Navigation
Example: Configuring VPNs and VPLS on Logical Systems
Layer 3 VPN Introduction
In Junos OS, Layer 3 VPNs are based on RFC 4364. RFC 4364 defines a mechanism by which service providers can use their IP backbones to provide VPN services to their customers. A Layer 3 VPN is a set of sites that share common routing information and whose connectivity is controlled by a collection of policies. The sites that make up a Layer 3 VPN are connected over a provider’s existing public Internet backbone.
RFC 4364 VPNs are also known as BGP/MPLS VPNs because BGP is used to distribute VPN routing information across the provider’s backbone, and MPLS is used to forward VPN traffic across the backbone to remote VPN sites.
Customer networks, because they are private, can use either public addresses or private addresses, as defined in RFC 1918, Address Allocation for Private Internets. When customer networks that use private addresses connect to the public Internet infrastructure, the private addresses might overlap with the same private addresses used by other network users. MPLS/BGP VPNs solve this problem by adding a VPN identifier prefix to each address from a particular VPN site, thereby creating an address that is unique both within the VPN and within the public Internet. In addition, each VPN has its own VPN-specific routing table that contains the routing information for that VPN only.
Introduction to VPLS
VPLS is an Ethernet-based point-to-multipoint Layer 2 VPN. It allows you to connect geographically dispersed Ethernet local area networks (LAN) sites to each other across an MPLS backbone. For customers who implement VPLS, all sites appear to be in the same Ethernet LAN even though traffic travels across the service provider's network.
VPLS, in its implementation and configuration, has much in common with a Layer 2 VPN. In VPLS, a packet originating within a service provider customer’s network is sent first to a customer edge (CE) device (for example, a router or Ethernet switch). It is then sent to a provider edge (PE) router within the service provider’s network. The packet traverses the service provider’s network over a MPLS label-switched path (LSP). It arrives at the egress PE router, which then forwards the traffic to the CE device at the destination customer site.
 | Note: In the VPLS documentation, the word router in terms such as PE router is used to refer to any device that provides routing functions. |
The difference is that for VPLS, packets can traverse the service provider’s network in point-to-multipoint fashion, meaning that a packet originating from a CE device can be broadcast to all the PE routers participating in a VPLS routing instance. In contrast, a Layer 2 VPN forwards packets in point-to-point fashion only.
The paths carrying VPLS traffic between each PE router participating in a routing instance are called pseudowires. The pseudowires are signaled using either BGP or LDP.
Example: Using Logical Systems to Configure Provider Edge and Provider Routers in a Layer 3 VPN and VPLS Scenario
This example provides step-by-step procedures to configure provider edge (PE) and provider (P) routers in a VPN and VPLS scenario using logical systems.
Requirements
In this example, no special configuration beyond device initialization is required.
Overview
In this example, VPNs are used to separate customer traffic across a provider backbone.
Topology
Figure 1 shows four pairs of CE routers that are connected across an MPLS backbone:
- Routers CE1 and CE5 are part of the red VPN.
- Routers CE2 and CE6 are in the blue VPN.
- Routers CE3 and CE7 belong to a VPLS domain.
- Routers CE4 and CE8 are connected with standard protocols.
Two logical systems are configured on PE routers PE1 and PE2 and provider core Router P0. Each of these three routers has two logical systems: LS1 and LS2. To illustrate the concept of a logical system, both VPNs are part of Logical System LS1, the VPLS instance belongs to Logical System LS2, and the remaining routers use the main router portion of routers PE1, P0, and PE2.
Figure 1: Provider Edge and Provider Logical System Topology Diagram
On Router PE1, two VPN routing and forwarding (VRF) routing instances are created in Logical System LS1. The routing instances are called red and blue. The example configures the customer edge (CE)-facing logical interfaces so that traffic from Router CE1 is placed in the red VPN, and traffic from Router CE2 is placed in the blue VPN. A logical interface at fe-0/0/1.1 connects to Logical System LS1 on Router P0. A VPLS routing instance is in Logical System LS2. The logical interface is configured so that traffic from Router CE3 is sent into the VPLS domain. This logical interface connects to Logical System LS2 on Router P0. The example also contains an administrator for Logical System LS1. The logical system administrator is responsible for the maintenance of this logical system. Finally, the example shows how to configure a logical interface to interconnect Router CE4 with the main router portion of Router PE1.
Router PE2 has the two VRF routing instances in Logical System LS1: red and blue. The CE-facing logical interfaces enable traffic from Router CE5 to be placed in the red VPN, and traffic from Router CE6 in the blue VPN. One logical interface on so-1/2/0.1 connects to Logical System LS1 on Router P0. The VPLS routing instance is configured in Logical System LS2. A logical interface enables traffic from Router CE7 to be sent into the VPLS domain and connects to Logical System LS2 on Router P0. The example shows how to configure a logical interface to interconnect Router CE8 with the main router portion of Router P0. Finally, you can optionally create a logical system administrator that has configuration privileges for Logical System LS1 and viewing privileges for Logical System LS2.
On Router P0, the example shows how to configure Logical Systems LS1, LS2, and the main router. You must configure physical interface properties at the main router [edit interfaces] hierarchy level. Next, the example shows how to configure protocols (such as RSVP, MPLS, BGP, and IS-IS), routing options, and policy options for the logical systems. Last, the example shows how to configure the same administrator for Logical System LS1 that is configured on Router PE1. This system administrator for Logical System LS2 has permission to view the LS2 configuration, but not change the configuration for Logical System LS2.
Logical System LS1 transports traffic for the red VPN that exists between routers CE1 and CE5. Logical System LS1 also connects the blue VPN that exists between routers CE2 and CE6. Logical System LS2 transports VPLS traffic between routers CE3 and CE7. For the main router on Router P0, you can configure the router as usual. The main router transports traffic between routers CE4 and CE8. The example shows how to configure the interfaces and routing protocols (OSPF, BGP) to connect to the main router portion of routers PE1 and PE2.
Configuration
To configure the PE and P routers in logical systems involves performing the following tasks:
- Configuring Interfaces on the Customer Edge Devices
- Configuring Router PE1
- Configuring Router PE2
- Configuring Router P0
- Results
Configuring Interfaces on the Customer Edge Devices
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
- On Router CE1, configure OSPF to connect to the red
VPN in Logical System LS1 on Router PE1.user@CE1# set interfaces fe-1/0/1 vlan-tagging user@CE1# set interfaces fe-1/0/1 unit 0 description "routing-instance red CE" user@CE1# set interfaces fe-1/0/1 unit 0 vlan-id 101 user@CE1# set interfaces fe-1/0/1 unit 0 family inet address 10.11.1.1/24 user@CE1# set interfaces lo0 unit 0 family inet address 10.11.1.100/32user@CE1# set protocols ospf area 0.0.0.0 interface fe-1/0/1.0user@CE1# set protocols ospf area 0.0.0.0 interface lo0.0
- On Router CE2, configure BGP to connect
to the blue VPN in Logical System LS1 on Router PE1.user@CE2# set interfaces fe-1/0/2 vlan-tagging user@CE2# set interfaces fe-1/0/2 unit 0 description "routing-instance blue CE" user@CE2# set interfaces fe-1/0/2 unit 0 vlan-id 102 user@CE2# set interfaces fe-1/0/2 unit 0 family inet address 10.21.1.1/24 user@CE2# set interfaces lo0 unit 0 family inet address 10.21.1.100/32 user@CE2# set policy-options policy-statement export_loopback from route-filter 10.21.1.100/32 exact user@CE2# set policy-options policy-statement export_loopback then accept user@CE2# set protocols bgp export export_loopback user@CE2# set protocols bgp group to_PE type external user@CE2# set protocols bgp group to_PE local-address 10.21.1.1 user@CE2# set protocols bgp group to_PE peer-as 100 user@CE2# set protocols bgp group to_PE neighbor 10.21.1.2 user@CE2# set routing-options autonomous-system 200
