Example: Layer 3 VPN Graceful Restart Configuration
Figure 13 shows a standard MPLS VPN network. Routers CE1 and CE2 are customer edge routers, PE1 and PE2 are provider edge routers, and P0 is a provider core router. Several Layer 3 VPNs are configured across this network, as well as one Layer 2 VPN. Interfaces are shown in the diagram and are not included in the configuration example below.
On router CE1, configure the following protocols on the logical interfaces of t3-3/1/0: OSPF on unit 101, RIP on unit 102, BGP on unit 103, and IS-IS on unit 512. Also configure graceful restart, BGP, IS-IS, OSPF and RIP on the main instance to be able to connect to the routing instances on router PE1.
CE1
[edit]
interfaces {
t3-3/1/0 {
encapsulation frame-relay;
unit 100 {
dlci 100;
family inet {
address 10.96.100.2/30;
}
}
unit 101 {
dlci 101;
family inet {
address 10.96.101.2/30;
}
}
unit 102 {
dlci 102;
family inet {
address 10.96.102.2/30;
}
}
unit 103 {
dlci 103;
family inet {
address 10.96.103.2/30;
}
}
unit 512 {
dlci 512;
family inet {
address 10.96.252.1/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.245.14.172/32;
primary;
}
address 10.96.110.1/32;
address 10.96.111.1/32;
address 10.96.112.1/32;
address 10.96.113.1/32;
address 10.96.116.1/32;
}
family iso {
address 47.0005.80ff.f800.0000.0108.0001.0102.4501.4172.00;
}
}
}
}
routing-options {
graceful-restart;
autonomous-system 65100;
}
protocols {
bgp {
group CE-PE-INET {
type external;
export BGP_INET_LB_DIRECT;
neighbor 10.96.103.1 {
local-address 10.96.103.2;
family inet {
unicast;
}
peer-as 65103;
}
}
}
isis {
export ISIS_L2VPN_LB_DIRECT;
interface t3-3/1/0.512;
}
ospf {
export OSPF_LB_DIRECT;
area 0.0.0.0 {
interface t3-3/1/0.101;
}
}
rip {
group RIP {
export RIP_LB_DIRECT;
neighbor t3-3/1/0.102;
}
}
}
policy-options {
policy-statement OSPF_LB_DIRECT {
term direct {
from {
protocol direct;
route-filter 10.96.101.0/30 exact;
route-filter 10.96.111.1/32 exact;
}
then accept;
}
term final {
then reject;
}
}
policy-statement RIP_LB_DIRECT {
term direct {
from {
protocol direct;
route-filter 10.96.102.0/30 exact;
route-filter 10.96.112.1/32 exact;
}
then accept;
}
term final {
then reject;
}
}
policy-statement BGP_INET_LB_DIRECT {
term direct {
from {
protocol direct;
route-filter 10.96.103.0/30 exact;
route-filter 10.96.113.1/32 exact;
}
then accept;
}
term final {
then reject;
}
}
policy-statement ISIS_L2VPN_LB_DIRECT {
term direct {
from {
protocol direct;
route-filter 10.96.116.1/32 exact;
}
then accept;
}
term final {
then reject;
}
}
}
On router PE1, configure graceful restart in the master instance, along with BGP, OSPF, MPLS, and LDP. Next configure several protocol-specific instances of graceful restart. By including instances for BGP, OSPF, Layer 2 VPNs, RIP, and static routes, you can observe the wide range of options available to you when implementing graceful restart. Configure the following protocols in individual instances on the logical interfaces of t3-0/0/0: a static route on unit 100, OSPF on unit 101, RIP on unit 102, BGP on unit 103, and Frame Relay on unit 512 for the Layer 2 VPN instance.
PE1
[edit]
interfaces {
t3-0/0/0 {
dce;
encapsulation frame-relay-ccc;
unit 100 {
dlci 100;
family inet {
address 10.96.100.1/30;
}
family mpls;
}
unit 101 {
dlci 101;
family inet {
address 10.96.101.1/30;
}
family mpls;
}
unit 102 {
dlci 102;
family inet {
address 10.96.102.1/30;
}
family mpls;
}
unit 103 {
dlci 103;
family inet {
address 10.96.103.1/30;
}
family mpls;
}
unit 512 {
encapsulation frame-relay-ccc;
dlci 512;
}
}
t1-0/1/0 {
unit 0 {
family inet {
address 10.96.0.2/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.245.14.176/32;
}
family iso {
address 47.0005.80ff.f800.0000.0108.0001.0102.4501.4176.00;
}
}
}
}
routing-options {
graceful-restart;
router-id 10.245.14.176;
autonomous-system 69;
}
protocols {
mpls {
interface all;
}
bgp {
group PEPE {
type internal;
neighbor 10.245.14.182 {
local-address 10.245.14.176;
family inet-vpn {
unicast;
}
family l2vpn {
unicast;
}
}
}
}
ospf {
area 0.0.0.0 {
interface t1-0/1/0.0;
interface fxp0.0 {
disable;
}
interface lo0.0 {
passive;
}
}
}
ldp {
interface all;
}
}
policy-options {
policy-statement STATIC-import {
from community STATIC;
then accept;
}
policy-statement STATIC-export {
then {
community add STATIC;
accept;
}
}
policy-statement OSPF-import {
from community OSPF;
then accept;
}
policy-statement OSPF-export {
then {
community add OSPF;
accept;
}
}
policy-statement RIP-import {
from community RIP;
then accept;
}
policy-statement RIP-export {
then {
community add RIP;
accept;
}
}
policy-statement BGP-INET-import {
from community BGP-INET;
then accept;
}
policy-statement BGP-INET-export {
then {
community add BGP-INET;
accept;
}
}
policy-statement L2VPN-import {
from community L2VPN;
then accept;
}
policy-statement L2VPN-export {
then {
community add L2VPN;
accept;
}
}
community BGP-INET members target:69:103;
community L2VPN members target:69:512;
community OSPF members target:69:101;
community RIP members target:69:102;
community STATIC members target:69:100;
}
routing-instances {
BGP-INET {
instance-type vrf;
interface t3-0/0/0.103;
route-distinguisher 10.245.14.176:103;
vrf-import BGP-INET-import;
vrf-export BGP-INET-export;
routing-options {
graceful-restart;
autonomous-system 65103;
}
protocols {
bgp {
group BGP-INET {
type external;
export BGP-INET-import;
neighbor 10.96.103.2 {
local-address 10.96.103.1;
family inet {
unicast;
}
peer-as 65100;
}
}
}
}
}
L2VPN {
instance-type l2vpn;
interface t3-0/0/0.512;
route-distinguisher 10.245.14.176:512;
vrf-import L2VPN-import;
vrf-export L2VPN-export;
protocols { # Note: there is no graceful restart statement for a Layer 2 VPN instance.
l2vpn {
encapsulation-type frame-relay;
site CE1-ISIS {
site-identifier 512;
interface t3-0/0/0.512 {
remote-site-id 612;
}
}
}
}
}
OSPF {
instance-type vrf;
interface t3-0/0/0.101;
route-distinguisher 10.245.14.176:101;
vrf-import OSPF-import;
vrf-export OSPF-export;
routing-options {
graceful-restart;
}
protocols {
ospf {
export OSPF-import;
area 0.0.0.0 {
interface all;
}
}
}
}
RIP {
instance-type vrf;
interface t3-0/0/0.102;
route-distinguisher 10.245.14.176:102;
vrf-import RIP-import;
vrf-export RIP-export;
routing-options {
graceful-restart;
}
protocols {
rip {
group RIP {
export RIP-import;
neighbor t3-0/0/0.102;
}
}
}
}
STATIC {
instance-type vrf;
interface t3-0/0/0.100;
route-distinguisher 10.245.14.176:100;
vrf-import STATIC-import;
vrf-export STATIC-export;
routing-options {
graceful-restart;
static {
route 10.96.110.1/32 next-hop t3-0/0/0.100;
}
}
}
}
On router P0, configure graceful restart in the main instance, along with OSPF, MPLS, and LDP. This allows the protocols enabled on the PE routers to reach each other.
P0
[edit]
interfaces {
t3-0/1/3 {
unit 0 {
family inet {
address 10.96.0.5/30;
}
family mpls;
}
}
t1-0/2/0 {
unit 0 {
family inet {
address 10.96.0.1/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.245.14.174/32;
}
family iso {
address 47.0005.80ff.f800.0000.0108.0001.0102.4501.4174.00;
}
}
}
}
routing-options {
graceful-restart;
router-id 10.245.14.174;
autonomous-system 69;
}
protocols {
mpls {
interface all;
}
ospf {
area 0.0.0.0 {
interface t1-0/2/0.0;
interface t3-0/1/3.0;
interface fxp0.0 {
disable;
}
interface lo0.0 {
passive;
}
}
}
ldp {
interface all;
}
}
On router PE2, configure BGP, OSPF, MPLS, LDP and graceful restart in the master instance. Configure the following protocols in individual instances on the logical interfaces of t1-0/1/3: a static route on unit 200, OSPF on unit 201, RIP on unit 202, BGP on unit 203, and Frame Relay on unit 612 for the Layer 2 VPN instance. Also configure protocol-specific graceful restart in all routing instances, except the Layer 2 VPN instance.
PE2
[edit]
interfaces {
t3-0/0/0 {
unit 0 {
family inet {
address 10.96.0.6/30;
}
family mpls;
}
}
t1-0/1/3 {
dce;
encapsulation frame-relay-ccc;
unit 200 {
dlci 200;
family inet {
address 10.96.200.1/30;
}
family mpls;
}
unit 201 {
dlci 201;
family inet {
address 10.96.201.1/30;
}
family mpls;
}
unit 202 {
dlci 202;
family inet {
address 10.96.202.1/30;
}
family mpls;
}
unit 203 {
dlci 203;
family inet {
address 10.96.203.1/30;
}
family mpls;
}
unit 612 {
encapsulation frame-relay-ccc;
dlci 612;
}
}
lo0 {
unit 0 {
family inet {
address 10.245.14.182/32;
}
family iso {
address 47.0005.80ff.f800.0000.0108.0001.0102.4501.4182.00;
}
}
}
}
routing-options {
graceful-restart;
router-id 10.245.14.182;
autonomous-system 69;
}
protocols {
mpls {
interface all;
}
bgp {
group PEPE {
type internal;
neighbor 10.245.14.176 {
local-address 10.245.14.182;
family inet-vpn {
unicast;
}
family l2vpn {
unicast;
}
}
}
}
ospf {
area 0.0.0.0 {
interface t3-0/0/0.0;
interface fxp0.0 {
disable;
}
interface lo0.0 {
passive;
}
}
}
ldp {
interface all;
}
policy-options {
policy-statement STATIC-import {
from community STATIC;
then accept;
}
policy-statement STATIC-export {
then {
community add STATIC;
accept;
}
}
policy-statement OSPF-import {
from community OSPF;
then accept;
}
policy-statement OSPF-export {
then {
community add OSPF;
accept;
}
}
policy-statement RIP-import {
from community RIP;
then accept;
}
policy-statement RIP-export {
then {
community add RIP;
accept;
}
}
policy-statement BGP-INET-import {
from community BGP-INET;
then accept;
}
policy-statement BGP-INET-export {
then {
community add BGP-INET;
accept;
}
}
policy-statement L2VPN-import {
from community L2VPN;
then accept;
}
policy-statement L2VPN-export {
then {
community add L2VPN;
accept;
}
}
community BGP-INET members target:69:103;
community L2VPN members target:69:512;
community OSPF members target:69:101;
community RIP members target:69:102;
community STATIC members target:69:100;
}}
routing-instances {
BGP-INET {
instance-type vrf;
interface t1-0/1/3.203;
route-distinguisher 10.245.14.182:203;
vrf-import BGP-INET-import;
vrf-export BGP-INET-export;
routing-options {
graceful-restart;
autonomous-system 65203;
}
protocols {
bgp {
group BGP-INET {
type external;
export BGP-INET-import;
neighbor 10.96.203.2 {
local-address 10.96.203.1;
family inet {
unicast;
}
peer-as 65200;
}
}
}
}
}
L2VPN {
instance-type l2vpn;
interface t1-0/1/3.612;
route-distinguisher 10.245.14.182:612;
vrf-import L2VPN-import;
vrf-export L2VPN-export;
protocols { # Note: there is no graceful restart statement for a Layer 2 VPN instance.
l2vpn {
encapsulation-type frame-relay;
site CE2-ISIS {
site-identifier 612;
interface t1-0/1/3.612 {
remote-site-id 512;
}
}
}
}
}
OSPF {
instance-type vrf;
interface t1-0/1/3.201;
route-distinguisher 10.245.14.182:201;
vrf-import OSPF-import;
vrf-export OSPF-export;
routing-options {
graceful-restart;
}
protocols {
ospf {
export OSPF-import;
area 0.0.0.0 {
interface all;
}
}
}
}
RIP {
instance-type vrf;
interface t1-0/1/3.202;
route-distinguisher 10.245.14.182:202;
vrf-import RIP-import;
vrf-export RIP-export;
routing-options {
graceful-restart;
}
protocols {
rip {
group RIP {
export RIP-import;
neighbor t1-0/1/3.202;
}
}
}
}
STATIC {
instance-type vrf;
interface t1-0/1/3.200;
route-distinguisher 10.245.14.182:200;
vrf-import STATIC-import;
vrf-export STATIC-export;
routing-options {
graceful-restart;
static {
route 10.96.210.1/32 next-hop t1-0/1/3.200;
}
}
}
}
On router CE2, complete the Layer 2 and Layer 3 VPN configuration by mirroring the protocols already set on PE2 and CE1. Specifically, configure the following on the logical interfaces of t1-0/0/3: OSPF on unit 201, RIP on unit 202, BGP on unit 203, and IS-IS on unit 612. Finally, configure graceful restart, BGP, IS-IS, OSPF and RIP on the main instance to be able to connect to the routing instances on PE2.
CE2
[edit]
interfaces {
t1-0/0/3 {
encapsulation frame-relay;
unit 200 {
dlci 200;
family inet {
address 10.96.200.2/30;
}
}
unit 201 {
dlci 201;
family inet {
address 10.96.201.2/30;
}
}
unit 202 {
dlci 202;
family inet {
address 10.96.202.2/30;
}
}
unit 203 {
dlci 203;
family inet {
address 10.96.203.2/30;
}
}
unit 512 {
dlci 512;
family inet {
address 10.96.252.2/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.245.14.180/32 {
primary;
}
address 10.96.210.1/32;
address 10.96.111.1/32;
address 10.96.212.1/32;
address 10.96.213.1/32;
address 10.96.216.1/32;
}
family iso {
address 47.0005.80ff.f800.0000.0108.0001.0102.4501.4180.00;
}
}
}
}
routing-options {
graceful-restart;
autonomous-system 65200;
}
protocols {
bgp {
group CE-PE-INET {
type external;
export BGP_INET_LB_DIRECT;
neighbor 10.96.203.1 {
local-address 10.96.203.2;
family inet {
unicast;
}
peer-as 65203;
}
}
}
isis {
export ISIS_L2VPN_LB_DIRECT;
interface t1-0/0/3.612;
}
ospf {
export OSPF_LB_DIRECT;
area 0.0.0.0 {
interface t1-0/0/3.201;
}
}
rip {
group RIP {
export RIP_LB_DIRECT;
neighbor t1-0/0/3.202;
}
}
}
policy-options {
policy-statement OSPF_LB_DIRECT {
term direct {
from {
protocol direct;
route-filter 10.96.201.0/30 exact;
route-filter 10.96.211.1/32 exact;
}
then accept;
}
term final {
then reject;
}
}
policy-statement RIP_LB_DIRECT {
term direct {
from {
protocol direct;
route-filter 10.96.202.0/30 exact;
route-filter 10.96.212.1/32 exact;
}
then accept;
}
term final {
then reject;
}
}
policy-statement BGP_INET_LB_DIRECT {
term direct {
from {
protocol direct;
route-filter 10.96.203.0/30 exact;
route-filter 10.96.213.1/32 exact;
}
then accept;
}
term final {
then reject;
}
}
policy-statement ISIS_L2VPN_LB_DIRECT {
term direct {
from {
protocol direct;
route-filter 10.96.216.1/32 exact;
}
then accept;
}
term final {
then reject;
}
}
}