Table of Contents
- About This Manual
- Objectives
- Audience
- Document Organization
- Part Organization
- Using the Indexes
- Documentation Conventions
- General Conventions
- Conventions for Software Commands and Statements
- List of Technical Publications
- Documentation Feedback
- How to Request Support
- VPN Overview
- VPN Terminology
- Types of VPNs
- Layer 2 VPNs
- Layer 3 VPNs
- VPLS
- Virtual-Router Routing Instances
- VPNs and Logical Routers
- VPN Graceful Restart
- VPN Configuration Guidelines
- Enable a Signaling Protocol on the PE Routers
- Use LDP for VPN Signaling
- Use RSVP for VPN Signaling
- Configure an IGP on the PE and Provider Routers
- Configure an IBGP Session between PE Routers
- Configure a VPN Routing Instance on the PE Routers
- Configure the Description
- Configure the Instance Type
- Configure Interfaces for VPN Routing
- Configure Interfaces for Layer 3 VPNs
- Configure Interfaces for Carrier-of-Carriers VPNs
- Configure the Route Distinguisher
- Configure Policy for the PE Router's VRF Table
- Configure the Route Target
- Configure the Route Origin
- Configure Import Policy for the PE Router's VRF Table
- Configure Export Policy for the PE Router's VRF Table
- Apply Both the VRF Export and the BGP Export Policies
- Configure a VRF Target
- Enable Outbound Route Filtering for VPNs
- Configure a Virtual-Router Routing Instance
- Configure a Routing Protocol Between the Service Provider Routers
- Configure Logical Interfaces Between Participating Routers
- Configure Graceful Restart
- Rewrite Markers and VPNs
- Transmit Nonstandard BPDUs
- Summary of VPN Configuration Statements
- description
- graceful-restart
- instance-type
- interface
- outbound-route-filtering
- route-distinguisher
- route-distinguisher-id
- vpn-apply-export
- vrf-export
- vrf-import
- vrf-target
- Layer 2 VPN Overview
- Layer 2 VPN Overview
- Layer 2 VPN Standards
- Layer 2 VPN Configuration Guidelines
- Configure the Connections to the Local Site
- Configure the Site
- Configure the Remote Site ID
- Configure the Encapsulation Type
- Trace Layer 2 VPN Traffic and Operations
- Disable Normal TTL Decrementing for VPNs
- Configure CCC Encapsulation on Interfaces
- Configure TCC Encapsulation on Interfaces
- Configure Layer 2 VPN Policing on Interfaces
- Disable the Control Word for Layer 2 VPNs
- Layer 2 VPN Configuration Example
- Simple Full-Mesh Layer 2 VPN Overview
- Enable an IGP on the PE Routers
- Configure MPLS LSP Tunnels between the PE Routers
- Configure IBGP on the PE Routers
- Configure Routing Instances for Layer 2 VPNs on the PE Routers
- Configure CCC Encapsulation on the Interfaces
- Configure VPN Policy on the PE Routers
- Layer 2 VPN Configuration Summarized by Router
- Summary for Router A (PE Router for Sunnyvale)
- Summary for Router B (PE Router for Austin)
- Summary for Router C (PE Router for Portland)
- Summary of Layer 2 VPN Configuration Statements
- control-word
- encapsulation
- encapsulation (logical interface)
- encapsulation (physical interface)
- encapsulation (Layer 2 VPN)
- no-control-word
- policer
- proxy
- remote
- remote-site-id
- site
- site-identifier
- traceoptions
- Layer 3 VPN Overview
- Layer 3 VPN Overview
- Layer 3 VPN Standards
- Layer 3 VPN Attributes
- VPN-IPv4 Addresses and Route Distinguishers
- IPv6 Layer 3 VPNs
- VPN Routing and Forwarding Tables
- Route Distribution within a Layer 3 VPN
- Distribution of Routes from CE to PE Routers
- Distribution of Routes between PE Routers
- Distribution of Routes from PE to CE Routers
- Forwarding across the Provider's Core Network
- Routing Instances for VPNs
- Multicast over Layer 3 VPNs
- Multicast over Layer 3 VPNs Overview
- Sending PIM Hello Messages to the PE Routers
- Sending PIM Join Messages to the PE Routers
- Receiving the Multicast Transmission
- Layer 3 VPN Configuration Guidelines
- Configure VPN Routing between the PE and CE Routers
