Here we can find an example on how to configure the second carrier to provide BGP/MPLS IP VPN services when first carrier and the second carrier are in different ASs.
Networking Requirements
As shown in Figure 1, the Level 1 carrier and the Level 2 carrier are in different ASs. The Level 2 carrier provides BGP/MPLS IP VPN service for its customers.
Different from Example for Configuring Carrier’s Carrier in the Same AS, the Level 1 carrier and the Level 2 carrier in this example are in different ASs.
Configuration Roadmap
The configuration roadmap is as follows:
-
Configure the two types of routes exchange as follows:
-
The exchange of the internal route of the level 2 carrier on the backbone network of level 1 carrier: configure the level 2 carrier to access the level 1 carrier as the level 1 carrier’s CE.
-
The exchange of the external route of the level 2 carrier between the PE devices of the level 2 carrier: set up the MP-EBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier.
-
-
Configuring the labeled MP-EBGP between the PE of the level 1 carrier and the CE of the level 1 carrier that are located in different ASs
Data Preparation
To configure the inter-AS carrier’s carrier, you need the following data:
-
MPLS LSR ID of the PE of the level 1 carrier, MPLS LSR ID of the PE and the CE of the level 2 carrier
-
Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE of the level 2 carrier and the CE of the level 1 carrier is the same with that used when the CE of the level 1 carrier accesses the level 1 carrier. However, it is different from that on the PE of the level 1 carrier.)
-
The name of the VPN instance configured on the PE, RD and VPN-target
-
Two routing policies configured on the CE of the level 1 carrier
Procedure
- Configure BGP/MPLS IP VPN on the Level 1 carrier backbone network. Configure IS-IS as the IGP protocol of the backbone network. Enable LDP between PE1 and PE2. Establish MP-IBGP peer relationship.
The specific configuration procedures are not mentioned here.
NOTE:
During the configuration of IGP, note that the 32-bit Loopback interface address of each PE needs to be advertised. - Configure the Level 2 carrier network. Configure IS-IS as the IGP protocol. Enable LDP between the PE3 and the CE1, and between the PE4 and the CE2 respectively.
The configuration procedures are similar to those in Example for Configuring Carrier’s Carrier in the Same AS and not mentioned here.
- Configure the Level 1 carrier CE to access the Level 1 carrier PE and configure the exchange of labeled IPv4 routes between them.
# Configure CE1 to exchange labeled IPv4 routes with PE3 and PE1.
<CE1> system-view
[CE1] interface pos 2/0/0
[CE1-Pos2/0/0] ip address 11.1.1.1 24
[CE1-Pos2/0/0] mpls
[CE1-Pos2/0/0] quit
[CE1] route-policy policy1 permit node 1
[CE1-route-policy] apply mpls-label
[CE1-route-policy] quit
[CE1] route-policy policy2 permit node 1
[CE1-route-policy] if-match mpls-label
[CE1-route-policy] apply mpls-label
[CE1-route-policy] quit
[CE1] bgp 200
[CE1-bgp] peer 1.1.1.9 as-number 200
[CE1-bgp] peer 1.1.1.9 connect-interface loopback 1
[CE1-bgp] peer 1.1.1.9 route-policy policy2 export
[CE1-bgp] peer 1.1.1.9 label-route-capability
[CE1-bgp] peer 11.1.1.2 as-number 100
[CE1-bgp] peer 11.1.1.2 route-policy policy1 export
[CE1-bgp] peer 11.1.1.2 label-route-capability
[CE1-bgp] import-route isis 2
[CE1-bgp] quit
# Configure PE1 to exchange labeled IPv4 routes with CE1.<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] ipv4-family
[PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 200:1
[PE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
[PE1-vpn-instance-vpn1-af-ipv4] quit
[PE1-vpn-instance-vpn1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip binding vpn-instance vpn1
[PE1-Pos1/0/0] ip address 11.1.1.2 24
[PE1-Pos1/0/0] mpls
[PE1-Pos1/0/0] quit
[PE1] route-policy policy1 permit node 1
[PE1-route-policy] apply mpls-label
[PE1-route-policy] quit
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 11.1.1.1 as-number 200
[PE1-bgp-vpn1] peer 11.1.1.1 route-policy policy1 export
[PE1-bgp-vpn1] peer 11.1.1.1 label-route-capability
[PE1-bgp-vpn1] quit
[PE1-bgp] quit
# Configure PE3 to exchange labeled IPv4 routes with CE1.<PE3> system-view
[PE3] bgp 200
[PE3-bgp] peer 2.2.2.9 as-number 200
[PE3-bgp] peer 2.2.2.9 connect-interface loopback 1
[PE3-bgp] peer 2.2.2.9 label-route-capability
[PE3-bgp] quit
After the above configuration, the BGP peer relationship is established between CE1 and PE3, and between CE1 and PE1.[CE1] display bgp peer
BGP local router ID : 2.2.2.9
Local AS number : 200
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
1.1.1.9 4 200 7 8 0 00:04:07 Established 0
11.1.1.2 4 100 3 4 0 00:00:08 Established 0
NOTE:
The configuration procedures of PE4, CE2 and PE2 are similar to those of PE3, CE1 and PE1, and are not mentioned here. - Configure the Level 2 carrier’s customer to access the Level 2 carrier PE.
