of 26
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.

HP 5500 HI Switch Series

Category:

Automobiles

Publish on:

Views: 53 | Pages: 26

Extension: PDF | Download: 0

Share
Description
HP 5500 HI Switch Series MPLS Configuration Guide Part number: Software version: Release 5203 and Release 5206 Document version: 6W Legal and notice information Copyright 2014 Hewlett-Packard
Transcript
HP 5500 HI Switch Series MPLS Configuration Guide Part number: Software version: Release 5203 and Release 5206 Document version: 6W Legal and notice information Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Contents Configuring MCE 1 MCE overview 1 MPLS L3VPN overview 1 MPLS L3VPN concepts 2 Multi-VPN-instance CE 4 How MCE works 5 Using MCE in tunneling applications 5 Configuring routing on an MCE 6 Route exchange between an MCE and a VPN site 6 Route exchange between an MCE and a PE 8 Configuring an MCE 8 Configuring VPN instances 8 Configuring routing on an MCE 10 Configuration prerequisites 10 Configuring routing between MCE and VPN site 11 Configuring routing between MCE and PE 16 Resetting BGP connections 20 Displaying and maintaining MCE 21 MCE configuration examples 22 Using OSPF to advertise VPN routes to the PE 22 Using BGP to advertise VPN routes to the PE 27 Using tunnels to advertise VPN routes 30 Configuring IPv6 MCE 37 Overview 37 Configuring an IPv6 MCE 37 Configuring VPN instances 37 Configuring routing on an IPv6 MCE 39 Configuration prerequisites 39 Configuring routing between IPv6 MCE and VPN site 39 Configuring routing between IPv6 MCE and PE 43 Resetting BGP connections 46 Displaying information about IPv6 MCE 46 IPv6 MCE configuration examples 47 Using IPv6 ISIS to advertise VPN routes to the PE 47 Configuring basic MPLS 53 MPLS overview 53 Basic concepts 53 MPLS network structure 55 LSP establishment and label distribution 55 MPLS forwarding 58 LDP 59 Protocols 61 MPLS configuration task list 61 Enabling the MPLS function 62 Configuring a static LSP 63 Establishing dynamic LSPs through LDP 64 Configuring MPLS LDP capability 64 Configuring local LDP session parameters 65 i Configuring remote LDP session parameters 65 Configuring PHP 66 Configuring the policy for triggering LSP establishment 67 Configuring the label distribution control mode 67 Configuring LDP loop detection 68 Configuring LDP MD5 authentication 69 Configuring LDP label filtering 69 Configuring DSCP for outgoing LDP packets 71 Maintaining LDP sessions 71 Configuring BFD for MPLS LDP 71 Resetting LDP sessions 72 Managing and optimizing MPLS forwarding 72 Configuring TTL processing mode at ingress 72 Sending back ICMP TTL exceeded messages for MPLS TTL expired packets 73 Configuring LDP GR 74 Setting MPLS statistics reading interval 76 Inspecting LSPs 76 Configuring MPLS LSP ping 77 Configuring MPLS LSP tracert 77 Configuring BFD for LSPs 78 Configuring periodic LSP tracert 79 Enabling MPLS trap 80 Displaying and maintaining MPLS 80 Displaying MPLS operation 80 Displaying MPLS LDP operation 81 Clearing MPLS statistics 82 MPLS configuration examples 82 Configuring static LSPs 82 Configuring LDP to establish LSPs dynamically 85 Configuring BFD for LSPs 89 Configuring MPLS TE 91 Overview 91 Basic concepts of MPLS TE 92 MPLS TE implementation 92 CR-LSP 93 RSVP-TE 94 Traffic forwarding 98 CR-LSP backup 99 FRR 99 PS for an MPLS TE tunnel 101 Protocols and standards 101 MPLS TE configuration task list 102 Configuring basic MPLS TE 102 Creating an MPLS TE Tunnel over a static CR-LSP 103 Configuration prerequisites 103 Configuration procedure 103 Creating an MPLS TE tunnel with a dynamic signaling protocol 104 Configuration prerequisites 104 Configuration procedure 105 Configuring RSVP-TE advanced features 108 Configuring RSVP reservation style 108 Configuring RSVP state timers 109 Configuring the RSVP refresh mechanism 109 Configuring the RSVP hello extension 110 ii Configuring RSVP-TE resource reservation confirmation 110 Configuring RSVP authentication 111 Configuring DSCP for outgoing RSVP packets 111 Configuring RSVP-TE GR 111 Tuning CR-LSP setup 112 Configuring route pinning 112 Configuring administrative group and affinity attribute 112 Configuring CR-LSP reoptimization 113 Tuning MPLS TE tunnel setup 114 Configuring loop detection 114 Configuring route and label recording 114 Configuring tunnel setup retry 114 Assigning priorities to a tunnel 115 Configuring traffic forwarding 115 Forwarding traffic along MPLS TE tunnels using static routes 115 Forwarding traffic along MPLS TE tunnels through automatic route advertisement 116 Configuring traffic forwarding tuning parameters 117 Configuring the failed link timer 117 Specifying the link metric type