HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 1096
407
Step Command Remarks
5. Redistribute the VPN routes
of the VPN site. import-route
protocol [ process-id |
all-processes ] [ med med-value |
route-policy route-policy-name ] * By default, no route
redistribution is configured.
6.
Configure the egress router
of the site as a client of the
route reflector. peer
{ group-name | ip-address }
reflect-client Optional.
By default, no route reflector or
client is configured.
7.
Enable route reflection
between clients. reflect...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1095.png "Page 1096
407
Step Command Remarks
5. Redistribute the VPN routes
of the VPN site. import-route
protocol [ process-id |
all-processes ] [ med med-value |
route-policy route-policy-name ] * By default, no route
redistribution is configured.
6.
Configure the egress router
of the site as a client of the
route reflector. peer
{ group-name | ip-address }
reflect-client Optional.
By default, no route reflector or
client is configured.
7.
Enable route reflection
between clients. reflect...")
![Page 1097
408
Displaying and maintaining MCE
Task Command Remarks
Display information about the
routing table associated with a
VPN instance. display ip routing-table vpn-instance
vpn-instance-name
[ verbose ] [ verbose ]
[ | { begin | exclude | include }
regular-expression ] Available in any view
Display information about a
specific VPN instance or all VPN
instances. display ip vpn-instance
[ instance-name
vpn-instance-name ] [ | { begin | exclude |
include } regular-expression ]...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1096.png "Page 1097
408
Displaying and maintaining MCE
Task Command Remarks
Display information about the
routing table associated with a
VPN instance. display ip routing-table vpn-instance
vpn-instance-name
[ verbose ] [ verbose ]
[ | { begin | exclude | include }
regular-expression ] Available in any view
Display information about a
specific VPN instance or all VPN
instances. display ip vpn-instance
[ instance-name
vpn-instance-name ] [ | { begin | exclude |
include } regular-expression ]...")
![Page 1098
409
Task Command Remarks
Display the BGP VPNv4 routing
information of a specific VPN
instance. display bgp vpnv4 vpn-instance
vpn-instance-name routing-table
[ [ network-address [ { mask | mask-length }
[ longer-prefixes ] ] | as-path-acl
as-path-acl-number | cidr | community
[ aa:nn ]& [ no-advertise |
no-export | no-export-subconfed ] *
[ whole-match ] | community-list
{ basic-community-list-number
[ whole-match ] |
adv-community-list-number }& |
dampened | dampening...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1097.png "Page 1098
409
Task Command Remarks
Display the BGP VPNv4 routing
information of a specific VPN
instance. display bgp vpnv4 vpn-instance
vpn-instance-name routing-table
[ [ network-address [ { mask | mask-length }
[ longer-prefixes ] ] | as-path-acl
as-path-acl-number | cidr | community
[ aa:nn ]& [ no-advertise |
no-export | no-export-subconfed ] *
[ whole-match ] | community-list
{ basic-community-list-number
[ whole-match ] |
adv-community-list-number }& |
dampened | dampening...")
![Page 1099
410
Figure 129 Network diagram
Configuration procedure
Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN
1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1.
1. Configure the VPN instances on the MCE and PE 1:
# On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for
each VPN instance.
system-view
[MCE] ip vpn-instance vpn1
[MCE-vpn-instance-vpn1] route-distinguisher 10:1...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1098.png "Page 1099
410
Figure 129 Network diagram
Configuration procedure
Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN
1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1.
1. Configure the VPN instances on the MCE and PE 1:
# On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for
each VPN instance.
system-view
[MCE] ip vpn-instance vpn1
[MCE-vpn-instance-vpn1] route-distinguisher 10:1...")
![Page 1100
411
[MCE-Vlan-interface10] ip address 10.214.10.3 24
# Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with
VPN instance vpn2, and specify an IP address for VLAN-interface 20.
[MCE-Vlan-interface10] quit
[MCE] vlan 20
[MCE-vlan20] port gigabitethernet 1/0/2
[MCE-vlan20] quit
[MCE] interface vlan-interface 20
[MCE-Vlan-interface20] ip binding vpn-instance vpn2
[MCE-Vlan-interface20] ip address 10.214.20.3 24
[MCE-Vlan-interface20] quit
# On PE 1,...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1099.png "Page 1100
411
[MCE-Vlan-interface10] ip address 10.214.10.3 24
# Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with
VPN instance vpn2, and specify an IP address for VLAN-interface 20.
