-
Cisco RPM-PR Installation and Configuration, Release 5.2
-
PDF copy of the RPM-PR Install & Configuration for Release 5.2
-
About This Manual
-
Overview of the Cisco MGX RPM-PR
-
Preparing to Install the Cisco MGX RPM-PR
-
Installing the Cisco MGX RPM-PR
-
Cabling Cisco MGX RPM-PR Back Cards
-
Configuring the Cisco MGX RPM-PR
-
Configuring PNNI Communications
-
Configuring ATM MPLS and VPN
-
Maintaining the Cisco MGX RPM-PR
-
Cable and Connector Specifications
-
IOS and Configuration Basics
-
Feedback
Table Of Contents
Support for Multi-VC on the RPM-PR
How the LSC, ATM Switch, and VSI Work Together
Multiprotocol Label Switching (MPLS) over ATM using VC Merge
Configuring Cell-based MPLS on the RPM-PR
Adding an MPLS Controller and LSC
Adding and Partitioning AXSM Ports for MPLS
Mapping Ports to an XTagATM Interface on the LSC
Configuring an RPM-PR as an ELSR
Configuring a Cell-based MPLS VPN
Configuring Frame-based MPLS on the RPM-PR
Configuring an RPM-PR as an ELSR
Connecting MPLS Service Between the ELSRs
Configuring a Frame-based MPLS VPN
VPN Route-Target Communities and Export and Import Lists
iBGP Distribution of VPN Routing Information
Prerequisites for VPN Operation
Configure Import and Export Routes
Configuring MPLS and VPN
This chapter describes Multiprotocol Label Switching (MPLS) and Virtual Private Network (VPN) features used with the RPM-PR in multiple Cisco MGX switches (refer to Table 7-1 for platforms) and covers the following topics:
Note
On PXM1E platforms MPLS LSC functionality is not supported.
For information on MPLS, refer to the Cisco MPLS Controller Software Configuration Guide.
MPLS Overview
This chapter focuses on configuring the RPM-PR for cell- or frame-based MPLS as an Edge Label Switch Router (ELSR) on the Cisco MGX 8850 (PXM1E/PXM45) shelf, and configuring cell-based MPLS as a Label Switch Controller (LSC) on both the Cisco MGX 8850 (PXM1E/PXM45) and MGX 8950 shelf.
Table 7-1 lists the platform and PXM controllers that support the RPM-PR card.
Labels are used to forward packets and are negotiated using Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP). In this context, the RPM-PR functions as an ELSR to receive and label IP packets.
Two different modes of MPLS operation exist and the RPM-PR supports them both:
•
•
The RPM-PR supports MPLS VPNs. In MPLS VPN operation, the RPM-PR acts as a PE router. PE router functionality is a combination of the MPLS ELSR function and the use of the Border Gateway Protocol (BGP) v4 with Multiprotocol Extensions to carry routing information for the VPNs. See "VPN Overview" section for more information on VPNs.
Support for LDP
MPLS LDP allows the construction of highly scalable and flexible IP VPNs that support multiple levels of services. LDP provides a standard methodology for hop-by-hop, or dynamic label, distribution in an MPLS network by assigning labels to routes that have been chosen by the underlying Interior Gateway Protocol (IGP) routing protocols. The resulting labeled paths, called label switch paths (LSPs), forward label traffic across an MPLS backbone to specific destinations. These capabilities enable service providers to implement Cisco's MPLS-based IP VPNs and IP+ATM services across multivendor MPLS networks.
LDP is a superset of the pre-standard TDP from Cisco, which also supports MPLS forwarding along normally routed paths. For those features that LDP and TDP share in common, the pattern of protocol exchanges between network routing platforms is identical. The differences between LDP and TDP for those features supported by both protocols are largely embedded in their respective implementation details, such as the encoding of protocol messages.
This release of the Cisco IOS, which supports both the LDP and TDP protocols, provides the means for transitioning an existing network from a TDP operating environment to an LDP operating environment. Thus, you can run LDP and TDP simultaneously on any given router platform. The routing protocol that you select can be configured on a per-interface basis for directly connected neighbors and on a per-session basis for nondirectly connected (targeted) neighbors. In addition, LSP across an MPLS network can be supported by LDP on some hops and by TDP on other hops.
For more information, including configuration tasks, transitioning a network from TDP to LDP, and command reference, refer to the Cisco IOS Release 12.2T MPLS Label Distribution Protocol documentation at the following URL:
/en/US/docs/ios/12_2t/12_2t2/feature/guide/ldp_221t.html#xtocid212130
Note
Support for Multi-VC on the RPM-PR
This feature enables support for initiation of multiple LSPs per destination on the RPM-PR. Different label switched paths are established for different classes of service. This feature enables interface level queueing rather than per-vc level on the RPM-PR based on MPLS class of service policy.
MPLS QoS functionality enables network administrators to satisfy a wide range of requirements in transmitting IP packets through an MPLS-enabled network.The three primary MPLS QoS offerings made available to customers are as follows:
•
•
•
For more information, refer to the Cisco IOS Release 12.2T "MPLS QoS Multi-VC Mode for PA-A3" documentation at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/cos1221t.htm
Note
Cell-based MPLS
This section focuses on configuring the RPM-PR for cell-based MPLS on Cisco MGX platforms as an ELSR and an LSC. ELSRs can be located in feeder shelves, Cisco PXM1E platforms, and co-located with LSCs. Refer to Table 7-1 for ELSR and LSC support on specific Cisco MGX platforms. For an example of how the RPM-PR acts as an ELSR to support MPLS feeder functionality to a Cisco MGX 8850 (PXM45), see Figure 7-1.
In this example, an ELSR residing in a Cisco MGX 8850 (PXM1) uses a PVP tunnel to connect to an LSC in a Cisco MGX 8850 (PXM45). This ELSR is referred to as ELSR A in the diagram. The ELSR and the LSC cannot coexist on the same RPM. The figure also shows an LSC and ELSR located in a Cisco MGX 8850 (PXM45). This ELSR is referred to as ELSR B in the figure. ELSRs are also supported on PXM1E platforms.
Figure 7-1 Cisco MGX 8850s with ELSR and LSC Configured RPM
Features
Cell-based MPLS on the RPM-PR supports the following features:
•
•
•
•
•
•
•
•
•
•
•
Note
•
These connection limits stem from the Cisco MGX 8850and MGX 8950 platforms, and not the MPLS feature. However, if the platforms impose the limit, the MPLS feature does not support any capacity beyond them.
•
•
•
•
LSC Redundancy
LSC redundancy consists of the following components:
•
•
•
Switches take time to reroute traffic when a failure occurs. Switch connection routing software, such as AutoRoute, PNNI, and MPLS, calculate routes and reprogram hardware for each connection. This enables router networks to reroute large aggregates of traffic more quickly than most connection-oriented networks.
Cisco LSC redundancy recognizes that the LSC is the single point of failure for an IP+ATM network. Whether an LSC is an external router connected to a BPX (such as the 7204) or an internal RPM in a Cisco MGX switch, an LSC is in the critical path for network reliability. If the LSC fails or if the LSC's port adapter goes down, the ATM-LSR also goes down and the entire connected MPLS network loses connections. As a critical component of IP+ATM networks, LSCs must be robust, providing continued service despite equipment or software failures, and do so quickly.
In essence, two independent MPLS controllers, via VSI, control separate partitions in the IP+ATM switch, creating a set of two identical subnetworks. Multipath IP routing chooses to use both subnetworks equally, leading to identical connections in both subnetworks. If a controller in one subnetwork fails, then multipath IP routing very quickly diverts traffic to the other subnetwork.
LSC redundancy differs from hot standby redundancy in that the LSCs do not need copies of each other's internal state or database, thus increasing reliability. LSC redundancy is simpler than hot standby redundancy because it is not necessary to set up new connections when a controller fails. The LSC redundancy architecture requires the same amount of equipment as a network with hot standby controllers, except that the controllers act independently, rather than in hot standby mode.
For information on LSC redundancy, refer to LSC Redundancy for IP+ATM Networks.
How the LSC, ATM Switch, and VSI Work Together
The LSC and slave ATM switch have the following characteristics:
•
•
•
•
If a component on the LSC fails, the ATM switch's IP switching function is disabled. The stand-alone LSC is the single point of failure.
The VSI implementation includes the following characteristics:
•
•
•
•
Implementing LSC Redundancy
To make an LSC redundant, perform the following functions, which are described in subsequent sections:
•
•
•
•
•
Partitioning the Resources of the ATM Switch Interface
In the LSC redundancy model, two LSCs control different partitions of the ATM switch. When you partition the ATM switch for LSC redundancy, follow these guidelines:
•
•
–
For example, there can be only one (0, 32) control VC on the XtagATM interface. To map two XtagATM interfaces on the same ATM switch interface, use a different control VC for the second LSC. Enter the mpls atm control-vc command.–
Enter the mpls atm vpi command.•
•
Implementing the Parallel VSI Model
The parallel VSI model means that the physical interfaces on the ATM switch are shared by more than one LSC. For example:
•
•
•
With this mapping, you achieve fully-meshed independent masters.
Figure 7-2 shows four ATM physical interfaces mapped as four XtagATM interfaces at LSC1 and LSC2. Each LSC is not aware that the other LSC is mapped to the same interfaces. Both LSCs are active all the time. The ATM switch runs the same VSI protocol on both partitions.
Figure 7-2 XtagATM Interfaces
Adding Interface Redundancy
To ensure reliability throughout the LSC redundant network, you can also implement the following:
•
Most ELSRs are co-located with the LSCs. Creating redundant interfaces between the ELSRs and the ATM LSRs reduces the chance of a disruption in network traffic by providing parallel paths.•
To ensure hot redundancy between the ATM switches, you can create redundant virtual trunks and VP tunnels. (See Figure 7-3.)Figure 7-3 Interface Redundancy
Implementing Hot LSC Redundancy
Hot redundancy provides instant failover to the other path when an LSC fails. When you set up hot redundancy, both LSCs are active and have the same routing costs on both paths. To ensure that the routing costs are the same, run the same routing protocols on the redundant LSCs.
In hot redundancy, the LSCs run parallel and independent Label Distribution Protocols (LDPs). At the ELSRs, when the LDP has multiple routes for the same destination, it requests multiple labels. It also requests multiple labels when it needs to support class of service (CoS). When one LSC fails, the labels distributed by that LSC are removed.
To achieve hot redundancy, you can implement these redundant components:
•
•
•
•
•
Implementing Warm LSC Redundancy
Virtually any configuration of switches and LSCs that provides hot redundancy can also provide warm redundancy. You can also switch from warm to hot redundancy with little or no change to the links, switch configurations, or partitions.
To achieve warm redundancy, you need only redundant LSCs. You do not necessarily need to run the same routing protocols or distribution protocols on the LSCs.
Note
If you run the same routing protocols, you specify a higher cost for the interfaces on the backup LSC. This causes the data to use only the lower-cost path. This also saves resources on the ATM switch, because the ELSR requests LVCs only through the lower-cost LSC. When the primary LSC fails, the ELSR uses the backup LSC and creates new paths to the destination. Creating new paths requires rerouting time and LDP negotiation time.
Using LSC Redundancy in Dedicated LSC Mode
Normally, LSCs include ELSR functionality. In the "dedicated" LSC mode, the LSC removes ELSR functionality. In RPM-PR-based LSCs, the dedicated LSC mode of operation enables the LSC to be scaled. To achieve the ELSR functionality, the LSC creates a label switch path (LSP) for each destination in the route table.
With LSC redundancy, if 400 destinations exist in the network, each redundant LSC adds 400 head-end VCs. In hot redundancy mode, 800 head-end VCs are created for the LSCs. If the LSCs are not ELSRs, then 800 LVCs are wasted.
