Zte ZXR10 5900E Series User manual
ZXR105900ESeries
Easy-MaintenanceMPLSRoutingSwitch
CongurationGuide(VPN)
Version:3.00.11
ZTECORPORATION
No.55,Hi-techRoadSouth,ShenZhen,P .R.China
Postcode:518057
Tel:+86-755-26771900
Fax:+86-755-26770801
URL:http://support.zte.com.cn
E-mail:[email protected]
LEGALINFORMATION
Copyright©2014ZTECORPORATION.
Thecontentsofthisdocumentareprotectedbycopyrightlawsandinternationaltreaties.Anyreproductionor
distributionofthisdocumentoranyportionofthisdocument,inanyformbyanymeans,withoutthepriorwritten
consentofZTECORPORATIONisprohibited.Additionally,thecontentsofthisdocumentareprotectedby
contractualcondentialityobligations.
Allcompany,brandandproductnamesaretradeorservicemarks,orregisteredtradeorservicemarks,ofZTE
CORPORATIONoroftheirrespectiveowners.
Thisdocumentisprovided“asis”,andallexpress,implied,orstatutorywarranties,representationsorconditions
aredisclaimed,includingwithoutlimitationanyimpliedwarrantyofmerchantability,tnessforaparticularpurpose,
titleornon-infringement.ZTECORPORATIONanditslicensorsshallnotbeliablefordamagesresultingfromthe
useoforrelianceontheinformationcontainedherein.
ZTECORPORATIONoritslicensorsmayhavecurrentorpendingintellectualpropertyrightsorapplications
coveringthesubjectmatterofthisdocument.ExceptasexpresslyprovidedinanywrittenlicensebetweenZTE
CORPORATIONanditslicensee,theuserofthisdocumentshallnotacquireanylicensetothesubjectmatter
herein.
ZTECORPORATIONreservestherighttoupgradeormaketechnicalchangetothisproductwithoutfurthernotice.
UsersmayvisittheZTEtechnicalsupportwebsitehttp://support.zte.com.cntoinquireforrelatedinformation.
TheultimaterighttointerpretthisproductresidesinZTECORPORATION.
RevisionHistory
RevisionNo.RevisionDateRevisionReason
R1.02015–03–10Firstedition
SerialNumber:SJ-20150114102049-016
PublishingDate:2015-03-10(R1.0)
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Contents
AboutThisManual.........................................................................................I
Chapter1MPLSL3VPNConguration.....................................................1-1
1.1MPLSVPNBasicFunctionConguration.............................................................1-1
1.1.1MPLSL3VPNOverview............................................................................1-1
1.1.2ConguringMPLSL3VPN.........................................................................1-5
1.1.3MaintainingMPLSVPN..........................................................................1-17
1.1.4MPLSVPNCongurationExamples........................................................1-18
1.2MPLSVPNRouteAggregationConguration.....................................................1-35
1.2.1MPLSVPNRouteAggregationOverview.................................................1-35
1.2.2ConguringMPLSVPNRouteAggregation..............................................1-36
1.2.3MaintainingMPLSVPNRouteAggregation..............................................1-36
1.2.4MPLSVPNRouteAggregationCongurationExample.............................1-37
1.3VPNRouteRestrictionandAlarm......................................................................1-41
1.3.1VPNRouteRestrictionandAlarmOverview.............................................1-41
1.3.2ConguringVPNRouteRestrictionandAlarm..........................................1-41
1.3.3MaintainingVPNRouteRestrictionandAlarm..........................................1-41
1.3.4VPNRouteAlarmCongurationExample................................................1-43
Chapter2MPLSL2VPNConguration.....................................................2-1
2.1MPLSL2VPNBasicFunctionConguration.........................................................2-1
2.1.1MPLSL2VPNOverview............................................................................2-1
2.1.2ConguringMPLSL2VPNServices...........................................................2-3
2.1.3MaintainingMPLSL2VPNInstances.........................................................2-5
2.2VPLSBasicFunctionConguration.....................................................................2-7
2.2.1VPLSOverview........................................................................................2-7
2.2.2ConguringaVPLS..................................................................................2-9
2.2.3MaintainingVPLSInstances....................................................................2-11
2.2.4VPLSCongurationExample..................................................................2-17
2.3VPWSBasicFunctionConguration.................................................................2-20
2.3.1VPWSOverview....................................................................................2-20
2.3.2ConguringaVPWS...............................................................................2-21
2.3.3MaintainingVPWSInstances..................................................................2-23
2.3.4VPWSCongurationExample.................................................................2-28
Figures.............................................................................................................I
I
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Tables............................................................................................................III
Glossary.........................................................................................................V
II
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
AboutThisManual
Purpose
ThismanualistheZXR105900ESeries(V3.00.11)Easy-MaintenanceMPLSRouting
SwitchCongurationGuide(VPN),whichisapplicabletotheZXR105900E(V3.00.11)
seriesswitches.
