Example for Configuring an Inter-AS NG MVPN in Option C

After establishing a multi-hop MP-EBGP peer relationship between PEs of different ASs, you can implement the inter-AS NG MVPN Option C solution.

Networking Requirements

As shown in the Figure 1, CE1 and CE2 are in the same VPN. CE accesses the network through PE1 in AS 100. CE2 accesses the network through PE2 in AS 200.

Figure 1 Networking for configuring inter-AS NG MVPN in option C mode

Interfaces 1 and 2 in this example represent GE 0/1/1 and GE 0/1/2, respectively.


Configuration Roadmap

The configuration roadmap is as follows:

  1. Set up an MP-EBGP peer relationship between PEs in different ASs and configure the maximum number of hops between PEs.

  2. Configure a routing policy on ASBRs, so that each ASBR assigns MPLS labels to the loopback routes received from the PE in the local AS before advertising the routes to the remote ASBR and assigns new MPLS labels to the routes advertised to the PE in the local AS if they are labeled IPv4 routes.

  3. Configure the PE and ASBR in the same AS to exchange labeled IPv4 routes.

  4. Configure the ASBRs to exchange labeled IPv4 routes.

  5. Configure NG MVPN.

Data Preparation

To complete the configuration, you need the following data:

  • MPLS LSR IDs of PEs and ASBRs (1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4)

  • VPN instance names (ng), RDs (1:3 and 192.168.122.15:1), and VPN targets of VPN instances (1:1)

  • Routing policies used by ASBRs.

Procedure

  1. Configure an IGP on the MPLS backbone network in AS100 and AS200, so that the PE and ASBR in the same AS can communicate.

    This example uses IS-IS as the IGP.

  2. Configure MPLS and MPLS LDP both globally and per interface on each node of the MPLS backbone networks in AS100 and AS200 and set up LDP LSPs.

    For configuration details, see Configuration Files in this section.

  3. Configure automatic mLDP P2MP tunnels on PEs and ASBRs.

    # Configure PE1.

    [~PE1] mpls ldp
[~PE1-mpls-ldp] mldp p2mp
[*PE1-mpls-ldp] commit
[~PE1-mpls-ldp] quit

    # Configure PE2.

    [~PE2] mpls ldp
[~PE2-mpls-ldp] mldp p2mp
[*PE2-mpls-ldp] mldp recursive-fec
[*PE2-mpls-ldp] commit
[~PE2-mpls-ldp] quit

    # Configure ASBR1.

    [~ASBR1] mpls ldp
[~ASBR1-mpls-ldp] mldp p2mp
[*ASBR1-mpls-ldp] mldp recursive-fec
[*ASBR1-mpls-ldp] commit
[~ASBR1-mpls-ldp] quit

    The configuration of ASBR2 is similar to the configuration of ASBR1. For configuration details, see Configuration Files in this section.

  4. Set up an MP-IBGP peer relationship between the PE and ASBR in the same AS.

    For configuration details, see Configuration Files in this section.

  5. Configure VPN instances on PEs.

    For configuration details, see Configuration Files in this section.

    The import VPN target configured on PE1 must be the same as the export VPN target configured on PE2; the export VPN target configured on PE1 must be the same as the import VPN target configured on PE2.

  6. Configure the function to exchange labeled IPv4 routes.

    # Configure PE1 to exchange labeled IPv4 routes with ASBR1.

    [~PE1] bgp 100
[~PE1-bgp] ipv4-family unicast
[~PE1-bgp-af-ipv4] peer 2.2.2.2 enable
[*PE1-bgp-af-ipv4] peer 2.2.2.2 label-route-capability
[*PE1-bgp-af-ipv4] undo synchronization
[*PE1-bgp-af-ipv4] commit
[~PE1-bgp-af-ipv4] quit

    # Enable MPLS on GE 0/1/2 that connects ASBR1 to ASBR2.

    [~ASBR1] interface GigabitEthernet0/1/2
[~ASBR1-GigabitEthernet0/1/2] ip address 10.1.3.1 24
[*ASBR1-GigabitEthernet0/1/2] mpls
[*ASBR1-GigabitEthernet0/1/2] mpls ldp
[*ASBR1-GigabitEthernet0/1/2] quit
[*ASBR1] commit