for tunnel path calculation 118 Configuring the traffic flow type of a tunnel 118 Configuring CR-LSP backup 119 Configuring FRR 119 Configuration prerequisites 119 Enabling FRR on the headend of a primary LSP 120 Configuring a bypass tunnel on its PLR 120 Configuring node protection 121 Configuring the FRR polling timer 121 Inspecting an MPLS TE tunnel 122 MPLS LSP ping 122 MPLS LSP tracert 122 Configuring BFD for an MPLS TE Tunnel 122 Configuring periodic LSP tracert for an MPLS TE tunnel 124 Configuring protection switching 125 Displaying and maintaining MPLS TE 125 MPLS TE configuration examples 128 MPLS TE using static CR-LSP configuration example 128 MPLS TE using RSVP-TE configuration example 132 RSVP-TE GR configuration example 138 MPLS RSVP-TE and BFD cooperation configuration example 140 CR-LSP backup configuration example 142 FRR configuration example 146 MPLS TE in MPLS L3VPN configuration example 154 Troubleshooting MPLS TE 162 Configuring VPLS 163 VPLS overview 163 Basic VPLS concepts 163 PW establishment 164 MAC address learning and flooding 165 VPLS loop avoidance 166 VPLS packet encapsulation 166 H-VPLS implementation 167 VPLS configuration task list 169 Enabling L2VPN and MPLS L2VPN 169 Configuring LDP VPLS 169 iii Configuring an LDP VPLS instance 170 Configuring BGP VPLS 171 Configuring the BGP extension 171 Configuring a BGP VPLS instance 171 Resetting VPLS BGP connections 172 Binding a service instance with a VPLS instance 172 Configuring MAC address learning 173 Configuring MAC address move 173 Configuring VPLS instance attributes 173 Inspecting PWs 174 Displaying and maintaining VPLS 174 VPLS configuration examples 175 Binding service instances with VPLS instances 175 Configuring PW redundancy for H-VPLS access 180 Configuring BFD for the primary link in an H-VPLS network 184 Troubleshooting VPLS 189 Configuring MPLS L2VPN 190 MPLS L2VPN overview 190 Basic concepts of MPLS L2VPN 190 MPLS L2VPN network models 191 Remote connection operation 191 Implementation of MPLS L2VPN 193 VC types 198 MPLS L2VPN configuration task list 198 Configuring basic MPLS L2VPN 199 Configuring a PE-CE interface of a PE 199 Configuring Ethernet encapsulation 199 Configuring VLAN encapsulation 200 Configuring a remote CCC connection 200 Configuring SVC MPLS L2VPN 200 Configuring Martini MPLS L2VPN 201 Configuring the remote peer 202 Creating a Martini VC on a Layer 3 interface 202 Creating a Martini VC for a service instance 202 Inspecting VCs 204 Configuring Kompella MPLS L2VPN 204 Configuring BGP L2VPN capability 204 Creating and configuring an MPLS L2VPN 205 Creating a CE connection 205 Displaying and maintaining MPLS L2VPN 207 MPLS L2VPN configuration examples 208 Example for configuring a remote CCC connection 208 Example for configuring SVC MPLS L2VPN 212 Example for configuring Martini MPLS L2VPN 215 Example for configuring Kompella MPLS L2VPN 219 Example for configuring a VC for a service instance 222 Troubleshooting MPLS L2VPN 226 Configuring MPLS L3VPN 227 Overview 227 MPLS L3VPN concepts 228 MPLS L3VPN packet forwarding 230 MPLS L3VPN networking schemes 231 MPLS L3VPN routing information advertisement 234 iv Inter-AS VPN 235 Carrier's carrier 238 Nested VPN 240 HoVPN 242 OSPF VPN extension 244 BGP AS number substitution and SoO 246 MPLS L3VPN configuration task list 247 Configuring basic MPLS L3VPN 247 Configuration prerequisites 248 Configuring VPN instances 248 Configuring routing between PE and CE 252 Configuring routing between PEs 258 Configuring routing features for BGP VPNv4 subaddress family 258 Configuring inter-as VPN 261 Configuring inter-as option A 261 Configuring inter-as option B 262 Configuring inter-as option C 262 Configuring nested VPN 264 Configuring HoVPN 265 Configuring an OSPF sham link 266 Configuring a loopback interface 266 Redistributing the loopback interface route and OSPF routes into BGP 267 Creating a sham link 267 Configuring BGP AS number substitution and SoO 268 Resetting BGP connections 268 Displaying and maintaining MPLS L3VPN 269 MPLS L3VPN configuration examples 271 Configuring MPLS L3VPNs using EBGP between PE and CE 271 Configuring MPLS L3VPNs using IBGP between PE and CE 278 Configuring a hub-spoke network 286 Configuring inter-as option A 294 Configuring inter-as option B 299 Configuring inter-as option C 304 Configuring carrier's carrier 310 Configuring nested VPN 317 Configuring HoVPN 327 Configuring OSPF sham links 333 Configuring BGP AS number substitution 338 Configuring BGP AS number substitution and SoO 342 IPv6 MPLS L3VPN configuration 345 IPv6 MPLS L3VPN overview 345 IPv6 MPLS L3VPN packet forwarding 346 IPv6 MPLS L3VPN routing information advertisement 346 IPv6 MPLS L3VPN