IntendedAudience
Thismanualisintendedfor:
lNetworkplanningengineer
lDebuggingengineer
lAttendant
WhatIsinThisManual
Thismanualcontainsthefollowingchapters:
Chapter1,MPLSL3VPN
Conguration
ProvidestheoverviewandprinciplesofMPLSL3VPNconguration,
relatedcongurationandmaintenancecommands,andconguration
examples.
Chapter2,MPLSL2VPN
Conguration
ProvidestheoverviewandprinciplesofMPLSL2VPNconguration,
relatedcongurationandmaintenancecommands,andconguration
examples.
Conventions
Thismanualusesthefollowingtypographicalconventions:
ItalicsVariablesincommands.Itmayalsorefertootherrelatedmanualsanddocuments.
BoldMenus,menuoptions,functionnames,inputelds,optionbuttonnames,checkboxes,
drop-downlists,dialogboxnames,windownames,parameters,andcommands.
Constant
width
Textthatyoutype,programcodes,lenames,directorynames,andfunctionnames.
[]Optionalparameters.
{}Mandatoryparameters.
|Separatesindividualparameterinseriesofparameters.
Note:providesadditionalinformationaboutacertaintopic.
I
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Thispageintentionallyleftblank.
II
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Chapter1
MPLSL3VPNConguration
TableofContents
MPLSVPNBasicFunctionConguration...................................................................1-1
MPLSVPNRouteAggregationConguration...........................................................1-35
VPNRouteRestrictionandAlarm.............................................................................1-41
1.1MPLSVPNBasicFunctionConguration
1.1.1MPLSL3VPNOverview
IntroductiontoMPLSL3VPN
MPLSL3VPNisakindofInternetProtocol(IP)VirtualPrivateNetwork(VPN)basedon
MultiProtocolLabelSwitching(MPLS)technology.ItisalsocalledL3VPN,whichapplies
MPLStechnologytoroutersandswitches.MPLSVPNsimpliestherouteselectionmode
ofcoreswitches,anditrealizesIPvirtualprivatenetworkbymeansofthelabelswitching
ofconventionalroutingtechnology.
MPLSVPNcanbeusedtoconstructbroadbandIntranetandExtranet,whichcansatisfy
therequirementsofmanyservicescleverly.
MPLSVPNcanutilizethepowerfultransmissioncapabilityofapublicbackbonenetwork
toreducetheconstructioncostsoftheIntranet,andgreatlyimprovetheoperationand
managementexibilityofusernetworks.Meanwhile,itmeetstheuserrequirementsfor
datatransmissionsecurity,realtimeandbroadband,convenience.
InanIP-basednetwork,MPLShasmanyadvantages,
1.Reducecost
MPLSsimpliestheintegrationtechnologyofATMandIP .Itefcientlycombinesthe
L2andL3technologies.Therefore,thecostisreducedandtheinvestmentissaved
atearlierstages.
2.Improveresourceutilizationrate
Sincelabelswitchingisusedinnetwork,theIPaddressesusedbyusersintheirLocal
AreaNetworks(LAN)canberepeated.Inthisway,IPresourceutilizationrateis
improved.
3.Improvenetworkspeed
1-1
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
ZXR105900ESeriesCongurationGuide(VPN)
Sincelabelswitchingisused,thetimeforaddresssearchineachhopprocessis
shortened.Inthisway,thetimeofdatatransmissiontimeisreducedinnetwork,and
thenetworkspeedisimproved.
4.Improveexibilityandexpansibility
SinceMPLSusesAnyToAnyconnection,thenetworkexibilityandexpansibilityare
improved.Withrespecttotheexibility,specialcontrolpolicycanbecustomizedto
meetspecialrequirementsofdifferentuserstorealizevalue-addedservices.The
expansibilitycoversthefollowingtwopoints:
lMoreVPNsarecontainedbyanetwork.
lEasyuserexpansioninthesameVPN.
5.Convenience
MPLSiswidelyusedinoperatornetworks.Itbringmoreconveniencetoenterprise
usersestablishglobalVPN.
