The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This module explains how to configure MPLS/VPN support. Both the SCE platform and the SM must be properly configured.
•Configuring the MPLS Environment
•How to Configure the SCE Platform for MPLS/VPN Support
•How to Configure the SM for MPLS/VPN Support
In order for MPLS/VPN support to function, the environment must be configured correctly, specifically the following are required:
•All other tunneling protocols should be configured to the default mode.
•The MPLS auto-learning mechanism must be enabled.
Check the running configuration to verify no user-configured values appear for tunneling protocols or VLAN support, indicating that they are all in default mode.
Step 1 From the SCE# prompt, type show running-config
and press Enter.
Displays the running configuration.
Step 2 Check that no VLAN or L2TP configuration appears.
If either VLAN or tunneling support is in default mode, skip the relevant step in the following procedure.
Step 1 From the SCE(config if)# prompt, type default vlan
and press Enter.
Configures VLAN support to default mode.
Step 2 From the SCE(config if)# prompt, type no IP-tunnel
and press Enter.
Disables all other tunneling protocol support.
Note All subscribers with VPN mappings must be cleared to change the tunneling mode. If the connection with the SM is down, use the no subscriber all with-vpn-mappings CLI command.
Note In addition, all VPN mappings must also be removed. This can only be done via the SM CLU (which means that the connection with the SM must be up). See How to Manage VPN Mappings, page 4-10
Step 3 From the SCE(config if)# prompt, type MPLS VPN auto-learn
and press Enter.
Enables the MPLS auto-learning mechanism.
•About Configuring the SCE Platform for MPLS/VPN Support
•How to Configure the MAC Resolver
•How to Monitor the MAC Resolver
There are three main steps to configure the SCE platform for MPLS/VPN support:
1. Correctly configure the MPLS tunneling environment, disabling all other tunneling protocols, including VLAN support. (see How to Configure the MPLS Environment)
2. Define all PE routers, specifying the relevant interface IP addresses necessary for MAC resolution (see How to Define the PE Routers.)
3. Configure the MAC resolver (see How to Configure the MAC Resolver.)
The following options are available:
•PE-ID — IP address that identifies the PE router.
•interface-ip — Interface IP address for the PE router. This is used for MAC resolution.
–At least one interface IP address must be defined per PE router.
–Multiple interface IP addresses may be defined for one PE router.
–In the case where the PE router has multiple IP interfaces sharing the same MAC address, it is sufficient to configure just one of the PE interfaces
•vlan — A VLAN tag can optionally be provided for each interface IP.
Two interfaces cannot be defined with the same IP address, even if they have different VLAN tags. If such a configuration is attempted, it will simply update the VLAN tag information for the existing PE interface.
Each PE router that has managed VPNs behind it must be defined using the following CLI command.
Step 1 From the SCE(config if)# prompt, type MPLS VPN PE-ID
pe-id interface-ip-address interface-ip [vlan vlan ] and press Enter.
Defines the PE router with with one interface IP address and optional VLAN tag. May also be used to add an additional interface IP address to an existing PE router.
•How to Remove a Specified PE Router
•How to Remove a Specified Interface from a PE Router
About Removing PE Routers
Use these commands to remove one or all defined PE routers.
Please note the following:
•You cannot remove a PE if it retains any MPLS mappings. You must logout the VPN and remove all mappings before removing the router it uses. (You must use the SM CLU to remove VPN mappings. See How to Manage VPN Mappings, page 4-10)
•Removing the last interface of a PE router removes the router as well. Therefore, you must logout the relevant VPN to remove the last interface.
•Likewise, all VPNs must be logged out before using the no PE-Database command below, since it removes all PE routers.
How to Remove a Specified PE Router
Step 1 From the SCE(config if)# prompt, type no MPLS VPN PE-ID
pe-id and press Enter.
Removes the specified PE router.
How to Remove All PE Routers
Step 1 From the SCE(config if)# prompt, type no MPLS VPN PE-Database
and press Enter.
Removes all configured PE routers.
How to Remove a Specified Interface from a PE Router
Step 1 From the SCE(config if)# prompt, type no MPLS VPN PE-ID
pe-id interface-ip-address interface-ip and press Enter.
Removes the specified interface from the PE router definition. The PE router itself is not removed.
