1
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
www.huawei.com
Internal
ODC011002 MPLS L3 VPN Configuration
ISSUE 1.3
HUAWEI TECHNOLOGIES CO., LTD. Page 2All rights reserved
This slides will introduce MPLS L3 VPN
configuration commands, typical cases,
debugging and troubleshooting.
2
HUAWEI TECHNOLOGIES CO., LTD. Page 3All rights reserved
Upon completion of this course, you will be
able to:
�Know configuration of MPLS L3 VPN
�Know how to debug MPLS L3 VPN
�Know how to troubleshoot MPLS L3 VPN
HUAWEI TECHNOLOGIES CO., LTD. Page 4All rights reserved
Chapter 1 MPLS L3 VPN ConfigurationChapter 1 MPLS L3 VPN Configuration
Chapter 2 MPLS L3 VPN Configuration ExampleChapter 2 MPLS L3 VPN Configuration Example
Chapter 3 MPLS L3 VPN DebuggingChapter 3 MPLS L3 VPN Debugging
Chapter 4 MPLS L3 VPN TroubleshootingChapter 4 MPLS L3 VPN Troubleshooting
3
HUAWEI TECHNOLOGIES CO., LTD. Page 5All rights reserved
MPLS L3 VPN Configuration Steps
Basic Configuration
IP address, IGP,
make sure that PE-PE
IP reachable
MPLS Function
LDP Function
Enable MPLS with system and interface
Enable LDP with
system and interface
Define VPN
PE-PE MP-BGP Function
PE-CE Routing Protocol
VPN name and RD,RT, bind to interface
BGP Peer, Active
remote PE and route
import
Static, EBGP, OSPF,
or RIP
HUAWEI TECHNOLOGIES CO., LTD. Page 6All rights reserved
MPLS VPN (L3) Configuration Steps
� To configure BGP/MPLS VPN, you need to:
�Configure basic information on PE, CE and P.
�Establish the logical or physical link with IP capabilities from
PE to PE.
�Advertise and update VPN information.
� BGP/MPLS VPN configuration includes:
�Define VPN Instance
�Configure PE-CE Routing Protocol
�Configure PE-PE Routing Protocol
4
HUAWEI TECHNOLOGIES CO., LTD. Page 7All rights reserved
Define VPN Instance
� Establish and enter VPN instance view [system-view]
� ip vpn-instance vpn_name
� Establish RD [vrf-view] for vpn-instance
� route-distinguisher route-distinguisher
� Establish vpn-target community for vpn-instance [vrf-view]
�vpn-target vpn-target-ext-community [ import-extcommunity |
export-extcommunity | both ]
� Associate the interface with vpn-instance [interface-view]
� ip binding vpn-instance vpn-instance-name
HUAWEI TECHNOLOGIES CO., LTD. Page 8All rights reserved
Configure PE-PE Routing Protocol
� Establish public network BGP neighbor (refer BGP configuration)
� Using Loopback address to create TCP connection between
PEs [BGP-view]
�peer peer-address connect-interface loopback interface-
number
� Enter MBGP VPNv4 address-family view [BGP-view]
� ipv4-family vpnv4 [ unicast ]
� Activate MBGP peer entity [vpnv4 family view]
�peer { group-name | peer-address } enable
5
HUAWEI TECHNOLOGIES CO., LTD. Page 9All rights reserved
Configure PE-CE Routing Protocol
� Configure link between PE and CE via static routing
� ip route-static vpn-instance vpn-instance-name prefix mask[ next-hop-address ] [ interface { interface-number } ] [ public | preference preference | blackhole | reject ]
� Configure route information exchange between PE and CE via EBGP
�Enter BGP VPN address family view
− ipv4-family vpn-instance vpn-instance-name
�Configure the AS number of the specific neighbour
− peer peer-address as-number as-number
� Import direct routing
− import-route direct
�Allow route loopback
− peer ip-address allow-as-loop asn-limit
HUAWEI TECHNOLOGIES CO., LTD. Page 10All rights reserved
Configure PE-CE Routing Protocol
� Configure route information exchange between PE and CE via RIP
�Create PE-CE RIP instance and enter RIP view
− rip [ process-id ] vpn-instance vpn-instance-name
� Configure route information exchange between PE and CE via
OSPF
�Create PE-CE OSPF instance and enter OSPF view
− ospf [ process-id ] [ router-id router-id ] [ vpn-instance vpn-
instance-name ]
�By default, one router can run 1024 OSPF processes at most;
one VPN can start 10 OSPF processes at most.