6.Improvetransmissionsecurity
MPLSservesasachannelmechanismtoimplementtransparentpackettransmission.
MPLSLinkStatePacket(LSP)havehighreliabilityandsecurity,similaringtoframe
relayandAsynchronousTransferMode(ATM)VirtualChannelConnection(VCC).
7.Enhanceserviceintegrationcapability
Anetworkcansupporttheservicesintegratingdata,audioandvideo.
8.MPLSQoSguarantee
TherelatedstandardsanddraftsdrawnbyIETFforBorderGatewayProtocol
(BGP)/MPLSVPN:
lRFC4364,BGP/MPLSIPVirtualPrivateNetworks
lRFC4760,MultiprotocolExtensionsforBGP-4
lRFC2547,BGP/MPLSVPN
lDraftRFC2547bis,BGP/MPLSVPN
lRequestForComments(RFC)2283,multi-protocolextensionBGP4
MPLSL3VPNRelatedTerms
ABGP/MPLSVPNnetworksystemcoversthefollowingnetworkdevices.
lPE
APEreferstoarouterconnectedtoaCEinacustomersiteinanoperatornetwork.
ThePEroutersupportsVPNandlabelingfunction(thelabelingfunctioncanbe
providedbyRSVP ,LDPorConstraintbasedRoutingLabelDistributionProtocol
(CRLDP)).
InasingleVPN,PEroutersareconnectedbytunnel.ThetunnelcanbeaMPLSLSP
tunneloraLDPtunnel.
lProvider(P)
1-2
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Chapter1MPLSL3VPNConguration
Here,"P"refersarouterinthecoreofanoperatornetwork,whichdoesnotconnect
toanyrouterinanycustomersite,butisapartofMPLSL3VPNtunnel."P"supports
MPLSLSPorLDPfunction,butitdoesnotneedtosupportVPN.
lCE
CEreferstoarouterorswitchconnectedtoanoperatornetworkinacustomersite.
Normally,IProuteractasCEdevice.
VPNfunctionisprovidedbyPErouters,whilePandCEroutersdonothavespecial
requirementsforVPNconguration.
VPN-IPv4AddressandRouteDistinguisher
SinceL3VPNmaybeconnectedtoprivatenetworksthroughInternetandtheseprivate
networkscaneitherusepublicorprivateaddresses,theaddressesusedbydifferent
privatenetworksmayberepeatedwhenprivatenetworksuseprivateaddresses.
Toavoidtherepetitionofprivateaddresses,publicaddressescanbeusedbynetwork
devicestoreplaceprivateaddresses.AsolutionisprovidedinRFC2547bisthatusesan
existentprivatenetworkIDtogenerateadenitenewaddress.
ThenewaddressisapartofVPN-IPv4addressfamily,anditalsoisaBGPaddressfamily
oftheMP-BGPprotocol.InaVPN-IPv4address,thereisavalueusedtodifferentiate
differentVPNs,calledRouteDistinguisher(RD).
TheformatofaVPN-IPv4addressisaneight-byteRDplusafour-byteIPaddress.RDis
theeight-bytevalueusedforVPNdifferentiation.AnRDconsistsofthefollowingelds:
lTypeeld(twobytes):Itdeterminesthelengthoftheotherelds.
àIfthevalueofthetypeeldis0,Administrator(ADM)eldcoverstwobytesand
theAssignmentNumber(AN)eldcoversfourbytes.
àIfthevalueofthetypeeldis1,ADMeldcoversfourbytesandtheAssignment
Number(AN)domaincoverstwobytes.
àIfthevalueofthetypeeldis2,ADMeldcoversfourbytesandtheAssignment
Number(AN)domaincoverstwobytes.
lADMeld:Itidentiesanadministrationassignmentnumber
àIfthetypedomainis0,theadministratordomaincontainsanAutonomousSystem
(AS)ID.RFC2547bisrecommendsapublicASIDallocatedbyInternetAssigned
NumbersAuthority(IANA)beused(itismuchbetterthattheASIDoftheISPor
customeritselfisused).
àIfthevalueofthetypeeldis1,ADMeldcontainsanIPv4address.RFC2547bis
recommendstouseswitchIPaddress(thisaddressisnormallyconguredas
switchID).RouterIPaddressisapublicaddress.