    # Configure routing policies on ASBR1.

    [~ASBR1] route-policy policy1 permit node 1
[*ASBR1-route-policy] apply mpls-label
[*ASBR1-route-policy] quit
[*ASBR1] route-policy policy2 permit node 1
[*ASBR1-route-policy] if-match mpls-label
[*ASBR1-route-policy] apply mpls-label
[*ASBR1-route-policy] quit
[*ASBR1] commit

    # Apply the routing policies to the routes advertised to PE1 and enable ASBR1 to exchange label IPv4 routes with PE1.

    [~ASBR1] bgp 100
[~ASBR1-bgp] ipv4-family unicast
[~ASBR1-bgp-af-ipv4] peer 1.1.1.1 enable
[*ASBR1-bgp-af-ipv4] peer 1.1.1.1 route-policy policy2 export
[*ASBR1-bgp-af-ipv4] peer 1.1.1.1 label-route-capability
[*ASBR1-bgp-af-ipv4] quit

    # Apply the routing policies to the routes advertised to ASBR2 and enable ASBR1 to exchange label IPv4 routes with ASBR2.

    [*ASBR1-bgp] peer 10.1.3.2 as-number 200
[*ASBR1-bgp] ipv4-family unicast
[*ASBR1-bgp-af-ipv4] peer 10.1.3.2 enable
[*ASBR1-bgp-af-ipv4] peer 10.1.3.2 route-policy policy1 export
[*ASBR1-bgp-af-ipv4] peer 10.1.3.2 label-route-capability
[*ASBR1-bgp-af-ipv4] quit

    # Configure ASBR1 to advertise the loopback routes of PE1 to ASBR2, and then to PE2.

    [*ASBR1-bgp] ipv4-family unicast
[*ASBR1-bgp-af-ipv4] network 1.1.1.1 255.255.255.255
[*ASBR1-bgp-af-ipv4] quit
[*ASBR1-bgp] quit
[*ASBR1] commit

    The configurations of PE2 and ASBR2 are similar to the configurations of PE1 and ASBR1 respectively. For configuration details, see Configuration Files in this section.

  7. Establish an MP-EBGP peer relationship between PE1 and PE2, and configure them to filter received VPNv4 routes based on VPN targets.

    # Configure PE1.

    [~PE1] bgp 100
[*PE1-bgp] peer 4.4.4.4 as-number 200
[*PE1-bgp] peer 4.4.4.4 connect-interface LoopBack0
[*PE1-bgp] peer 4.4.4.4 ebgp-max-hop 10
[*PE1-bgp] undo peer 4.4.4.4 enable
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 4.4.4.4 enable
[*PE1-bgp-af-vpnv4] policy vpn-target
[*PE1-bgp-af-vpnv4] quit
[*PE1-bgp] quit
[*PE1] commit

    # Configure PE2.

    [~PE2] bgp 200
[*PE2-bgp] peer 1.1.1.1 as-number 100
[*PE2-bgp] peer 1.1.1.1 connect-interface LoopBack0
[*PE2-bgp] peer 1.1.1.1 ebgp-max-hop 10
[*PE2-bgp] undo peer 1.1.1.1 enable
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[*PE2-bgp-af-vpnv4] policy vpn-target
[*PE2-bgp-af-vpnv4] quit
[*PE2-bgp] quit
[*PE2] commit

  8. Configure a unicast peer and a BGP MVPN peer relationship.

    # Configure CE1.

    [~CE1] bgp 65003
[~CE1-bgp] ipv4-family unicast
[~CE1-bgp-af-ipv4] undo synchronization
[*CE1-bgp-af-ipv4] import-route direct
[*CE1-bgp-af-ipv4] peer 192.168.1.2 enable
[*CE1-bgp-af-ipv4] commit
[~CE1-bgp-af-ipv4] quit
[~CE1-bgp] quit

    The configuration of CE2 is similar to the configuration of CE1. For configuration details, see Configuration Files in this section.