- Configure BGP between the PE and CE Routers
- Configure OSPF between the PE and CE Routers
- Configure OSPF Version 3 between the PE and CE Routers
- Configure an OSPF Domain ID
- Hub-and-Spoke Layer 3 VPNs and OSPF Domain ID
- Configure RIP between the PE and CE Routers
- Configure Static Routes between the PE and CE Routers
- Limit the Routes Accepted from a CE Router
- Configure IPv6 between the PE and CE Routers
- Configure IPv6 on the PE Router
- Configure BGP or Static Routes on the PE Router
- Configure BGP on the PE Router to Handle IPv6 Routes
- Configure BGP on the PE Router for IPv4 and IPv6 Routes
- Configure Static Routes on the PE Router
- Configure IPv6 on the Interfaces
- Configure EBGP or IBGP Multihop between PE and CE Routers
- Filter Traffic Based on the IP Header
- Egress Filtering Options
- Limitations
- Configure a VPN Tunnel for VRF Table Lookup
- Configure a Logical Unit on the Loopback Interface
- Configure Multicast over Layer 3 VPNs
- Configure Packet Forwarding for Layer 3 VPNs
- Configure a GRE Tunnel Interface for Layer 3 VPNs
- Configure the GRE Tunnel Interface on the PE Router
- Configure the GRE Tunnel Interface on the CE Router
- Configure an ES Tunnel Interface for Layer 3 VPNs
- Configure the ES Tunnel Interface on the PE Router
- Configure the ES Tunnel Interface on the CE Router
- Configure IPSec between PE Routers Instead of MPLS
- Configure SCU and DCU for Layer 3 VPNs
- Layer 3 VPN Configuration Troubleshooting Guidelines
- Diagnose Common Problems
- Use the ping and traceroute Commands to Troubleshoot Layer 3 VPN Topologies
- Ping the CE Router from Another CE Router
- Ping Router CE2 from Router CE1
- Traceroute from Router CE1's Loopback Interface to Router CE2's Loopback Interface
- Ping Router CE1 from Router CE2
- Traceroute from Router CE2 to Router CE1
- Ping the Remote PE and CE Routers from the Local CE Router
- Ping Router CE2 from Router CE1
- Traceroute from Router CE1 to Router CE2
- Ping Router PE2 from Router CE1
- Traceroute from Router CE1 to Router PE2
- Pinging a CE Router from a Multi-Access Interface
- Ping the Directly Connected PE Routers from the CE Routers
- Ping Router PE1 from the Loopback Interface on Router CE1
- Traceroute from the Loopback Interface on Router CE1 to PE1
- Ping Router PE2 from the Loopback Interface on Router CE2
- Traceroute from the Loopback Interface on Router CE2 to PE2
- Ping the Directly Connected CE Routers from the PE Routers
- Ping the VPN Interface on Router CE1 from Router PE1
- Ping the Loopback Interface on Router CE1 from Router PE1
- Traceroute from Router PE1 to Router CE1
- Ping the VPN Interface on Router CE2 from Router PE2
- Ping the Loopback Interface on Router CE2 from Router PE2
- Traceroute from Router PE2 to Router CE2
- Ping the Remote CE Router from the PE Router
- Limitation on Pinging a Remote CE Router from a PE Router
- Configure a Logical Unit on the Loopback Interface
- Ping a Layer 3 VPN
- Disable Normal TTL Decrementing for Layer 3 VPNs
- Indirect Next-hop Address Space and Route Reflectors
- Layer 3 VPN Configuration Examples
- Configure a Simple Full-Mesh VPN Topology
- Enable an IGP on the PE and Provider Routers
- Enable RSVP and MPLS on the Provider Router
- Configure the MPLS LSP Tunnel between the PE Routers
- Configure IBGP on the PE Routers
- Configure Routing Instances for VPNs on the PE Routers
- Configure VPN Policy on the PE Routers
- Simple VPN Configuration Summarized by Router
- Router A (PE Router)
- Router B (Provider Router)
- Router C (PE Router)
- Configure a Full-Mesh VPN Topology with Route Reflectors
- Configure a Hub-and-Spoke VPN Topology
- Enable an IGP on the Hub-and-Spoke PE Routers
- Configure LDP on the Hub-and-Spoke PE Routers
- Configure IBGP on the PE Routers
- Configure VPN Routing Instances on the Hub-and-Spoke PE Routers
- Configure VPN Policy on the PE Routers
- Hub-and-Spoke VPN Configuration Summarized by Router
- Router D (Hub PE Router)
- Router E (Spoke PE Router)
- Router F (Spoke PE Router)
- Configure an LDP-over-RSVP VPN Topology
- Enable an IGP on the PE and Provider Routers
- Enable LDP on the PE and Provider Routers
- Enable RSVP and MPLS on the Provider Router
- Configure the MPLS LSP Tunnel between the Provider Routers
- Configure IBGP on the PE Routers
- Configure Routing Instances for VPNs on the PE Routers
- Configure VPN Policy on the PE Routers
- LDP-over-MPLS VPN Configuration Summarized by Router
- Router PE1
- Router P1
- Router P2
- Router P3
- Router PE2
- Configure an Application-Based Layer 3 VPN Topology
- Configuration on Router A
- Configuration on Router E
- Configuration for Router F
- Configure an OSPF Domain ID for a Layer 3 VPN
- Configure Interfaces on Router PE1
- Configure Routing Options on Router PE1
- Configure Protocols on Router PE1
- Configure Policy Options on Router PE1
- Configure the Routing Instance on Router PE1
- Configuration Summary for Router PE1
- Configure Overlapping VPNs Using Routing Table Groups
- Configure Routing Table Groups
- Configure Static Routes between the PE and CE Routers
- Configure the Routing Instance for VPN A
- Configure the Routing Instance for VPN AB
- Configure the Routing Instance for VPN B
- Configure VPN Policy
- Configure BGP between the PE and CE Routers
- Configure OSPF between the PE and CE Routers
- Configure Static, BGP, and OSPF Routes between PE and CE Routers
- Configuring Overlapping VPNs Using Automatic Route Export
- Configuring Overlapping VPNs with BGP and auto-export
- Configuring Overlapping VPNs and Additional Tables
- Configuring auto-export for all VRF Instances
- Configure a GRE Tunnel Interface between PE Routers
- Configure the Routing Instance on Router A
- Configure the Routing Instance on Router D
- Configure MPLS, BGP, and OSPF on Router A
- Configure MPLS, BGP, and OSPF on Router D
- Configure the Tunnel Interface on Router A
- Configure the Tunnel Interface on Router D
- Configure the Routing Options on Router A
- Configure the Routing Options on Router D
- Configuration Summary for Router A
- Configuration Summary for Router D
- Configure a GRE Tunnel Interface between a PE and CE Router
- Configure the Routing Instance without the Encapsulating Interface
- Configure the Routing Instance on Router PE1
- Configure the GRE Tunnel Interface on Router PE1
- Configure the Encapsulation Interface on Router PE1
- Configure the Routing Instance with the Encapsulating Interface
- Configure the Routing Instance on Router PE1
- Configure the GRE Tunnel Interface on Router PE1
- Configure the Encapsulation Interface on Router PE1
- Configure the GRE Tunnel Interface on Router CE1
- Configure an ES Tunnel Interface between a PE and CE Router
- Configure IPSec on Router PE1
- Configure the Routing Instance without the Encapsulating Interface
- Configure the Routing Instance on Router PE1
- Configure the ES Tunnel Interface on Router PE1
- Configure the Encapsulating Interface for the ES Tunnel
- Configure the Routing Instance with the Encapsulating Interface
- Configure the Routing Instance on Router PE1
- Configure the ES Tunnel Interface on Router PE1
- Configure the Encapsulating Interface on Router PE1
- Configure the ES Tunnel Interface on Router CE1
- Configure IPSec on Router CE1
- Layer 3 VPN Internet Access Examples
- Non-VRF Internet Access
- CE Router Accesses Internet Independently of the PE Router
- PE Router Provides Layer 2 Internet Service
- Distributed Internet Access
- Route VPN and Internet Traffic through Different Interfaces
- Configure Interfaces on Router PE1
- Configure Routing Options on Router PE1
- Configure BGP, IS-IS, and LDP Protocols on Router PE1
- Configure a Routing Instance on Router PE1
- Configure Policy Options on Router PE1