àIfthetypedomainis2,theadministratordomaincontainfourbytesAutonomous
SystemID.
lANeld:Thenumberassignedbyanetworkoperator
1-3
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
ZXR105900ESeriesCongurationGuide(VPN)
àIfthetypeeldis0,ANeldcoversfourbytes.
àIfthetypeeldis1,ANeldcoverstwobytes.
àIfthetypeeldis2,ANeldcoverstwobytes.
TheRDisonlyusedbetweenPEsandCEstodifferentiateIPv4addressesofdifferent
VPNs.TheingressgeneratesanRDandconvertsthereceivedIPv4routeoftheCEinto
aVPN-IPv4address.BeforeadvertisingtheroutetotheCE,theegressPEconvertsthe
VPN-IPv4routeintoanIPv4route.
MPLSVPNPrinciple
MPLSVPNadoptsL3technology.EveryVPNhasitsownVPN-ID.EveryVPNusercan
onlycommunicatewiththemembersbelongingtothesameVPN,andonlyVPNmembers
canentertheVPN.
InMPLSVPN,theserviceprovider(SP)allocatesaRDtoeveryVPN.TheRDisunique
inSPnetwork.
Forwardingtablecontainsauniqueaddress,calledVPN-IPaddress,whichisformed
throughtheconnectionoftheRDanduserIPaddress.TheVPN-IPaddressisunique
inthenetwork.Theaddresstableisstoredintheforwardingtable.
BGPisaroutinginformationdistributionprotocol,whichusesmulti-protocolextension
andcommonattributestodeneVPNconnectivity.InMPLSVPN,BGPonlyadvertises
messagestothemembersinthesameVPN,andprovidesbasicsecuritybymeansof
trafcsplit.
DataisforwardedbyusingLSP .TheLSPdenesaspecialpaththatcannotbechanged,
toguaranteethesecurity.Suchalabel-basedmodecanprovidecondentialitylikeframe
relayandATM.TheSPassociatesaspecialVPNtoaninterface,andpacketforwarding
isdecidedbyingresslabels.
VPNforwardingtablecontainsalabelthatcorrespondstotheVPN-IPaddress.Thelabel
isusedtosenddatatothecorrespondingdestination.SincethelabelreplacestheIP
address,usercankeepitsownaddressstructure.Thedatacanbetransmittedwithout
NetworkAddressTranslation(NAT).Accordingtothedataingress,thecorresponding
switchwillselectaspecialVPNforwardingtablethatonlycontainsavaliddestination
addressinVPN.RouterselectsaspeciedVPNforwardingtableaccordingtotheingress.
TheVPNforwardingtablecontainsthevaliddestinationaddressesonly.
CEadvertisesroutinginformationontheuser'snetworktothePEbymeansofstaticroute,
defaultroute,routingprotocolsRIP ,OSPF ,IS-ISorBGP .
CEsendstheroutinginformationtoPEbystaticroute,defaultrouterorroutingprotocol,
suchasRoutingInformationProtocol(RIP),OpenShortestPathFirst(OSPF)and
IntermediateSystem-to-IntermediateSystem(IS-IS).
Meanwhileextendedmulti-protocolBGPisusedbetweenPEstotransmitVPN-IP
informationandthecorrespondinglabels(VPNlabel,calledinnerlabelhereinafter).
1-4
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Chapter1MPLSL3VPNConguration
TheconventionalIGPisusedbetweenPEandPtolearntheroutinginformation,andthe
LDPisusedtobindtheroutinginformationtolabel(alabelonthebackbonenetwork,
calledouterlabelhereinafter).
Inthisway,thebasicnetworktopologyandroutinginformationamongCE,PEandPare
alreadyformed.Thus,thePEhastheroutinginformationofbackbonenetworkandevery
VPN.
WhenCEuserdatabelongingtosomeVPNentersthenetwork,thesystemcanidentifyto
whichVPNtheCEbelongsontheinterfaceofCEthatconnectstoPE,andwillfurtherread
thenext-hopaddressinformationintheroutingtableoftheVPN.Inaddition,theforwarded
packetswillbemarkedwithaVPNlabel(innerlabel).Inthiscase,theobtainednext-hop
addressistheaddressofaPEthatisthepeerofthisPE.
ToreachthedestinationPE,routinginformationofbackbonenetworkisreadfromthe
sourcePE,thustoobtaintheaddressofthenextPswitch.Meanwhile,theforwarded
userpacketsaremarkedwithabackbonenetworklabel(outerlabel).
Inbackbonenetwork,alltheProuterslocatingbehindthesourcePEreadtheouterlabel
todeterminethenexthop.Therefore,thesimplelabelswitchingisperformedinbackbone
networkonly.
WhenthepacketreachesthelastPswitchbeforearrivingatthedestinationPE,theouter
labelwillberemoved.AfterthepacketreachesthedestinationPE,thePEwillreadthe
innerlabel,ndthenext-hopCEinthecorrespondingVirtualRoutingForwarding(VRF)
andsendthepackettotherelatedinterface,andthentransmitthepackettotheCEnetwork
oftheVPN.
1.1.2ConfiguringMPLSL3VPN
CreatingVRFonPE
AVRFiscreatedforeachVPNonPE.VRFonlysavestherouteinformationrelatedto
thisVPN.VPNisindependent,whichhasitsowninterface,routingandlabeltables,route
protocolandsoon.
TocreateVRFonZXR105900E,performthefollowingsteps.
StepCommandFunction
1ZXR10(config)#ipvrf<vrf-name>ThisconguresaVPNinstance.
2ZXR10(config-vrf-vrf-name)#rd<route-distinguisher>ThisdenesVRFRD.
3ZXR10(config-vrf-vrf-name)#address-family{ipv4|ipv6}ThisactivatesIPv4orIPv6
addressfamily.
4ZXR10(config-vrf-vrf-name-af-ipv4)#route-target[
import|export|both]<extended-community>
ZXR10(config-vrf-vrf-name-af-ipv6)#route-target[
import|export|both]<extended-community>
Thiscreatesroute-target
extensioncommunityattribute
relatingtoVRF.
1-5
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
ZXR105900ESeriesCongurationGuide(VPN)
StepCommandFunction
5ZXR10(config)#interface<interface-name>Thisentersinterface
congurationmode.
6ZXR10(config-if-interface-name)#ipvrfforwarding<
vrf-name>
Thisassociatesinterfaceto
VRF.
DeletetheexistentIPaddress
oftheinterfacebeforeusing
thiscommand.
7ZXR10(config-if-interface-name)#ipaddress<
ip-address><netmask>
Thisconguresinterface
address.
Descriptionsoftheparametersusedbystep1,2,3and4areshownbelow.
ParameterDescription
<vrf-name>VRFname,1-32characters.Thenameisonlyvalidlocally,which
isusedforbindinganinterfacetotheVPN.
<route-distinguisher>VRFRD,therearethreeformats,<1-65535>:<0-4294967295>or
A.B.C.D:<0-65535>or<1-65535>.<0-65535>:<0-65535>.
{ipv4|ipv6}ActivateIPv4orIPv6addressfamily.
importImporttheroutetoVRFaccordingtoroute-targetextension
communityattribute
exportExporttheVRFroutewithroute-targetextensioncommunity
attribute
bothItisequaltoenableimportandexportatthesametime.
<extended-community>Theroute-targetextensioncommunityattribute,therearethree
formats,<1-65535>:<0-4294967295>orA.B.C.D:<0-65535>or
<1-65535>.<0-65535>:<0-65535>
ConguringStaticRouteProtocolBetweenCEandPE
InordertorunstaticrouteprotocolbetweenCEandPE,astaticroutepointingtoCEneeds
tobeconguredonPE,andthestaticrouteneedstobedistributedtoBGP .
TorunstaticrouteprotocolbetweenCEandPE,performthefollowingstepsonZXR10
5900E.
StepCommandFunction
1ZXR10(config)#iproutevrf{mng|<vrf-name>}<prefix><net-
mask>{<forwarding-router's-addres>[global]|<interface-name
>[<forwarding-router's-address>]}[<distance-metric>][metric
<metric-value>][tag<tag-value>][bfdenable][track
<track-name>][name<description-name>]
Thisconguresastaticroute
pointingtoCEonPE.
ItisrequiredtospecifyaVRFto
whichthisstaticroutebelongs.
1-6
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Chapter1MPLSL3VPNConguration
StepCommandFunction
2ZXR10(config)#routerbgp<as-number>ThisentersBGProute
congurationmode.
3ZXR10(config-bgp)#address-familyipv4vrf<vrf-name>ThisentersVRFaddressfamily
congurationmode.
4ZXR10(config-bgp-af-ipv4-vrf)#redistributestaticThisredistributesthestatic
route.
CongurationExample
AsshowninFigure1-1,runstaticroutebetweenCE1andPE1.
Figure1-1RunningStaticRouteProtocolbetweenCEandPE
CongurestaticrouteonCE1andPE1respectively.