network schemes and functions 347 IPv6 MPLS L3VPN configuration task list 347 Configuring basic IPv6 MPLS L3VPN 347 Basic IPv6 MPLS L3VPN configuration task list 347 Configuration prerequisites 348 Configuring VPN instances 348 Configuring route related attributes for a VPN instance 349 Configuring routing between PE and CE 351 Configuring routing between PEs 354 Configuring routing features for the BGP-VPNv6 subaddress family 355 Configuring inter-as IPv6 VPN 356 v Configuration prerequisites 357 Configuring inter-as IPv6 VPN option A 357 Configuring inter-as IPv6 VPN option C 357 Resetting BGP connections 358 Displaying information about IPv6 MPLS L3VPN 359 IPv6 MPLS L3VPN configuration examples 360 Configuring IPv6 MPLS L3VPNs 360 Configuring inter-as IPv6 VPN option A 367 Configuring inter-as IPv6 VPN option C 372 Configuring carrier's carrier 379 Support and other resources 387 Contacting HP 387 Subscription service 387 Related information 387 Documents 387 Websites 387 Conventions 388 Index 390 vi Configuring MCE The term router in this document refers to both routers and Layer 3 switches. The term interface in this document refers to Layer 3 interfaces that include VLAN interfaces, Layer 3 Ethernet interfaces, and Layer 3 aggregate interfaces. You can set an Ethernet port as a Layer 3 Ethernet interface by using the port link-mode route command (see Layer 2 LAN Switching Configuration Guide). This chapter covers MCE related configuration. For information about routing protocols, see Layer 3 IP Services Configuration Guide. MCE overview MPLS L3VPN overview MPLS L3VPN is a type of PE-based L3VPN technology for service provider VPN solutions. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets on service provider backbones. MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE. The MPLS L3VPN model consists of the following types of devices: Customer edge (CE) device A CE resides on a customer network and has one or more interfaces directly connected with service provider networks. It can be a router, a switch, or a host. It can neither sense the existence of any VPN nor does it need to support MPLS. Provider edge (PE) device A PE resides on a service provider network and connects one or more CEs to the network. On an MPLS network, all VPN processing occurs on the PEs. Provider (P) device A P device is a core device on a service provider network. It is not directly connected with any CE. It only needs to be equipped with basic MPLS forwarding capability. 1 Figure 1 Network diagram for MPLS L3VPN model CEs and PEs mark the boundary between the service providers and the customers. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information. You can also configure static routes between them. After a PE learns the VPN routing information of a CE, it uses BGP to exchange VPN routing information with other PEs. A PE maintains routing information about only VPNs that are directly connected, rather than all VPN routing information on the provider network. A P router maintains only routes to PEs and does not deal with VPN routing information. When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs. MPLS L3VPN concepts Site Sites are often mentioned in the VPN. A site has the following features: A site is a group of IP systems with IP connectivity that does not rely on any service provider network to implement. The classification of a site depends on the topology relationship of the devices, rather than the geographical positions, though the devices at a site are, in most cases, adjacent to each other geographically. The devices at a site can belong to multiple VPNs. A site is connected to a provider network through one or more CEs. A site can contain many CEs, but a CE can belong to only one site. Sites connected to the same provider network can be classified into different sets by policies. Only the sites in the same set can access each other through the provider network. Such a set is called a VPN. 2 Address space overlapping VPN instance Each VPN independently manages the addresses it uses. The assembly of such addresses for a VPN is called an address space. The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on network segment /24, address space overlapping occurs. In MPLS VPN, routes of different VPNs are identified by VPN instance. A PE creates and maintains a separate VPN instance for each VPN at a directly connected site. Each VPN instance contains the VPN membership and routing rules of the corresponding site. If a user at a site belongs to multiple VPNs at the same time, the VPN instance of the site contains information about all of the VPNs. For independence and security of VPN data, each VPN instance on a PE maintains a relatively independent routing table and a separate label forwarding information base (LFIB). VPN instance information contains the following items: the LFIB, IP routing table, interfaces bound to the VPN instance, and administration information of the VPN instance. The administration information of the VPN instance includes the route distinguisher (RD), route filtering policy, and member interface list. VPN-IPv4 address Traditional BGP cannot process overlapping VPN routes. If, for example, both VPN 1 and VPN 2 use addresses on the segment /24 and each advertise a route to the segment, BGP selects only one of them, which results in the loss of the other route. PEs use MP-BGP to advertise VPN routes and use VPN-IPv4 address family to solve the problem with traditional BGP. A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 address prefix. Figure 2 VPN-IPv4 address structure When a PE receives an ordinary IPv4 route from a CE, it must advertise the VPN route to the peer PE. The uniqueness of a VPN route is implemented by adding an RD to the route. A service provider can independently assign RDs if the assigned RDs are unique. A PE can advertise different routes to VPNs even if the VPNs are from different service providers and are using the same IPv4 address space. Configure a distinct RD for each VPN instance on a PE, so that routes to the same CE use the same RD. The VPN-IPv4 address with an RD of 0 is a globally unique IPv4 address. By prefixing a distinct RD to a specific IPv4 address prefix, you get a globally unique VPN IPv4 address prefix. An RD can be related to an autonomous system (AS) number, in which case it is the combination of the AS number and a discretionary number; or it can be related to an IP address, in which case it is the combination of the IP address and a discretionary number. 3 An RD can be in one of the following formats distinguished by the Type field: When the value of the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number. For example, 100:1. When the value of the Type field is 1, the Administrator subfield occupies four bytes, the Assigned number subfield occupies two bytes, and the RD format is 32-bit IPv4 address:16-bit user-defined number. For example, :1. When the value of the Type field is 2, the Administrator subfield occupies four bytes, the Assigned number subfield occupies two bytes, and the RD format is 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is For example, 65536:1. To guarantee global uniqueness for an RD, do not set the Administrator subfield to any private AS number or private IP address. Route target attributes MPLS L3VPN uses the BGP extended community attributes called route target attributes to control the advertisement of VPN routing information. A VPN instance on a PE supports the following types of route target attributes: Export target attribute: A local PE sets this type of route target attribute for VPN-IPv4 routes learned from directly connected sites before advertising them to other PEs. Import target attribute: A PE checks the export target attribute of VPN-IPv4 routes advertised by other PEs. If the export target attribute matches the import target attribute of the VPN instance, the PE adds the routes to the VPN routing table. In other words, route target attributes define which sites can receive VPN-IPv4 routes, and from which sites that a PE can receive routes. Similar to RDs, route target attributes can be of the following formats: 16-bit AS number:32-bit user-defined number. For example, 100:1. 32-bit IPv4 address:16-bit user-defined number. For example, :1. 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is For example, 65536:1. Multi-VPN-instance CE Using tunnels, MPLS L3VPN implements private network data transmission over the public network. However, the traditional MPLS L3VPN architecture requires each VPN instance exclusively use a CE to connect with a PE, as shown in Figure 1. For better services and higher security, a private network is usually divided into multiple VPNs to isolate services. To meet these requirements, you can configure a CE for each VPN, which increases users device expenses and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same routing table, which sacrifices data security. Using the Multi-VPN-Instance CE (MCE) function of the switch, you can remove the contradiction of low cost and high security in multi-vpn networks. With MCE configured, a CE can bind each VPN in a network with a VLAN interface on the CE, and create and maintain a separate routing table (multi-vrf) for each VPN. This separates the forwarding paths of packet
Search Related
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks