[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Example: Layer 2.5 VPN Configuration

This section contains a configuration example and commands you can issue to verify your Layer 2.5 VPN configuration:

Figure 41: Layer 2.5 VPN Topology Diagram

Image g017141.gif

In Figure 41, ATM is configured between CE1 and PE1 and Frame Relay is configured between PE2 and CE2. To begin the Layer 2 VPN configuration, enable ATM and the corresponding encapsulation on CE1.

Router CE1

[edit]
interfaces
at-1/1/0 {
description "to PE1 at-0/3/0";
atm-options {
vpi 0 maximum-vcs 2000;
}
unit 32 {
vci 32;
encapsulation atm-vc-mux;
family inet {
address 10.1.1.1/30;
}
}
}

The first provider edge (PE1) router uses ATM TCC encapsulation on the ATM VC connecting to CE1. After this, standard Layer 2 VPN design rules apply. You use MPLS on interfaces pointing toward the core and the edge, establish a Layer 2 VPN BGP peer relationship with PE2, use LDP or Resource Reservation Protocol (RSVP) for traffic traveling through the core, and configure the proper VRF instance. Finally, you create policies for PE1 that will set a private community tag on outbound BGP traffic heading to PE2 and accept incoming traffic that matches similar community traffic from PE2.

Router PE1

[edit]
interfaces {
at-0/3/0 {
description "to CE1 at-1/1/0";
atm-options {
vpi 0 maximum-vcs 2000;
}
unit 32 {
encapsulation atm-tcc-vc-mux;
vci 32;
}
}
so-1/0/0 {
description "to P so-1/0/0";
unit 0 {
family inet {
address 192.168.255.86/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.174/32;
}
}
}
}
protocols {
mpls {
interface at-0/3/0.32;
interface so-1/0/0.0;
}
bgp {
group my-internal-peers {
type internal;
local-address 10.255.255.174;
family l2vpn {
signaling;
}
neighbor 10.255.255.177;
}
}
ldp {
interface so-1/0/0.0;
}
}
policy-options {
policy-statement companyA-import {
term T1 {
from {
protocol bgp;
community companyA;
}
then accept;
}
term Final {
then reject;
}
}
policy-statement companyA-export {
term T1 {
then {
community add companyA;
accept;
}
}
term Final {
then reject;
}
}
community companyA members target:100:1;
}
routing-instances {
companyA {
instance-type l2vpn;
interface at-0/3/0.32;
route-distinguisher 10.255.255.174:1;
vrf-import companyA-import;
vrf-export companyA-export;
protocols {
l2vpn {
encapsulation-type interworking;
site Denver {
site-identifier 1;
interface at-0/3/0.32 {
remote-site-id 2;
}
}
}
}
}
}

On the provider core router (P), you need only enable MPLS and LDP on the interfaces that bridge the gap between the PE routers.

Router P

[edit]
interfaces {
so-1/0/0 {
description "to PE1 so-1/0/0";
unit 0 {
family inet {
address 192.168.255.85/30;
}
family mpls;
}
}
fe-1/1/0 {
description "to PE2 fe-1/1/2";
unit 0 {
family inet {
address 192.168.255.93/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.173/32;
}
}
}
}
protocols {
mpls {
interface so-1/0/0.0;
interface fe-1/1/0.0;
}
ldp {
interface so-1/0/0.0;
interface fe-1/1/0.0;
}
}

The PE2 router uses Frame Relay TCC encapsulation on the Frame Relay DLCI connecting to CE2. To establish the Layer 2.5 VPN, follow the same steps you used to configure PE1. You use MPLS on interfaces pointing toward the core and the edge, establish a Layer 2 VPN BGP peer relationship with PE1, use LDP or RSVP for traffic traveling through the core, and configure the proper VRF instance. Finally, you create policies on PE2 that will set a private community tag on outbound BGP traffic heading to PE1 and accept incoming traffic that matches similar community traffic from PE1.

Router PE2

[edit]
interfaces {
fe-1/1/2 {
description "to P fe-1/1/0";
unit 0 {
family inet {
address 192.168.255.94/30;
}
family mpls;
}
}
so-1/2/1 {
description "to CE2 so-1/2/1";
dce;
encapsulation frame-relay-tcc;
unit 600 {
encapsulation frame-relay-tcc;
dlci 600;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.177/32;
}
}
}
}
protocols {
mpls {
interface fe-1/1/2.0;
interface so-1/2/1.600;
}
bgp {
group my-internal-peers {
type internal;
local-address 10.255.255.177;
family l2vpn {
signaling;
}
neighbor 10.255.255.174;
}
}
}
ldp {
interface fe-1/1/2.0;
}
policy-options {
policy-statement companyA-import {
term T1 {
from {
protocol bgp;
community companyA;
}
then accept;
}
term Final {
then reject;
}
}
policy-statement companyA-export {
term T1 {
then {
community add companyA;
accept;
}
}
term Final {
then reject;
}
}
community companyA members target:100:1;
}
routing-instances {
companyA {
instance-type l2vpn;
interface so-1/2/1.600;
route-distinguisher 10.255.255.177:1;
vrf-import companyA-import;
vrf-export companyA-export;
protocols {
l2vpn {
encapsulation-type interworking;
site NewYork {
site-identifier 2;
interface so-1/2/1.600 {
remote-site-id 1;
}
}
}
}
}
}