The number of LVCs increases as the number of redundant LSCs increases. In the case of a VC-merged system, the number of LVCs can be low. However, in non-VC-merged system, using the dedicated LSC mode is recommended.
MPLS Class of Service Support
MPLS Class of Service (CoS) is mapped to the service class templates (SCTs). The SCTs are part of the Virtual Switch Interface (VSI) slave task, and are responsible for providing "default" VC parameters and "default" CoS buffer parameters to other modules in the VSI slave. SCTs are used in setting up the cross-connect on the PXM45 but are not used in programming the RPM-PR. SCTs are created from SCT configuration files downloaded from the PXM45 disk. Users may modify the SCT configuration files only through Cisco WAN Manager (CWM).
Multiprotocol Label Switching (MPLS) over ATM using VC Merge
The VC merge facility allows a switch to aggregate multiple incoming flows with the same destination address into a single outgoing flow. Wherever VC merge occurs, several incoming labels are mapped to one single outgoing label. Cells from different VCIs going to the same destination are transmitted to the same outgoing VC using multipoint-to-point connections. This sharing of labels reduces the total number of VCs required for label switching.
Without VC merge, each path consumes one label VC on each interface along the path. VC merge reduces the label space shortage by sharing labels for different flows with the same destination. Therefore, VC-Merge connections are unidirectional, and furthermore, all merged connections must be of the same service type.
Note
VC Merge is enabled by default when the MPLS over ATM network is configured and is only used when the RPM-PR is used as an LSC. Because it is enabled by default, the only commands necessary are:
no tag-switching atm vc-merge to disable VC Merge
and
tag-switching atm vc-merge to enable VC Merge
For more information, see MPLS Label Switch Controller and Enhancements at the following URL: /en/US/docs/ios/12_2t/12_2t8/feature/guide/ftlsc.html#xtocid15
Configuring Cell-based MPLS on the RPM-PR
This section provides the procedures to configure cell-based MPLS on the RPM-PR in the example network as shown in Figure 7-4. In this example, the topology includes three LSCs (labeled M8950_SF_P1, M8950_DC_P2, and M8850_NY_P3), and four ELSRs (labeled M8950_SF_PE1, M8950_DC_PE2, PXM1E_SJ_PE3, and M8850_R1_PE4) configured in a full mesh network. In this example, PXM1E_SJ_PE3 is located in a PXM1E platform and M8850_R1_PE4 is located in a PXM1 platform.
Figure 7-4 Cell-based MPLS Network Topology
To configure cell-based MPLS, perform the following tasks:
•
•
•
•
Adding an MPLS Controller and LSC
The first task in establishing cell-based MPLS services with the RPM-PR is to add an MPLS controller to the PXM45. This is similar to adding the PNNI controller to the PXM45. (See "Configuring PNNI Communications.")
Perform the following steps to add an MPLS controller and LSC on M8950_SF:
Step 1
M8950_SF.8.PXM.a > addcontroller 3 i 3 11 LSC1M8950_SF.8.PXM.a >Step 2
Router>enablePassword:Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname M8950_SF_P1M8950_SF_P1(config)#ip cefM8950_SF_P1(config)#mpls ldp router-id loopback <n>M8950_SF_P1(config)#interface Loopback 0M8950_SF_P1(config-if)#ip address 10.0.1.10 255.255.255.255M8950_SF_P1(config-if)#exitM8950_SF_P1(config)#router ospf 1M8950_SF_P1(config-router)#log-adjacency-changesM8950_SF_P1(config-router)#network 10.0.1.10 0.0.0.0 area 0M8950_SF_P1(config-router)#exitM8950_SF_P1(config)#interface Switch1M8950_SF_P1(config-if)#no ip addressM8950_SF_P1(config-if)#tag-control-protocol vsi id 3M8950_SF_P1(config-if)#no atm ilmi-keepaliveM8950_SF_P1(config-if)#no rpm-sar-auto-recoveryM8950_SF_P1(config-if)#rpm-auto-cbclk-changeM8950_SF_P1(config-if)#switch partition vcc 2 3M8950_SF_P1(config-if-swpart)#ingress-percentage-bandwidth 100 100M8950_SF_P1(config-if-swpart)#egress-percentage-bandwidth 100 100M8950_SF_P1(config-if-swpart)#vpi 0 0M8950_SF_P1(config-if-swpart)#vci 32 3808M8950_SF_P1(config-if-swpart)#^ZM8950_SF_P1#
Note
Perform the following steps to add an MPLS controller and LSC on M8950_DC:
Step 1
M8950_DC.7.PXM.a > addcontroller 3 i 3 11 LSC1M8950_DC.7.PXM.a >Step 2
Router>enablePassword:Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname M8950_DC_P2M8950_DC_P2(config)#ip cefM8950_DC_P2(config)#mpls ldp router-id loopback <n>M8950_DC_P2(config)#interface Loopback0M8950_DC_P2(config-if)#ip address 10.0.1.20 255.255.255.255M8950_DC_P2(config-if)#exitM8950_DC_P2(config)#router ospf 1M8950_DC_P2(config-router)#log-adjacency-changesM8950_DC_P2(config-router)#network 10.0.1.20 0.0.0.0 area 0M8950_DC_P2(config-router)#exitM8950_DC_P2(config)#interface Switch1M8950_DC_P2(config-if)#no ip addressM8950_DC_P2(config-if)#tag-control-protocol vsi id 3M8950_DC_P2(config-if)#no atm ilmi-keepaliveM8950_DC_P2(config-if)#no rpm-sar-auto-recoveryM8950_DC_P2(config-if)#rpm-auto-cbclk-changeM8950_DC_P2(config-if)#switch partition vcc 2 3M8950_DC_P2(config-if-swpart)#ingress-percentage-bandwidth 100 100M8950_DC_P2(config-if-swpart)#egress-percentage-bandwidth 100 100M8950_DC_P2(config-if-swpart)#vpi 0 0M8950_DC_P2(config-if-swpart)#vci 32 3808M8950_DC_P2(config-if-swpart)#^ZM8950_DC_P2#
Note
Perform the following steps to add an MPLS controller and LSC on M8850_NY:
Step 1
M8850_NY.7.PXM.a > addcontroller 3 i 3 10 LSC1M8850_NY.7.PXM.a >Step 2
Router>enablePassword:Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname M8850_NY_P3M8850_NY_P3(config)#ip cefM8850_NY_P3(config)#mpls ldp router-id loopback <n>M8850_NY_P3(config)#interface Loopback0M8850_NY_P3(config-if)#ip address 10.0.1.30 255.255.255.255M8850_NY_P3(config-if)#exitM8850_NY_P3(config)#router ospf 1M8850_NY_P3(config-router)#log-adjacency-changesM8850_NY_P3(config-router)#network 10.0.1.30 0.0.0.0 area 0M8850_NY_P3(config-router)#exitM8850_NY_P3(config)#interface Switch1M8850_NY_P3(config-if)#no ip addressM8850_NY_P3(config-if)#tag-control-protocol vsi id 3M8850_NY_P3(config-if)#no atm ilmi-keepaliveM8850_NY_P3(config-if)#no rpm-sar-auto-recoveryM8850_NY_P3(config-if)#rpm-auto-cbclk-changeM8850_NY_P3(config-if)#switch partition vcc 2 3M8850_NY_P3(config-if-swpart)#ingress-percentage-bandwidth 100 100M8850_NY_P3(config-if-swpart)#egress-percentage-bandwidth 100 100M8850_NY_P3(config-if-swpart)#vpi 0 0M8850_NY_P3(config-if-swpart)#vci 32 3808M8850_NY_P3(config-if-swpart)#^ZM8850_NY_P3#
Note
Adding and Partitioning AXSM Ports for MPLS
Perform the following steps to add and then partition ports on an AXSM card for MPLS on M8950_SF:
Step 1
M8950_SF.5.AXSM.a > cnfcdsct 5M8950_SF.5.AXSM.a > upln 1.1M8950_SF.5.AXSM.a > addport 11 1.1 5651320 5651320 5 2M8950_SF.5.AXSM.a > addpart 11 2 3 500000 500000 500000 500000 0 10 32 65535 1000 4000M8950_SF.5.AXSM.a >Step 2
M8950_SF.12.AXSM.a > cnfcdsct 5M8950_SF.12.AXSM.a > upln 2.1M8950_SF.12.AXSM.a > addport 21 2.1 353207 353207 5 2M8950_SF.12.AXSM.a > addpart 21 2 3 500000 500000 500000 500000 0 10 32 65535 1000 4000M8950_SF.12.AXSM.a >Perform the following steps to add and then partition ports on an AXSM card for MPLS on M8950_DC:
Step 1
M8950_DC.5.AXSM.a > cnfcdsct 5M8950_DC.5.AXSM.a > upln 1.1M8950_DC.5.AXSM.a > addport 11 1.1 5651320 5651320 5 2M8950_DC.5.AXSM.a > addpart 11 2 3 500000 500000 500000 500000 0 10 32 65535 1000 4000M8950_DC.5.AXSM.a >Step 2
M8950_DC.14.AXSM.a > cnfcdsct 5M8950_DC.14.AXSM.a > upln 2.1M8950_DC.14.AXSM.a > addport 21 2.1 1412830 1412830 5 2M8950_DC.14.AXSM.a > addpart 21 2 3 500000 500000 500000 500000 0 10 32 65535 1000 4000M8950_DC.14.AXSM.a >Perform the following steps to add and then partition ports on an AXSM card for MPLS on M8850_NY:
Step 1
M8850_NY.1.AXSM.a > cnfcdsct 5M8850_NY.1.AXSM.a > upln 2.1M8850_NY.1.AXSM.a > addport 21 2.1 1412830 1412830 5 2M8850_NY.1.AXSM.a > addpart 21 2 3 500000 500000 500000 500000 0 10 32 65535 1000 4000M8850_NY.1.AXSM.a >Step 2
M8850_NY.6.AXSM.a > cnfcdsct 5M8850_NY.6.AXSM.a > upln 2.6M8850_NY.6.AXSM.a > addport 26 2.6 353207 353207 5 2M8850_NY.6.AXSM.a > addpart 26 2 3 500000 500000 500000 500000 0 10 32 65535 1000 4000M8850_NY.6.AXSM.a >Step 3
M8850_NY.6.AXSM.a > upln 1.7M8850_NY.6.AXSM.a > addport 17 1.7 353207 353207 4 3 -vpi 11M8850_NY.6.AXSM.a > addpart 17 2 3 500000 500000 500000 500000 11 11 32 65535 1000 4000M8850_NY.6.AXSM.a >Step 4
M8850_NY.6.AXSM.a > upln 2.1M8850_NY.6.AXSM.a > addport 21 2.1 353207 353207 4 3 -vpi 11M8850_NY.6.AXSM.a > addpart 21 2 3 500000 500000 500000 500000 11 11 32 65535 1000 4000M8850_NY.6.AXSM.a >
Mapping Ports to an XTagATM Interface on the LSC
Perform the following steps to map the AXSM ports created in the previous section and the ELSR to the LSC in slot 11 on M8950_SF:
Step 1
M8950_SF_P1>enablePassword:M8950_SF_P1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_SF_P1(config)#interface XTagATM51111M8950_SF_P1(config-if)# ip unnumbered Loopback0M8950_SF_P1(config-if)# extended-port Switch1 descriptor "5:1.1:11"M8950_SF_P1(config-if)# tag-switching ipM8950_SF_P1(config-if)#^ZM8950_SF_P1#Step 2
