Example for Configuring L3VPN Services Iterated to an

SR-MPLS BE Tunnel
Networking Requirements
In Figure 5-28, CE1 and CE2 belong to vpna. L3VPN services are iterated to an SR-MPLS BE
tunnel to allow users within the same VPN to securely access each other.

Figure 5-28 L3VPN iterated to an SR-MPLS BE tunnel

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IP address for each interface, and configure IS-IS on each node to ensure there
are reachable routes between them.
2. Configure MPLS and segment routing on the backbone network and establish SR LSPs.
3. Enable Multi-protocol Extensions for Interior Border Gateway Protocol (MP-IBGP) on PEs to
exchange VPN routing information.
4. Configure VPN instances on the PEs and bind each interface that connects a PE to a CE to a
VPN instance.
5. Configure External Border Gateway Protocol (EBGP) on the CEs and PEs to exchange VPN
routing information.
Procedure
1. Configure IP addresses for interfaces.
# Configure PE1.
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback 1
[*PE1-LoopBack1] ip address 1.1.1.9 32
[*PE1-LoopBack1] quit
[*PE1] interface 10ge 1/0/1
[*PE1-10GE1/0/1] undo portswitch
[*PE1-10GE1/0/1] ip address 172.1.1.1 24
[*PE1-10GE1/0/1] quit
[*PE1] commit
# Configure P1.
<HUAWEI> system-view
[~HUAWEI] sysname P1
[*HUAWEI] commit
[~P1] interface loopback 1
[*P1-LoopBack1] ip address 2.2.2.9 32
[*P1-LoopBack1] quit
[*P1] interface 10ge 1/0/1
[*P1-10GE1/0/1] undo portswitch
[*P1-10GE1/0/1] ip address 172.1.1.2 24
[*P1-10GE1/0/1] quit
[*P1] interface 10ge 1/0/2
[*P1-10GE1/0/2] undo portswitch
[*P1-10GE1/0/2] ip address 172.2.1.1 24
[*P1-10GE1/0/2] quit
[*P1] commit
# Configure PE2.
<HUAWEI> system-view
[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] interface loopback 1
[*PE2-LoopBack1] ip address 3.3.3.9 32
[*PE2-LoopBack1] quit
[*PE2] interface 10ge 1/0/1
[*PE2-10GE1/0/1] undo portswitch
[*PE2-10GE1/0/1] ip address 172.2.1.2 24
[*PE2-10GE1/0/1] quit
[*PE2] commit
2. Configure an IGP protocol on the MPLS backbone network to implement connectivity between
the PEs and P1. IS-IS is used as an IGP protocol in this example.
# Configure PE1.
[~PE1] isis 1
[*PE1-isis-1] is-level level-1
[*PE1-isis-1] network-entity 10.0000.0000.0001.00
[*PE1-isis-1] quit
[*PE1] commit
[~PE1] interface loopback 1
[~PE1-LoopBack1] isis enable 1
[*PE1-LoopBack1] quit
[*PE1] interface 10ge 1/0/1
[*PE1-10GE1/0/1] isis enable 1
[*PE1-10GE1/0/1] quit
[*PE1] commit

# Configure P1.
[~P1] isis 1
[*P1-isis-1] is-level level-1
[*P1-isis-1] network-entity 10.0000.0000.0002.00
[*P1-isis-1] quit
[*P1] commit
[~P1] interface loopback 1
[~P1-LoopBack1] isis enable 1
[*P1-LoopBack1] quit
[*P1] interface 10ge 1/0/1
[*P1-10GE1/0/1] isis enable 1
[*P1-10GE1/0/1] quit
[*P1] interface 10ge 1/0/2
[*P1-10GE1/0/2] isis enable 1
[*P1-10GE1/0/2] quit
[*P1] commit

# Configure PE2.
[~PE2] isis 1
[*PE2-isis-1] is-level level-1
[*PE2-isis-1] network-entity 10.0000.0000.0003.00
[*PE2-isis-1] quit
[*PE2] commit
[~PE2] interface loopback 1
[~PE2-LoopBack1] isis enable 1
[*PE2-LoopBack1] quit
[*PE2] interface 10ge 1/0/1
[*PE2-10GE1/0/1] isis enable 1
[*PE2-10GE1/0/1] quit
[*PE2] commit
3. Configure the basic MPLS functions on the backbone network.
# Configure PE1.
[~PE1] mpls lsr-id 1.1.1.9
[*PE1] mpls
[*PE1-mpls] commit
[~PE1-mpls] quit

# Configure P1.
[~P1] mpls lsr-id 2.2.2.9
[*P1] mpls
[*P1-mpls] commit
[~P1-mpls] quit

# Configure PE2.
[~PE2] mpls lsr-id 3.3.3.9
[*PE2] mpls
[*PE2-mpls] commit
[~PE2-mpls] quit
4. Configure segment routing on the backbone network.