CE1conguration,
CE1(config)#interfacevlan1
CE1(config-if-vlan1)#ipaddress10.1.0.1255.255.255.252
CE1(config-if-vlan1)#exit
CE1(config)#interfacevlan2
CE1(config-if-vlan2)#ipaddress10.1.1.254255.255.255.0
CE1(config-if-vlan2)#exit
CE1(config)#iproute10.2.0.0255.255.0.010.1.0.2
PE1conguration,
PE1(config)#iproutevrfvpn_a10.1.0.0255.255.0.010.1.0.1
PE1(config)#routerbgp100
PE1(config-bgp)#address-familyipv4vrfvpn_a
1-7
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
ZXR105900ESeriesCongurationGuide(VPN)
PE1(config-bgp-af-ipv4-vrf)#redistributestatic
PE1(config-bgp-af-ipv4-vrf)#exit
ConguringRIPProtocolBetweenCEandPE
TorunRIPbetweenCEandPE,performthefollowingstepsonZXR105900E.
StepCommandFunction
1ZXR10(config)#routerripThisentersRIPcongurationmode.
2ZXR10(config)#version2ThisconguresRIPv2.
ZXR10(config-rip)#address-familyipv4vrf<
vrf-name>
ThisentersVRFaddressfamily
congurationmode.
ZXR10(config-rip-af)#noauto-summaryThisdisablesautosummaryfunction.
ZXR10(config-rip-af)#version2ThisconguresRIPv2.
ZXR10(config-rip-af)#network
<network-number><wild-card>
Thisadvertisesdirect-connectednetwork
segmenttoRIP .
ZXR10(config-rip-af)#redistributeconnectedThisredistributesdirect-connectedroute
toRIP .
3
ZXR10(config-rip-af)#redistributebgp-intThisredistributesbgp-inttoRIP .
4ZXR10(config)#routerbgp<as-number>ThisentersBGProutecongurationmode.
ZXR10(config-bgp)#address-familyipv4vrf<
vrf-name>
ThisentersVRFaddressfamily
congurationmode.
5
ZXR10(config-bgp-af-ipv4-vrf)#redistribute
rip
ThisredistributesRIProute.
CongurationExample
AsshowninFigure1-2,runRIPbetweenCE1andPE1.
1-8
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Chapter1MPLSL3VPNConguration
Figure1-2RunningRIPbetweenCEandPE
RunRIPprotocolonCE1andPE1respectively.MakesurethatPE1andCE1can
distributeroutetoeachother.
CE1conguration,
CE1(config)#routerrip
CE1(config)#noauto-summary
CE1(config-rip)#version2
CE1(config-rip)#network10.1.0.00.0.0.3
CE1(config-rip)#redistributeconnected
CE1(config-rip)#exit
PE1conguration,
PE1(config)#routerrip
PE1(config-rip)#version2
PE1(config-rip)#address-familyipv4vrfvpn_a
PE1(config-rip-af)#noauto-summary
PE1(config-rip-af)#version2
PE1(config-rip-af)#network10.1.0.00.0.0.3
PE1(config-rip-af)#redistributebgp-int
PE1(config-rip-af)#exit
PE1(config-rip)#exit
PE1(config)#routerbgp100
PE1(config-bgp)#address-familyipv4vrfvpn_a
PE1(config-bgp-af-ipv4-vrf)#redistributerip
PE1(config-bgp-af-ipv4-vrf)#redistributeconnected
PE1(config-bgp-af-ipv4-vrf)#exit
1-9
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
ZXR105900ESeriesCongurationGuide(VPN)
ConguringOSPFbetweenCEandPE
TorunOSPFbetweenCEandPE,performthefollowingstepsonZXR105900E.
StepCommandFunction
1ZXR10(config)#routerospf<process-id>[vrf<vrf-name>]ThisentersOSPFVRF
congurationmode.
2ZXR10(config-ospf-process-id)#network<network-numb
er><wild-card>area<area-id>
Thisdesignatestheinterfaces
torunOSPFanddenes
area-IDtotheseinterfaces.
3ZXR10(config-ospf-process-id)#redistributebgp-intThisredistributesbgp-introute.
4ZXR10(config)#routerbgp<as-number>ThisentersBGProute
congurationmode.
5ZXR10(config-bgp)#address-familyipv4vrf<vrf-name>ThisentersVRFaddressfamily
congurationmode.