6
HUAWEI TECHNOLOGIES CO., LTD. Page 11All rights reserved
Chapter 1 MPLS L3 VPN ConfigurationChapter 1 MPLS L3 VPN Configuration
Chapter 2 MPLS L3 VPN Configuration ExampleChapter 2 MPLS L3 VPN Configuration Example
Chapter 3 MPLS L3 VPN DebuggingChapter 3 MPLS L3 VPN Debugging
Chapter 4 MPLS L3 VPN TroubleshootingChapter 4 MPLS L3 VPN Troubleshooting
HUAWEI TECHNOLOGIES CO., LTD. Page 12All rights reserved
MPLS/VPN Configuration (1)
�PE1 Configuration
�Configure MPLS basic function.
− [PE1] mpls lsr-id 172.1.1.1
− [PE1] mpls
− [PE1] mpls ldp
− [PE1] interface Pos 1/0/0
− [PE1-Pos/0/0] mpls
− [PE1-Pos/0/0] mpls ldp
�Configure vpn-instance.
− [PE1] ip vpn-instance vpna
− [PE1-vpn-instance] route-distinguisher 100:1
− [PE1-vpn-instance] vpn-target 100:1 both
− [PE1-vpn-instance] vpn-target 100:2 import-extcommunity
− [PE1-vpn-instance] vpn-target 100:3 export-extcommunity
PE
Ethernet 1/0/0:
168.1.1.1/16
PE-2
CE-1
Ethernet 2/0/0:
168.1.1.2/16 -1
CE-2
PPos1/0/0:
172.1.1.1/16 Pos1/0/0
AS100
AS 1 AS 2
Loopback0:
202.100.0.1/32
Loopback 0:
200.10.0.1/16
7
HUAWEI TECHNOLOGIES CO., LTD. Page 13All rights reserved
MPLS/VPN Configuration (2)
� Interface Configuration
− [PE1] interface loopback0
− [PE1-LoopBack 0] ip address 202.100.0.1 255.255.255.255
− [PE1] interface ethernet 1/0/0
− [PE1-Ethernet1/0/0] ip binding vpn-instance vpna
− [PE1-Ethernet1/0/0] ip address 168.1.1.2 255.255.0.0
− [PE1] interface pos1/0/0
− [PE1-Pos1/0/0] ip address 172.1.1.1 255.255.0.0
�Configure PE-CE BGP.
− [PE1] bgp 100
− [PE1-bgp] import-route direct
− [PE1-bgp] ipv4-family vpn-instance vpna
− [PE1-bgp-af-vpn-instance] peer 168.1.1.1 as-number 1
HUAWEI TECHNOLOGIES CO., LTD. Page 14All rights reserved
MPLS/VPN Configuration (3)
� Configure PE-PE BGP
− [PE1] bgp 100
− [PE1-bgp] peer 200.10.0.1 as-number 100
− [PE1-bgp] peer 200.10.0.1 connect-interface loopback0
− [PE1-bgp] ipv4-family vpnv4
− [PE1-bgp-af-vpn] peer 200.10.0.1 enable
� Configure OSPF
− [PE1] ospf
− [PE1-ospf] area 0
− [PE1-ospf-area-0.0.0.0] network 172.1.0.0 0.0.255.255
− [PE1-ospf-area-0.0.0.0] network 202.10.0.1 0.0.0.0
− [PE1-ospf] import-route direct
8
HUAWEI TECHNOLOGIES CO., LTD. Page 15All rights reserved
Chapter 1 MPLS L3 VPN ConfigurationChapter 1 MPLS L3 VPN Configuration
Chapter 2 MPLS L3 VPN Configuration ExampleChapter 2 MPLS L3 VPN Configuration Example
Chapter 3 MPLS L3 VPN DebuggingChapter 3 MPLS L3 VPN Debugging
Chapter 4 MPLS L3 VPN TroubleshootingChapter 4 MPLS L3 VPN Troubleshooting
HUAWEI TECHNOLOGIES CO., LTD. Page 16All rights reserved
[NE80]display bgp vpnv4 all peer
Peer AS-number Ver Queued-Tx Msg-Rx Msg-Tx Up/Down State
40.0.0.8 100 4 0 1 0 100h48m Established
Display VPN address information from BGP table
� display bgp [ vpnv4 { all | route-distinguisher rd-value | vpn-
instance vpn-instance-name } ] peer
Check the
state
9
HUAWEI TECHNOLOGIES CO., LTD. Page 17All rights reserved
Display the IP routing table of vpn-instance
� display ip routing-table vpn-instance vpn-instance-name
[ verbose ]
[NE80] display ip routing-table vpn-instance vpn-instance1
Routing Table: vpn-instance1 RD: 1233:11Destination/Mask Proto Pre Metric Nexthop Interface
192.1.1.0/24 Direct 0 0 192.1.1.1 GigabitEthernet1/0/0
192.1.1.1/32 Direct 0 0 127.0.0.1 InLoopBack0
192.1.1.255/32 Direct 0 0 127.0.0.1 InLoopBack0
VPN instance name
HUAWEI TECHNOLOGIES CO., LTD. Page 18All rights reserved