- On Router CE3, configure the Fast Ethernet
interface in VLAN 600 to connect with the VPLS routing instance in
Logical System LS2 on Router PE1.user@CE3# set interfaces fe-1/0/0 vlan-tagging user@CE3# set interfaces fe-1/0/0 unit 0 description "vpls interface" user@CE3# set interfaces fe-1/0/0 unit 0 vlan-id 600 user@CE3# set interfaces fe-1/0/0 unit 0 family inet address 10.1.1.1/24
- On Router CE4, configure the Fast Ethernet
interface to connect with the main router at Router PE1.user@CE4# set interfaces fe-1/0/3 vlan-tagging user@CE4# set interfaces fe-1/0/3 unit 0 description "main router interface" user@CE4# set interfaces fe-1/0/3 unit 0 vlan-id 103 user@CE4# set interfaces fe-1/0/3 unit 0 family inet address 10.31.1.1/24 user@CE4# set interfaces lo0 unit 0 family inet address 10.255.41.177/32
- On Router CE5, configure OSPF to connect
to the red VPN in Logical System LS1 on Router PE2.user@CE5# set interfaces fe-0/3/1 vlan-tagging user@CE5# set interfaces fe-0/3/1 unit 0 description "routing-instance red CE" user@CE5# set interfaces fe-0/3/1 unit 0 vlan-id 101 user@CE5# set interfaces fe-0/3/1 unit 0 family inet address 10.11.4.2/24 user@CE5# set interfaces lo0 unit 0 family inet address 10.11.4.100/32 user@CE5# set protocols ospf area 0.0.0.0 interface fe-0/3/1.0 user@CE5# set protocols ospf area 0.0.0.0 interface lo0.0 user@CE5# set system login class LS1admin logical-system LS1 user@CE5# set system login class LS1admin permissions all user@CE5# set system login class LS1onlooker logical-system LS2 user@CE5# set system login class LS1onlooker permissions view user@CE5# set system login user LS1admin class LS1admin
- On Router CE6, configure BGP to connect to
the blue VPN in Logical System LS1 on Router PE2.user@CE6# set interfaces fe-0/3/2 vlan-tagging user@CE6# set interfaces fe-0/3/2 unit 0 description "routing-instance blue CE" user@CE6# set interfaces fe-0/3/2 unit 0 vlan-id 102 user@CE6# set interfaces fe-0/3/2 unit 0 family inet address 10.21.4.2/24 user@CE6# set interfaces lo0 unit 0 family inet address 10.21.4.100/32 user@CE6# set routing-options autonomous-system 300 user@CE6# set protocols bgp export export_loopback user@CE6# set protocols bgp group to_PE type external user@CE6# set protocols bgp group to_PE local-address 10.21.4.2 user@CE6# set protocols bgp group to_PE peer-as 100 user@CE6# set protocols bgp group to_PE neighbor 10.21.4.1 user@CE6# set policy-options policy-statement export_loopback from route-filter 10.21.4.100/32 exact user@CE6# set policy-options policy-statement export_loopback then accept
- On Router CE7, configure the Fast Ethernet
interface in VLAN 600 to connect with the VPLS routing instance in
Logical System LS2 on Router PE2.user@CE7# set interfaces fe-0/3/0 vlan-tagging user@CE7# set interfaces fe-0/3/0 unit 0 description "vpls interface" user@CE7# set interfaces fe-0/3/0 unit 0 vlan-id 600 user@CE7# set interfaces fe-0/3/0 unit 0 family inet address 10.1.1.2/24
- On Router CE8, configure the Fast Ethernet
interface to connect with the main router at Router PE2.user@CE8# set interfaces fe-0/3/3 vlan-tagging user@CE8# set interfaces fe-0/3/3 unit 0 description "main router interface" user@CE8# set interfaces fe-0/3/3 unit 0 vlan-id 103 user@CE8# set interfaces fe-0/3/3 unit 0 family inet address 10.31.4.2/24 user@CE8# set interfaces lo0 unit 0 family inet address 10.255.41.180/32
Configuring Router PE1
Step-by-Step Procedure
- Configure the main router on Router PE1.user@PE1# set interfaces fe-0/0/1 vlan-tagginguser@PE1# set interfaces fe-0/0/1 unit 3 description "main router to P0"user@PE1# set interfaces fe-0/0/1 unit 3 vlan-id 103user@PE1# set interfaces fe-0/0/1 unit 3 family inet address 10.31.2.1/24user@PE1# set interfaces fe-0/0/1 unit 3 family isouser@PE1# set interfaces fe-0/0/1 unit 3 family mplsuser@PE1# set interfaces fe-0/1/0 vlan-tagginguser@PE1# set interfaces fe-0/1/0 encapsulation vlan-vplsuser@PE1# set interfaces fe-0/1/1 vlan-tagginguser@PE1# set interfaces fe-0/1/2 vlan-tagginguser@PE1# set interfaces fe-0/1/3 vlan-tagginguser@PE1# set interfaces fe-0/1/3 unit 0 description "main router to CE4"user@PE1# set interfaces fe-0/1/3 unit 0 vlan-id 103user@PE1# set interfaces fe-0/1/3 unit 0 family inet address 10.31.1.2/24user@PE1# set interfaces lo0 unit 0 description "main router loopback"user@PE1# set interfaces lo0 unit 0 family inet address 10.255.41.173/32user@PE1# set protocols bgp group to_main_ls type internaluser@PE1# set protocols bgp group to_main_ls local-address 10.255.41.173user@PE1# set protocols bgp group to_main_ls export export_addressuser@PE1# set protocols bgp group to_main_ls neighbor 10.255.41.179user@PE1# set protocols bgp group to_main_ls neighbor 10.255.41.175user@PE1# set protocols ospf area 0.0.0.0 interface lo0.0user@PE1# set protocols ospf area 0.0.0.0 interface fe-0/0/1.3user@PE1# set routing-options static route 10.255.41.177/32 next-hop 10.31.1.1user@PE1# set routing-options autonomous-system 500user@PE1# set policy-options policy-statement export_address from route-filter 10.255.41.177/32 exactuser@PE1# set policy-options policy-statement export_address then acceptuser@PE1# set system login class LS1-admin logical-system LS1 user@PE1# set system login class LS1-admin permissions all user@PE1# set system login user LS1-admin class LS1-adminuser@PE1# set system login user LS1-admin authentication plain-text-passwordNew password: Retype new password:
- Configure Logical System LS1 on Router PE1.user@PE1# set logical-systems LS1 interfaces fe-0/0/1 unit 1 description "LS1 interface"user@PE1# set logical-systems LS1 interfaces fe-0/0/1 unit 1 vlan-id 101user@PE1# set logical-systems LS1 interfaces fe-0/0/1 unit 1 family inet address 10.11.2.1/24user@PE1# set logical-systems LS1 interfaces fe-0/0/1 unit 1 family isouser@PE1# set logical-systems LS1 interfaces fe-0/0/1 unit 1 family mplsuser@PE1# set logical-systems LS1 interfaces fe-0/1/1 unit 0 description "routing-instance red interface"user@PE1# set logical-systems LS1 interfaces fe-0/1/1 unit 0 vlan-id 101user@PE1# set logical-systems LS1 interfaces fe-0/1/1 unit 0 family inet address 10.11.1.2/24user@PE1# set logical-systems LS1 interfaces fe-0/1/2 unit 0 description "routing-instance blue interface"user@PE1# set logical-systems LS1 interfaces fe-0/1/2 unit 0 vlan-id 102user@PE1# set logical-systems LS1 interfaces fe-0/1/2 unit 0 family inet address 10.21.1.2/24user@PE1# set logical-systems LS1 interfaces lo0 unit 1 description "LS1 loopback"user@PE1# set logical-systems LS1 interfaces lo0 unit 1 family inet address 10.10.10.10/32user@PE1# set logical-systems LS1 interfaces lo0 unit 1 family iso address 47.1111.1111.1111.1111.00user@PE1# set logical-systems LS1 protocols rsvp interface alluser@PE1# set logical-systems LS1 protocols mpls label-switched-path to_10.10.10.12 to 10.10.10.12user@PE1# set logical-systems LS1 protocols mpls interface alluser@PE1# set logical-systems LS1 protocols bgp group to_other_PE type internaluser@PE1# set logical-systems LS1 protocols bgp group to_other_PE local-address 10.10.10.10user@PE1# set logical-systems LS1 protocols bgp group to_other_PE family inet-vpn anyuser@PE1# set logical-systems LS1 protocols bgp group to_other_PE neighbor 10.10.10.12user@PE1# set logical-systems LS1 protocols isis interface alluser@PE1# set logical-systems LS1 policy-options policy-statement from_bgp_to_ospf then acceptuser@PE1# set logical-systems LS1 routing-instances blue instance-type vrfuser@PE1# set logical-systems LS1 routing-instances blue interface fe-0/1/2.0user@PE1# set logical-systems LS1 routing-instances blue route-distinguisher 10.10.10.10:200user@PE1# set logical-systems LS1 routing-instances blue vrf-target target:20:20user@PE1# set logical-systems LS1 routing-instances blue protocols bgp group to_CE type externaluser@PE1# set logical-systems LS1 routing-instances blue protocols bgp group to_CE local-address 10.21.1.2user@PE1# set logical-systems LS1 routing-instances blue protocols bgp group to_CE peer-as 200user@PE1# set logical-systems LS1 routing-instances blue protocols bgp group to_CE neighbor 10.21.1.1user@PE1# set logical-systems LS1 routing-instances red instance-type vrfuser@PE1# set logical-systems LS1 routing-instances red interface fe-0/1/1.0user@PE1# set logical-systems LS1 routing-instances red route-distinguisher 10.10.10.10:100user@PE1# set logical-systems LS1 routing-instances red vrf-target target:10:10user@PE1# set logical-systems LS1 routing-instances red protocols ospf export from_bgp_to_ospfuser@PE1# set logical-systems LS1 routing-instances red protocols ospf area 0.0.0.0 interface alluser@PE1# set logical-systems LS1 routing-options autonomous-system 100
- Configure Logical System LS2 on Router PE1.user@PE1# set logical-systems LS2 interfaces fe-0/0/1 unit 0 description "core-facing LS2 interface"user@PE1# set logical-systems LS2 interfaces fe-0/0/1 unit 0 vlan-id 100user@PE1# set logical-systems LS2 interfaces fe-0/0/1 unit 0 family inet address 10.1.2.1/24user@PE1# set logical-systems LS2 interfaces fe-0/0/1 unit 0 family isouser@PE1# set logical-systems LS2 interfaces fe-0/0/1 unit 0 family mplsuser@PE1# set logical-systems LS2 interfaces fe-0/1/0 unit 0 description "vpls interface to ce3"user@PE1# set logical-systems LS2 interfaces fe-0/1/0 unit 0 encapsulation vlan-vplsuser@PE1# set logical-systems LS2 interfaces fe-0/1/0 unit 0 vlan-id 600user@PE1# set logical-systems LS2 interfaces fe-0/1/0 unit 0 family vplsuser@PE1# set logical-systems LS2 interfaces lo0 unit 2 description "LS2 loopback"user@PE1# set logical-systems LS2 interfaces lo0 unit 2 family inet address 10.20.20.20/32user@PE1# set logical-systems LS2 interfaces lo0 unit 2 family iso address 47.2222.2222.2222.2222.00user@PE1# set logical-systems LS2 protocols rsvp interface alluser@PE1# set logical-systems LS2 protocols mpls label-switched-path to_10.20.20.22 to 10.20.20.22user@PE1# set logical-systems LS2 protocols mpls interface alluser@PE1# set logical-systems LS2 protocols bgp group to_VPLS_PE type internaluser@PE1# set logical-systems LS2 protocols bgp group to_VPLS_PE local-address 10.20.20.20user@PE1# set logical-systems LS2 protocols bgp group to_VPLS_PE family l2vpn signalinguser@PE1# set logical-systems LS2 protocols bgp group to_VPLS_PE neighbor 10.20.20.22user@PE1# set logical-systems LS2 protocols isis interface fe-0/0/1.0user@PE1# set logical-systems LS2 protocols isis interface lo0.2user@PE1# set logical-systems LS2 routing-instances new instance-type vplsuser@PE1# set logical-systems LS2 routing-instances new interface fe-0/1/0.0user@PE1# set logical-systems LS2 routing-instances new route-distinguisher 10.20.20.20:100user@PE1# set logical-systems LS2 routing-instances new vrf-target target:30:30user@PE1# set logical-systems LS2 routing-instances new protocols vpls site-range 10user@PE1# set logical-systems LS2 routing-instances new protocols vpls site newPE site-identifier 1user@PE1# set logical-systems LS2 routing-options autonomous-system 400
Configuring Router PE2
Step-by-Step Procedure
- Configure the main router on Router PE2.user@PE2# set interfaces fe-0/2/0 vlan-tagginguser@PE2# set interfaces fe-0/2/0 encapsulation vlan-vplsuser@PE2# set interfaces fe-0/2/1 vlan-tagginguser@PE2# set interfaces fe-0/2/2 vlan-tagginguser@PE2# set interfaces fe-0/2/3 vlan-tagginguser@PE2# set interfaces fe-0/2/3 unit 0 description "main router to CE8"user@PE2# set interfaces fe-0/2/3 unit 0 vlan-id 103user@PE2# set interfaces fe-0/2/3 unit 0 family inet address 10.31.4.1/24user@PE2# set interfaces so-1/2/0 encapsulation frame-relayuser@PE2# set interfaces so-1/2/0 unit 3 description "main router to P0"user@PE2# set interfaces so-1/2/0 unit 3 dlci 103user@PE2# set interfaces so-1/2/0 unit 3 family inet address 10.31.3.2/24user@PE2# set interfaces so-1/2/0 unit 3 family isouser@PE2# set interfaces so-1/2/0 unit 3 family mplsuser@PE2# set interfaces lo0 unit 0 description "main router loopback"user@PE2# set interfaces lo0 unit 0 family inet address 10.155.41.179/32user@PE2# set protocols bgp group to_main_ls type internaluser@PE2# set protocols bgp group to_main_ls local-address 10.255.41.179user@PE2# set protocols bgp group to_main_ls export export_addressuser@PE2# set protocols bgp group to_main_ls neighbor 10.255.41.173user@PE2# set protocols bgp group to_main_ls neighbor 10.255.41.175user@PE2# set protocols ospf area 0.0.0.0 interface so-1/2/0.3user@PE2# set protocols ospf area 0.0.0.0 interface fe-0/2/3.0user@PE2# set protocols ospf area 0.0.0.0 interface lo0.0user@PE2# set routing-options static route 10.255.41.180/32 next-hop 10.31.4.2user@PE2# set routing-options autonomous-system 500user@PE2# set policy-options policy-statement export_address from route-filter 10.255.41.180/32 exactuser@PE2# set policy-options policy-statement export_address then acceptuser@PE2# set system login class LS1-admin logical-system LS1user@PE2# set system login class LS1-admin permissions alluser@PE2# set system login class LS1-onlooker logical-system LS2user@PE2# set system login class LS1-onlooker permissions viewuser@PE2# set system login user LS1-admin class LS1-admin
- Configure Logical System LS1 on Router PE2.user@PE2# set logical-systems LS1 interfaces fe-0/2/0 unit 1 description "routing-instance red interface connects to Router CE5"user@PE2# set logical-systems LS1 interfaces fe-0/2/0 unit 1 vlan-id 101user@PE2# set logical-systems LS1 interfaces fe-0/2/0 unit 1 family inet address 10.11.4.1/24user@PE2# set logical-systems LS1 interfaces fe-0/2/0 unit 2 description "routing-instance blue interface connects to Router CE6"user@PE2# set logical-systems LS1 interfaces fe-0/2/0 unit 2 vlan-id 102user@PE2# set logical-systems LS1 interfaces fe-0/2/0 unit 2 family inet address 10.21.4.1/24user@PE2# set logical-systems LS1 interfaces so-1/2/0 unit 1 description "core-facing LS1 interface"user@PE2# set logical-systems LS1 interfaces so-1/2/0 unit 1 dlci 101user@PE2# set logical-systems LS1 interfaces so-1/2/0 unit 1 family inet address 10.11.3.2/24user@PE2# set logical-systems LS1 interfaces so-1/2/0 unit 1 family isouser@PE2# set logical-systems LS1 interfaces so-1/2/0 unit 1 family mplsuser@PE2# set logical-systems LS1 interfaces lo0 unit 1 description "LS1 loopback"user@PE2# set logical-systems LS1 interfaces lo0 unit 1 family inet address 10.10.10.12/32user@PE2# set logical-systems LS1 interfaces lo0 unit 1 family iso address 47.1111.1111.1111.1113.00user@PE2# set logical-systems LS1 protocols rsvp interface alluser@PE2# set logical-systems LS1 protocols mpls label-switched-path to_10.10.10.10 to 10.10.10.10user@PE2# set logical-systems LS1 protocols mpls interface alluser@PE2# set logical-systems LS1 protocols bgp group to_other_PE type internaluser@PE2# set logical-systems LS1 protocols bgp group to_other_PE local-address 10.10.10.12user@PE2# set logical-systems LS1 protocols bgp group to_other_PE family inet anyuser@PE2# set logical-systems LS1 protocols bgp group to_other_PE family inet-vpn anyuser@PE2# set logical-systems LS1 protocols bgp group to_other_PE neighbor 10.10.10.10user@PE2# set logical-systems LS1 protocols isis interface alluser@PE2# set logical-systems LS1 policy-options policy-statement from_bgp_to_ospf then acceptuser@PE2# set logical-systems LS1 routing-instances blue instance-type vrfuser@PE2# set logical-systems LS1 routing-instances blue interface fe-0/2/2.0user@PE2# set logical-systems LS1 routing-instances blue route-distinguisher 10.10.10.12:200user@PE2# set logical-systems LS1 routing-instances blue vrf-target target:20:20user@PE2# set logical-systems LS1 routing-instances blue protocols bgp group to_CE local-address 10.21.4.1user@PE2# set logical-systems LS1 routing-instances blue protocols bgp group to_CE peer-as 300user@PE2# set logical-systems LS1 routing-instances blue protocols bgp group to_CE neighbor 10.21.4.2user@PE2# set logical-systems LS1 routing-instances red instance-type vrfuser@PE2# set logical-systems LS1 routing-instances red interface fe-0/2/1.0user@PE2# set logical-systems LS1 routing-instances red route-distinguisher 10.10.10.12:100user@PE2# set logical-systems LS1 routing-instances red vrf-target target:10:10user@PE2# set logical-systems LS1 routing-instances red protocols ospf export from_bgp_to_ospfuser@PE2# set logical-systems LS1 routing-instances red protocols ospf area 0.0.0.0 interface alluser@PE2# set logical-systems LS1 routing-options autonomous-system 100