[MCE-Vlan-interface10] quit
[MCE] vlan 20
[MCE-vlan20] port gigabitethernet 1/0/2
[MCE-vlan20] quit
[MCE] interface vlan-interface 20
[MCE-Vlan-interface20] ip binding vpn-instance vpn2
[MCE-Vlan-interface20] ip address 10.214.20.3 24
[MCE-Vlan-interface20] quit
# On PE 1,...")
![Page 1101
412
# Run RIP in VPN 2. Create RIP process 20 and bind it with VPN instance vpn2 on the MCE, so that
the MCE can learn the routes of VPN 2 and add th em to the routing table of the VPN instance
vpn2 .
[MCE] rip 20 vpn-instance vpn2
# Advertise subnet 10.214.20.0.
[MCE-rip-20] network 10.214.20.0
[MCE-rip-20] quit
# On VR 2, assign IP addre ss 10.214.20.2/24 to the inte rface connected to MCE and
192.168.10.1/24 to the interface connected to VPN 2. (Details not shown.)
# Configure RIP, and...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1100.png "Page 1101
412
# Run RIP in VPN 2. Create RIP process 20 and bind it with VPN instance vpn2 on the MCE, so that
the MCE can learn the routes of VPN 2 and add th em to the routing table of the VPN instance
vpn2 .
[MCE] rip 20 vpn-instance vpn2
# Advertise subnet 10.214.20.0.
[MCE-rip-20] network 10.214.20.0
[MCE-rip-20] quit
# On VR 2, assign IP addre ss 10.214.20.2/24 to the inte rface connected to MCE and
192.168.10.1/24 to the interface connected to VPN 2. (Details not shown.)
# Configure RIP, and...")
![Page 1102
413
[MCE-Vlan-interface30] ip binding vpn-instance vpn1
[MCE-Vlan-interface30] ip address 30.1.1.1 24
[MCE-Vlan-interface30] quit
# On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN
instance vpn2, and configure an IP address for the VLAN interface.
[MCE] vlan 40
[MCE-vlan40] quit
[MCE] interface vlan-interface 40
[MCE-Vlan-interface40] ip binding vpn-instance vpn2
[MCE-Vlan-interface40] ip address 40.1.1.1 24
[MCE-Vlan-interface40] quit
# On PE 1, create VLAN...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1101.png "Page 1102
413
[MCE-Vlan-interface30] ip binding vpn-instance vpn1
[MCE-Vlan-interface30] ip address 30.1.1.1 24
[MCE-Vlan-interface30] quit
# On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN
instance vpn2, and configure an IP address for the VLAN interface.
[MCE] vlan 40
[MCE-vlan40] quit
[MCE] interface vlan-interface 40
[MCE-Vlan-interface40] ip binding vpn-instance vpn2
[MCE-Vlan-interface40] ip address 40.1.1.1 24
[MCE-Vlan-interface40] quit
# On PE 1, create VLAN...")
![Page 1103
414
[PE1-ospf-10] quit
# On PE 1, display the routing table of VPN1.
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
30.1.1.0/24 Direct 0 0 30.1.1.2 Vlan30
30.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1102.png "Page 1103
414
[PE1-ospf-10] quit
# On PE 1, display the routing table of VPN1.
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
30.1.1.0/24 Direct 0 0 30.1.1.2 Vlan30
30.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0...")
![Page 1105
416
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 OSPF 10 1 10.214.10.2 Vlan10
The output shows that the MCE has learned the private route of VPN 1 through OSPF process 10.
# On MCE, bind OSPF process 20 with VPN instance vpn2 to learn the routes of VPN 2. The
configuration procedure is similar to that for OSPF process 10.
The following output shows that the MCE has learned the private route of VPN 2 through OSPF:
[MCE] display ip...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1104.png "Page 1105
416
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 OSPF 10 1 10.214.10.2 Vlan10
The output shows that the MCE has learned the private route of VPN 1 through OSPF process 10.
# On MCE, bind OSPF process 20 with VPN instance vpn2 to learn the routes of VPN 2. The
configuration procedure is similar to that for OSPF process 10.