- Traffic Routed by Different Interfaces Configuration Summarized by Router
- Router PE1
- Route VPN and Outgoing Internet Traffic through the Same Interface and Route Return Internet Traffic through a Different Interface
- Configuration for Router PE1
- Route VPN and Internet Traffic through the Same Interface Bidirectionally (VPN Has Public Addresses)
- Configure Routing Options on Router PE1
- Configure Routing Protocols on Router PE1
- Configure the Routing Instance on Router PE1
- Traffic Routed through the Same Interface Bidirectionally Configuration Summarized by Router
- Router PE1
- Route VPN and Internet Traffic through the Same Interface Bidirectionally (VPN Has Private Addresses)
- Configure Routing Options for Router PE1
- Configure a Routing Instance for Router PE1
- Configure Policy Options for Router PE1
- Traffic Routed by the Same Interface Bidirectionally (VPN Has Private Addresses) Configuration Summarized by Router
- Router PE1
- Route Internet Traffic through a Separate NAT Device
- Configure Interfaces on Router PE1
- Configure Routing Options for Router PE1
- Configure Routing Protocols on Router PE1
- Configure a Routing Instance for Router PE1
- Traffic Routed by Separate NAT Device Configuration Summarized by Router
- Router PE1
- Centralized Internet Access
- Route Internet Traffic through a Hub CE Router
- Configure a Routing Instance on Router PE1
- Configure Policy Options on Router PE1
- Internet Traffic Routed by a Hub CE Router Configuration Summarized by Router
- Router PE1
- Route Internet Traffic through Multiple CE Routers
- Configure a Routing Instance on Router PE1
- Configure Policy Options on Router PE1
- Configure a Routing Instance on Router PE3
- Configure Policy Options on Router PE3
- Route Internet Traffic through Multiple CE Routers Configuration Summarized by Router
- Router PE1
- Router PE2
- Router PE3
- Summary of Layer 3 VPN Configuration Statements
- inet6-vpn
- vpn-group-address
- vrf-table-label
- VPLS Overview
- VPLS Overview
- VPLS Routing and Virtual Ports
- VPLS Standards
- Supported Platforms and PICs
- VPLS Configuration Guidelines
- Configure Interfaces for VPLS Routing
- Configure the Interface Name
- Configure the Interface Encapsulation
- Enable VLAN Tagging
- Configure the VPLS Site
- Configure the Site Name and Site Identifier
- Configure the Site Range
- Configure the Size of the VPLS MAC Address Table
- Configure an Ethernet Switch as the CE Device
- Map VPLS Traffic to a Specific LSP
- Configure VPLS Filters and Policers
- Configure a VPLS Filter
- Configure an Interface-Specific Counter for VPLS
- Configure the VPLS Filter Match Conditions
- Configure an Action for the VPLS Filter
- Configure VPLS FTFs
- Precedence for Spanning Tree BPDU Packets
- Apply a VPLS Filter to an Interface
- Apply a VPLS Filter to a VPLS Routing Instance
- Filter Flooded Traffic
- Configure a VPLS Policer
- Trace VPLS Traffic and Operations
- Summary of VPLS Configuration Statements
- encapsulation
- mac-table-size
- site
- site-identifier
- site-range
- traceoptions
- vlan-id
- vlan-tagging
- vpls
- Interprovider and Carrier-of-Carriers VPNs Overview
- Interprovider and Carrier-of-Carriers VPN Standards
- Traditional VPNs, Interprovider VPNs, and Carrier-of-Carriers VPNs
- Standard VPNs
- Interprovider and Carrier-of-Carriers VPNs
- Interprovider VPNs
- Interprovider VPNs—Linking VRFs between Autonomous Systems
- Interprovider VPNs—Configure MP-EBGP between AS Border Routers
- Interprovider VPNs—Configure Multihop MP-EBGP
- Carrier-of-Carriers VPNs
- Internet Service Provider as the Customer
- VPN Service Provider as the Customer
- Interprovider and Carrier-of-Carriers VPNs Configuration Guidelines
- Interprovider VPNs
- Interprovider VPNs Using MP-EBGP
- Configure the AS Border Routers
- Configure RSVP
- Configure MPLS
- Configure BGP
- Configure OSPF
- Interprovider VPNs Using Multihop MP-EBGP