- Configure Logical System LS2 on Router PE2.user@PE2# set logical-systems LS2 interfaces fe-0/2/0 unit 0 description "vpls interface connects to Router CE7"user@PE2# set logical-systems LS2 interfaces fe-0/2/0 unit 0 encapsulation vlan-vplsuser@PE2# set logical-systems LS2 interfaces fe-0/2/0 unit 0 vlan-id 600user@PE2# set logical-systems LS2 interfaces fe-0/2/0 unit 0 family vplsuser@PE2# set logical-systems LS2 interfaces so-1/2/0 unit 0 description "core-facing LS2 interface"user@PE2# set logical-systems LS2 interfaces so-1/2/0 unit 0 dlci 100user@PE2# set logical-systems LS2 interfaces so-1/2/0 unit 0 family inet address 10.1.3.2/24user@PE2# set logical-systems LS2 interfaces so-1/2/0 unit 0 family isouser@PE2# set logical-systems LS2 interfaces so-1/2/0 unit 0 family mplsuser@PE2# set logical-systems LS2 interfaces lo0 unit 2 description "LS2 loopback"user@PE2# set logical-systems LS2 interfaces lo0 unit 2 family inet address 10.20.20.22/32user@PE2# set logical-systems LS2 interfaces lo0 unit 2 family iso address 47.2222.2222.2222.2224.00user@PE2# set logical-systems LS2 protocols rsvp interface alluser@PE2# set logical-systems LS2 protocols mpls label-switched-path to_10.20.20.20 to 10.20.20.20user@PE2# set logical-systems LS2 protocols mpls interface alluser@PE2# set logical-systems LS2 protocols bgp group to_VPLS_PE type internaluser@PE2# set logical-systems LS2 protocols bgp group to_VPLS_PE local-address 10.20.20.22user@PE2# set logical-systems LS2 protocols bgp group to_VPLS_PE family l2vpn signalinguser@PE2# set logical-systems LS2 protocols bgp group to_VPLS_PE neighbor 10.20.20.20user@PE2# set logical-systems LS2 protocols isis interface so-1/2/0.0user@PE2# set logical-systems LS2 protocols isis interface lo0.2user@PE2# set logical-systems LS2 routing-instances new instance-type vplsuser@PE2# set logical-systems LS2 routing-instances new interface fe-0/2/0.0user@PE2# set logical-systems LS2 routing-instances new route-distinguisher 10.20.20.22:100user@PE2# set logical-systems LS2 routing-instances new vrf-target target:30:30user@PE2# set logical-systems LS2 routing-instances new protocols vpls site-range 10user@PE2# set logical-systems LS2 routing-instances new protocols vpls site newPE site-identifier 2user@PE2# set logical-systems LS2 routing-options autonomous-system 400
Configuring Router P0
Step-by-Step Procedure
- Configure the main router on Router P0.user@P0# set interfaces fe-1/1/3 vlan-tagginguser@P0# set interfaces fe-1/1/3 unit 3 description "connects to the main router on pe1"user@P0# set interfaces fe-1/1/3 unit 3 vlan-id 103user@P0# set interfaces fe-1/1/3 unit 3 family inet address 10.31.2.2/24user@P0# set interfaces fe-1/1/3 unit 3 family isouser@P0# set interfaces fe-1/1/3 unit 3 family mplsuser@P0# set interfaces so-1/2/0 dceuser@P0# set interfaces so-1/2/0 encapsulation frame-relayuser@P0# set interfaces so-1/2/0 unit 3 description "connects to the main router on pe2"user@P0# set interfaces so-1/2/0 unit 3 dlci 103user@P0# set interfaces so-1/2/0 unit 3 family inet address 10.31.3.1/24user@P0# set interfaces so-1/2/0 unit 3 family isouser@P0# set interfaces so-1/2/0 unit 3 family mplsuser@P0# set interfaces lo0 unit 0 description "main router loopback"user@P0# set interfaces lo0 unit 0 family inet address 10.255.41.175/32user@P0# set routing-options autonomous-system 500user@P0# set protocols bgp group to_main_ls type internaluser@P0# set protocols bgp group to_main_ls local-address 10.255.41.175user@P0# set protocols bgp group to_main_ls neighbor 10.255.41.179user@P0# set protocols bgp group to_main_ls neighbor 10.255.41.173user@P0# set protocols ospf area 0.0.0.0 interface lo0.0user@P0# set protocols ospf area 0.0.0.0 interface fe-1/1/3.3user@P0# set protocols ospf area 0.0.0.0 interface so-1/2/0.3user@P0# set system login class LS1-admin logical-system LS1user@P0# set system login class LS1-admin permissions alluser@P0# set system login class LS1-onlooker logical-system LS2user@P0# set system login class LS1-onlooker permissions viewuser@P0# set system login user LS1-admin class LS1-admin
- Configure Logical System LS1 on Router P0.user@P0# set logical-systems LS1 interfaces fe-1/1/3 unit 1 description "LS1 interface connects to LS1 on pe1"user@P0# set logical-systems LS1 interfaces fe-1/1/3 unit 1 vlan-id 101user@P0# set logical-systems LS1 interfaces fe-1/1/3 unit 1 family inet address 10.11.2.2/24user@P0# set logical-systems LS1 interfaces fe-1/1/3 unit 1 family isouser@P0# set logical-systems LS1 interfaces fe-1/1/3 unit 1 family mplsuser@P0# set logical-systems LS1 interfaces so-1/2/0 unit 1 description "LS1 interface connects to LS1 on pe2"user@P0# set logical-systems LS1 interfaces so-1/2/0 unit 1 dlci 101user@P0# set logical-systems LS1 interfaces so-1/2/0 unit 1 family inet address 10.11.3.1/24user@P0# set logical-systems LS1 interfaces so-1/2/0 unit 1 family isouser@P0# set logical-systems LS1 interfaces so-1/2/0 unit 1 family mplsuser@P0# set logical-systems LS1 interfaces lo0 unit 1 description "LS1 loopback"user@P0# set logical-systems LS1 interfaces lo0 unit 1 family inet address 10.10.10.11/32user@P0# set logical-systems LS1 interfaces lo0 unit 1 family iso address 47.1111.1111.1111.1112.00user@P0# set logical-systems LS1 protocols rsvp interface alluser@P0# set logical-systems LS1 protocols mpls interface alluser@P0# set logical-systems LS1 protocols isis interface all
- Configure Logical System LS2 on Router P0.user@P0# set logical-systems LS2 interfaces fe-1/1/3 unit 0 description "LS2 interface connects to LS2 on pe1"user@P0# set logical-systems LS2 interfaces fe-1/1/3 unit 0 vlan-id 100user@P0# set logical-systems LS2 interfaces fe-1/1/3 unit 0 family inet address 10.1.2.2/24user@P0# set logical-systems LS2 interfaces fe-1/1/3 unit 0 family isouser@P0# set logical-systems LS2 interfaces fe-1/1/3 unit 0 family mplsuser@P0# set logical-systems LS2 interfaces so-1/2/0 unit 0 description "LS2 interface connects to LS2 on pe2"user@P0# set logical-systems LS2 interfaces so-1/2/0 unit 0 dlci 100user@P0# set logical-systems LS2 interfaces so-1/2/0 unit 0 family inet address 10.1.3.1/24user@P0# set logical-systems LS2 interfaces so-1/2/0 unit 0 family isouser@P0# set logical-systems LS2 interfaces so-1/2/0 unit 0 family mplsuser@P0# set logical-systems LS2 interfaces lo0 unit 2 description "LS2 loopback"user@P0# set logical-systems LS2 interfaces lo0 unit 2 family inet address 10.20.20.21/32user@P0# set logical-systems LS2 interfaces lo0 unit 2 family iso address 47.2222.2222.2222.2223.00user@P0# set logical-systems LS2 protocols rsvp interface alluser@P0# set logical-systems LS2 protocols mpls interface alluser@P0# set logical-systems LS2 protocols isis interface fe-1/1/3.0user@P0# set logical-systems LS2 protocols isis interface so-1/2/0.0user@P0# set logical-systems LS2 protocols isis interface lo0.2
Results
On Router CE1, configure OSPF to connect to the red VPN in Logical System LS1 on Router PE1:
Router CE1
[edit]
interfaces {fe-1/0/1 {vlan-tagging;unit 0 {description "routing-instance red CE";vlan-id 101;family inet {address 10.11.1.1/24;}}}lo0 {unit 0 {family inet {address 10.11.1.100/32;}}}}
protocols {ospf {area 0.0.0.0 {interface fe-1/0/1.0;interface lo0.0;}}}
On Router CE2, configure BGP to connect to the blue VPN in Logical System LS1 on Router PE1:
Router CE2
[edit]
interfaces {fe-1/0/2 {vlan-tagging;unit 0 {description "routing-instance blue CE";vlan-id 102;family inet {address 10.21.1.1/24;}}}lo0 {unit 0 {family inet {address 10.21.1.100/32;}}}}
routing-options {autonomous-system 200;}
protocols {bgp {export export_loopback;group to_PE {type external;local-address 10.21.1.1;peer-as 100;neighbor 10.21.1.2;}}}
policy-options {policy-statement export_loopback {from {route-filter 10.21.1.100/32 exact;}then accept;}}
On Router CE3, configure the Fast Ethernet interface in VLAN 600 to connect with the VPLS routing instance in Logical System LS2 on Router PE1:
Router CE3
[edit]
interfaces {fe-1/0/0 {vlan-tagging;unit 0 {description "vpls interface";vlan-id 600;family inet {address 10.1.1.1/24;}}}}
On Router CE4, configure the Fast Ethernet interface to connect with the main router at Router PE1:
Router CE4
[edit]
interfaces {fe-1/0/3 {vlan-tagging;unit 0 {description "main router interface";vlan-id 103;family inet {address 10.31.1.1/24;}}}lo0 {unit 0 {family inet {address 10.255.41.177/32;}}}}
On Router PE1, create two VPN routing and forwarding (VRF) routing instances in Logical System LS1: red and blue. Configure the CE-facing logical interfaces so that traffic from Router CE1 is placed in the red VPN, and traffic from Router CE2 is placed in the blue VPN. Next, create a logical interface at fe-0/0/1.1 to connect to Logical System LS1 on Router P0.
Also on Router PE1, create a VPLS routing instance in Logical System LS2. Configure a logical interface so that traffic from Router CE3 is sent into the VPLS domain and connects to Logical System LS2 on Router P0.
Create an administrator for Logical System LS1. The logical system administrator can be responsible for the maintenance of this logical system.
Finally, configure a logical interface to interconnect Router CE4 with the main router portion of Router P0.