•How to Add a Static IP Address
•How to Remove a Static IP Address
The MAC resolver allows the SCOS to find the MAC address associated with a specific IP address. The MAC resolver must be configured when the SCE platform operates in MPLS/VPN mode, to translate the IP addresses of the provider edge router interfaces to their respective MAC addresses.
The MPLS/VPN mode needs the MAC resolver, as opposed to the standard ARP protocol, because ARP is used by the management interface, while MPLS/VPN uses the traffic interfaces of the SCE platform, which ARP does not include.
The MAC resolver database holds the IP addresses registered by the clients to be resolved. The IP addresses of the routers are added to and removed from the database in either of two modes:
•Dynamic mode (default)
In this mode, the system listens to ARP messages of the configured PE interfaces, and this way it stays updated with their MAC addresses. There is no configuration required when operating in dynamic mode.
–Benefit: it works even if the MAC address of the PE interface changes.
•Drawback: depending on the specific network topology, the MAC resolution convergence time may be undesirably long.
•Static mode
In this mode, the MAC address of each PE router must be explicitly defined by the user.
–Benefit: no initial delay until IP addresses converge
–Drawback: PE interface is not automatically updated via ARP updates; therefore it doesn't automatically support cases where the MAC address changes on the fly.
However, for statically configured MAC addresses, a user log message appears when the system detects that the MAC address changed. This can be used by the operator to configure the new address.
These two modes can function simultaneously; therefore selected PE routers can be configured statically, while the rest are resolved dynamically
For more information regarding the MAC resolver, refer to the Cisco Service Control Engine Software Configuration Guide.
The following options are available:
•ip address — The IP address entry to be added to or removed from the database.
•vlan tag — VLAN tag that identifies the VLAN that carries this IP address (if applicable).
•mac address — MAC address assigned to the IP address, in xxxx.xxxx.xxxx format.
Step 1 From the SCE(config if)# prompt, type mac-resolver arp
ip_address [vlan vlan_tag ] mac_address and press Enter.
Adds the specified IP address and MAC address pair to the MAC resolver database.
Step 1 From the SCE(config if)# prompt, type no mac-resolver arp
ip_address [vlan vlan_tag ] and press Enter.
Removes the specified IP address and MAC address pair from the MAC resolver database.
Use this command to see a listing of all IP addresses and corresponding MAC addresses currently registered in the MAC resolver database.
Step 1 From the SCE# prompt, type show interface linecard 0 mac-resolver arp
and press Enter.
Displays a listing of all IP addresses and corresponding MAC addresses currently registered in the MAC resolver database.
•Configuring the SM for MPLS/VPN Support
•How to Edit the SM Configuration File
•How to Configure the SM to Allow IP Ranges
There are two main steps to configure the SM for MPLS/VPN support:
Step 1 Edit the p3sm.cfg configuration file to specify the field in the BGP messages that should be used by the SM for MPLS-VPN identification.
See How to Edit the SM Configuration File
Step 2 Install and configure the BGP LEG
Refer to the Cisco SCMS SM MPLS/VPN BGP LEG Reference Guide for more information.
The SM configuration file, p3sm.cfg , must be configured for the following:
•To specify the field in the BGP messages that should be used by the SM for MPLS-VPN identification.
•To enable IP ranges
Step 1 Add the following section to the p3sm.cfg configuration file:
# The following section enables SM operation with MPLS-VPN support. [MPLS-VPN] # The following parameter defines the BGP attribute to use to identify VPN subscribers # possible values: "rd" or "rt". # (default: rt) vpn_id=rt
An optional parameter may be turned on to facilitate troubleshooting the BGP LEG installation. This parameter turns on detailed logging of messages received from the BGP LEG. It should only be turned on when necessary for troubleshooting and should always be turned off for normal operation of the system.
Step 1 Add the following parameter to the [MPLS-VPN] section of the p3sm.cfg configuration file:
# The following parameter turns on detailed logging of messages received from the BGP LEG # should be changed to true only during troubleshooting # (default: false) log_all=true
To setup the SM to work with MPLS/VPN, you must enable IP ranges by setting the support_ip_ranges in the configuration file.
Step 1 Set the support_ip_ranges parameter in the [Data Repository] section of the p3sm.cfg configuration file to 'yes', as in the following example.
support_ip_ranges=yes
Note Resetting this parameter requires restarting the SM. This parameter is discarded on regular configuration loading (using CLU).