The following output shows that the MCE has learned the private route of VPN 2 through OSPF:
[MCE] display ip...")
![Page 1106
417
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 BGP 255 2 30.1.1.1 Vlan30
# Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of
VPN instance vpn2 into the EBGP routing table. (Details not shown.)
The following output shows that PE 1 has lear ned the private route of VPN 2 through BGP:
[PE1] display ip routing-table vpn-instance vpn2
Routing Tables: vpn2
Destinations : 5...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-1105.png "Page 1106
417
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 BGP 255 2 30.1.1.1 Vlan30
# Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of
VPN instance vpn2 into the EBGP routing table. (Details not shown.)
The following output shows that PE 1 has lear ned the private route of VPN 2 through BGP:
[PE1] display ip routing-table vpn-instance vpn2
Routing Tables: vpn2
Destinations : 5...")
412
# Run RIP in VPN 2. Create RIP process 20 and bind it with VPN instance vpn2 on the MCE, so that
the MCE can learn the routes of VPN 2 and add th em to the routing table of the VPN instance
vpn2 .
[MCE] rip 20 vpn-instance vpn2
# Advertise subnet 10.214.20.0.
[MCE-rip-20] network 10.214.20.0
[MCE-rip-20] quit
# On VR 2, assign IP addre ss 10.214.20.2/24 to the inte rface connected to MCE and
192.168.10.1/24 to the interface connected to VPN 2. (Details not shown.)
# Configure RIP, and advertise su bnets 192.168.10.0 and 10.214.20.0.
system-view
[VR2] rip 20
[VR2-rip-20] network 192.168.10.0
[VR2-rip-20] network 10.214.20.0
# On the MCE, display the routing info rmation maintained for VPN instance vpn2.
[MCE] display ip routing-table vpn-instance vpn2
Routing Tables: vpn2
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
10.214.20.0/24 Direct 0 0 10.214.20.3 Vlan20
10.214.20.3/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.10.0/24 RIP 100 1 10.214.20.2 Vlan20
The output shows that the MCE has learned the pr ivate routes of VPN 2. The MCE maintains the
r o u t e s o f V P N 1 a n d t h o s e o f V P N 2 i n t w o d i f f e r e n t r o u t i n g t a b l e s . I n t h i s w a y , r o u t e s f r o m d i f f e r e n t
VPNs are separated.
3. Configure routing between MCE and PE 1:
# The MCE uses port GigabitEthernet 1/0/3 to connect to PE’s port GigabitEthernet 1/0/1.
Configure the two ports as trunk ports, and config ure them to permit packets carrying VLAN tags
30 and 40 to pass.
[MCE] interface gigabitethernet 1/0/3
[MCE-GigabitEthernet1/0/3] port link-type trunk
[MCE-GigabitEthernet1/0/3] port trunk permit vlan 30 40
[MCE-GigabitEthernet1/0/3] quit
# Configure port GigabitEthernet1/0/1 on the PE.
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port link-type trunk
[PE1-GigabitEthernet1/0/1] port trunk permit vlan 30 40
[PE1-GigabitEthernet1/0/1] quit
# On the MCE, create VLAN 30 and VLAN-interface 30, bind the VLAN interface with VPN
instance vpn1, and configure an IP address for the VLAN interface.