Router PE1
[edit]
logical-systems {LS1 { # The configuration for the first logical system begins here.interfaces {fe-0/0/1 {unit 1 { # This is the core-facing interface for Logical System LS1.description "LS1 interface";vlan-id 101;family inet {address 10.11.2.1/24;}family iso;family mpls;}}fe-0/1/1 {unit 0 { # This logical interface connects to Router CE1.description "routing-instance red interface";vlan-id 101;family inet {address 10.11.1.2/24;}}}fe-0/1/2 {unit 0 { # This logical interface connects to Router CE2.description "routing-instance blue interface";vlan-id 102;family inet {address 10.21.1.2/24;}}}lo0 {unit 1 {description "LS1 loopback";family inet {address 10.10.10.10/32;}family iso {address 47.1111.1111.1111.1111.00;}}}} protocols { # You configure RSVP, MPLS, IS-IS, and BGP for Logical System LS1.rsvp { interface all;}mpls { label-switched-path to_10.10.10.12 {to 10.10.10.12;}interface all;} bgp {group to_other_PE {type internal;local-address 10.10.10.10;family inet-vpn {any;}neighbor 10.10.10.12;}}isis {interface all;}}policy-options {policy-statement from_bgp_to_ospf {then accept;}}routing-instances {blue {instance-type vrf; # You configure instance blue within Logical System LS1.interface fe-0/1/2.0;route-distinguisher 10.10.10.10:200;vrf-target target:20:20;protocols { bgp { #BGP connects the blue instance with Router CE2.group to_CE {type external;local-address 10.21.1.2;peer-as 200;neighbor 10.21.1.1;}}}}red { instance-type vrf; # You configure instance red within Logical System LS1.interface fe-0/1/1.0;route-distinguisher 10.10.10.10:100;vrf-target target:10:10;protocols { ospf {#OSPF connects the red instance with Router CE1.export from_bgp_to_ospf;area 0.0.0.0 {interface all;}}}}}routing-options {autonomous-system 100;}}LS2 { # The configuration for the second logical system begins here.interfaces {fe-0/0/1 { unit 0 { # This is the core-facing interface for Logical System LS2.description "LS2 interface";vlan-id 100;family inet {address 10.1.2.1/24;}family iso;family mpls;}}fe-0/1/0 { unit 0 { # This logical interface connects to Router CE3.description "vpls interface";encapsulation vlan-vpls;vlan-id 600;family vpls;}}lo0 {unit 2 {description "LS2 loopback";family inet {address 10.20.20.20/32;}family iso {address 47.2222.2222.2222.2222.00;}}}}protocols { # You configure RSVP, MPLS, IS-IS, and BGP for Logical System LS2. rsvp { interface all;} mpls { label-switched-path to_10.20.20.22 {to 10.20.20.22;}interface all;}bgp { group to_VPLS_PE {type internal;local-address 10.20.20.20;family l2vpn {signaling;}neighbor 10.20.20.22;}}isis { interface fe-0/0/1.0;interface lo0.2;}}routing-instances { new {instance-type vpls; # You configure VPLS within Logical System LS2.interface fe-0/1/0.0;route-distinguisher 10.20.20.20:100;vrf-target target:30:30;protocols {vpls {site-range 10;site newPE {site-identifier 1;}}}}}routing-options {autonomous-system 400;}}}
interfaces {fe-0/0/1 { vlan-tagging;unit 3 { # This is the core-facing interface for the main router of PE1.description "main router to P0";vlan-id 103;family inet {address 10.31.2.1/24;}family iso;family mpls;}}fe-0/1/3 { vlan-tagging;unit 0 { # This logical interface in the main router of PE1 connects to CE4.description "main router to CE4";vlan-id 103;family inet {address 10.31.1.2/24;}}}fe-0/1/0 { # You must always configure physical interface statements forvlan-tagging; # logical system interfaces at the [edit interfaces] hierarchy level.encapsulation vlan-vpls;} fe-0/1/1 { vlan-tagging;} fe-0/1/2 { vlan-tagging;}lo0 {unit 0 {description "main router loopback";family inet {address 10.255.41.173/32;}}}}
routing-options {static {route 10.255.41.177/32 next-hop 10.31.1.1;}autonomous-system 500;}
protocols {bgp { # The main router uses BGP as the exterior gateway protocol.group to_main_ls {type internal;local-address 10.255.41.173;export export_address;neighbor 10.255.41.179;neighbor 10.255.41.175;}}ospf { # The main router uses OSPF as the interior gateway protocol.area 0.0.0.0 {interface lo0.0;interface fe-0/0/1.3;}}}
policy-options {policy-statement export_address {from {route-filter 10.255.41.177/32 exact;}then accept;}}
system {login {class LS1–admin {permissions all;logical-system LS1;}user LS1–admin {class LS1–admin;authentication plain-text password;New password: passwordRetype new password: password}}}
On Router P0, configure Logical Systems LS1, LS2, and the main router. For the logical system, you must configure physical interface properties at the main router [edit interfaces] hierarchy level and assign the logical interfaces to the logical systems. Next, you must configure protocols (such as RSVP, MPLS, BGP, and IS-IS), routing options, and policy options for the logical systems. Last, configure the same administrator for Logical System LS1 that you configured on Router PE1. Configure this same administrator for Logical System LS2 to have permission to view the LS2 configuration, but not change the configuration for LS2.
In this example, Logical System LS1 transports traffic for the red VPN that exists between routers CE1 and CE5. Logical System LS1 also connects the blue VPN that exists between routers CE2 and CE6. Logical System LS2 transports VPLS traffic between routers CE3 and CE7.
For the main router on Router P0, you can configure the router as usual. In this example, the main router transports traffic between routers CE4 and CE8. As a result, configure the interfaces and routing protocols (OSPF, BGP) to connect to the main router portion of routers PE1 and PE2.
Router P0
[edit]
logical-systems {LS1 { # The configuration for the first logical system begins here.interfaces {fe-1/1/3 {unit 1 { # This logical interface connects to LS1 on Router PE1.description "LS1 interface";vlan-id 101;family inet {address 10.11.2.2/24;}family iso;family mpls;}} so-1/2/0 {unit 1 { # This logical interface connects to LS1 on Router PE2.description "LS1 interface";dlci 101;family inet {address 10.11.3.1/24;}family iso;family mpls;}}lo0 {unit 1 {description "LS1 loopback";family inet {address 10.10.10.11/32;}family iso {address 47.1111.1111.1111.1112.00;}}}}protocols { # You configure RSVP, MPLS, and IS-IS for Logical System LS1.rsvp {interface all;}mpls {interface all;}isis {interface all;}}} LS2 { # The configuration for the second logical system begins here.interfaces {fe-1/1/3 { unit 0 { # This logical interface connects to LS2 on Router PE1.description "LS2 interface";vlan-id 100;family inet {address 10.1.2.2/24;}family iso;family mpls;}}so-1/2/0 { unit 0 { # This logical interface connects to LS2 on Router PE2.description "LS2 interface";dlci 100;family inet {address 10.1.3.1/24;}family iso;family mpls;}}lo0 {unit 2 {description "LS2 loopback";family inet {address 10.20.20.21/32;}family iso {address 47.2222.2222.2222.2223.00;}}}}protocols { # You configure RSVP, MPLS, and IS-IS for Logical System LS2.rsvp { interface all;}mpls { interface all;}isis { interface fe-1/1/3.0;interface so-1/2/0.0;interface lo0.2;}}}}
interfaces {fe-1/1/3 {vlan-tagging;unit 3 { # This logical interface connects to the main router on Router PE1.description "main router interface";vlan-id 103;family inet {address 10.31.2.2/24;}family iso;family mpls;}} so-1/2/0 { dce; # You must configure all physical interface statements for logicalencapsulation frame-relay; # routers at the [edit interfaces] hierarchy level. unit 3 { # This logical interface connects to the main router on Router PE2.description "main router interface";dlci 103;family inet {address 10.31.3.1/24;}family iso;family mpls;}}lo0 {unit 0 {description "main router loopback";family inet {address 10.255.41.175/32;}}}}
routing-options {autonomous-system 500;}
protocols { # You configure BGP and OSPF for the main router. bgp { group to_main_ls {type internal;local-address 10.255.41.175neighbor 10.255.41.179;neighbor 10.255.41.173;}} ospf { area 0.0.0.0 {interface lo0.0;interface fe-1/1/3.3;interface so-1/2/0.3;}}}
system {login {class LS1–admin {permissions all;logical-system LS1;}class LS1–onlooker {permissions view;logical-system LS2;}user LS1–admin {class LS1–admin;}}}
On Router PE2, create two VRF routing instances in Logical System LS1: red and blue. Configure the CE-facing logical interfaces so that traffic from Router CE5 is placed in the red VPN and traffic from Router CE6 is placed in the blue VPN. Next, create one logical interface on so-1/2/0.1 to connect to Logical System LS1 on Router P0.
Also on Router PE2, create a VPLS routing instance in Logical System LS2. Configure a logical interface so that traffic from Router CE7 is sent into the VPLS domain and connects to Logical System LS2 on Router P0.
Configure a logical interface to interconnect Router CE8 with the main router portion of Router P0.
Finally, you can optionally create a logical system administrator that has configuration privileges for Logical System LS1 and viewing privileges for Logical System LS2.