6ZXR10(config-bgp-af-ipv4-vrf)#redistribute{ospf-int|
ospf-ext}<process-id>
ThisredistributesOSPFroute.
CongurationExample
AsshowninFigure1-3,enabletheOSPFprotocolonbothCE1andPE1todistribute
routinginformationmutually.
Figure1-3EnablingtheOSPFProtocolonCEandPEDevices
RunthefollowingcommandsonCE1:
CE1(config)#routerospf1
CE1(config-ospf-1)#network10.1.0.00.0.0.3area0.0.0.0
CE1(config-ospf-1)#network10.1.1.00.0.0.255area0.0.0.0
1-10
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Chapter1MPLSL3VPNConguration
RunthefollowingcommandsonPE1:
PE1(config)#routerospf2vrfvpn_a
PE1(config-ospf-2)#network10.1.0.00.0.0.3area0.0.0.0
PE1(config-ospf-2)#redistributebgp-int
PE1(config-ospf-2)#exit
PE1(config)#routerbgp100
PE1(config-bgp)#address-familyipv4vrfvpn_a
PE1(config-bgp-af-ipv4-vrf)#redistributeospf-int
PE1(config-bgp-af-ipv4-vrf)#redistributeconnected
UsesimilarmethodstocongurePE2andCE2andthenverifytheconguration.
CheckingtheroutinginformationonCE1:
CE1#showipforwardingrouteospf
IPv4RoutingTable:
statuscodes:*valid,>best
DestGwInterfaceOwnerPriMetric
10.2.0.0/3010.1.0.2vlan1ospf1101
10.2.1.0/2410.1.0.2vlan2ospf1101
CE1learnstherouteofCE2throughtheOSPFprotocol.
CheckingtheroutinginformationonCE2:
CE2#showipforwardingrouteospf
IPv4RoutingTable:
statuscodes:*valid,>best
DestGwInterfaceOwnerPriMetric
10.1.0.0/3010.2.0.2vlan1ospf1101
10.1.1.0/2410.2.0.2vlan2ospf1101
CE2learnstherouteofCE1throughtheOSPFprotocol.
OnCE1,pingthelocalareanetworkwheretheCE2isconnectedto:
CE1#ping10.2.1.1
sending5,100-byteICMPechosto10.2.1.1,timeoutis2seconds.
!!!!!
Successrateis100percent(5/5),round-tripmin/avg/max=0/0/10ms.
OnCE2,pingthelocalareanetworkwheretheCE1isconnectedto:
CE2#ping10.1.1.1
sending5,100-byteICMPechosto10.1.1.1,timeoutis2seconds.
!!!!!
Successrateis100percent(5/5),round-tripmin/avg/max=0/0/10ms.
ConguringEBGPbetweenCEandPE
TocongureEBGPbetweenaCEandaPE,performthefollowingstepsonZXR105900E.
1-11
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
ZXR105900ESeriesCongurationGuide(VPN)
StepCommandFunction
1ZXR10(config)#routerbgp<as-number>ThisentersintoBGProute
congurationmode.
2ZXR10(config-bgp)#address-familyipv4vrf<vrf-name>Thisentersintothe
correspondingVRFaddress
familycongurationmode.
3ZXR10(config-bgp-af-ipv4-vrf)#neighbor<ip-address>
remote-as<as-number>
ThisconguresanEBGP
neighbororASnumberofa
neighborpeers.
CongurationExample
AsshowninFigure1-4,runEBGPbetweenCE1andPE1.
Figure1-4RunningEBGPbetweenCEandPE
CongureBGPonCE1andPE1respectively.MakesurethatCE1andPE1candistribute
routetoeachother.
CE1conguration,
CE1(config)#routerbgp65001
CE1(config-bgp)#neighbor10.1.0.2remote-as100
CE1(config-bgp)#neighbor10.1.0.2ebgp-multihop
CE1(config-bgp)#neighbor10.1.0.2activate
CE1(config-bgp)#redistributeconnected
CE1(config-bgp)#exit
PE1conguration,
PE1(config)#routerbgp100
1-12
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Chapter1MPLSL3VPNConguration
PE1(config-bgp)#address-familyipv4vrfvpn_a
PE1(config-bgp-af-ipv4-vrf)#neighbor10.1.0.1remote-as65001
PE1(config-bgp-af-ipv4-vrf)#neighbor10.1.0.1ebgp-multihop
PE1(config-bgp-af-ipv4-vrf)#neighbor10.1.0.1activate
PE1(config-bgp-af-ipv4-vrf)#redistributeconnected
PE1(config-bgp-af-ipv4-vrf)#exit
ConguringMPBGP
T ocongureMPBGP ,performthefollowingstepsonZXR105900E.