[MCE] vlan 30
[MCE-vlan30] quit
[MCE] interface vlan-interface 30
413 [MCE-Vlan-interface30] ip binding vpn-instance vpn1 [MCE-Vlan-interface30] ip address 30.1.1.1 24 [MCE-Vlan-interface30] quit # On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN instance vpn2, and configure an IP address for the VLAN interface. [MCE] vlan 40 [MCE-vlan40] quit [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2 [MCE-Vlan-interface40] ip address 40.1.1.1 24 [MCE-Vlan-interface40] quit # On PE 1, create VLAN 30 and VLAN-interface 30, bind the VLAN interface with VPN instance vpn1 , and configure an IP address for the VLAN interface. [PE1] vlan 30 [PE1-vlan30] quit [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip binding vpn-instance vpn1 [PE1-Vlan-interface30] ip address 30.1.1.2 24 [PE1-Vlan-interface30] quit # On PE 1, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN instance vpn2, and configure an IP address for the VLAN interface. [PE1] vlan 40 [PE1-vlan40] quit [PE1] interface vlan-interface 40 [PE1-Vlan-interface40] ip binding vpn-instance vpn2 [PE1-Vlan-interface40] ip address 40.1.1.2 24 [PE1-Vlan-interface40] quit # Configure the IP address of the interface Loopback0 as 101.101.10.1 for the MCE and as 100.100.10.1 for PE 1. Specify the loopback interf ace address as the router ID for the MCE and PE 1. (Details not shown.) # Enable OSPF process 10 on the MCE, bind the process to VPN instance vpn1, and set the domain ID to 10. [MCE] ospf 10 router-id 101.101.10.1 vpn-instance vpn1 [MCE-ospf-10] vpn-instance-capability simple [MCE-ospf-10] domain-id 10 # On the MCE, advertise subnet 30.1.1.0 in area 0, and redistribute the static route of VPN 1. [MCE-ospf-10] area 0 [MCE-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [MCE-ospf-10-area-0.0.0.0] quit [MCE-ospf-10] import-route static # On PE 1, start OSPF process 10, bind the process with VPN instance vpn1, set the domain ID to 10, and advertise subnet 30.1.1.0 in area 0. [PE1] ospf 10 router-id 100.100.10.1 vpn-instance vpn1 [PE1-ospf-10] domain-id 10 [PE1-ospf-10] area 0 [PE1-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [PE1-ospf-10-area-0.0.0.0] quit
414
[PE1-ospf-10] quit
# On PE 1, display the routing table of VPN1.
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
30.1.1.0/24 Direct 0 0 30.1.1.2 Vlan30
30.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 O_ASE 150 1 30.1.1.1 Vlan30
The output shows that the static route of VPN 1 has been redistributed to the OSPF routing table of
PE 1.
Take similar procedures to configure OSPF process 20 between MCE and PE 1 and redistribute
VPN 2’s routing information from RIP into the OSPF routing table of MCE. The following output
shows that PE 1 has learned the private route of VPN 2 through OSPF.
display ip routing-table vpn-instance vpn2
Routing Tables: vpn2
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
40.1.1.0/24 Direct 0 0 40.1.1.2 Vlan40
40.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.10.0/24 O_ASE 150 1 40.1.1.1 Vlan40
Now, the routing information of the two VPNs has been redistributed into the routing tables on PE 1.
Using BGP to advertise VPN routes to the PE
Network requirements
As shown in Figure 130, u se an Ethernet switch as the MCE device. Advertise the VPN routes in site 1 and
s i t e 2 t o P E 1, s o t h a t a V P N ’ s s i t e s a c ro s s t h e M P L S b a c k b o n e n e t w o r k c a n c o m m u n i c a t e wi t h e a c h o t h e r
normally.
Use OSPF in both site 1 and site 2. Use EBGP between the MCE and PE 1.
415
Figure 130 Network diagram
Configuration procedure
1. Configure VPN instances:
# Create VPN instances on the MCE and PE 1, and bind the VPN instances with VLAN interfaces.
For the configuration procedure, see Using OSPF to advertise VPN routes to the PE .
2. Configure routing between the MCE and VPN sites:
# Start an OSPF process on the devices in the two VPNs and advertise the subnets. (Details not
shown.)
# Configure OSPF on the MCE, and bind OSPF process 10 with VPN instance vpn1 to learn the
routes of VPN 1.
system-view
[MCE] ospf router-id 10.214.10.3 10 vpn-instance vpn1
[MCE-ospf-10] area 0
[MCE-ospf-10-area-0.0.0.0] network 10.214.10.0 0.0.0.255
# Display the routing table of VPN 1 on the MCE.
[MCE-ospf-10-area-0.0.0.0] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
10.214.10.0/24 Direct 0 0 10.214.10.3 Vlan10
10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
416
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 OSPF 10 1 10.214.10.2 Vlan10
The output shows that the MCE has learned the private route of VPN 1 through OSPF process 10.
# On MCE, bind OSPF process 20 with VPN instance vpn2 to learn the routes of VPN 2. The
configuration procedure is similar to that for OSPF process 10.