Router PE2
[edit]
logical-systems {LS1 { # The configuration for the first logical system begins here.interfaces {fe-0/2/0 {unit 1 { # This logical interface connects to Router CE5.description "routing-instance red interface";vlan-id 101;family inet {address 10.11.4.1/24;}}unit 2 { # This logical interface connects to Router CE6.description "routing-instance blue interface";vlan-id 102;family inet {address 10.21.4.1/24;}}}so-1/2/0 {unit 1 {# This is the core-facing interface for Logical System LS1.description "LS1 interface";dlci 101;family inet {address 10.11.3.2/24;}family iso;family mpls;}}lo0 {unit 1 {description "LS1 loopback";family inet {address 10.10.10.12/32;}family iso {address 47.1111.1111.1111.1113.00;}}}}protocols { rsvp {# You configure RSVP, MPLS, IS-IS, and BGP for Logical System LS1.interface all;}mpls {label-switched-path to_10.10.10.10 {to 10.10.10.10;}interface all;}bgp {group to_other_PE {type internal;local-address 10.10.10.12;family inet {any;}family inet-vpn {any;}neighbor 10.10.10.10;}}isis { interface all;}}policy-options {policy-statement from_bgp_to_ospf {then accept;}}routing-instances { blue {instance-type vrf; # You configure instance blue within Logical System LS1.interface fe-0/2/2.0;route-distinguisher 10.10.10.12:200;vrf-target target:20:20;protocols {bgp { # BGP connects the blue instance with Router CE6.group to_CE {local-address 10.21.4.1;peer-as 300;neighbor 10.21.4.2;}}}}red {instance-type vrf; # You configure instance red within Logical System LS1.interface fe-0/2/1.0;route-distinguisher 10.10.10.12:100;vrf-target target:10:10;protocols {ospf { # OSPF connects the red instance with Router CE5.export from_bgp_to_ospf;area 0.0.0.0 {interface all;}}}}}routing-options {autonomous-system 100;}}logical-systems {LS2 { # The configuration for the second logical system begins here.interfaces {fe-0/2/0 {unit 0 { # This logical interface connects to Router CE7.description "vpls interface";encapsulation vlan-vpls;vlan-id 600;family vpls;}}so-1/2/0 {unit 0 { # This is the core-facing interface for Logical System LS2.description "LS2 interface";dlci 100;family inet {address 10.1.3.2/24;}family iso;family mpls;}}lo0 {unit 2 {description "LS2 loopback";family inet {address 10.20.20.22/32;}family iso {address 47.2222.2222.2222.2224.00;}}}} protocols { # You configure RSVP, MPLS, IS-IS, and BGP for Logical System LS2.rsvp {interface all;}mpls {label-switched-path to_10.20.20.20 {to 10.20.20.20;}interface all;}bgp {group to_VPLS_PE {type internal;local-address 10.20.20.22;family l2vpn {signaling;}neighbor 10.20.20.20;}}isis {interface so-1/2/0.0;interface lo0.2;}}routing-instances {new {instance-type vpls; # You configure VPLS within Logical System LS2.interface fe-0/2/0.0;route-distinguisher 10.20.20.22:100;vrf-target target:30:30;protocols {vpls {site-range 10;site newPE {site-identifier 2;}}}}}routing-options {autonomous-system 400;}}interfaces {fe-0/2/0 { # You must always configure physical interface statements for thevlan-tagging; # logical system interfaces at the [edit interfaces] hierarchy level.encapsulation vlan-vpls;}fe-0/2/1 {vlan-tagging;}fe-0/2/2 {vlan-tagging;}fe-0/2/3 {vlan-tagging;unit 0 { # This logical interface in the main router of PE2 connects to CE8.description "main router to CE8";vlan-id 103;family inet {address 10.31.4.1/24;}}}so-1/2/0 {encapsulation frame-relay;unit 3 { # This is the core-facing interface for the main router of PE2.description "main router to P0";dlci 103;family inet {address 10.31.3.2/24;}family iso;family mpls;}}lo0 {unit 0 {description "main router loopback";family inet {address 10.155.41.179/32;}}}}routing-options {static {route 10.255.41.180/32 next-hop 10.31.4.2;}autonomous-system 500;}protocols { bgp {# The main router uses BGP as the exterior gateway protocol.group to_main_ls {type internal;local-address 10.255.41.179;export export_address;neighbor 10.255.41.173;neighbor 10.255.41.175;}} ospf {# The main router uses OSPF as the interior gateway protocol.area 0.0.0.0 {interface so-1/2/0.3;interface fe-0/2/3.0;interface lo0.0;}}}policy-options {policy-statement export_address {from {route-filter 10.255.41.180/32 exact;}then accept;}}}
system {login {class LS1–admin {permissions all;logical-system LS1;}class LS1–onlooker {permissions view;logical-system LS2;}user LS1–admin {class LS1–admin;}}}
On Router CE5, configure OSPF to connect to the red VPN in Logical System LS1 on Router PE2:
Router CE5
[edit]
interfaces {fe-0/3/1 {vlan-tagging;unit 0 {description "routing-instance red CE";vlan-id 101;family inet {address 10.11.4.2/24;}}}lo0 {unit 0 {family inet {address 10.11.4.100/32;}}}}
protocols {ospf {area 0.0.0.0 {interface fe-0/3/1.0;interface lo0.0;}}}
system {login {class LS1–admin {permissions all;logical-system LS1;}class LS1–onlooker {permissions view;logical-system LS2;}user LS1–admin {class LS1–admin;}}}
On Router CE6, configure BGP to connect to the blue VPN in Logical System LS1 on Router PE2:
Router CE6
[edit]
interfaces {fe-0/3/2 {vlan-tagging;unit 0 {description "routing-instance blue CE";vlan-id 102;family inet {address 10.21.4.2/24;}}}lo0 {unit 0 {family inet {address 10.21.4.100/32;}}}}
routing-options {autonomous-system 300;}
protocols {bgp {export export_loopback;group to_PE {type external;local-address 10.21.4.2;peer-as 100;neighbor 10.21.4.1;}}}
policy-options {policy-statement export_loopback {from {route-filter 10.21.4.100/32 exact;}then accept;}}
On Router CE7, configure the Fast Ethernet interface in VLAN 600 to connect with the VPLS routing instance in Logical System LS2 on Router PE2:
Router CE7
[edit]
interfaces {fe-0/3/0 {vlan-tagging;unit 0 {description "vpls interface";vlan-id 600;family inet {address 10.1.1.2/24;}}}}
On Router CE8, configure the Fast Ethernet interface to connect with the main router at Router PE2:
Router CE8
[edit]
interfaces {fe-0/3/3 {vlan-tagging;unit 0 {description "main router interface";vlan-id 103;family inet {address 10.31.4.2/24;}}}}
lo0 {unit 0 {family inet {address 10.255.41.180/32;}}}
Verification
Confirm that the configuration is working properly by running these commands:
- show bgp summary (logical-system logical-system-name)
- show isis adjacency (logical-system logical-system-name)
- show mpls lsp (logical-system logical-system-name)
- show (ospf | ospf3) neighbor (logical-system logical-system-name)
- show route (logical-system logical-system-name)
- show route protocol (logical-system logical-system-name)
- show rsvp session (logical-system logical-system-name )
The following sections show the output of commands used with the configuration example:
- Router CE1 Status
- Router CE2 Status
- Router CE3 Status
- Router PE1 Status: Main Router
- Router PE1 Status: Logical System LS1
- Router PE1 Status: Logical System LS2
- Router P0 Status: Main Router
- Router P0 Status: Main Router
- Router P0 Status: Logical System LS1
- Router P0 Status: Logical System LS2
- Router PE2 Status: Main Router
- Router PE2 Status: Logical System LS1
- Router PE2 Status: Logical System LS2
- Router CE5 Status
- Router CE6 Status
- Router CE7 Status
- Logical System Administrator Verification Output
Router CE1 Status
Purpose
Verify connectivity.
Action
user@CE1> show route table
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.11.1.0/24 *[Direct/0] 00:20:20
> via fe-1/0/1.0
10.11.1.1/32 *[Local/0] 00:20:24
Local via fe-1/0/1.0
10.11.1.100/32 *[Direct/0] 00:21:53
> via lo0.0
10.11.4.0/24 *[OSPF/150] 00:18:30, metric 0, tag 3489661028
> to 10.11.1.2 via fe-1/0/1.0
10.11.4.100/32 *[OSPF/10] 00:18:30, metric 2
> to 10.11.1.2 via fe-1/0/1.0
224.0.0.5/32 *[OSPF/10] 00:21:58, metric 1
MultiRecv
Router CE2 Status
Purpose
Verify connectivity.
Action
user@CE2> show route table
inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.21.1.0/24 *[Direct/0] 00:20:30
> via fe-1/0/2.0
10.21.1.1/32 *[Local/0] 00:20:34
Local via fe-1/0/2.0
10.21.1.100/32 *[Direct/0] 00:22:03
> via lo0.0
10.21.4.0/24 *[BGP/170] 00:18:43, localpref 100
AS path: 100 I
> to 10.21.1.2 via fe-1/0/2.0
10.21.4.100/32 *[BGP/170] 00:18:43, localpref 100
AS path: 100 300 I
> to 10.21.1.2 via fe-1/0/2.0
Router CE3 Status
Purpose
Verify connectivity.
Action
user@CE3> show route table
inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.1.0/24 *[Direct/0] 00:20:13
> via fe-1/0/0.0
10.1.1.1/32 *[Local/0] 00:20:17
Local via fe-1/0/0.0
Router PE1 Status: Main Router
Purpose
Verify BGP operation.
Action
user@PE1> show bgp summary
Groups: 1 Peers: 2 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 1 0 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/DwnState|#Active/Received/Damped... 10.255.41.175 500 5 8 0 0 2:31 0/0/0 0/0/0 10.255.41.179 500 6 9 0 0 2:35 0/1/0 0/0/0
user@PE1> show route protocol bgp
inet.0: 20 destinations, 21 routes (20 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.255.41.180/32 [BGP/170] 00:02:48, localpref 100, from 10.255.41.179
AS path: I
> to 10.31.2.2 via fe-0/0/1.3
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
user@PE1> show ospf neighbor
Address Interface State ID Pri Dead
10.31.2.2 fe-0/0/1.3 Full 10.255.41.175 128 32
user@PE1> show isis adjacency
IS-IS instance is not running
Router PE1 Status: Logical System LS1
Purpose
Verify BGP operation.
Action
user@PE1> show bgp summary logical-system LS1 Groups: 2 Peers: 2 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending bgp.l3vpn.0 4 4 0 0 0 0 bgp.l3vpn.2 0 0 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/DwnState|#Active/Received/Damped... 10.10.10.12 100 13 14 0 0 2:50 Establ bgp.l3vpn.0: 4/4/0 bgp.l3vpn.2: 0/0/0 blue.inet.0: 2/2/0 red.inet.0: 2/2/0 10.21.1.1 200 13 14 0 0 4:33 Establ blue.inet.0: 1/1/0
Red VPN
The master administrator or logical system administrator can issue the following command to view the output for a specific logical system.
user@PE1> show route logical-system LS1 table
red red.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.11.1.0/24 *[Direct/0] 00:04:51
> via fe-0/1/1.0
10.11.1.2/32 *[Local/0] 00:05:45
Local via fe-0/1/1.0
10.11.1.100/32 *[OSPF/10] 00:04:02, metric 1
> to 10.11.1.1 via fe-0/1/1.0
10.11.4.0/24 *[BGP/170] 00:03:05, localpref 100, from 10.10.10.12
AS path: I
> to 10.11.2.2 via fe-0/0/1.1, label-switched-path to_10.10.10.12
10.11.4.100/32 *[BGP/170] 00:03:05, MED 1, localpref 100, from 10.10.10.12
AS path: I
> to 10.11.2.2 via fe-0/0/1.1, label-switched-path to_10.10.10.12
224.0.0.5/32 *[OSPF/10] 00:07:02, metric 1
MultiRecv
Blue VPN
The master administrator or logical system administrator can issue the following command to view the output for a specific logical system.
user@PE1> show route logical-system LS1 table
blue blue.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.21.1.0/24 *[Direct/0] 00:05:29
> via fe-0/1/2.0
10.21.1.2/32 *[Local/0] 00:06:23
Local via fe-0/1/2.0
10.21.1.100/32 *[BGP/170] 00:05:26, localpref 100
AS path: 200 I
> to 10.21.1.1 via fe-0/1/2.0
10.21.4.0/24 *[BGP/170] 00:03:43, localpref 100, from 10.10.10.12
AS path: I
> to 10.11.2.2 via fe-0/0/1.1, label-switched-path to_10.10.10.12
10.21.4.100/32 *[BGP/170] 00:03:43, localpref 100, from 10.10.10.12
AS path: 300 I
> to 10.11.2.2 via fe-0/0/1.1, label-switched-path to_10.10.10.12
user@PE1> show route logical-system LS1 table inet.0
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.10.10.10/32 *[Direct/0] 00:08:05
> via lo0.1
10.10.10.11/32 *[IS-IS/15] 00:05:07, metric 10
> to 10.11.2.2 via fe-0/0/1.1
10.10.10.12/32 *[IS-IS/15] 00:04:58, metric 20
> to 10.11.2.2 via fe-0/0/1.1
10.11.2.0/24 *[Direct/0] 00:05:38
> via fe-0/0/1.1
10.11.2.1/32 *[Local/0] 00:06:51
Local via fe-0/0/1.1
10.11.3.0/24 *[IS-IS/15] 00:05:07, metric 20
> to 10.11.2.2 via fe-0/0/1.1
user@PE1> ping logical-system LS1 routing-instance red 10.11.4.100
PING 10.11.4.100 (10.11.4.100): 56 data bytes
64 bytes from 10.11.4.100: icmp_seq=0 ttl=251 time=1.055 ms
^C
--- 10.11.4.100 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.055/1.055/1.055/0.000 ms
Router PE1 Status: Logical System LS2
Purpose
Verify VPLS operation.
Action
user@PE1> show vpls connections logical-system
LS2 Layer-2 VPN Connections:
Legend for connection status (St)
OR -- out of range WE -- intf encaps != instance encaps
EI -- encapsulation invalid Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit down
CM -- control-word mismatch -> -- only outbound conn is up
CN -- circuit not provisioned <- -- only inbound conn is up
OL -- no outgoing label Up -- operational
NC -- intf encaps not CCC/TCC XX -- unknown
NP -- intf h/w not present
Legend for interface status
Up -- operational
Dn -- down
Instance: new
Local site: newPE (1)
connection-site Type St Time last up # Up trans
2 rmt Up Jul 16 14:05:25 2003 1
Local interface: vt-1/2/0.49152, Status: Up, Encapsulation: VPLS
Remote PE: 10.20.20.22, Negotiated control-word: No
Incoming label: 800001, Outgoing label: 800000
Router P0 Status: Main Router
Purpose
Verify connectivity.
Action
user@P0> show interfaces terse lo0Interface Admin Link Proto Local Remote
lo0 up up
lo0.0 up up inet 10.255.41.175 --> 0/0
127.0.0.1 --> 0/0
iso 47.0005.80ff.f800.0000.0108.0003.0102.5501.4175.00
inet6 fe80::2a0:a5ff:fe12:2b09
feee::10:255:14:175
lo0.1 up up inet 10.10.10.11 --> 0/0
iso 47.1111.1111.1111.1112.00
lo0.2 up up inet 10.20.20.21 --> 0/0
iso 47.2222.2222.2222.2223.00
lo0.16383 up up inet
user@P0> show ospf neighbor Address Interface State ID Pri Dead 10.31.2.1 fe-1/1/3.3 Full 10.255.41.173 128 34 10.31.3.2 so-1/2/0.3 Full 10.255.41.179 128 37
Router P0 Status: Main Router
Purpose
Verify routing protocols operation.
Action
user@P0> show interfaces terse lo0Interface Admin Link Proto Local Remote
lo0 up up
lo0.0 up up inet 10.255.41.175 --> 0/0
127.0.0.1 --> 0/0
iso 47.0005.80ff.f800.0000.0108.0003.0102.5501.4175.00
inet6 fe80::2a0:a5ff:fe12:2b09
feee::10:255:14:175
lo0.1 up up inet 10.10.10.11 --> 0/0
iso 47.1111.1111.1111.1112.00
lo0.2 up up inet 10.20.20.21 --> 0/0
iso 47.2222.2222.2222.2223.00
lo0.16383 up up inet
user@P0> show ospf neighbor Address Interface State ID Pri Dead 10.31.2.1 fe-1/1/3.3 Full 10.255.41.173 128 34 10.31.3.2 so-1/2/0.3 Full 10.255.41.179 128 37
Router P0 Status: Logical System LS1
Purpose
Verify routing protocols operation.
Action
user@P0> show isis adjacency logical-system
LS1 Interface System L State Hold (secs) SNPA
fe-1/1/3.1 PE1 2 Up 21 0:90:69:9:4:1
fe-1/1/3.1 PE1 1 Up 24 0:90:69:9:4:1
so-1/2/0.1 PE2 3 Up 25
user@P0> show bgp summary logical-system LS1
BGP is not running
user@P0> show route protocol isis logical-system LS1
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.10.10.10/32 *[IS-IS/15] 00:09:15, metric 10
> to 10.11.2.1 via fe-1/1/3.1
10.10.10.12/32 *[IS-IS/15] 00:09:39, metric 10
> to 10.11.3.2 via so-1/2/0.1
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
mpls.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
Router P0 Status: Logical System LS2
Purpose
Verify routing protocols operation.
Action
user@P0> show bgp summary logical-system LS2 BGP is not running
user@P0> show isis adjacency logical-system LS2
Interface System L State Hold (secs) SNPA
fe-1/1/3.0 PE1 2 Up 24 0:90:69:9:4:1
fe-1/1/3.0 PE1 1 Up 23 0:90:69:9:4:1
so-1/2/0.0 PE2 3 Up 24
user@P0> show route protocol isis logical-system LS2
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.20.20.20/32 *[IS-IS/15] 00:09:44, metric 10
> to 10.1.2.1 via fe-1/1/3.0
10.20.20.22/32 *[IS-IS/15] 00:09:45, metric 10
> to 10.1.3.2 via so-1/2/0.0
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
mpls.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
Router PE2 Status: Main Router
Purpose
Verify routing protocols operation.
Action
user@PE2> show ospf neighbor
Address Interface State ID Pri Dead 10.31.4.2 fe-0/2/3.0 Full 10.255.41.180 128 38 10.31.3.1 so-1/2/0.3 Full 10.255.41.175 128 36
user@PE2> show interfaces terse lo0
Interface Admin Link Proto Local Remote
lo0 up up
lo0.0 up up inet 10.255.41.179 --> 0/0
127.0.0.1 --> 0/0
iso 47.0005.80ff.f800.0000.0108.0003.0102.5501.4179.00
inet6 fe80::2a0:a5ff:fe12:29ff
feee::10:255:14:179
lo0.1 up up inet 10.10.10.12 --> 0/0
iso 47.1111.1111.1111.1113.00
lo0.2 up up inet 10.20.20.22 --> 0/0
iso 47.2222.2222.2222.2224.00
lo0.16383 up up inet
user@PE2> show bgp summary
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/DwnState|#Active/Received/Damped...
10.255.41.175 500 24 27 0 0 11:46 0/0/0 0/0/0
10.255.41.173 500 25 25 0 0 11:11 1/1/0 0/0/0
user@PE2> show route protocol ospf
inet.0: 20 destinations, 22 routes (19 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
10.255.41.175/32 *[OSPF/10] 00:00:20, metric 1
> via so-1/2/0.3
10.255.41.180/32 [OSPF/10] 00:00:20, metric 1
> to 10.31.4.2 via fe-0/2/3.0
10.255.41.173/32 *[OSPF/10] 00:00:20, metric 2
> via so-1/2/0.3
10.31.2.0/24 *[OSPF/10] 00:00:20, metric 2
> via so-1/2/0.3
10.31.3.0/24 [OSPF/10] 00:00:20, metric 1
> via so-1/2/0.3
224.0.0.5/32 *[OSPF/10] 00:13:46, metric 1
MultiRecv
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
user@PE2> show route protocol bgp
inet.0: 20 destinations, 22 routes (19 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
10.255.41.177/32 *[BGP/170] 00:11:23, localpref 100, from 10.255.41.173
AS path: I
> via so-1/2/0.3
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
Router PE2 Status: Logical System LS1
Purpose
Verify routing protocols operation.
Action
user@PE2> show bgp summary logical-system LS1 Groups: 2 Peers: 2 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 0 0 0 0 0 0 inet.2 0 0 0 0 0 0 bgp.l3vpn.0 4 4 0 0 0 0 bgp.l3vpn.2 0 0 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Damped... 10.10.10.10 100 29 31 0 0 11:25 Establ bgp.l3vpn.0: 4/4/0 bgp.l3vpn.2: 0/0/0 blue.inet.0: 2/2/0 red.inet.0: 2/2/0 10.21.4.2 300 27 28 0 0 11:40 Establ blue.inet.0: 1/1/0
Red VPN
user@PE2> show route logical-system LS1 table
red red.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.11.1.0/24 *[BGP/170] 00:12:02, localpref 100, from 10.10.10.10
AS path: I
> via so-1/2/0.1, label-switched-path to_10.10.10.10
10.11.1.100/32 *[BGP/170] 00:12:02, MED 1, localpref 100, from 10.10.10.10
AS path: I
> via so-1/2/0.1, label-switched-path to_10.10.10.10
10.11.4.0/24 *[Direct/0] 00:13:22
> via fe-0/2/1.0
10.11.4.1/32 *[Local/0] 00:13:29
Local via fe-0/2/1.0
10.11.4.100/32 *[OSPF/10] 00:12:35, metric 1
> to 10.11.4.2 via fe-0/2/1.0
224.0.0.5/32 *[OSPF/10] 00:15:02, metric 1
MultiRecv
Blue VPN
user@PE2> show route logical-system LS1 table
blue blue.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.21.1.0/24 *[BGP/170] 00:13:12, localpref 100, from 10.10.10.10
AS path: I
> via so-1/2/0.1, label-switched-path to_10.10.10.10
10.21.1.100/32 *[BGP/170] 00:13:12, localpref 100, from 10.10.10.10
AS path: 200 I
> via so-1/2/0.1, label-switched-path to_10.10.10.10
10.21.4.0/24 *[Direct/0] 00:14:32
> via fe-0/2/2.0
10.21.4.1/32 *[Local/0] 00:14:39
Local via fe-0/2/2.0
10.21.4.100/32 *[BGP/170] 00:13:27, localpref 100
AS path: 300 I
> to 10.21.4.2 via fe-0/2/2.0
user@PE2> show mpls lsp logical-system LS1
Ingress LSP: 1 sessions
To From State Rt ActivePath P LSPname
10.10.10.10 10.10.10.12 Up 0 * to_10.10.10.10
Total 1 displayed, Up 1, Down 0
Egress LSP: 1 sessions
To From State Rt Style Labelin Labelout LSPname
10.10.10.12 10.10.10.10 Up 0 1 FF 3 - to_10.10.10.12
Total 1 displayed, Up 1, Down 0
Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0
user@PE2> show rsvp session logical-system LS1
Ingress RSVP: 1 sessions
To From State Rt Style Labelin Labelout LSPname
10.10.10.10 10.10.10.12 Up 0 1 FF - 100000 to_10.10.10.10
Total 1 displayed, Up 1, Down 0
Egress RSVP: 1 sessions
To From State Rt Style Labelin Labelout LSPname
10.10.10.12 10.10.10.10 Up 0 1 FF 3 - to_10.10.10.12
Total 1 displayed, Up 1, Down 0
Transit RSVP: 0 sessions
Total 0 displayed, Up 0, Down 0
Router PE2 Status: Logical System LS2
Purpose
Verify routing protocols operation.
Action
user@PE2> show vpls connections logical-system
LS2 Layer-2 VPN Connections:
Legend for connection status (St)
OR -- out of range WE -- intf encaps != instance encaps
EI -- encapsulation invalid Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit down
CM -- control-word mismatch -> -- only outbound conn is up
CN -- circuit not provisioned <- -- only inbound conn is up
OL -- no outgoing label Up -- operational
NC -- intf encaps not CCC/TCC XX -- unknown
NP -- intf h/w not present
Legend for interface status
Up -- operational
Dn -- down
Instance: new
Local site: newPE (2)
connection-site Type St Time last up # Up trans
1 rmt Up Jul 16 14:05:25 2003 1
Local interface: vt-1/1/0.40960, Status: Up, Encapsulation: VPLS
Remote PE: 10.20.20.20, Negotiated control-word: No
Incoming label: 800000, Outgoing label: 800001
user@PE2> show bgp summary logical-system LS2 Groups: 1 Peers: 1 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending bgp.l2vpn.0 1 1 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/DwnState|#Active/Received/Damped... 10.20.20.20 400 29 31 0 0 13:29 Establ bgp.l2vpn.0: 1/1/0 new.l2vpn.0: 1/1/0
user@PE2> show mpls lsp logical-system LS2 Ingress LSP: 1 sessions To From State Rt ActivePath P LSPname 10.20.20.20 10.20.20.22 Up 0 * to_10.20.20.20 Total 1 displayed, Up 1, Down 0 Egress LSP: 1 sessions To From State Rt Style Labelin Labelout LSPname 10.20.20.22 10.20.20.20 Up 0 1 FF 3 - to_10.20.20.22 Total 1 displayed, Up 1, Down 0 Transit LSP: 0 sessions Total 0 displayed, Up 0, Down 0 user@PE2> show rsvp session logical-system LS2 Ingress RSVP: 1 sessions To From State Rt Style Labelin Labelout LSPname 10.20.20.20 10.20.20.22 Up 0 1 FF - 100016 to_10.20.20.20 Total 1 displayed, Up 1, Down 0 Egress RSVP: 1 sessions To From State Rt Style Labelin Labelout LSPname 10.20.20.22 10.20.20.20 Up 0 1 FF 3 - to_10.20.20.22 Total 1 displayed, Up 1, Down 0 Transit RSVP: 0 sessions Total 0 displayed, Up 0, Down 0
Router CE5 Status
Purpose
Verify connectivity.
Action
user@CE5> show route table
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.11.1.0/24 *[OSPF/150] 00:19:47, metric 0, tag 3489661028
> to 10.11.4.1 via fe-0/3/1.0
10.11.1.100/32 *[OSPF/10] 00:19:47, metric 2
> to 10.11.4.1 via fe-0/3/1.0
10.11.4.0/24 *[Direct/0] 00:21:12
> via fe-0/3/1.0
10.11.4.2/32 *[Local/0] 00:21:24
Local via fe-0/3/1.0
10.11.4.100/32 *[Direct/0] 00:22:37
> via lo0.0
224.0.0.5/32 *[OSPF/10] 00:22:44, metric 1
MultiRecv
Router CE6 Status
Purpose
Verify connectivity.
Action
user@CE6> show route table
inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.21.1.0/24 *[BGP/170] 00:19:53, localpref 100
AS path: 100 I
> to 10.21.4.1 via fe-0/3/2.0
10.21.1.100/32 *[BGP/170] 00:19:53, localpref 100
AS path: 100 200 I
> to 10.21.4.1 via fe-0/3/2.0
10.21.4.0/24 *[Direct/0] 00:21:16
> via fe-0/3/2.0
10.21.4.2/32 *[Local/0] 00:21:28
Local via fe-0/3/2.0
10.21.4.100/32 *[Direct/0] 00:22:41
> via lo0.0
Router CE7 Status
Purpose
Verify connectivity.
Action
user@CE7> show route table
inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.1.0/24 *[Direct/0] 00:21:03
> via fe-0/3/0.0
10.1.1.2/32 *[Local/0] 00:21:15
Local via fe-0/3/0.0
Logical System Administrator Verification Output
Purpose
Because logical system administrators only have access to the configuration information of the logical systems to which they are assigned, the verification output is limited to these logical systems as well. The following output shows what the logical system administrator LS1-admin in this example configuration would see.
To verify that each pair of CE routers has end-to-end connectivity, issue the ping command on Routers CE1, CE2, and CE3:
Action
From CE1, ping CE5 (the Red VPN).
From CE2, ping CE6 (the Blue VPN).
From CE3, ping CE7 (the VPLS).
user@CE1> ping 10.11.4.100
PING 10.11.4.100 (10.11.4.100): 56 data bytes 64 bytes from 10.11.4.100: icmp_seq=0 ttl=252 time=1.216 ms 64 bytes from 10.11.4.100: icmp_seq=1 ttl=252 time=1.052 ms ^C --- 10.11.4.100 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.052/1.134/1.216/0.082 ms
user@CE2> ping 10.21.4.100
PING 10.21.4.100 (10.21.4.100): 56 data bytes 64 bytes from 10.21.4.100: icmp_seq=0 ttl=252 time=1.205 ms 64 bytes from 10.21.4.100: icmp_seq=1 ttl=252 time=1.021 ms ^C --- 10.21.4.100 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.021/1.113/1.205/0.092 ms
user@CE3> ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2): 56 data bytes 64 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=1.186 ms 64 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.091 ms 64 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.081 ms ^C --- 10.1.1.2 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.081/1.119/1.186/0.047 ms