M8950_SF_P1>enablePassword:M8950_SF_P1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_SF_P1(config)#interface XTagATM122121M8950_SF_P1(config-if)# ip unnumbered Loopback0M8950_SF_P1(config-if)# extended-port Switch1 descriptor "12:2.1:21"M8950_SF_P1(config-if)# tag-switching ipM8950_SF_P1(config-if)#^ZM8950_SF_P1#Step 3
M8950_SF_P1>enablePassword:M8950_SF_P1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_SF_P1(config)#interface XTagATM31M8950_SF_P1(config-if)# ip unnumbered Loopback0M8950_SF_P1(config-if)# extended-port Switch1 descriptor "3.1"M8950_SF_P1(config-if)# tag-switching ipM8950_SF_P1(config-if)#^ZM8950_SF_P1#Perform the following steps to map the AXSM ports created in the previous section and the ELSR to the LSC in slot 11 on M8950_DC:
Step 1
M8950_DC_P2>enablePassword:M8950_DC_P2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_DC_P2(config)#interface XTagATM51111M8950_DC_P2(config-if)# ip unnumbered Loopback0M8950_DC_P2(config-if)# extended-port Switch1 descriptor "5:1.1:11"M8950_DC_P2(config-if)# tag-switching ipM8950_DC_P2(config-if)#^ZM8950_DC_P2#Step 2
M8950_DC_P2>enablePassword:M8950_DC_P2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_DC_P2(config)#interface XTagATM142121M8950_DC_P2(config-if)# ip unnumbered Loopback0M8950_DC_P2(config-if)# extended-port Switch1 descriptor "14:2.1:21"M8950_DC_P2(config-if)# tag-switching ipM8950_DC_P2(config-if)#^ZM8950_DC_P2#Step 3
M8950_DC_P2>enablePassword:M8950_DC_P2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_DC_P2(config)#interface XTagATM11M8950_DC_P2(config-if)# ip unnumbered Loopback0M8950_DC_P2(config-if)# extended-port Switch1 descriptor "1.1"M8950_DC_P2(config-if)# tag-switching ipM8950_DC_P2(config-if)#^ZM8950_DC_P2#Perform the following steps to map the AXSM ports created in the previous section and the ELSRs in PXM1E_SJ and M8850_R1 to the LSC in slot 10 on M8850_NY:
Step 1
M8850_NY_P3>enablePassword:M8850_NY_P3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_NY_P3(config)#interface XTagATM12121M8850_NY_P3(config-if)# ip unnumbered Loopback0M8850_NY_P3(config-if)# extended-port Switch1 descriptor "1:2.1:21"M8850_NY_P3(config-if)# tag-switching ipM8850_NY_P3(config-if)#^ZM8850_NY_P3#Step 2
M8850_NY_P3>enablePassword:M8850_NY_P3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_NY_P3(config)#interface XTagATM62626M8850_NY_P3(config-if)# ip unnumbered Loopback0M8850_NY_P3(config-if)# extended-port Switch1 descriptor "6:2.6:26"M8850_NY_P3(config-if)# tag-switching ipM8850_NY_P3(config-if)#^ZM8850_NY_P3#Step 3
M8850_NY_P3>enablePassword:M8850_NY_P3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_NY_P3(config)#interface XTagATM61717M8850_NY_P3(config-if)# ip unnumbered Loopback0M8850_NY_P3(config-if)# extended-port Switch1 descriptor "6:1.7:17"M8850_NY_P3(config-if)# tag-switching ipM8850_NY_P3(config-if)#^ZM8850_NY_P3#Step 4
M8850_NY_P3>enablePassword:Password:M8850_NY_P3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_NY_P3(config)#interface XTagATM62121M8850_NY_P3(config-if)# ip unnumbered Loopback0M8850_NY_P3(config-if)# extended-port Switch1 descriptor "6:2.1:21"M8850_NY_P3(config-if)# tag-switching ipM8850_NY_P3(config-if)#^ZM8850_NY_P3#
Configuring an RPM-PR as an ELSR
Perform the following steps to configure the RPM-PR in slot 3 as an ELSR on M8950_SF:
Step 1
Router>enablePassword:Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname M8950_SF_PE1M8950_SF_PE1(config)#ip cefM8950_SF_PE1(config)#mpls ldp router-id loopback <n>M8950_SF_PE1(config)#interface Loopback0M8950_SF_PE1(config-if)#ip address 10.0.1.1 255.255.255.255M8950_SF_PE1(config-if)#exitM8950_SF_PE1(config)#interface FastEthernet1/1M8950_SF_PE1(config-if)#description Connected to C4700_CH_CE1M8950_SF_PE1(config-if)#ip address 192.168.10.1 255.255.255.252M8950_SF_PE1(config-if)#load-interval 30M8950_SF_PE1(config-if)#duplex halfM8950_SF_PE1(config-if)#no cdp enableM8950_SF_PE1(config-if)#no shutM8950_SF_PE1(config-if)#exitM8950_SF_PE1(config)#router ospf 1M8950_SF_PE1(config-router)#log-adjacency-changesM8950_SF_PE1(config-router)#network 10.0.1.1 0.0.0.0 area 0M8950_SF_PE1(config-router)#^ZM8950_SF_PE1#Step 2
M8950_SF_PE1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_SF_PE1(config)#interface Switch1M8950_SF_PE1(config-if)#no ip addressM8950_SF_PE1(config-if)#no atm ilmi-keepaliveM8950_SF_PE1(config-if)#no rpm-sar-auto-recoveryM8950_SF_PE1(config-if)#rpm-auto-cbclk-changeM8950_SF_PE1(config-if)#switch partition vcc 1 2M8950_SF_PE1(config-if-swpart)#ingress-percentage-bandwidth 50 100M8950_SF_PE1(config-if-swpart)#egress-percentage-bandwidth 50 100M8950_SF_PE1(config-if-swpart)#vpi 0 0M8950_SF_PE1(config-if-swpart)#vci 1601 3808M8950_SF_PE1(config-if-swpart)#exitM8950_SF_PE1(config-if)#switch partition vcc 2 3M8950_SF_PE1(config-if-swpart)#ingress-percentage-bandwidth 50 100M8950_SF_PE1(config-if-swpart)#egress-percentage-bandwidth 50 100M8950_SF_PE1(config-if-swpart)#vpi 0 0M8950_SF_PE1(config-if-swpart)#vci 32 1600M8950_SF_PE1(config-if-swpart)#exitM8950_SF_PE1(config-if)#exitM8950_SF_PE1(config)#interface Switch1.1 tag-switchingM8950_SF_PE1(config-subif)#ip unnumbered Loopback0M8950_SF_PE1(config-subif)#tag-switching ipM8950_SF_PE1(config-subif)#no shutM8950_SF_PE1(config-subif)#^ZM8950_SF_PE1#Perform the following steps to configure the RPM-PR in slot 1 as an ELSR on M8950_DC:
Step 1
Router>enablePassword:Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname M8950_DC_PE2M8950_DC_PE2(config)#ip cefM8950_DC_PE2(config)#mpls ldp router-id loopback <n>M8950_DC_PE2(config)#interface Loopback0M8950_DC_PE2(config-if)#ip address 10.0.1.2 255.255.255.255M8950_DC_PE2(config-if)#exitM8950_DC_PE2(config)#interface FastEthernet1/1M8950_DC_PE2(config-if)#description Connected to C7204_DC_CE2M8950_DC_PE2(config-if)#ip address 192.168.20.1 255.255.255.252M8950_DC_PE2(config-if)#load-interval 30M8950_DC_PE2(config-if)#duplex halfM8950_DC_PE2(config-if)#no cdp enableM8950_DC_PE2(config-if)#no shutM8950_DC_PE2(config-if)#exitM8950_DC_PE2(config)#router ospf 1M8950_DC_PE2(config-router)#log-adjacency-changesM8950_DC_PE2(config-router)#network 10.0.1.2 0.0.0.0 area 0M8950_DC_PE2(config-router)#^ZM8950_DC_PE2#Step 2
M8950_DC_PE2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_DC_PE2(config)#interface Switch1M8950_DC_PE2(config-if)#no ip addressM8950_DC_PE2(config-if)#no atm ilmi-keepaliveM8950_DC_PE2(config-if)#no rpm-sar-auto-recoveryM8950_DC_PE2(config-if)#rpm-auto-cbclk-changeM8950_DC_PE2(config-if)#switch partition vcc 1 2M8950_DC_PE2(config-if-swpart)#ingress-percentage-bandwidth 50 100M8950_DC_PE2(config-if-swpart)#egress-percentage-bandwidth 50 100M8950_DC_PE2(config-if-swpart)#vpi 0 0M8950_DC_PE2(config-if-swpart)#vci 1601 3808M8950_DC_PE2(config-if-swpart)#exitM8950_DC_PE2(config-if)#switch partition vcc 2 3M8950_DC_PE2(config-if-swpart)#ingress-percentage-bandwidth 50 100M8950_DC_PE2(config-if-swpart)#egress-percentage-bandwidth 50 100M8950_DC_PE2(config-if-swpart)#vpi 0 0M8950_DC_PE2(config-if-swpart)#vci 32 1600M8950_DC_PE2(config-if-swpart)#exitM8950_DC_PE2(config-if)#exitM8950_DC_PE2(config)#interface Switch1.1 tag-switchingM8950_DC_PE2(config-subif)#ip unnumbered Loopback0M8950_DC_PE2(config-subif)#tag-switching ipM8950_DC_PE2(config-subif)#no shutM8950_DC_PE2(config-subif)#^ZM8950_DC_PE2#Perform the following steps to configure the RPM-PR as an ELSR on PXM1E_SJ:
Step 1
PXM1E_SJ.7.PXM.a > upln 2.9PXM1E_SJ.7.PXM.a > addport 29 2.9 353207 353207 5 1PXM1E_SJ.7.PXM.a > addpart 29 1 2 1000000 1000000 1000000 1000000 11 11 32 65535 1000 4000PXM1E_SJ.7.PXM.a >Step 2
Router>enablePassword:Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname PXM1E_SJ_PE3PXM1E_SJ_PE3(config)#ip cefPXM1E_SJ_PE3(config)#mpls ldp router-id loopback <n>PXM1E_SJ_PE3(config)#interface Loopback0PXM1E_SJ_PE3(config-if)#ip address 10.0.1.3 255.255.255.255PXM1E_SJ_PE3(config-if)#exitPXM1E_SJ_PE3(config)#interface FastEthernet1/1PXM1E_SJ_PE3(config-if)#description Connected to C4700_NY_CE3PXM1E_SJ_PE3(config-if)#ip address 192.168.30.1 255.255.255.252PXM1E_SJ_PE3(config-if)#load-interval 30PXM1E_SJ_PE3(config-if)#duplex halfPXM1E_SJ_PE3(config-if)#no cdp enablePXM1E_SJ_PE3(config-if)#no shutPXM1E_SJ_PE3(config-if)#exitPXM1E_SJ_PE3(config)#router ospf 1PXM1E_SJ_PE3(config-router)#log-adjacency-changesPXM1E_SJ_PE3(config-router)#network 10.0.1.3 0.0.0.0 area 0PXM1E_SJ_PE3(config-router)#^ZPXM1E_SJ_PE3#Step 3
