Example for Configuring a Local CCC to Access an L3VPN
A local Circuit Cross Connect (CCC) can be configured to access an L3VPN through a VE-Group.
Networking Requirements
As shown in Figure 1, the local CCC that is configured on PE1 accesses the L3VPN between PE1 and PE2.
Configuration Roadmap
The configuration roadmap is as follows:
Assign an IP address to each interface.
- Configure public network routes between PE1 and PE2 and advertise IP addresses of loopback interfaces.
- Enable MPLS and MPLS LDP on PE1 and PE2, and enable MPLS L2VPN on PE1.
- Configure a local CCC on PE1.
- Configure an L3VPN on PE1 and PE2.
Data Preparation
To complete the configuration, you need the following data:
- VE-Group ID
- IP addresses of the interfaces
Procedure
- Assign an IP address to each interface. Configuration details are not mentioned here. For details, please check Configuration Files.
- Configure public network routes between PE1 and PE2 and advertise IP addresses of loopback interfaces. IS-IS is adopted here, and configuration details are not mentioned. For details, please check Configuration Files.
- Enable MPLS and MPLS LDP on PE1 and PE2, and enable MPLS L2VPN on PE1. Configuration details are not mentioned here. For details, please check Configuration Files.
- Configure a local CCC on PE1.
- Configure an L2VE interface and an L3VE interface on PE1, and add these interfaces to the VE-Group.
[~PE1] interface virtual-ethernet0/1/0 [*PE1-Virtual-Ethernet0/1/0] ve-group 1 l2-terminate [*PE1-Virtual-Ethernet0/1/0] quit [*PE1] interface virtual-ethernet0/1/1 [*PE1-Virtual-Ethernet0/1/1] ve-group 1 l3-access [*PE1-Virtual-Ethernet0/1/1] quit [*PE1] commit
This example uses Virtual-Ethernet interface to configure L2VPN accessing L3VPN. As a VE interface is bound to only one board, when the board is faulty, services are interrupted. To improve service reliability, create two global virtual interfaces: Global-VE1 and Global-VE2. Global-VE1 is configured as an L2VE interface to terminate L2 services, and the Global-VE2 is configured as an L3VE interface to access an L3 network. Other configurations remain unchanged
- Configure an L2VE interface and an L3VE interface on PE1, and add these interfaces to the VE-Group.
- Configure an L3VPN on PE1 and PE2.
- Verify the configuration. CE1 and CE2 can ping each other successfully. Take CE1 as an example.
<CE1> ping 10.10.2.1 PING 10.10.2.1: 56 data bytes, press CTRL_C to break Reply from 10.10.2.1: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 10.10.2.1: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 10.10.2.1: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 10.10.2.1: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 10.10.2.1: bytes=56 Sequence=5 ttl=255 time=60 ms --- 10.10.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/76/180 ms
Configuration Files
Configuration file of CE1
# sysname CE1 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.1.1.1 255.255.255.0 # bgp 65010 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # returnConfiguration file of PE1
# sysname PE1 # ip vpn-instance VPN1 ipv4-family route-distinguisher 200:1 apply-label per-instance vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # mpls ldp isis 1 network-entity 10.0000.0000.0004.00 # interface GigabitEthernet0/1/1 undo shutdown ip address 10.10.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/1/0 undo shutdown # interface Virtual-Ethernet0/1/0 ve-group 1 l2-terminate # interface Virtual-Ethernet0/1/0.1 vlan-type dot1q 100 # interface Virtual-Ethernet0/1/1 ve-group 1 l3-access # interface Virtual-Ethernet0/1/1.1 vlan-type dot1q 100 ip binding vpn-instance VPN1 ip address 10.1.1.2 255.255.255.0 # ccc ccc-ve interface GigabitEthernet0/1/0 out-interface Virtual-Ethernet0/1/0.1 # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable # ipv4-family vpn-instance VPN1 import-route direct peer 10.1.1.1 as-number 65010 # return
Configuration file of PE2
# sysname PE2 # ip vpn-instance VPN1 ipv4-family route-distinguisher 200:1 apply-label per-instance vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 2.2.2.2 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface GigabitEthernet0/1/1 undo shutdown ip binding vpn-instance VPN1 ip address 10.10.2.2 255.255.255.0 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.10.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 isis enable 1 # bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.4 enable # ipv4-family vpn-instance VPN1 import-route direct peer 10.10.2.1 as-number 65020 # return
Configuration file of CE2
# sysname CE2 # interface GigabitEthernet0/1/0 undo shutdown ip address 10.10.2.1 255.255.255.0 # bgp 65020 peer 10.10.2.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.10.2.2 enable # return