The following output shows that the MCE has learned the private route of VPN 2 through OSPF:
[MCE] display ip routing-table vpn-instance vpn2
Routing Tables: vpn2
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
10.214.20.0/24 Direct 0 0 10.214.20.3 Vlan20
10.214.20.3/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 OSPF 10 1 10.214.20.2 Vlan20
3. Configure routing between the MCE and PE 1:
# Configure the connecting ports between the MC E and PE 1 as trunk ports. The configuration
procedure is similar to that described in Using OSPF to advertise VPN routes to the PE . (Details
not shown.)
# Start BGP process 100 on the MCE, and enter the IPv4 address family view of
VPN instance
vpn1 .
[MCE] bgp 100
[MCE-bgp] ipv4-family vpn-instance vpn1
# Specify PE 1 as the EBGP peer of the MCE, an d redistribute the routing information of OSPF
process 10. (The IP address of PE 1’s interface bound with VPN instance vpn1 is 10.100.10.3,
and the BGP process is 200.)
[MCE-bgp-vpn1] peer 30.1.1.2 as-number 200
[MCE-BGP-vpn1] import-route ospf 10
# On PE 1, configure BGP process 200 and specify the MCE as its EBGP peer.
system-view
[PE1] bgp 200
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 30.1.1.1 as-number 100
[PE1-bgp-vpn1] quit
[PE1-bgp] quit
# On PE 1, display the routing information of VPN instance vpn1.
[PE1] display ip routing-table vpn-instance vpn1
Routing Tables: vpn1
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
30.1.1.0/24 Direct 0 0 30.1.1.2 Vlan30
30.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
417
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 BGP 255 2 30.1.1.1 Vlan30
# Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of
VPN instance vpn2 into the EBGP routing table. (Details not shown.)
The following output shows that PE 1 has lear ned the private route of VPN 2 through BGP:
[PE1] display ip routing-table vpn-instance vpn2
Routing Tables: vpn2
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost NextHop Interface
40.1.1.0/24 Direct 0 0 40.1.1.2 Vlan40
40.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.10.0/24 BGP 255 2 40.1.1.1 Vlan40
Now, the MCE has redistributed the OSPF routes of the two VPN instances into the EBGP routing
tables of PE 1.
418 Configuring IPv6 MCE The IPv6 MCE function is available only on the HP 5500 EI switch series. Overview In an IPv6 MPLS L3 VPN, an IPv6 MCE advertises IPv6 routing information between the VPN and the connected PE and forwards IPv6 packets. An IPv6 MCE operates in the same way as an IPv4 MCE. For more information, see Configuring MCE. Configuring an IPv6 MCE Configuring VPN instances By configuring VPN instances on a PE, you isolate not only VPN routes from public network routes, but also routes of a VPN from those of another VPN. This feature allows VPN instances to be used in network scenarios besides MPLS L3VPNs. Creating a VPN instance A VPN instance is associated with a site. It is a co llection of the VPN membership and routing rules of its associated site. A VPN instance does not necessarily correspond to one VPN. A VPN instance takes effect only after you configure an RD for it. You can configure a description for a VPN instance to record its related information, such as its relationship with a certain VPN. To create and configure a VPN instance: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a VPN instance and enter VPN instance view. ip vpn-instance vpn-instance-name N/A 3. Configure an RD for the VPN instance. route-distinguisher route-distinguisher N/A 4. Configure a description for the VPN instance. description text Optional.
419 Associating a VPN instance with an interface After creating and configuring a VPN instance, you need to associate the VPN instance with the interface for connecting the CE. Any LDP-capable interf ace can be associated with a VPN instance. To associate a VPN instance with an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Associate a VPN instance with the interface. ip binding vpn-instance vpn-instance-name No VPN instance is associated with an interface by default. NOTE: The ip binding vpn-instance command clears the IPv6 address of the interface on which it is configured. Be sure to re-configure an IPv6 address for the interface after configuring the command. Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows: • When a VPN route learned from a CE gets redistri buted into BGP, BGP associates it with a route target extended community attribute list, which is usually the export target attribute of the VPN instance associated with the CE. • The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the route target. • The VPN instance determines how to change the rout e targets attributes for routes to be advertised according to the export-extcommunity in the route target. IMPORTANT: Create a routing policy before asso ciating it with a VPN instance. Otherwise, the switch cannot filter the routes to be received and advertised. To configure route related at tributes for a VPN instance: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VPN instance view. ip vpn-instance vpn-instance-name N/A 3. Enter IPv6 VPN view. ipv6-family Optional. 4. Configure route targets. vpn-target vpn-target & [ both | export-extcommunity | import-extcommunity ] A single vpn-target command can configure up to eight VPN targets. You can configure up to 64 VPN targets for a VPN instance.