PXM1E_SJ_PE3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.PXM1E_SJ_PE3(config)#interface Switch1PXM1E_SJ_PE3(config-if)#no ip addressPXM1E_SJ_PE3(config-if)#no atm ilmi-keepalivePXM1E_SJ_PE3(config-if)#no rpm-sar-auto-recoveryPXM1E_SJ_PE3(config-if)#rpm-auto-cbclk-changePXM1E_SJ_PE3(config-if)#switch partition vcc 1 2PXM1E_SJ_PE3(config-if-swpart)#ingress-percentage-bandwidth 50 100PXM1E_SJ_PE3(config-if-swpart)#egress-percentage-bandwidth 50 100PXM1E_SJ_PE3(config-if-swpart)#vpi 0 0PXM1E_SJ_PE3(config-if-swpart)#vci 32 3808PXM1E_SJ_PE3(config-if-swpart)#exitPXM1E_SJ_PE3(config-if)#switch partition vpc 1 2PXM1E_SJ_PE3(config-if-swpart)#ingress-percentage-bandwidth 50 100PXM1E_SJ_PE3(config-if-swpart)#egress-percentage-bandwidth 50 100PXM1E_SJ_PE3(config-if-swpart)#vpi 11 255PXM1E_SJ_PE3(config-if-swpart)#vci 0 65535PXM1E_SJ_PE3(config-if-swpart)#exitPXM1E_SJ_PE3(config-if)#exitPXM1E_SJ_PE3(config)#interface Switch1.10 tag-switchingPXM1E_SJ_PE3(config-subif)#ip unnumbered Loopback0PXM1E_SJ_PE3(config-subif)#tag-switching ipPXM1E_SJ_PE3(config-subif)#^ZPXM1E_SJ_PE3#Step 4
PXM1E_SJ_PE3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.PXM1E_SJ_PE3(config)#interface Switch1PXM1E_SJ_PE3(config-if)#atm pvp 11 100000PXM1E_SJ_PE3(config-if)#exitPXM1E_SJ_PE3(config)#interface Switch1.10 tag-switchingPXM1E_SJ_PE3(config-subif)#tag-switching atm vp-tunnel 11PXM1E_SJ_PE3(config-subif)#pvc 11/0PXM1E_SJ_PE3(config-if-atm-vc)#exitPXM1E_SJ_PE3(config-subif)#switch connection vpc 11 master remotePXM1E_SJ_PE3(config-if-swconn)#^ZPXM1E_SJ_PE3#Step 5
PXM1E_SJ.7.PXM.a > dspconsLocal Port Vpi.Vci Remote Port Vpi.Vci State Owner Pri Persistency----------------------+------------------------+---------+-------+---+-----------10.2 11 0 Routed 0 0 FAIL SLAVE - PersistentLocal Addr: 47.00918100000000001a533377.000001075302.00Remote Addr: 00.000000000000000000000000.000000000000.00Preferred Route ID:- Cast Type: P2PPXM1E_SJ.7.PXM.a > addcon 29 11 0 8 1 -slave 4700918100000000001a53337700000107530200.11.0 -rpcr 235850 -lpcr 235850master endpoint added successfullymaster endpoint id : 4700918100000000001A533377000001073B1D00.11.0PXM1E_SJ.7.PXM.a >Perform the following steps to configure the RPM-PR as an ELSR on M8850_R1:
Step 1
M8850_R1.1.7.PXM.a > addln -sonet 7.1M8850_R1.1.7.PXM.a > addport 1 1 100 0 4095 100M8850_R1.1.7.PXM.a >Step 2
Router>enablePassword:Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname M8850_R1_PE4M8850_R1_PE4(config)#ip cefM8850_R1_PE4(config)#mpls ldp router-id loopback <n>M8850_R1_PE4(config)#interface Loopback0M8850_R1_PE4(config-if)#ip address 10.0.1.4 255.255.255.255M8850_R1_PE4(config-if)#exitM8850_R1_PE4(config)#interface FastEthernet1/1M8850_R1_PE4(config-if)#description Connected to C2621_NY_CE4M8850_R1_PE4(config-if)#ip address 192.168.40.1 255.255.255.252M8850_R1_PE4(config-if)#load-interval 30M8850_R1_PE4(config-if)#duplex halfM8850_R1_PE4(config-if)#no cdp enableM8850_R1_PE4(config-if)#no shutM8850_R1_PE4(config-if)#exitM8850_R1_PE4(config)#router ospf 1M8850_R1_PE4(config-router)#log-adjacency-changesM8850_R1_PE4(config-router)#network 10.0.1.4 0.0.0.0 area 0M8850_R1_PE4(config-router)#^ZM8850_R1_PE4#Step 3
M8850_R1_PE4#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_R1_PE4(config)#rpmrscprtn PAR 100 100 0 255 0 3840 4000M8850_R1_PE4(config)#interface Switch1.1 tag-switchingM8850_R1_PE4(config-subif)#ip unnumbered Loopback0M8850_R1_PE4(config-subif)#tag-switching ipM8850_R1_PE4(config-subif)#^ZM8850_R1_PE4#Step 4
M8850_R1_PE4#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_R1_PE4(config)#interface Switch1.1 tag-switchingM8850_R1_PE4(config-subif)#tag-switching atm vp-tunnel 11M8850_R1_PE4(config-subif)#pvc 11/0M8850_R1_PE4(config-if-atm-vc)#vbr-nrt 100000 100000M8850_R1_PE4(config-if-atm-vc)#encapsulation aal5snapM8850_R1_PE4(config-if-atm-vc)#exitM8850_R1_PE4(config-subif)#exitM8850_R1_PE4(config)#addcon vpc switch 1.1 11 rslot 0 1 11 masterM8850_R1_PE4(config)#^ZM8850_R1_PE4#Step 5
M8850_R1.1.7.PXM.a > addcon 1 1 11 0 1 1 2Connection ID: M8850_R1.0.1.11.0M8850_R1.1.7.PXM.a > cnfupccbr 1.11.0 4 353208 10000 100 353208 100M8850_R1.1.7.PXM.a >
Configuring a Cell-based MPLS VPN
A general discussion on how VPNs work and how to set up a VPN is covered in the "VPN Overview" section. The following procedures describe how to set up a VPN for the cell-based MPLS example network used throughout this chapter.
Perform the following steps to configure a VPN on M8950_SF_PE1:
Step 1
M8950_SF_PE1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_SF_PE1(config)#ip vrf vpn1M8950_SF_PE1(config-vrf)#rd 100:1M8950_SF_PE1(config-vrf)#route-target export 100:1M8950_SF_PE1(config-vrf)#route-target import 100:1M8950_SF_PE1(config-vrf)#^ZM8950_SF_PE1#Step 2
M8950_SF_PE1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_SF_PE1(config)#interface FastEthernet1/1M8950_SF_PE1(config-if)#ip vrf forwarding vpn1% Interface FastEthernet1/1 IP address 192.168.10.1 removed due to enabling VRF vpn1M8950_SF_PE1(config-if)#ip address 192.168.10.1 255.255.255.252M8950_SF_PE1(config-if)#^ZM8950_SF_PE1#Step 3
M8950_SF_PE1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_SF_PE1(config)#router bgp 100M8950_SF_PE1(config-router)#bgp log-neighbor-changesM8950_SF_PE1(config-router)#neighbor 10.0.1.2 remote-as 100M8950_SF_PE1(config-router)#neighbor 10.0.1.2 update-source Loopback0M8950_SF_PE1(config-router)#neighbor 10.0.1.3 remote-as 100M8950_SF_PE1(config-router)#neighbor 10.0.1.3 update-source Loopback0M8950_SF_PE1(config-router)#neighbor 10.0.1.4 remote-as 100M8950_SF_PE1(config-router)#neighbor 10.0.1.4 update-source Loopback0M8950_SF_PE1(config-router)#address-family ipv4M8950_SF_PE1(config-router-af)#neighbor 10.0.1.2 activateM8950_SF_PE1(config-router-af)#neighbor 10.0.1.2 send-community extendedM8950_SF_PE1(config-router-af)#neighbor 10.0.1.3 activateM8950_SF_PE1(config-router-af)#neighbor 10.0.1.3 send-community extendedM8950_SF_PE1(config-router-af)#neighbor 10.0.1.4 activateM8950_SF_PE1(config-router-af)#neighbor 10.0.1.4 send-community extendedM8950_SF_PE1(config-router-af)#no auto-summaryM8950_SF_PE1(config-router-af)#no synchronizationM8950_SF_PE1(config-router-af)#exit-address-familyM8950_SF_PE1(config-router)#address-family vpnv4M8950_SF_PE1(config-router-af)#neighbor 10.0.1.2 activateM8950_SF_PE1(config-router-af)#neighbor 10.0.1.2 send-community extendedM8950_SF_PE1(config-router-af)#neighbor 10.0.1.3 activateM8950_SF_PE1(config-router-af)#neighbor 10.0.1.3 send-community extendedM8950_SF_PE1(config-router-af)#neighbor 10.0.1.4 activateM8950_SF_PE1(config-router-af)#neighbor 10.0.1.4 send-community extendedM8950_SF_PE1(config-router-af)#exit-address-familyM8950_SF_PE1(config-router)#^ZM8950_SF_PE1#Step 4
M8950_SF_PE1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_SF_PE1(config)#router bgp 100M8950_SF_PE1(config-router)#address-family ipv4 vrf vpn1M8950_SF_PE1(config-router-af)#redistribute connectedM8950_SF_PE1(config-router-af)#neighbor 192.168.10.2 remote-as 65010M8950_SF_PE1(config-router-af)#neighbor 192.168.10.2 activateM8950_SF_PE1(config-router-af)#no auto-summaryM8950_SF_PE1(config-router-af)#no synchronizationM8950_SF_PE1(config-router-af)#exit-address-familyM8950_SF_PE1(config-router)#^ZM8950_SF_PE1#Perform the following steps to configure a VPN on M8950_DC_PE2:
Step 1
M8950_DC_PE2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_DC_PE2(config)#ip vrf vpn1M8950_DC_PE2(config-vrf)#rd 100:1M8950_DC_PE2(config-vrf)#route-target export 100:1M8950_DC_PE2(config-vrf)#route-target import 100:1M8950_DC_PE2(config-vrf)#^ZM8950_DC_PE2#Step 2
M8950_DC_PE2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_DC_PE2(config)#interface FastEthernet1/1M8950_DC_PE2(config-if)#ip vrf forwarding vpn1% Interface FastEthernet1/1 IP address 192.168.20.1 removed due to enabling VRF vpn1M8950_DC_PE2(config-if)#ip address 192.168.20.1 255.255.255.252M8950_DC_PE2(config-if)#^ZM8950_DC_PE2#Step 3
M8950_DC_PE2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_DC_PE2(config)#router bgp 100M8950_DC_PE2(config-router)#bgp log-neighbor-changesM8950_DC_PE2(config-router)#neighbor 10.0.1.1 remote-as 100M8950_DC_PE2(config-router)#neighbor 10.0.1.1 update-source Loopback0M8950_DC_PE2(config-router)#neighbor 10.0.1.3 remote-as 100M8950_DC_PE2(config-router)#neighbor 10.0.1.3 update-source Loopback0M8950_DC_PE2(config-router)#neighbor 10.0.1.4 remote-as 100M8950_DC_PE2(config-router)#neighbor 10.0.1.4 update-source Loopback0M8950_DC_PE2(config-router)#address-family ipv4M8950_DC_PE2(config-router-af)#neighbor 10.0.1.1 activateM8950_DC_PE2(config-router-af)#neighbor 10.0.1.1 send-community extendedM8950_DC_PE2(config-router-af)#neighbor 10.0.1.3 activateM8950_DC_PE2(config-router-af)#neighbor 10.0.1.3 send-community extendedM8950_DC_PE2(config-router-af)#neighbor 10.0.1.4 activateM8950_DC_PE2(config-router-af)#neighbor 10.0.1.4 send-community extendedM8950_DC_PE2(config-router-af)#no auto-summaryM8950_DC_PE2(config-router-af)#no synchronizationM8950_DC_PE2(config-router-af)#exit-address-familyM8950_DC_PE2(config-router)#address-family vpnv4M8950_DC_PE2(config-router-af)#neighbor 10.0.1.1 activateM8950_DC_PE2(config-router-af)#neighbor 10.0.1.1 send-community extendedM8950_DC_PE2(config-router-af)#neighbor 10.0.1.3 activateM8950_DC_PE2(config-router-af)#neighbor 10.0.1.3 send-community bothM8950_DC_PE2(config-router-af)#neighbor 10.0.1.4 activateM8950_DC_PE2(config-router-af)#neighbor 10.0.1.4 send-community extendedM8950_DC_PE2(config-router-af)#exit-address-familyM8950_DC_PE2(config-router)#^ZM8950_DC_PE2#Step 4
