Configuring a Signaling Protocol and LSPs for VPNs
For VPNs to function, you must enable a signaling protocol, either the LDP or RSVP on the provider edge (PE) routers and on the provider (P) routers. You also need to configure label-switched paths (LSPs) between the ingress and egress routers. In a typical VPN configuration, you need to configure LSPs from each PE router to all of the other PE routers participating in the VPN in a full mesh.
As with any configuration involving MPLS, you cannot configure any of the core-facing interfaces on the PE routers over dense Fast Ethernet PICs.
To enable a signaling protocol, perform the steps in one of the following sections:
Using LDP for VPN Signaling
To use LDP for VPN signaling, perform the following steps on the PE and provider (P) routers:
Configure LDP on the interfaces in the core of the service provider’s network by including the
ldp
statement at the[edit protocols]
hierarchy level.You need to configure LDP only on the interfaces between PE routers or between PE and P routers. You can think of these as the “core-facing” interfaces. You do not need to configure LDP on the interface between the PE and customer edge (CE) routers.
[edit] protocols { ldp { interface type-fpc/pic/port; } }
Configure the MPLS address family on the interfaces on which you enabled LDP (the interfaces you configured in Step 1) by including the
family mpls
statement at the[edit interfaces type-fpc/pic/port unit logical-unit-number]
hierarchy level.[edit] interfaces { type-fpc/pic/port { unit logical-unit-number { family mpls; } } }
Configure OSPF or IS-IS on each PE and P router.
You configure these protocols at the master instance of the routing protocol, not within the routing instance used for the VPN.
To configure OSPF, include the
ospf
statement at the[edit protocols]
hierarchy level. At a minimum, you must configure a backbone area on at least one of the router’s interfaces.[edit] protocols { ospf { area 0.0.0.0 { interface type-fpc/pic/port; } } }
To configure IS-IS, include the
isis
statement at the[edit protocols]
hierarchy level and configure the loopback interface and International Organization for Standardization (ISO) family at the[edit interfaces]
hierarchy level. At a minimum, you must enable IS-IS on the router, configure a network entity title (NET) on one of the router’s interfaces (preferably the loopback interface, lo0), and configure the ISO family on all interfaces on which you want IS-IS to run. When you enable IS-IS, Level 1 and Level 2 are enabled by default. The following is the minimum IS-IS configuration. In theaddress
statement,address
is the NET.[edit] interfaces { lo0 { unit logical-unit-number { family iso { address address; } } } type-fpc/pic/port { unit logical-unit-number { family iso; } } } protocols { isis { interface all; } }
Using RSVP for VPN Signaling
To use RSVP for VPN signaling, perform the following steps:
On each PE router, configure traffic engineering.
To do this, you must configure an interior gateway protocol (IGP) that supports traffic engineering (either IS-IS or OSPF) and enable traffic engineering support for that protocol.
To enable OSPF traffic engineering support, include the
traffic-engineering
statement at the[edit protocols ospf]
hierarchy level:[edit protocols ospf] traffic-engineering { shortcuts; }
For IS-IS, traffic engineering support is enabled by default.
On each PE and P router, enable RSVP on the interfaces that participate in the label-switched path (LSP).
On the PE router, these interfaces are the ingress and egress points to the LSP. On the P router, these interfaces connect the LSP between the PE routers. Do not enable RSVP on the interface between the PE and the CE routers, because this interface is not part of the LSP.
To configure RSVP on the PE and P routers, include the
interface
statement at the[edit protocols rsvp]
hierarchy level. Include oneinterface
statement for each interface on which you are enabling RSVP.[edit protocols] rsvp { interface interface-name; interface interface-name; }
On each PE router, configure an MPLS LSP to the PE router that is the LSP’s egress point.
To do this, include the
interface
andlabel-switched-path
statements at the[edit protocols mpls]
hierarchy level:[edit protocols] mpls { interface interface-name; label-switched-path path-name { to ip-address; } }
In the
to
statement, specify the address of the LSP’s egress point, which is an address on the remote PE router.In the
interface
statement, specify the name of the interface (both the physical and logical portions). Include oneinterface
statement for the interface associated with the LSP.When you configure the logical portion of the same interface at the
[edit interfaces]
hierarchy level, you must also configure thefamily inet
andfamily mpls
statements:[edit interfaces] interface-name { unit logical-unit-number { family inet; family mpls; } }
On all P routers that participate in the LSP, enable MPLS by including the
interface
statement at the[edit mpls]
hierarchy level.Include one
interface
statement for each connection to the LSP.[edit] mpls { interface interface-name; interface interface-name; }
Enable MPLS on the interface between the PE and CE routers by including the
interface
statement at the[edit mpls]
hierarchy level.Doing this allows the PE router to assign an MPLS label to traffic entering the LSP or to remove the label from traffic exiting the LSP.
[edit] mpls { interface interface-name; }
For information about configuring MPLS, see the Configuring the Ingress Router for MPLS-Signaled LSPs.