To complete the Layer 2.5 VPN configuration, enable Frame Relay encapsulation on CE2.

Router CE2

[edit]
interfaces
so-1/2/1 {
description "to PE2 so-1/2/1";
encapsulation frame-relay;
unit 600 {
dlci 600;
family inet {
address 10.1.1.2/30;
}
}
}

Verifying Your Work

To verify the operational status of your Layer 2.5 VPN, use the following commands:

To view sample output of these commands as used with the configuration example, see the following:

Router PE1 Status


user@PE1> show route forwarding-table 
<snip>
Routing table:: ccc
MPLS:
Interface.Label    Type RtRef Nexthop           Type Index NhRef Netif
default            perm     0                   dscd    10     1
0                  user     0                   recv    12     2
1                  user     0                   recv    12     2
100128             user     0                   Pop           so-1/0/0.0
100128(S=0)        user     0                   Pop           so-1/0/0.0
100129             user     0                   Swap  100000  so-1/0/0.0
800001             user     0                   ucst   137     1 at-0/3/0.32
at-0/3/0. (CCC)    user     0                   indr   133     2
                                                Push 800000, Push 100000(top)
so-1/0/0.0
<snip>

user@PE1> show ldp database 
Input label database, 10.255.255.174:0-10.255.255.173:0
  Label     Prefix
 100002     10.255.255.174/32
 100000     10.255.255.177/32
      3     10.255.255.173/32
Output label database, 10.255.255.174:0-10.255.255.173:0
  Label     Prefix
 100128     10.255.255.173/32
 100129     10.255.255.177/32
      3     10.255.255.174/32

user@PE1> show l2vpn connections 
L2VPN Connections:
Legend for connection status (St)   Legend for interface status
OR -- out of range                  up -- operational
EI -- encapsulation invalid         Dn -- down
EM -- encapsulation mismatch        NP -- no present
CN -- circuit not present           DS -- disabled
OL -- no outgoing label             WE -- wrong encapsulation
Dn -- down                          UN -- uninitialized
VC-Dn -- Virtual circuit down
WE -- intf encaps != instance encaps
-> -- only outbound conn is up
<- -- only inbound  conn is up
UP -- operational
XX -- unknown
Instance: companyA
Local site: Denver (1)
    connection-site           Type  St     Time last up          # Up trans
    2                         rmt   Up     Nov 30 08:21:07 2001           1
      Local interface: at-0/3/0.32, Status: Up, Encapsulation: INTERWORKING
      Remote PE: 10.255.255.177
      Incoming label: 800001, Outgoing label: 800000

user@PE1> show bgp summary 
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0                 0          0          0          0          0          0
bgp.l2vpn.0            1          1          0          0          0          0
Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/DwnState|#Active/Received/Damped...
10.255.255.177      69         49         45       0       1       19:16 Establ
  bgp.l2vpn.0: 1/1/0
  companyA.l2vpn.0: 1/1/0

user@PE1> show route 
<snip>
mpls.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0                  *[MPLS/0] 1d 18:54:24, metric 1
                      Receive
1                  *[MPLS/0] 1d 18:54:24, metric 1
                      Receive
100128             *[LDP/9] 00:24:03, metric 1
                    > via so-1/0/0.0, Pop
100128(S=0)        *[LDP/9] 00:24:03, metric 1
                    > via so-1/0/0.0, Pop
100129             *[LDP/9] 00:24:03, metric 1
                    > via so-1/0/0.0, Swap 100000
800001             *[L2VPN/7] 00:10:35
                    > via at-0/3/0.32, Pop      [0]
at-0/3/0.32        *[L2VPN/7] 00:10:35
                    > via so-1/0/0.0, Push 800000, Push 100000(top)
companyA.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:1:1:1        /96
                   *[L2VPN/7] 00:19:55
                      Discard
1:1:2:1        /96
                   *[BGP/170] 00:06:46, localpref 100, from 10.255.255.177
                      AS path: I
                    > via so-1/0/0.0, Push 100000
bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:1:2:1        /96
                   *[BGP/170] 00:10:35, localpref 100, from 10.255.255.177
                      AS path: I
                    > via so-1/0/0.0, Push 100000
<snip>