M8950_DC_PE2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8950_DC_PE2(config)#router bgp 100M8950_DC_PE2(config-router)#address-family ipv4 vrf vpn1M8950_DC_PE2(config-router-af)#redistribute connectedM8950_DC_PE2(config-router-af)#neighbor 192.168.20.2 remote-as 65020M8950_DC_PE2(config-router-af)#neighbor 192.168.20.2 activateM8950_DC_PE2(config-router-af)#no auto-summaryM8950_DC_PE2(config-router-af)#no synchronizationM8950_DC_PE2(config-router-af)#exit-address-familyM8950_DC_PE2(config-router)#^ZM8950_DC_PE2#Perform the following steps to configure a VPN on PXM1E_SJ_PE3:
Step 1
PXM1E_SJ_PE3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.PXM1E_SJ_PE3(config)#ip vrf vpn1PXM1E_SJ_PE3(config-vrf)#rd 100:1PXM1E_SJ_PE3(config-vrf)#route-target export 100:1PXM1E_SJ_PE3(config-vrf)#route-target import 100:1PXM1E_SJ_PE3(config-vrf)#^ZPXM1E_SJ_PE3#Step 2
PXM1E_SJ_PE3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.PXM1E_SJ_PE3(config)#interface FastEthernet1/1PXM1E_SJ_PE3(config-if)#ip vrf forwarding vpn1% Interface FastEthernet1/1 IP address 192.168.30.1 removed due to enabling VRF vpn1PXM1E_SJ_PE3(config-if)#ip address 192.168.30.1 255.255.255.252PXM1E_SJ_PE3(config-if)#^ZPXM1E_SJ_PE3#Step 3
PXM1E_SJ_PE3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.PXM1E_SJ_PE3(config)#router bgp 100PXM1E_SJ_PE3(config-router)#bgp log-neighbor-changesPXM1E_SJ_PE3(config-router)#neighbor 10.0.1.1 remote-as 100PXM1E_SJ_PE3(config-router)#neighbor 10.0.1.1 update-source Loopback0PXM1E_SJ_PE3(config-router)#neighbor 10.0.1.2 remote-as 100PXM1E_SJ_PE3(config-router)#neighbor 10.0.1.2 update-source Loopback0PXM1E_SJ_PE3(config-router)#neighbor 10.0.1.4 remote-as 100PXM1E_SJ_PE3(config-router)#neighbor 10.0.1.4 update-source Loopback0PXM1E_SJ_PE3(config-router)#address-family ipv4PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.1 activatePXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.1 send-community extendedPXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.2 activatePXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.2 send-community extendedPXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.4 activatePXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.4 send-community extendedPXM1E_SJ_PE3(config-router-af)#no auto-summaryPXM1E_SJ_PE3(config-router-af)#no synchronizationPXM1E_SJ_PE3(config-router-af)#exit-address-familyPXM1E_SJ_PE3(config-router)# address-family vpnv4PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.1 activatePXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.1 send-community extendedPXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.2 activatePXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.2 send-community extendedPXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.4 activatePXM1E_SJ_PE3(config-router-af)#neighbor 10.0.1.4 send-community extendedPXM1E_SJ_PE3(config-router-af)#exit-address-familyPXM1E_SJ_PE3(config-router)#^ZPXM1E_SJ_PE3#Step 4
PXM1E_SJ_PE3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.PXM1E_SJ_PE3(config)#router bgp 100PXM1E_SJ_PE3(config-router)# address-family ipv4 vrf vpn1PXM1E_SJ_PE3(config-router-af)#redistribute connectedPXM1E_SJ_PE3(config-router-af)#neighbor 192.168.30.2 remote-as 65030PXM1E_SJ_PE3(config-router-af)#neighbor 192.168.30.2 activatePXM1E_SJ_PE3(config-router-af)#no auto-summaryPXM1E_SJ_PE3(config-router-af)#no synchronizationPXM1E_SJ_PE3(config-router-af)#exit-address-familyPXM1E_SJ_PE3(config-router)#^ZPXM1E_SJ_PE3#Perform the following steps to configure a VPN on M8850_R1_PE4:
Step 1
M8850_R1_PE4#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_R1_PE4(config)#ip vrf vpn1M8850_R1_PE4(config-vrf)#rd 100:1M8850_R1_PE4(config-vrf)#route-target export 100:1M8850_R1_PE4(config-vrf)#route-target import 100:1M8850_R1_PE4(config-vrf)#^ZM8850_R1_PE4#Step 2
M8850_R1_PE4#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_R1_PE4(config)#interface FastEthernet1/1M8850_R1_PE4(config-if)#ip vrf forwarding vpn1% Interface FastEthernet1/1 IP address 192.168.40.1 removed due to enabling VRF vpn1M8850_R1_PE4(config-if)#ip address 192.168.40.1 255.255.255.252M8850_R1_PE4(config-if)#^ZM8850_R1_PE4#Step 3
M8850_R1_PE4#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_R1_PE4(config)#router bgp 100M8850_R1_PE4(config-router)#bgp log-neighbor-changesM8850_R1_PE4(config-router)#neighbor 10.0.1.1 remote-as 100M8850_R1_PE4(config-router)#neighbor 10.0.1.1 update-source Loopback0M8850_R1_PE4(config-router)#neighbor 10.0.1.2 remote-as 100M8850_R1_PE4(config-router)#neighbor 10.0.1.2 update-source Loopback0M8850_R1_PE4(config-router)#neighbor 10.0.1.3 remote-as 100M8850_R1_PE4(config-router)#neighbor 10.0.1.3 update-source Loopback0M8850_R1_PE4(config-router)#address-family ipv4M8850_R1_PE4(config-router-af)#neighbor 10.0.1.1 activateM8850_R1_PE4(config-router-af)#neighbor 10.0.1.1 send-community extendedM8850_R1_PE4(config-router-af)#neighbor 10.0.1.2 activateM8850_R1_PE4(config-router-af)#neighbor 10.0.1.2 send-community extendedM8850_R1_PE4(config-router-af)#neighbor 10.0.1.3 activateM8850_R1_PE4(config-router-af)#neighbor 10.0.1.3 send-community extendedM8850_R1_PE4(config-router-af)#no auto-summaryM8850_R1_PE4(config-router-af)#no synchronizationM8850_R1_PE4(config-router-af)#exit-address-familyM8850_R1_PE4(config-router)#address-family vpnv4M8850_R1_PE4(config-router-af)#neighbor 10.0.1.1 activateM8850_R1_PE4(config-router-af)#neighbor 10.0.1.1 send-community extendedM8850_R1_PE4(config-router-af)#neighbor 10.0.1.2 activateM8850_R1_PE4(config-router-af)#neighbor 10.0.1.2 send-community extendedM8850_R1_PE4(config-router-af)#neighbor 10.0.1.3 activateM8850_R1_PE4(config-router-af)#neighbor 10.0.1.3 send-community extendedM8850_R1_PE4(config-router-af)#exit-address-familyM8850_R1_PE4(config-router)#^ZM8850_R1_PE4#Step 4
M8850_R1_PE4#configure terminalEnter configuration commands, one per line. End with CNTL/Z.M8850_R1_PE4(config)#router bgp 100M8850_R1_PE4(config-router)#address-family ipv4 vrf vpn1M8850_R1_PE4(config-router-af)#redistribute connectedM8850_R1_PE4(config-router-af)#neighbor 192.168.40.2 remote-as 65040M8850_R1_PE4(config-router-af)#neighbor 192.168.40.2 activateM8850_R1_PE4(config-router-af)#no auto-summaryM8850_R1_PE4(config-router-af)#no synchronizationM8850_R1_PE4(config-router-af)#exit-address-familyM8850_R1_PE4(config-router)#^ZM8850_R1_PE4#The following section shows the essential configuration for each CE router in the cell-based MPLS example network used throughout this chapter.
The C4700_CH_CE1 router essentials are as follows:
interface Loopback0ip address 10.1.1.1 255.255.255.255interface FastEthernet1description Connected to M8950_SF_PE1ip address 192.168.10.2 255.255.255.252half-duplexno cdp enablerouter bgp 65010bgp log-neighbor-changesredistribute connectedneighbor 192.168.10.1 remote-as 100no auto-summaryThe C7204_DC_CE2 router essentials are as follows:
interface Loopback0ip address 10.2.1.1 255.255.255.255interface FastEthernet1/1description Connected to M8950_DC_PE2ip address 192.168.20.2 255.255.255.252half-duplexno cdp enablerouter bgp 65020bgp log-neighbor-changesredistribute connectedneighbor 192.168.20.1 remote-as 100no auto-summaryThe C4700_NY_CE3 router essentials are as follows:
interface Loopback0ip address 10.3.1.1 255.255.255.255interface FastEthernet0description Connected to PXM1E_SJ_PE3ip address 192.168.30.2 255.255.255.252half-duplexno cdp enablerouter bgp 65030bgp log-neighbor-changesredistribute connectedneighbor 192.168.30.1 remote-as 100no auto-summaryThe C2621_NY_CE4 router essentials are as follows:
interface Loopback0ip address 10.4.1.1 255.255.255.255no ip directed-broadcastinterface FastEthernet0/1description Connected to M8850_R1_PE4ip address 192.168.40.2 255.255.255.252no ip directed-broadcastno cdp enablerouter bgp 65040bgp log-neighbor-changesredistribute connectedneighbor 192.168.40.1 remote-as 100no auto-summaryFrame-based MPLS
This section focuses on configuring the RPM-PR frame-based MPLS as an ELSR on the Cisco MGX 8850 (PXM1E/PXM45) shelf. Numerous VCs, known as MPLS Label Virtual Circuits (LVCs) are used to connect a pair of frame-based MPLS devices. The LVCs are established under the direct control of MPLS signaling, and each LVC corresponds to a distinct MPLS label value.
Features
Frame-based MPLS on the RPM-PR supports the following features:
•
•
•
•
•
•
•
•
Note
•
These connection limits stem from the Cisco MGX 8850 platform, and not the MPLS feature. However, if the platform imposes the limit, the MPLS feature does not support any capacity beyond them.
•
•
•
•
Configuring Frame-based MPLS on the RPM-PR
This section provides the procedures to configure frame-based MPLS on the RPM-PR in the example network as shown in Figure 7-5. In this example, the topology includes three PEs (labeled M8830_CH_PE1, M8850_LA_PE2, and PXM1E_SJ_PE3) configured in a full mesh network.
