft group of companies.
Adobe® andAcrobat® are trademarks ofAdobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
i
Contents
Configuring MCE·····························································································1
MPLS L3VPN overview······································································································································1
Basic MPLS L3VPN architecture ···············································································································1
MPLS L3VPN concepts······························································································································1
MCE overview····················································································································································3
MCE configuration task list ································································································································4
Configuring VPN instances································································································································4
Creating a VPN instance····························································································································5
Associating a VPN instance with an interface····························································································5
Configuring route related attributes for a VPN instance·············································································5
Configuring routing on an MCE··························································································································6
Configuring routing between an MCE and a VPN site···············································································6
Configuring routing between an MCE and a PE ······················································································11
Displaying and maintaining MCE·····················································································································14
MCE configuration examples···························································································································14
Configuring the MCE that uses OSPF to advertise VPN routes to the PE···············································14
Configuring the MCE that uses EBGP to advertise VPN routes to the PE ··············································19
Configuring IPv6 MCE ··················································································23
IPv6 MPLS L3VPN overview ···························································································································23
IPv6 MCE overview··········································································································································23
IPv6 MCE configuration task list ······················································································································23
Configuring VPN instances······························································································································24
Creating a VPN instance··························································································································24
Associating a VPN instance with an interface··························································································24
Configuring route related attributes for a VPN instance···········································································25
Configuring routing on an MCE························································································································25
Configuring routing between an MCE and a VPN site·············································································26
Configuring routing between an MCE and a PE ······················································································30
Displaying and maintaining IPv6 MCE·············································································································33
IPv6 MCE configuration example·····················································································································33
Network requirements······························································································································33
Configuration procedure···························································································································34
Verifying the configuration························································································································38
Document conventions and icons·································································40
Conventions·····················································································································································40
Network topology icons····································································································································41
Support and other resources ········································································42
Accessing Hewlett Packard Enterprise Support ······························································································42
Accessing updates···········································································································································42
Websites ··················································································································································43
Customer self repair·································································································································43
Remote support········································································································································43
Documentation feedback ·························································································································43
Index·············································································································45
1
Configuring MCE
This chapter describes MCE configuration.
MPLS L3VPN overview
MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites.
MPLS L3VPN uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a
service provider backbone.
Basic MPLS L3VPN architecture
A basic MPLS L3VPN architecture has the following types of devices:
•Customer edge device—ACE device resides on a customer network and has one or more
interfaces directly connected to a service provider network. It does not support MPLS.
•Provider edge device—APE device resides at the edge of a service provider network and is
connected to one or more CEs.All MPLS VPN services are processed on PEs.
•Provider device—A P device is a core device on a service provider network. It is not directly
connected to any CEs. A P device has only basic MPLS forwarding capability and does not
handle VPN routing information.
Figure 1 Basic MPLS L3VPN architecture
MPLS L3VPN concepts
Site
A site has the following features:
•A site is a group of IP systems with IP connectivity that does not rely on any service provider
networks.
VPN 1
CE
Site 1
VPN 2
CE
CE
CE
Site 3
VPN 2
PE
VPN 1
Site 2
Site 4
PE
PE
PP
PP
2
•The classification of a site depends on the topology relationship of the devices, rather than the
geographical positions. However, the devices at a site are, in most cases, adjacent to each
other geographically.
•The devices at a site can belong to multiple VPNs, which means that a site can belong to
multiple VPNs.
•A site is connected to a provider network through one or more CEs. A site can contain multiple
CEs, but a CE can belong to only one site.
Sites connected to the same provider network can be classified into different sets by policies. Only
the sites in the same set can access each other through the provider network. Such a set is called a
VPN.
VPN instance
VPN instances implement route isolation, data independence, and data security for VPNs.
A VPN instance has the following components:
•A separate Label Forwarding Information Base (LFIB).
•An IP routing table.
•Interfaces bound to the VPN instance.
•VPN instance administration information, including route distinguishers (RDs), route targets
(RTs), and route filtering policies.
To associate a site with a VPN instance, bind the VPN instance to the PE's interface connected to the
site. Asite can be associated with only one VPN instance, and different sites can be associated with
the same VPN instance. A VPN instance contains the VPN membership and routing rules of
associated sites.
VPN-IPv4 address
Each VPN independently manages its address space. The address spaces of VPNs might overlap.
For example, if both VPN 1 and VPN 2 use the addresses on subnet 10.110.10.0/24, address space
overlapping occurs.
BGP cannot process overlapping VPN address spaces. For example, if both VPN 1 and VPN 2 use
the subnet 10.110.10.0/24 and each advertise a route destined for the subnet, BGPselects only one
of them. This results in the loss of the other route.