Router PE2 Status


user@vpn07> show route forwarding-table 
<snip>
Routing table:: ccc
MPLS:
Interface.Label    Type RtRef Nexthop           Type Index NhRef Netif
default            perm     0                   dscd     8     1
0                  user     0                   recv    10     2
1                  user     0                   recv    10     2
100002             user     0                   Pop           fe-1/1/2.0
100002(S=0)        user     0                   Pop           fe-1/1/2.0
100003             user     0                   Swap  100002  fe-1/1/2.0
800000             user     0                   ucst    60     1 so-1/2/1.0
so-1/2/1. (CCC)    user     0                   indr    59     2
<snip>

user@vpn07> show ldp database 
Input label database, 10.255.255.177:0-10.255.255.173:0
  Label     Prefix
 100000     10.255.255.177/32
      3     10.255.255.173/32
 100002     10.255.255.174/32
Output label database, 10.255.255.177:0-10.255.255.173:0
  Label     Prefix
 100002     10.255.255.173/32
      3     10.255.255.177/32
 100003     10.255.255.174/32

user@vpn07> show l2vpn connections 
L2VPN Connections:
Legend for connection status (St)   Legend for interface status
OR -- out of range                  up -- operational
EI -- encapsulation invalid         Dn -- down
EM -- encapsulation mismatch        NP -- no present
CN -- circuit not present           DS -- disabled
OL -- no outgoing label             WE -- wrong encapsulation
Dn -- down                          UN -- uninitialized
VC-Dn -- Virtual circuit down
WE -- intf encaps != instance encaps
-> -- only outbound conn is up
<- -- only inbound  conn is up
UP -- operational
XX -- unknown
Instance: companyA
Local site: NewYork (2)
    connection-site           Type  St     Time last up          # Up trans
    1                         rmt   Up     Nov 30 08:21:01 2001           1
      Local interface: so-1/2/1.0, Status: Up, Encapsulation: INTERWORKING
      Remote PE: 10.255.255.174
      Incoming label: 800000, Outgoing label: 800001

user@vpn07> show bgp summary 
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l2vpn.0            1          1          0          0          0          0
inet.0                 0          0          0          0          0          0
Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/DwnState|#Active/Received/Damped...
10.255.255.174      69         45         52       0       0       20:20 Establ
  bgp.l2vpn.0: 1/1/0
  companyA.l2vpn.0: 1/1/0

user@vpn07> show route 
<snip>
mpls.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0                  *[MPLS/0] 02:34:04, metric 1
                      Receive
1                  *[MPLS/0] 02:34:04, metric 1
                      Receive
100002             *[LDP/9] 00:25:39, metric 1
                    > via fe-1/1/2.0, Pop
100002(S=0)        *[LDP/9] 00:25:39, metric 1
                    > via fe-1/1/2.0, Pop
100003             *[LDP/9] 00:25:01, metric 1
                    > via fe-1/1/2.0, Swap 100002
800000             *[L2VPN/7] 00:07:50
                    > via so-1/2/1.0, Pop      [0]
so-1/2/1.0         *[L2VPN/7] 00:07:50
                    > via fe-1/1/2.0, Push 800001, Push 100002(top)
companyA.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:1:1:1        /96
                   *[BGP/170] 00:04:59, localpref 100, from 10.255.255.174
                      AS path: I
                    > via fe-1/1/2.0, Push 100002
1:1:2:1        /96
                   *[L2VPN/7] 00:11:34
                      Discard
bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:1:1:1        /96
                   *[BGP/170] 00:11:38, localpref 100, from 10.255.255.174
                      AS path: I
                    > via fe-1/1/2.0, Push 100002
<snip>

Router P Status


user@P> show ldp database 
Input label database, 10.255.255.173:0-10.255.255.174:0
  Label     Prefix
 100128     10.255.255.173/32
 100129     10.255.255.177/32
      3     10.255.255.174/32
Output label database, 10.255.255.173:0-10.255.255.174:0
  Label     Prefix
      3     10.255.255.173/32
 100000     10.255.255.177/32
 100002     10.255.255.174/32
Input label database, 10.255.255.173:0-10.255.255.177:0
  Label     Prefix
      3     10.255.255.177/32
 100002     10.255.255.173/32
 100003     10.255.255.174/32
Output label database, 10.255.255.173:0-10.255.255.177:0
  Label     Prefix
      3     10.255.255.173/32
 100000     10.255.255.177/32
 100002     10.255.255.174/32
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]