Figure 7-5 Frame-based MPLS Network Topology
To configure frame-based MPLS, perform the following tasks for each PE in the network:
•
•
Configuring an RPM-PR as an ELSR
Perform the following steps to configure the RPM-PR in M8830_CH as an ELSR:
Step 1
Router>enable Password: Router#config terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname M8830_CH_PE1 M8830_CH_PE1(config)#ip cef M8830_CH_PE1(config)#mpls ldp router-id loopback <n> M8830_CH_PE1(config)#interface loopback0 M8830_CH_PE1(config-if)#ip address 10.0.0.1 255.255.255.255 M8830_CH_PE1(config-if)#exit M8830_CH_PE1(config)#interface FastEthernet1/1 M8830_CH_PE1(config-if)#description Connected to C3620_SF_CE1 M8830_CH_PE1(config-if)#ip address 192.168.1.1 255.255.255.252 M8830_CH_PE1(config-if)#load-interval 30 M8830_CH_PE1(config-if)#no cdp enable M8830_CH_PE1(config-if)#no shut M8830_CH_PE1(config-if)#^Z M8830_CH_PE1#Step 2
M8830_CH_PE1#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8830_CH_PE1(config)#interface Switch1 M8830_CH_PE1(config-if)#no ip address M8830_CH_PE1(config-if)#no ip redirects M8830_CH_PE1(config-if)#no ip unreachables M8830_CH_PE1(config-if)#no ip proxy-arp M8830_CH_PE1(config-if)#load-interval 30 M8830_CH_PE1(config-if)#no atm ilmi-keepalive M8830_CH_PE1(config-if)#no rpm-sar-auto-recovery M8830_CH_PE1(config-if)#rpm-auto-cbclk-change M8830_CH_PE1(config-if)#switch partition vcc 1 2 M8830_CH_PE1(config-if-swpart)#ingress-percentage-bandwidth 50 100 M8830_CH_PE1(config-if-swpart)#egress-percentage-bandwidth 50 100 M8830_CH_PE1(config-if-swpart)#vpi 0 0 M8830_CH_PE1(config-if-swpart)#vci 32 3808 M8830_CH_PE1(config-if-swpart)#^Z M8830_CH_PE1#Perform the following steps to configure the RPM-PR in M8850_LA as an ELSR:
Step 1
Router>enable Password: Router#config terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname M8850_LA_PE2 M8850_LA_PE2(config)#ip cef M8850_LA_PE2(config)#mpls ldp router-id loopback <n> M8850_LA_PE2(config)#interface loopback0 M8850_LA_PE2(config-if)#ip address 10.0.0.2 255.255.255.255 M8850_LA_PE2(config-if)#exit M8850_LA_PE2(config)#interface FastEthernet2/1 M8850_LA_PE2(config-if)#description Connected to C3620_LA_CE2 M8850_LA_PE2(config-if)#ip address 192.168.2.1 255.255.255.252 M8850_LA_PE2(config-if)#load-interval 30 M8850_LA_PE2(config-if)#no cdp enable M8850_LA_PE2(config-if)#no shut M8850_LA_PE2(config-if)#^Z M8850_LA_PE2#Step 2
M8850_LA_PE2#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8850_LA_PE2(config)#interface Switch1 M8850_LA_PE2(config-if)#no ip address M8850_LA_PE2(config-if)#no ip redirects M8850_LA_PE2(config-if)#no ip unreachables M8850_LA_PE2(config-if)#no ip proxy-arp M8850_LA_PE2(config-if)#load-interval 30 M8850_LA_PE2(config-if)#no atm ilmi-keepalive M8850_LA_PE2(config-if)#no rpm-sar-auto-recovery M8850_LA_PE2(config-if)#rpm-auto-cbclk-change M8850_LA_PE2(config-if)#switch partition vcc 1 2 M8850_LA_PE2(config-if-swpart)#ingress-percentage-bandwidth 50 100 M8850_LA_PE2(config-if-swpart)#egress-percentage-bandwidth 50 100 M8850_LA_PE2(config-if-swpart)#vpi 0 0 M8850_LA_PE2(config-if-swpart)#vci 32 3808 M8850_LA_PE2(config-if-swpart)#^Z M8850_LA_PE2#Perform the following steps to configure the RPM-PR in PXM1E_SJ as an ELSR:
Step 1
Router>enable Password: Router#config terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname PXM1E_SJ_PE3 PXM1E_SJ_PE3(config)#ip cef PXM1E_SJ_PE3(config)#mpls ldp router-id loopback <n> PXM1E_SJ_PE3(config)#interface Loopback0 PXM1E_SJ_PE3(config-if)#ip address 10.0.0.3 255.255.255.255 PXM1E_SJ_PE3(config-if)#exit PXM1E_SJ_PE3(config)#interface FastEthernet2/1 PXM1E_SJ_PE3(config-if)#description Connected to C2621_SJ_CE3 PXM1E_SJ_PE3(config-if)#ip address 192.168.3.1 255.255.255.252 PXM1E_SJ_PE3(config-if)#load-interval 30 PXM1E_SJ_PE3(config-if)#duplex full PXM1E_SJ_PE3(config-if)#no cdp enable PXM1E_SJ_PE3(config-if)#no shut PXM1E_SJ_PE3(config-if)#^Z PXM1E_SJ_PE3#Step 2
PXM1E_SJ_PE3#config terminal Enter configuration commands, one per line. End with CNTL/Z. PXM1E_SJ_PE3(config)#interface Switch1 PXM1E_SJ_PE3(config-if)#no ip address PXM1E_SJ_PE3(config-if)#no ip redirects PXM1E_SJ_PE3(config-if)#no ip unreachables PXM1E_SJ_PE3(config-if)#no ip proxy-arp PXM1E_SJ_PE3(config-if)#load-interval 30 PXM1E_SJ_PE3(config-if)#no atm ilmi-keepalive PXM1E_SJ_PE3(config-if)#no rpm-sar-auto-recovery PXM1E_SJ_PE3(config-if)#rpm-auto-cbclk-change PXM1E_SJ_PE3(config-if)#switch partition vcc 1 2 PXM1E_SJ_PE3(config-if-swpart)#ingress-percentage-bandwidth 50 100 PXM1E_SJ_PE3(config-if-swpart)#egress-percentage-bandwidth 50 100 PXM1E_SJ_PE3(config-if-swpart)#vpi 0 0 PXM1E_SJ_PE3(config-if-swpart)#vci 32 3808 PXM1E_SJ_PE3(config-if-swpart)#^Z PXM1E_SJ_PE3#
Connecting MPLS Service Between the ELSRs
This section describes how to provision a full mesh network between each of the PE routers using PVCs. After you have set up the slave side of the PVC, you must obtain the NSAP address of the slave side of this connection and enter it when configuring the master side of the connection. To view the NSAP address of the slave side of the connection, log on to the PXM card and enter the dspcons command to display the connection as follows:
M8830_CH.1.PXM.a > dspcons Local Port Vpi. Vci Remote Port Vpi. Vci State Owner Pri Persistency ----------------------+-------------------------+---------+--------+---+----------- 3.1 0 101 Routed 0 0 FAIL SLAVE - Persistent Local Addr: 47.00918100000000001a538943.000001011b01.00 Remote Addr: 00.000000000000000000000000.000000000000.00 Preferred Route ID:- Cast Type: P2P M8830_CH.1.PXM.a >Copy the Local Address from the display and paste it in when adding the master side of the connection with the switch connection vcc command.
Perform the following steps to connect MPLS service between M8830_CH_PE1 and the other two ELSRs in the example network:
Step 1
M8830_CH_PE1#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8830_CH_PE1(config)#interface Switch1.1 point-to-point M8830_CH_PE1(config-subif)#description Connected to M8850_LA_PE2 M8830_CH_PE1(config-subif)#ip address 10.1.0.1 255.255.255.0 M8830_CH_PE1(config-subif)#tag-switching ip M8830_CH_PE1(config-subif)#pvc 0/101 M8830_CH_PE1(config-if-atm-vc)#vbr-nrt 256 256 256 M8830_CH_PE1(config-if-atm-vc)#encapsulation aal5snap M8830_CH_PE1(config-if-atm-vc)#switch connection vcc 0 101 master remote M8830_CH_PE1(config-if-swconn)#^Z M8830_CH_PE1#Step 2
M8830_CH_PE1#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8830_CH_PE1(config)#interface Switch1.2 point-to-point M8830_CH_PE1(config-subif)#description Connected to PXM1E_SJ_PE3 M8830_CH_PE1(config-subif)#ip address 10.2.0.1 255.255.255.0 M8830_CH_PE1(config-subif)#tag-switching ip M8830_CH_PE1(config-subif)#pvc 0/102 M8830_CH_PE1(config-if-atm-vc)#vbr-nrt 256 256 256 M8830_CH_PE1(config-if-atm-vc)#encapsulation aal5snap M8830_CH_PE1(config-if-atm-vc)#switch connection vcc 0 102 master local raddr 47.00918100000000001A533377.000001074B01.00 0 102 M8830_CH_PE1(config-if-swconn)#^Z M8830_CH_PE1#Step 3
M8830_CH_PE1#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8830_CH_PE1(config)#router ospf 100 M8830_CH_PE1(config-router)#log-adjacency-changes M8830_CH_PE1(config-router)#network 10.0.0.0 0.0.0.255 area 0 M8830_CH_PE1(config-router)#network 10.1.0.0 0.0.0.255 area 0 M8830_CH_PE1(config-router)#network 10.2.0.0 0.0.0.255 area 0 M8830_CH_PE1(config-router)#^Z M8830_CH_PE1#Perform the following steps to connect MPLS service between M8850_LA_PE2 and the other two ELSRs in the example network:
Step 1
M8850_LA_PE2#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8850_LA_PE2(config)#interface Switch1.1 point-to-point M8850_LA_PE2(config-subif)#description Connected to M8830_CH_PE1 M8850_LA_PE2(config-subif)#ip address 10.1.0.2 255.255.255.0 M8850_LA_PE2(config-subif)#tag-switching ip M8850_LA_PE2(config-subif)#pvc 0/101 M8850_LA_PE2(config-if-atm-vc)#vbr-nrt 256 256 256 M8850_LA_PE2(config-if-atm-vc)#encapsulation aal5snap M8850_LA_PE2(config-if-atm-vc)#switch connection vcc 0 101 master local raddr 47.00918100000000001A538943.000001011B01.00 0 101 M8850_LA_PE2(config-if-swconn)#^Z M8850_LA_PE2#Step 2
M8850_LA_PE2#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8850_LA_PE2(config)#interface Switch1.2 point-to-point M8850_LA_PE2(config-subif)#description Connected to PXM1E_SJ_PE3 M8850_LA_PE2(config-subif)#ip address 10.3.0.1 255.255.255.0 M8850_LA_PE2(config-subif)#tag-switching ip M8850_LA_PE2(config-subif)#pvc 0/103 M8850_LA_PE2(config-if-atm-vc)#vbr-nrt 256 256 256 M8850_LA_PE2(config-if-atm-vc)#encapsulation aal5snap M8850_LA_PE2(config-if-atm-vc)#switch connection vcc 0 103 master remote M8850_LA_PE2(config-if-swconn)#^Z M8850_LA_PE2#Step 3
M8850_LA_PE2#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8850_LA_PE2(config)#router ospf 100 M8850_LA_PE2(config-router)#log-adjacency-changes M8850_LA_PE2(config-router)#network 10.0.0.0 0.0.0.255 area 0 M8850_LA_PE2(config-router)#network 10.1.0.0 0.0.0.255 area 0 M8850_LA_PE2(config-router)#network 10.3.0.0 0.0.0.255 area 0 M8850_LA_PE2(config-router)#^Z M8850_LA_PE2#Perform the following steps to connect MPLS service between PXM1E_SJ_PE3 and the other two ELSRs in the example network:
Step 1
PXM1E_SJ_PE3#config terminal Enter configuration commands, one per line. End with CNTL/Z. PXM1E_SJ_PE3(config)#interface Switch1.1 point-to-point PXM1E_SJ_PE3(config-subif)#description Connected to M8830_CH_PE1 PXM1E_SJ_PE3(config-subif)#ip address 10.2.0.2 255.255.255.0 PXM1E_SJ_PE3(config-subif)#tag-switching ip PXM1E_SJ_PE3(config-subif)#pvc 0/102 PXM1E_SJ_PE3(config-if-atm-vc)#vbr-nrt 256 256 256 PXM1E_SJ_PE3(config-if-atm-vc)#encapsulation aal5snap PXM1E_SJ_PE3(config-if-atm-vc)#switch connection vcc 0 102 master remote PXM1E_SJ_PE3(config-if-swconn)#^Z PXM1E_SJ_PE3#Step 2
PXM1E_SJ_PE3#config terminal Enter configuration commands, one per line. End with CNTL/Z. PXM1E_SJ_PE3(config)#interface Switch1.2 point-to-point PXM1E_SJ_PE3(config-subif)#description Connected to M8850_LA_PE2 PXM1E_SJ_PE3(config-subif)#ip address 10.3.0.2 255.255.255.0 PXM1E_SJ_PE3(config-subif)#tag-switching ip PXM1E_SJ_PE3(config-subif)#pvc 0/103 PXM1E_SJ_PE3(config-if-atm-vc)#vbr-nrt 256 256 256 PXM1E_SJ_PE3(config-if-atm-vc)#encapsulation aal5snap PXM1E_SJ_PE3(config-if-atm-vc)#switch connection vcc 0 103 master local raddr 47.00918100000000036B5E2BB2.000001074B01.00 0 103 PXM1E_SJ_PE3(config-if-swconn)#^Z PXM1E_SJ_PE3#Step 3
PXM1E_SJ_PE3#config terminal Enter configuration commands, one per line. End with CNTL/Z. PXM1E_SJ_PE3(config)#router ospf 100 PXM1E_SJ_PE3(config-router)#log-adjacency-changes PXM1E_SJ_PE3(config-router)#network 10.0.0.0 0.0.0.255 area 0 PXM1E_SJ_PE3(config-router)#network 10.2.0.0 0.0.0.255 area 0 PXM1E_SJ_PE3(config-router)#network 10.3.0.0 0.0.0.255 area 0 PXM1E_SJ_PE3(config-router)#^Z PXM1E_SJ_PE3#
Configuring a Frame-based MPLS VPN
A general discussion on how VPNs work and how to set up a VPN is covered in the "VPN Overview" section. The following procedures describe how to set up a VPN for the frame-based MPLS example network used throughout this chapter.