# Configure PE1.
[~PE1] segment-routing
[*PE1-segment-routing] tunnel-prefer segment-routing
[*PE1-segment-routing] quit
[*PE1] commit
[~PE1] isis 1
[~PE1-isis-1] cost-style wide
[*PE1-isis-1] segment-routing mpls
[*PE1-isis-1] segment-routing global-block 160000 161000
[*PE1-isis-1] quit

The SRGB value range varies according to a live network and the range the set as required.
Here is an example only.
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis prefix-sid index 10
[*PE1-LoopBack1] quit
[*PE1] commit

# Configure P1.
[~P1] segment-routing
[*P1-segment-routing] tunnel-prefer segment-routing
[*P1-segment-routing] quit
[*P1] commit
[~P1] isis 1
[~P1-isis-1] cost-style wide
[*P1-isis-1] segment-routing mpls
[*P1-isis-1] segment-routing global-block 161001 162000
[*P1-isis-1] quit

The SRGB value range varies according to a live network and the range the set as required.
Here is an example only.
[*P1] interface loopback 1
[*P1-LoopBack1] isis prefix-sid index 20
[*P1-LoopBack1] quit
[*P1] commit

# Configure PE2.
[~PE2] segment-routing
[*PE2-segment-routing] tunnel-prefer segment-routing
[*PE2-segment-routing] quit
[*PE2] commit
[~PE2] isis 1
[~PE2-isis-1] cost-style wide
[*PE2-isis-1] segment-routing mpls
[*PE2-isis-1] segment-routing global-block 162001 163000
[*PE2-isis-1] quit

The SRGB value range varies according to a live network and the range the set as required.
Here is an example only.
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis prefix-sid index 30
[*PE2-LoopBack1] quit
[*PE2] commit
 After completing the configuration, run the display segment-routing prefix mpls
forwarding command on PEs, and you can view that prefix label is in the Active state. In the
following example, the command output on PE1 is used.

[~PE1] display segment-routing prefix mpls forwarding

Segment Routing Prefix MPLS Forwarding Information

----------------------------------------------------------
----
Role : I-Ingress, T-Transit, E-Egress, I&T-Ingress And Tra
nsit

Prefix Label OutLabel Interface NextHop

Role MPLSMtu Mtu State
-----------------------------------------------------------------------
---------------------------------------
1.1.1.9/32 160010 NULL Loop1 127.0.0.1
E --- 1500 Active
2.2.2.9/32 160020 3 10GE1/0/1 172.1.1.2
I&T --- 1500 Active
3.3.3.9/32 160030 161031 10GE1/0/1 172.1.1.2
I&T --- 1500 Active

Total information(s): 3

5. Set up an MP-IBGP peer relationship between PEs.

# Configure PE1.
[~PE1] bgp 100
[*PE1-bgp] peer 3.3.3.9 as-number 100
[*PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[*PE1-bgp-af-vpnv4] commit
[~PE1-bgp-af-vpnv4] quit
[~PE1-bgp] quit

# Configure PE2.
[~PE2] bgp 100
[*PE2-bgp] peer 1.1.1.9 as-number 100
[*PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[*PE2-bgp-af-vpnv4] commit
[~PE2-bgp-af-vpnv4] quit
[~PE2-bgp] quit
 After completing the configuration, run the display bgp peer or display bgp vpnv4 all
peer command on PEs, and you can view that a BGP peer relationship is set up between PEs
and the BGP peer relationship is in the Established state. In the following example, the
command output on PE1 is used.

[~PE1] display bgp peer

BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1
Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State
PrefRcv
3.3.3.9 4 100 2 6 0 00:00:12 Establ
ished 0
[~PE1] display bgp vpnv4 all peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1
Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State
PrefRcv
3.3.3.9 4 100 12 18 0 00:09:38 Establi
shed 0

6. Configure VPN instances in the IPv4 address family on each PE and connect each PE to a CE.

# Configure PE1.
[~PE1] ip vpn-instance vpna
[*PE1-vpn-instance-vpna] ipv4-family
[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE1-vpn-instance-vpna-af-ipv4] quit
[*PE1-vpn-instance-vpna] quit
[*PE1] interface 10ge 1/0/2
[*PE1-10GE1/0/2] undo portswitch
[*PE1-10GE1/0/2] ip binding vpn-instance vpna
[*PE1-10GE1/0/2] ip address 10.1.1.2 24
[*PE1-10GE1/0/2] quit
[*PE1] commit

# Configure PE2.
[~PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
 [*PE2-vpn-instance-vpna-af-ipv4] quit
[*PE2-vpn-instance-vpna] quit
[*PE2] interface 10ge 1/0/2
[*PE2-10GE1/0/2] undo portswitch
[*PE2-10GE1/0/2] ip binding vpn-instance vpna
[*PE2-10GE1/0/2] ip address 10.2.1.2 24
[*PE2-10GE1/0/2] quit
[*PE2] commit

# Assign an IP address to each interface on CEs as shown in Figure 5-28. The detailed
configuration procedure is not provided here. For details, see Configuration Files.
After the configuration, run the display ip vpn-instance verbose command on PEs to view the
configurations of VPN instances. Each PE can successfully ping its connected CE.