Multiprotocol BGP (MP-BGP) can solve this problem by advertising VPN-IPv4 addresses (also
called VPNv4 addresses).
As shown in Figure 2, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the
RD, followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix.
Figure 2 VPN-IPv4 address structure
An RD can be in one of the following formats:
•When the Type field is 0, the Administrator subfield occupies two bytes, theAssigned number
subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined
number. For example, 100:1.
•When the Type field is 1, the Administrator subfield occupies four bytes, theAssigned number
subfield occupies two bytes, and the RD format is 32-bit IPv4 address:16-bit user-defined
number. For example, 172.1.1.1:1.
Type
2 bytes 4 bytes
IPv4 address prefix
6 bytes
Route Distinguisher (8 bytes)
Assigned number subfieldAdministrator subfield
3
•When the Type field is 2, the Administrator subfield occupies four bytes, theAssigned number
subfield occupies two bytes, andthe RD format is 32-bit AS number:16-bit user-defined number,
where the minimum value of theAS number is 65536. For example, 65536:1.
To guarantee global uniqueness for a VPN-IPv4 address, do not set the Administrator subfield to any
private AS number or private IP address.
Route target attribute
MPLS L3VPN uses route target community attributes to control the advertisement of VPN routing
information. A VPN instance on a PE supports the following types of route target attributes:
•Export target attribute—A PE sets the export target attribute for VPN-IPv4 routes learned
from directly connected sites before advertising them to other PEs.
•Import target attribute—APE checks the export target attribute of VPN-IPv4 routes received
from other PEs. If the export target attribute matches the import target attribute of a VPN
instance, the PE adds the routes to the routing table of the VPN instance.
Route target attributes define which sites can receive VPN-IPv4 routes, and from which sites a PE
can receive routes.
Like RDs, route target attributes can be one of the following formats:
•16-bit AS number:32-bit user-defined number. For example, 100:1.
•32-bit IPv4 address:16-bit user-defined number. For example, 172.1.1.1:1.
•32-bit AS number:16-bit user-defined number, where the minimum value of theAS number is
65536. For example, 65536:1.
MCE overview
The Multi-VPN Instance CE (MCE) feature allows you to create multiple VPN instances on a CE. The
VPN instances each have an independent routing table and an address space to achieve service
isolation.
As shown in Figure 3, the MCE exchanges private routes with VPN sites and PE 1, and adds the
private routes to the routing tables of corresponding VPN instances.
•Route exchange between MCE and VPN site—Create VPN instances VPN 1 and VPN 2 on
the MCE. Bind VLAN-interface 2 to VPN 1, and VLAN-interface 3 to VPN 2. The MCE adds a
received route to the routing table of the VPN instance that is bound to the receiving interface.
•Route exchange between MCE and PE—The MCE connects to PE 1 through a trunk link that
permits VLAN 2 and VLAN 3. On PE 1, create VPN instances VPN 1 and VPN 2. Bind
VLAN-interface 2 to VPN 1, and VLAN-interface 3 to VPN 2. The MCE and PE add a received
route to the routing table of the VPN instance that is bound to the receiving interface.
4
Figure 3 Network diagram for the MCE feature
You can configure static routes, RIP, OSPF, IS-IS, EBGP, or IBGP between an MCE and a VPN site
and between an MCE and a PE.
NOTE:
To implement dynamic IP assignment for DHCP clients in private networks, you can configure
DHCP server or DHCP relay agent on the MCE. When the MCE functions as the DHCP server, the
IP addresses assigned to different private networks cannot overlap.
MCE configuration task list
Tasks at a glance
Configuring VPN instances:
(Required.) Creating a VPN instance
(Required.) Associating a VPN instance with an interface
(Optional.) Configuring route related attributes for a VPN instance
Configuring routing on an MCE:
(Required.) Configuring routing between an MCE and a VPN site
(Required.) Configuring static routing between an MCE and a PE
Configuring VPN instances
VPN instances isolate VPN routes from public network routes and routes among VPNs. This feature
allows VPN instances to be used in network scenarios in addition to MPLS L3VPNs.
All VPN instance configurations are performed on PEs or MCEs.
5
Creating a VPN instance
AVPN instance is a collection of the VPN membership and routing rules of its associated site. AVPN
instance might correspond to more than one VPN.
To create and configure a VPN instance:
Step Command Remarks
1. Enter system view. system-view N/A
2. Create a VPN instance and
enter VPN instance view. ip vpn-instance
vpn-instance-name By default, no VPN instances
exist.
3. Configure an RD for the VPN
instance. route-distinguisher
route-distinguisher By default, no RD is configured for
a VPN instance.
4. (Optional.) Configure a
description for the VPN
instance. description text By default, no description is
configured for a VPN instance.
5. (Optional.) Configure a VPN
ID for the VPN instance. vpn-id vpn-id By default, no VPN ID is
configured for a VPN instance.
Associating a VPN instance with an interface
After creating and configuring a VPN instance, associate the VPN instance with the interface
connected to the CE.
To associate a VPN instance with an interface:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter interface view. interface interface-type
interface-number N/A
3. Associate a VPN instance
with the interface. ip binding vpn-instance
vpn-instance-name
By default, an interface is not
associated with a VPN instance
and belongs to the public network.
The ip binding vpn-instance
command deletes the IP address
of the current interface. You must
reconfigure an IP address for the
interface after configuring the
command.
Configuring route related attributes for a VPN instance
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter VPN instance
view or VPN instance
IPv4 VPN view.
•Enter VPN instance view:
ip vpn-instance
vpn-instance-name
•Enter VPN instance IPv4 VPN
view:
a. ip vpn-instance
vpn-instance-name
Configurations made in VPN
instance view apply to both IPv4
VPN and IPv6 VPN.
IPv4 VPN prefers the
configurations in VPN instance
IPv4 VPN view over the
configurations in VPN instance
6
Step Command Remarks
b. address-family ipv4 view.
3. Configure route targets. vpn-target vpn-target&<1-8> [ both |
export-extcommunity |
import-extcommunity ]
By default, no route targets are
configured.
4. Set the maximum
number of active routes. routing-table limit number
{ warn-threshold | simply-alert }
By default, the number of active
routes ain a VPN instance is not
limited.
Setting the maximum number of
active routes for a VPN instance
can prevent the PE from learning
too many routes.
5. Apply an import routing
policy. import route-policy route-policy
By default, all routes matching the
import target attribute are
accepted.
The specified routing policy must
have been created.
For information about routing
policies, see Layer 3—IP Routing
Configuration Guide.
6. Apply an export routing
policy. export route-policy route-policy
By default, routes to be advertised
are not filtered.
The specified routing policy must
have been created.
For information about routing
policies, see Layer 3—IP Routing
Configuration Guide.
Configuring routing on an MCE
MCE implements service isolation through route isolation. MCE routing configuration includes the
following:
•MCE-VPN site routing configuration.
•MCE-PE routing configuration.
On the PE, perform the following tasks:
•Disable routing loop detection to avoid route loss during route calculation.
•Disable route redistribution between routing protocols to save system resources.
Before you configure routing on an MCE, configure VPN instances, and bind the VPN instances to
the interfaces connected to the VPN sites and the PE.
Configuring routing between an MCE and a VPN site
You can configure static routing, RIP, OSPF, IS-IS, EBGP or IBGP between an MCE and a VPN site.
Configuring static routing between an MCE and a VPN site
An MCE can reach a VPN site through a static route. Static routing on a traditional CE is globally
effective and does not support address overlapping among VPNs. An MCE supports binding a static
route to a VPN instance, so that the static routes of different VPN instances can be isolated from
each other.
To configure a static route to a VPN site:
7
Step Command Remarks
1. Enter system view. system-view N/A
2. Configure a static
route for a VPN
instance.
ip route-static vpn-instance s-vpn-instance-name
dest-address { mask-length | mask } { interface-type
interface-number [ next-hop-address ] |
next-hop-address [ public ] [ track
track-entry-number ] | vpn-instance
d-vpn-instance-name next-hop-address [ track
track-entry-number ] } [ permanent ] [ preference
preference ] [ tag tag-value ] [ description text ]
By default, no static
routes are configured.
Perform this
configuration on the
MCE. On the VPN
site, configure a
common static route.
3. (Optional.) Configure
the default preference
for static routes. ip route-static default-preference
default-preference The default
preference is 60.
Configuring RIP between an MCE and a VPN site
A RIP process belongs to the public network or a single VPN instance. If you create a RIP process
without binding it to a VPN instance, the process belongs to the public network. Binding RIP
processes to VPN instances can isolate routes of different VPNs. For more information about RIP,
see Layer 3—IP Routing Configuration Guide.
To configure RIP between an MCE and a VPN site:
Step Command Remarks
1. Enter system view. system-view N/A
2. Create a RIP process for a
VPN instance and enter RIP
view. rip [ process-id ] vpn-instance
vpn-instance-name
Perform this configuration on the
MCE. On a VPN site, create a
common RIP process.
3. Enable RIP on the interface
attached to the specified
network. network network-address By default, RIP is disabled on an
interface.
4. Redistribute remote site
routes advertised by the PE
into RIP.
import-route protocol
[process-id | all-processes |
allow-ibgp ] [ allow-direct | cost
cost-value | route-policy
route-policy-name | tag tag ] *
By default, no route is
redistributed into RIP.
Configuring OSPF between an MCE and a VPN site
An OSPF process belongs to the public network or a single VPN instance. If you create an OSPF
process without binding it to a VPN instance, the process belongs to the public network.
Binding OSPF processes to VPN instances can isolate routes of different VPNs. For more
information about OSPF, see Layer 3—IP Routing Configuration Guide.
To configure OSPF between an MCE and a VPN site:
Step Command Remarks
1. Enter system view. system-view N/A
2. Create an OSPF process for
a VPN instance and enter
OSPF view.
ospf [ process-id | router-id
router-id | vpn-instance
vpn-instance-name ] *
Perform this configuration on the
MCE. On a VPN site, create a
common OSPF process.
An OSPF process bound to a VPN
instance does not use the public
network router ID configured in
system view. Therefore, configure
8
Step Command Remarks
a router ID for the OSPF process.
An OSPF process can belong to
only one VPN instance, but one
VPN instance can use multiple
OSPF processes to advertise
VPN routes.
3. Redistribute remote site
routes advertised by the PE
into OSPF.
import-route protocol
[ process-id |all-processes |
allow-ibgp ] [ allow-direct | cost
cost-value | nssa-only |
route-policy route-policy-name |
tag tag | type type ] *
By default, no routes are
redistributed into OSPF.
4. Create an OSPF area and
enter OSPF area view. area area-id By default, no OSPF areas exist.
5. Enable OSPF on the
interface attached to the
specified network in the area. network ip-address
wildcard-mask
By default, an interface neither
belongs to any area nor runs
OSPF.
Configuring IS-IS between an MCE and a VPN site
An IS-IS process belongs to the public network or a single VPN instance. If you create an IS-IS
process without binding it to a VPN instance, the process belongs to the public network.
Binding IS-IS processes to VPN instances can isolate routes of different VPNs. For more information
about IS-IS, see Layer 3—IP Routing Configuration Guide.
To configure IS-IS between an MCE and a VPN site:
Step Command Remarks
1. Enter system view. system-view N/A
2. Create an IS-IS process for a
VPN instance and enter
IS-IS view. isis [ process-id ] vpn-instance
vpn-instance-name
Perform this configuration on the
MCE. On a VPN site, configure a
common IS-IS process.
3. Configure a network entity
title. network-entity net By default, no NET is configured.
4. Create the IS-IS IPv4 unicast
address family and enter its
view. address-family ipv4 [ unicast ] By default, the IS-IS IPv4 unicast
address family is not created.
5. Redistribute remote site
routes advertised by the PE
into IS-IS.
import-route protocol
[ process-id | all-processes |
allow-ibgp ] [ allow-direct | cost
cost-value | cost-type { external |
internal } | [ level-1 | level-1-2 |
level-2 ] | route-policy
route-policy-name | tag tag ] *
By default, IS-IS does not
redistribute routes from any other
routing protocol.
If you do not specify the route
level in the command, the
command redistributes routes to
the level-2 routing table by
default.
6. Return to system view. quit N/A
7. Enter interface view. interface interface-type
interface-number N/A
8. Enable the IS-IS process on
the interface. isis enable [ process-id ] By default, no IS-IS process is
enabled on the interface.
9
Configuring EBGP between an MCE and a VPN site
To run EBGP between an MCE and a VPN site, you must configure a BGP peer for each VPN
instance on the MCE, and redistribute the IGP routes of each VPN instance on the VPN site.
1. Configure the MCE:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter BGP instance view. bgp as-number [ instance
instance-name ]
[ multi-session-thread ]
By default, BGP is not
enabled.
3. Enter BGP-VPN instance
view. ip vpn-instance
vpn-instance-name
Configuration commands in
BGP-VPN instance view are
the same as those in BGP
instance view. For more
information, see Layer 3—IP
Routing Configuration Guide.
4. Configure an EBGP peer. peer { group-name |ipv4-address
[ mask-length ] } as-number
as-number
By default, no BGP peers or
peer groups exist.
5. Enter BGP-VPN IPv4
unicast address family
view. address-family ipv4 [unicast ]N/A
6. Enable BGP to exchange
IPv4 unicast routes with
the peer. peer { group-name |ipv4-address
[ mask-length ] } enable
By default, BGP does not
exchange IPv4 unicast routes
with any peer.
7. Allow the local AS
number to appear in the
AS_PATH attribute of
routes received from the
peer, and set the
maximum number of
repetitions.
peer { group-name |ipv4-address
[ mask-length ] } allow-as-loop
[ number ]
By default, BGP discards
incoming route updates that
contain the local AS number.
8. Redistribute remote site
routes advertised by the
PE into BGP.
import-route protocol [ { process-id
|all-processes } [ allow-direct |
med med-value | route-policy
route-policy-name ] * ]
By default, no routes are
redistributed into BGP.
2. Configure a VPN site:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter BGP instance view. bgp as-number [ instance
instance-name ]
[ multi-session-thread ] By default, BGP is not enabled.
3. Configure the MCE as an
EBGP peer. peer { group-name |
ipv4-address [ mask-length ] }
as-number as-number
By default, no BGP peers or
peer groups exist.
4. Enter BGP-VPN IPv4
unicast address family
view. address-family ipv4 [ unicast ] N/A
5. Enable BGP to exchange
IPv4 unicast routes with the
peer.
peer { group-name |
ipv4-address [ mask-length ] }
enable
By default, BGP does not
exchange IPv4 unicast routes
with any peer.
10
Step Command Remarks
6. Redistribute the IGP routes
of the VPN into BGP.
import-route protocol
[ { process-id | all-processes }
[allow-direct | med med-value
| route-policy
route-policy-name ] * ]
By default, no routes are
redistributed into BGP.
A VPN site must advertise the
VPN network addresses it can
reach to the connected MCE.
Configuring IBGP between MCE and VPN site
To run IBGP between an MCE and a VPN site, you must configure a BGP peer for each VPN
instance on the MCE, and redistribute the IGP routes of each VPN instance on the VPN site.
1. Configure the MCE:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter BGP instance view. bgp as-number [ instance
instance-name ]
[ multi-session-thread ] By default, BGP is not enabled.
3. Enter BGP-VPN instance
view. ip vpn-instance
vpn-instance-name N/A
4. Configure an IBGP peer. peer { group-name |
ipv4-address [ mask-length ] }
as-number as-number
By default, no BGP peers or
peer groups exist.
5. Enter BGP-VPN IPv4
unicast address family
view. address-family ipv4 [unicast ]N/A
6. Enable BGP to exchange
IPv4 unicast routes with the
peer.
peer { group-name |
ipv4-address [ mask-length ] }
enable
By default, BGP does not
exchange IPv4 unicast routes
with any peer.
7. (Optional.) Configure the
system to be the RR, and
specify the peer as the
client of the RR.
peer { group-name |
ipv4-address [ mask-length ] }
reflect-client
By default, no RR or RR client is
configured.
After you configure a VPN site
as an IBGP peer, the MCE does
not advertise the BGP routes
learned from the VPN site to
other IBGP peers, including
VPNv4 peers. The MCE
advertises routes learned from a
VPN site only when you
configure the VPN site as a
client of the RR (the MCE).
8. Redistribute remote site
routes advertised by the
PE into BGP.
import-route protocol
[ process-id | all-processes ]
[ allow-direct | med med-value
| route-policy
route-policy-name ] *
By default, no routes are
redistributed into BGP.
2. Configure a VPN site:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter BGP instance view. bgp as-number [ instance
instance-name ]
[ multi-session-thread ] By default, BGP is not enabled.
11
Step Command Remarks
3. Configure the MCE as an
IBGP peer. peer { group-name |
ipv4-address [ mask-length ] }
as-number as-number
By default, no BGP peers or
peer groups exist.
4. Enter BGP-VPN IPv4
unicast address family
view. address-family ipv4 [unicast ]N/A
5. Enable BGP to exchange
IPv4 unicast routes with the
peer.
peer { group-name |
ipv4-address [ mask-length ] }
enable
By default, BGP does not
exchange IPv4 unicast routes
with any peer.
6. Redistribute the IGP routes
of the VPN into BGP.
import-route protocol
[ { process-id | all-processes }
[allow-direct | med med-value
| route-policy
route-policy-name ] * ]
By default, no routes are
redistributed into BGP.
A VPN site must advertise VPN
network addresses to the
connected MCE.
Configuring routing between an MCE and a PE
MCE-PE routing configuration includes these tasks:
•Binding the MCE-PE interfaces to VPN instances.
•Performing route configurations.
•Redistributing VPN routes into the routing protocol running between the MCE and the PE.
Perform the following configurations on the MCE. For information about configuring the PE, see the
documentation for the PE.
Configuring static routing between an MCE and a PE
Step Command Remarks
1. Enter system view. system-view N/A
2. Configure a static route
for a VPN instance.
ip route-static vpn-instance s-vpn-instance-name
dest-address { mask-length | mask } { interface-type
interface-number [ next-hop-address ] |
next-hop-address [ public ] [ track
track-entry-number ] | vpn-instance
d-vpn-instance-name next-hop-address [ track
track-entry-number ] } [ permanent ] [ preference
preference ] [ tag tag-value ] [ description text ]
By default, no
static routes are
configured.
3. (Optional.) Set the
default preference for
static routes. ip route-static default-preference
default-preference The default
preference is 60.
Configuring RIP between an MCE and a PE
Step Command Remarks
1. Enter system view. system-view N/A
2. Create a RIP process for
a VPN instance and enter
RIP view. rip [ process-id ] vpn-instance
vpn-instance-name N/A
3. Enable RIP on the
interface attached to the
specified network. network network-address By default, RIP is disabled on
an interface.
4. Redistribute the VPN import-route protocol [ process-id | By default, no routes are
12
Step Command Remarks
routes. all-processes | allow-ibgp ]
[ allow-direct | cost cost-value |
route-policy route-policy-name | tag tag ]
*
redistributed into RIP.
Configuring OSPF between an MCE and a PE
Step Command Remarks
1. Enter system view. system-view N/A
2. Create an OSPF process for
a VPN instance and enter
OSPF view.
ospf [ process-id | router-id
router-id | vpn-instance
vpn-instance-name ] * N/A
3. Disable routing loop
detection. vpn-instance-capability simple
By default, routing loop detection
is enabled.
You must disable routing loop
detection for a VPN OSPF
process on the MCE. Otherwise,
the MCE does not receive OSPF
routes from the PE.
4. Redistribute the VPN routes.
import-route protocol
[ process-id |all-processes |
allow-ibgp ] [ allow-direct | cost
cost-value | nssa-only |
route-policy route-policy-name |
tag tag | type type ] *
By default, no routes are
redistributed into OSPF.
5. Create an OSPF area and
enter OSPF area view. area area-id By default, no OSPF areas exist.
6. Enable OSPF on the
interface attached to the
specified network in the area. network ip-address
wildcard-mask
By default, an interface neither
belongs to any area nor runs
OSPF.
Configuring IS-IS between an MCE and a PE
Step Command Remarks
1. Enter system view. system-view N/A
2. Create an IS-IS
process for a VPN
instance and enter
IS-IS view.
isis [ process-id ] vpn-instance
vpn-instance-name N/A
3. Configure a network
entity title. network-entity net By default, no NET is configured.
4. Create the IS-IS IPv4
unicast address family
and enter its view. address-family ipv4 [ unicast ] By default, the IS-IS IPv4 unicast
address family is not created.
5. Redistribute VPN
routes.
import-route protocol [ process-id |
all-processes |allow-ibgp ]
[ allow-direct | cost cost-value |
cost-type { external | internal } |
[ level-1 | level-1-2 | level-2 ] |
route-policy route-policy-name | tag
tag ] *
By default, IS-IS does not
redistribute routes from any other
routing protocol.
If you do not specify the route level
in the command, the command
redistributes routes to the level-2
routing table by default.
6. Return to system view. quit N/A
13
Step Command Remarks
7. Enter interface view. interface interface-type
interface-number N/A
8. Enable the IS-IS
process on the
interface. isis enable [ process-id ] By default, no IS-IS process is
enabled on the interface.
Configuring EBGP between an MCE and a PE
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter BGP instance
view. bgp as-number [ instance instance-name ]
[ multi-session-thread ] By default, BGP is not
enabled.
3. Enter BGP-VPN
instance view. ip vpn-instance vpn-instance-name N/A
4. Configure the PE as an
EBGP peer. peer { group-name | ipv4-address
[ mask-length ] } as-number as-number By default, no BGP peers or
peer groups exist.
5. Enter BGP-VPN IPv4
unicast address family
view. address-family ipv4 [unicast ]N/A
6. Enable BGP to
exchange IPv4 unicast
routes with the peer. peer { group-name | ipv4-address
[ mask-length ] } enable
By default, BGP does not
exchange IPv4 unicast routes
with any peer.
7. Redistribute the VPN
routes of the VPN site.
import-route protocol [ process-id |
all-processes ] [ allow-direct | med
med-value | route-policy
route-policy-name ] *
By default, no routes are
redistributed into BGP.
Configuring IBGP between an MCE and a PE
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter BGP instance view. bgp as-number [ instance
instance-name ]
[ multi-session-thread ]
By default, BGP is not
enabled.
3. Enter BGP-VPN instance
view. ip vpn-instance vpn-instance-name N/A
4. Configure the PE as an IBGP
peer. peer { group-name | ipv4-address
[ mask-length ] } as-number
as-number
By default, no BGP peers or
peer groups exist.
5. Enter BGP-VPN IPv4 unicast
address family view. address-family ipv4 [ unicast ] N/A
6. Enable BGP to exchange
IPv4 unicast routes with the
peer. peer { group-name | ipv4-address
[ mask-length ] } enable
By default, BGP does not
exchange IPv4 unicast routes
with any peer.
7. Redistribute the VPN routes
of the VPN site.
import-route protocol [ process-id |
all-processes ] [ allow-direct | med
med-value | route-policy
route-policy-name ] *
By default, no routes are
redistributed into BGP.
14
Displaying and maintaining MCE
Execute display commands in any view.
Task Command
Display VPN instance information. display ip vpn-instance [ instance-name vpn-instance-name ]
For commands that display routing tables for VPN instances, see Layer 3—IP Routing Command
Reference.
MCE configuration examples
Configuring the MCE that uses OSPF to advertise VPN
routes to the PE
Network requirements
As shown in Figure 4, VPN 2 runs OSPF. Configure the MCE device to separate routes from different
VPNs and to advertise the VPN routes to PE 1 through OSPF.
Figure 4 Network diagram
Configuration procedure
Assume that the system name of the MCE device is MCE, the system names of the edge devices of
VPN 1 and VPN 2 are VR 1 and VR 2, respectively, and the system name of PE 1 is PE1.
1. Configure the VPN instances on the MCE and PE 1:
15
# On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets
for each VPN instance.
<MCE> system-view
[MCE] ip vpn-instance vpn1
[MCE-vpn-instance-vpn1] route-distinguisher 10:1
[MCE-vpn-instance-vpn1] vpn-target 10:1
[MCE-vpn-instance-vpn1] quit
[MCE] ip vpn-instance vpn2
[MCE-vpn-instance-vpn2] route-distinguisher 20:1
[MCE-vpn-instance-vpn2] vpn-target 20:1
[MCE-vpn-instance-vpn2] quit
# Bind VLAN-interface 10 to VPN instance vpn1, and configure an IP address for the VLAN
interface.
[MCE] interface vlan-interface 10
[MCE-Vlan-interface10] ip binding vpn-instance vpn1
[MCE-Vlan-interface10] ip address 10.214.10.3 24
[MCE-Vlan-interface10] quit
# Bind VLAN-interface 20 to VPN instance vpn2, and configure an IP address for the VLAN
interface.
[MCE] interface vlan-interface 20
[MCE-Vlan-interface20] ip binding vpn-instance vpn2
[MCE-Vlan-interface20] ip address 10.214.20.3 24
[MCE-Vlan-interface20] quit
# On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for
each VPN instance.
<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 10:1
[PE1-vpn-instance-vpn1] vpn-target 10:1
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 20:1
[PE1-vpn-instance-vpn2] vpn-target 20:1
[PE1-vpn-instance-vpn2] quit
2. Configure routing between the MCE and VPN sites:
The MCE is connected to VPN 1 directly, and no routing protocol is enabled in VPN 1.
Therefore, you can configure static routes.
# On VR 1, assign IP address 10.214.10.2/24 to the interface connected to MCE and
192.168.0.1/24 to the interface connected to VPN 1. Add ports to VLANs correctly. (Details not
shown.)
# On VR 1, configure a default route with the next hop being 10.214.10.3.
<VR1> system-view
[VR1] ip route-static 0.0.0.0 0.0.0.0 10.214.10.3
# On the MCE, configure a static route to 192.168.0.0/24 with the next hop 10.214.10.2. Bind
the static route to VPN instance vpn1.
[MCE] ip route-static vpn-instance vpn1 192.168.0.0 24 10.214.10.2
# On the MCE, display the routing information maintained for VPN instance vpn1.
[MCE] display ip routing-table vpn-instance vpn1
16
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.214.10.0/24 Direct 0 0 10.214.10.3 Vlan10
10.214.10.0/32 Direct 0 0 10.214.10.3 Vlan10
10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0
10.214.10.255/32 Direct 0 0 10.214.10.3 Vlan10
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 Static 60 0 10.214.10.2 Vlan10
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
The output shows that the MCE has a static route for VPN instance vpn1.
# Run OSPF in VPN 2. Create OSPF process 20 and bind it to VPN instance vpn2 on the MCE,
so that the MCE can learn the routes of VPN 2 and add them to the routing table of VPN
instance vpn2.
[MCE] ospf 2 vpn-instance vpn2
# Advertise subnet 10.214.20.0.
[MCE-ospf-2] area 0
[MCE-ospf-2-area-0.0.0.0] network 10.214.20.0 0.0.0.255
[MCE-ospf-2-area-0.0.0.0] quit
[MCE-ospf-2] quit
# On VR 2, assign IP address 10.214.20.2/24 to the interface connected to MCE and
192.168.10.1/24 to the interface connected to VPN 2. (Details not shown.)
# Configure OSPF process 2, and advertise subnets 192.168.10.0 and 10.214.20.0.
<VR2> system-view
[VR2] ospf 2
[VR2-ospf-2] area 0
[VR2-ospf-2-area-0.0.0.0] network 192.168.10.0 0.0.0.255
[VR2-ospf-2-area-0.0.0.0] network 10.214.20.0 0.0.0.255
[VR2-ospf-2-area-0.0.0.0] quit
[VR2-ospf-2] quit
# On the MCE, display the routing information maintained for VPN instance vpn2.
[MCE] display ip routing-table vpn-instance vpn2
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.214.20.0/24 Direct 0 0 10.214.20.3 Vlan20
10.214.20.0/32 Direct 0 0 10.214.20.3 Vlan20
10.214.20.3/32 Direct 0 0 127.0.0.1 InLoop0
10.214.20.255/32 Direct 0 0 10.214.20.3 Vlan20
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
17
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
192.168.10.0/24 O_INTRA 10 2 10.214.20.2 Vlan20
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
The output shows that the MCE has learned the private routes of VPN 2. The MCE maintains
the routes of VPN 1 and those of VPN2 in two different routing tables. In this way, routes from
different VPNs are separated.
3. Configure routing between the MCE and PE 1:
# On the MCE, bind VLAN-interface 30 to VPN instance vpn1, and configure an IP address for
the VLAN interface.
[MCE] interface vlan-interface 30
[MCE-Vlan-interface30] ip binding vpn-instance vpn1
[MCE-Vlan-interface30] ip address 30.1.1.1 24
[MCE-Vlan-interface30] quit
# Bind VLAN-interface 40 to VPN instance vpn2, and configure an IP address for the VLAN
interface.
[MCE] interface vlan-interface 40
[MCE-Vlan-interface40] ip binding vpn-instance vpn2
[MCE-Vlan-interface40] ip address 40.1.1.1 24
[MCE-Vlan-interface40] quit
# On PE 1, bind VLAN-interface 30 to VPN instance vpn1, and configure an IP address for the
VLAN interface.
[PE1] interface vlan-interface 30
[PE1-Vlan-interface30] ip binding vpn-instance vpn1
[PE1-Vlan-interface30] ip address 30.1.1.2 24
[PE1-Vlan-interface30] quit
# Bind VLAN-interface 40 to VPN instance vpn2, and configure an IP address for the VLAN
interface.
[PE1] interface vlan-interface 40
[PE1-Vlan-interface40] ip binding vpn-instance vpn2
[PE1-Vlan-interface40] ip address 40.1.1.2 24
[PE1-Vlan-interface40] quit
# Configure the IP address of the interface Loopback 0 as 101.101.10.1 for the MCE and as
100.100.10.1 for PE 1. Specify the loopback interface address as the router ID for the MCE and
PE 1. (Details not shown.)
# Enable OSPF process 10 on the MCE, and bind the process to VPN instance vpn1.
[MCE] ospf 10 router-id 101.101.10.1 vpn-instance vpn1
# Disable OSPF routing loop detection for the VPN instance.
[MCE-ospf-10] vpn-instance-capability simple
# Set the domain ID to 10.
[MCE-ospf-10] domain-id 10
# On the MCE, advertise subnet 30.1.1.0 in area 0, and redistribute the static route of VPN 1.
[MCE-ospf-10] area 0
[MCE-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[MCE-ospf-10-area-0.0.0.0] quit
[MCE-ospf-10] import-route static
Table of contents
Other HP Switch manuals
HP
HP ProLiant BL p-Class GbE2 Operating manual
HP
HP AM866B User manual
HP
HP StorageWorks MSA 1000 Manual
HP
HP OfficeConnect 1920S Series User manual
HP
HP Aruba 4100i Installation instructions
HP
HP PS1810-8G User manual
HP
HP ProCurve 8108fl User manual
HP
HP 2920 Series User manual
HP
HP L10 User manual
HP
HP StorageWorks 2/32 - SAN Switch Instruction Manual
HP
HP 1420 Series User manual
HP
HP A3100-8 v2 SI Installation manual
HP
HP ProCurve 8212zl Series Manual
HP
HP zl User manual
HP
HP Aruba Instant On 1930 Assembly instructions
HP
HP ProCurve 6600-48G Assembly instructions
HP
HP ProCurve 4204vl User manual
HP
HP 1405-16 Specification sheet
HP
HP 6125G User manual
HP
HP AdvanceStack 100VG User manual