Chapter 1 MPLS L3 VPN ConfigurationChapter 1 MPLS L3 VPN Configuration
Chapter 2 MPLS L3 VPN Configuration ExampleChapter 2 MPLS L3 VPN Configuration Example
Chapter 3 MPLS L3 VPN DebuggingChapter 3 MPLS L3 VPN Debugging
Chapter 4 MPLS L3 VPN TroubleshootingChapter 4 MPLS L3 VPN Troubleshooting
10
HUAWEI TECHNOLOGIES CO., LTD. Page 19All rights reserved
MPLS/VPN Trouble-shooting
� MPLS/VPN message forwarding is based on LSP, and LSP is attached to the
route, so you should locate the fault in this way: check route first and then label;
check private network first and then public network.
Check private
network routeYCheck private
network labelYCheck public
network labelYN Check BGP
neighbourhoodN Check public
network route
Check MBGP and the opposite
end PE-CE routing protocol
configuration
N Check public
network IGP configuration
Check LDP
neighbourY N Check MPLS
configuration
Y YN Check BGP
configurationNN Y YYYDial 800 hotline for help
HUAWEI TECHNOLOGIES CO., LTD. Page 20All rights reserved
MPLS/VPN Trouble-shooting
� Check private network route:
� Check the VRF of the PE routers of two ends respectively to check whether
there is a VRF route of the opposite end.
� Command display ip routing-table vpn-instance
� Check BGP neighborhood:
� Whether neighbor state machine is in Established state
� Command: display bgp vpnv4 all peer
� Check public network route:
� Does every device in public network LSP path have an accurate route of the
opposite end PE loopback address? (It must be a 32-bit mask)
� Check the IGP configuration of the public network:
� Whether the route of PE loopback address is released via IGP
Check private
network routeY N Check BGP
neighbourhoodN Check public
network route N Check public
network IGP
configurationY Y
11
HUAWEI TECHNOLOGIES CO., LTD. Page 21All rights reserved
MPLS/VPN Trouble-shooting
� Check private network label:
�Check whether the private network label of the local PE router is distributed by the opposite PE?
� Check MBGP and the opposite end PE-CE routing protocol configuration
�For every VRF, should the VRF route be released into BGP?
�Whether to enable ordinary neighbors to transmit vpnv4 route?
� Check BGP configuration:
�Check whether the ordinary BGP configures BGP neighbors correctly?
Check private
network labelCheck MBGP and the opposite end
PE-CE routing protocol
configuration
Check BGP
configurationN N
HUAWEI TECHNOLOGIES CO., LTD. Page 22All rights reserved
MPLS/VPN Trouble-shooting
� Check public network label:
� Check whether every device in LSP is distributed by the two PE loopback addresses Public network label, related commands: display mpls lsp brief
� Check whether the in-label of every device is the out-label of its next-hop?
� Check LDP neighbors:
� Check whether LDP session is correctly established between two adjacent PE or P routers.
� Related command: display mpls ldp session
� Session State: Operational
� Check MPLS configuration
� Check whether the device enables MPLS globally and enables LDP at corresponding interface.
� Global command:
� mpls lsr-id 10.5.80.250
� mpls ldp
� Start LDP Session at interface
� interface Ethernet4/1/0
� mpls ldp enable
Check public
network labelCheck LDP
neighbors N Check MPLS
configurationN
12
HUAWEI TECHNOLOGIES CO., LTD. Page 23All rights reserved
� This chapter describes the configuration, debugging
and troubleshooting of MPLS VPN (L3).
SummarySummary
www.huawei.com
Thank You