7. Set up EBGP peer relationships between PEs and CEs.

# Configure CE1. The configuration of CE2 is similar to the configuration of CE1, and are not
provided here. For details, see Configuration Files.
[~CE1] bgp 65410
[*CE1-bgp] peer 10.1.1.2 as-number 100
[*CE1-bgp] network 11.1.1.1 32
[*CE1-bgp] quit
[*CE1] commit

# Configure PE1. The configuration of PE2 is similar to the configuration of PE1, and are not
provided here. For details, see Configuration Files.
[~PE1] bgp 100
[*PE1-bgp] ipv4-family vpn-instance vpna
[*PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[*PE1-bgp-vpna] quit
[*PE1-bgp] quit
[*PE1] commit
 After the configuration, run the display bgp vpnv4 vpn-instance peer command on PEs, and
you can view that BGP peer relationships between PEs and CEs have been established and are
in the Established state.
In the following example, the peer relationship between PE1 and CE1 is used.

[~PE1] display bgp vpnv4 vpn-instance vpna peer

BGP local router ID : 1.1.1.9
Local AS number : 100

VPN-Instance vpna, Router ID 1.1.1.9:

Total number of peers : 1
Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down
State PrefRcv
10.1.1.1 4 65410 11 9 0 00:06:37 Establ
ished 1

8. Verify the configuration.

Run the display ip routing-table vpn-instance command on each PE to view the routes to
CEs' loopback interfaces.
In the following example, the command output on PE1 is used.
[~PE1] display ip routing-table vpn-instance vpna
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - b
lack hole route
-----------------------------------------------------------------------
-------
Routing Table: vpna
Destinations : 6 Routes : 6

Destination/Mask Proto Pre Cost Flags NextHop Interfac

e

10.1.1.0/24 Direct 0 0 D 10.1.1.2 10GE1/0/

2
10.1.1.2/32 Direct 0 0 D 127.0.0.1 10GE1/0/
2
10.1.1.255/32 Direct 0 0 D 127.0.0.1 10GE1/0/
2
11.1.1.1/32 EBGP 255 0 RD 10.1.1.1 10GE1/0/
2
22.2.2.2/32 IBGP 255 0 RD 3.3.3.9 10GE1/0/
1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBa
ck0
Configuration Files
PE1 configuration file
#
sysname PE1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
#
mpls
#
segment-routing
tunnel-prefer segment-routing
#
isis 1
is-level level-1
cost-style wide
network-entity 10.0000.0000.0001.00
segment-routing mpls
segment-routing global-block 160000 161000
#
interface 10GE1/0/1
undo portswitch
ip address 172.1.1.1 255.255.255.0
isis enable 1
#
interface 10GE1/0/2
undo portswitch
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
isis enable 1
isis prefix-sid index 10
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
peer 3.3.3.9 enable
#
 ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
#
return
P1 configuration file
#
sysname P1
#
mpls lsr-id 2.2.2.9
#
mpls
#
segment-routing
tunnel-prefer segment-routing
#
isis 1
is-level level-1
cost-style wide
network-entity 10.0000.0000.0002.00
segment-routing mpls
segment-routing global-block 161001 162000
#
interface 10GE1/0/1
undo portswitch
ip address 172.1.1.2 255.255.255.0
isis enable 1
#
interface 10GE1/0/2
undo portswitch
ip address 172.2.1.1 255.255.255.0
isis enable 1
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
isis enable 1
isis prefix-sid index 20
#
return
PE2 configuration file
#
sysname PE2
#
ip vpn-instance vpna
 ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
#
mpls
#
segment-routing
tunnel-prefer segment-routing
#
isis 1
is-level level-1
cost-style wide
network-entity 10.0000.0000.0003.00
segment-routing mpls
segment-routing global-block 162001 163000
#
interface 10GE1/0/1
undo portswitch
ip address 172.2.1.2 255.255.255.0
isis enable 1
#
interface 10GE1/0/2
undo portswitch
ip binding vpn-instance vpna
ip address 10.2.1.2 255.255.255.0
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
isis enable 1
isis prefix-sid index 30
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna
peer 10.2.1.1 as-number 65420
#
 return
CE1 configuration file
#
sysname CE1
#
interface 10GE1/0/1
undo portswitch
ip address 10.1.1.1 255.255.255.0
#
interface LoopBack1
ip address 11.1.1.1 255.255.255.255
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
network 11.1.1.1 255.255.255.255
peer 10.1.1.2 enable
#
return
CE2 configuration file
#
sysname CE2
#
interface 10GE1/0/1
undo portswitch
ip address 10.2.1.1 255.255.255.0
#
interface LoopBack1
ip address 22.2.2.2 255.255.255.255
#
bgp 65420
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
network 22.2.2.2 255.255.255.255
peer 10.2.1.2 enable
#
return