420
Step Command Remarks
5. Set the maximum number of
routes supported. routing-table
limit number
{ warn-threshold | simply-alert } Optional.
Setting the maximum number of
routes for a VPN instance to
support is for preventing too many
routes from being redistributed into
the PE.
6.
Apply an import routing
policy. import route-policy route-policy
Optional.
By default, all routes matching the
import target attribute are
accepted.
7.
Apply an export routing
policy. export route-policy
route-policy Optional.
By default, routes to be advertised
are not filtered.
NOTE:
• Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6
VPNs.
• You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view.
Those configured in IPv6 VPN view take precedence.
Configuring routing on an IPv6 MCE
An IPv6 MCE implements service isolation through route isolation. IPv6 MCE routing configuration
includes:
• IPv6 MCE-VPN site routing configuration
• IPv6 MCE-PE routing configuration
O n t h e P E i n a n I P v 6 M C E n e t w o r k e n vi r o n m e n t, d i s a b l e routing loop detection to avoid route loss during
route calculation and disable route redistribution be tween routing protocols to save system resources.
Configuration prerequisites
Before you configure routing on an IPv6 MCE, complete the following tasks:
• On the IPv6 MCE, configure VPN instances, and bind the VPN instances with the interfaces
connected to the VPN sites and those connected to the PE.
• Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity.
Configuring routing between IPv6 MCE and VPN site
Configuring static routing between IPv6 MCE and VPN site
An IPv6 MCE can reach a VPN site through an IPv6 stat ic route. IPv6 static routing on a traditional CE
is globally effective and thus does not support addr ess overlapping among VPNs. An IPv6 MCE supports
421
binding an IPv6 static route with an IPv6 VPN instance, so that the IPv6 static routes of different IPv6 VPN
instances can be isolated from each other.
To configure IPv6 static routing between IPv6 MCE and VPN site:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Configure an IPv6 static route
for an IPv6 VPN instance.
• ipv6 route-static ipv6-address prefix-length
{ interface-type interface-number
[ next-hop-address ] | next-hop-address |
vpn-instance d-vpn-instance-name
nexthop-address } [ preference
preference-value ]
• ipv6 route-static vpn-instance
s-vpn-instance-name & ipv6-address
prefix-length { interface-type
interface-number [ next-hop-address ] |
nexthop-address [ public ] | vpn-instance
d-vpn-instance-name nexthop-address }
[ preference preference-value ] Use either command.
Perform this
configuration on the
IPv6 MCE. On a VPN
site, configure normal
IPv6 static routes.
Configuring RIPng between IPv6 MCE and VPN site
A RIPng process belongs to the public network or a
single IPv6 VPN instance. If you create a RIPng
process without binding it to an IPv6 VPN instance , the process belongs to the public network. By
configuring RIPng process-to-IPv6 VPN instance bindings on an IPv6 MCE, you allow routes of different
VPNs to be exchanged between the IPv6 MCE and the sites through different RIPng processes, ensuring
the separation and security of IPv6 VPN routes.
To configure RIPng between IPv6 MCE and VPN site:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Create a RIPng process for a
VPN instance and enter RIPng
view. ripng [ process-id
] vpn-instance
vpn-instance-name Perform this configuration on the
IPv6 MCE. On a VPN site,
configure normal RIPng.
3.
Redistribute remote site routes
advertised by the PE. import-route
protocol [ process-id ]
[ allow-ibgp ] [ cost cost |
route-policy route-policy-name ] * By default, no route of any other
routing protocol is redistributed
into RIPng.
4.
Configure the default cost
value for the redistributed
routes. default cost
value Optional.
0 by default.
5.
Return to system view.
quit N/A
6. Enter interface view. interface
interface-type
interface-number N/A
7.
Enable RIPng on the interface.
ripng process-id enable Disabled by default.