Perform the following steps to configure a VPN on M8830_CH_PE1:
Step 1
M8830_CH_PE1#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8830_CH_PE1(config)#ip vrf vpn1 M8830_CH_PE1(config-vrf)#rd 100:1 M8830_CH_PE1(config-vrf)#route-target export 100:1 M8830_CH_PE1(config-vrf)#route-target import 100:1 M8830_CH_PE1(config-vrf)#^Z M8830_CH_PE1#Step 2
M8830_CH_PE1#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8830_CH_PE1(config)#interface FastEthernet1/1 M8830_CH_PE1(config-if)#ip vrf forwarding vpn1 % Interface FastEthernet1/1 IP address 192.168.1.1 removed due to enabling VRF vpn1 M8830_CH_PE1(config-if)#ip address 192.168.1.1 255.255.255.252 M8830_CH_PE1(config-if)#^Z M8830_CH_PE1#Step 3
M8830_CH_PE1#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8830_CH_PE1(config)#router bgp 100 M8830_CH_PE1(config-router)#bgp log-neighbor-changes M8830_CH_PE1(config-router)#neighbor 10.0.0.2 remote-as 100 M8830_CH_PE1(config-router)#neighbor 10.0.0.2 update-source Loopback0 M8830_CH_PE1(config-router)#neighbor 10.0.0.3 remote-as 100 M8830_CH_PE1(config-router)#neighbor 10.0.0.3 update-source Loopback0 M8830_CH_PE1(config-router)#address-family ipv4 M8830_CH_PE1(config-router-af)#neighbor 10.0.0.2 activate M8830_CH_PE1(config-router-af)#neighbor 10.0.0.2 send-community both M8830_CH_PE1(config-router-af)#neighbor 10.0.0.3 activate M8830_CH_PE1(config-router-af)#neighbor 10.0.0.3 send-community both M8830_CH_PE1(config-router-af)#no auto-summary M8830_CH_PE1(config-router-af)#no synchronization M8830_CH_PE1(config-router-af)#exit-address-family M8830_CH_PE1(config-router)#address-family vpnv4 M8830_CH_PE1(config-router-af)#neighbor 10.0.0.2 activate M8830_CH_PE1(config-router-af)#neighbor 10.0.0.2 send-community both M8830_CH_PE1(config-router-af)#neighbor 10.0.0.3 activate M8830_CH_PE1(config-router-af)#neighbor 10.0.0.3 send-community both M8830_CH_PE1(config-router-af)#exit-address-family M8830_CH_PE1(config-router)#^Z M8830_CH_PE1#Step 4
M8830_CH_PE1#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8830_CH_PE1(config)#router bgp 100 M8830_CH_PE1(config-router)#address-family ipv4 vrf vpn1 M8830_CH_PE1(config-router-af)#redistribute connected M8830_CH_PE1(config-router-af)#neighbor 192.168.1.2 remote-as 65001 M8830_CH_PE1(config-router-af)#neighbor 192.168.1.2 activate M8830_CH_PE1(config-router-af)#no auto-summary M8830_CH_PE1(config-router-af)#no synchronization M8830_CH_PE1(config-router-af)#exit-address-family M8830_CH_PE1(config-router)#^Z M8830_CH_PE1#Perform the following steps to configure a VPN on M8850_LA_PE2:
Step 1
M8850_LA_PE2#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8850_LA_PE2(config)#ip vrf vpn1 M8850_LA_PE2(config-vrf)#rd 100:1 M8850_LA_PE2(config-vrf)#route-target export 100:1 M8850_LA_PE2(config-vrf)#route-target import 100:1 M8850_LA_PE2(config-vrf)#^Z M8850_LA_PE2#Step 2
M8850_LA_PE2#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8850_LA_PE2(config)#interface FastEthernet2/1 M8850_LA_PE2(config-if)#ip vrf forwarding vpn1 % Interface FastEthernet2/1 IP address 192.168.2.1 removed due to enabling VRF vpn1 M8850_LA_PE2(config-if)#ip address 192.168.2.1 255.255.255.252 M8850_LA_PE2(config-if)#^Z M8850_LA_PE2#Step 3
M8850_LA_PE2#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8850_LA_PE2(config)#router bgp 100 M8850_LA_PE2(config-router)#bgp log-neighbor-changes M8850_LA_PE2(config-router)#neighbor 10.0.0.1 remote-as 100 M8850_LA_PE2(config-router)#neighbor 10.0.0.1 update-source Loopback0 M8850_LA_PE2(config-router)#neighbor 10.0.0.3 remote-as 100 M8850_LA_PE2(config-router)#neighbor 10.0.0.3 update-source Loopback0 M8850_LA_PE2(config-router)#address-family ipv4 M8850_LA_PE2(config-router-af)#neighbor 10.0.0.1 activate M8850_LA_PE2(config-router-af)#neighbor 10.0.0.1 send-community both M8850_LA_PE2(config-router-af)#neighbor 10.0.0.3 activate M8850_LA_PE2(config-router-af)#neighbor 10.0.0.3 send-community both M8850_LA_PE2(config-router-af)#no auto-summary M8850_LA_PE2(config-router-af)#no synchronization M8850_LA_PE2(config-router-af)#exit-address-family M8850_LA_PE2(config-router)#address-family vpnv4 M8850_LA_PE2(config-router-af)#neighbor 10.0.0.1 activate M8850_LA_PE2(config-router-af)#neighbor 10.0.0.1 send-community both M8850_LA_PE2(config-router-af)#neighbor 10.0.0.3 activate M8850_LA_PE2(config-router-af)#neighbor 10.0.0.3 send-community both M8850_LA_PE2(config-router-af)#exit-address-family M8850_LA_PE2(config-router)#^Z M8850_LA_PE2#Step 4
M8850_LA_PE2#config terminal Enter configuration commands, one per line. End with CNTL/Z. M8850_LA_PE2(config)#router bgp 100 M8850_LA_PE2(config-router)#address-family ipv4 vrf vpn1 M8850_LA_PE2(config-router-af)#redistribute connected M8850_LA_PE2(config-router-af)#neighbor 192.168.2.2 remote-as 65002 M8850_LA_PE2(config-router-af)#neighbor 192.168.2.2 activate M8850_LA_PE2(config-router-af)#no auto-summary M8850_LA_PE2(config-router-af)#no synchronization M8850_LA_PE2(config-router-af)#exit-address-family M8850_LA_PE2(config-router)#^Z M8850_LA_PE2#Perform the following steps to configure a VPN on PXM1E_SJ_PE3:
Step 1
PXM1E_SJ_PE3#config terminal Enter configuration commands, one per line. End with CNTL/Z. PXM1E_SJ_PE3(config)#ip vrf vpn1 PXM1E_SJ_PE3(config-vrf)#rd 100:1 PXM1E_SJ_PE3(config-vrf)#route-target export 100:1 PXM1E_SJ_PE3(config-vrf)#route-target import 100:1 PXM1E_SJ_PE3(config-vrf)#^Z PXM1E_SJ_PE3#Step 2
PXM1E_SJ_PE3#config terminal Enter configuration commands, one per line. End with CNTL/Z. PXM1E_SJ_PE3(config)#interface FastEthernet2/1 PXM1E_SJ_PE3(config-if)#ip vrf forwarding vpn1 % Interface FastEthernet2/1 IP address 192.168.3.1 removed due to enabling VRF vpn1 PXM1E_SJ_PE3(config-if)#ip address 192.168.3.1 255.255.255.252 PXM1E_SJ_PE3(config-if)#^Z PXM1E_SJ_PE3#Step 3
PXM1E_SJ_PE3#config terminal Enter configuration commands, one per line. End with CNTL/Z. PXM1E_SJ_PE3(config)#router bgp 100 PXM1E_SJ_PE3(config-router)#bgp log-neighbor-changes PXM1E_SJ_PE3(config-router)#neighbor 10.0.0.1 remote-as 100 PXM1E_SJ_PE3(config-router)#neighbor 10.0.0.1 update-source Loopback0 PXM1E_SJ_PE3(config-router)#neighbor 10.0.0.2 remote-as 100 PXM1E_SJ_PE3(config-router)#neighbor 10.0.0.2 update-source Loopback0 PXM1E_SJ_PE3(config-router)#address-family ipv4 PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.0.1 activate PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.0.1 send-community both PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.0.2 activate PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.0.2 send-community both PXM1E_SJ_PE3(config-router-af)#no auto-summary PXM1E_SJ_PE3(config-router-af)#no synchronization PXM1E_SJ_PE3(config-router-af)#exit-address-family PXM1E_SJ_PE3(config-router)#address-family vpnv4 PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.0.1 activate PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.0.1 send-community both PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.0.2 activate PXM1E_SJ_PE3(config-router-af)#neighbor 10.0.0.2 send-community both PXM1E_SJ_PE3(config-router-af)#exit-address-family PXM1E_SJ_PE3(config-router)#^Z PXM1E_SJ_PE3#Step 4
PXM1E_SJ_PE3#config terminal Enter configuration commands, one per line. End with CNTL/Z. PXM1E_SJ_PE3(config)#router bgp 100 PXM1E_SJ_PE3(config-router)#address-family ipv4 vrf vpn1 PXM1E_SJ_PE3(config-router-af)#redistribute connected PXM1E_SJ_PE3(config-router-af)#neighbor 192.168.3.2 remote-as 65003 PXM1E_SJ_PE3(config-router-af)#neighbor 192.168.3.2 activate PXM1E_SJ_PE3(config-router-af)#no auto-summary PXM1E_SJ_PE3(config-router-af)#no synchronization PXM1E_SJ_PE3(config-router-af)#exit-address-family PXM1E_SJ_PE3(config-router)#^Z PXM1E_SJ_PE3#The following section shows the essential configuration for each CE router in the frame-based MPLS example network used throughout this chapter.