- Configure the AS Border Routers
- Configure BGP
- Configure Policy Options
- Configure the PE Router
- Carrier-of-Carriers VPNs
- Carrier-of-Carriers VPN—Customer Provides Internet Service
- Configure the Carrier-of-Carriers VPN Service Customer's CE Router
- Configure MPLS
- Configure BGP
- Configure OSPF
- Configure Policy Options
- Configure the Carrier-of-Carriers VPN Service Provider's PE Routers
- Configure MPLS
- Configure BGP
- Configure IS-IS
- Configure LDP
- Configure a Routing Instance
- Configure Policy Options
- Carrier-of-Carriers VPN—Customer Provides VPN Service
- Configure the Carrier-of-Carriers Customer's PE Router
- Configure MPLS
- Configure BGP
- Configure OSPF
- Configure LDP
- Configure VPN Service in the Routing Instance
- Configure Policy Options
- Configure the Carrier-of-Carriers Customer's CE Router
- Configure MPLS
- Configure BGP
- Configure OSPF and LDP
- Configure Policy Options
- Configure the Provider's PE Router
- Configure MPLS
- Configure a PE-Router-to-PE-Router BGP Session
- Configure IS-IS and LDP
- Configure Policy Options
- Configure a Routing Instance to Send Routes to the CE Router
- Configuration Examples for Interprovider and Carrier-of-Carriers VPNs
- Example Terminology
- Interprovider VPN Examples
- Interprovider VPN Example—MP-EBGP between ISP Peer Routers
- Configuration for Router A
- Configuration for Router B
- Configuration for Router C
- Configure for Router D
- Configuration for Router E
- Configuration for Router F
- Interprovider VPN Example—Multihop MP-EBGP
- Configuration for Router B
- Configuration for Router C
- Configuration for Router D
- Configuration for Router E
- Carrier-of-Carriers VPN Examples
- Carrier-of-Carriers VPN Example—Customer Provides Internet Service
- Configuration for Router A
- Configuration for Router B
- Configuration for Router C
- Configuration for Router D
- Configuration for Router E
- Configuration for Router F
- Configuration for Router G
- Configuration for Router H
- Configuration for Router I
- Configuration for Router J
- Configuration for Router K
- Configuration for Router L
- Carrier-of-Carriers VPN Example—Customer Provides VPN Service
- Configuration for Router A
- Configuration for Router B
- Configuration for Router C
- Configuration for Router D
- Configuration for Router E
- Configuration for Router F
- Configuration for Router G
- Configuration for Router H
- Configuration for Router I
- Configuration for Router J
- Configuration for Router K
- Configuration for Router L
- Multiple Instances for LDP and Carrier-of-Carriers VPNs
- Summary of the Interprovider and Carrier-of-Carriers VPNs Configuration Statement
- labeled-unicast
- Layer 2 Circuit Overview
- Layer 2 Circuit Standards
- Layer 2 Circuit Policy
- Layer 2 Circuit Configuration Guidelines
- Configure Interfaces for Layer 2 Circuits
- Configure the Neighbor and Interface
- Configure the Protect Interface
- Configure the Interface Encapsulation Type for Layer 2 Circuits
- Configure ATM2 Interfaces for Layer 2 Circuits
- Configure the Virtual Circuit ID
- Configure LDP for Layer 2 Circuits
- Configure Layer 2 Circuit Policies
- Configure the Layer 2 Circuit Community
- Configure the Policy Statement for the Layer 2 Circuit Community
- Example: Configure a Policy for a Layer 2 Circuit Community
- Verify the Layer 2 Circuit Policy Configuration
- Configure the Control Word for Frame Relay Interfaces
- Disable the Control Word for Layer 2 Circuits
- Trace Layer 2 Circuit Creation and Changes
- Layer 2 Circuits Example
- Configure Router PE1
- Configure Router PE2
- Configure Router CE1
- Configure Router CE2
- Summary of Layer 2 Circuit Configuration Statements
- community
- control-word
- description
- install-nexthop
- interface
- neighbor
- no-control-word
- protect-interface
- traceoptions
- virtual-circuit-id
- Index
- Index of Statements and Commands