StepCommandFunction
1ZXR10(config)#routerbgp<as-number>ThisentersBGPconguration
mode
2ZXR10(config-bgp)#neighbor<ip-address>remote-as
<as-number>
ThisconguresBGPneighbor.
3ZXR10(config-bgp)#neighbor<ip-address>update-source
loopback<number>
Thisspeciesupdate-source
IPaddressasitsownloopback
addressofMPBGPsetlink.
4ZXR10(config-bgp)#address-familyvpnv4ThisentersVPNv4address
familycongurationmode.
5ZXR10(config-bgp-af-vpnv4)#neighbor<ip-address>
activate
Thisactivatesvpnv4abilityof
neighbor.
CongurationExample
AsshowninFigure1-5,runMPBGPbetweenPE1andPE2.
Figure1-5MPBGPProtocolConguration
1-13
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
ZXR105900ESeriesCongurationGuide(VPN)
Caution!
Beforeperformthefollowingcongurations,makesurethatPE1andPE2canbeping
eachotherbyusingtheirloopbackaddresses.
PE1conguration,
PE1(config)#routerbgp100
PE1(config-bgp)#neighbor1.1.1.3remote-as100
PE1(config-bgp)#neighbor1.1.1.3activate
PE1(config-bgp)#neighbor1.1.1.3update-sourceloopback1
PE1(config-bgp)#address-familyvpnv4
PE1(config-bgp-af-vpnv4)#neighbor1.1.1.3activate
PE1(config-bgp-af-vpnv4)#exit
PE2conguration,
PE2(config)#routerbgp100
PE2(config-bgp)#neighbor1.1.1.1remote-as100
PE2(config-bgp)#neighbor1.1.1.1activate
PE2(config-bgp)#neighbor1.1.1.1update-sourceloopback1
PE2(config-bgp)#address-familyvpnv4
PE2(config-bgp-af-vpnv4)#neighbor1.1.1.1activate
PE2(config-bgp-af-vpnv4)#exit
MPLSVPNAdvancedFunctionConguration
1.ConguringASOverride
WhenBGPrunsbetweenPEandCE,userswanttoreuseASnumberindifferentsites.
ToprovidetheconnectivebetweenCE1andCE2,anewmethodcalledASoverride
isadopted.AfterASoverrideisconguredonPE,butbeforePEsendsrouteupdate
packetstoCE,PEwillreplacetheASnumberofeachdirectlyconnectdCEdevicein
theentityAS_PATHbyitsownASnumber.ThelengthofAS_PATHisstillkeptwhen
ASoverrideiscongured.
TocongureASoverride,performthefollowingstepsonZXR105900E.
StepCommandFunction
1ZXR10(config)#routerbgp<as-number>ThisentersBGProute
congurationmode.
2ZXR10(config-bgp)#address-familyipv4vrf<vrf-name>ThisentersIPv4VRFaddress
familycongurationmode.
1-14
SJ-20150114102049-016|2015-03-10(R1.0)ZTEProprietaryandCondential
Other manuals for ZXR10 5900E Series
12
Table of contents
Other Zte Switch manuals
Zte
Zte ZXR10 8900 Series User manual
Zte
Zte ZXR10 5900E Series User manual
Zte
Zte ZXR10 8900 Series Installation manual
Zte
Zte ZXR10 8900 Series User manual
Zte
Zte ZXR10 8900E series Technical specifications
Zte
Zte ZXR10 8900 Series Technical specifications
Zte
Zte ZXR10 8900 Series Installation manual
Zte
Zte ZXR10 5900E Series Technical specifications
Zte
Zte MF28B User manual
Zte
Zte ZXR10 5900E Series User manual
Zte
Zte ZXR10 5900E Series User manual
Zte
Zte ZXR10 8900 Series Installation manual
Zte
Zte ZXR10 8900 Series Assembly instructions
Zte
Zte ZXR10 5900E Series User manual
Zte
Zte ZXR10 5900E Series User manual
Zte
Zte ZXR10 2920 User manual
Zte
Zte ZXR10 5900E Series User manual
Zte
Zte MC8010CA User manual
Zte
Zte ZXR10 5900E Series User manual
Zte
Zte ZXR10 5900 Series User manual