The C3620_SF_CE1 router essentials are as follows:
interface Loopback0ip address 1.1.1.1 255.255.255.255interface FastEthernet0/1description Connected to M8830_CH_PE1ip address 192.168.1.2 255.255.255.252speed 100half-duplexno cdp enablerouter bgp 65001bgp log-neighbor-changesredistribute connectedneighbor 192.168.1.1 remote-as 100The C3620_LA_CE2 router essentials are as follows:
interface Loopback0ip address 2.1.1.1 255.255.255.255interface FastEthernet0/1description Connected to M8850_LA_PE2ip address 192.168.2.2 255.255.255.252speed 100half-duplexno cdp enablerouter bgp 65002bgp log-neighbor-changesredistribute connectedneighbor 192.168.2.1 remote-as 100The C2621_SJ_CE3 router essentials are as follows:
interface Loopback0ip address 3.1.1.1 255.255.255.255no ip directed-broadcastinterface FastEthernet0/1description Connected to PXM1E_SJ_PE3ip address 192.168.3.2 255.255.255.252no ip directed-broadcastno cdp enablerouter bgp 65003bgp log-neighbor-changesredistribute connectedneighbor 192.168.3.1 remote-as 100VPN Overview
VPNs provide the appearance, functions, and usefulness of a dedicated private network. The VPN feature for MPLS allows a Cisco IOS network to deploy scalable IPv4 Layer 3 VPN backbone service with private addressing, controlled access, and service-level guarantees between sites.
VPNs are supported by service provider networks over which labeled packets are forwarded from RPM-PR ELSRs to other RPM-PR ELSRs. A VPN service creates multiple private network environments within the public infrastructure. Service providers can use VPNs to target a given clientele and deliver individualized private network services to that clientele in a secure IP environment by using the public infrastructure.
Requirements
The requirements for an effective VPN are as follows:
•
•
•
•
MPLS VPN Features
Beyond the functions of an IP VPN, the VPN features for MPLS allow a Cisco IOS network to deploy the following scalable IPv4 Layer 3 VPN backbone services:
•
•
•
•
Note
•
•
•
Supported Platforms
All Cisco routers, including the Cisco 3600 Series, the Cisco MGX 8850 series equipped with RPMs, and the Cisco 6400 Series, as well as several other devices, support VPNs. Any LSR-capable platform can serve in the backbone. In addition to devices already mentioned, the LS 1010 ATM Switch, 8540 MSR, and the BPX 8650 Switch also support VPNs. Non-MPLS capable ATM switches can also be used, as they can carry MPLS over PVCs or PVPs.
How VPNs Work
Each VPN is associated with one or more VPN routing/forwarding instances (VRFs), which defines a VPN at a customer site attached to a PE router. A VRF table consists of the following components:
•
•
•
•
VPNs for MPLS
A customer site can be a member of multiple VPNs. However, a site can be associated with only one VRF. A customer site's VRF contains all routes available to the site from the associated VPNs.
The IP routing table and CEF table for each VRF store packet forwarding information. (Together, these tables are analogous to the forwarding information base [FIB] used in MPLS.) A logically separate set of routing and CEF tables is constructed for each VRF. These tables prevent packets from being forwarded outside a VPN and prevent packets outside a VPN from being forwarded to a router within the VPN.
VPN Route-Target Communities and Export and Import Lists
The distribution of VPN routing information is controlled through the use of VPN route-target communities, implemented by BGP extended communities. Distribution works as follows:
•
•
iBGP Distribution of VPN Routing Information
A PER learns an IP prefix from a CE router through static configuration, a BGP session, RIP, or OSPF. The PER then generates a VPN-IPv4 (vpnv4) prefix by linking an 8-byte route distinguisher to the IP prefix. The VPN-IPv4 address uniquely identifies hosts within each VPN site, even if the site uses globally non-unique (unregistered private) IP addresses. The route distinguisher used to create the VPN-IPv4 prefix is specified by a configuration command on the PER.
BGP uses VPN-IPv4 addresses to distribute network reachability information for each VPN within a service provider network. In building and maintaining routing tables, BGP sends routing messages within (interior BGP or iBGP) or between IP domains (exterior BGP or eBGP).
BGP propagates vpnv4 information using BGP multiprotocol extensions for handling extended addresses. Refer to RFC 2283, Multiprotocol Extensions for BGP-4. BGP propagates reachability information (expressed as VPN-IPv4 addresses) among PE routers; reachability information for a given VPN is propagated only to members of that VPN. BGP multiprotocol extensions identify valid recipients of VPN routing information.
Label Forwarding
Based on the routing information stored in each VRF's IP routing and CEF tables, MPLS uses extended VPN-IPv4 addresses to forward packets to their destinations.
To achieve this, an MPLS label is associated with each customer route. The PE router assigns the route originator's label and directs data packets to the correct CE router. Tag forwarding across the provider backbone is based on dynamic IP paths or Traffic Engineered paths.
A customer data packet has the following two levels of labels attached when it is forwarded across the backbone.
•
•
The PE router associates each CE router with a forwarding table that contains only the set of routes that are available to that CE router.
Examples of VPN Topologies
A VPN contains customer devices attached to CE routers. These customer devices use the VPN to exchange data. Only the PE routers are aware of the VPN.
An example of a VPN with a service provider (P) backbone network, PE, and CE routers is shown in Figure 7-6.
Figure 7-6 VPN with a Service Provider (P) Backbone Network
Three VPNs communicating with five customer sites are shown in Figure 7-7. Notice that sites 1, 3, and 4 are members of two VPNs.
Figure 7-7 VPNs Communicate with Customer Sites
Configuring a VPN
This section explains how to configure the RPM-PR for VPN operation. It begins by listing the prerequisites for VPN configuration, then gives the configuration steps.
Prerequisites for VPN Operation
The network must be running the following Cisco IOS services before you can configure VPN operation:
•
•
•
•
Complete the following tasks before you configure VPN operation:
•
•
•
Configuring VPN Operation
This section describes how to configure routing protocols and create VRFs for a VPN. See the "Configuring Frame-based MPLS on the RPM-PR" section for the commands used in the tasks. Perform the following four tasks to configure and verify VPNs in your network:
1.
2.
3.
4.
Configuring VRFs
To create a VRF, perform the following steps on the provider edge router.
Step 1
RPM(config)# ip vrf vrf-nameStep 2
RPM(config-vrf)# rd route-distinguisherStep 3
RPM(config-if)# ip vrf forwarding vrf-nameStep 4
RPM(config-router)# address-family ipv4 vrf nameRPM(config-router-af)# aggregate-addressRPM(config-router-af)# auto-summaryRPM(config-router-af)# default-information originateRPM(config-router-af)# default-metric ...RPM(config-router-af)# distance ...RPM(config-router-af)# distribute-list ...RPM(config-router-af)# network ...RPM(config-router-af)# neighbor ...RPM(config-router-af)# redistribute ...RPM(config-router-af)# synchronizationRPM(config-router-af)# table-map...
Note
Step 5
Note
RPM(config-router)# address-family ipv4 vrf nameRPM(config-router-af)# auto-summaryRPM(config-router-af)# default-information originateRPM(config-router-af)# default-metric ...RPM(config-router-af)# distance ...RPM(config-router-af)# network ...RPM(config-router-af)# offset-list ...RPM(config-router-af)# redistribute ...Step 6
RPM(config-router-af)# exit-address-familyStep 7
RPM(config)# ip route [vrf vrf-name] destination <interface> ip_address
Configuring BGP
To configure router address families, define sessions, and set global variables for routing protocols, perform the following steps with the PE router in configuration mode.
Step 1
RPM(config-router)# address-family {ipv4 | vpnv4}[unicast | multicast]Step 2
RPM(config-router-af)# neighbor address | peer-group} remote-as as-numberRPM(config-router-af)# neighbor address | peer-group} update-source interfaceRPM(config-router-af)# neighbor peer-group peer-groupRPM(config-router-af)# neighbor address peer-group peer-groupStep 3
This command is required on a PE that establishes BGP sessions with CE routers. To enable advertisement of IPv4 prefixes for a particular neighbor, enter address-family mode for IPv4 then enter the neighbor...activate command for the neighbor.
RPM(config-router)# no bgp default ipv4-activateFor a particular address family, enter neighbor... activate.
RPM(config-router-af)# [no] neighbor address |peer-group} activateStep 4
RPM(config-router)# bgp always-compare-medRPM(config-router)# bgp bestpath ...RPM(config-router)# bgp client-to-client reflectionRPM(config-router)# bgp cluster-id ...RPM(config-router)# bgp confederation ...RPM(config-router)# bgp default local-preference ...RPM(config-router)# bgp deterministic-med ...RPM(config-router)# bgp fast-external-fallover ...RPM(config-router)# bgp log-neighbor-changesRPM(config-router)# bgp redistribute-internalRPM(config-router)# bgp router-id ...RPM(config-router)# timers bgp ...Step 5
All BGP configuration commands supported in previous versions of IOS are valid for address family IPv4 unicast. These commands affect either all IPv4 instances or the default IPv4 routing table. For backward compatibility, these commands can be entered in either router config mode or in address family mode for ipv4 unicast. See Step 3 for information on the command no bgp default ipv4-activate.
RPM(config-router)# bgp ...Step 6
RPM(config-router)# bgp dampening ...RPM(config-router)# neighbor ...RPM(config-router)# neighbor address | peer-group}activateStep 7
Note
RPM(config-router)# neighbor address remote-as as-numberRPM(config-router)# neighbor address update-source interfaceStep 8
RPM(config-router)# address-family vpnv4RPM(config-router-af)# neighbor address activate
Configure Import and Export Routes
To configure VRF route target extended communities and import route maps, perform the following steps with the PE router in configuration mode.
Step 1
RPM(config)# ip vrf vrf-nameStep 2
RPM(config-vrf)# route-target import community-distinguisherStep 3
RPM(config-vrf)# route-target export community-distinguisherStep 4
RPM(config-vrf)# import map route-map
Checking the VRFs
Perform the following steps to verify the VPN configuration.
Step 1
RPM# show ip vrfStep 2
RPM# show ip vrf detailStep 3
RPM# show ip route vrf vrf-nameStep 4
RPM# show ip protocols vrf vrf-nameStep 5
RPM# show ip cef vrf vrf-nameStep 6
RPM# show ip interface interface-numberRPM# show cef interface interface-numberStep 7
The keyword all displays the entire database. The keyword rd displays NLRIs that match the specified route distinguisher. The keyword vrf displays NLRIs with the specified VRF. Add the keyword tags after any of the other keywords and arguments to list the tags distributed with the VPNv4 NLRIs.
RPM # show ip bgp vpnv4 all [tags]RPM # show ip bgp vpnv4 rd route-distinguisher [tags]RPM # show ip bgp vpnv4 vrf vrf-name [tags]Step 8
RPM # show mpls forwarding vrf vrf-name [prefix mask/length] [detail]Step 9
RPM # ping vrf vpn 1.1.1.1where 1.1.1.1 is the destination address
Step 10
telnet 1.1.1.1 /vrf vpn