The specific configurations are the same as those in Example for Configuring Carrier’s Carrier in the Same AS and are not mentioned here.
- Establish MP-EBGP peer relationship between the Level 2 carrier PEs to exchange VPN routes of the Level 2 carrier’s customer.
# Configure PE3.
<PE3> system-view
[PE3] bgp 200
[PE3-bgp] peer 6.6.6.9 as-number 300
[PE3-bgp] peer 6.6.6.9 connect-interface loopback 1
[PE3-bgp] peer 6.6.6.9 ebgp-max-hop 10
[PE3-bgp] ipv4-family vpnv4
[PE3-bgp-af-vpnv4] peer 6.6.6.9 enable
[PE3-bgp-af-vpnv4] quit
[PE3-bgp] quit
# Configure PE4.<PE4> system-view
[PE4] bgp 300
[PE4-bgp] peer 1.1.1.9 as-number 200
[PE4-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE4-bgp] peer 1.1.1.9 ebgp-max-hop 10
[PE4-bgp] ipv4-family vpnv4
[PE4-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE4-bgp-af-vpnv4] quit
[PE4-bgp] quit
- Verify the configuration.
After the configuration, run the display ip routing-table command on PE1 and PE2 to see that the public routing table contains only the route of the Level 1 carrier network.Consider PE1 as an example:
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.3.3.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4.4.4.9/32 ISIS 15 10 D 30.1.1.2 Pos2/0/0
30.1.1.0/24 Direct 0 0 D 30.1.1.1 Pos2/0/0
30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
30.1.1.2/32 Direct 0 0 D 30.1.1.2 Pos2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table vpn-instance command on PE1 and PE2 to see that the VPN routing table does not contain the external but internal routes of the Level 2 carrier.Consider PE1 as an example:[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 BGP 255 10 D 11.1.1.1 Pos1/0/0
2.2.2.9/32 BGP 255 0 D 11.1.1.1 Pos1/0/0
5.5.5.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0
6.6.6.9/32 BGP 255 10 RD 4.4.4.9 Pos2/0/0
10.1.1.0/24 BGP 255 0 D 11.1.1.1 Pos1/0/0
11.1.1.0/24 Direct 0 0 D 11.1.1.2 Pos1/0/0
11.1.1.1/32 Direct 0 0 D 11.1.1.1 Pos1/0/0
11.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
20.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0
21.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0
21.1.1.2/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0
Run the display ip routing-table command on CE1 and CE2 to see that the public routing table does not contain external but internal routes of the Level 2 carrier.Consider CE1 as an example:[CE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 ISIS 15 10 D 10.1.1.1 Pos1/0/0
2.2.2.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5.5.5.9/32 BGP 255 0 D 11.1.1.2 Pos2/0/0
6.6.6.9/32 BGP 255 0 D 11.1.1.2 Pos2/0/0
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos1/0/0
10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0
10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
11.1.1.0/24 Direct 0 0 D 11.1.1.1 Pos2/0/0
11.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
11.1.1.2/32 Direct 0 0 D 11.1.1.2 Pos2/0/0
20.1.1.0/24 BGP 255 0 D 11.1.1.2 Pos2/0/0
21.1.1.0/24 BGP 255 0 D 11.1.1.2 Pos2/0/0
21.1.1.2/32 BGP 255 0 D 11.1.1.2 Pos2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table command on PE3 and PE4 to see that the public routing table contains the internal route of the Level 2 carrier.Consider PE3 as an example:[PE3] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0
5.5.5.9/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0
6.6.6.9/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0
11.1.1.0/24 BGP 255 0 RD 6.6.6.9 Pos2/0/0
11.1.1.1/32 BGP 255 0 RD 6.6.6.9 Pos2/0/0
20.1.1.0/24 BGP 255 0 RD 2.2.2.9 Pos2/0/0
21.1.1.0/24 BGP 255 0 RD 2.2.2.9 Pos2/0/0
21.1.1.2/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Running the display ip routing-table vpn-instance command on PE3 and PE4 to see that the external routes of the Level 2 carrier are contained in the VPN routing table.Consider PE3 as an example:[PE3] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0
100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
120.1.1.0/24 BGP 255 0 RD 6.6.6.9 Pos2/0/0
PE3 and PE4 can ping through each other.[PE3] ping 20.1.1.2
PING 20.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=251 time=116 ms
Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=251 time=92 ms
Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=251 time=118 ms
Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=251 time=103 ms
Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=251 time=121 ms
--- 20.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 92/110/121 ms
CE3 and CE4 can ping through each other.[CE3] ping 120.1.1.1
PING 120.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=251 time=65 ms
Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=251 time=114 ms
Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=251 time=80 ms
Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=251 time=88 ms
Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=251 time=105 ms
--- 120.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 65/90/114 ms
Configuration Files
-
Configuration file of CE3
#
sysname CE3
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 100.1.1.1 255.255.255.0
#
bgp 65410
peer 100.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
import-route direct
peer 100.1.1.2 enable
#
return
-
Configuration file of PE3
#
sysname PE3
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
isis 2
network-entity 10.0000.0000.0001.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance vpn1
ip address 100.1.1.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 10.1.1.1 255.255.255.0
isis enable 2
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
isis enable 2
#
bgp 200
peer 2.2.2.9 as-number 200
peer 2.2.2.9 connect-interface LoopBack1
peer 6.6.6.9 as-number 300
peer 6.6.6.9 ebgp-max-hop 10
peer 6.6.6.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 2.2.2.9 label-route-capability
peer 6.6.6.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 6.6.6.9 enable
#
ipv4-family vpn-instance vpn1
peer 100.1.1.1 as-number 65410
import-route direct
#
return
-
Configuration file of CE1
#
sysname CE1
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
isis 2
network-entity 10.0000.0000.0002.00
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.1.1.2 255.255.255.0
isis enable 2
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 11.1.1.1 255.255.255.0
mpls
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
isis enable 2
#
bgp 200
peer 11.1.1.2 as-number 100
peer 1.1.1.9 as-number 200
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
import-route isis 2
peer 11.1.1.2 enable
peer 11.1.1.2 route-policy policy1 export
peer 11.1.1.2 label-route-capability
peer 1.1.1.9 enable
peer 1.1.1.9 route-policy policy2 export
peer 1.1.1.9 label-route-capability
#
route-policy policy1 permit node 1
apply mpls-label
route-policy policy2 permit node 2
if-match mpls-label
apply mpls-label
#
return
-
Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 200:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip binding vpn-instance vpn1
ip address 11.1.1.2 255.255.255.0
mpls
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
bgp 100
peer 4.4.4.9 as-number 100
peer 4.4.4.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.9 enable
#
ipv4-family vpn-instance vpn1
peer 11.1.1.1 as-number 200
peer 11.1.1.1 route-policy policy1 export
peer 11.1.1.1 label-route-capability
import-route direct
#
route-policy policy1 permit node 1
apply mpls-label
#
return
-
Configuration file of PE2
#
sysname PE2
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 200:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0005.00
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip binding vpn-instance vpn1
ip address 21.1.1.1 255.255.255.0
mpls
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
peer 21.1.1.2 as-number 300
peer 21.1.1.2 route-policy policy1 export
peer 21.1.1.2 label-route-capability
import-route direct
#
route-policy policy1 permit node 1
apply mpls-label
#
return
-
Configuration file of CE2
#
sysname CE2
#
mpls lsr-id 5.5.5.9
mpls
#
mpls ldp
#
isis 2
network-entity 10.0000.0000.0006.00
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 21.1.1.2 255.255.255.0
mpls
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 20.1.1.1 255.255.255.0
isis enable 2
mpls
mpls ldp
#
interface LoopBack1
ip address 5.5.5.9 255.255.255.255
isis enable 2
#
bgp 300
peer 21.1.1.1 as-number 100
peer 6.6.6.9 as-number 300
peer 6.6.6.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
import-route isis 2
peer 21.1.1.1 enable
peer 21.1.1.1 route-policy policy1 export
peer 21.1.1.1 label-route-capability
peer 6.6.6.9 enable
peer 6.6.6.9 route-policy policy2 export
peer 6.6.6.9 label-route-capability
#
route-policy policy1 permit node 1
apply mpls-label
route-policy policy2 permit node 1
if-match mpls-label
apply mpls-label
#
return
-
Configuration file of PE4
#
sysname PE4
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 6.6.6.9
mpls
#
mpls ldp
#
isis 2
network-entity 10.0000.0000.0007.00
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance vpn1
ip address 120.1.1.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 20.1.1.2 255.255.255.0
isis enable 2
mpls
mpls ldp
#
interface LoopBack1
ip address 6.6.6.9 255.255.255.255
isis enable 2
#
bgp 300
peer 5.5.5.9 as-number 300
peer 5.5.5.9 connect-interface LoopBack1
peer 1.1.1.9 as-number 200
peer 1.1.1.9 ebgp-max-hop 10
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 5.5.5.9 enable
peer 5.5.5.9 label-route-capability
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
peer 120.1.1.1 as-number 65420
import-route direct
#
return
-
Configuration file of CE4
#
sysname CE4
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 120.1.1.1 255.255.255.0
#
bgp 65420
peer 120.1.1.2 as-number 300
#
ipv4-family unicast
undo synchronization
import-route direct
peer 120.1.1.2 enable
#
return
from the best of networking http://bit.ly/1Hk5xUE
(Visited 400 times, 1 visits today)