    # Configure PE1.

    [~PE1] bgp 100
[~PE1-bgp] ipv4-family unicast
[~PE1-bgp-af-ipv4] undo synchronization
[*PE1-bgp-af-ipv4] peer 4.4.4.4 enable
[*PE1-bgp-af-ipv4] commit
[~PE1-bgp-af-ipv4] quit
[~PE1-bgp] ipv4-family vpn-instance ng
[~PE1-bgp-af-vpn-ng] import-route direct
[*PE1-bgp-af-vpn-ng] peer 192.168.1.1 as-number 65003
[*PE1-bgp-af-vpn-ng] commit
[~PE1-bgp-af-vpn-ng] quit
[~PE1-bgp] ipv4-family mvpn
[~PE1-bgp-af-mvpn] policy vpn-target
[*PE1-bgp-af-mvpn] peer 4.4.4.4 enable
[*PE1-bgp-af-mvpn] commit
[~PE1-bgp-af-mvpn] quit
[~PE1-bgp] quit

    The configuration of PE2 is similar to the configuration of PE1. For configuration details, see Configuration Files in this section.

  9. Configure P2MP LSPs to carry multicast traffic on PEs.

    # On PE1, configure PE1 as a sender PE.

    [~PE1] multicast mvpn 1.1.1.1
[~PE1] ip vpn-instance ng
[~PE1-vpn-instance-ng] ipv4-family
[~PE1-vpn-instance-ng-af-ipv4] multicast routing-enable
[*PE1-vpn-instance-ng-af-ipv4] mvpn
[*PE1-vpn-instance-ng-af-ipv4-mvpn] sender-enable
[*PE1-vpn-instance-ng-af-ipv4-mvpn] c-multicast signaling bgp
[*PE1-vpn-instance-ng-af-ipv4-mvpn] auto-discovery inter-as
[*PE1-vpn-instance-ng-af-ipv4-mvpn] spt-only mode
[*PE1-vpn-instance-ng-af-ipv4-mvpn] ipmsi-tunnel
[*PE1-vpn-instance-ng-af-ipv4-mvpn-ipmsi] mldp
[*PE1-vpn-instance-ng-af-ipv4-mvpn-ipmsi] commit
[~PE1-vpn-instance-ng-af-ipv4-mvpn-ipmsi] quit
[~PE1-vpn-instance-ng-af-ipv4-mvpn] quit
[~PE1-vpn-instance-ng-af-ipv4] quit
[~PE1-vpn-instance-ng] quit

    # On PE2, configure PE2 as a receiver PE.

    [~PE2] multicast mvpn 4.4.4.4
[~PE2] ip vpn-instance ng
[~PE2-vpn-instance-ng] ipv4-family
[~PE2-vpn-instance-ng-af-ipv4] multicast routing-enable
[~PE2-vpn-instance-ng-af-ipv4] mvpn
[*PE2-vpn-instance-ng-af-ipv4-mvpn] c-multicast signaling bgp
[*PE2-vpn-instance-ng-af-ipv4-mvpn] auto-discovery inter-as
[*PE2-vpn-instance-ng-af-ipv4-mvpn] spt-only mode
[*PE2-vpn-instance-ng-af-ipv4-mvpn] ipmsi-tunnel
[*PE2-vpn-instance-ng-af-ipv4-mvpn-ipmsi] commit
[~PE2-vpn-instance-ng-af-ipv4-mvpn-ipmsi] quit
[~PE2-vpn-instance-ng-af-ipv4-mvpn] quit
[~PE2-vpn-instance-ng-af-ipv4] quit
[~PE2-vpn-instance-ng] quit

  10. Configure PIM.

    # Configure CE1.

    [~CE1] pim
[~CE1-pim] static-rp 192.168.3.1
[*CE1-pim] commit
[~CE1-pim] quit
[~CE1] multicast routing-enable
[*CE1] interface GigabitEthernet0/1/1
[*CE1-GigabitEthernet0/1/1] pim sm
[*CE1-GigabitEthernet0/1/1] commit
[~CE1-GigabitEthernet0/1/1] quit
[~CE1] interface GigabitEthernet0/1/2
[~CE1-GigabitEthernet0/1/2] pim sm
[*CE1-GigabitEthernet0/1/2] commit
[~CE1-GigabitEthernet0/1/2] quit

    # Configure CE2.

    [~CE2] pim
[~CE2-pim] static-rp 192.168.3.1
[*CE2-pim] commit
[~CE2-pim] quit
[~CE2] multicast routing-enable
[*CE2] interface GigabitEthernet0/1/1
[*CE2-GigabitEthernet0/1/1] pim sm
[*CE2-GigabitEthernet0/1/1] igmp enable
[*CE2-GigabitEthernet0/1/1] commit
[~CE2-GigabitEthernet0/1/1] quit
[~CE2] interface GigabitEthernet0/1/2
[~CE1-GigabitEthernet0/1/2] pim sm
[*CE1-GigabitEthernet0/1/2] commit
[~CE1-GigabitEthernet0/1/2] quit

    # Configure PE1.

    [~PE1] pim vpn-instance ng
[*PE1-pim-ng] static-rp 192.168.3.1
[*PE1-pim-ng] commit
[~PE1-pim-ng] quit
[~PE1] interface GigabitEthernet0/1/2
[~PE1-GigabitEthernet0/1/2] pim sm
[*PE1-GigabitEthernet0/1/2] commit
[~PE1-GigabitEthernet0/1/2] quit

    The configuration of PE2 is similar to the configuration of PE1. For configuration details, see Configuration Files in this section.

  11. Verify the configuration.

    After the configurations are complete, the CEs can learn routes to each other's interface and can ping through each other.

    The following example uses the command output on CE1.

    [~CE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Tables Public
         Destinations : 8        Routes : 8
Destination/Mask    Proto  Pre  Cost       Flags  NextHop         Interface
       192.168.1.0/24  Direct 0    0              D  192.168.1.1        GigabitEthernet0/1/1
       192.168.1.1/32  Direct 0    0              D  127.0.0.1       GigabitEthernet0/1/1
     192.168.1.255/32  Direct 0    0              D  127.0.0.1       GigabitEthernet0/1/1
     192.168.2.0/24  EBGP   255  0              D  192.168.1.2        GigabitEthernet0/1/1
      127.0.0.0/8   Direct 0    0              D  127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct 0    0              D  127.0.0.1       InLoopBack0
127.255.255.255/32  Direct 0    0              D  127.0.0.1       InLoopBack0
255.255.255.255/32  Direct 0    0              D  127.0.0.1       InLoopBack0
[~CE1] ping 192.168.2.2
  PING 192.168.2.2: 56  data bytes, press CTRL_C to break
    Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=252 time=102 ms
    Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=252 time=89 ms
    Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=252 time=106 ms
    Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=252 time=104 ms
    Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=252 time=56 ms
  --- 192.168.2.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 56/91/106 ms

    ASBRs do not have VPNv4 routes. Run the display bgp routing-table label command on an ASBR. The command output shows the label information of the routes.

    The following example uses the command output on ASBR1.

    [~ASBR1] display bgp routing-table label
Total Number of Routes: 2
 BGP Local router ID is 2.2.2.2
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete
 RPKI validation codes: V - valid, I - invalid, N - not-found
        Network           NextHop           In/Out Label
 *>    1.1.1.1           10.1.2.1          15360/NULL
 *>    4.4.4.4           10.1.3.2          15361/15361

Configuration Files

  • CE1 configuration file

    #
sysname CE1
#
multicast routing-enable
#
interface GigabitEthernet0/1/2
 undo shutdown
 ip address 192.168.3.1 255.255.255.0
 pim sm
#
interface GigabitEthernet0/1/1
 undo shutdown
 ip address 192.168.1.1 255.255.255.0
 pim sm
#
bgp 65003
 peer 192.168.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 192.168.1.2 enable
pim
 static-rp 192.168.3.1
#
return

  • PE1 configuration file

    #
sysname PE1
#
multicast mvpn 1.1.1.1
#
ip vpn-instance ng
 ipv4-family
  route-distinguisher 1:3
  apply-label per-instance
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
  multicast routing-enable
  mvpn
   sender-enable
   c-multicast signaling bgp
   spt-only mode
   auto-discovery inter-as
   ipmsi-tunnel
    mldp
#
mpls lsr-id 1.1.1.1
#
mpls
#
mpls ldp
 mldp p2mp 
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 10.0000.0000.000b.00
#
interface GigabitEthernet0/1/2
 undo shutdown
 ip binding vpn-instance ng
 ip address 192.168.1.2 255.255.255.0
 pim sm
#
interface GigabitEthernet0/1/1
 undo shutdown
 ip address 10.1.2.1 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
 isis enable 1
#
bgp 100
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack0
 peer 4.4.4.4 as-number 200
 peer 4.4.4.4 ebgp-max-hop 10
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 2.2.2.2 label-route-capability
  peer 4.4.4.4 enable
 #
 ipv4-family mvpn
  policy vpn-target
  peer 4.4.4.4 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 4.4.4.4 enable
 #
 ipv4-family vpn-instance ng
  import-route direct
  peer 192.168.1.1 as-number 65003
#
pim vpn-instance ng
 static-rp 192.168.3.1
#
return

  • ASBR1 configuration file

    #
sysname ASBR1
#
mpls lsr-id 2.2.2.2
#
mpls
#
mpls ldp
 mldp p2mp
 mldp recursive-fec
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 10.0000.0000.000c.00
#
interface GigabitEthernet0/1/2
 undo shutdown
 ip address 10.1.3.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet0/1/1
 undo shutdown
 ip address 10.1.2.2 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255
 isis enable 1
#
bgp 100
 peer 10.1.3.2 as-number 200
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 1.1.1.1 255.255.255.255
  peer 10.1.3.2 enable
  peer 10.1.3.2 route-policy policy1 export
  peer 10.1.3.2 label-route-capability
  peer 1.1.1.1 enable
  peer 1.1.1.1 route-policy policy2 export
  peer 1.1.1.1 label-route-capability
#
route-policy policy1 permit node 1
 apply mpls-label
route-policy policy2 permit node 1
 if-match mpls-label
 apply mpls-label
#
ip route-static 3.3.3.3 255.255.255.255 10.1.3.2
#
return

  • ASBR2 configuration file

    #
sysname ASBR2
#
mpls lsr-id 3.3.3.3
#
mpls
#
mpls ldp
 mldp p2mp
 mldp recursive-fec
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 10.0000.0000.000d.00
#
interface GigabitEthernet0/1/2
 undo shutdown
 ip address 10.1.3.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet0/1/1
 undo shutdown
 ip address 10.1.4.1 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
 isis enable 1
#
bgp 200
 peer 10.1.3.1 as-number 100
 peer 4.4.4.4 as-number 200
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 4.4.4.4 255.255.255.255
  peer 10.1.3.1 enable
  peer 10.1.3.1 route-policy policy1 export
  peer 10.1.3.1 label-route-capability
  undo peer 4.4.4.4 enable
  peer 4.4.4.4 route-policy policy2 export
  peer 4.4.4.4 label-route-capability
#
route-policy policy1 permit node 1
 apply mpls-label
route-policy policy2 permit node 1
 if-match mpls-label
 apply mpls-label
#
ip route-static 2.2.2.2 255.255.255.255 10.1.3.1
#
return

  • PE2 configuration file

    #
sysname PE2
#
multicast mvpn 4.4.4.4
#
ip vpn-instance ng
 ipv4-family
  route-distinguisher 192.168.122.15:1
  apply-label per-instance
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
  multicast routing-enable
  mvpn
   c-multicast signaling bgp
   spt-only mode
   auto-discovery inter-as
   ipmsi-tunnel
    mldp
#
mpls lsr-id 2.2.2.2
#
mpls
#
mpls ldp
 mldp p2mp
 mldp recursive-fec
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 10.0000.0000.000e.00
#
interface GigabitEthernet0/1/1
 undo shutdown
 ip address 10.1.4.2 255.255.255.0
 isis enable 1
 mpls
 mpls ldp
#
interface GigabitEthernet0/1/2
 undo shutdown
 ip binding vpn-instance ng
 ip address 192.168.2.1 255.255.255.0
 pim sm
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255
 isis enable 1
#
bgp 200
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 ebgp-max-hop 10
 peer 1.1.1.1 connect-interface LoopBack0
 peer 3.3.3.3 as-number 200
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  undo peer 1.1.1.1 enable
  peer 3.3.3.3 enable
  peer 3.3.3.3 label-route-capability
 #
 ipv4-family mvpn
  policy vpn-target
  peer 1.1.1.1 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.1 enable
 #
 ipv4-family vpn-instance ng
  import-route direct
  peer 192.168.2.2 as-number 65004
#
pim vpn-instance ng
 static-rp 192.168.3.1

  • CE2 configuration file

    #
sysname CE2
#
multicast routing-enable
#
interface GigabitEthernet0/1/2
 undo shutdown
 ip address 192.168.4.1 255.255.255.0
 pim sm
 igmp enable
#
interface GigabitEthernet0/1/1
 undo shutdown
 ip address 192.168.2.2 255.255.255.0
 pim sm
#
bgp 65004
 peer 192.168.2.1 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 192.168.2.1 enable
#
pim
 static-rp 192.168.3.1
#
return
Parent Topic: Configuration Examples for NG MVPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >